From e4a55a6b5e5736beee0738329cdcf1229f0057bb Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sun, 26 Nov 2023 23:01:25 +0100 Subject: [PATCH 01/36] prepare for the next development iteration. --- CHANGELOG.md | 5 ++++- audit-extra/pom.xml | 2 +- audit/pom.xml | 2 +- datasource/pom.xml | 2 +- password/pom.xml | 2 +- pom.xml | 2 +- security-shell/pom.xml | 2 +- security/pom.xml | 2 +- servlet3-common/pom.xml | 2 +- servlet5-common/pom.xml | 2 +- shell-base/pom.xml | 2 +- util/pom.xml | 2 +- xipki-tomcat-password/pom.xml | 2 +- 13 files changed, 16 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f26a5e..789a54e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,8 +2,11 @@ See also +## 6.3.3 +- Release date: 202y/mm/dd + ## 6.3.2 -- Release date: 2023/11/19 +- Release date: 2023/11/26 - Feature: add new binary of HSM proxy. - Move (repackage) JSON.java from module security to util. - Deleted non-common classes (moved to github:xipki/xipki). diff --git a/audit-extra/pom.xml b/audit-extra/pom.xml index 61f2289..95dc95a 100644 --- a/audit-extra/pom.xml +++ b/audit-extra/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT bundle audit-extra diff --git a/audit/pom.xml b/audit/pom.xml index bcb51f0..6695ca8 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT bundle audit diff --git a/datasource/pom.xml b/datasource/pom.xml index a7c0567..44818aa 100644 --- a/datasource/pom.xml +++ b/datasource/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT bundle datasource diff --git a/password/pom.xml b/password/pom.xml index c2a0f5d..f49721b 100644 --- a/password/pom.xml +++ b/password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT bundle password diff --git a/pom.xml b/pom.xml index 2296336..9a75a57 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ org.xipki.commons xipki-commons-parent pom - 6.3.2 + 6.3.3-SNAPSHOT XiPKI :: ${project.artifactId} XiPKI Parent http://xipki.org diff --git a/security-shell/pom.xml b/security-shell/pom.xml index fe0c7fd..98e342c 100644 --- a/security-shell/pom.xml +++ b/security-shell/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT security-shell bundle diff --git a/security/pom.xml b/security/pom.xml index 1c1e5c9..a8f82e0 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT security bundle diff --git a/servlet3-common/pom.xml b/servlet3-common/pom.xml index 4c4f2b4..767666a 100644 --- a/servlet3-common/pom.xml +++ b/servlet3-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT servlet3-common XiPKI :: ${project.artifactId} diff --git a/servlet5-common/pom.xml b/servlet5-common/pom.xml index 8bd5edf..8aa101c 100644 --- a/servlet5-common/pom.xml +++ b/servlet5-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT servlet5-common XiPKI :: ${project.artifactId} diff --git a/shell-base/pom.xml b/shell-base/pom.xml index 1a3b4d5..a0ca01b 100644 --- a/shell-base/pom.xml +++ b/shell-base/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT shell-base bundle diff --git a/util/pom.xml b/util/pom.xml index da7b1ef..228bc17 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT bundle util diff --git a/xipki-tomcat-password/pom.xml b/xipki-tomcat-password/pom.xml index 06596c0..707a402 100644 --- a/xipki-tomcat-password/pom.xml +++ b/xipki-tomcat-password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.2 + 6.3.3-SNAPSHOT xipki-tomcat-password From 2a8de54c0fc6813f184a3ea530bf9c763d478d44 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sun, 10 Dec 2023 22:54:08 +0100 Subject: [PATCH 02/36] Audit: applicationNam is now mandatory, accept also ConfPairs as conf. --- .../main/java/org/xipki/audit/AuditEvent.java | 29 ++++++++++------ .../java/org/xipki/audit/AuditService.java | 7 +++- .../src/main/java/org/xipki/audit/Audits.java | 34 ++++++++++--------- .../audit/services/EmbedAuditService.java | 10 +++--- .../xipki/audit/services/MacAuditService.java | 18 +++++----- .../audit/services/NoopAuditService.java | 3 +- 6 files changed, 60 insertions(+), 41 deletions(-) diff --git a/audit/src/main/java/org/xipki/audit/AuditEvent.java b/audit/src/main/java/org/xipki/audit/AuditEvent.java index 8ca3a40..21955a1 100644 --- a/audit/src/main/java/org/xipki/audit/AuditEvent.java +++ b/audit/src/main/java/org/xipki/audit/AuditEvent.java @@ -47,12 +47,23 @@ public class AuditEvent { * The data array belonging to the event. */ private final List eventDatas = new LinkedList<>(); - +/* + @Deprecated public AuditEvent() { - this(null); + this(null, null); } + @Deprecated public AuditEvent(Instant timestamp) { + this(null, timestamp); + } +*/ + public AuditEvent(String applicationName) { + this(applicationName, null); + } + + public AuditEvent(String applicationName, Instant timestamp) { + this.applicationName = applicationName == null ? "undefined" : applicationName; this.timestamp = (timestamp == null) ? Instant.now() : timestamp; this.level = AuditLevel.INFO; this.duration = null; @@ -75,9 +86,10 @@ public String getApplicationName() { return applicationName; } - public void setApplicationName(String applicationName) { - this.applicationName = Args.notNull(applicationName, "applicationName"); - } + //@Deprecated + //public void setApplicationName(String applicationName) { + // this.applicationName = applicationName; + //} public Instant getTimestamp() { return timestamp; @@ -175,11 +187,6 @@ public Duration getDuration() { } public String toTextMessage() { - String applicationName = getApplicationName(); - if (applicationName == null) { - applicationName = "undefined"; - } - StringBuilder sb = new StringBuilder(150); sb.append(applicationName); @@ -207,7 +214,7 @@ public String toTextMessage() { } return sb.toString(); - } // method toTextMessage + } public void log(Logger log) { AuditLevel level = getLevel(); diff --git a/audit/src/main/java/org/xipki/audit/AuditService.java b/audit/src/main/java/org/xipki/audit/AuditService.java index 54faef7..4327edc 100644 --- a/audit/src/main/java/org/xipki/audit/AuditService.java +++ b/audit/src/main/java/org/xipki/audit/AuditService.java @@ -3,6 +3,7 @@ package org.xipki.audit; +import org.xipki.util.ConfPairs; import org.xipki.util.exception.InvalidConfException; /** @@ -18,7 +19,11 @@ public interface AuditService { int PCI_AUDIT_EVENT = 2; - void init(String conf) throws InvalidConfException; + default void init(String conf) throws InvalidConfException { + init(new ConfPairs(conf)); + } + + void init(ConfPairs conf) throws InvalidConfException; /** * Log audit event. diff --git a/audit/src/main/java/org/xipki/audit/Audits.java b/audit/src/main/java/org/xipki/audit/Audits.java index df7fb3f..5e6b319 100644 --- a/audit/src/main/java/org/xipki/audit/Audits.java +++ b/audit/src/main/java/org/xipki/audit/Audits.java @@ -6,6 +6,7 @@ import org.xipki.audit.services.EmbedAuditService; import org.xipki.audit.services.FileMacAuditService; import org.xipki.audit.services.NoopAuditService; +import org.xipki.util.ConfPairs; import org.xipki.util.ReflectiveUtil; /** @@ -25,7 +26,7 @@ public static class AuditConf { */ private String type; - private String conf; + private ConfPairs conf; public static AuditConf DEFAULT = new AuditConf(); @@ -37,11 +38,11 @@ public void setType(String type) { this.type = type; } - public String getConf() { + public ConfPairs getConf() { return conf; } - public void setConf(String conf) { + public void setConf(ConfPairs conf) { this.conf = conf; } @@ -66,7 +67,7 @@ public static AuditService getAuditService() { } } // method getAuditService - public static void init(String auditType, String auditConf) { + public static void init(String auditType, ConfPairs auditConf) { try { AuditService service; if ("embed".equalsIgnoreCase(auditType)) { @@ -76,18 +77,7 @@ public static void init(String auditType, String auditConf) { } else if ("file-mac".equals(auditType)) { service = new FileMacAuditService(); } else { - String className; - - if (auditType.startsWith("java:")) { - className = auditType.substring("java:".length()); - } else if ("database-mac".equals(auditType)) { - className = "org.xipki.audit.extra.DatabaseMacAuditService"; - } else { - throw new AuditServiceRuntimeException("invalid Audit.Type '" + auditType - + "'. Valid values are 'embed' or java:"); - } - + String className = getClassName(auditType); service = ReflectiveUtil.newInstance(className); } @@ -100,4 +90,16 @@ public static void init(String auditType, String auditConf) { } } // method init + private static String getClassName(String auditType) { + if (auditType.startsWith("java:")) { + return auditType.substring("java:".length()); + } else if ("database-mac".equals(auditType)) { + return "org.xipki.audit.extra.DatabaseMacAuditService"; + } else { + throw new AuditServiceRuntimeException("invalid Audit.Type '" + auditType + + "'. Valid values are 'embed' or java:"); + } + } + } diff --git a/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java b/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java index 8df1cb5..bb29ba9 100644 --- a/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java +++ b/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java @@ -66,9 +66,11 @@ public EmbedAuditService() { } @Override - public void init(String conf) throws InvalidConfException { - ConfPairs confPairs = new ConfPairs(conf); - String str = confPairs.value(KEY_SIZE); + public void init(ConfPairs conf) throws InvalidConfException { + if (conf == null) { + conf = new ConfPairs(); + } + String str = conf.value(KEY_SIZE); final int mb = 1024 * 1024; @@ -92,7 +94,7 @@ public void init(String conf) throws InvalidConfException { } } - String logFilePath = confPairs.value(KEY_FILE); + String logFilePath = conf.value(KEY_FILE); logFilePath = StringUtil.isBlank(logFilePath) ? "logs/audit.log" : StringUtil.resolveVariables(logFilePath); diff --git a/audit/src/main/java/org/xipki/audit/services/MacAuditService.java b/audit/src/main/java/org/xipki/audit/services/MacAuditService.java index 9274407..316d66e 100644 --- a/audit/src/main/java/org/xipki/audit/services/MacAuditService.java +++ b/audit/src/main/java/org/xipki/audit/services/MacAuditService.java @@ -193,15 +193,17 @@ protected void verify(long id, String tag, String integrityText, ConfPairs confP } @Override - public void init(String conf) throws InvalidConfException { - ConfPairs confPairs = new ConfPairs(conf); - String str = confPairs.value(KEY_SHARD_ID); + public void init(ConfPairs conf) throws InvalidConfException { + if (conf == null) { + conf = new ConfPairs(); + } + String str = conf.value(KEY_SHARD_ID); shardId = StringUtil.isBlank(str) ? 0 : Integer.parseInt(str); - str = confPairs.value(KEY_ENC_INTERVAL); + str = conf.value(KEY_ENC_INTERVAL); encInterval = (str == null) ? 1 : Integer.parseInt(str); - String algo = confPairs.value(KEY_ALGO); + String algo = conf.value(KEY_ALGO); int algoId; if (algo == null) { algo = "HmacSHA256"; @@ -215,14 +217,14 @@ public void init(String conf) throws InvalidConfException { } } - keyId = confPairs.value(KEY_KEYID); + keyId = conf.value(KEY_KEYID); if (StringUtil.isBlank(keyId)) { throw new IllegalArgumentException("property " + KEY_KEYID + " not defined"); } this.tagPrefix = VERSION_V1 + INNER_DELIM + algoId + INNER_DELIM + keyId + INNER_DELIM; this.tagPrefixBytes = tagPrefix.getBytes(StandardCharsets.UTF_8); - String password = confPairs.value(KEY_PASSWORD); + String password = conf.value(KEY_PASSWORD); if (StringUtil.isBlank(password)) { throw new IllegalArgumentException("property " + KEY_PASSWORD + " not defined"); } @@ -245,7 +247,7 @@ public void init(String conf) throws InvalidConfException { } this.rnd = new SecureRandom(); - doExtraInit(new ConfPairs(conf)); + doExtraInit(conf); } @Override diff --git a/audit/src/main/java/org/xipki/audit/services/NoopAuditService.java b/audit/src/main/java/org/xipki/audit/services/NoopAuditService.java index 4097ee7..388944b 100644 --- a/audit/src/main/java/org/xipki/audit/services/NoopAuditService.java +++ b/audit/src/main/java/org/xipki/audit/services/NoopAuditService.java @@ -6,6 +6,7 @@ import org.xipki.audit.AuditEvent; import org.xipki.audit.AuditService; import org.xipki.audit.PciAuditEvent; +import org.xipki.util.ConfPairs; /** * The No-Operation audit service. The events will be ignored. @@ -20,7 +21,7 @@ public NoopAuditService() { } @Override - public void init(String conf) { + public void init(ConfPairs conf) { } @Override From 32bccdd8e920a52a67f840d18db4ca69a1f500b4 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sun, 10 Dec 2023 22:57:15 +0100 Subject: [PATCH 03/36] command xi:curl: throws Exception if received status code != OK --- .../main/java/org/xipki/shell/Actions.java | 42 ++++++++++--------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/shell-base/src/main/java/org/xipki/shell/Actions.java b/shell-base/src/main/java/org/xipki/shell/Actions.java index ccd6797..3dd4d93 100644 --- a/shell-base/src/main/java/org/xipki/shell/Actions.java +++ b/shell-base/src/main/java/org/xipki/shell/Actions.java @@ -13,6 +13,7 @@ import org.xipki.util.Base64; import org.xipki.util.*; import org.xipki.util.Curl.CurlResult; +import org.xipki.util.http.HttpStatusCode; import java.io.BufferedReader; import java.io.ByteArrayOutputStream; @@ -301,30 +302,33 @@ protected Object execute0() throws Exception { if (result.getContent() == null && result.getErrorContent() == null) { println("NO response content"); - return null; - } - - if (outFile != null) { - if (result.getContent() != null) { - saveVerbose("saved response to file", outFile, result.getContent()); - } else { - saveVerbose("saved (error) response to file", "error-" + outFile, result.getErrorContent()); - } } else { - String ct = result.getContentType(); - String charset = getCharset(ct); - if (charset == null) { - charset = "UTF-8"; - } - - if (result.getContent() != null) { - println(new String(result.getContent(), charset)); + if (outFile != null) { + if (result.getContent() != null) { + saveVerbose("saved response to file", outFile, result.getContent()); + } else { + saveVerbose("saved (error) response to file", "error-" + outFile, result.getErrorContent()); + } } else { - println("ERROR: "); - println(new String(result.getContent(), charset)); + String ct = result.getContentType(); + String charset = getCharset(ct); + if (charset == null) { + charset = "UTF-8"; + } + + if (result.getContent() != null) { + println(new String(result.getContent(), charset)); + } else { + println("ERROR: "); + println(new String(result.getContent(), charset)); + } } } + int sc = result.getStatusCode(); + if (sc != HttpStatusCode.SC_OK) { + throw new RuntimeException("Received status code other than OK: " + sc); + } return null; } // method execute0 From 9215fe33adc9fb30aaea46811fe547aa91263242 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sun, 10 Dec 2023 23:01:23 +0100 Subject: [PATCH 04/36] JSON.java: add methods parseConf() which resolsves also the ${sys:} and ${env:}. --- .../java/org/xipki/security/Securities.java | 2 +- .../pkcs11/P11CryptServiceFactoryImpl.java | 2 +- .../security/pkcs11/P11SignerFactory.java | 3 +- util/src/main/java/org/xipki/util/JSON.java | 34 +++++++++++++++++++ 4 files changed, 38 insertions(+), 3 deletions(-) diff --git a/security/src/main/java/org/xipki/security/Securities.java b/security/src/main/java/org/xipki/security/Securities.java index 0c5b443..2e8006b 100644 --- a/security/src/main/java/org/xipki/security/Securities.java +++ b/security/src/main/java/org/xipki/security/Securities.java @@ -236,7 +236,7 @@ private void initSecurityPkcs11( Pkcs11conf pkcs11ConfObj; try { - pkcs11ConfObj = JSON.parseObject(pkcs11Conf.readContent(), Pkcs11conf.class); + pkcs11ConfObj = JSON.parseConf(pkcs11Conf.readContent(), Pkcs11conf.class); } catch (IOException ex) { throw new InvalidConfException("could not create P11Conf: " + ex.getMessage(), ex); } diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java index 4583452..f34b558 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java @@ -55,7 +55,7 @@ public synchronized void init() throws InvalidConfException { if (pkcs11Conf == null) { try { - pkcs11Conf = JSON.parseObject(new File(pkcs11ConfFile), Pkcs11conf.class); + pkcs11Conf = JSON.parseConf(new File(pkcs11ConfFile), Pkcs11conf.class); pkcs11Conf.validate(); } catch (IOException ex) { throw new InvalidConfException("could not create P11Conf: " + ex.getMessage(), ex); diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java index 05d8a76..f9d0dbd 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java @@ -7,6 +7,7 @@ import org.xipki.pkcs11.wrapper.TokenException; import org.xipki.security.