private byte[] digestKey0(Session session, int digestLen, Mechanism mechanism, SecretKey key) throws TokenException { session.digestInit(mechanism); session.digestKey(key); byte[] digest = new byte[digestLen]; session.digestFinal(digest, 0, digestLen); return digest; }
private static List<Storage> getObjects(final Session session, final Storage template, final int maxNo) throws P11TokenException { List<Storage> objList = new LinkedList<>(); try { session.findObjectsInit(template); while (objList.size() < maxNo) { iaik.pkcs.pkcs11.objects.Object[] foundObjects = session.findObjects(1); if (foundObjects == null || foundObjects.length == 0) { break; } for (iaik.pkcs.pkcs11.objects.Object object : foundObjects) { if (LOG.isTraceEnabled()) { LOG.debug("found object: {}", object); } objList.add((Storage) object); } } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { try { session.findObjectsFinal(); } catch (Exception ex) { // CHECKSTYLE:SKIP } } return objList; } // method getObjects
/** * Digests the given data with the mechanism given to the digestInit method. * This method finalizes the current digesting operation; i.e. the * application need (and should) not call digestFinal() after this call. For * digesting multiple pieces of data use digestUpdate and digestFinal. * * @param data * The data to digest. * @return The digested data. * @exception TokenException * If digesting the data failed. * @preconditions (data <> null) * @postconditions (result <> null) */ public int digest(byte[] in, int inOfs, int inLen, byte[] digest, int digestOfs, int digestLen) throws TokenException { digestUpdate(in, inOfs, inLen); return digestFinal(digest, digestOfs, digestLen); }
@Override protected P11ObjectIdentifier addCert0(X509Certificate cert, P11NewObjectControl control) throws P11TokenException { ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); X509PublicKeyCertificate newCertTemp = createPkcs11Template(session, new X509Cert(cert), control); X509PublicKeyCertificate newCert = (X509PublicKeyCertificate) session.createObject(newCertTemp); return new P11ObjectIdentifier(newCert.getId().getByteArrayValue(), new String(newCert.getLabel().getCharArrayValue())); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
private int removeObjects(final Storage template, final String desc) throws P11TokenException { Session session = borrowWritableSession(); try { List<Storage> objects = getObjects(session, template); for (Storage obj : objects) { session.destroyObject(obj); } return objects.size(); } catch (TokenException ex) { LogUtil.error(LOG, ex, "could not remove " + desc); throw new P11TokenException(ex.getMessage(), ex); } finally { returnWritableSession(session); } }
@Override public void close() { if (slot != null) { try { LOG.info("close all sessions on token: {}", slot.getSlotID()); if (writableSession != null) { writableSession.closeSession(); } for (ConcurrentBagEntry<Session> session : sessions.values()) { session.value().closeSession(); } } catch (Throwable th) { LogUtil.error(LOG, th, "could not slot.getToken().closeAllSessions()"); } slot = null; } // clear the session pool sessions.close(); countSessions.lazySet(0); }
template.getId().setByteArrayValue(id); try { key = (SecretKey) session.generateKey(mech, template); } catch (TokenException ex) { throw new P11TokenException("could not generate generic secret key using "
@Override protected void updateCertificate0(final P11ObjectIdentifier objectId, final X509Certificate newCert) throws P11TokenException { removeCerts(objectId); try { Thread.sleep(1000); } catch (InterruptedException ex) { // CHECKSTYLE:SKIP } X509PublicKeyCertificate newCertTemp = createPkcs11Template(new X509Cert(newCert), objectId.id(), objectId.labelChars()); Session session = borrowWritableSession(); try { session.createObject(newCertTemp); } catch (TokenException ex) { throw new P11TokenException("could not createObject: " + ex.getMessage(), ex); } finally { returnWritableSession(session); } }
@Override protected void removeCerts0(final P11ObjectIdentifier objectId) throws P11TokenException { X509PublicKeyCertificate[] existingCerts = getCertificateObjects(objectId.id(), objectId.labelChars()); if (existingCerts == null || existingCerts.length == 0) { LOG.warn("could not find certificates " + objectId); return; } Session session = borrowWritableSession(); try { for (X509PublicKeyCertificate cert : existingCerts) { session.destroyObject(cert); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { returnWritableSession(session); } }
@Override public final void close() { if (slot != null) { try { LOG.info("close all sessions on token: {}", slot.getSlotID()); for (ConcurrentBagEntry<Session> session : sessions.values()) { session.value().closeSession(); } } catch (Throwable th) { LogUtil.error(LOG, th, "could not slot.getToken().closeAllSessions()"); } slot = null; } // clear the session pool sessions.close(); countSessions.lazySet(0); }
key = (SecretKey) session.generateKey(mechanism, template); } catch (TokenException ex) { throw new P11TokenException("could not generate generic secret key using "
