Example 1 with P11SlotRefreshResult
use of org.xipki.security.pkcs11.P11SlotRefreshResult in project xipki by xipki.
the class IaikP11Slot method analyseSingleKey.
private void analyseSingleKey(Session session, PrivateKey privKey, P11SlotRefreshResult refreshResult) throws P11TokenException, XiSecurityException {
byte[] id = privKey.getId().getByteArrayValue();
java.security.PublicKey pubKey = null;
X509Cert cert = refreshResult.getCertForId(id);
if (cert != null) {
pubKey = cert.getCert().getPublicKey();
} else {
PublicKey p11PublicKey = getPublicKeyObject(session, id, null);
if (p11PublicKey == null) {
LOG.info("neither certificate nor public key for the key (" + hex(id) + " is available");
return;
}
pubKey = generatePublicKey(p11PublicKey);
}
P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(privKey.getLabel()));
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), privKey, pubKey, certs);
refreshResult.addIdentity(identity);
}
Also used :
DSAPublicKey(iaik.pkcs.pkcs11.objects.DSAPublicKey)
RSAPublicKey(iaik.pkcs.pkcs11.objects.RSAPublicKey)
SM2PublicKey(iaik.pkcs.pkcs11.objects.SM2PublicKey)
ECPublicKey(iaik.pkcs.pkcs11.objects.ECPublicKey)
PublicKey(iaik.pkcs.pkcs11.objects.PublicKey)
X509Cert(org.xipki.security.X509Cert)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with P11SlotRefreshResult
use of org.xipki.security.pkcs11.P11SlotRefreshResult in project xipki by xipki.
the class ProxyP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
P11SlotRefreshResult refreshResult = new P11SlotRefreshResult();
// mechanisms
List<Long> mechs = getMechanismsFromServer();
for (Long mech : mechs) {
refreshResult.addMechanism(mech);
}
// certificates
List<P11ObjectIdentifier> certIds = getObjectIdsFromServer(P11ProxyConstants.ACTION_GET_CERT_IDS);
for (P11ObjectIdentifier certId : certIds) {
X509Cert cert = getCertificate(certId);
if (cert != null) {
refreshResult.addCertificate(certId, cert);
}
}
List<P11ObjectIdentifier> keyIds = getObjectIdsFromServer(P11ProxyConstants.ACTION_GET_IDENTITY_IDS);
for (P11ObjectIdentifier keyId : keyIds) {
byte[] id = keyId.getId();
java.security.PublicKey pubKey = null;
X509Cert cert = refreshResult.getCertForId(id);
if (cert != null) {
pubKey = cert.getCert().getPublicKey();
} else {
pubKey = getPublicKey(keyId);
}
P11EntityIdentifier entityId = new P11EntityIdentifier(slotId, keyId);
ProxyP11Identity identity;
if (pubKey == null) {
identity = new ProxyP11Identity(this, entityId);
} else {
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
identity = new ProxyP11Identity(this, entityId, pubKey, certs);
}
refreshResult.addIdentity(identity);
}
return refreshResult;
}
Also used :
Asn1P11EntityIdentifier(org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
PublicKey(java.security.PublicKey)
X509Certificate(java.security.cert.X509Certificate)
P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult)
X509Cert(org.xipki.security.X509Cert)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Asn1P11ObjectIdentifier(org.xipki.p11proxy.msg.Asn1P11ObjectIdentifier)
Example 3 with P11SlotRefreshResult
use of org.xipki.security.pkcs11.P11SlotRefreshResult in project xipki by xipki.