*; import org.xipki.util.Hex; +import org.xipki.util.LogUtil; import org.xipki.util.exception.ObjectCreationException; import java.security.NoSuchAlgorithmException; @@ -118,7 +119,7 @@ public ConcurrentContentSigner newSigner(String type, SignerConf conf, X509Cert[ try { key = slot.getKey(keyId, keyLabel); } catch (TokenException e) { - throw new ObjectCreationException("error finding identity with " + str2 + ": " + e.getMessage()); + throw new ObjectCreationException("error finding identity with " + str2 + ": " + e.getMessage(), e); } if (key == null) { diff --git a/util/src/main/java/org/xipki/util/JSON.java b/util/src/main/java/org/xipki/util/JSON.java index be6fc1c..022577c 100644 --- a/util/src/main/java/org/xipki/util/JSON.java +++ b/util/src/main/java/org/xipki/util/JSON.java @@ -15,6 +15,7 @@ import java.io.*; import java.nio.charset.StandardCharsets; +import java.nio.file.Files; import java.nio.file.Path; import java.time.Instant; import java.util.HashMap; @@ -143,6 +144,39 @@ public static T parseObject(File jsonFile, Class classOfT) throws IOExcep return mapper.readValue(jsonFile, classOfT); } + public static T parseConf(byte[] json, Class classOfT) { + return parseConf(new String(json), classOfT); + } + + public static T parseConf(String json, Class classOfT) { + try { + StringBuilder conf = new StringBuilder(); + try (BufferedReader reader = new BufferedReader(new StringReader(json))) { + String line; + while ((line = reader.readLine()) != null) { + String line2 = StringUtil.resolveVariables(line); + conf.append(line2).append("\n"); + } + } + + return mapper.readValue(conf.toString(), classOfT); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public static T parseConf(File jsonFile, Class classOfT) throws IOException { + return parseConf(new String(Files.readAllBytes(jsonFile.toPath())), classOfT); + } + + public static T parseConf(Path jsonFilePath, Class classOfT) throws IOException { + return parseConf(new String(Files.readAllBytes(jsonFilePath)), classOfT); + } + + public static T parseConf(InputStream jsonInputStream, Class classOfT) throws IOException { + return parseConf(IoUtil.readAllBytes(jsonInputStream), classOfT); + } + /** * Deserialize the object from the input stream. * The specified stream remains open after this method returns. From febff468886c03c9624f4063916912032775719f Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sun, 10 Dec 2023 23:03:22 +0100 Subject: [PATCH 05/36] remove parameters hashAlgo and gm in methods to generate CSRs --- .../org/xipki/security/shell/Actions.java | 15 +-- .../org/xipki/security/shell/JceActions.java | 2 +- .../org/xipki/security/shell/P11Actions.java | 3 +- .../org/xipki/security/shell/P12Actions.java | 24 +--- .../java/org/xipki/security/SignAlgo.java | 116 +++++++++++------- .../xipki/security/SignatureAlgoControl.java | 13 +- .../java/org/xipki/security/SignerConf.java | 44 +++++-- .../pkcs11/emulator/EmulatorP11Slot.java | 10 +- .../pkcs11/hsmproxy/HsmProxyP11Module.java | 63 ++++------ .../xipki/security/pkcs12/GenerateCerts.java | 2 +- .../org/xipki/security/qa/JceSignSpeed.java | 2 +- .../org/xipki/security/qa/P11SignSpeed.java | 2 +- .../org/xipki/security/qa/P12SignSpeed.java | 2 +- .../test/CrlTestVectorGenerateMain.java | 2 +- .../main/java/org/xipki/util/ConfPairs.java | 31 ++++- util/src/main/java/org/xipki/util/Curl.java | 10 ++ .../main/java/org/xipki/util/DefaultCurl.java | 4 +- .../xipki/util/http/SslContextBuilder.java | 1 - 18 files changed, 185 insertions(+), 161 deletions(-) diff --git a/security-shell/src/main/java/org/xipki/security/shell/Actions.java b/security-shell/src/main/java/org/xipki/security/shell/Actions.java index 78c076c..deda00d 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/Actions.java @@ -335,11 +335,6 @@ private String getNumber(Number no) { } // class CrlInfo public abstract static class CsrGenAction extends BaseCsrGenAction { - @Option(name = "--hash", description = "hash algorithm name (will be ignored in some keys, " - + "e.g. edwards curve based keys)") - @Completion(Completers.HashAlgCompleter.class) - protected String hashAlgo = "SHA256"; - @Option(name = "--rsa-pss", description = "whether to use the RSAPSS for the POP computation\n" + "(only applied to RSA key)") private Boolean rsaPss = Boolean.FALSE; @@ -347,16 +342,8 @@ public abstract static class CsrGenAction extends BaseCsrGenAction { @Option(name = "--dsa-plain", description = "whether to use the Plain DSA for the POP computation") private Boolean dsaPlain = Boolean.FALSE; - @Option(name = "--gm", description = "whether to use the chinese GM algorithm for the POP computation\n" - + "(only applied to EC key with GM curves)") - private Boolean gm = Boolean.FALSE; - protected SignatureAlgoControl getSignatureAlgoControl() { - hashAlgo = hashAlgo.trim().toUpperCase(); - if (hashAlgo.indexOf('-') != -1) { - hashAlgo = hashAlgo.replaceAll("-", ""); - } - return new SignatureAlgoControl(rsaPss, dsaPlain, gm); + return new SignatureAlgoControl(rsaPss, dsaPlain); } } diff --git a/security-shell/src/main/java/org/xipki/security/shell/JceActions.java b/security-shell/src/main/java/org/xipki/security/shell/JceActions.java index 3719d13..0279f3e 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/JceActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/JceActions.java @@ -46,7 +46,7 @@ private static SignerConf getJceSignerConf(String alias, int parallelism, SignAl .putPair("parallelism", Integer.toString(parallelism)) .putPair("alias", alias) .putPair("algo", signAlgo.getJceName()); - return new SignerConf(conf.getEncoded()); + return new SignerConf(conf); } // method getJceSignerConf } // class CsrP11 diff --git a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java index 140c623..e5aaa4b 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java @@ -76,7 +76,7 @@ protected ConcurrentContentSigner getSigner() throws Exception { } SignerConf conf = getPkcs11SignerConf(moduleName, Integer.parseInt(slotIndex), label, - idBytes, 1, HashAlgo.getInstance(hashAlgo), signatureAlgoControl); + idBytes, 1, null, signatureAlgoControl); return securityFactory.createSigner("PKCS11", conf, (X509Cert[]) null); } @@ -84,7 +84,6 @@ public static SignerConf getPkcs11SignerConf( String pkcs11ModuleName, int slotIndex, String keyLabel, byte[] keyId, int parallelism, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) { Args.positive(parallelism, "parallelism"); - Args.notNull(hashAlgo, "hashAlgo"); if (keyId == null && keyLabel == null) { throw new IllegalArgumentException("at least one of keyId and keyLabel may not be null"); diff --git a/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java index bbb6fc9..f85f8a9 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java @@ -10,8 +10,6 @@ import org.apache.karaf.shell.support.completers.FileCompleter; import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.gm.GMObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.xipki.password.PasswordResolverException; import org.xipki.security.*; import org.xipki.security.pkcs12.KeyStoreWrapper; @@ -209,16 +207,7 @@ private void assertMatch(KeyStore ks, X509Cert cert, String password) pairs.putPair("password", password); } - HashAlgo hashAlgo = HashAlgo.SHA256; - SignatureAlgoControl algoControl = null; - AlgorithmIdentifier algId = cert.getSubjectPublicKeyInfo().getAlgorithm(); - if (X9ObjectIdentifiers.id_ecPublicKey.equals(algId.getAlgorithm())) { - if (ASN1ObjectIdentifier.getInstance(algId.getParameters()).equals(GMObjectIdentifiers.sm2p256v1)) { - hashAlgo = HashAlgo.SM3; - algoControl = new SignatureAlgoControl(false, false, true); - } - } - SignerConf conf = new SignerConf(pairs.getEncoded(), hashAlgo, algoControl); + SignerConf conf = new SignerConf(pairs.getEncoded(), null); securityFactory.createSigner("PKCS12", conf, cert); } } // method assertMatch @@ -256,7 +245,7 @@ public KeyStore getKeyStore() } @Override - protected ConcurrentContentSigner getSigner() throws ObjectCreationException { + protected ConcurrentContentSigner getSigner() throws ObjectCreationException, NoSuchAlgorithmException { SignatureAlgoControl signatureAlgoControl = getSignatureAlgoControl(); char[] pwd; try { @@ -269,14 +258,7 @@ protected ConcurrentContentSigner getSigner() throws ObjectCreationException { .putPair("parallelism", Integer.toString(1)) .putPair("keystore", "file:" + p12File); - HashAlgo ha; - try { - ha = HashAlgo.getInstance(hashAlgo); - } catch (NoSuchAlgorithmException ex) { - throw new ObjectCreationException(ex.getMessage()); - } - - SignerConf signerConf = new SignerConf(conf.getEncoded(), ha, signatureAlgoControl); + SignerConf signerConf = new SignerConf(conf.getEncoded(), null, signatureAlgoControl); try { signerConf.setPeerCertificates(getPeerCertificates()); } catch (CertificateException | IOException ex) { diff --git a/security/src/main/java/org/xipki/security/SignAlgo.java b/security/src/main/java/org/xipki/security/SignAlgo.java index 48cacdc..7f0efd2 100644 --- a/security/src/main/java/org/xipki/security/SignAlgo.java +++ b/security/src/main/java/org/xipki/security/SignAlgo.java @@ -17,6 +17,7 @@ import org.xipki.pkcs11.wrapper.PKCS11Constants; import org.xipki.security.ObjectIdentifiers.Xipki; import org.xipki.security.pkcs11.P11Key; +import org.xipki.security.util.KeyUtil; import org.xipki.util.Args; import java.security.Key; @@ -388,8 +389,9 @@ public static SignAlgo getInstance(String nameOrOid) throws NoSuchAlgorithmExcep } public static SignAlgo getInstance(P11Key p11Key, SignerConf signerConf) throws NoSuchAlgorithmException { - if (Args.notNull(signerConf, "signerConf").getHashAlgo() == null) { - return getInstance(signerConf.getConfValue("algo")); + String algo = Args.notNull(signerConf, "signerConf").getConfValue("algo"); + if (algo != null) { + return getInstance(algo); } SignatureAlgoControl algoControl = signerConf.getSignatureAlgoControl(); @@ -397,13 +399,25 @@ public static SignAlgo getInstance(P11Key p11Key, SignerConf signerConf) throws long keyType = p11Key.getKeyType(); if (keyType == PKCS11Constants.CKK_RSA) { + if (hashAlgo == null) { + hashAlgo = getDefaultHashAlgo(keyType, p11Key.getRsaModulus().bitLength()); + } boolean rsaPss = algoControl != null && algoControl.isRsaPss(); return getRSAInstance(hashAlgo, rsaPss); } else if (keyType == PKCS11Constants.CKK_EC || keyType == PKCS11Constants.CKK_VENDOR_SM2) { + if (hashAlgo == null) { + // correct the key type of some HSMs + if (keyType == PKCS11Constants.CKK_EC && GMObjectIdentifiers.sm2p256v1.equals(p11Key.getEcParams())) { + keyType = PKCS11Constants.CKK_VENDOR_SM2; + } + hashAlgo = getDefaultHashAlgo(keyType, p11Key.getEcOrderBitSize()); + } boolean dsaPlain = algoControl != null && algoControl.isDsaPlain(); - boolean gm = algoControl != null && algoControl.isGm(); - return getECSigAlgo(hashAlgo, dsaPlain, gm); + return getECSigAlgo(hashAlgo, dsaPlain); } else if (keyType == PKCS11Constants.CKK_DSA) { + if (hashAlgo == null) { + hashAlgo = getDefaultHashAlgo(keyType, p11Key.getDsaP().bitLength()); + } return getDSASigAlgo(hashAlgo); } else if (keyType == PKCS11Constants.CKK_EC_EDWARDS) { String keyAlgo = EdECConstants.getName(p11Key.getEcParams()); @@ -420,49 +434,44 @@ public static SignAlgo getInstance(P11Key p11Key, SignerConf signerConf) throws } // method getInstance public static SignAlgo getInstance(Key key, SignerConf signerConf) throws NoSuchAlgorithmException { - if (Args.notNull(signerConf, "signerConf").getHashAlgo() == null) { - return getInstance(signerConf.getConfValue("algo")); - } - - SignatureAlgoControl algoControl = signerConf.getSignatureAlgoControl(); - HashAlgo hashAlgo = signerConf.getHashAlgo(); - - if (key instanceof RSAPublicKey || key instanceof RSAPrivateKey) { - boolean rsaPss = algoControl != null && algoControl.isRsaPss(); - return getRSAInstance(hashAlgo, rsaPss); - } else if (key instanceof ECPublicKey || key instanceof ECPrivateKey) { - boolean dsaPlain = algoControl != null && algoControl.isDsaPlain(); - boolean gm = algoControl != null && algoControl.isGm(); - return getECSigAlgo(hashAlgo, dsaPlain, gm); - } else if (key instanceof DSAPublicKey || key instanceof DSAPrivateKey) { - return getDSASigAlgo(hashAlgo); - } else if (key instanceof EdDSAKey) { - String keyAlgo = key.getAlgorithm().toUpperCase(); - if (keyAlgo.equals(EdECConstants.ED25519)) { - return ED25519; - } else if (keyAlgo.equals(EdECConstants.ED448)) { - return ED448; - } else { - throw new NoSuchAlgorithmException("Unknown Edwards public key " + keyAlgo); - } - } else { - throw new NoSuchAlgorithmException("Unknown key " + key.getClass().getName()); + String algo = Args.notNull(signerConf, "signerConf").getConfValue("algo"); + if (algo != null) { + return getInstance(algo); } + return getInstance(key, signerConf.getHashAlgo(), signerConf.getSignatureAlgoControl()); } // method getInstance public static SignAlgo getInstance(Key key, HashAlgo hashAlgo, SignatureAlgoControl algoControl) throws NoSuchAlgorithmException { - Args.notNull(hashAlgo, "hashAlgo"); Args.notNull(key, "key"); - - if (key instanceof RSAPublicKey || key instanceof RSAPrivateKey) { + if (key instanceof RSAKey) { + if (hashAlgo == null) { + hashAlgo = getDefaultHashAlgo(PKCS11Constants.CKK_RSA, ((RSAKey) key).getModulus().bitLength()); + } boolean rsaPss = algoControl != null && algoControl.isRsaPss(); return getRSAInstance(hashAlgo, rsaPss); - } else if (key instanceof ECPublicKey || key instanceof ECPrivateKey) { + } else if (key instanceof ECKey) { + if (hashAlgo == null) { + long keyType = PKCS11Constants.CKK_EC; + try { + ASN1ObjectIdentifier curveId = KeyUtil.detectCurveOid(((ECKey) key).getParams()); + if (GMObjectIdentifiers.sm2p256v1.equals(curveId)) { + keyType = PKCS11Constants.CKK_VENDOR_SM2; + } + } catch (Exception ex) { + // ignore + } + + int keyOrderSize = ((ECKey) key).getParams().getOrder().bitLength(); + hashAlgo = getDefaultHashAlgo(keyType, keyOrderSize); + } + boolean dsaPlain = algoControl != null && algoControl.isDsaPlain(); - boolean gm = algoControl != null && algoControl.isGm(); - return getECSigAlgo(hashAlgo, dsaPlain, gm); - } else if (key instanceof DSAPublicKey || key instanceof DSAPrivateKey) { + return getECSigAlgo(hashAlgo, dsaPlain); + } else if (key instanceof DSAKey) { + if (hashAlgo == null) { + hashAlgo = getDefaultHashAlgo(PKCS11Constants.CKK_DSA, ((DSAKey) key).getParams().getP().bitLength()); + } return getDSASigAlgo(hashAlgo); } else if (key instanceof EdDSAKey) { String keyAlgo = key.getAlgorithm().toUpperCase(); @@ -478,6 +487,20 @@ public static SignAlgo getInstance(Key key, HashAlgo hashAlgo, SignatureAlgoCont } } // method getInstance + private static HashAlgo getDefaultHashAlgo(long keyType, int keySize) { + if (keyType == PKCS11Constants.CKK_RSA || keyType == PKCS11Constants.CKK_DSA) { + return keySize > 3084 ? SHA512 : + keySize > 2048 ? SHA384 : SHA256; + } else if (keyType == PKCS11Constants.CKK_VENDOR_SM2) { + return SM3; + } else if (keyType == PKCS11Constants.CKK_EC) { + return keySize > 384 + 8 ? SHA512 : // plus buffer 8 + keySize > 256 + 8 ? SHA384 : SHA256; + } else { + throw new IllegalArgumentException("unknown keyType " + PKCS11Constants.ckkCodeToName(keyType)); + } + } + private static SignAlgo getRSAInstance(HashAlgo hashAlgo, boolean rsaPss) throws NoSuchAlgorithmException { Args.notNull(hashAlgo, "hashAlgo"); switch (hashAlgo) { @@ -538,19 +561,18 @@ private static SignAlgo getDSASigAlgo(HashAlgo hashAlgo) throws NoSuchAlgorithmE } } // method getDSASigAlgo - private static SignAlgo getECSigAlgo(HashAlgo hashAlgo, boolean plainSignature, boolean gm) + private static SignAlgo getECSigAlgo(HashAlgo hashAlgo, boolean plainSignature) throws NoSuchAlgorithmException { Args.notNull(hashAlgo, "hashAlgo"); - if (gm && plainSignature) { - throw new IllegalArgumentException("plainSignature and gm cannot be both true"); + if (hashAlgo == SM3 && plainSignature) { + throw new IllegalArgumentException("plainSignature cannot be both true"); } - if (gm) { - if (hashAlgo == SM3) { - return SM2_SM3; - } - throw new NoSuchAlgorithmException("unsupported hash " + hashAlgo + " for SM2"); - } else if (plainSignature) { + if (hashAlgo == SM3) { + return SM2_SM3; + } + + if (plainSignature) { switch (hashAlgo) { case SHA1: return PLAINECDSA_SHA1; diff --git a/security/src/main/java/org/xipki/security/SignatureAlgoControl.java b/security/src/main/java/org/xipki/security/SignatureAlgoControl.java index b1a8c9a..ae8f5c4 100644 --- a/security/src/main/java/org/xipki/security/SignatureAlgoControl.java +++ b/security/src/main/java/org/xipki/security/SignatureAlgoControl.java @@ -16,20 +16,13 @@ public class SignatureAlgoControl { private final boolean dsaPlain; - private final boolean gm; - public SignatureAlgoControl() { - this(false, false, false); + this(false, false); } public SignatureAlgoControl(boolean rsaPss, boolean dsaPlain) { - this(rsaPss, dsaPlain, false); - } - - public SignatureAlgoControl(boolean rsaPss, boolean dsaPlain, boolean gm) { this.rsaPss = rsaPss; this.dsaPlain = dsaPlain; - this.gm = gm; } public boolean isRsaPss() { @@ -40,8 +33,4 @@ public boolean isDsaPlain() { return dsaPlain; } - public boolean isGm() { - return gm; - } - } diff --git a/security/src/main/java/org/xipki/security/SignerConf.java b/security/src/main/java/org/xipki/security/SignerConf.java index 094b3a1..e5e32dd 100644 --- a/security/src/main/java/org/xipki/security/SignerConf.java +++ b/security/src/main/java/org/xipki/security/SignerConf.java @@ -28,16 +28,24 @@ public class SignerConf { private List peerCertificates; public SignerConf(String conf) { + this(new ConfPairs(conf)); + } + + public SignerConf(ConfPairs conf) { this.hashAlgo = null; this.signatureAlgoControl = null; - this.confPairs = new ConfPairs(Args.notBlank(conf, "conf")); + this.confPairs = Args.notNull(conf, "conf"); if (getConfValue("algo") == null) { throw new IllegalArgumentException("conf must contain the entry 'algo'"); } } + public SignerConf(String confWithoutAlgo, SignatureAlgoControl signatureAlgoControl) { + this(confWithoutAlgo, null, signatureAlgoControl); + } + public SignerConf(String confWithoutAlgo, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) { - this.hashAlgo = Args.notNull(hashAlgo, "hashAlgo"); + this.hashAlgo = hashAlgo; this.signatureAlgoControl = signatureAlgoControl; this.confPairs = new ConfPairs(Args.notBlank(confWithoutAlgo, "confWithoutAlgo")); if (getConfValue("algo") != null) { @@ -65,8 +73,8 @@ public String getConfValue(String name) { return confPairs.value(name); } - public String getConf() { - return confPairs.getEncoded(); + public ConfPairs getConf() { + return confPairs; } public List getPeerCertificates() { @@ -77,24 +85,22 @@ public void setPeerCertificates(List peerCertificates) { this.peerCertificates = peerCertificates; } - public ConfPairs getConfPairs() { - return confPairs; - } - @Override public String toString() { return toString(true, true); } public String toString(boolean verbose, boolean ignoreSensitiveInfo) { - String conf = getConf(); + String txtConf; if (ignoreSensitiveInfo) { - conf = eraseSensitiveData(conf); + txtConf = eraseSensitiveData(confPairs); + } else { + txtConf = confPairs.toString(); } - StringBuilder sb = new StringBuilder(conf.length() + 50); + StringBuilder sb = new StringBuilder(txtConf.length() + 50); sb.append("conf: "); - sb.append(conf); + sb.append(txtConf); if (hashAlgo != null) { sb.append("\nhash algo: ").append(hashAlgo.getJceName()); } @@ -116,6 +122,18 @@ public String toString(boolean verbose, boolean ignoreSensitiveInfo) { return sb.toString(); } // method toString + public static String eraseSensitiveData(ConfPairs conf) { + if (conf == null) { + return ""; + } + + try { + return conf.toStringOmitSensitive("password"); + } catch (Exception ex) { + return conf.toString(); + } + } // method eraseSensitiveData + public static String eraseSensitiveData(String conf) { if (conf == null || !conf.toLowerCase().contains("password")) { return conf; @@ -126,6 +144,6 @@ public static String eraseSensitiveData(String conf) { } catch (Exception ex) { return conf; } - } // method eraseSensitiveData + } } diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java index 2b066b8..8101dbf 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java @@ -738,7 +738,8 @@ public P11Key getKey(PKCS11KeyId keyId) throws TokenException { BigInteger g = new BigInteger(props.getProperty(PROP_DSA_BASE), 16); // g ret = new EmulatorP11Key(this, keyId, privateKey, maxSessions, random); ret.setDsaParameters(p, q, g); - } else if (keyType == CKK_EC || keyType == CKK_EC_EDWARDS || keyType == CKK_EC_MONTGOMERY) { + } else if (keyType == CKK_EC || keyType == CKK_VENDOR_SM2 + || keyType == CKK_EC_EDWARDS || keyType == CKK_EC_MONTGOMERY) { byte[] ecParams = decodeHex(props.getProperty(PROP_EC_PARAMS)); ASN1ObjectIdentifier curveId = ASN1ObjectIdentifier.getInstance(ecParams); ret = new EmulatorP11Key(this, keyId, privateKey, maxSessions, random); @@ -1133,7 +1134,12 @@ protected PKCS11KeyId doGenerateECKeypair(ASN1ObjectIdentifier curveId, P11NewKe curveName = curveId.getId(); } - return saveKeyPairP11Entity(CKK_EC, keypair, control, curveName); + long keyType = CKK_EC; + if (GMObjectIdentifiers.sm2p256v1.equals(curveId)) { + keyType = CKK_VENDOR_SM2; + } + + return saveKeyPairP11Entity(keyType, keypair, control, curveName); } @Override diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java index 61fbda7..373d9db 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java @@ -13,10 +13,7 @@ import org.xipki.security.pkcs11.P11Slot; import org.xipki.security.pkcs11.P11SlotId; import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.*; -import org.xipki.util.Args; -import org.xipki.util.IoUtil; -import org.xipki.util.LogUtil; -import org.xipki.util.StringUtil; +import org.xipki.util.*; import org.xipki.util.cbor.ByteArrayCborDecoder; import org.xipki.util.cbor.CborConstants; import org.xipki.util.cbor.CborDecoder; @@ -24,7 +21,9 @@ import org.xipki.util.exception.DecodeException; import org.xipki.util.exception.ObjectCreationException; import org.xipki.util.http.HostnameVerifiers; +import org.xipki.util.http.SslConf; import org.xipki.util.http.SslContextBuilder; +import org.xipki.util.http.SslContextConf; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; @@ -55,9 +54,7 @@ class HsmProxyP11Module extends P11Module { private static final String PROP_SSL_KEYSTOREPASSWORD = "ssl.keystorePassword"; - private static final String PROP_SSL_TRUSTSTORE = "ssl.truststore"; - - private static final String PROP_SSL_TRUSTOREPASSWORD = "ssl.truststorePassword"; + private static final String PROP_SSL_TRUSTCERTS = "ssl.trustcerts"; private static final String PROP_SSL_HOStNAMEVERIFIER = "ssl.hostnameVerifier"; @@ -89,44 +86,38 @@ private HsmProxyP11Module(P11ModuleConf moduleConf) throws TokenException { this.description = StringUtil.concat("PKCS#11 proxy", "\nPath: ", modulePath); this.serverUrl = modulePath.endsWith("/") ? modulePath.substring(0, modulePath.length() - 1) : modulePath; - String sslStoreType = properties.get(PROP_SSL_STORETYPE); - String sslKeystore = properties.get(PROP_SSL_KEYSTORE); - String sslKeystorePassword = properties.get(PROP_SSL_KEYSTOREPASSWORD); - String sslTruststore = properties.get(PROP_SSL_TRUSTSTORE); - String sslTruststorePassword = properties.get(PROP_SSL_TRUSTOREPASSWORD); - String sslHostnameVerifier = properties.get(PROP_SSL_HOStNAMEVERIFIER); + SslConf sslConf = new SslConf(); - SslContextBuilder builder = new SslContextBuilder(); - if (sslStoreType != null) { - builder.setKeyStoreType(sslStoreType); - } + String sslStoreType = properties.get(PROP_SSL_STORETYPE); + sslConf.setStoreType(sslStoreType); - if (sslKeystore != null) { - sslKeystore = IoUtil.expandFilepath(sslKeystore, true); + String sslKeystore = properties.get(PROP_SSL_KEYSTORE); + sslConf.setKeystore(FileOrBinary.ofFile(sslKeystore)); - char[] pwd = sslKeystorePassword == null ? null : sslKeystorePassword.toCharArray(); - try { - builder.loadKeyMaterial(new File(sslKeystore), pwd, pwd); - } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException - | CertificateException | IOException ex) { - throw new TokenException("could not load key material", ex); + String sslKeystorePassword = properties.get(PROP_SSL_KEYSTOREPASSWORD); + sslConf.setKeystorePassword(sslKeystorePassword); + + String sslTrustCerts = properties.get(PROP_SSL_TRUSTCERTS); + if (sslTrustCerts != null) { + StringTokenizer tokens = new StringTokenizer(sslTrustCerts, ",;:"); + List files = new ArrayList<>(tokens.countTokens()); + while (tokens.hasMoreTokens()) { + String file = tokens.nextToken().trim(); + files.add(FileOrBinary.ofFile(file)); } + sslConf.setTrustanchors(files.toArray(new FileOrBinary[0])); } - if (sslTruststore != null) { - sslTruststore = IoUtil.expandFilepath(sslTruststore, true); - char[] pwd = sslTruststorePassword == null ? null : sslTruststorePassword.toCharArray(); - try { - builder.loadTrustMaterial(new File(sslTruststore), pwd); - } catch (NoSuchAlgorithmException | KeyStoreException | CertificateException - | IOException ex) { - throw new TokenException("could not load trust material", ex); - } + String sslHostnameVerifier = properties.get(PROP_SSL_HOStNAMEVERIFIER); + if (sslHostnameVerifier != null) { + sslConf.setHostnameVerifier(sslHostnameVerifier); } + SslContextConf sslContextConf = SslContextConf.ofSslConf(sslConf); + try { - this.sslSocketFactory = builder.build().getSocketFactory(); - } catch (KeyManagementException | NoSuchAlgorithmException ex) { + this.sslSocketFactory = sslContextConf.getSslSocketFactory(); + } catch (ObjectCreationException ex) { throw new TokenException("could not build SSLSocketFactroy", ex); } try { diff --git a/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java b/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java index 7872540..92a571c 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java +++ b/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java @@ -240,7 +240,7 @@ private static void generateKeyCerts(String confFile, String targetDirPath) thro } } - Conf conf = JSON.parseObject(Path.of(confFile), Conf.class); + Conf conf = JSON.parseConf(Path.of(confFile), Conf.class); conf.validate(); Map nameCertMap = new HashMap<>(); diff --git a/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java b/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java index 79cbcaa..b0211f9 100644 --- a/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java @@ -83,7 +83,7 @@ private static SignerConf getJceSignerConf(String alias, int parallelism, SignAl .putPair("parallelism", Integer.toString(parallelism)) .putPair("alias", alias) .putPair("algo", signAlgo.getJceName()); - return new SignerConf(conf.getEncoded()); + return new SignerConf(conf); } // method getJceSignerConf } diff --git a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java index 481c52a..004c7e9 100644 --- a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java @@ -307,7 +307,7 @@ private static SignerConf getPkcs11SignerConf( conf.putPair("key-id", Hex.encode(keyId)); } - return new SignerConf(conf.getEncoded()); + return new SignerConf(conf); } // method getPkcs11SignerConf } diff --git a/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java b/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java index ec7061f..1e5c976 100644 --- a/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java @@ -274,6 +274,6 @@ private static SignerConf getKeystoreSignerConf( .putPair("algo", signatureAlgorithm) .putPair("parallelism", Integer.toString(parallelism)) .putPair("keystore", "base64:" + Base64.encodeToString(keystoreBytes)); - return new SignerConf(conf.getEncoded()); + return new SignerConf(conf); } } diff --git a/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java b/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java index 68bf464..8da830a 100644 --- a/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java +++ b/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java @@ -42,7 +42,7 @@ private static void genTestVectors() throws Exception { .putPair("password", "1234") .putPair("keystore", "file:src/test/resources/crls/ca.p12"); - SignerConf sconf = new SignerConf(conf.getEncoded(), null, new SignatureAlgoControl()); + SignerConf sconf = new SignerConf(conf.getEncoded(), new SignatureAlgoControl()); ConcurrentContentSigner csigner = securities.getSecurityFactory().createSigner( "PKCS12", sconf, (X509Cert) null); diff --git a/util/src/main/java/org/xipki/util/ConfPairs.java