private Session openSession(final boolean rwSession) throws P11TokenException { Session session; try { session = slot.getToken().openSession(Token.SessionType.SERIAL_SESSION, rwSession, null, null); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } countSessions.incrementAndGet(); return session; }
private void singleLogin(Session session, char[] pin) throws P11TokenException { char[] tmpPin = pin; // some driver does not accept null PIN if (pin == null) { tmpPin = new char[]{}; } try { session.login(userType, tmpPin); LOG.info("login successful as user " + userTypeText); } catch (TokenException ex) { // 0x100: user already logged in if (ex instanceof PKCS11Exception && ((PKCS11Exception) ex).getErrorCode() == 0x100) { LOG.info("user already logged in"); } else { LOG.info("login failed as user " + userTypeText); throw new P11TokenException( "login failed as user " + userTypeText + ": " + ex.getMessage(), ex); } } }
private static List<Storage> getObjects(final Session session, final Storage template, final int maxNo) throws P11TokenException { List<Storage> objList = new LinkedList<>(); try { session.findObjectsInit(template); while (objList.size() < maxNo) { iaik.pkcs.pkcs11.objects.Object[] foundObjects = session.findObjects(1); if (foundObjects == null || foundObjects.length == 0) { break; } for (iaik.pkcs.pkcs11.objects.Object object : foundObjects) { if (LOG.isTraceEnabled()) { LOG.debug("found object: {}", object); } objList.add((Storage) object); } } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { try { session.findObjectsFinal(); } catch (Exception ex) { // CHECKSTYLE:SKIP } } return objList; } // method getObjects
private Session openSession() throws P11TokenException { Session session; try { boolean rw = !isReadOnly(); session = slot.getToken().openSession(Token.SessionType.SERIAL_SESSION, rw, null, null); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } countSessions.incrementAndGet(); return session; }
private static boolean checkSessionLoggedIn(final Session session) throws P11TokenException { SessionInfo info; try { info = session.getSessionInfo(); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } if (LOG.isTraceEnabled()) { LOG.debug("SessionInfo: {}", info); } State state = info.getState(); long deviceError = info.getDeviceError(); LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, deviceError); boolean isRwSessionLoggedIn = state.equals(State.RW_USER_FUNCTIONS); boolean isRoSessionLoggedIn = state.equals(State.RO_USER_FUNCTIONS); boolean sessionLoggedIn = ((isRoSessionLoggedIn || isRwSessionLoggedIn) && deviceError == 0); LOG.debug("sessionLoggedIn: {}", sessionLoggedIn); return sessionLoggedIn; }
private boolean checkSessionLoggedIn(Session session) throws P11TokenException { SessionInfo info; try { info = session.getSessionInfo(); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } if (LOG.isTraceEnabled()) { LOG.debug("SessionInfo: {}", info); } State state = info.getState(); long deviceError = info.getDeviceError(); LOG.debug("to be verified PKCS11Module: state = {}, deviceError: {}", state, deviceError); if (deviceError != 0) { LOG.error("deviceError {}", deviceError); return false; } boolean sessionLoggedIn; if (userType == PKCS11Constants.CKU_SO) { sessionLoggedIn = state.equals(State.RW_SO_FUNCTIONS); } else { sessionLoggedIn = state.equals(State.RW_USER_FUNCTIONS) || state.equals(State.RO_USER_FUNCTIONS); } LOG.debug("sessionLoggedIn: {}", sessionLoggedIn); return sessionLoggedIn; }
private static List<Storage> getObjects(Session session, Storage template, int maxNo) throws P11TokenException { List<Storage> objList = new LinkedList<>(); try { session.findObjectsInit(template); while (objList.size() < maxNo) { PKCS11Object[] foundObjects = session.findObjects(1); if (foundObjects == null || foundObjects.length == 0) { break; } for (PKCS11Object object : foundObjects) { logPkcs11ObjectAttributes("found object: ", object); objList.add((Storage) object); } } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { try { session.findObjectsFinal(); } catch (Exception ex) { LogUtil.error(LOG, ex, "session.findObjectsFinal() failed"); } } return objList; } // method getObjects