private static boolean labelExists(final Session session, final String keyLabel) throws P11TokenException { ParamUtil.requireNonBlank("keyLabel", keyLabel); Key key = new Key(); key.getLabel().setCharArrayValue(keyLabel.toCharArray()); Object[] objects; try { session.findObjectsInit(key); objects = session.findObjects(1); session.findObjectsFinal(); if (objects.length > 0) { return true; } X509PublicKeyCertificate cert = new X509PublicKeyCertificate(); cert.getLabel().setCharArrayValue(keyLabel.toCharArray()); session.findObjectsInit(cert); objects = session.findObjects(1); session.findObjectsFinal(); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } return objects.length > 0; }
session.digestInit(Mechanism.get(mechanism)); session.digestKey((SecretKey) signingKey); byte[] digest = new byte[digestLen]; session.digestFinal(digest, 0, digestLen); return digest; } catch (TokenException e) {
@Override protected void addCert0(final P11ObjectIdentifier objectId, final X509Certificate cert) throws P11TokenException { X509PublicKeyCertificate newCaCertTemp = createPkcs11Template( new X509Cert(cert), objectId.id(), objectId.labelChars()); Session session = borrowWritableSession(); try { session.createObject(newCaCertTemp); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { returnWritableSession(session); } }
if (secretKey != null) { try { session.destroyObject(secretKey); } catch (TokenException ex) { String msg = "could not delete secret key " + objectId; if (privKey != null) { try { session.destroyObject(privKey); } catch (TokenException ex) { String msg = "could not delete private key " + objectId; if (pubKey != null) { try { session.destroyObject(pubKey); } catch (TokenException ex) { String msg = "could not delete public key " + objectId; for (int i = 0; i < certs.length; i++) { try { session.destroyObject(certs[i]); } catch (TokenException ex) { String msg = "could not delete certificate " + objectId;
private static boolean idExists(final Session session, final byte[] keyId) throws P11TokenException { Key key = new Key(); key.getId().setByteArrayValue(keyId); Object[] objects; try { session.findObjectsInit(key); objects = session.findObjects(1); session.findObjectsFinal(); if (objects.length > 0) { return true; } X509PublicKeyCertificate cert = new X509PublicKeyCertificate(); cert.getId().setByteArrayValue(keyId); session.findObjectsInit(cert); objects = session.findObjects(1); session.findObjectsFinal(); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } return objects.length > 0; }
@Override protected void updateCertificate0(P11ObjectIdentifier keyId, X509Certificate newCert) throws P11TokenException { try { removeCerts(keyId); } catch (P11UnknownEntityException ex) { // CHECKSTYLE: certificates do not exist, do nothing } try { Thread.sleep(1000); } catch (InterruptedException ex) { // CHECKSTYLE:SKIP } P11NewObjectControl control = new P11NewObjectControl(keyId.getId(), keyId.getLabel()); ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); X509PublicKeyCertificate newCertTemp = createPkcs11Template(session, new X509Cert(newCert), control); session.createObject(newCertTemp); } catch (TokenException ex) { throw new P11TokenException("could not createObject: " + ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
private int removeObjects(Storage template, String desc) throws P11TokenException { ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); List<Storage> objects = getObjects(session, template); for (Storage obj : objects) { if (vendor == Vendor.YUBIKEY) { if (obj instanceof X509PublicKeyCertificate) { throw new P11TokenException("cannot delete certificates in Yubikey token"); } else if (obj instanceof PrivateKey || obj instanceof PublicKey) { // do nothing: In yubikey, the triple (private key, public key, certificate) will be // deleted only be deleting the certificate. } } session.destroyObject(obj); } return objects.size(); } catch (TokenException ex) { LogUtil.error(LOG, ex, "could not remove " + desc); throw new P11TokenException(ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
private static List<Storage> getObjects(Session session, Storage template, int maxNo) throws P11TokenException { List<Storage> objList = new LinkedList<>(); try { session.findObjectsInit(template); while (objList.size() < maxNo) { PKCS11Object[] foundObjects = session.findObjects(1); if (foundObjects == null || foundObjects.length == 0) { break; } for (PKCS11Object object : foundObjects) { logPkcs11ObjectAttributes("found object: ", object); objList.add((Storage) object); } } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { try { session.findObjectsFinal(); } catch (Exception ex) { LogUtil.error(LOG, ex, "session.findObjectsFinal() failed"); } } return objList; } // method getObjects
template.getId().setByteArrayValue(id); try { key = (SecretKey) session.createObject(template); } catch (TokenException ex) { throw new P11TokenException("could not create secret key", ex);