org.xipki.security.pkcs11

Class P11Slot

java.lang.Object

org.xipki.security.pkcs11.P11Slot

All Implemented Interfaces:

Closeable, AutoCloseable

public abstract class P11Slot
extends Object
implements Closeable

PKCS#11 slot.

Since:

2.0.0

Author:

Lijun Liao

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	P11Slot.P11KeyUsage
static class	P11Slot.P11NewKeyControl
static class	P11Slot.P11NewObjectControl

Field Summary

Fields

Modifier and Type	Field and Description
protected List<Long>	keyPairTypes
protected String	moduleName
protected P11ModuleConf.P11NewObjectConf	newObjectConf
protected List<Long>	secretKeyTypes
protected P11SlotId	slotId

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	P11Slot(String moduleName, P11SlotId slotId, boolean readOnly, List<Long> secretKeyTypes, List<Long> keyPairTypes, P11ModuleConf.P11NewObjectConf newObjectConf)

Method Summary

Modifier and Type	Method and Description
void	assertMechanismSupported(long mechanism)
protected void	assertNoObjects(byte[] id, String label)
protected void	assertWritable(String operationName)
abstract void	close()
protected static byte[]	decodeHex(String hex) Returns the hex representation of the bytes.
abstract int	destroyAllObjects() !!!DANGEROUS OPERATION!!! Destroys all objects.
abstract long[]	destroyObjectsByHandle(long... handles) Destroys objects.
int	destroyObjectsById(byte[] id) Remove objects.
abstract int	destroyObjectsByIdLabel(byte[] id, String label) Remove objects.
int	destroyObjectsByLabel(String label) Remove objects.
protected abstract P11IdentityId	doGenerateDSAKeypair(BigInteger p, BigInteger q, BigInteger g, P11Slot.P11NewKeyControl control) Generates a DSA keypair on-the-fly.
protected abstract P11IdentityId	doGenerateECEdwardsKeypair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId, P11Slot.P11NewKeyControl control) Generates an EC Edwards keypair.
protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo	doGenerateECEdwardsKeypairOtf(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId) Generates an EC Edwards keypair on-the-fly.
protected abstract P11IdentityId	doGenerateECKeypair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId, P11Slot.P11NewKeyControl control) Generates an EC keypair.
protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo	doGenerateECKeypairOtf(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId) Generates an EC keypair over-the-air.
protected abstract P11IdentityId	doGenerateECMontgomeryKeypair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId, P11Slot.P11NewKeyControl control) Generates an EC Montgomery keypair.
protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo	doGenerateECMontgomeryKeypairOtf(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId) Generates an EC Montgomery keypair on-the-fly.
protected abstract P11IdentityId	doGenerateRSAKeypair(int keysize, BigInteger publicExponent, P11Slot.P11NewKeyControl control) Generates an RSA keypair.
protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo	doGenerateRSAKeypairOtf(int keysize, BigInteger publicExponent)
protected abstract P11IdentityId	doGenerateSecretKey(long keyType, Integer keysize, P11Slot.P11NewKeyControl control) Generates a secret key in the PKCS#11 token.
protected abstract P11IdentityId	doGenerateSM2Keypair(P11Slot.P11NewKeyControl control) Generates an SM2p256v1 keypair.
protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo	doGenerateSM2KeypairOtf() Generates an SM2p256v1 keypair on-the-fly.
protected abstract P11IdentityId	doImportSecretKey(long keyType, byte[] keyValue, P11Slot.P11NewKeyControl control) Imports secret key object in the PKCS#11 token.
protected static String	formatNumber(int value, int numChars)
P11IdentityId	generateDSAKeypair(BigInteger p, BigInteger q, BigInteger g, P11Slot.P11NewKeyControl control) Generates a DSA keypair.
P11IdentityId	generateDSAKeypair(int plength, int qlength, P11Slot.P11NewKeyControl control) Generates a DSA keypair.
org.bouncycastle.asn1.pkcs.PrivateKeyInfo	generateDSAKeypairOtf(BigInteger p, BigInteger q, BigInteger g) Generates a DSA keypair on-the-fly.
protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo	generateDSAKeypairOtf0(BigInteger p, BigInteger q, BigInteger g)
P11IdentityId	generateECKeypair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOid, P11Slot.P11NewKeyControl control) Generates an EC keypair.
org.bouncycastle.asn1.pkcs.PrivateKeyInfo	generateECKeypairOtf(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOid) Generates an EC keypair on-the-fly.
P11IdentityId	generateRSAKeypair(int keysize, BigInteger publicExponent, P11Slot.P11NewKeyControl control) Generates an RSA keypair.
org.bouncycastle.asn1.pkcs.PrivateKeyInfo	generateRSAKeypairOtf(int keysize, BigInteger publicExponent) Generates an RSA keypair on the fly.
P11IdentityId	generateSecretKey(long keyType, Integer keysize, P11Slot.P11NewKeyControl control) Generates a secret key in the PKCS#11 token.
P11IdentityId	generateSM2Keypair(P11Slot.P11NewKeyControl control) Generates an SM2 keypair.
org.bouncycastle.asn1.pkcs.PrivateKeyInfo	generateSM2KeypairOtf() Generates an SM2 keypair on the fly.
protected static String	getDescription(byte[] keyId, String keyLabel)
P11Identity	getIdentity(byte[] keyId, String keyLabel)
abstract P11Identity	getIdentity(P11IdentityId identityId)
abstract P11IdentityId	getIdentityId(byte[] keyId, String keyLabel)
Set<Long>	getMechanisms()
String	getModuleName()
protected abstract PublicKey	getPublicKey(P11Identity identity)
P11SlotId	getSlotId()
protected static String	hex(byte[] bytes) Returns the hex representation of the bytes.
P11IdentityId	importSecretKey(long keyType, byte[] keyValue, P11Slot.P11NewKeyControl control) Imports secret key object in the PKCS#11 token.
protected void	initMechanisms(long[] supportedMechanisms, P11ModuleConf.P11MechanismFilter mechanismFilter)
boolean	isReadOnly()
abstract boolean	objectExistsByIdLabel(byte[] id, String label)
protected void	printSupportedMechanism(OutputStream stream)
abstract void	showDetails(OutputStream stream, boolean verbose) Writes the token details to the given stream.
boolean	supportsMechanism(long mechanism)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

