public P11IdentityId getIdentityId(byte[] keyId, String keyLabel) { if (keyId == null && keyLabel == null) { return null; } for (P11ObjectIdentifier objectId : identities.keySet()) { boolean match = true; if (keyId != null) { match = objectId.matchesId(keyId); } if (keyLabel != null) { match = keyLabel.equals(objectId.getLabel()); } if (match) { return identities.get(objectId).getId(); } } return null; }
public void addIdentity(P11Identity identity) { ParamUtil.requireNonNull("identity", identity); this.identities.put(identity.getId().getKeyId(), identity); }
public void addIdentity(P11Identity identity) { Args.notNull(identity, "identity"); this.identities.put(identity.getId().getKeyId(), identity); }
public P11IdentityId getIdentityId(byte[] keyId, String keyLabel) { if (keyId == null && keyLabel == null) { return null; } for (P11ObjectIdentifier objectId : identities.keySet()) { boolean match = true; if (keyId != null) { match = objectId.matchesId(keyId); } if (keyLabel != null) { match = keyLabel.equals(objectId.getLabel()); } if (match) { return identities.get(objectId).getId(); } } return null; }
private void updateCaCertsOfIdentity(P11Identity identity) { X509Certificate[] certchain = identity.certificateChain(); if (certchain == null || certchain.length == 0) { return; } X509Certificate[] newCertchain = buildCertPath(certchain[0]); if (!Arrays.equals(certchain, newCertchain)) { try { identity.setCertificates(newCertchain); } catch (P11TokenException ex) { LOG.warn("could not set certificates for identity {}", identity.getId()); } } }
private void updateCaCertsOfIdentity(P11Identity identity) { X509Certificate[] certchain = identity.certificateChain(); if (certchain == null || certchain.length == 0) { return; } X509Certificate[] newCertchain = buildCertPath(certchain[0]); if (!Arrays.equals(certchain, newCertchain)) { try { identity.setCertificates(newCertchain); } catch (P11TokenException ex) { LOG.warn("could not set certificates for identity {}", identity.getId()); } } }
protected void addIdentity(P11Identity identity) throws P11DuplicateEntityException { if (!slotId.equals(identity.getId().getSlotId())) { throw new IllegalArgumentException("invalid identity"); } P11ObjectIdentifier keyId = identity.getId().getKeyId(); if (hasIdentity(keyId)) { throw new P11DuplicateEntityException(slotId, keyId); } identities.put(keyId, identity); updateCaCertsOfIdentity(identity); }
protected void addIdentity(P11Identity identity) throws P11DuplicateEntityException { if (!slotId.equals(identity.getId().getSlotId())) { throw new IllegalArgumentException("invalid identity"); } P11ObjectIdentifier keyId = identity.getId().getKeyId(); if (hasIdentity(keyId)) { throw new P11DuplicateEntityException(slotId, keyId); } identities.put(keyId, identity); updateCaCertsOfIdentity(identity); }
/** * Generates an SM2 keypair. * * @param control * Control of the key generation process. Must not be {@code null}. * @return the identifier of the identity within the PKCS#P11 token. * @throws P11TokenException * if PKCS#11 token exception occurs. */ // CHECKSTYLE:SKIP public P11IdentityId generateSM2Keypair(P11NewKeyControl control) throws P11TokenException { assertCanGenKeypair("generateSM2Keypair", PKCS11Constants.CKM_VENDOR_SM2_KEY_PAIR_GEN, control); P11Identity identity = generateSM2Keypair0(control); addIdentity(identity); P11IdentityId id = identity.getId(); LOG.info("generated SM2 keypair {}", id); return id; }
/** * Generates an SM2 keypair. * * @param control * Control of the key generation process. Must not be {@code null}. * @return the identifier of the identity within the PKCS#P11 token. * @throws P11TokenException * if PKCS#11 token exception occurs. */ // CHECKSTYLE:SKIP public P11IdentityId generateSM2Keypair(P11NewKeyControl control) throws P11TokenException { assertCanGenKeypair("generateSM2Keypair", PKCS11Constants.CKM_VENDOR_SM2_KEY_PAIR_GEN, control); P11Identity identity = generateSM2Keypair0(control); addIdentity(identity); P11IdentityId id = identity.getId(); LOG.info("generated SM2 keypair {}", id); return id; }