the class EmulatorP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
P11SlotRefreshResult ret = new P11SlotRefreshResult();
for (long mech : supportedMechs) {
ret.addMechanism(mech);
}
// Secret Keys
File[] secKeyInfoFiles = secKeyDir.listFiles(INFO_FILENAME_FILTER);
if (secKeyInfoFiles != null && secKeyInfoFiles.length != 0) {
for (File secKeyInfoFile : secKeyInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(secKeyInfoFile.getName());
String hexId = hex(id);
try {
Properties props = loadProperties(secKeyInfoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
byte[] encodedValue = IoUtil.read(new File(secKeyDir, hexId + VALUE_FILE_SUFFIX));
KeyStore ks = KeyStore.getInstance("JCEKS");
ks.load(new ByteArrayInputStream(encodedValue), password);
SecretKey key = null;
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (ks.isKeyEntry(alias)) {
key = (SecretKey) ks.getKey(alias, password);
break;
}
}
EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), key, maxSessions, random);
LOG.info("added PKCS#11 secret key {}", p11ObjId);
ret.addIdentity(identity);
} catch (ClassCastException ex) {
LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
continue;
} catch (Throwable th) {
LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
continue;
}
}
}
// Certificates
File[] certInfoFiles = certDir.listFiles(INFO_FILENAME_FILTER);
if (certInfoFiles != null) {
for (File infoFile : certInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(infoFile.getName());
Properties props = loadProperties(infoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier objId = new P11ObjectIdentifier(id, label);
try {
X509Cert cert = readCertificate(id);
ret.addCertificate(objId, cert);
} catch (CertificateException | IOException ex) {
LOG.warn("could not parse certificate " + objId);
}
}
}
// Private / Public keys
File[] privKeyInfoFiles = privKeyDir.listFiles(INFO_FILENAME_FILTER);
if (privKeyInfoFiles != null && privKeyInfoFiles.length != 0) {
for (File privKeyInfoFile : privKeyInfoFiles) {
byte[] id = getKeyIdFromInfoFilename(privKeyInfoFile.getName());
String hexId = hex(id);
try {
Properties props = loadProperties(privKeyInfoFile);
String label = props.getProperty(PROP_LABEL);
P11ObjectIdentifier p11ObjId = new P11ObjectIdentifier(id, label);
X509Cert cert = ret.getCertForId(id);
java.security.PublicKey publicKey = (cert == null) ? readPublicKey(id) : cert.getCert().getPublicKey();
if (publicKey == null) {
LOG.warn("Neither public key nor certificate is associated with private key {}", p11ObjId);
continue;
}
byte[] encodedValue = IoUtil.read(new File(privKeyDir, hexId + VALUE_FILE_SUFFIX));
PKCS8EncryptedPrivateKeyInfo epki = new PKCS8EncryptedPrivateKeyInfo(encodedValue);
PrivateKey privateKey = privateKeyCryptor.decrypt(epki);
X509Certificate[] certs = (cert == null) ? null : new X509Certificate[] { cert.getCert() };
EmulatorP11Identity identity = new EmulatorP11Identity(this, new P11EntityIdentifier(slotId, p11ObjId), privateKey, publicKey, certs, maxSessions, random);
LOG.info("added PKCS#11 key {}", p11ObjId);
ret.addIdentity(identity);
} catch (InvalidKeyException ex) {
LogUtil.warn(LOG, ex, "InvalidKeyException while initializing key with key-id " + hexId);
continue;
} catch (Throwable th) {
LOG.error("unexpected exception while initializing key with key-id " + hexId, th);
continue;
}
}
}
return ret;
}
Also used :
PrivateKey(java.security.PrivateKey)
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
CertificateException(java.security.cert.CertificateException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Properties(java.util.Properties)
X509Cert(org.xipki.security.X509Cert)
PublicKey(java.security.PublicKey)
IOException(java.io.IOException)
PKCS8EncryptedPrivateKeyInfo(org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo)
InvalidKeyException(java.security.InvalidKeyException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
SecretKey(javax.crypto.SecretKey)
P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult)
ByteArrayInputStream(java.io.ByteArrayInputStream)
File(java.io.File)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Example 4 with P11SlotRefreshResult
use of org.xipki.security.pkcs11.P11SlotRefreshResult in project xipki by xipki.
the class IaikP11Slot method refresh0.