moduleName

protected final String moduleName

slotId

protected final P11SlotId slotId

secretKeyTypes

protected final List<Long> secretKeyTypes

keyPairTypes

protected final List<Long> keyPairTypes

newObjectConf

protected final P11ModuleConf.P11NewObjectConf newObjectConf

Constructor Detail

P11Slot

protected P11Slot(String moduleName,
                  P11SlotId slotId,
                  boolean readOnly,
                  List<Long> secretKeyTypes,
                  List<Long> keyPairTypes,
                  P11ModuleConf.P11NewObjectConf newObjectConf)
           throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

Method Detail

hex

protected static String hex(byte[] bytes)

Returns the hex representation of the bytes.

Parameters:

bytes - Data to be encoded. Must not be null.

Returns:

the hex representation of the bytes.

decodeHex

protected static byte[] decodeHex(String hex)

Returns the hex representation of the bytes.

Parameters:

hex - Data to be decoded. Must not be null.

Returns:

the hex representation of the bytes.

getDescription

protected static String getDescription(byte[] keyId,
                                       String keyLabel)

getIdentityId

public abstract P11IdentityId getIdentityId(byte[] keyId,
                                            String keyLabel)
                                     throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

getIdentity

public abstract P11Identity getIdentity(P11IdentityId identityId)
                                 throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

getIdentity

public P11Identity getIdentity(byte[] keyId,
                               String keyLabel)
                        throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

getPublicKey

protected abstract PublicKey getPublicKey(P11Identity identity)
                                   throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

destroyObjectsByHandle

public abstract long[] destroyObjectsByHandle(long... handles)

Destroys objects.

Parameters:

handles - handles of objects to be destroyed.

Returns:

handles of objects which could not been destroyed.

destroyAllObjects

public abstract int destroyAllObjects()

!!!DANGEROUS OPERATION!!! Destroys all objects.

Returns:

number of destroyed objects.

destroyObjectsByIdLabel

public abstract int destroyObjectsByIdLabel(byte[] id,
                                            String label)
                                     throws org.xipki.pkcs11.wrapper.TokenException

Remove objects.

Parameters:

id - ID of the objects to be deleted. At least one of id and label may not be null.

label - Label of the objects to be deleted

Returns:

how many objects have been deleted

Throws:

org.xipki.pkcs11.wrapper.TokenException - If PKCS#11 error happens.

objectExistsByIdLabel

public abstract boolean objectExistsByIdLabel(byte[] id,
                                              String label)
                                       throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

doGenerateSecretKey

protected abstract P11IdentityId doGenerateSecretKey(long keyType,
                                                     Integer keysize,
                                                     P11Slot.P11NewKeyControl control)
                                              throws org.xipki.pkcs11.wrapper.TokenException

Generates a secret key in the PKCS#11 token.

Parameters:

keyType - key type

keysize - key size

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the key within the PKCS#11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doImportSecretKey

protected abstract P11IdentityId doImportSecretKey(long keyType,
                                                   byte[] keyValue,
                                                   P11Slot.P11NewKeyControl control)
                                            throws org.xipki.pkcs11.wrapper.TokenException

Imports secret key object in the PKCS#11 token. The key itself will not be generated within the PKCS#11 token.