b/util/src/main/java/org/xipki/util/ConfPairs.java index 6a91019..d524bcb 100644 --- a/util/src/main/java/org/xipki/util/ConfPairs.java +++ b/util/src/main/java/org/xipki/util/ConfPairs.java @@ -234,6 +234,10 @@ public boolean isEmpty() { return pairs.isEmpty(); } + public static ConfPairs getInstance(String text) { + return text == null ? null : new ConfPairs(text); + } + public ConfPairs putPair(String name, String value) { Args.notNull(value, "value"); @@ -253,6 +257,19 @@ public String value(String name) { return pairs.get(Args.notBlank(name, "name")); } + public boolean hasName(String name) { + return pairs.containsKey(name); + } + + public String getNameIgnoreCase(String name) { + for (String n : pairs.keySet()) { + if (n.equalsIgnoreCase(name)) { + return n; + } + } + return null; + } + public String value(String name, String defaultValue) { String value = pairs.get(Args.notBlank(name, "name")); return value == null ? defaultValue : value; @@ -309,6 +326,10 @@ public int hashCode() { return getEncoded().hashCode(); } + public ConfPairs copy() { + return new ConfPairs(new HashMap<>(pairs)); + } + public String toStringOmitSensitive(String... nameKeywords) { return toStringOmitSensitive(Arrays.asList(nameKeywords), null); } @@ -331,16 +352,16 @@ public String toStringOmitSensitive(Collection nameKeywords, Collection< return getEncoded(); } + ConfPairs sensitivePairs = new ConfPairs(); try { for (Entry entry : pairs.entrySet()) { String name = entry.getKey(); - if (names.contains(name)) { - pairs.put(name, ""); - } + String value = names.contains(name) ? "" : entry.getValue(); + sensitivePairs.putPair(name, value); } - return new ConfPairs(pairs).getEncoded(); + return sensitivePairs.getEncoded(); } catch (Exception ex) { - return getEncoded(); + return "ERROR"; } } diff --git a/util/src/main/java/org/xipki/util/Curl.java b/util/src/main/java/org/xipki/util/Curl.java index 8b0571a..7e3ec6c 100644 --- a/util/src/main/java/org/xipki/util/Curl.java +++ b/util/src/main/java/org/xipki/util/Curl.java @@ -16,6 +16,8 @@ public interface Curl { class CurlResult { + private final int statusCode; + private String contentType; /** @@ -31,6 +33,14 @@ class CurlResult { private byte[] errorContent; + public CurlResult(int statusCode) { + this.statusCode = statusCode; + } + + public int getStatusCode() { + return statusCode; + } + public String getContentType() { return contentType; } diff --git a/util/src/main/java/org/xipki/util/DefaultCurl.java b/util/src/main/java/org/xipki/util/DefaultCurl.java index 4023c24..e5f775d 100644 --- a/util/src/main/java/org/xipki/util/DefaultCurl.java +++ b/util/src/main/java/org/xipki/util/DefaultCurl.java @@ -207,7 +207,7 @@ private synchronized void initIfNotDone() throws ObjectCreationException { LogUtil.error(LOG, ex, "error initializing sslContextConf"); } } else if (confFile != null) { - CurlConf conf = JSON.parseObject(Path.of(confFile), CurlConf.class); + CurlConf conf = JSON.parseConf(Path.of(confFile), CurlConf.class); conf.validate(); for (HostConf m : conf.hostConfs) { @@ -385,7 +385,7 @@ private CurlResult curl( errorStream = httpConn.getErrorStream(); } - CurlResult result = new CurlResult(); + CurlResult result = new CurlResult(respCode); result.setContentType(httpConn.getHeaderField("Content-Type")); if (inputStream != null) { diff --git a/util/src/main/java/org/xipki/util/http/SslContextBuilder.java b/util/src/main/java/org/xipki/util/http/SslContextBuilder.java index 66a0986..51f24df 100644 --- a/util/src/main/java/org/xipki/util/http/SslContextBuilder.java +++ b/util/src/main/java/org/xipki/util/http/SslContextBuilder.java @@ -73,7 +73,6 @@ public static SslContextBuilder create() { } public SslContextBuilder() { - super(); this.keyManagers = new LinkedHashSet<>(); this.trustManagers = new LinkedHashSet<>(); } From 2bab16458070fb921306f8a05d731ca22ce7219d Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sun, 10 Dec 2023 23:04:31 +0100 Subject: [PATCH 06/36] add BatchReplace to replaces texts in files --- .../java/org/xipki/util/BatchReplace.java | 128 ++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 util/src/main/java/org/xipki/util/BatchReplace.java diff --git a/util/src/main/java/org/xipki/util/BatchReplace.java b/util/src/main/java/org/xipki/util/BatchReplace.java new file mode 100644 index 0000000..8bf9891 --- /dev/null +++ b/util/src/main/java/org/xipki/util/BatchReplace.java @@ -0,0 +1,128 @@ +// Copyright (c) 2013-2023 xipki. All rights reserved. +// License Apache License 2.0 + +package org.xipki.util; + +import java.io.*; +import java.nio.charset.StandardCharsets; +import java.util.List; +import java.util.Map; +import java.util.Set; + +/** + * A tool to replace text in files. + * @author Lijun Liao (xipki) + */ + +public class BatchReplace { + + private static class Section { + private String description; + private Set files; + private Map replacements; + + public void setDescription(String description) { + this.description = description; + } + + public void setFiles(Set files) { + this.files = files; + } + + public void setReplacements(Map replacements) { + this.replacements = replacements; + } + } + + private static class Conf { + private String prefix; + private String suffix; + private String basedir; + private List
sections; + + public void setPrefix(String prefix) { + this.prefix = prefix; + } + + public void setSuffix(String suffix) { + this.suffix = suffix; + } + + public void setBasedir(String basedir) { + this.basedir = basedir; + } + + public void setSections(List
sections) { + this.sections = sections; + } + } + + public static void main(String[] args) { + try { + File confFile = new File(args[0]); + Conf conf = JSON.parseConf(confFile, Conf.class); + String prefix = conf.prefix == null ? "" : conf.prefix; + String suffix = conf.suffix == null ? "" : conf.suffix; + + File basedir; + if (conf.basedir == null) { + basedir = confFile.getParentFile(); + } else { + basedir = new File(conf.basedir); + if (!basedir.isAbsolute()) { + File confFileDir = confFile.getParentFile(); + if (confFileDir != null) { + basedir = new File(confFileDir, basedir.toString()); + } + } + } + + for (Section section : conf.sections) { + System.out.println("Processing section '" + section.description + "'"); + for (String filename : section.files) { + System.out.println(" File " + filename); + File file = new File(filename); + if (!file.isAbsolute()) { + file = new File(basedir, filename); + } + replaceFile(file, section.replacements, prefix, suffix); + } + } + } catch (Exception ex) { + ex.printStackTrace(); + System.exit(1); + } + } + + private static void replaceFile(File file, Map replacements, String prefix, String suffix) + throws IOException { + StringBuilder target = new StringBuilder(); + boolean changed = false; + + try (BufferedReader reader = new BufferedReader(new FileReader(file))) { + String line; + while ((line = reader.readLine()) != null) { + String origLine = line; + for (Map.Entry m : replacements.entrySet()) { + String pattern = prefix + m.getKey() + suffix; + if (line.contains(pattern)) { + line = line.replace(pattern, m.getValue()); + } + } + + if (!origLine.equals(line)) { + changed = true; + } + + target.append(line).append('\n'); + } + } + + if (changed) { + try (OutputStream out = new FileOutputStream(file)) { + out.write(target.toString().getBytes(StandardCharsets.UTF_8)); + } + } + } + +} From f42ccc92e9e18cf008ded259231c6866906e8772 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Mon, 11 Dec 2023 07:08:20 +0100 Subject: [PATCH 07/36] update CHANGELOG --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 789a54e..7edb226 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ See also ## 6.3.3 - Release date: 202y/mm/dd + - Feature: command xi:curl: throws Exception if received status code != OK + - Feature: Audit: applicationName is now mandatory, accept also ConfPairs as conf + - Feature: JSON.java: add methods parseConf() which resolves also the ${sys:*} and ${env:*}. + - Feature: remove parameters hashAlgo and gm in methods to generate CSRs + - Feature: add BatchReplace to replaces texts in filess ## 6.3.2 - Release date: 2023/11/26 From 0286e3b9493406e544596fe0906c8d111f1c40ed Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Mon, 11 Dec 2023 19:49:24 +0100 Subject: [PATCH 08/36] karaf command xi:exec: add options to specify environments and working dir. --- .../main/java/org/xipki/shell/Actions.java | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/shell-base/src/main/java/org/xipki/shell/Actions.java b/shell-base/src/main/java/org/xipki/shell/Actions.java index 3dd4d93..3f3dbff 100644 --- a/shell-base/src/main/java/org/xipki/shell/Actions.java +++ b/shell-base/src/main/java/org/xipki/shell/Actions.java @@ -645,12 +645,37 @@ public static class ExecTerminalCommand extends XiAction { @Option(name = "--ignore-error", description = "whether ignores error") private Boolean ignoreError; + @Option(name = "--env", multiValued = true, description = "Environment variables") + @Completion(FileCompleter.class) + private String[] envs; + + @Option(name = "--working-dir", aliases ="-w", multiValued = true, description = "Working dir") + @Completion(Completers.DirCompleter.class) + private String workingDir; + @Override protected Object execute0() throws Exception { System.out.println("Executing command '" + command + "'"); + if (envs != null) { + for (int i = 0; i < envs.length; i++) { + if (envs[i].contains("~/")) { + StringTokenizer tokenizer = new StringTokenizer(envs[i], "="); + String name = tokenizer.nextToken(); + String value = tokenizer.nextToken(); + value = IoUtil.expandFilepath(value); + envs[i] = name + "=" + value; + } + } + } + + if (workingDir != null && workingDir.startsWith("~/")) { + workingDir = IoUtil.expandFilepath(workingDir); + } + command = IoUtil.expandFilepath(command, false); - Process process = Runtime.getRuntime().exec(command); + Process process = Runtime.getRuntime().exec(command, envs, + workingDir == null ? null : new File(workingDir)); int status = process.waitFor(); System.out.write(IoUtil.readAllBytes(process.getInputStream())); if (status != 0) { From db02f6e845f9052eb9ef06e66306d52043e8fdc1 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Mon, 11 Dec 2023 22:36:23 +0100 Subject: [PATCH 09/36] use short URL for hsm proxy --- .../pkcs11/hsmproxy/HsmProxyP11Module.java | 2 +- .../security/pkcs11/hsmproxy/ProxyAction.java | 84 ++++++++++++------- 2 files changed, 55 insertions(+), 31 deletions(-) diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java index 373d9db..3d1c381 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java @@ -219,7 +219,7 @@ public void close() { protected byte[] doSend(ProxyAction action, byte[] request) throws IOException { Args.notNull(request, "request"); - String thisUrl = serverUrl + "/" + action.name(); + String thisUrl = serverUrl + "/" + action.getAlias(); HttpURLConnection httpUrlConnection = IoUtil.openHttpConn(new URL(thisUrl)); diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java index 95ed4ad..c8bb605 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java @@ -3,6 +3,9 @@ package org.xipki.security.pkcs11.hsmproxy; +import java.util.HashMap; +import java.util.Map; + /** * The HSM proxy action enumeration. * @@ -11,48 +14,69 @@ public enum ProxyAction { - moduleCaps, - slotIds, + moduleCaps ("mcaps"), + slotIds ("sids"), // mechanism infos - mechInfos, + mechInfos ("mis"), - publicKeyByHandle, + publicKeyByHandle ("pkbh"), - keyByKeyId, - keyByIdLabel, - keyIdByIdLabel, + keyByKeyId ("kbi"), + keyByIdLabel ("kbil"), + keyIdByIdLabel ("kibil"), - objectExistsByIdLabel, + objectExistsByIdLabel ("ebil"), - destroyAllObjects, - destroyObjectsByHandle, - destroyObjectsByIdLabel, + destroyAllObjects ("dao"), + destroyObjectsByHandle ("dobh"), + destroyObjectsByIdLabel ("dobil"), - genSecretKey, - importSecretKey, + genSecretKey ("gsk"), + importSecretKey ("isk"), - genRSAKeypair, - genRSAKeypairOtf, + genRSAKeypair ("grsa"), + genRSAKeypairOtf ("grsao"), // genDSAKeypairByKeysize - genDSAKeypair2, - genDSAKeypair, - genDSAKeypairOtf, - genECKeypair, - genECKeypairOtf, - genSM2Keypair, - genSM2KeypairOtf, - showDetails, - sign, - digestSecretKey; + genDSAKeypair2 ("gdsa2"), + genDSAKeypair ("gdsa"), + genDSAKeypairOtf ("gdsao"), + genECKeypair ("gec"), + genECKeypairOtf ("geco"), + genSM2Keypair ("gsm2"), + genSM2KeypairOtf ("gsm2o"), + showDetails ("d"), + sign ("s"), + digestSecretKey ("dsk"); - public static ProxyAction ofNameIgnoreCase(String name) { - for (ProxyAction m : ProxyAction.values()) { - if (m.name().equalsIgnoreCase(name)) { - return m; + private final String alias; + + private static final Map namealiasActionMap = new HashMap<>(); + + static { + for (ProxyAction p : ProxyAction.values()) { + namealiasActionMap.put(p.name().toLowerCase(), p); + } + + for (ProxyAction p : ProxyAction.values()) { + String lc = p.alias.toLowerCase(); + if (namealiasActionMap.containsKey(lc)) { + throw new IllegalStateException("invalid alias " + p.alias); } + namealiasActionMap.put(lc, p); } - return null; + } + + ProxyAction(String alias) { + this.alias = alias; + } + + public String getAlias() { + return alias; + } + + public static ProxyAction ofNameIgnoreCase(String name) { + return namealiasActionMap.get(name.toLowerCase()); } } From 118c47ff9aa2800ec58fe3eb61db0753c6367322 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Tue, 12 Dec 2023 23:22:30 +0100 Subject: [PATCH 10/36] JSON: allow trailing commas. --- util/src/main/java/org/xipki/util/JSON.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/util/src/main/java/org/xipki/util/JSON.java b/util/src/main/java/org/xipki/util/JSON.java index 022577c..19baa47 100644 --- a/util/src/main/java/org/xipki/util/JSON.java +++ b/util/src/main/java/org/xipki/util/JSON.java @@ -8,6 +8,7 @@ import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.TreeNode; +import com.fasterxml.jackson.core.json.JsonReadFeature; import com.fasterxml.jackson.databind.