Package org.xipki.security.pkcs11

Class P11Slot

    • Method Detail

      • hex

        protected static String hex​(byte[] bytes)
        Returns the hex representation of the bytes.
        Parameters:
        bytes - Data to be encoded. Must not be null.
        Returns:
        the hex representation of the bytes.

      • decodeHex

        protected static byte[] decodeHex​(String hex)
        Returns the hex representation of the bytes.
        Parameters:
        hex - Data to be decoded. Must not be null.
        Returns:
        the hex representation of the bytes.

      • getDescription

        protected static String getDescription​(byte[] keyId,
                                       String keyLabel)

      • getKeyId

        public abstract org.xipki.pkcs11.wrapper.PKCS11KeyId getKeyId​(byte[] keyId,
                                                              String keyLabel)
                                                       throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • getKey

        public abstract P11Key getKey​(org.xipki.pkcs11.wrapper.PKCS11KeyId keyId)
                       throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • getKey

        public abstract P11Key getKey​(byte[] keyId,
                              String keyLabel)
                       throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • getPublicKey

        protected abstract PublicKey getPublicKey​(P11Key key)
                                   throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • destroyObjectsByHandle

        public abstract long[] destroyObjectsByHandle​(long... handles)
        Destroys objects.
        Parameters:
        handles - handles of objects to be destroyed.
        Returns:
        handles of objects which could not been destroyed.

      • destroyAllObjects

        public abstract int destroyAllObjects()
        !!!DANGEROUS OPERATION!!! Destroys all objects.
        Returns:
        number of destroyed objects.

      • destroyObjectsByIdLabel

        public abstract int destroyObjectsByIdLabel​(byte[] id,
                                            String label)
                                     throws org.xipki.pkcs11.wrapper.TokenException
        Remove objects.
        Parameters:
        id - ID of the objects to be deleted. At least one of id and label may not be null.
        label - Label of the objects to be deleted
        Returns:
        how many objects have been deleted
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - If PKCS#11 error happens.

      • objectExistsByIdLabel

        public abstract boolean objectExistsByIdLabel​(byte[] id,
                                              String label)
                                       throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • doGenerateSecretKey

        protected abstract org.xipki.pkcs11.wrapper.PKCS11KeyId doGenerateSecretKey​(long keyType,
                                                                            Integer keysize,
                                                                            P11Slot.P11NewKeyControl control)
                                                                     throws org.xipki.pkcs11.wrapper.TokenException
        Generates a secret key in the PKCS#11 token.
        Parameters:
        keyType - key type
        keysize - key size
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doImportSecretKey

        protected abstract org.xipki.pkcs11.wrapper.PKCS11KeyId doImportSecretKey​(long keyType,
                                                                          byte[] keyValue,
                                                                          P11Slot.P11NewKeyControl control)
                                                                   throws org.xipki.pkcs11.wrapper.TokenException
        Imports secret key object in the PKCS#11 token. The key itself will not be generated within the PKCS#11 token.
        Parameters:
        keyType - key type.
        keyValue - Key value. Must not be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateDSAKeypair

        protected abstract org.xipki.pkcs11.wrapper.PKCS11KeyId doGenerateDSAKeypair​(BigInteger p,
                                                                             BigInteger q,
                                                                             BigInteger g,
                                                                             P11Slot.P11NewKeyControl control)
                                                                      throws org.xipki.pkcs11.wrapper.TokenException
        Generates a DSA keypair on-the-fly.
        Parameters:
        p - p of DSA. Must not be null.
        q - q of DSA. Must not be null.
        g - g of DSA. Must not be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateECEdwardsKeypair

        protected abstract org.xipki.pkcs11.wrapper.PKCS11KeyId doGenerateECEdwardsKeypair​(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId,
                                                                                   P11Slot.P11NewKeyControl control)
                                                                            throws org.xipki.pkcs11.wrapper.TokenException
        Generates an EC Edwards keypair.
        Parameters:
        curveId - Object Identifier of the curve. Must not be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateECEdwardsKeypairOtf

        protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateECEdwardsKeypairOtf​(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId)
                                                                                    throws org.xipki.pkcs11.wrapper.TokenException
        Generates an EC Edwards keypair on-the-fly.
        Parameters:
        curveId - Object Identifier of the curve. Must not be null.
        Returns:
        the ASN.1 keypair.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateECMontgomeryKeypair

        protected abstract org.xipki.pkcs11.wrapper.PKCS11KeyId doGenerateECMontgomeryKeypair​(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId,
                                                                                      P11Slot.P11NewKeyControl control)
                                                                               throws org.xipki.pkcs11.wrapper.TokenException
        Generates an EC Montgomery keypair.
        Parameters:
        curveId - Object Identifier of the curve. Must not be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateECMontgomeryKeypairOtf

        protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateECMontgomeryKeypairOtf​(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId)
                                                                                       throws org.xipki.pkcs11.wrapper.TokenException
        Generates an EC Montgomery keypair on-the-fly.
        Parameters:
        curveId - Object Identifier of the curve. Must not be null.
        Returns:
        the ASN.1 keypair.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateECKeypair

        protected abstract org.xipki.pkcs11.wrapper.PKCS11KeyId doGenerateECKeypair​(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId,
                                                                            P11Slot.P11NewKeyControl control)
                                                                     throws org.xipki.pkcs11.wrapper.TokenException
        Generates an EC keypair.
        Parameters:
        curveId - Object identifier of the EC curve. Must not be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateECKeypairOtf

        protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateECKeypairOtf​(org.bouncycastle.asn1.ASN1ObjectIdentifier curveId)
                                                                             throws org.xipki.pkcs11.wrapper.TokenException
        Generates an EC keypair over-the-air.
        Parameters:
        curveId - Object identifier of the EC curve. Must not be null.
        Returns:
        the ASN.1 encoded keypair.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateSM2Keypair

        protected abstract org.xipki.pkcs11.wrapper.PKCS11KeyId doGenerateSM2Keypair​(P11Slot.P11NewKeyControl control)
                                                                      throws org.xipki.pkcs11.wrapper.TokenException
        Generates an SM2p256v1 keypair.
        Parameters:
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateSM2KeypairOtf

        protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateSM2KeypairOtf()
                                                                              throws org.xipki.pkcs11.wrapper.TokenException
        Generates an SM2p256v1 keypair on-the-fly.
        Returns:
        the ASN.1 encoded keypair.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateRSAKeypair

        protected abstract org.xipki.pkcs11.wrapper.PKCS11KeyId doGenerateRSAKeypair​(int keysize,
                                                                             BigInteger publicExponent,
                                                                             P11Slot.P11NewKeyControl control)
                                                                      throws org.xipki.pkcs11.wrapper.TokenException
        Generates an RSA keypair.
        Parameters:
        keysize - key size in bit
        publicExponent - RSA public exponent. Could be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • showDetails

        public abstract void showDetails​(OutputStream stream,
                                 Long objectHandle,
                                 boolean verbose)
                          throws IOException
        Writes the token details to the given stream.
        Parameters:
        stream - Output stream. Must not be null.
        verbose - Whether to show the details verbosely.
        objectHandle - If present, only details of this object will be shown.
        Throws:
        IOException - if IO error occurs.

      • getMechanisms

        public Map<Long,​org.xipki.pkcs11.wrapper.MechanismInfo> getMechanisms()

      • supportsMechanism

        public boolean supportsMechanism​(long mechanism,
                                 long flagBit)

      • assertMechanismSupported

        public void assertMechanismSupported​(long mechanism,
                                     long flagBit)
                              throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • getModuleName

        public String getModuleName()

      • isReadOnly

        public boolean isReadOnly()

      • assertNoObjects

        protected void assertNoObjects​(byte[] id,
                               String label)
                        throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • destroyObjectsById

        public int destroyObjectsById​(byte[] id)
                       throws org.xipki.pkcs11.wrapper.TokenException
        Remove objects.
        Parameters:
        id - ID of the objects to be deleted.
        Returns:
        how many objects have been deleted
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - If PKCS#11 error happens.

      • destroyObjectsByLabel

        public int destroyObjectsByLabel​(String label)
                          throws org.xipki.pkcs11.wrapper.TokenException
        Remove objects.
        Parameters:
        label - Label of the objects to be deleted
        Returns:
        how many objects have been deleted
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - If PKCS#11 error happens.

      • generateSecretKey

        public org.xipki.pkcs11.wrapper.PKCS11KeyId generateSecretKey​(long keyType,
                                                              Integer keysize,
                                                              P11Slot.P11NewKeyControl control)
                                                       throws org.xipki.pkcs11.wrapper.TokenException
        Generates a secret key in the PKCS#11 token.
        Parameters:
        keyType - Key type
        keysize - Key size in bit
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • importSecretKey

        public org.xipki.pkcs11.wrapper.PKCS11KeyId importSecretKey​(long keyType,
                                                            byte[] keyValue,
                                                            P11Slot.P11NewKeyControl control)
                                                     throws org.xipki.pkcs11.wrapper.TokenException
        Imports secret key object in the PKCS#11 token. The key itself will not be generated within the PKCS#11 token.
        Parameters:
        keyType - Key type
        keyValue - Key value. Must not be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • generateRSAKeypairOtf