Parameters:

keyType - key type.

keyValue - Key value. Must not be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the key within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateDSAKeypair

protected abstract P11IdentityId doGenerateDSAKeypair(BigInteger p,
                                                      BigInteger q,
                                                      BigInteger g,
                                                      P11Slot.P11NewKeyControl control)
                                               throws org.xipki.pkcs11.wrapper.TokenException

Generates a DSA keypair on-the-fly.

Parameters:

p - p of DSA. Must not be null.

q - q of DSA. Must not be null.

g - g of DSA. Must not be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the key within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateECEdwardsKeypair

protected abstract P11IdentityId doGenerateECEdwardsKeypair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId,
                                                            P11Slot.P11NewKeyControl control)
                                                     throws org.xipki.pkcs11.wrapper.TokenException

Generates an EC Edwards keypair.

Parameters:

curveId - Object Identifier of the curve. Must not be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the key within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateECEdwardsKeypairOtf

protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateECEdwardsKeypairOtf(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId)
                                                                                    throws org.xipki.pkcs11.wrapper.TokenException

Generates an EC Edwards keypair on-the-fly.

Parameters:

curveId - Object Identifier of the curve. Must not be null.

Returns:

the ASN.1 keypair.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateECMontgomeryKeypair

protected abstract P11IdentityId doGenerateECMontgomeryKeypair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId,
                                                               P11Slot.P11NewKeyControl control)
                                                        throws org.xipki.pkcs11.wrapper.TokenException

Generates an EC Montgomery keypair.

Parameters:

curveId - Object Identifier of the curve. Must not be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the key within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateECMontgomeryKeypairOtf

protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateECMontgomeryKeypairOtf(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId)
                                                                                       throws org.xipki.pkcs11.wrapper.TokenException

Generates an EC Montgomery keypair on-the-fly.

Parameters:

curveId - Object Identifier of the curve. Must not be null.

Returns:

the ASN.1 keypair.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateECKeypair

protected abstract P11IdentityId doGenerateECKeypair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId,
                                                     P11Slot.P11NewKeyControl control)
                                              throws org.xipki.pkcs11.wrapper.TokenException

Generates an EC keypair.

Parameters:

curveId - Object identifier of the EC curve. Must not be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the key within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateECKeypairOtf

protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateECKeypairOtf(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId)
                                                                             throws org.xipki.pkcs11.wrapper.TokenException

Generates an EC keypair over-the-air.

Parameters:

curveId - Object identifier of the EC curve. Must not be null.

Returns:

the ASN.1 encoded keypair.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateSM2Keypair

protected abstract P11IdentityId doGenerateSM2Keypair(P11Slot.P11NewKeyControl control)
                                               throws org.xipki.pkcs11.wrapper.TokenException

Generates an SM2p256v1 keypair.

Parameters:

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the key within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateSM2KeypairOtf

protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateSM2KeypairOtf()
                                                                              throws org.xipki.pkcs11.wrapper.TokenException

Generates an SM2p256v1 keypair on-the-fly.

Returns:

the ASN.1 encoded keypair.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateRSAKeypair

protected abstract P11IdentityId doGenerateRSAKeypair(int keysize,
                                                      BigInteger publicExponent,
                                                      P11Slot.P11NewKeyControl control)
                                               throws org.xipki.pkcs11.wrapper.TokenException

Generates an RSA keypair.

Parameters:

keysize - key size in bit

publicExponent - RSA public exponent. Could be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the key within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

showDetails

public abstract void showDetails(OutputStream stream,
                                 boolean verbose)
                          throws IOException

Writes the token details to the given stream.

Parameters:

stream - Output stream. Must not be null.

verbose - Whether to show the details verbosely.

Throws:

IOException - if IO error occurs.

close

public abstract void close()

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

initMechanisms

protected void initMechanisms(long[] supportedMechanisms,
                              P11ModuleConf.P11MechanismFilter mechanismFilter)

getMechanisms

public Set<Long> getMechanisms()

supportsMechanism

public boolean supportsMechanism(long mechanism)

assertMechanismSupported

public void assertMechanismSupported(long mechanism)
                              throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

getModuleName

public String getModuleName()

getSlotId

public P11SlotId getSlotId()

isReadOnly

public boolean isReadOnly()

assertNoObjects

protected void assertNoObjects(byte[] id,
                               String label)
                        throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

destroyObjectsById

public int destroyObjectsById(byte[] id)
                       throws org.xipki.pkcs11.wrapper.TokenException

Remove objects.

Parameters:

id - ID of the objects to be deleted.

Returns:

how many objects have been deleted

Throws:

org.xipki.pkcs11.wrapper.TokenException - If PKCS#11 error happens.

destroyObjectsByLabel

public int destroyObjectsByLabel(String label)
                          throws org.xipki.pkcs11.wrapper.TokenException

Remove objects.

