public synchronized P11CryptService getP11CryptService(String moduleName) throws XiSecurityException, P11TokenException { if (p11Conf == null) { throw new IllegalStateException("please set pkcs11ConfFile and then call init() first"); } final String name = getModuleName(moduleName); P11ModuleConf conf = p11Conf.getModuleConf(name); if (conf == null) { throw new XiSecurityException("PKCS#11 module " + name + " is not defined"); } P11CryptService instance = services.get(moduleName); if (instance == null) { P11Module p11Module = p11ModuleFactoryRegister.getP11Module(conf); instance = new P11CryptService(p11Module); LOG.info("added PKCS#11 module {}\n{}", moduleName, instance.getModule().getDescription()); services.put(moduleName, instance); } return instance; }
/** * Signs the content. * @param mechanism * the mechanism * @param parameters * the parameters. Could be {@code null}. * @param content * the content to be signed. * @return the signature. * @throws XiSecurityException * if security error happens * @throws P11TokenException * if token error happens. */ public byte[] sign(long mechanism, P11Params parameters, byte[] content) throws XiSecurityException, P11TokenException { return p11CryptService.getIdentity(identityId).sign(mechanism, parameters, content); }
boolean supportsMechanism(final long mechanism) { try { return p11CryptService.getSlot(identityId.slotId()).supportsMechanism(mechanism); } catch (P11TokenException ex) { return false; } }
P11Slot slot = cryptService.getSlot(slotId); if (slot.supportsMechanism(PKCS11Constants.CKM_RSA_PKCS)) { this.mechanism = PKCS11Constants.CKM_RSA_PKCS; RSAPublicKey rsaPubKey = (RSAPublicKey) cryptService.getIdentity(identityId).getPublicKey(); this.modulusBitLen = rsaPubKey.getModulus().bitLength();
private void engineLoad(String moduleName) throws P11TokenException, XiSecurityException { P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.getModule(); List<P11SlotIdentifier> slotIds = module.getSlotIds(); for (P11SlotIdentifier slotId: slotIds) { P11Slot slot = module.getSlot(slotId); Set<P11ObjectIdentifier> identityIds = slot.getIdentityKeyIds(); for (P11ObjectIdentifier objId : identityIds) { P11Identity identity = slot.getIdentity(objId); X509Certificate[] chain = identity.certificateChain(); if (chain == null || chain.length == 0) { continue; } P11PrivateKey key = new P11PrivateKey(p11Service, identity.getId()); KeyCertEntry keyCertEntry = new KeyCertEntry(key, chain); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keylabel-" + objId.getLabel(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keylabel-" + objId.getLabel(), keyCertEntry); } } } // method engineLoad
public synchronized P11CryptService getP11CryptService(final String moduleName) throws XiSecurityException, P11TokenException { if (p11Conf == null) { throw new IllegalStateException("please set pkcs11ConfFile and then call init() first"); } final String name = getModuleName(moduleName); P11ModuleConf conf = p11Conf.moduleConf(name); if (conf == null) { throw new XiSecurityException("PKCS#11 module " + name + " is not defined"); } P11CryptService instance = services.get(moduleName); if (instance != null) { return instance; } String nativeLib = conf.nativeLibrary(); P11Module p11Module = modules.get(nativeLib); if (p11Module == null) { if (StringUtil.startsWithIgnoreCase(nativeLib, ProxyP11Module.PREFIX)) { p11Module = ProxyP11Module.getInstance(conf); } else if (StringUtil.startsWithIgnoreCase(nativeLib, EmulatorP11Module.PREFIX)) { p11Module = EmulatorP11Module.getInstance(conf); } else { p11Module = IaikP11Module.getInstance(conf); } } modules.put(nativeLib, p11Module); instance = new P11CryptService(p11Module); services.put(moduleName, instance); return instance; }
private void engineLoad(final String moduleName) throws P11TokenException, XiSecurityException { P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.module(); List<P11SlotIdentifier> slotIds = module.slotIdentifiers(); for (P11SlotIdentifier slotId: slotIds) { P11Slot slot = module.getSlot(slotId); Set<P11ObjectIdentifier> identityIds = slot.identityIdentifiers(); for (P11ObjectIdentifier objId : identityIds) { P11Identity identity = slot.getIdentity(objId); X509Certificate[] chain = identity.certificateChain(); if (chain == null || chain.length == 0) { continue; } P11PrivateKey key = new P11PrivateKey(p11Service, identity.identityId()); KeyCertEntry keyCertEntry = new KeyCertEntry(key, chain); keyCerts.put(moduleName + "#slotid-" + slotId.id() + "#keyid-" + objId.idHex(), keyCertEntry); keyCerts.put(moduleName + "#slotid-" + slotId.id() + "#keylabel-" + objId.label(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.index() + "#keyid-" + objId.idHex(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.index() + "#keylabel-" + objId.label(), keyCertEntry); } } } // method engineLoad