*; import com.fasterxml.jackson.databind.module.SimpleModule; import com.fasterxml.jackson.databind.node.TextNode; @@ -116,7 +117,11 @@ public XiJsonModule() { public static ObjectMapper newDefaultObjectMapper() { return new ObjectMapper().registerModule(XiJsonModule.INSTANCE) - .configure(JsonParser.Feature.ALLOW_COMMENTS, true) + .enable(JsonParser.Feature.ALLOW_COMMENTS) + .enable(JsonParser.Feature.ALLOW_YAML_COMMENTS) + .enable(JsonParser.Feature.ALLOW_UNQUOTED_FIELD_NAMES) + .enable(JsonParser.Feature.ALLOW_SINGLE_QUOTES) + .enable(JsonParser.Feature.ALLOW_TRAILING_COMMA) .setSerializationInclusion(JsonInclude.Include.NON_NULL); } From ef4efb6ab91a0d16f0f68b7cb729d8cb5254a453 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Tue, 12 Dec 2023 23:23:01 +0100 Subject: [PATCH 11/36] karaf commands xi:rm and xi:replace: allow multiple files. --- .../main/java/org/xipki/shell/Actions.java | 106 +++++++++--------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/shell-base/src/main/java/org/xipki/shell/Actions.java b/shell-base/src/main/java/org/xipki/shell/Actions.java index 3f3dbff..614700a 100644 --- a/shell-base/src/main/java/org/xipki/shell/Actions.java +++ b/shell-base/src/main/java/org/xipki/shell/Actions.java @@ -477,9 +477,9 @@ protected Object execute0() throws Exception { @Service public static class Replace extends XiAction { - @Argument(index = 0, name = "file", required = true, description = "file") + @Argument(name = "files", multiValued = true, required = true, description = "files to be replaced") @Completion(FileCompleter.class) - private String source; + private List sources; @Option(name = "--old", required = true, description = "text to be replaced") private String oldText; @@ -489,38 +489,42 @@ public static class Replace extends XiAction { @Override protected Object execute0() throws Exception { - File sourceFile = new File(expandFilepath(source)); - if (!sourceFile.exists()) { - System.err.println(source + " does not exist"); - return null; - } + for (String source : sources) { + File sourceFile = new File(expandFilepath(source)); + if (!sourceFile.exists()) { + System.err.println(source + " does not exist"); + continue; + } - if (!sourceFile.isFile()) { - System.err.println(source + " is not a file"); - return null; - } + if (!sourceFile.isFile()) { + System.err.println(source + " is not a file"); + continue; + } - Args.notBlank(oldText, "oldText"); - replaceFile(sourceFile, oldText, newText); + replaceFile(sourceFile, oldText, newText); + } return null; } - private void replaceFile(File file, String oldText, String newText) - throws Exception { + private void replaceFile(File file, String oldText, String newText) throws Exception { boolean changed = false; byte[] newBytes = null; try (BufferedReader reader = Files.newBufferedReader(file.toPath()); ByteArrayOutputStream writer = new ByteArrayOutputStream()) { String line; while ((line = reader.readLine()) != null) { + String origLine = line; if (line.contains(oldText)) { - changed = true; - writer.write(StringUtil.toUtf8Bytes(line.replace(oldText, newText))); - } else { - writer.write(StringUtil.toUtf8Bytes(line)); + line = line.replace(oldText, newText); } + + writer.write(StringUtil.toUtf8Bytes(line)); writer.write('\n'); + + if (!line.equals(origLine)) { + changed = true; + } } if (changed) { @@ -539,9 +543,9 @@ private void replaceFile(File file, String oldText, String newText) @Service public static class Rm extends XiAction { - @Argument(index = 0, name = "file", required = true, description = "file or directory to be deleted") + @Argument(name = "file", required = true, multiValued = true, description = "files and directories to be deleted") @Completion(FileCompleter.class) - private String targetPath; + private List targetPaths; @Option(name = "--recursive", aliases = "-r", description = "remove directories and their contents recursively") private Boolean recursive = Boolean.FALSE; @@ -551,27 +555,33 @@ public static class Rm extends XiAction { @Override protected Object execute0() throws Exception { - targetPath = expandFilepath(targetPath); - - File target = new File(targetPath); - if (!target.exists()) { - return null; + if (targetPaths == null) { + throw new IllegalCmdParamException("targetPath not set"); } - if (target.isDirectory()) { - if (!recursive) { - println("Please use option --recursive to delete directory"); + for (String targetPath : targetPaths) { + targetPath = expandFilepath(targetPath); + + File target = new File(targetPath); + if (!target.exists()) { return null; } - if (force || confirm("Do you want to remove directory " + targetPath, 3)) { - FileUtils.deleteDirectory(target); - println("removed directory " + targetPath); - } - } else { - if (force || confirm("Do you want to remove file " + targetPath, 3)) { - IoUtil.deleteFile0(target); - println("removed file " + targetPath); + if (target.isDirectory()) { + if (!recursive) { + println("Please use option --recursive to delete directory"); + return null; + } + + if (force || confirm("Do you want to remove directory " + targetPath, 3)) { + FileUtils.deleteDirectory(target); + println("removed directory " + targetPath); + } + } else { + if (force || confirm("Do you want to remove file " + targetPath, 3)) { + IoUtil.deleteFile0(target); + println("removed file " + targetPath); + } } } @@ -607,13 +617,9 @@ public static class OsInfo extends XiAction { @Override protected Object execute0() throws Exception { String name = System.getProperty("os.name").toLowerCase(Locale.ROOT); - if (name.startsWith("windows")) { - name = "windows"; - } else if (name.startsWith("linux")) { - name = "linux"; - } else if (name.startsWith("mac os x")) { - name = "macosx"; - } + name = name.startsWith("windows") ? "windows" + : name.startsWith("linux") ? "linux" + : name.startsWith("mac os x") ? "macosx" : name; String arch = System.getProperty("os.arch").toLowerCase(Locale.ROOT); if (printName == null && printArch == null) { @@ -622,15 +628,9 @@ protected Object execute0() throws Exception { boolean bName = printName != null && printName; boolean bArch = printArch != null && printArch; - if (bName && bArch) { - return name + "/" + arch; - } else if (bName) { - return name; - } else if (bArch) { - return arch; - } else { - return ""; - } + return (bName && bArch) ? name + "/" + arch + : bName ? name + : bArch ? arch : ""; } } From 48184d9fb1830cc96d8f9fc6209ee9dde23f7bbc Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Wed, 13 Dec 2023 00:11:38 +0100 Subject: [PATCH 12/36] command xi:replace: allow the replacement of multiple tokens. --- .../main/java/org/xipki/shell/Actions.java | 25 +++++++++++++------ 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/shell-base/src/main/java/org/xipki/shell/Actions.java b/shell-base/src/main/java/org/xipki/shell/Actions.java index 614700a..4406fba 100644 --- a/shell-base/src/main/java/org/xipki/shell/Actions.java +++ b/shell-base/src/main/java/org/xipki/shell/Actions.java @@ -481,14 +481,20 @@ public static class Replace extends XiAction { @Completion(FileCompleter.class) private List sources; - @Option(name = "--old", required = true, description = "text to be replaced") - private String oldText; + @Option(name = "--old", required = true, multiValued = true, description = "text to be replaced") + private List oldTexts; - @Option(name = "--new", required = true, description = "next text") - private String newText; + @Option(name = "--new", required = true, multiValued = true, description = "new text") + private List newTexts; @Override protected Object execute0() throws Exception { + Args.notNull(oldTexts, "oldTexts"); + Args.notNull(newTexts, "newTexts"); + if (oldTexts.size() != newTexts.size()) { + throw new IllegalCmdParamException("old.size != new.size"); + } + for (String source : sources) { File sourceFile = new File(expandFilepath(source)); if (!sourceFile.exists()) { @@ -501,13 +507,13 @@ protected Object execute0() throws Exception { continue; } - replaceFile(sourceFile, oldText, newText); + replaceFile(sourceFile, oldTexts, newTexts); } return null; } - private void replaceFile(File file, String oldText, String newText) throws Exception { + private void replaceFile(File file, List oldTexts, List newTexts) throws Exception { boolean changed = false; byte[] newBytes = null; try (BufferedReader reader = Files.newBufferedReader(file.toPath()); @@ -515,8 +521,11 @@ private void replaceFile(File file, String oldText, String newText) throws Excep String line; while ((line = reader.readLine()) != null) { String origLine = line; - if (line.contains(oldText)) { - line = line.replace(oldText, newText); + for (int i = 0; i < oldTexts.size(); i++) { + String old = oldTexts.get(i); + if (line.contains(old)) { + line = line.replace(old, newTexts.get(i)); + } } writer.write(StringUtil.toUtf8Bytes(line)); From e788c8ca33f1e447864acce6432e3311daefd71d Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Wed, 13 Dec 2023 23:05:49 +0100 Subject: [PATCH 13/36] release 6.3.3 --- CHANGELOG.md | 3 +++ audit-extra/pom.xml | 2 +- audit/pom.xml | 2 +- datasource/pom.xml | 2 +- password/pom.xml | 2 +- pom.xml | 2 +- security-shell/pom.xml | 2 +- security/pom.xml | 2 +- servlet3-common/pom.xml | 2 +- servlet5-common/pom.xml | 2 +- shell-base/pom.xml | 2 +- util/pom.xml | 2 +- xipki-tomcat-password/pom.xml | 2 +- 13 files changed, 15 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7edb226..46ddc5f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,9 @@ See also ## 6.3.3 - Release date: 202y/mm/dd + +## 6.3.3 +- Release date: 2023/12/13 - Feature: command xi:curl: throws Exception if received status code != OK - Feature: Audit: applicationName is now mandatory, accept also ConfPairs as conf - Feature: JSON.java: add methods parseConf() which resolves also the ${sys:*} and ${env:*}. diff --git a/audit-extra/pom.xml b/audit-extra/pom.xml index 95dc95a..7f7b735 100644 --- a/audit-extra/pom.xml +++ b/audit-extra/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 bundle audit-extra diff --git a/audit/pom.xml b/audit/pom.xml index 6695ca8..9abb3a3 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 bundle audit diff --git a/datasource/pom.xml b/datasource/pom.xml index 44818aa..0f12b38 100644 --- a/datasource/pom.xml +++ b/datasource/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 bundle datasource diff --git a/password/pom.xml b/password/pom.xml index f49721b..c4998a4 100644 --- a/password/pom.xml +++ b/password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 bundle password diff --git a/pom.xml b/pom.xml index 9a75a57..dd0b335 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ org.xipki.commons xipki-commons-parent pom - 6.3.3-SNAPSHOT + 6.3.3 XiPKI :: ${project.artifactId} XiPKI Parent http://xipki.org diff --git a/security-shell/pom.xml b/security-shell/pom.xml index 98e342c..9e6970b 100644 --- a/security-shell/pom.xml +++ b/security-shell/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 security-shell bundle diff --git a/security/pom.xml b/security/pom.xml index a8f82e0..cc19821 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 security bundle diff --git a/servlet3-common/pom.xml b/servlet3-common/pom.xml index 767666a..66490fa 100644 --- a/servlet3-common/pom.xml +++ b/servlet3-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 servlet3-common XiPKI :: ${project.artifactId} diff --git a/servlet5-common/pom.xml b/servlet5-common/pom.xml index 8aa101c..99b15d4 100644 --- a/servlet5-common/pom.xml +++ b/servlet5-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 servlet5-common XiPKI :: ${project.artifactId} diff --git a/shell-base/pom.xml b/shell-base/pom.xml index a0ca01b..f3e12c8 100644 --- a/shell-base/pom.xml +++ b/shell-base/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 shell-base bundle diff --git a/util/pom.xml b/util/pom.xml index 228bc17..c0772d7 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 bundle util diff --git a/xipki-tomcat-password/pom.xml b/xipki-tomcat-password/pom.xml index 707a402..036cdf1 100644 --- a/xipki-tomcat-password/pom.xml +++ b/xipki-tomcat-password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3-SNAPSHOT + 6.3.3 xipki-tomcat-password From ddfb7defe3b93c84b5c91bf8746e53848e7196a5 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Wed, 13 Dec 2023 23:18:26 +0100 Subject: [PATCH 14/36] prepare for next development iteration --- CHANGELOG.md | 4 ++-- audit-extra/pom.xml | 2 +- audit/pom.xml | 2 +- datasource/pom.xml | 2 +- password/pom.xml | 2 +- pom.xml | 2 +- security-shell/pom.xml | 2 +- security/pom.xml | 2 +- servlet3-common/pom.xml | 2 +- servlet5-common/pom.xml | 2 +- shell-base/pom.xml | 2 +- util/pom.xml | 2 +- xipki-tomcat-password/pom.xml | 2 +- 13 files changed, 14 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 46ddc5f..1f39120 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See also -## 6.3.3 +## 6.3.4 - Release date: 202y/mm/dd ## 6.3.3 @@ -11,7 +11,7 @@ See also - Feature: Audit: applicationName is now mandatory, accept also ConfPairs as conf - Feature: JSON.java: add methods parseConf() which resolves also the ${sys:*} and ${env:*}. - Feature: remove parameters hashAlgo and gm in methods to generate CSRs - - Feature: add BatchReplace to replaces texts in filess + - Feature: add BatchReplace to replaces texts in files ## 6.3.2 - Release date: 2023/11/26 diff --git a/audit-extra/pom.xml b/audit-extra/pom.xml index 7f7b735..86b7ecd 100644 --- a/audit-extra/pom.xml +++ b/audit-extra/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT bundle audit-extra diff --git a/audit/pom.xml b/audit/pom.xml index 9abb3a3..66fea70 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT bundle audit diff --git a/datasource/pom.xml b/datasource/pom.xml index 0f12b38..7375830 100644 --- a/datasource/pom.xml +++ b/datasource/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT bundle datasource diff --git a/password/pom.xml b/password/pom.xml index c4998a4..1e653bb 100644 --- a/password/pom.xml +++ b/password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT bundle password diff --git a/pom.xml b/pom.xml index dd0b335..1e6635d 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ org.xipki.commons xipki-commons-parent pom - 6.3.3 + 6.3.4-SNAPSHOT XiPKI :: ${project.artifactId} XiPKI Parent http://xipki.org diff --git a/security-shell/pom.xml b/security-shell/pom.xml index 9e6970b..6714270 100644 --- a/security-shell/pom.xml +++ b/security-shell/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT security-shell bundle diff --git a/security/pom.xml b/security/pom.xml index cc19821..d3f5a68 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT security bundle diff --git a/servlet3-common/pom.xml b/servlet3-common/pom.xml index 66490fa..2c5591b 100644 --- a/servlet3-common/pom.xml +++ b/servlet3-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT servlet3-common XiPKI :: ${project.artifactId} diff --git a/servlet5-common/pom.xml b/servlet5-common/pom.xml index 99b15d4..8074597 100644 --- a/servlet5-common/pom.xml +++ b/servlet5-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT servlet5-common XiPKI :: ${project.artifactId} diff --git a/shell-base/pom.xml b/shell-base/pom.xml index f3e12c8..cb29e29 100644 --- a/shell-base/pom.xml +++ b/shell-base/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT shell-base bundle diff --git a/util/pom.xml b/util/pom.xml index c0772d7..a0c1e83 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT bundle util diff --git a/xipki-tomcat-password/pom.xml b/xipki-tomcat-password/pom.xml index 036cdf1..3487d68 100644 --- a/xipki-tomcat-password/pom.xml +++ b/xipki-tomcat-password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.3 + 6.3.4-SNAPSHOT xipki-tomcat-password From d9df6941adec5d8b362126a8872f18f44f53fc3c Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sat, 16 Dec 2023 23:25:32 +0100 Subject: [PATCH 15/36] allow null event value. --- audit/src/main/java/org/xipki/audit/AuditEvent.java | 4 +++- audit/src/main/java/org/xipki/audit/AuditEventData.java | 7 +++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/audit/src/main/java/org/xipki/audit/AuditEvent.java b/audit/src/main/java/org/xipki/audit/AuditEvent.java index 21955a1..2932786 100644 --- a/audit/src/main/java/org/xipki/audit/AuditEvent.java +++ b/audit/src/main/java/org/xipki/audit/AuditEvent.java @@ -109,7 +109,9 @@ public AuditEventData addEventType(String type) { public void setEventData(String name, Object value) { Args.notNull(name, "name"); - Args.notNull(value, "value"); + if (value == null) { + value = "null"; + } int idx = -1; for (int i = 0; i < eventDatas.size(); i++) { diff --git a/audit/src/main/java/org/xipki/audit/AuditEventData.java b/audit/src/main/java/org/xipki/audit/AuditEventData.java index 9a32f0b..7e6e95d 100644 --- a/audit/src/main/java/org/xipki/audit/AuditEventData.java +++ b/audit/src/main/java/org/xipki/audit/AuditEventData.java @@ -20,8 +20,11 @@ public class AuditEventData { public AuditEventData(String name, Object value) { this.name = Args.notBlank(name, "name"); - Args.notNull(value, "value"); - this.value = (value instanceof String) ? (String) value : value.toString(); + if (value == null) { + this.value = "null"; + } else { + this.value = (value instanceof String) ? (String) value : value.toString(); + } } // constructor public void addValue(Object additionalValue) { From 531126ff91265f518451690b3857d74eca8d1fcc Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sat, 16 Dec 2023 23:25:51 +0100 Subject: [PATCH 16/36] evaluate the content type only if SC != OK --- util/src/main/java/org/xipki/util/http/XiHttpClient.