Parameters:

label - Label of the objects to be deleted

Returns:

how many objects have been deleted

Throws:

org.xipki.pkcs11.wrapper.TokenException - If PKCS#11 error happens.

generateSecretKey

public P11IdentityId generateSecretKey(long keyType,
                                       Integer keysize,
                                       P11Slot.P11NewKeyControl control)
                                throws org.xipki.pkcs11.wrapper.TokenException

Generates a secret key in the PKCS#11 token.

Parameters:

keyType - Key type

keysize - Key size in bit

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the identity within the PKCS#11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

importSecretKey

public P11IdentityId importSecretKey(long keyType,
                                     byte[] keyValue,
                                     P11Slot.P11NewKeyControl control)
                              throws org.xipki.pkcs11.wrapper.TokenException

Imports secret key object in the PKCS#11 token. The key itself will not be generated within the PKCS#11 token.

Parameters:

keyType - Key type

keyValue - Key value. Must not be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the key within the PKCS#11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

generateRSAKeypairOtf

public org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateRSAKeypairOtf(int keysize,
                                                                       BigInteger publicExponent)
                                                                throws org.xipki.pkcs11.wrapper.TokenException

Generates an RSA keypair on the fly.

Parameters:

keysize - key size in bit

publicExponent - RSA public exponent. Could be null.

Returns:

the ASN.1 keypair.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

doGenerateRSAKeypairOtf

protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateRSAKeypairOtf(int keysize,
                                                                                     BigInteger publicExponent)
                                                                              throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

generateRSAKeypair

public P11IdentityId generateRSAKeypair(int keysize,
                                        BigInteger publicExponent,
                                        P11Slot.P11NewKeyControl control)
                                 throws org.xipki.pkcs11.wrapper.TokenException

Generates an RSA keypair.

Parameters:

keysize - key size in bit

publicExponent - RSA public exponent. Could be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the identity within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

generateDSAKeypairOtf

public org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateDSAKeypairOtf(BigInteger p,
                                                                       BigInteger q,
                                                                       BigInteger g)
                                                                throws org.xipki.pkcs11.wrapper.TokenException

Generates a DSA keypair on-the-fly.

Parameters:

p - p of DSA. Must not be null.

q - q of DSA. Must not be null.

g - g of DSA. Must not be null.

Returns:

the ASN.1 keypair.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

generateDSAKeypairOtf0

protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateDSAKeypairOtf0(BigInteger p,
                                                                                    BigInteger q,
                                                                                    BigInteger g)
                                                                             throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

generateDSAKeypair

public P11IdentityId generateDSAKeypair(int plength,
                                        int qlength,
                                        P11Slot.P11NewKeyControl control)
                                 throws org.xipki.pkcs11.wrapper.TokenException

Generates a DSA keypair.

Parameters:

plength - bit length of P

qlength - bit length of Q

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the identity within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

generateDSAKeypair

public P11IdentityId generateDSAKeypair(BigInteger p,
                                        BigInteger q,
                                        BigInteger g,
                                        P11Slot.P11NewKeyControl control)
                                 throws org.xipki.pkcs11.wrapper.TokenException

Generates a DSA keypair.

Parameters:

p - p of DSA. Must not be null.

q - q of DSA. Must not be null.

g - g of DSA. Must not be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the identity within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

generateECKeypairOtf

public org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateECKeypairOtf(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOid)
                                                               throws org.xipki.pkcs11.wrapper.TokenException

Generates an EC keypair on-the-fly.

Parameters:

curveOid - Object identifier of the EC curve. Must not be null.

Returns:

the ASN.1 keypair.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

generateECKeypair

public P11IdentityId generateECKeypair(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOid,
                                       P11Slot.P11NewKeyControl control)
                                throws org.xipki.pkcs11.wrapper.TokenException

Generates an EC keypair.

Parameters:

curveOid - Object identifier of the EC curve. Must not be null.

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the identity within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

generateSM2KeypairOtf

public org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateSM2KeypairOtf()
                                                                throws org.xipki.pkcs11.wrapper.TokenException

Generates an SM2 keypair on the fly.

Returns:

the ASN.1 keypair.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

generateSM2Keypair

public P11IdentityId generateSM2Keypair(P11Slot.P11NewKeyControl control)
                                 throws org.xipki.pkcs11.wrapper.TokenException

Generates an SM2 keypair.

Parameters:

control - Control of the key generation process. Must not be null.

Returns:

the identifier of the identity within the PKCS#P11 token.

Throws:

org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

printSupportedMechanism

protected void printSupportedMechanism(OutputStream stream)
                                throws IOException

Throws:

IOException

assertWritable

protected void assertWritable(String operationName)
                       throws org.xipki.pkcs11.wrapper.TokenException

Throws:

org.xipki.pkcs11.wrapper.TokenException

formatNumber

protected static String formatNumber(int value,
                                     int numChars)