/** * Removes the key (private key, public key, secret key, and certificates) associated with * the given identifier {@code objectId}. * * @param keyId * Key identifier. Must not be {@code null}. * @throws P11TokenException * if PKCS#11 token exception occurs. */ public void removeIdentityByKeyId(P11ObjectIdentifier keyId) throws P11TokenException { ParamUtil.requireNonNull("keyId", keyId); assertWritable("removeIdentityByKeyId"); P11IdentityId entityId = null; if (identities.containsKey(keyId)) { entityId = identities.get(keyId).getId(); if (entityId.getCertId() != null) { certificates.remove(entityId.getCertId()); } identities.get(keyId).setCertificates(null); identities.remove(keyId); updateCaCertsOfIdentities(); removeIdentity0(entityId); } }
/** * Removes the key (private key, public key, secret key, and certificates) associated with * the given identifier {@code objectId}. * * @param keyId * Key identifier. Must not be {@code null}. * @throws P11TokenException * if PKCS#11 token exception occurs. */ public void removeIdentityByKeyId(P11ObjectIdentifier keyId) throws P11TokenException { Args.notNull(keyId, "keyId"); assertWritable("removeIdentityByKeyId"); P11IdentityId entityId = null; if (identities.containsKey(keyId)) { entityId = identities.get(keyId).getId(); if (entityId.getCertId() != null) { certificates.remove(entityId.getCertId()); } identities.get(keyId).setCertificates(null); identities.remove(keyId); updateCaCertsOfIdentities(); removeIdentity0(entityId); } }
/** * Generates an EC keypair. * * @param curveNameOrOid * Object identifier or name of the EC curve. Must not be {@code null}. * @param control * Control of the key generation process. Must not be {@code null}. * @return the identifier of the identity within the PKCS#P11 token. * @throws P11TokenException * if PKCS#11 token exception occurs. */ // CHECKSTYLE:SKIP public P11IdentityId generateECKeypair(String curveNameOrOid, P11NewKeyControl control) throws P11TokenException { Args.notBlank(curveNameOrOid, "curveNameOrOid"); assertCanGenKeypair("generateECKeypair", PKCS11Constants.CKM_EC_KEY_PAIR_GEN, control); ASN1ObjectIdentifier curveId = AlgorithmUtil.getCurveOidForCurveNameOrOid(curveNameOrOid); if (curveId == null) { throw new IllegalArgumentException("unknown curve " + curveNameOrOid); } P11Identity identity = generateECKeypair0(curveId, control); addIdentity(identity); P11IdentityId id = identity.getId(); LOG.info("generated EC keypair {}", id); return id; }
/** * Generates an EC keypair. * * @param curveNameOrOid * Object identifier or name of the EC curve. Must not be {@code null}. * @param control * Control of the key generation process. Must not be {@code null}. * @return the identifier of the identity within the PKCS#P11 token. * @throws P11TokenException * if PKCS#11 token exception occurs. */ // CHECKSTYLE:SKIP public P11IdentityId generateECKeypair(String curveNameOrOid, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonBlank("curveNameOrOid", curveNameOrOid); assertCanGenKeypair("generateECKeypair", PKCS11Constants.CKM_EC_KEY_PAIR_GEN, control); ASN1ObjectIdentifier curveId = AlgorithmUtil.getCurveOidForCurveNameOrOid(curveNameOrOid); if (curveId == null) { throw new IllegalArgumentException("unknown curve " + curveNameOrOid); } P11Identity identity = generateECKeypair0(curveId, control); addIdentity(identity); P11IdentityId id = identity.getId(); LOG.info("generated EC keypair {}", id); return id; }
/** * Generates a DSA keypair. * * @param plength * bit length of P * @param qlength * bit length of Q * @param control * Control of the key generation process. Must not be {@code null}. * @return the identifier of the identity within the PKCS#P11 token. * @throws P11TokenException * if PKCS#11 token exception occurs. */ // CHECKSTYLE:SKIP public P11IdentityId generateDSAKeypair(int plength, int qlength, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireMin("plength", plength, 1024); if (plength % 1024 != 0) { throw new IllegalArgumentException("key size is not multiple of 1024: " + plength); } assertCanGenKeypair("generateDSAKeypair", PKCS11Constants.CKM_DSA_KEY_PAIR_GEN, control); DSAParameterSpec dsaParams = DSAParameterCache.getDSAParameterSpec(plength, qlength, random); P11Identity identity = generateDSAKeypair0(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG(), control); addIdentity(identity); P11IdentityId id = identity.getId(); LOG.info("generated DSA keypair {}", id); return id; }
