Example 6 with P11SlotIdentifier
use of org.xipki.security.pkcs11.P11SlotIdentifier in project xipki by xipki.
the class ProxyP11Module method refresh.
public void refresh() throws P11TokenException {
byte[] resp = send(P11ProxyConstants.ACTION_GET_SERVER_CAPS, null);
Asn1ServerCaps caps;
try {
caps = Asn1ServerCaps.getInstance(resp);
} catch (BadAsn1ObjectException ex) {
throw new P11TokenException("response is a valid Asn1ServerCaps", ex);
}
if (!caps.getVersions().contains(version)) {
throw new P11TokenException("Server does not support any version supported by the client");
}
this.readOnly = caps.isReadOnly();
resp = send(P11ProxyConstants.ACTION_GET_SLOT_IDS, null);
ASN1Sequence seq;
try {
seq = ASN1Sequence.getInstance(resp);
} catch (IllegalArgumentException ex) {
throw new P11TokenException("response is not ASN1Sequence", ex);
}
final int n = seq.size();
Set<P11Slot> slots = new HashSet<>();
for (int i = 0; i < n; i++) {
Asn1P11SlotIdentifier asn1SlotId;
try {
ASN1Encodable obj = seq.getObjectAt(i);
asn1SlotId = Asn1P11SlotIdentifier.getInstance(obj);
} catch (Exception ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
P11SlotIdentifier slotId = asn1SlotId.getSlotId();
if (!conf.isSlotIncluded(slotId)) {
continue;
}
if (!conf.isSlotIncluded(slotId)) {
LOG.info("skipped slot {}", slotId);
continue;
}
P11Slot slot = new ProxyP11Slot(this, slotId, conf.isReadOnly(), conf.getP11MechanismFilter());
slots.add(slot);
}
setSlots(slots);
}
Also used :
Asn1ServerCaps(org.xipki.p11proxy.msg.Asn1ServerCaps)
Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier)
P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)
P11TokenException(org.xipki.security.exception.P11TokenException)
P11Slot(org.xipki.security.pkcs11.P11Slot)
P11TokenException(org.xipki.security.exception.P11TokenException)
BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
BadAsn1ObjectException(org.xipki.security.exception.BadAsn1ObjectException)
HashSet(java.util.HashSet)
Asn1P11SlotIdentifier(org.xipki.p11proxy.msg.Asn1P11SlotIdentifier)
Example 7 with P11SlotIdentifier
use of org.xipki.security.pkcs11.P11SlotIdentifier in project xipki by xipki.
the class SecurityAction method getSlot.
protected P11Slot getSlot(String moduleName, int slotIndex) throws XiSecurityException, P11TokenException, IllegalCmdParamException {
P11Module module = getP11Module(moduleName);
P11SlotIdentifier slotId = module.getSlotIdForIndex(slotIndex);
return module.getSlot(slotId);
}
Also used :
P11Module(org.xipki.security.pkcs11.P11Module)
P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)
Example 8 with P11SlotIdentifier
use of org.xipki.security.pkcs11.P11SlotIdentifier in project xipki by xipki.
the class SpeedP11Action method getSlot.
protected P11Slot getSlot() throws XiSecurityException, P11TokenException, IllegalCmdParamException {
P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName);
if (p11Service == null) {
throw new IllegalCmdParamException("undefined module " + moduleName);
}
P11Module module = p11Service.getModule();
P11SlotIdentifier slotId = module.getSlotIdForIndex(slotIndex);
return module.getSlot(slotId);
}
Also used :
P11Module(org.xipki.security.pkcs11.P11Module)
P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)
IllegalCmdParamException(org.xipki.console.karaf.IllegalCmdParamException)
P11CryptService(org.xipki.security.pkcs11.P11CryptService)
Example 9 with P11SlotIdentifier
use of org.xipki.security.pkcs11.P11SlotIdentifier in project xipki by xipki.
the class SignerFactoryRegisterImpl method newPkcs11Signer.
