private Session openSession(final boolean rwSession) throws P11TokenException { Session session; try { session = slot.getToken().openSession(Token.SessionType.SERIAL_SESSION, rwSession, null, null); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } countSessions.incrementAndGet(); return session; }
/** * Read the values of the attributes of this object from the token. * * @param session * The session to use for reading attributes. This session must * have the appropriate rights; i.e. it must be a user-session, if * it is a private object. * @exception TokenException * If getting the attributes failed. * @preconditions (session <> null) * @postconditions */ @Override public void readAttributes(Session session) throws TokenException { if (objectHandle == -1) { throw new TokenException( "PKCS11Object handle is not set to an valid value. " + "Use setObjectHandle(long) to set."); } super.readAttributes(session); Enumeration<Attribute> attributeEnumeration = attributeTable.elements(); while (attributeEnumeration.hasMoreElements()) { Attribute attribute = attributeEnumeration.nextElement(); PKCS11Object.getAttributeValue(session, objectHandle, attribute); } }
private void singleLogin(Session session, char[] pin) throws P11TokenException { char[] tmpPin = pin; // some driver does not accept null PIN if (pin == null) { tmpPin = new char[]{}; } try { session.login(userType, tmpPin); LOG.info("login successful as user " + userTypeText); } catch (TokenException ex) { // 0x100: user already logged in if (ex instanceof PKCS11Exception && ((PKCS11Exception) ex).getErrorCode() == 0x100) { LOG.info("user already logged in"); } else { LOG.info("login failed as user " + userTypeText); throw new P11TokenException( "login failed as user " + userTypeText + ": " + ex.getMessage(), ex); } } }
} catch (TokenException e) { throw new TokenException(e);
private static List<Storage> getObjects(final Session session, final Storage template, final int maxNo) throws P11TokenException { List<Storage> objList = new LinkedList<>(); try { session.findObjectsInit(template); while (objList.size() < maxNo) { iaik.pkcs.pkcs11.objects.Object[] foundObjects = session.findObjects(1); if (foundObjects == null || foundObjects.length == 0) { break; } for (iaik.pkcs.pkcs11.objects.Object object : foundObjects) { if (LOG.isTraceEnabled()) { LOG.debug("found object: {}", object); } objList.add((Storage) object); } } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { try { session.findObjectsFinal(); } catch (Exception ex) { // CHECKSTYLE:SKIP } } return objList; } // method getObjects
wrapperInitArgs, omitInitialize); } catch (IOException ex) { throw new TokenException(ex.getMessage(), ex); } catch (sun.security.pkcs11.wrapper.PKCS11Exception ex) { throw new PKCS11Exception(ex);
private Session openSession() throws P11TokenException { Session session; try { boolean rw = !isReadOnly(); session = slot.getToken().openSession(Token.SessionType.SERIAL_SESSION, rw, null, null); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } countSessions.incrementAndGet(); return session; }
private static boolean checkSessionLoggedIn(final Session session) throws P11TokenException { SessionInfo info; try { info = session.getSessionInfo(); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } if (LOG.isTraceEnabled()) { LOG.debug("SessionInfo: {}", info); } State state = info.getState(); long deviceError = info.getDeviceError(); LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, deviceError); boolean isRwSessionLoggedIn = state.equals(State.RW_USER_FUNCTIONS); boolean isRoSessionLoggedIn = state.equals(State.RO_USER_FUNCTIONS); boolean sessionLoggedIn = ((isRoSessionLoggedIn || isRwSessionLoggedIn) && deviceError == 0); LOG.debug("sessionLoggedIn: {}", sessionLoggedIn); return sessionLoggedIn; }
private boolean checkSessionLoggedIn(Session session) throws P11TokenException { SessionInfo info; try { info = session.getSessionInfo(); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } if (LOG.isTraceEnabled()) { LOG.debug("SessionInfo: {}", info); } State state = info.getState(); long deviceError = info.getDeviceError(); LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, deviceError); if (deviceError != 0) { LOG.error("deviceError {}", deviceError); return false; } boolean sessionLoggedIn; if (userType == PKCS11Constants.CKU_SO) { sessionLoggedIn = state.equals(State.RW_SO_FUNCTIONS); } else { sessionLoggedIn = state.equals(State.RW_USER_FUNCTIONS) || state.equals(State.RO_USER_FUNCTIONS); } LOG.debug("sessionLoggedIn: {}", sessionLoggedIn); return sessionLoggedIn; }
private static List<Storage> getObjects(Session session, Storage template, int maxNo) throws P11TokenException { List<Storage> objList = new LinkedList<>(); try { session.findObjectsInit(template); while (objList.size() < maxNo) { PKCS11Object[] foundObjects = session.findObjects(1); if (foundObjects == null || foundObjects.length == 0) { break; } for (PKCS11Object object : foundObjects) { logPkcs11ObjectAttributes("found object: ", object); objList.add((Storage) object); } } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { try { session.findObjectsFinal(); } catch (Exception ex) { LogUtil.error(LOG, ex, "session.findObjectsFinal() failed"); } } return objList; } // method getObjects
private int removeObjects(final Storage template, final String desc) throws P11TokenException { Session session = borrowWritableSession(); try { List<Storage> objects = getObjects(session, template); for (Storage obj : objects) { session.destroyObject(obj); } return objects.size(); } catch (TokenException ex) { LogUtil.error(LOG, ex, "could not remove " + desc); throw new P11TokenException(ex.getMessage(), ex); } finally { returnWritableSession(session); } }
