/** * Returns the PKCS#11 label for certificate of the given {@code id}. * @param id * Identifier. Must not be {@code null}. * @return the label. */ public String getCertLabelForId(byte[] id) { for (P11ObjectIdentifier objId : certificates.keySet()) { if (objId.matchesId(id)) { return objId.getLabel(); } } return null; }
/** * Returns the PKCS#11 label for certificate of the given {@code id}. * @param id * Identifier. Must not be {@code null}. * @return the label. */ public String getCertLabelForId(byte[] id) { for (P11ObjectIdentifier objId : certificates.keySet()) { if (objId.matchesId(id)) { return objId.getLabel(); } } return null; }
P11ObjectIdentifier certId = identityId.getCertId(); if (label.equals(objectId.getLabel()) || (pubKeyId != null && label.equals(pubKeyId.getLabel()) || (certId != null && label.equals(certId.getLabel())))) { duplicated = true; break; if (objectId.getLabel().equals(label)) { duplicated = true; break;
public P11IdentityId getIdentityId(byte[] keyId, String keyLabel) { if (keyId == null && keyLabel == null) { return null; } for (P11ObjectIdentifier objectId : identities.keySet()) { boolean match = true; if (keyId != null) { match = objectId.matchesId(keyId); } if (keyLabel != null) { match = keyLabel.equals(objectId.getLabel()); } if (match) { return identities.get(objectId).getId(); } } return null; }
public void setCertLabel(String certLabel) { if (certLabel != null) { this.certId = certLabel.equals(keyId.getLabel()) ? keyId : new P11ObjectIdentifier(keyId.getId(), certLabel); } else { this.certId = null; } }
public boolean match(P11SlotIdentifier slotId, String keyLabel) { ParamUtil.requireNonNull("objectLabel", keyLabel); return this.slotId.equals(slotId) && keyLabel.equals(this.keyId.getLabel()); }
public boolean match(P11SlotIdentifier slotId, String keyLabel) { Args.notNull(keyLabel, "objectLabel"); return this.slotId.equals(slotId) && keyLabel.equals(this.keyId.getLabel()); }
public P11IdentityId getIdentityId(byte[] keyId, String keyLabel) { if (keyId == null && keyLabel == null) { return null; } for (P11ObjectIdentifier objectId : identities.keySet()) { boolean match = true; if (keyId != null) { match = objectId.matchesId(keyId); } if (keyLabel != null) { match = keyLabel.equals(objectId.getLabel()); } if (match) { return identities.get(objectId).getId(); } } return null; }
protected void assertNoIdentityAndCert(byte[] id, String label) throws P11DuplicateEntityException { if (id == null && label == null) { return; } Set<P11ObjectIdentifier> objectIds = new HashSet<>(identities.keySet()); objectIds.addAll(certificates.keySet()); for (P11ObjectIdentifier objectId : objectIds) { boolean matchId = (id == null) ? false : objectId.matchesId(id); boolean matchLabel = (label == null) ? false : label.equals(objectId.getLabel()); if (matchId || matchLabel) { StringBuilder sb = new StringBuilder("Identity or Certificate with "); if (matchId) { sb.append("id=0x").append(Hex.encodeUpper(id)); if (matchLabel) { sb.append(" and "); } } if (matchLabel) { sb.append("label=").append(label); } sb.append(" already exists"); throw new P11DuplicateEntityException(sb.toString()); } } }
protected void assertNoIdentityAndCert(byte[] id, String label) throws P11DuplicateEntityException { if (id == null && label == null) { return; } Set<P11ObjectIdentifier> objectIds = new HashSet<>(identities.keySet()); objectIds.addAll(certificates.keySet()); for (P11ObjectIdentifier objectId : objectIds) { boolean matchId = (id == null) ? false : objectId.matchesId(id); boolean matchLabel = (label == null) ? false : label.equals(objectId.getLabel()); if (matchId || matchLabel) { StringBuilder sb = new StringBuilder("Identity or Certificate with "); if (matchId) { sb.append("id=0x").append(Hex.encodeUpper(id)); if (matchLabel) { sb.append(" and "); } } if (matchLabel) { sb.append("label=").append(label); } sb.append(" already exists"); throw new P11DuplicateEntityException(sb.toString()); } } }
@Override protected void updateCertificate0(P11ObjectIdentifier keyId, X509Certificate newCert) throws P11TokenException, CertificateException { removePkcs11Cert(keyId); savePkcs11Cert(keyId.getId(), keyId.getLabel(), newCert); }
/** * TODO. * @param slotId * Slot identifier. Must not be {@code null}. * @param keyId * Object identifier. Must not be {@code null}. * @param publicKeyLabel * Label of the public key * @param certLabel * Label of the certificate */ public P11IdentityId(P11SlotIdentifier slotId, P11ObjectIdentifier keyId, String publicKeyLabel, String certLabel) { this.slotId = ParamUtil.requireNonNull("slotId", slotId); this.keyId = ParamUtil.requireNonNull("keyId", keyId); if (publicKeyLabel != null) { this.publicKeyId = publicKeyLabel.equals(keyId.getLabel()) ? keyId : new P11ObjectIdentifier(keyId.getId(), publicKeyLabel); } else { this.publicKeyId = null; } if (certLabel != null) { this.certId = certLabel.equals(keyId.getLabel()) ? keyId : new P11ObjectIdentifier(keyId.getId(), certLabel); } else { this.certId = null; } }
