Example 11 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class LocalP11CryptServicePool method init.
public void init() throws P11TokenException, XiSecurityException {
LOG.info("initializing ...");
if (initialized.get()) {
LOG.info("already initialized, skipping ...");
return;
}
if (p11CryptServiceFactory == null) {
throw new IllegalStateException("securityFactory is not configured");
}
Set<String> moduleNames = p11CryptServiceFactory.getModuleNames();
for (String moduleName : moduleNames) {
P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName);
if (p11Service != null) {
short moduleId = deriveModuleId(moduleName);
String hexModuleId = "0x" + Integer.toHexString(moduleId);
if (p11CryptServices.containsKey(moduleId)) {
throw new P11TokenException("module Id " + moduleId + " for name " + moduleName + " already used, use another module name");
}
p11CryptServices.put(moduleId, p11Service);
LOG.info("map module name '{}' to ID {}({}), access path: " + "'proxy:url=https://<host>:<port>/p11proxy,module={}'", moduleName, moduleId, hexModuleId, hexModuleId);
}
}
initialized.set(true);
LOG.info("initialized");
}
Also used :
P11TokenException(org.xipki.security.exception.P11TokenException)
P11CryptService(org.xipki.security.pkcs11.P11CryptService)
Example 12 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class SecurityAction method getSlot.
protected P11Slot getSlot(String moduleName, int slotIndex) throws XiSecurityException, P11TokenException, IllegalCmdParamException {
P11Module module = getP11Module(moduleName);
P11SlotIdentifier slotId = module.getSlotIdForIndex(slotIndex);
return module.getSlot(slotId);
}
Also used :
P11Module(org.xipki.security.pkcs11.P11Module)
P11SlotIdentifier(org.xipki.security.pkcs11.P11SlotIdentifier)
Example 13 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class ProxyP11Identity method digestSecretKey0.
// method sign0
@Override
protected byte[] digestSecretKey0(long mechanism) throws P11TokenException {
DigestSecretKeyTemplate template = new DigestSecretKeyTemplate(((ProxyP11Slot) slot).getAsn1SlotId(), asn1KeyId, mechanism);
byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_DIGEST_SECRETKEY, template);
ASN1OctetString octetString;
try {
octetString = DEROctetString.getInstance(result);
} catch (IllegalArgumentException ex) {
throw new P11TokenException("the returned result is not OCTET STRING");
}
return (octetString == null) ? null : octetString.getOctets();
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
DigestSecretKeyTemplate(org.xipki.security.pkcs11.proxy.asn1.DigestSecretKeyTemplate)
P11TokenException(org.xipki.security.pkcs11.P11TokenException)
Example 14 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class ProxyP11Identity method sign0.
@Override
protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws P11TokenException {
org.xipki.security.pkcs11.proxy.asn1.P11Params p11Param = null;
if (parameters != null) {
if (parameters instanceof P11RSAPkcsPssParams) {
p11Param = new org.xipki.security.pkcs11.proxy.asn1.P11Params(org.xipki.security.pkcs11.proxy.asn1.P11Params.TAG_RSA_PKCS_PSS, new RSAPkcsPssParams((P11RSAPkcsPssParams) parameters));
} else if (parameters instanceof P11ByteArrayParams) {
byte[] bytes = ((P11ByteArrayParams) parameters).getBytes();
p11Param = new org.xipki.security.pkcs11.proxy.asn1.P11Params(org.xipki.security.pkcs11.proxy.asn1.P11Params.TAG_OPAQUE, new DEROctetString(bytes));
} else if (parameters instanceof P11IVParams) {
p11Param = new org.xipki.security.pkcs11.proxy.asn1.P11Params(org.xipki.security.pkcs11.proxy.asn1.P11Params.TAG_IV, new DEROctetString(((P11IVParams) parameters).getIV()));
} else {
throw new IllegalArgumentException("unkown parameter 'parameters'");
}
}
SignTemplate signTemplate = new SignTemplate(((ProxyP11Slot) slot).getAsn1SlotId(), asn1KeyId, mechanism, p11Param, content);
byte[] result = ((ProxyP11Slot) slot).getModule().send(P11ProxyConstants.ACTION_SIGN, signTemplate);
ASN1OctetString octetString;
try {
octetString = DEROctetString.getInstance(result);
} catch (IllegalArgumentException ex) {
throw new P11TokenException("the returned result is not OCTET STRING");
}
return (octetString == null) ? null : octetString.getOctets();
}
Also used :
ASN1OctetString(org.bouncycastle.asn1.ASN1OctetString)
P11TokenException(org.xipki.security.pkcs11.P11TokenException)
P11Params(org.xipki.security.pkcs11.P11Params)
DEROctetString(org.bouncycastle.asn1.DEROctetString)
P11ByteArrayParams(org.xipki.security.pkcs11.P11Params.P11ByteArrayParams)
SignTemplate(org.xipki.security.pkcs11.proxy.asn1.SignTemplate)
P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11Params.P11RSAPkcsPssParams)
P11IVParams(org.xipki.security.pkcs11.P11Params.P11IVParams)
P11RSAPkcsPssParams(org.xipki.security.pkcs11.P11Params.P11RSAPkcsPssParams)
RSAPkcsPssParams(org.xipki.security.pkcs11.proxy.asn1.RSAPkcsPssParams)
Example 15 with P11TokenException
use of org.xipki.security.pkcs11.P11TokenException in project xipki by xipki.
