use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.
the class SecurityAction method getSlot.
protected P11Slot getSlot(String moduleName, int slotIndex) throws XiSecurityException, P11TokenException, IllegalCmdParamException {
P11Module module = getP11Module(moduleName);
P11SlotIdentifier slotId = module.getSlotIdForIndex(slotIndex);
return module.getSlot(slotId);
}
use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.
the class P11ObjectsDeleteCmd method execute0.
@Override
protected Object execute0() throws Exception {
P11Slot slot = getSlot(moduleName, slotIndex);
byte[] idBytes = null;
if (id != null) {
idBytes = Hex.decode(id);
}
int num = slot.removeObjects(idBytes, label);
println("deleted " + num + " objects");
return null;
}
use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.
the class P11SecretKeyGenCmd method execute0.
@Override
protected Object execute0() throws Exception {
if (keysize % 8 != 0) {
throw new IllegalCmdParamException("keysize is not multiple of 8: " + keysize);
}
long p11KeyType;
if ("AES".equalsIgnoreCase(keyType)) {
p11KeyType = PKCS11Constants.CKK_AES;
} else if ("DES3".equalsIgnoreCase(keyType)) {
p11KeyType = PKCS11Constants.CKK_DES3;
} else if ("GENERIC".equalsIgnoreCase(keyType)) {
p11KeyType = PKCS11Constants.CKK_GENERIC_SECRET;
} else {
throw new IllegalCmdParamException("invalid keyType " + keyType);
}
P11Slot slot = getSlot();
P11NewKeyControl control = getControl();
P11ObjectIdentifier objId = null;
try {
objId = slot.generateSecretKey(p11KeyType, keysize, label, control);
finalize(keyType, objId);
} catch (P11UnsupportedMechanismException ex) {
if (!createExternIfGenUnsupported) {
throw ex;
}
if (LOG.isInfoEnabled()) {
LOG.info("could not generate secret key {}: ", label, ex.getMessage());
}
if (LOG.isDebugEnabled()) {
LOG.debug("could not generate secret key " + label, ex);
}
byte[] keyValue = new byte[keysize / 8];
securityFactory.getRandom4Key().nextBytes(keyValue);
objId = slot.importSecretKey(p11KeyType, keyValue, label, control);
// clear the memory
Arrays.fill(keyValue, (byte) 0);
println("generated in memory and imported " + keyType + " key " + objId);
}
return null;
}
use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.
the class P11SecurityAction method getObjectIdentifier.
public P11ObjectIdentifier getObjectIdentifier() throws IllegalCmdParamException, XiSecurityException, P11TokenException {
P11Slot slot = getSlot();
P11ObjectIdentifier objIdentifier;
if (id != null && label == null) {
objIdentifier = slot.getObjectIdForId(Hex.decode(id));
} else if (id == null && label != null) {
objIdentifier = slot.getObjectIdForLabel(label);
} else {
throw new IllegalCmdParamException("exactly one of keyId or keyLabel should be specified");
}
return objIdentifier;
}
use of org.xipki.security.pkcs11.P11Slot in project xipki by xipki.
the class BSpeedP11DSASignCmd method nextTester.
@Override
protected LoadExecutor nextTester() throws Exception {
DSAControl control = queue.poll();
if (control == null) {
return null;
}
P11Slot slot = getSlot();
if (control.plen() == 1024) {
if (!"SHA1withDSA".equalsIgnoreCase(sigAlgo)) {
throw new IllegalCmdParamException("only SHA1withDSA is permitted for DSA with 1024 bit");
}
}
return new P11DSASignLoadTest(securityFactory, slot, sigAlgo, control.plen(), control.qlen());
}
Aggregations