/** * TODO. * @param slotId * Slot identifier. Must not be {@code null}. * @param keyId * Object identifier. Must not be {@code null}. * @param publicKeyLabel * Label of the public key * @param certLabel * Label of the certificate */ public P11IdentityId(P11SlotIdentifier slotId, P11ObjectIdentifier keyId, String publicKeyLabel, String certLabel) { this.slotId = Args.notNull(slotId, "slotId"); this.keyId = Args.notNull(keyId, "keyId"); if (publicKeyLabel != null) { this.publicKeyId = publicKeyLabel.equals(keyId.getLabel()) ? keyId : new P11ObjectIdentifier(keyId.getId(), publicKeyLabel); } else { this.publicKeyId = null; } if (certLabel != null) { this.certId = certLabel.equals(keyId.getLabel()) ? keyId : new P11ObjectIdentifier(keyId.getId(), certLabel); } else { this.certId = null; } }
private void engineLoad(String moduleName) throws P11TokenException, XiSecurityException { P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.getModule(); List<P11SlotIdentifier> slotIds = module.getSlotIds(); for (P11SlotIdentifier slotId: slotIds) { P11Slot slot = module.getSlot(slotId); Set<P11ObjectIdentifier> identityIds = slot.getIdentityKeyIds(); for (P11ObjectIdentifier objId : identityIds) { P11Identity identity = slot.getIdentity(objId); X509Certificate[] chain = identity.certificateChain(); if (chain == null || chain.length == 0) { continue; } P11PrivateKey key = new P11PrivateKey(p11Service, identity.getId()); KeyCertEntry keyCertEntry = new KeyCertEntry(key, chain); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keylabel-" + objId.getLabel(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keylabel-" + objId.getLabel(), keyCertEntry); } } } // method engineLoad
@Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(new DEROctetString(value.getId())); vec.add(new DERUTF8String(value.getLabel())); return new DERSequence(vec); }
private void engineLoad(String moduleName) throws P11TokenException, XiSecurityException { P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.getModule(); List<P11SlotIdentifier> slotIds = module.getSlotIds(); for (P11SlotIdentifier slotId: slotIds) { P11Slot slot = module.getSlot(slotId); Set<P11ObjectIdentifier> identityIds = slot.getIdentityKeyIds(); for (P11ObjectIdentifier objId : identityIds) { P11Identity identity = slot.getIdentity(objId); X509Certificate[] chain = identity.certificateChain(); if (chain == null || chain.length == 0) { continue; } P11PrivateKey key = new P11PrivateKey(p11Service, identity.getId()); KeyCertEntry keyCertEntry = new KeyCertEntry(key, chain); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keylabel-" + objId.getLabel(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keylabel-" + objId.getLabel(), keyCertEntry); } } } // method engineLoad
@Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vec = new ASN1EncodableVector(); vec.add(new DEROctetString(value.getId())); vec.add(new DERUTF8String(value.getLabel())); return new DERSequence(vec); }
@Override protected void updateCertificate0(P11ObjectIdentifier keyId, X509Certificate newCert) throws P11TokenException { try { removeCerts(keyId); } catch (P11UnknownEntityException ex) { // CHECKSTYLE: certificates do not exist, do nothing } try { Thread.sleep(1000); } catch (InterruptedException ex) { // CHECKSTYLE:SKIP } P11NewObjectControl control = new P11NewObjectControl(keyId.getId(), keyId.getLabel()); ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); X509PublicKeyCertificate newCertTemp = createPkcs11Template(session, new X509Cert(newCert), control); session.createObject(newCertTemp); } catch (TokenException ex) { throw new P11TokenException("could not createObject: " + ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
@Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(new Asn1P11SlotIdentifier(value.getSlotId())); vector.add(new Asn1P11ObjectIdentifier(value.getKeyId())); if (value.getPublicKeyId() != null) { String label = value.getPublicKeyId().getLabel(); vector.add(new DERTaggedObject(true, 1, new DERUTF8String(label))); } if (value.getCertId() != null) { String label = value.getCertId().getLabel(); vector.add(new DERTaggedObject(true, 2, new DERUTF8String(label))); } return new DERSequence(vector); }
@Override public ASN1Primitive toASN1Primitive() { ASN1EncodableVector vector = new ASN1EncodableVector(); vector.add(new SlotIdentifier(value.getSlotId())); vector.add(new ObjectIdentifier(value.getKeyId())); if (value.getPublicKeyId() != null) { String label = value.getPublicKeyId().getLabel(); vector.add(new DERTaggedObject(true, 1, new DERUTF8String(label))); } if (value.getCertId() != null) { String label = value.getCertId().getLabel(); vector.add(new DERTaggedObject(true, 2, new DERUTF8String(label))); } return new DERSequence(vector); }