@Override public void refreshToken(String type) throws XiSecurityException { if (!TYPE.equalsIgnoreCase(type)) { // Nothing to do return; } Set<String> errorModules = new HashSet<>(2); for (String name : p11CryptServiceFactory.getModuleNames()) { try { p11CryptServiceFactory.getP11CryptService(name).refresh(); } catch (P11TokenException ex) { LogUtil.error(LOG, ex, "could not refresh PKCS#11 module " + name); errorModules.add(name); } } if (!errorModules.isEmpty()) { throw new XiSecurityException("could not refreshed modules " + errorModules); } }
P11Slot slot = cryptService.getSlot(slotId); if (slot.supportsMechanism(PKCS11Constants.CKM_RSA_PKCS)) { this.mechanism = PKCS11Constants.CKM_RSA_PKCS; RSAPublicKey rsaPubKey = (RSAPublicKey) cryptService.getIdentity(identityId).getPublicKey(); this.modulusBitLen = rsaPubKey.getModulus().bitLength();
private void engineLoad(String moduleName) throws P11TokenException, XiSecurityException { P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.getModule(); List<P11SlotIdentifier> slotIds = module.getSlotIds(); for (P11SlotIdentifier slotId: slotIds) { P11Slot slot = module.getSlot(slotId); Set<P11ObjectIdentifier> identityIds = slot.getIdentityKeyIds(); for (P11ObjectIdentifier objId : identityIds) { P11Identity identity = slot.getIdentity(objId); X509Certificate[] chain = identity.certificateChain(); if (chain == null || chain.length == 0) { continue; } P11PrivateKey key = new P11PrivateKey(p11Service, identity.getId()); KeyCertEntry keyCertEntry = new KeyCertEntry(key, chain); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keylabel-" + objId.getLabel(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keylabel-" + objId.getLabel(), keyCertEntry); } } } // method engineLoad
try { p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.module(); P11SlotIdentifier p11SlotId; if (slotId != null) {
/** * Signs the content. * @param mechanism * the mechanism * @param parameters * the parameters. Could be {@code null}. * @param content * the content to be signed. * @return the signature. * @throws XiSecurityException * if security error happens * @throws P11TokenException * if token error happens. */ public byte[] sign(final long mechanism, final P11Params parameters, final byte[] content) throws XiSecurityException, P11TokenException { return p11CryptService.getIdentity(identityId).sign(mechanism, parameters, content); }
public boolean supportsMechanism(long mechanism) { try { return p11CryptService.getSlot(identityId.getSlotId()).supportsMechanism(mechanism); } catch (P11TokenException ex) { return false; } }
P11Slot slot = cryptService.getSlot(slotId); if (slot.supportsMechanism(PKCS11Constants.CKM_RSA_PKCS)) { this.mechanism = PKCS11Constants.CKM_RSA_PKCS; RSAPublicKey rsaPubKey = (RSAPublicKey) cryptService.getIdentity(identityId).publicKey(); this.modulusBitLen = rsaPubKey.getModulus().bitLength();
public synchronized P11CryptService getP11CryptService(String moduleName) throws XiSecurityException, P11TokenException { try { init(); } catch (InvalidConfException ex) { throw new IllegalStateException( "could not initialize P11CryptServiceFactory: " + ex.getMessage(), ex); } if (moduleConfs == null) { throw new IllegalStateException("please set pkcs11ConfFile and then call init() first"); } final String name = getModuleName(moduleName); P11ModuleConf conf = moduleConfs.get(name); if (conf == null) { throw new XiSecurityException("PKCS#11 module " + name + " is not defined"); } P11CryptService instance = services.get(name); if (instance == null) { P11Module p11Module = p11ModuleFactoryRegister.getP11Module(conf); instance = new P11CryptService(p11Module); LOG.info("added PKCS#11 module {}\n{}", name, instance.getModule().getDescription()); services.put(name, instance); } return instance; }
try { p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.getModule(); P11SlotIdentifier p11SlotId; if (slotId != null) {
/** * Signs the content. * @param mechanism * the mechanism * @param parameters * the parameters. Could be {@code null}. * @param content * the content to be signed. * @return the signature. * @throws XiSecurityException * if security error happens * @throws P11TokenException * if token error happens. */ public byte[] sign(long mechanism, P11Params parameters, byte[] content) throws XiSecurityException, P11TokenException { return p11CryptService.getIdentity(identityId).sign(mechanism, parameters, content); }
public boolean supportsMechanism(long mechanism) { try { return p11CryptService.getSlot(identityId.getSlotId()).supportsMechanism(mechanism); } catch (P11TokenException ex) { return false; } }
try { p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.getModule(); P11SlotIdentifier p11SlotId; if (slotId != null) {
private byte[] getPlainSignature() throws XiSecurityException, P11TokenException { byte[] dataToSign; if (outputStream instanceof ByteArrayOutputStream) { dataToSign = ((ByteArrayOutputStream) outputStream).toByteArray(); ((ByteArrayOutputStream) outputStream).reset(); } else { dataToSign = ((DigestOutputStream) outputStream).digest(); ((DigestOutputStream) outputStream).reset(); } return cryptService.getIdentity(identityId).sign(mechanism, null, dataToSign); } }