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/util/src/main/java/org/xipki/util/http/XiHttpClient.java b/util/src/main/java/org/xipki/util/http/XiHttpClient.java index f3c83fa..c73c266 100644 --- a/util/src/main/java/org/xipki/util/http/XiHttpClient.java +++ b/util/src/main/java/org/xipki/util/http/XiHttpClient.java @@ -58,6 +58,9 @@ public HttpRespContent httpGet(String url) throws IOException { public HttpRespContent httpPost( String url, String requestContentType, byte[] request, String expectedRespContentType) throws IOException { HttpRespContent resp = httpPost(url, requestContentType, request); + if (!resp.isOK()) { + return resp; + } String responseContentType = resp.getContentType(); boolean isValidContentType = false; From f81387d6da959b24ecbc945237350322fdf39e24 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Mon, 18 Dec 2023 20:46:53 +0100 Subject: [PATCH 17/36] check also the Algorithm.parameters of subjectPublicKey for id-ECDH. --- security/src/main/java/org/xipki/security/util/X509Util.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/src/main/java/org/xipki/security/util/X509Util.java b/security/src/main/java/org/xipki/security/util/X509Util.java index 29f921e..b8eeed8 100644 --- a/security/src/main/java/org/xipki/security/util/X509Util.java +++ b/security/src/main/java/org/xipki/security/util/X509Util.java @@ -602,7 +602,8 @@ public static SubjectPublicKeyInfo toRfc3279Style(SubjectPublicKeyInfo publicKey } return publicKeyInfo; } - } else if (X9ObjectIdentifiers.id_ecPublicKey.equals(algOid)) { + } else if (X9ObjectIdentifiers.id_ecPublicKey.equals(algOid) + || algOid.getId().equals("1.3.132.1.12")) { // id-ECDH if (keyParameters == null) { throw new InvalidKeySpecException("keyParameters is not an OBJECT IDENTIFIER"); } From 716718af275d084cf7b84232d64af75e335800ae Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Fri, 29 Dec 2023 23:22:50 +0100 Subject: [PATCH 18/36] Allow null criteria. --- .../xipki/datasource/DataSourceWrapper.java | 52 +++++++++++-------- .../org/xipki/datasource/ScriptRunner.java | 2 +- 2 files changed, 30 insertions(+), 24 deletions(-) diff --git a/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java b/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java index ffee88e..7ba2464 100644 --- a/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java +++ b/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java @@ -8,10 +8,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xipki.datasource.DataAccessException.Reason; -import org.xipki.util.Args; -import org.xipki.util.ConfigurableProperties; -import org.xipki.util.LogUtil; -import org.xipki.util.LruCache; +import org.xipki.util.*; import java.io.Closeable; import java.io.PrintWriter; @@ -520,41 +517,46 @@ public String buildSelectFirstSql(int rows, String coreSql) { public String getFirstStringValue(Connection conn, String table, String column, String criteria) throws DataAccessException { - final String sql = "SELECT " + column + " FROM " + table + " WHERE " + criteria; - Statement stmt = null; - ResultSet rs = null; - try { - stmt = conn == null ? createStatement() : createStatement(conn); - rs = stmt.executeQuery(sql); - return rs.next() ? rs.getString(column) : null; - } catch (SQLException ex) { - throw translate(sql, ex); - } finally { - releaseResources(stmt, rs, conn == null); - } + return (String) getFirstValue(conn, table, column, criteria, false); } // method getFirstStringValue public Integer getFirstIntValue(Connection conn, String table, String column, String criteria) throws DataAccessException { Long lv = getFirstLongValue(conn, table, column, criteria); - return lv == null ? null : lv.intValue(); + if (lv == null) { + return null; + } + + if (lv > Integer.MAX_VALUE || lv < Integer.MIN_VALUE) { + throw new DataAccessException("value is out of range"); + } + return lv.intValue(); } public Long getFirstLongValue(Connection conn, String table, String column, String criteria) throws DataAccessException { - final String sql = "SELECT " + column + " FROM " + table + " WHERE " + criteria; + return (Long) getFirstValue(conn, table, column, criteria, true); + } + + private Object getFirstValue(Connection conn, String table, String column, String criteria, boolean isLong) + throws DataAccessException { + final String whereSql = StringUtil.isBlank(criteria) ? "" : " WHERE " + criteria; + final String sql = buildSelectFirstSql(1, column + " FROM " + table + whereSql); Statement stmt = null; ResultSet rs = null; try { stmt = conn == null ? createStatement() : createStatement(conn); rs = stmt.executeQuery(sql); - return rs.next() ? rs.getLong(column) : null; + if (!rs.next()) { + return null; + } + return isLong ? rs.getLong(column) : rs.getString(column); } catch (SQLException ex) { throw translate(sql, ex); } finally { releaseResources(stmt, rs, conn == null); } - } // method getFirstLongValue + } // method getFirstStringValue public long getMin(Connection conn, String table, String column) throws DataAccessException { return getMin(conn, table, column, null); @@ -579,9 +581,13 @@ public long getMin(Connection conn, String table, String column, String conditio } } // method getMin - public int getCount(Connection conn, String table) - throws DataAccessException { - final String sql = concat("SELECT COUNT(*) FROM ", notBlank(table, "table")); + public int getCount(Connection conn, String table) throws DataAccessException { + return getCount(conn, table, null); + } + + public int getCount(Connection conn, String table, String criteria) throws DataAccessException { + final String sql = concat("SELECT COUNT(*) FROM ", notBlank(table, "table"), + (StringUtil.isBlank(criteria) ? "" : " WHERE " + criteria)); Statement stmt = null; ResultSet rs = null; diff --git a/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java b/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java index b30a5e6..143332b 100644 --- a/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java +++ b/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java @@ -6,7 +6,7 @@ /* * XiPKI's Change: * - Remove the use of user.dir - * - Add flag '--IGNORE-ERROR' + * - Add flag '-- IGNORE-ERROR' * * Original Text in https://github.com/BenoitDuffez/ScriptRunner/blob/master/ScriptRunner.java * Slightly modified version of the com.ibatis.common.jdbc.ScriptRunner class From c953664d7674f826246ec1806cc4a4ecc7ba146d Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sat, 30 Dec 2023 23:09:05 +0100 Subject: [PATCH 19/36] Exceptions: add constructor with only cause as param. --- .../java/org/xipki/security/ObjectIdentifiers.java | 2 +- .../org/xipki/util/exception/DecodeException.java | 5 +++++ .../org/xipki/util/exception/EncodeException.java | 5 +++++ .../xipki/util/exception/InvalidConfException.java | 4 ++++ .../xipki/util/exception/ObjectCreationException.java | 11 ++++++++--- 5 files changed, 23 insertions(+), 4 deletions(-) diff --git a/security/src/main/java/org/xipki/security/ObjectIdentifiers.java b/security/src/main/java/org/xipki/security/ObjectIdentifiers.java index cebdd4e..7738d58 100644 --- a/security/src/main/java/org/xipki/security/ObjectIdentifiers.java +++ b/security/src/main/java/org/xipki/security/ObjectIdentifiers.java @@ -17,7 +17,7 @@ import java.util.Map; /** - * Collection of OBJECT IDENFIFIERS. + * Collection of OBJECT IDENTIFIERS. * * @author Lijun Liao (xipki) * @since 2.0.0 diff --git a/util/src/main/java/org/xipki/util/exception/DecodeException.java b/util/src/main/java/org/xipki/util/exception/DecodeException.java index ebbf2a9..091e218 100644 --- a/util/src/main/java/org/xipki/util/exception/DecodeException.java +++ b/util/src/main/java/org/xipki/util/exception/DecodeException.java @@ -13,7 +13,12 @@ public DecodeException(String message) { super(message); } + public DecodeException(Throwable cause) { + super(cause.getMessage(), cause); + } + public DecodeException(String message, Throwable cause) { super(message, cause); } + } diff --git a/util/src/main/java/org/xipki/util/exception/EncodeException.java b/util/src/main/java/org/xipki/util/exception/EncodeException.java index 12b63df..7b4a5f0 100644 --- a/util/src/main/java/org/xipki/util/exception/EncodeException.java +++ b/util/src/main/java/org/xipki/util/exception/EncodeException.java @@ -13,7 +13,12 @@ public EncodeException(String message) { super(message); } + public EncodeException(Throwable cause) { + super(cause.getMessage(), cause); + } + public EncodeException(String message, Throwable cause) { super(message, cause); } + } diff --git a/util/src/main/java/org/xipki/util/exception/InvalidConfException.java b/util/src/main/java/org/xipki/util/exception/InvalidConfException.java index 96c8db5..12c6d47 100644 --- a/util/src/main/java/org/xipki/util/exception/InvalidConfException.java +++ b/util/src/main/java/org/xipki/util/exception/InvalidConfException.java @@ -16,6 +16,10 @@ public InvalidConfException(String message) { super(message); } + public InvalidConfException(Throwable cause) { + super(cause.getMessage(), cause); + } + public InvalidConfException(String message, Throwable cause) { super(message, cause); } diff --git a/util/src/main/java/org/xipki/util/exception/ObjectCreationException.java b/util/src/main/java/org/xipki/util/exception/ObjectCreationException.java index 9766178..67fc1ed 100644 --- a/util/src/main/java/org/xipki/util/exception/ObjectCreationException.java +++ b/util/src/main/java/org/xipki/util/exception/ObjectCreationException.java @@ -12,11 +12,16 @@ public class ObjectCreationException extends Exception { + public ObjectCreationException(String msg) { + super(msg); + } + + public ObjectCreationException(Throwable cause) { + super(cause.getMessage(), cause); + } + public ObjectCreationException(String msg, Throwable cause) { super(msg, cause); } - public ObjectCreationException(String msg) { - super(msg); - } } From cec5cd23d5d26c4b784ec4e379aae960e714990b Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sun, 31 Dec 2023 15:52:22 +0100 Subject: [PATCH 20/36] Do not use * in imports. --- .../audit/extra/DatabaseMacAuditService.java | 6 +- .../java/org/xipki/audit/PciAuditEvent.java | 6 +- .../audit/services/EmbedAuditService.java | 12 +- .../audit/services/FileMacAuditService.java | 14 ++- .../xipki/datasource/DataSourceWrapper.java | 18 ++- .../org/xipki/datasource/ScriptRunner.java | 16 ++- .../java/org/xipki/password/Passwords.java | 6 +- .../password/SecurePasswordInputPanel.java | 13 ++- .../org/xipki/security/shell/Actions.java | 73 ++++++++++-- .../org/xipki/security/shell/P11Actions.java | 25 +++- .../org/xipki/security/shell/P12Actions.java | 19 ++- .../security/shell/QaSecurityActions.java | 12 +- .../CollectionAlgorithmValidator.java | 7 +- .../xipki/security/DSAPlainDigestSigner.java | 7 +- .../java/org/xipki/security/HashAlgo.java | 20 +++- .../java/org/xipki/security/Securities.java | 14 ++- .../xipki/security/SecurityFactoryImpl.java | 7 +- .../java/org/xipki/security/SignAlgo.java | 76 ++++++++++-- .../java/org/xipki/security/X509Cert.java | 13 ++- .../xipki/security/asn1/CrlStreamParser.java | 21 +++- .../bc/XiEdDSAContentVerifierProvider.java | 7 +- .../java/org/xipki/security/ctlog/CtLog.java | 8 +- .../org/xipki/security/jce/JceSigner.java | 8 +- .../xipki/security/jce/JceSignerBuilder.java | 13 ++- .../xipki/security/pkcs11/NativeP11Key.java | 10 +- .../security/pkcs11/NativeP11Module.java | 16 ++- .../xipki/security/pkcs11/NativeP11Slot.java | 101 +++++++++++++++- .../security/pkcs11/P11ContentSigner.java | 109 +++++++++++++++++- .../pkcs11/P11CryptServiceFactoryImpl.java | 7 +- .../org/xipki/security/pkcs11/P11Key.java | 7 +- .../org/xipki/security/pkcs11/P11Module.java | 7 +- .../xipki/security/pkcs11/P11ModuleConf.java | 10 +- .../org/xipki/security/pkcs11/P11Params.java | 25 +++- .../security/pkcs11/P11SignerFactory.java | 11 +- .../org/xipki/security/pkcs11/P11Slot.java | 36 +++++- .../pkcs11/emulator/EmulatorKeyCryptor.java | 7 +- .../pkcs11/emulator/EmulatorP11Key.java | 108 ++++++++++++++++- .../pkcs11/emulator/EmulatorP11Module.java | 6 +- .../pkcs11/emulator/EmulatorP11Slot.java | 48 ++++++-- .../pkcs11/hsmproxy/HsmProxyP11Module.java | 35 ++++-- .../pkcs11/hsmproxy/HsmProxyP11Slot.java | 23 +++- .../pkcs11/hsmproxy/ProxyMessage.java | 14 ++- .../security/pkcs12/AESGmacContentSigner.java | 12 +- .../xipki/security/pkcs12/GenerateCerts.java | 35 +++++- .../security/pkcs12/KeypairWithCert.java | 7 +- .../pkcs12/P12ContentSignerBuilder.java | 26 ++++- .../security/pkcs12/P12KeyGenerator.java | 22 +++- .../pkcs12/P12MacContentSignerBuilder.java | 7 +- .../security/pkcs12/P12SignerFactory.java | 9 +- .../pkcs12/P12XdhMacContentSignerBuilder.java | 15 ++- .../org/xipki/security/qa/JceSignSpeed.java | 6 +- .../org/xipki/security/qa/P11SignSpeed.java | 8 +- .../org/xipki/security/qa/P12SignSpeed.java | 13 ++- .../xipki/security/util/AlgorithmUtil.java | 9 +- .../java/org/xipki/security/util/KeyUtil.java | 52 ++++++++- .../org/xipki/security/util/X509Util.java | 74 ++++++++++-- .../pkcs12/test/CmsEnveloperTest.java | 26 ++++- .../test/CrlTestVectorGenerateMain.java | 7 +- .../org/xipki/servlet3/ServletFilter.java | 7 +- .../org/xipki/servlet5/ServletFilter.java | 7 +- .../main/java/org/xipki/shell/Actions.java | 12 +- .../main/java/org/xipki/shell/Completers.java | 8 +- .../java/org/xipki/shell/EnumCompleter.java | 6 +- .../main/java/org/xipki/shell/XiAction.java | 10 +- util/src/main/java/org/xipki/util/Args.java | 7 +- .../java/org/xipki/util/BatchReplace.java | 7 +- .../java/org/xipki/util/CollectionUtil.java | 9 +- .../java/org/xipki/util/ConcurrentBag.java | 10 +- .../main/java/org/xipki/util/ConfPairs.java | 11 +- .../main/java/org/xipki/util/DefaultCurl.java | 7 +- util/src/main/java/org/xipki/util/IoUtil.java | 18 ++- util/src/main/java/org/xipki/util/JSON.java | 17 ++- .../main/java/org/xipki/util/StringUtil.java | 10 +- .../org/xipki/util/http/HttpResponse.java | 6 +- .../xipki/util/http/SslContextBuilder.java | 15 ++- .../org/xipki/util/http/SslContextConf.java | 6 +- .../xipki/common/test/CanonicalizeCode.java | 15 ++- 77 files changed, 1349 insertions(+), 168 deletions(-) diff --git a/audit-extra/src/main/java/org/xipki/audit/extra/DatabaseMacAuditService.java b/audit-extra/src/main/java/org/xipki/audit/extra/DatabaseMacAuditService.java index 36a925b..9b80d2c 100644 --- a/audit-extra/src/main/java/org/xipki/audit/extra/DatabaseMacAuditService.java +++ b/audit-extra/src/main/java/org/xipki/audit/extra/DatabaseMacAuditService.java @@ -10,7 +10,11 @@ import org.xipki.datasource.DataAccessException; import org.xipki.datasource.DataSourceFactory; import org.xipki.datasource.DataSourceWrapper; -import org.xipki.util.