private void singleLogin(final Session session, final char[] pin) throws P11TokenException { char[] tmpPin = pin; // some driver does not accept null PIN if (pin == null) { tmpPin = new char[]{}; } try { if (userType == PKCS11Constants.CKU_USER) { session.login(Session.UserType.USER, tmpPin); } else if (userType == PKCS11Constants.CKU_SO) { session.login(Session.UserType.SO, tmpPin); } else { session.login(userType, tmpPin); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } }
private byte[] singleSign(final long mechanism, final P11Params parameters, final byte[] content, final IaikP11Identity identity) throws P11TokenException { Key signingKey = identity.signingKey(); Mechanism mechanismObj = getMechanism(mechanism, parameters); if (LOG.isTraceEnabled()) { LOG.debug("sign with signing key:\n{}", signingKey); } ConcurrentBagEntry<Session> session0 = borrowSession(); if (session0 == null) { throw new P11TokenException("no idle session available"); } byte[] signature; try { Session session = session0.value(); synchronized (session) { session.signInit(mechanismObj, signingKey); signature = session.sign(content); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { sessions.requite(session0); } if (LOG.isDebugEnabled()) { LOG.debug("signature:\n{}", Hex.toHexString(signature)); } return signature; }
@Override protected void removeCerts0(final P11ObjectIdentifier objectId) throws P11TokenException { X509PublicKeyCertificate[] existingCerts = getCertificateObjects(objectId.id(), objectId.labelChars()); if (existingCerts == null || existingCerts.length == 0) { LOG.warn("could not find certificates " + objectId); return; } Session session = borrowWritableSession(); try { for (X509PublicKeyCertificate cert : existingCerts) { session.destroyObject(cert); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { returnWritableSession(session); } }
msg.append(slot.getSlotInfo()).append("\n"); } catch (TokenException ex) { msg.append("error: " + ex.getMessage());
private void firstLogin(Session session, List<char[]> password) throws P11TokenException { try { boolean isProtectedAuthenticationPath = session.getToken().getTokenInfo().isProtectedAuthenticationPath(); if (isProtectedAuthenticationPath || CollectionUtil.isEmpty(password)) { LOG.info("verify on PKCS11Module with PROTECTED_AUTHENTICATION_PATH"); singleLogin(session, null); } else { LOG.info("verify on PKCS11Module with PIN"); for (char[] singlePwd : password) { singleLogin(session, singlePwd); } this.password = password; } } catch (PKCS11Exception ex) { // 0x100: user already logged in if (ex.getErrorCode() != 0x100) { throw new P11TokenException(ex.getMessage(), ex); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } }
private void firstLogin(final Session session, final List<char[]> password) throws P11TokenException { try { boolean isProtectedAuthenticationPath = session.getToken().getTokenInfo().isProtectedAuthenticationPath(); if (isProtectedAuthenticationPath || CollectionUtil.isEmpty(password)) { LOG.info("verify on PKCS11Module with PROTECTED_AUTHENTICATION_PATH"); singleLogin(session, null); } else { LOG.info("verify on PKCS11Module with PIN"); for (char[] singlePwd : password) { singleLogin(session, singlePwd); } this.password = password; } } catch (PKCS11Exception ex) { // 0x100: user already logged in if (ex.getErrorCode() != 0x100) { throw new P11TokenException(ex.getMessage(), ex); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } }
@Override protected P11ObjectIdentifier addCert0(X509Certificate cert, P11NewObjectControl control) throws P11TokenException { ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); X509PublicKeyCertificate newCertTemp = createPkcs11Template(session, new X509Cert(cert), control); X509PublicKeyCertificate newCert = (X509PublicKeyCertificate) session.createObject(newCertTemp); return new P11ObjectIdentifier(newCert.getId().getByteArrayValue(), new String(newCert.getLabel().getCharArrayValue())); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
@Override protected void updateCertificate0(final P11ObjectIdentifier objectId, final X509Certificate newCert) throws P11TokenException { removeCerts(objectId); try { Thread.sleep(1000); } catch (InterruptedException ex) { // CHECKSTYLE:SKIP } X509PublicKeyCertificate newCertTemp = createPkcs11Template(new X509Cert(newCert), objectId.id(), objectId.labelChars()); Session session = borrowWritableSession(); try { session.createObject(newCertTemp); } catch (TokenException ex) { throw new P11TokenException("could not createObject: " + ex.getMessage(), ex); } finally { returnWritableSession(session); } }
private int removeObjects(Storage template, String desc) throws P11TokenException { ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); List<Storage> objects = getObjects(session, template); for (Storage obj : objects) { if (vendor == Vendor.YUBIKEY) { if (obj instanceof X509PublicKeyCertificate) { throw new P11TokenException("cannot delete certificates in Yubikey token"); } else if (obj instanceof PrivateKey || obj instanceof PublicKey) { // do nothing: In yubikey, the triple (private key, public key, certificate) will be // deleted only be deleting the certificate. } } session.destroyObject(obj); } return objects.size(); } catch (TokenException ex) { LogUtil.error(LOG, ex, "could not remove " + desc); throw new P11TokenException(ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }