public void setCertLabel(String certLabel) { if (certLabel != null) { this.certId = certLabel.equals(keyId.getLabel()) ? keyId : new P11ObjectIdentifier(keyId.getId(), certLabel); } else { this.certId = null; } }
@Override public int compareTo(P11IdentityId obj) { int ct = slotId.compareTo(obj.slotId); if (ct != 0) { return ct; } return keyId.compareTo(obj.keyId); }
@Override public boolean equals(final Object obj) { if (!(obj instanceof P11EntityIdentifier)) { return false; } P11EntityIdentifier ei = (P11EntityIdentifier) obj; return this.slotId.equals(ei.slotId) && this.objectId.equals(ei.objectId); }
/** * Returns the PKCS#11 label for certificate of the given {@code id}. * @param id * Identifier. Must not be {@code null}. * @return the label. */ public String getCertLabelForId(byte[] id) { for (P11ObjectIdentifier objId : certificates.keySet()) { if (objId.matchesId(id)) { return objId.getLabel(); } } return null; }
private P11Identity saveP11Entity(final SecretKey key, final String label) throws P11TokenException { byte[] id = generateId(); savePkcs11SecretKey(id, label, key); P11EntityIdentifier identityId = new P11EntityIdentifier(slotId, new P11ObjectIdentifier(id, label)); try { return new EmulatorP11Identity(this,identityId, key, maxSessions, random); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException ex) { throw new P11TokenException( "could not construct KeyStoreP11Identity: " + ex.getMessage(), ex); } }
P11Identity identity = identities.get(keyId); String label = keyId.getLabel(); sb.append("\t").append(i + 1).append(". ").append(label); sb.append(" (").append("id: ").append(keyId.getIdHex()); P11IdentityId identityId = identity.getId(); P11ObjectIdentifier certId = identityId.getCertId(); if (certId != null && !certId.equals(keyId)) { sb.append(", certificate label: ").append(identityId.getCertId().getLabel()); if (pubKeyId != null && !pubKeyId.equals(keyId)) { sb.append(", publicKey label: ").append(pubKeyId.getLabel()); for (int i = 0; i < size; i++) { P11ObjectIdentifier objectId = sortedKeyIds.get(i); sb.append("\tCert-").append(i + 1).append(". ").append(objectId.getLabel()); sb.append(" (").append("id: ").append(objectId.getIdHex()) .append(", label: ").append(objectId.getLabel()).append(")\n"); formatString(null, verbose, sb, certificates.get(objectId).getCert());
protected boolean existsIdentityForId(byte[] id) { for (P11ObjectIdentifier objectId : identities.keySet()) { if (objectId.matchesId(id)) { return true; } } return false; }
P11ObjectIdentifier certId = identityId.getCertId(); if (label.equals(objectId.getLabel()) || (pubKeyId != null && label.equals(pubKeyId.getLabel()) || (certId != null && label.equals(certId.getLabel())))) { duplicated = true; break; if (objectId.getLabel().equals(label)) { duplicated = true; break;
private void engineLoad(String moduleName) throws P11TokenException, XiSecurityException { P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.getModule(); List<P11SlotIdentifier> slotIds = module.getSlotIds(); for (P11SlotIdentifier slotId: slotIds) { P11Slot slot = module.getSlot(slotId); Set<P11ObjectIdentifier> identityIds = slot.getIdentityKeyIds(); for (P11ObjectIdentifier objId : identityIds) { P11Identity identity = slot.getIdentity(objId); X509Certificate[] chain = identity.certificateChain(); if (chain == null || chain.length == 0) { continue; } P11PrivateKey key = new P11PrivateKey(p11Service, identity.getId()); KeyCertEntry keyCertEntry = new KeyCertEntry(key, chain); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotid-" + slotId.getId() + "#keylabel-" + objId.getLabel(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keyid-" + objId.getIdHex(), keyCertEntry); keyCerts.put(moduleName + "#slotindex-" + slotId.getIndex() + "#keylabel-" + objId.getLabel(), keyCertEntry); } } } // method engineLoad
@Override protected void removeCerts0(P11ObjectIdentifier objectId) throws P11TokenException { if (vendor == Vendor.YUBIKEY) { throw new P11TokenException("Unsupported operation removeCerts() in yubikey token"); } ConcurrentBagEntry<Session> bagEntry = borrowSession(); try { Session session = bagEntry.value(); X509PublicKeyCertificate[] existingCerts = getCertificateObjects(session, objectId.getId(), objectId.getLabelChars()); if (existingCerts == null || existingCerts.length == 0) { LOG.warn("could not find certificates " + objectId); return; } for (X509PublicKeyCertificate cert : existingCerts) { session.destroyObject(cert); } } catch (TokenException ex) { throw new P11TokenException(ex.getMessage(), ex); } finally { sessions.requite(bagEntry); } }
@Override protected void removeCerts0(P11ObjectIdentifier objectId) throws P11TokenException { deletePkcs11Entry(certDir, objectId.getId()); }
private P11Identity saveP11Entity(final KeyPair keypair, final String label) throws P11TokenException { byte[] id = generateId(); savePkcs11PrivateKey(id, label, keypair.getPrivate()); savePkcs11PublicKey(id, label, keypair.getPublic()); P11EntityIdentifier identityId = new P11EntityIdentifier(slotId, new P11ObjectIdentifier(id, label)); try { return new EmulatorP11Identity(this,identityId, keypair.getPrivate(), keypair.getPublic(), null, maxSessions, random); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException ex) { throw new P11TokenException( "could not construct KeyStoreP11Identity: " + ex.getMessage(), ex); } }
/** * Returns the PKCS#11 label for certificate of the given {@code id}. * @param id * Identifier. Must not be {@code null}. * @return the label. */ public String getCertLabelForId(byte[] id) { for (P11ObjectIdentifier objId : certificates.keySet()) { if (objId.matchesId(id)) { return objId.getLabel(); } } return null; }
P11Identity identity = identities.get(keyId); String label = keyId.getLabel(); sb.append("\t").append(i + 1).append(". ").append(label); sb.append(" (").append("id: ").append(keyId.getIdHex()); P11IdentityId identityId = identity.getId(); P11ObjectIdentifier certId = identityId.getCertId(); if (certId != null && !certId.equals(keyId)) { sb.append(", certificate label: ").append(identityId.getCertId().getLabel()); if (pubKeyId != null && !pubKeyId.equals(keyId)) { sb.append(", publicKey label: ").append(pubKeyId.getLabel()); for (int i = 0; i < size; i++) { P11ObjectIdentifier objectId = sortedKeyIds.get(i); sb.append("\tCert-").append(i + 1).append(". ").append(objectId.getLabel()); sb.append(" (").append("id: ").append(objectId.getIdHex()) .append(", label: ").append(objectId.getLabel()).append(")\n"); formatString(null, verbose, sb, certificates.get(objectId).getCert());
protected boolean existsCertForId(byte[] id) { for (P11ObjectIdentifier objectId : certificates.keySet()) { if (objectId.matchesId(id)) { return true; } } return false; }
P11ObjectIdentifier certId = identityId.getCertId(); if (label.equals(objectId.getLabel()) || (pubKeyId != null && label.equals(pubKeyId.getLabel()) || (certId != null && label.equals(certId.getLabel())))) { duplicated = true; break; if (objectId.getLabel().equals(label)) { duplicated = true; break;