private int removeObjects(final Storage template, final String desc) throws P11TokenException { Session session = borrowWritableSession(); try { List<Storage> objects = getObjects(session, template); for (Storage obj : objects) { session.destroyObject(obj); } return objects.size(); } catch (TokenException ex) { LogUtil.error(LOG, ex, "could not remove " + desc); throw new P11TokenException(ex.getMessage(), ex); } finally { returnWritableSession(session); } }
private void singleLogin(final Session session, final char[] pin) throws P11TokenException { char[] tmpPin = pin; // some driver does not accept null PIN if (pin == null) { tmpPin = new char[]{}; } try { if (userType == PKCS11Constants.CKU_USER) { session.login(Session.UserType.USER, tmpPin); } else if (userType == PKCS11Constants.CKU_SO) { session.login(Session.UserType.SO, tmpPin); } else { session.login(userType, tmpPin); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } }
@Override protected void removeCerts0(final P11ObjectIdentifier objectId) throws P11TokenException { X509PublicKeyCertificate[] existingCerts = getCertificateObjects(objectId.id(), objectId.labelChars()); if (existingCerts == null || existingCerts.length == 0) { LOG.warn("could not find certificates " + objectId); return; } Session session = borrowWritableSession(); try { for (X509PublicKeyCertificate cert : existingCerts) { session.destroyObject(cert); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { returnWritableSession(session); } }
private void firstLogin(Session session, List<char[]> password) throws P11TokenException { try { boolean isProtectedAuthenticationPath = session.getToken().getTokenInfo().isProtectedAuthenticationPath(); if (isProtectedAuthenticationPath || CollectionUtil.isEmpty(password)) { LOG.info("verify on PKCS11Module with PROTECTED_AUTHENTICATION_PATH"); singleLogin(session, null); } else { LOG.info("verify on PKCS11Module with PIN"); for (char[] singlePwd : password) { singleLogin(session, singlePwd); } this.password = password; } } catch (PKCS11Exception ex) { // 0x100: user already logged in if (ex.getErrorCode() != 0x100) { throw new P11TokenException(ex.getMessage(), ex); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } }
private void firstLogin(final Session session, final List<char[]> password) throws P11TokenException { try { boolean isProtectedAuthenticationPath = session.getToken().getTokenInfo().isProtectedAuthenticationPath(); if (isProtectedAuthenticationPath || CollectionUtil.isEmpty(password)) { LOG.info("verify on PKCS11Module with PROTECTED_AUTHENTICATION_PATH"); singleLogin(session, null); } else { LOG.info("verify on PKCS11Module with PIN"); for (char[] singlePwd : password) { singleLogin(session, singlePwd); } this.password = password; } } catch (PKCS11Exception ex) { // 0x100: user already logged in if (ex.getErrorCode() != 0x100) { throw new P11TokenException(ex.getMessage(), ex); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } }
@Override protected P11ObjectIdentifier addCert0(X509Certificate cert, P11NewObjectControl control) throws P11TokenException { ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); X509PublicKeyCertificate newCertTemp = createPkcs11Template(session, new X509Cert(cert), control); X509PublicKeyCertificate newCert = (X509PublicKeyCertificate) session.createObject(newCertTemp); return new P11ObjectIdentifier(newCert.getId().getByteArrayValue(), new String(newCert.getLabel().getCharArrayValue())); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
@Override protected void updateCertificate0(final P11ObjectIdentifier objectId, final X509Certificate newCert) throws P11TokenException { removeCerts(objectId); try { Thread.sleep(1000); } catch (InterruptedException ex) { // CHECKSTYLE:SKIP } X509PublicKeyCertificate newCertTemp = createPkcs11Template(new X509Cert(newCert), objectId.id(), objectId.labelChars()); Session session = borrowWritableSession(); try { session.createObject(newCertTemp); } catch (TokenException ex) { throw new P11TokenException("could not createObject: " + ex.getMessage(), ex); } finally { returnWritableSession(session); } }
