@Override protected void addCert0(final P11ObjectIdentifier objectId, final X509Certificate cert) throws P11TokenException, CertificateException { Asn1EntityIdAndCert asn1 = new Asn1EntityIdAndCert( new P11EntityIdentifier(slotId, objectId), cert); module.send(P11ProxyConstants.ACTION_ADD_CERT, asn1); }
@Override public int compareTo(P11Identity obj) { return identityId.compareTo(obj.identityId); }
public boolean match(final P11EntityIdentifier identityId) { return this.identityId.equals(identityId); }
public void addIdentity(final P11Identity identity) { ParamUtil.requireNonNull("identity", identity); this.identities.put(identity.identityId().objectId(), identity); }
boolean supportsMechanism(final long mechanism) { try { return p11CryptService.getSlot(identityId.slotId()).supportsMechanism(mechanism); } catch (P11TokenException ex) { return false; } }
public boolean match(final P11SlotIdentifier slotId, final String keyLabel) { return identityId.match(slotId, keyLabel); }
@Override public P11ObjectIdentifier generateSecretKey(long keyType, int keysize, String label, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonBlank("label", label); assertWritable("generateSecretKey"); P11Identity identity = generateSecretKey0(keyType, keysize, label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("generated secret key {}", objId); return objId; }
P11ECDSAContentSigner(final P11CryptService cryptService, final P11EntityIdentifier identityId, final AlgorithmIdentifier signatureAlgId, final boolean plain) throws XiSecurityException, P11TokenException { this.cryptService = ParamUtil.requireNonNull("cryptService", cryptService); this.identityId = ParamUtil.requireNonNull("identityId", identityId); this.algorithmIdentifier = ParamUtil.requireNonNull("signatureAlgId", signatureAlgId); try { this.encodedAlgorithmIdentifier = algorithmIdentifier.getEncoded(); } catch (IOException ex) { throw new XiSecurityException("could not encode AlgorithmIdentifier", ex); } this.plain = plain; String algOid = signatureAlgId.getAlgorithm().getId(); HashAlgoType hashAlgo = sigAlgHashMap.get(algOid); if (hashAlgo == null) { throw new XiSecurityException("unsupported signature algorithm " + algOid); } P11Slot slot = cryptService.getSlot(identityId.slotId()); if (slot.supportsMechanism(PKCS11Constants.CKM_ECDSA)) { this.mechanism = PKCS11Constants.CKM_ECDSA; Digest digest = SignerUtil.getDigest(hashAlgo); this.outputStream = new DigestOutputStream(digest); } else { this.mechanism = hashMechMap.get(hashAlgo).longValue(); if (!slot.supportsMechanism(this.mechanism)) { throw new XiSecurityException("unsupported signature algorithm " + algOid); } this.outputStream = new ByteArrayOutputStream(); } }
@Override protected void updateCertificate0(final P11ObjectIdentifier objectId, final X509Certificate newCert) throws P11TokenException, CertificateException { Asn1EntityIdAndCert asn1 = new Asn1EntityIdAndCert( new P11EntityIdentifier(slotId, objectId), newCert); module.send(P11ProxyConstants.ACTION_UPDATE_CERT, asn1); }
protected void addIdentity(final P11Identity identity) throws P11DuplicateEntityException { if (!slotId.equals(identity.identityId().slotId())) { throw new IllegalArgumentException("invalid identity"); } P11ObjectIdentifier objectId = identity.identityId().objectId(); if (hasIdentity(objectId)) { throw new P11DuplicateEntityException(slotId, objectId); } identities.put(objectId, identity); updateCaCertsOfIdentity(identity); }
@Override public P11ObjectIdentifier createSecretKey(long keyType, byte[] keyValue, String label, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonBlank("label", label); assertWritable("createSecretKey"); P11Identity identity = createSecretKey0(keyType, keyValue, label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("created secret key {}", objId); return objId; }
P11SlotIdentifier slotId = identityId.slotId(); P11Slot slot = cryptService.getSlot(slotId); if (slot.supportsMechanism(PKCS11Constants.CKM_DSA)) {
private P11Identity saveP11Entity(final KeyPair keypair, final String label) throws P11TokenException { byte[] id = generateId(); savePkcs11PrivateKey(id, label, keypair.getPrivate()); savePkcs11PublicKey(id, label, keypair.getPublic()); P11EntityIdentifier identityId = new P11EntityIdentifier(slotId, new P11ObjectIdentifier(id, label)); try { return new EmulatorP11Identity(this,identityId, keypair.getPrivate(), keypair.getPublic(), null, maxSessions, random); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException ex) { throw new P11TokenException( "could not construct KeyStoreP11Identity: " + ex.getMessage(), ex); } }
@Override public P11ObjectIdentifier generateRSAKeypair(final int keysize, final BigInteger publicExponent, final String label, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonBlank("label", label); ParamUtil.requireMin("keysize", keysize, 1024); if (keysize % 1024 != 0) { throw new IllegalArgumentException("key size is not multiple of 1024: " + keysize); } assertWritable("generateRSAKeypair"); assertMechanismSupported(PKCS11Constants.CKM_RSA_PKCS_KEY_PAIR_GEN); BigInteger tmpPublicExponent = publicExponent; if (tmpPublicExponent == null) { tmpPublicExponent = BigInteger.valueOf(65537); } P11Identity identity = generateRSAKeypair0(keysize, tmpPublicExponent, label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("generated RSA keypair {}", objId); return objId; }
P11SlotIdentifier slotId = identityId.slotId(); P11Slot slot = cryptService.getSlot(slotId); if (slot.supportsMechanism(PKCS11Constants.CKM_RSA_PKCS)) {
private void analyseSingleKey(final SecretKey secretKey, final P11SlotRefreshResult refreshResult) { byte[] id = secretKey.getId().getByteArrayValue(); P11ObjectIdentifier objectId = new P11ObjectIdentifier(id, toString(secretKey.getLabel())); IaikP11Identity identity = new IaikP11Identity(this, new P11EntityIdentifier(slotId, objectId), secretKey); refreshResult.addIdentity(identity); }
@Override public P11ObjectIdentifier generateECKeypair(final String curveNameOrOid, final String label, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonBlank("curveNameOrOid", curveNameOrOid); ParamUtil.requireNonBlank("label", label); assertWritable("generateECKeypair"); assertMechanismSupported(PKCS11Constants.CKM_EC_KEY_PAIR_GEN); ASN1ObjectIdentifier curveId = AlgorithmUtil.getCurveOidForCurveNameOrOid(curveNameOrOid); if (curveId == null) { throw new IllegalArgumentException("unknown curve " + curveNameOrOid); } P11Identity identity = generateECKeypair0(curveId, label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("generated EC keypair {}", objId); return objId; }
P11SlotIdentifier slotId = identityId.slotId(); P11Slot slot = cryptService.getSlot(slotId); if (slot.supportsMechanism(PKCS11Constants.CKM_RSA_PKCS_PSS)) {