private ConcurrentContentSigner newPkcs11Signer(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
if (p11CryptServiceFactory == null) {
throw new ObjectCreationException("p11CryptServiceFactory is not set");
}
String str = conf.getConfValue("parallelism");
int parallelism = securityFactory.getDefaultSignerParallelism();
if (str != null) {
try {
parallelism = Integer.parseInt(str);
} catch (NumberFormatException ex) {
throw new ObjectCreationException("invalid parallelism " + str);
}
if (parallelism < 1) {
throw new ObjectCreationException("invalid parallelism " + str);
}
}
String moduleName = conf.getConfValue("module");
str = conf.getConfValue("slot");
Integer slotIndex = (str == null) ? null : Integer.parseInt(str);
str = conf.getConfValue("slot-id");
Long slotId = (str == null) ? null : Long.parseLong(str);
if ((slotIndex == null && slotId == null) || (slotIndex != null && slotId != null)) {
throw new ObjectCreationException("exactly one of slot (index) and slot-id must be specified");
}
String keyLabel = conf.getConfValue("key-label");
str = conf.getConfValue("key-id");
byte[] keyId = null;
if (str != null) {
keyId = Hex.decode(str);
}
if ((keyId == null && keyLabel == null) || (keyId != null && keyLabel != null)) {
throw new ObjectCreationException("exactly one of key-id and key-label must be specified");
}
P11CryptService p11Service;
P11Slot slot;
try {
p11Service = p11CryptServiceFactory.getP11CryptService(moduleName);
P11Module module = p11Service.getModule();
P11SlotIdentifier p11SlotId;
if (slotId != null) {
p11SlotId = module.getSlotIdForId(slotId);
} else if (slotIndex != null) {
p11SlotId = module.getSlotIdForIndex(slotIndex);
} else {
throw new RuntimeException("should not reach here");
}
slot = module.getSlot(p11SlotId);
} catch (P11TokenException | XiSecurityException ex) {
throw new ObjectCreationException(ex.getMessage(), ex);
}
P11ObjectIdentifier p11ObjId = (keyId != null) ? slot.getObjectIdForId(keyId) : slot.getObjectIdForLabel(keyLabel);
if (p11ObjId == null) {
String str2 = (keyId != null) ? "id " + Hex.encode(keyId) : "label " + keyLabel;
throw new ObjectCreationException("cound not find identity with " + str2);
}
P11EntityIdentifier entityId = new P11EntityIdentifier(slot.getSlotId(), p11ObjId);
try {
AlgorithmIdentifier macAlgId = null;
String algoName = conf.getConfValue("algo");
if (algoName != null) {
try {
macAlgId = AlgorithmUtil.getMacAlgId(algoName);
} catch (NoSuchAlgorithmException ex) {
// do nothing
}
}
if (macAlgId != null) {
P11MacContentSignerBuilder signerBuilder = new P11MacContentSignerBuilder(p11Service, entityId);
return signerBuilder.createSigner(macAlgId, parallelism);
} else {
AlgorithmIdentifier signatureAlgId;
if (conf.getHashAlgo() == null) {
signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
} else {
PublicKey pubKey = slot.getIdentity(p11ObjId).getPublicKey();
signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
}
P11ContentSignerBuilder signerBuilder = new P11ContentSignerBuilder(p11Service, securityFactory, entityId, certificateChain);
return signerBuilder.createSigner(signatureAlgId, parallelism);
}
} catch (P11TokenException | NoSuchAlgorithmException | XiSecurityException ex) {
throw new ObjectCreationException(ex.getMessage(), ex);
}
}
Also used :
P11MacContentSignerBuilder(org.xipki.security.pkcs11.P11MacContentSignerBuilder)
P11Module(org.xipki.security.pkcs11.P11Module)
P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)
PublicKey(java.security.PublicKey)
P11Slot(org.xipki.security.pkcs11.P11Slot)
P11TokenException(org.xipki.security.exception.P11TokenException)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
P11ContentSignerBuilder(org.xipki.security.pkcs11.P11ContentSignerBuilder)
P11CryptService(org.xipki.security.pkcs11.P11CryptService)
AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
ObjectCreationException(org.xipki.common.ObjectCreationException)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Aggregations
P11SlotIdentifier (org.xipki.security.pkcs11.P11SlotIdentifier)9
P11Module (org.xipki.security.pkcs11.P11Module)6
P11CryptService (org.xipki.security.pkcs11.P11CryptService)5
P11Slot (org.xipki.security.pkcs11.P11Slot)5
P11TokenException (org.xipki.security.exception.P11TokenException)3
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)3
PublicKey (java.security.PublicKey)2
X509Certificate (java.security.cert.X509Certificate)2
HashSet (java.util.HashSet)2
IllegalCmdParamException (org.xipki.console.karaf.IllegalCmdParamException)2
Asn1P11SlotIdentifier (org.xipki.p11proxy.msg.Asn1P11SlotIdentifier)2
Asn1ServerCaps (org.xipki.p11proxy.msg.Asn1ServerCaps)2
BadAsn1ObjectException (org.xipki.security.exception.BadAsn1ObjectException)2
P11Identity (org.xipki.security.pkcs11.P11Identity)2
IOException (java.io.IOException)1
MalformedURLException (java.net.MalformedURLException)1
InvalidKeyException (java.security.InvalidKeyException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
CertificateException (java.security.cert.CertificateException)1
List (java.util.List)1