the class ProxyP11Module method refresh.
public void refresh() throws P11TokenException {
byte[] resp = send(P11ProxyConstants.ACTION_GET_SERVER_CAPS, null);
ServerCaps caps;
try {
caps = ServerCaps.getInstance(resp);
} catch (BadAsn1ObjectException ex) {
throw new P11TokenException("response is a valid Asn1ServerCaps", ex);
}
if (!caps.getVersions().contains(version)) {
throw new P11TokenException("Server does not support any version supported by the client");
}
this.readOnly = caps.isReadOnly();
resp = send(P11ProxyConstants.ACTION_GET_SLOT_IDS, null);
ASN1Sequence seq;
try {
seq = ASN1Sequence.getInstance(resp);
} catch (IllegalArgumentException ex) {
throw new P11TokenException("response is not ASN1Sequence", ex);
}
final int n = seq.size();
Set<P11Slot> slots = new HashSet<>();
for (int i = 0; i < n; i++) {
SlotIdentifier asn1SlotId;
try {
ASN1Encodable obj = seq.getObjectAt(i);
asn1SlotId = SlotIdentifier.getInstance(obj);
} catch (Exception ex) {
throw new P11TokenException(ex.getMessage(), ex);
}
P11SlotIdentifier slotId = asn1SlotId.getValue();
if (!conf.isSlotIncluded(slotId)) {
continue;
}
if (!conf.isSlotIncluded(slotId)) {
LOG.info("skipped slot {}", slotId);
continue;
}
P11Slot slot = new ProxyP11Slot(this, slotId, conf.isReadOnly(), conf.getP11MechanismFilter(), conf.getNumSessions(), conf.getSecretKeyTypes(), conf.getKeyPairTypes());
slots.add(slot);
}
setSlots(slots);
}
Also used :
BadAsn1ObjectException(org.xipki.security.BadAsn1ObjectException)
MalformedURLException(java.net.MalformedURLException)
ServerCaps(org.xipki.security.pkcs11.proxy.asn1.ServerCaps)
ASN1Sequence(org.bouncycastle.asn1.ASN1Sequence)
SlotIdentifier(org.xipki.security.pkcs11.proxy.asn1.SlotIdentifier)
ASN1Encodable(org.bouncycastle.asn1.ASN1Encodable)
BadAsn1ObjectException(org.xipki.security.BadAsn1ObjectException)
HashSet(java.util.HashSet)
Aggregations
P11TokenException (org.xipki.security.exception.P11TokenException)15
P11EntityIdentifier (org.xipki.security.pkcs11.P11EntityIdentifier)11
P11TokenException (org.xipki.security.pkcs11.P11TokenException)11
P11ObjectIdentifier (org.xipki.security.pkcs11.P11ObjectIdentifier)9
XiSecurityException (org.xipki.security.exception.XiSecurityException)8
P11CryptService (org.xipki.security.pkcs11.P11CryptService)7
P11Module (org.xipki.security.pkcs11.P11Module)6
P11SlotIdentifier (org.xipki.security.pkcs11.P11SlotIdentifier)6
TokenException (iaik.pkcs.pkcs11.TokenException)4
PublicKey (java.security.PublicKey)4
DEROctetString (org.bouncycastle.asn1.DEROctetString)4
Asn1P11EntityIdentifier (org.xipki.p11proxy.msg.Asn1P11EntityIdentifier)4
P11Params (org.xipki.security.pkcs11.P11Params)4
P11Slot (org.xipki.security.pkcs11.P11Slot)4
Mechanism (iaik.pkcs.pkcs11.Mechanism)3
Session (iaik.pkcs.pkcs11.Session)3
PKCS11Exception (iaik.pkcs.pkcs11.wrapper.PKCS11Exception)3
IOException (java.io.IOException)3
HashSet (java.util.HashSet)3
BadAsn1ObjectException (org.xipki.security.exception.BadAsn1ObjectException)3