@Override
protected P11SlotRefreshResult refresh0() throws P11TokenException {
Mechanism[] mechanisms;
try {
mechanisms = slot.getToken().getMechanismList();
} catch (TokenException ex) {
throw new P11TokenException("could not getMechanismList: " + ex.getMessage(), ex);
}
P11SlotRefreshResult ret = new P11SlotRefreshResult();
if (mechanisms != null) {
for (Mechanism mech : mechanisms) {
ret.addMechanism(mech.getMechanismCode());
}
}
ConcurrentBagEntry<Session> session = borrowSession();
try {
// secret keys
List<SecretKey> secretKeys = getAllSecretKeyObjects(session.value());
for (SecretKey secKey : secretKeys) {
byte[] keyId = secKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
continue;
}
analyseSingleKey(secKey, ret);
}
// first get the list of all CA certificates
List<X509PublicKeyCertificate> p11Certs = getAllCertificateObjects(session.value());
for (X509PublicKeyCertificate p11Cert : p11Certs) {
P11ObjectIdentifier objId = new P11ObjectIdentifier(p11Cert.getId().getByteArrayValue(), toString(p11Cert.getLabel()));
ret.addCertificate(objId, parseCert(p11Cert));
}
List<PrivateKey> privKeys = getAllPrivateObjects(session.value());
for (PrivateKey privKey : privKeys) {
byte[] keyId = privKey.getId().getByteArrayValue();
if (keyId == null || keyId.length == 0) {
break;
}
try {
analyseSingleKey(session.value(), privKey, ret);
} catch (XiSecurityException ex) {
LogUtil.error(LOG, ex, "XiSecurityException while initializing private key " + "with id " + hex(keyId));
continue;
} catch (Throwable th) {
String label = "";
if (privKey.getLabel() != null) {
label = new String(privKey.getLabel().getCharArrayValue());
}
LOG.error("unexpected exception while initializing private key with id " + hex(keyId) + " and label " + label, th);
continue;
}
}
return ret;
} finally {
sessions.requite(session);
}
}
Also used :
RSAPrivateKey(iaik.pkcs.pkcs11.objects.RSAPrivateKey)
ECPrivateKey(iaik.pkcs.pkcs11.objects.ECPrivateKey)
SM2PrivateKey(iaik.pkcs.pkcs11.objects.SM2PrivateKey)
PrivateKey(iaik.pkcs.pkcs11.objects.PrivateKey)
DSAPrivateKey(iaik.pkcs.pkcs11.objects.DSAPrivateKey)
P11TokenException(org.xipki.security.exception.P11TokenException)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
Mechanism(iaik.pkcs.pkcs11.Mechanism)
ValuedSecretKey(iaik.pkcs.pkcs11.objects.ValuedSecretKey)
SecretKey(iaik.pkcs.pkcs11.objects.SecretKey)
XiSecurityException(org.xipki.security.exception.XiSecurityException)
P11SlotRefreshResult(org.xipki.security.pkcs11.P11SlotRefreshResult)
P11TokenException(org.xipki.security.exception.P11TokenException)
TokenException(iaik.pkcs.pkcs11.TokenException)
X509PublicKeyCertificate(iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Session(iaik.pkcs.pkcs11.Session)
Example 5 with P11SlotRefreshResult
use of org.xipki.security.pkcs11.P11SlotRefreshResult in project xipki by xipki.
the class IaikP11Slot method analyseSingleKey.
private void analyseSingleKey(SecretKey secretKey, P11SlotRefreshResult refreshResult) {
byte[] id = secretKey.getId().getByteArrayValue();
P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(secretKey.getLabel()));
IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), secretKey);
refreshResult.addIdentity(identity);
}
Also used :
P11EntityIdentifier(org.xipki.security.pkcs11.P11EntityIdentifier)
P11ObjectIdentifier(org.xipki.security.pkcs11.P11ObjectIdentifier)
Aggregations
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)5
P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)4
X509Certificate (java.security.cert.X509Certificate)3
X509Cert (org.xipki.security.X509Cert)3
P11SlotRefreshResult (org.xipki.security.pkcs11.P11SlotRefreshResult)3
PublicKey (java.security.PublicKey)2
DEROctetString (org.bouncycastle.asn1.DEROctetString)2
Mechanism (iaik.pkcs.pkcs11.Mechanism)1
Session (iaik.pkcs.pkcs11.Session)1
TokenException (iaik.pkcs.pkcs11.TokenException)1
DSAPrivateKey (iaik.pkcs.pkcs11.objects.DSAPrivateKey)1
DSAPublicKey (iaik.pkcs.pkcs11.objects.DSAPublicKey)1
ECPrivateKey (iaik.pkcs.pkcs11.objects.ECPrivateKey)1
ECPublicKey (iaik.pkcs.pkcs11.objects.ECPublicKey)1
PrivateKey (iaik.pkcs.pkcs11.objects.PrivateKey)1
PublicKey (iaik.pkcs.pkcs11.objects.PublicKey)1
RSAPrivateKey (iaik.pkcs.pkcs11.objects.RSAPrivateKey)1
RSAPublicKey (iaik.pkcs.pkcs11.objects.RSAPublicKey)1
SM2PrivateKey (iaik.pkcs.pkcs11.objects.SM2PrivateKey)1
SM2PublicKey (iaik.pkcs.pkcs11.objects.SM2PublicKey)1
