public void addIdentity(final P11Identity identity) { ParamUtil.requireNonNull("identity", identity); this.identities.put(identity.identityId().objectId(), identity); }
private void updateCaCertsOfIdentity(final P11Identity identity) { X509Certificate[] certchain = identity.certificateChain(); if (certchain == null || certchain.length == 0) { return; } X509Certificate[] newCertchain = buildCertPath(certchain[0]); if (!Arrays.equals(certchain, newCertchain)) { try { identity.setCertificates(newCertchain); } catch (P11TokenException ex) { LOG.warn("could not set certificates for identity {}", identity.identityId()); } } }
protected void addIdentity(final P11Identity identity) throws P11DuplicateEntityException { if (!slotId.equals(identity.identityId().slotId())) { throw new IllegalArgumentException("invalid identity"); } P11ObjectIdentifier objectId = identity.identityId().objectId(); if (hasIdentity(objectId)) { throw new P11DuplicateEntityException(slotId, objectId); } identities.put(objectId, identity); updateCaCertsOfIdentity(identity); }
@Override public P11ObjectIdentifier createSecretKey(long keyType, byte[] keyValue, String label, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonBlank("label", label); assertWritable("createSecretKey"); P11Identity identity = createSecretKey0(keyType, keyValue, label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("created secret key {}", objId); return objId; }
@Override public P11ObjectIdentifier generateSecretKey(long keyType, int keysize, String label, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonBlank("label", label); assertWritable("generateSecretKey"); P11Identity identity = generateSecretKey0(keyType, keysize, label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("generated secret key {}", objId); return objId; }
@Override public P11ObjectIdentifier generateRSAKeypair(final int keysize, final BigInteger publicExponent, final String label, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonBlank("label", label); ParamUtil.requireMin("keysize", keysize, 1024); if (keysize % 1024 != 0) { throw new IllegalArgumentException("key size is not multiple of 1024: " + keysize); } assertWritable("generateRSAKeypair"); assertMechanismSupported(PKCS11Constants.CKM_RSA_PKCS_KEY_PAIR_GEN); BigInteger tmpPublicExponent = publicExponent; if (tmpPublicExponent == null) { tmpPublicExponent = BigInteger.valueOf(65537); } P11Identity identity = generateRSAKeypair0(keysize, tmpPublicExponent, label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("generated RSA keypair {}", objId); return objId; }
@Override public P11ObjectIdentifier generateECKeypair(final String curveNameOrOid, final String label, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireNonBlank("curveNameOrOid", curveNameOrOid); ParamUtil.requireNonBlank("label", label); assertWritable("generateECKeypair"); assertMechanismSupported(PKCS11Constants.CKM_EC_KEY_PAIR_GEN); ASN1ObjectIdentifier curveId = AlgorithmUtil.getCurveOidForCurveNameOrOid(curveNameOrOid); if (curveId == null) { throw new IllegalArgumentException("unknown curve " + curveNameOrOid); } P11Identity identity = generateECKeypair0(curveId, label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("generated EC keypair {}", objId); return objId; }
@Override public P11ObjectIdentifier generateDSAKeypair(final int plength, final int qlength, final String label, P11NewKeyControl control) throws P11TokenException { ParamUtil.requireMin("plength", plength, 1024); if (plength % 1024 != 0) { throw new IllegalArgumentException("key size is not multiple of 1024: " + plength); } assertWritable("generateDSAKeypair"); assertMechanismSupported(PKCS11Constants.CKM_DSA_KEY_PAIR_GEN); DSAParameterSpec dsaParams = DSAParameterCache.getDSAParameterSpec(plength, qlength, random); P11Identity identity = generateDSAKeypair0(dsaParams.getP(), dsaParams.getQ(), dsaParams.getG(), label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("generated DSA keypair {}", objId); return objId; }
@Override // CHECKSTYLE:OFF public P11ObjectIdentifier generateDSAKeypair(final BigInteger p, final BigInteger q, final BigInteger g, final String label, P11NewKeyControl control) throws P11TokenException { // CHECKSTYLE:ON ParamUtil.requireNonBlank("label", label); ParamUtil.requireNonNull("p", p); ParamUtil.requireNonNull("q", q); ParamUtil.requireNonNull("g", g); assertWritable("generateDSAKeypair"); assertMechanismSupported(PKCS11Constants.CKM_DSA_KEY_PAIR_GEN); P11Identity identity = generateDSAKeypair0(p, q, g, label, control); addIdentity(identity); P11ObjectIdentifier objId = identity.identityId().objectId(); LOG.info("generated DSA keypair {}", objId); return objId; }
private void engineLoad(final String moduleName) throws P11TokenException, XiSecurityException { P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.module(); List<P11SlotIdentifier> slotIds = module.slotIdentifiers(); for (P11SlotIdentifier slotId: slotIds) { P11Slot slot = module.getSlot(slotId); Set<P11ObjectIdentifier> identityIds = slot.identityIdentifiers(); for (P11ObjectIdentifier objId : identityIds) { P11Identity identity = slot.getIdentity(objId); X509Certificate[] chain = identity.certificateChain(); if (chain == null || chain.length == 0) { continue; } P11PrivateKey key = new P11PrivateKey(p11Service, identity.identityId()); KeyCertEntry keyCertEntry = new KeyCertEntry(key, chain); keyCerts.put(moduleName + "#slotid-" + slotId.id() + "#keyid-" + objId.idHex(), keyCertEntry); keyCerts.put(moduleName + "#slotid-" + slotId.id() + "#keylabel-" + objId.label(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.index() + "#keyid-" + objId.idHex(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.index() + "#keylabel-" + objId.label(), keyCertEntry); } } } // method engineLoad