*; +import org.xipki.util.ConfPairs; +import org.xipki.util.IoUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.SqlUtil; +import org.xipki.util.StringUtil; import org.xipki.util.exception.InvalidConfException; import java.io.IOException; diff --git a/audit/src/main/java/org/xipki/audit/PciAuditEvent.java b/audit/src/main/java/org/xipki/audit/PciAuditEvent.java index 3e5d006..1911504 100644 --- a/audit/src/main/java/org/xipki/audit/PciAuditEvent.java +++ b/audit/src/main/java/org/xipki/audit/PciAuditEvent.java @@ -6,7 +6,11 @@ import org.xipki.util.Args; import java.io.CharArrayWriter; -import java.net.*; +import java.net.Inet4Address; +import java.net.InetAddress; +import java.net.NetworkInterface; +import java.net.SocketException; +import java.net.UnknownHostException; import java.time.Instant; import java.time.LocalDateTime; import java.time.ZoneId; diff --git a/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java b/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java index bb29ba9..b426cea 100644 --- a/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java +++ b/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java @@ -9,10 +9,18 @@ import org.xipki.audit.AuditLevel; import org.xipki.audit.AuditService; import org.xipki.audit.PciAuditEvent; -import org.xipki.util.*; +import org.xipki.util.ConfPairs; +import org.xipki.util.DateUtil; +import org.xipki.util.IoUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.StringUtil; import org.xipki.util.exception.InvalidConfException; -import java.io.*; +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.io.OutputStreamWriter; import java.nio.file.Files; import java.nio.file.Path; import java.time.Clock; diff --git a/audit/src/main/java/org/xipki/audit/services/FileMacAuditService.java b/audit/src/main/java/org/xipki/audit/services/FileMacAuditService.java index a601a4c..9db2a20 100644 --- a/audit/src/main/java/org/xipki/audit/services/FileMacAuditService.java +++ b/audit/src/main/java/org/xipki/audit/services/FileMacAuditService.java @@ -5,10 +5,20 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.xipki.util.*; +import org.xipki.util.ConfPairs; +import org.xipki.util.DateUtil; +import org.xipki.util.IoUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.StringUtil; import org.xipki.util.exception.InvalidConfException; -import java.io.*; +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.OutputStreamWriter; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; diff --git a/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java b/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java index 7ba2464..f2d324d 100644 --- a/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java +++ b/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java @@ -8,16 +8,28 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xipki.datasource.DataAccessException.Reason; -import org.xipki.util.*; +import org.xipki.util.Args; +import org.xipki.util.ConfigurableProperties; +import org.xipki.util.LogUtil; +import org.xipki.util.LruCache; +import org.xipki.util.StringUtil; import java.io.Closeable; import java.io.PrintWriter; -import java.sql.*; +import java.sql.BatchUpdateException; +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; import java.util.Locale; import java.util.concurrent.ConcurrentHashMap; import static org.xipki.util.Args.notBlank; -import static org.xipki.util.StringUtil.*; +import static org.xipki.util.StringUtil.concat; +import static org.xipki.util.StringUtil.concatObjectsCap; +import static org.xipki.util.StringUtil.isBlank; +import static org.xipki.util.StringUtil.startsWithIgnoreCase; /** * A wrapper of {@link HikariDataSource}. diff --git a/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java b/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java index 143332b..b3aa53d 100644 --- a/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java +++ b/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java @@ -19,10 +19,22 @@ import org.xipki.util.ConfigurableProperties; import org.xipki.util.IoUtil; -import java.io.*; +import java.io.BufferedReader; +import java.io.File; +import java.io.FileReader; +import java.io.FileWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.LineNumberReader; +import java.io.PrintWriter; +import java.io.Reader; import java.nio.file.Files; import java.nio.file.Paths; -import java.sql.*; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.ResultSetMetaData; +import java.sql.SQLException; +import java.sql.Statement; import java.time.ZonedDateTime; import java.util.regex.Matcher; import java.util.regex.Pattern; diff --git a/password/src/main/java/org/xipki/password/Passwords.java b/password/src/main/java/org/xipki/password/Passwords.java index 5f9a5b4..bbe313f 100644 --- a/password/src/main/java/org/xipki/password/Passwords.java +++ b/password/src/main/java/org/xipki/password/Passwords.java @@ -9,7 +9,11 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.util.*; +import java.util.LinkedList; +import java.util.List; +import java.util.Locale; +import java.util.Optional; +import java.util.Properties; import java.util.concurrent.ConcurrentLinkedQueue; /** diff --git a/password/src/main/java/org/xipki/password/SecurePasswordInputPanel.java b/password/src/main/java/org/xipki/password/SecurePasswordInputPanel.java index 04db3eb..88e2e94 100644 --- a/password/src/main/java/org/xipki/password/SecurePasswordInputPanel.java +++ b/password/src/main/java/org/xipki/password/SecurePasswordInputPanel.java @@ -3,8 +3,17 @@ package org.xipki.password; -import javax.swing.*; -import java.awt.*; +import javax.swing.JButton; +import javax.swing.JOptionPane; +import javax.swing.JPanel; +import javax.swing.JPasswordField; +import javax.swing.LookAndFeel; +import javax.swing.UIManager; +import javax.swing.UnsupportedLookAndFeelException; +import java.awt.Color; +import java.awt.Font; +import java.awt.GridLayout; +import java.awt.Panel; import java.util.HashMap; import java.util.HashSet; import java.util.Map; diff --git a/security-shell/src/main/java/org/xipki/security/shell/Actions.java b/security-shell/src/main/java/org/xipki/security/shell/Actions.java index deda00d..7ce9861 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/Actions.java @@ -10,7 +10,19 @@ import org.apache.karaf.shell.api.action.lifecycle.Reference; import org.apache.karaf.shell.api.action.lifecycle.Service; import org.apache.karaf.shell.support.completers.FileCompleter; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Set; +import org.bouncycastle.asn1.DERGeneralizedTime; +import org.bouncycastle.asn1.DERIA5String; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.DERPrintableString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERSet; +import org.bouncycastle.asn1.DERUTF8String; import org.bouncycastle.asn1.cms.ContentInfo; import org.bouncycastle.asn1.cms.SignedData; import org.bouncycastle.asn1.pkcs.Attribute; @@ -18,8 +30,17 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x500.RDN; import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.*; -import org.bouncycastle.asn1.x509.qualified.*; +import org.bouncycastle.asn1.x509.Certificate; +import org.bouncycastle.asn1.x509.CertificateList; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x509.qualified.BiometricData; +import org.bouncycastle.asn1.x509.qualified.Iso4217CurrencyCode; +import org.bouncycastle.asn1.x509.qualified.MonetaryValue; +import org.bouncycastle.asn1.x509.qualified.QCStatement; +import org.bouncycastle.asn1.x509.qualified.TypeOfBiometricData; import org.bouncycastle.openssl.PKCS8Generator; import org.bouncycastle.openssl.jcajce.JcaPKCS8Generator; import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8EncryptorBuilder; @@ -27,19 +48,45 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; import org.bouncycastle.util.io.pem.PemObject; +import org.xipki.security.BadInputException; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.DHSigStaticKeyCertPair; +import org.xipki.security.EdECConstants; +import org.xipki.security.HashAlgo; import org.xipki.security.KeyUsage; -import org.xipki.security.*; +import org.xipki.security.NoIdleSignerException; +import org.xipki.security.ObjectIdentifiers; import org.xipki.security.ObjectIdentifiers.Xipki; +import org.xipki.security.SecurityFactory; +import org.xipki.security.SignAlgo; +import org.xipki.security.SignatureAlgoControl; +import org.xipki.security.X509Cert; +import org.xipki.security.XiContentSigner; +import org.xipki.security.XiSecurityException; import org.xipki.security.util.KeyUtil; import org.xipki.security.util.X509Util; import org.xipki.shell.CmdFailure; import org.xipki.shell.Completers; import org.xipki.shell.IllegalCmdParamException; import org.xipki.shell.XiAction; +import org.xipki.util.Args; import org.xipki.util.Base64; -import org.xipki.util.*; - -import java.io.*; +import org.xipki.util.CollectionUtil; +import org.xipki.util.CompareUtil; +import org.xipki.util.ConcurrentBag; +import org.xipki.util.DateUtil; +import org.xipki.util.Hex; +import org.xipki.util.IoUtil; +import org.xipki.util.PemEncoder; +import org.xipki.util.StringUtil; + +import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.nio.file.Files; @@ -52,8 +99,18 @@ import java.security.cert.X509Certificate; import java.time.Instant; import java.time.temporal.ChronoUnit; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; import java.util.Map.Entry; +import java.util.Set; +import java.util.StringTokenizer; /** * Security actions. diff --git a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java index e5aaa4b..7c505d9 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java @@ -15,16 +15,31 @@ import org.xipki.password.PasswordResolverException; import org.xipki.pkcs11.wrapper.PKCS11KeyId; import org.xipki.pkcs11.wrapper.TokenException; -import org.xipki.security.*; -import org.xipki.security.pkcs11.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.EdECConstants; +import org.xipki.security.HashAlgo; +import org.xipki.security.SignatureAlgoControl; +import org.xipki.security.SignerConf; +import org.xipki.security.X509Cert; +import org.xipki.security.XiSecurityException; +import org.xipki.security.pkcs11.P11CryptService; +import org.xipki.security.pkcs11.P11CryptServiceFactory; +import org.xipki.security.pkcs11.P11Module; +import org.xipki.security.pkcs11.P11Slot; import org.xipki.security.pkcs11.P11Slot.P11NewKeyControl; +import org.xipki.security.pkcs11.P11SlotId; import org.xipki.security.shell.Actions.CsrGenAction; import org.xipki.security.shell.Actions.SecurityAction; import org.xipki.security.util.AlgorithmUtil; import org.xipki.security.util.KeyUtil; import org.xipki.shell.Completers; import org.xipki.shell.IllegalCmdParamException; -import org.xipki.util.*; +import org.xipki.util.Args; +import org.xipki.util.CollectionUtil; +import org.xipki.util.ConfPairs; +import org.xipki.util.Hex; +import org.xipki.util.IoUtil; +import org.xipki.util.StringUtil; import javax.crypto.SecretKey; import java.io.IOException; @@ -37,7 +52,9 @@ import java.util.Enumeration; import java.util.List; -import static org.xipki.pkcs11.wrapper.PKCS11Constants.*; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_AES; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_DES3; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_GENERIC_SECRET; /** * Actions for PKCS#11 security. diff --git a/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java index f85f8a9..1acf576 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java @@ -11,7 +11,12 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.gm.GMObjectIdentifiers; import org.xipki.password.PasswordResolverException; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.EdECConstants; +import org.xipki.security.SignatureAlgoControl; +import org.xipki.security.SignerConf; +import org.xipki.security.X509Cert; +import org.xipki.security.XiSecurityException; import org.xipki.security.pkcs12.KeyStoreWrapper; import org.xipki.security.pkcs12.KeypairWithCert; import org.xipki.security.pkcs12.KeystoreGenerationParameters; @@ -24,8 +29,12 @@ import org.xipki.shell.CmdFailure; import org.xipki.shell.Completers; import org.xipki.shell.IllegalCmdParamException; -import org.xipki.util.*; +import org.xipki.util.Args; +import org.xipki.util.ConfPairs; +import org.xipki.util.IoUtil; +import org.xipki.util.PemEncoder; import org.xipki.util.PemEncoder.PemLabel; +import org.xipki.util.StringUtil; import org.xipki.util.exception.ObjectCreationException; import java.io.File; @@ -34,7 +43,11 @@ import java.io.OutputStream; import java.nio.file.Files; import java.nio.file.Paths; -import java.security.*; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; diff --git a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java index 7e91cb6..38715d5 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java @@ -21,12 +21,20 @@ import org.xipki.security.pkcs11.P11CryptServiceFactory; import org.xipki.security.pkcs11.P11Module; import org.xipki.security.pkcs11.P11Slot; -import org.xipki.security.qa.*; +import org.xipki.security.qa.JceSignSpeed; +import org.xipki.security.qa.P11KeyGenSpeed; +import org.xipki.security.qa.P11SignSpeed; +import org.xipki.security.qa.P12KeyGenSpeed; +import org.xipki.security.qa.P12SignSpeed; import org.xipki.security.util.AlgorithmUtil; import org.xipki.shell.Completers; import org.xipki.shell.IllegalCmdParamException; import org.xipki.shell.XiAction; -import org.xipki.util.*; +import org.xipki.util.Args; +import org.xipki.util.BenchmarkExecutor; +import org.xipki.util.Hex; +import org.xipki.util.LogUtil; +import org.xipki.util.StringUtil; import java.security.spec.RSAKeyGenParameterSpec; import java.util.Enumeration; diff --git a/security/src/main/java/org/xipki/security/CollectionAlgorithmValidator.java b/security/src/main/java/org/xipki/security/CollectionAlgorithmValidator.java index 004f939..9fc736d 100644 --- a/security/src/main/java/org/xipki/security/CollectionAlgorithmValidator.java +++ b/security/src/main/java/org/xipki/security/CollectionAlgorithmValidator.java @@ -9,7 +9,12 @@ import org.xipki.util.Args; import java.security.NoSuchAlgorithmException; -import java.util.