private int removeObjects(Storage template, String desc) throws P11TokenException { ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); List<Storage> objects = getObjects(session, template); for (Storage obj : objects) { if (vendor == Vendor.YUBIKEY) { if (obj instanceof X509PublicKeyCertificate) { throw new P11TokenException("cannot delete certificates in Yubikey token"); } else if (obj instanceof PrivateKey || obj instanceof PublicKey) { // do nothing: In yubikey, the triple (private key, public key, certificate) will be // deleted only be deleting the certificate. } } session.destroyObject(obj); } return objects.size(); } catch (TokenException ex) { LogUtil.error(LOG, ex, "could not remove " + desc); throw new P11TokenException(ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
@Override protected void removeCerts0(P11ObjectIdentifier objectId) throws P11TokenException { if (vendor == Vendor.YUBIKEY) { throw new P11TokenException("Unsupported operation removeCerts() in yubikey token"); } ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); X509PublicKeyCertificate[] existingCerts = getCertificateObjects(session, objectId.getId(), objectId.getLabelChars()); if (existingCerts == null || existingCerts.length == 0) { LOG.warn("could not find certificates " + objectId); return; } for (X509PublicKeyCertificate cert : existingCerts) { session.destroyObject(cert); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
@Override protected void addCert0(final P11ObjectIdentifier objectId, final X509Certificate cert) throws P11TokenException { X509PublicKeyCertificate newCaCertTemp = createPkcs11Template( new X509Cert(cert), objectId.id(), objectId.labelChars()); Session session = borrowWritableSession(); try { session.createObject(newCaCertTemp); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { returnWritableSession(session); } }
private static boolean labelExists(final Session session, final String keyLabel) throws P11TokenException { ParamUtil.requireNonBlank("keyLabel", keyLabel); Key key = new Key(); key.getLabel().setCharArrayValue(keyLabel.toCharArray()); Object[] objects; try { session.findObjectsInit(key); objects = session.findObjects(1); session.findObjectsFinal(); if (objects.length > 0) { return true; } X509PublicKeyCertificate cert = new X509PublicKeyCertificate(); cert.getLabel().setCharArrayValue(keyLabel.toCharArray()); session.findObjectsInit(cert); objects = session.findObjects(1); session.findObjectsFinal(); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } return objects.length > 0; }
@Override protected void updateCertificate0(P11ObjectIdentifier keyId, X509Certificate newCert) throws P11TokenException { try { removeCerts(keyId); } catch (P11UnknownEntityException ex) { // CHECKSTYLE: certificates do not exist, do nothing } try { Thread.sleep(1000); } catch (InterruptedException ex) { // CHECKSTYLE:SKIP } P11NewObjectControl control = new P11NewObjectControl(keyId.getId(), keyId.getLabel()); ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); X509PublicKeyCertificate newCertTemp = createPkcs11Template(session, new X509Cert(newCert), control); session.createObject(newCertTemp); } catch (TokenException ex) { throw new P11TokenException("could not createObject: " + ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
private static boolean idExists(final Session session, final byte[] keyId) throws P11TokenException { Key key = new Key(); key.getId().setByteArrayValue(keyId); Object[] objects; try { session.findObjectsInit(key); objects = session.findObjects(1); session.findObjectsFinal(); if (objects.length > 0) { return true; } X509PublicKeyCertificate cert = new X509PublicKeyCertificate(); cert.getId().setByteArrayValue(keyId); session.findObjectsInit(cert); objects = session.findObjects(1); session.findObjectsFinal(); } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } return objects.length > 0; }