/** * Generates a secret key in the PKCS#11 token. * * @param keyType * Key type * @param keysize * Key size in bit * @param control * Control of the key generation process. Must not be {@code null}. * @return the identifier of the identity within the PKCS#11 token. * @throws P11TokenException * if PKCS#11 token exception occurs. */ public P11IdentityId generateSecretKey(long keyType, int keysize, P11NewKeyControl control) throws P11TokenException { assertWritable("generateSecretKey"); ParamUtil.requireNonNull("control", control); assertNoIdentityAndCert(control.getId(), control.getLabel()); P11Identity identity = generateSecretKey0(keyType, keysize, control); addIdentity(identity); P11IdentityId id = identity.getId(); LOG.info("generated secret key {}", id); return id; }
/** * Generates a secret key in the PKCS#11 token. * * @param keyType * Key type * @param keysize * Key size in bit * @param control * Control of the key generation process. Must not be {@code null}. * @return the identifier of the identity within the PKCS#11 token. * @throws P11TokenException * if PKCS#11 token exception occurs. */ public P11IdentityId generateSecretKey(long keyType, int keysize, P11NewKeyControl control) throws P11TokenException { assertWritable("generateSecretKey"); Args.notNull(control, "control"); assertNoIdentityAndCert(control.getId(), control.getLabel()); P11Identity identity = generateSecretKey0(keyType, keysize, control); addIdentity(identity); P11IdentityId id = identity.getId(); LOG.info("generated secret key {}", id); return id; }
/** * Imports secret key object in the PKCS#11 token. The key itself will not be generated * within the PKCS#11 token. * * @param keyType * Key type * @param keyValue * Key value. Must not be {@code null}. * @param control * Control of the key generation process. Must not be {@code null}. * @return the identifier of the key within the PKCS#11 token. * @throws P11TokenException * if PKCS#11 token exception occurs. */ public P11ObjectIdentifier importSecretKey(long keyType, byte[] keyValue, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonNull("control", control); assertWritable("createSecretKey"); assertNoIdentityAndCert(control.getId(), control.getLabel()); P11Identity identity = importSecretKey0(keyType, keyValue, control); addIdentity(identity); P11ObjectIdentifier objId = identity.getId().getKeyId(); LOG.info("created secret key {}", objId); return objId; }
/** * Imports secret key object in the PKCS#11 token. The key itself will not be generated * within the PKCS#11 token. * * @param keyType * Key type * @param keyValue * Key value. Must not be {@code null}. * @param control * Control of the key generation process. Must not be {@code null}. * @return the identifier of the key within the PKCS#11 token. * @throws P11TokenException * if PKCS#11 token exception occurs. */ public P11ObjectIdentifier importSecretKey(long keyType, byte[] keyValue, P11NewKeyControl control) throws P11TokenException { Args.notNull(control, "control"); assertWritable("createSecretKey"); assertNoIdentityAndCert(control.getId(), control.getLabel()); P11Identity identity = importSecretKey0(keyType, keyValue, control); addIdentity(identity); P11ObjectIdentifier objId = identity.getId().getKeyId(); LOG.info("created secret key {}", objId); return objId; }
private void engineLoad(String moduleName) throws P11TokenException, XiSecurityException { P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.getModule(); List<P11SlotIdentifier> slotIds = module.getSlotIds(); for (P11SlotIdentifier slotId: slotIds) { P11Slot slot = module.getSlot(slotId); Set<P11ObjectIdentifier> identityIds = slot.getIdentityKeyIds(); for (P11ObjectIdentifier objId : identityIds) { P11Identity identity = slot.getIdentity(objId); X509Certificate[] chain = identity.certificateChain(); if (chain == null || chain.length == 0) { continue; } P11PrivateKey key = new P11PrivateKey(p11Service, identity.getId()); KeyCertEntry keyCertEntry = new KeyCertEntry(key, chain); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keylabel-" + objId.getLabel(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keylabel-" + objId.getLabel(), keyCertEntry); } } } // method engineLoad