        public org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateRSAKeypairOtf​(int keysize,
                                                                       BigInteger publicExponent)
                                                                throws org.xipki.pkcs11.wrapper.TokenException
        Generates an RSA keypair on the fly.
        Parameters:
        keysize - key size in bit
        publicExponent - RSA public exponent. Could be null.
        Returns:
        the ASN.1 keypair.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • doGenerateRSAKeypairOtf

        protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo doGenerateRSAKeypairOtf​(int keysize,
                                                                                     BigInteger publicExponent)
                                                                              throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • generateRSAKeypair

        public org.xipki.pkcs11.wrapper.PKCS11KeyId generateRSAKeypair​(int keysize,
                                                               BigInteger publicExponent,
                                                               P11Slot.P11NewKeyControl control)
                                                        throws org.xipki.pkcs11.wrapper.TokenException
        Generates an RSA keypair.
        Parameters:
        keysize - key size in bit
        publicExponent - RSA public exponent. Could be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • generateDSAKeypairOtf

        public org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateDSAKeypairOtf​(BigInteger p,
                                                                       BigInteger q,
                                                                       BigInteger g)
                                                                throws org.xipki.pkcs11.wrapper.TokenException
        Generates a DSA keypair on-the-fly.
        Parameters:
        p - p of DSA. Must not be null.
        q - q of DSA. Must not be null.
        g - g of DSA. Must not be null.
        Returns:
        the ASN.1 keypair.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • generateDSAKeypairOtf0

        protected abstract org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateDSAKeypairOtf0​(BigInteger p,
                                                                                    BigInteger q,
                                                                                    BigInteger g)
                                                                             throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • generateDSAKeypair

        public org.xipki.pkcs11.wrapper.PKCS11KeyId generateDSAKeypair​(int plength,
                                                               int qlength,
                                                               P11Slot.P11NewKeyControl control)
                                                        throws org.xipki.pkcs11.wrapper.TokenException
        Generates a DSA keypair.
        Parameters:
        plength - bit length of P
        qlength - bit length of Q
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • generateDSAKeypair

        public org.xipki.pkcs11.wrapper.PKCS11KeyId generateDSAKeypair​(BigInteger p,
                                                               BigInteger q,
                                                               BigInteger g,
                                                               P11Slot.P11NewKeyControl control)
                                                        throws org.xipki.pkcs11.wrapper.TokenException
        Generates a DSA keypair.
        Parameters:
        p - p of DSA. Must not be null.
        q - q of DSA. Must not be null.
        g - g of DSA. Must not be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • generateECKeypairOtf

        public org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateECKeypairOtf​(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOid)
                                                               throws org.xipki.pkcs11.wrapper.TokenException
        Generates an EC keypair on-the-fly.
        Parameters:
        curveOid - Object identifier of the EC curve. Must not be null.
        Returns:
        the ASN.1 keypair.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • generateECKeypair

        public org.xipki.pkcs11.wrapper.PKCS11KeyId generateECKeypair​(org.bouncycastle.asn1.ASN1ObjectIdentifier curveOid,
                                                              P11Slot.P11NewKeyControl control)
                                                       throws org.xipki.pkcs11.wrapper.TokenException
        Generates an EC keypair.
        Parameters:
        curveOid - Object identifier of the EC curve. Must not be null.
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • generateSM2KeypairOtf

        public org.bouncycastle.asn1.pkcs.PrivateKeyInfo generateSM2KeypairOtf()
                                                                throws org.xipki.pkcs11.wrapper.TokenException
        Generates an SM2 keypair on the fly.
        Returns:
        the ASN.1 keypair.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • generateSM2Keypair

        public org.xipki.pkcs11.wrapper.PKCS11KeyId generateSM2Keypair​(P11Slot.P11NewKeyControl control)
                                                        throws org.xipki.pkcs11.wrapper.TokenException
        Generates an SM2 keypair.
        Parameters:
        control - Control of the key generation process. Must not be null.
        Returns:
        the identifier of the key within the PKCS#P11 token.
        Throws:
        org.xipki.pkcs11.wrapper.TokenException - if PKCS#11 token exception occurs.

      • assertWritable

        protected void assertWritable​(String operationName)
                       throws org.xipki.pkcs11.wrapper.TokenException
        Throws:
        org.xipki.pkcs11.wrapper.TokenException

      • formatNumber

        protected static String formatNumber​(int value,
                                     int numChars)