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Set; /** * An implementation of {@link AlgorithmValidator} where the permitted algorithms diff --git a/security/src/main/java/org/xipki/security/DSAPlainDigestSigner.java b/security/src/main/java/org/xipki/security/DSAPlainDigestSigner.java index 5524095..1225303 100644 --- a/security/src/main/java/org/xipki/security/DSAPlainDigestSigner.java +++ b/security/src/main/java/org/xipki/security/DSAPlainDigestSigner.java @@ -7,7 +7,12 @@ import org.bouncycastle.crypto.DSA; import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Signer; -import org.bouncycastle.crypto.params.*; +import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +import org.bouncycastle.crypto.params.DSAPrivateKeyParameters; +import org.bouncycastle.crypto.params.DSAPublicKeyParameters; +import org.bouncycastle.crypto.params.ECPrivateKeyParameters; +import org.bouncycastle.crypto.params.ECPublicKeyParameters; +import org.bouncycastle.crypto.params.ParametersWithRandom; import org.xipki.security.util.SignerUtil; import org.xipki.util.Args; diff --git a/security/src/main/java/org/xipki/security/HashAlgo.java b/security/src/main/java/org/xipki/security/HashAlgo.java index 7df8597..25d592a 100644 --- a/security/src/main/java/org/xipki/security/HashAlgo.java +++ b/security/src/main/java/org/xipki/security/HashAlgo.java @@ -10,7 +10,14 @@ import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.crypto.ExtendedDigest; -import org.bouncycastle.crypto.digests.*; +import org.bouncycastle.crypto.digests.SHA1Digest; +import org.bouncycastle.crypto.digests.SHA224Digest; +import org.bouncycastle.crypto.digests.SHA256Digest; +import org.bouncycastle.crypto.digests.SHA384Digest; +import org.bouncycastle.crypto.digests.SHA3Digest; +import org.bouncycastle.crypto.digests.SHA512Digest; +import org.bouncycastle.crypto.digests.SHAKEDigest; +import org.bouncycastle.crypto.digests.SM3Digest; import org.xipki.util.Args; import java.io.IOException; @@ -19,7 +26,16 @@ import java.util.Map; import java.util.Optional; -import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.*; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha224; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha256; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha384; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha3_224; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha3_256; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha3_384; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha3_512; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_sha512; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_shake128; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_shake256; /** * Hash algorithm enum. diff --git a/security/src/main/java/org/xipki/security/Securities.java b/security/src/main/java/org/xipki/security/Securities.java index 2e8006b..040dc19 100644 --- a/security/src/main/java/org/xipki/security/Securities.java +++ b/security/src/main/java/org/xipki/security/Securities.java @@ -7,11 +7,21 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xipki.password.PasswordResolverException; -import org.xipki.security.pkcs11.*; +import org.xipki.security.pkcs11.NativeP11ModuleFactory; +import org.xipki.security.pkcs11.P11CryptServiceFactory; +import org.xipki.security.pkcs11.P11CryptServiceFactoryImpl; +import org.xipki.security.pkcs11.P11ModuleFactory; +import org.xipki.security.pkcs11.P11ModuleFactoryRegisterImpl; +import org.xipki.security.pkcs11.P11SignerFactory; +import org.xipki.security.pkcs11.Pkcs11conf; import org.xipki.security.pkcs11.emulator.EmulatorP11ModuleFactory; import org.xipki.security.pkcs11.hsmproxy.HsmProxyP11ModuleFactory; import org.xipki.security.pkcs12.P12SignerFactory; -import org.xipki.util.*; +import org.xipki.util.CollectionUtil; +import org.xipki.util.FileOrValue; +import org.xipki.util.JSON; +import org.xipki.util.ReflectiveUtil; +import org.xipki.util.ValidableConf; import org.xipki.util.exception.InvalidConfException; import org.xipki.util.exception.ObjectCreationException; diff --git a/security/src/main/java/org/xipki/security/SecurityFactoryImpl.java b/security/src/main/java/org/xipki/security/SecurityFactoryImpl.java index 0c580f8..c9fc0de 100644 --- a/security/src/main/java/org/xipki/security/SecurityFactoryImpl.java +++ b/security/src/main/java/org/xipki/security/SecurityFactoryImpl.java @@ -17,7 +17,12 @@ import org.xipki.util.LogUtil; import org.xipki.util.exception.ObjectCreationException; -import java.security.*; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Signature; import java.security.spec.InvalidKeySpecException; import java.util.Set; diff --git a/security/src/main/java/org/xipki/security/SignAlgo.java b/security/src/main/java/org/xipki/security/SignAlgo.java index 7f0efd2..4990eb6 100644 --- a/security/src/main/java/org/xipki/security/SignAlgo.java +++ b/security/src/main/java/org/xipki/security/SignAlgo.java @@ -24,15 +24,73 @@ import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Signature; -import java.security.interfaces.*; -import java.util.*; - -import static org.bouncycastle.asn1.bsi.BSIObjectIdentifiers.*; -import static org.bouncycastle.asn1.cms.CMSObjectIdentifiers.*; -import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.*; -import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.*; -import static org.bouncycastle.asn1.x9.X9ObjectIdentifiers.*; -import static org.xipki.security.HashAlgo.*; +import java.security.interfaces.DSAKey; +import java.security.interfaces.ECKey; +import java.security.interfaces.RSAKey; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +import static org.bouncycastle.asn1.bsi.BSIObjectIdentifiers.ecdsa_plain_SHA1; +import static org.bouncycastle.asn1.bsi.BSIObjectIdentifiers.ecdsa_plain_SHA224; +import static org.bouncycastle.asn1.bsi.BSIObjectIdentifiers.ecdsa_plain_SHA256; +import static org.bouncycastle.asn1.bsi.BSIObjectIdentifiers.ecdsa_plain_SHA384; +import static org.bouncycastle.asn1.bsi.BSIObjectIdentifiers.ecdsa_plain_SHA512; +import static org.bouncycastle.asn1.cms.CMSObjectIdentifiers.id_RSASSA_PSS_SHAKE128; +import static org.bouncycastle.asn1.cms.CMSObjectIdentifiers.id_RSASSA_PSS_SHAKE256; +import static org.bouncycastle.asn1.cms.CMSObjectIdentifiers.id_ecdsa_with_shake128; +import static org.bouncycastle.asn1.cms.CMSObjectIdentifiers.id_ecdsa_with_shake256; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.dsa_with_sha224; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.dsa_with_sha256; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.dsa_with_sha384; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.dsa_with_sha512; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_dsa_with_sha3_224; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_dsa_with_sha3_256; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_dsa_with_sha3_384; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_dsa_with_sha3_512; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_ecdsa_with_sha3_224; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_ecdsa_with_sha3_256; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_ecdsa_with_sha3_384; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_ecdsa_with_sha3_512; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_hmacWithSHA3_224; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_hmacWithSHA3_256; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_hmacWithSHA3_384; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_hmacWithSHA3_512; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_224; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_256; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_384; +import static org.bouncycastle.asn1.nist.NISTObjectIdentifiers.id_rsassa_pkcs1_v1_5_with_sha3_512; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.id_RSASSA_PSS; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.id_hmacWithSHA1; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.id_hmacWithSHA224; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.id_hmacWithSHA256; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.id_hmacWithSHA384; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.id_hmacWithSHA512; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.sha1WithRSAEncryption; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.sha224WithRSAEncryption; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.sha256WithRSAEncryption; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.sha384WithRSAEncryption; +import static org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers.sha512WithRSAEncryption; +import static org.bouncycastle.asn1.x9.X9ObjectIdentifiers.ecdsa_with_SHA1; +import static org.bouncycastle.asn1.x9.X9ObjectIdentifiers.ecdsa_with_SHA224; +import static org.bouncycastle.asn1.x9.X9ObjectIdentifiers.ecdsa_with_SHA256; +import static org.bouncycastle.asn1.x9.X9ObjectIdentifiers.ecdsa_with_SHA384; +import static org.bouncycastle.asn1.x9.X9ObjectIdentifiers.ecdsa_with_SHA512; +import static org.bouncycastle.asn1.x9.X9ObjectIdentifiers.id_dsa_with_sha1; +import static org.xipki.security.HashAlgo.SHA1; +import static org.xipki.security.HashAlgo.SHA224; +import static org.xipki.security.HashAlgo.SHA256; +import static org.xipki.security.HashAlgo.SHA384; +import static org.xipki.security.HashAlgo.SHA3_224; +import static org.xipki.security.HashAlgo.SHA3_256; +import static org.xipki.security.HashAlgo.SHA3_384; +import static org.xipki.security.HashAlgo.SHA3_512; +import static org.xipki.security.HashAlgo.SHA512; +import static org.xipki.security.HashAlgo.SHAKE128; +import static org.xipki.security.HashAlgo.SHAKE256; +import static org.xipki.security.HashAlgo.SM3; /** * Hash algorithm enum. diff --git a/security/src/main/java/org/xipki/security/X509Cert.java b/security/src/main/java/org/xipki/security/X509Cert.java index ab43a10..af21a6e 100644 --- a/security/src/main/java/org/xipki/security/X509Cert.java +++ b/security/src/main/java/org/xipki/security/X509Cert.java @@ -6,8 +6,12 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1OctetString; import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; +import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.asn1.x509.*; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.cert.X509CertificateHolder; import org.xipki.security.util.KeyUtil; import org.xipki.security.util.X509Util; @@ -16,7 +20,12 @@ import java.io.IOException; import java.math.BigInteger; -import java.security.*; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; diff --git a/security/src/main/java/org/xipki/security/asn1/CrlStreamParser.java b/security/src/main/java/org/xipki/security/asn1/CrlStreamParser.java index 4942ce3..c84db72 100644 --- a/security/src/main/java/org/xipki/security/asn1/CrlStreamParser.java +++ b/security/src/main/java/org/xipki/security/asn1/CrlStreamParser.java @@ -3,9 +3,19 @@ package org.xipki.security.asn1; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.ASN1BitString; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.BERTags; +import org.bouncycastle.asn1.DERGeneralizedTime; +import org.bouncycastle.asn1.DERUTCTime; import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.*; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.CRLReason; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.operator.ContentVerifier; import org.bouncycastle.operator.ContentVerifierProvider; import org.bouncycastle.operator.OperatorCreationException; @@ -19,7 +29,12 @@ import org.xipki.util.Args; import org.xipki.util.LogUtil; -import java.io.*; +import java.io.BufferedInputStream; +import java.io.Closeable; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; import java.math.BigInteger; import java.nio.file.Files; import java.security.InvalidKeyException; diff --git a/security/src/main/java/org/xipki/security/bc/XiEdDSAContentVerifierProvider.java b/security/src/main/java/org/xipki/security/bc/XiEdDSAContentVerifierProvider.java index 3ba3470..4c06b65 100644 --- a/security/src/main/java/org/xipki/security/bc/XiEdDSAContentVerifierProvider.java +++ b/security/src/main/java/org/xipki/security/bc/XiEdDSAContentVerifierProvider.java @@ -14,7 +14,12 @@ import java.io.ByteArrayOutputStream; import java.io.OutputStream; -import java.security.*; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; /** * {@link ContentVerifierProvider} for the signature algorithm EdDSA (Ed25519 and Ed448). diff --git a/security/src/main/java/org/xipki/security/ctlog/CtLog.java b/security/src/main/java/org/xipki/security/ctlog/CtLog.java index 31d0a46..6b83911 100644 --- a/security/src/main/java/org/xipki/security/ctlog/CtLog.java +++ b/security/src/main/java/org/xipki/security/ctlog/CtLog.java @@ -3,7 +3,13 @@ package org.xipki.security.ctlog; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1TaggedObject; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; import org.bouncycastle.asn1.x509.TBSCertificate; import org.bouncycastle.util.Pack; import org.xipki.security.ObjectIdentifiers; diff --git a/security/src/main/java/org/xipki/security/jce/JceSigner.java b/security/src/main/java/org/xipki/security/jce/JceSigner.java index edf4f2c..5045c70 100644 --- a/security/src/main/java/org/xipki/security/jce/JceSigner.java +++ b/security/src/main/java/org/xipki/security/jce/JceSigner.java @@ -11,7 +11,13 @@ import java.io.IOException; import java.io.OutputStream; -import java.security.*; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Signature; +import java.security.SignatureException; /** * JCE signer diff --git a/security/src/main/java/org/xipki/security/jce/JceSignerBuilder.java b/security/src/main/java/org/xipki/security/jce/JceSignerBuilder.java index 615ab71..0e5a210 100644 --- a/security/src/main/java/org/xipki/security/jce/JceSignerBuilder.java +++ b/security/src/main/java/org/xipki/security/jce/JceSignerBuilder.java @@ -3,7 +3,12 @@ package org.xipki.security.jce; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.DfltConcurrentContentSigner; +import org.xipki.security.SignAlgo; +import org.xipki.security.X509Cert; +import org.xipki.security.XiContentSigner; +import org.xipki.security.XiSecurityException; import org.xipki.security.util.X509Util; import org.xipki.util.Args; @@ -12,7 +17,11 @@ import java.security.Provider; import java.security.PublicKey; import java.security.cert.CertPathBuilderException; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashSet; +import java.util.List; +import java.util.Set; /** * Builder of {@link ConcurrentContentSigner} for PKCS#11 token. diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Key.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Key.java index ef6b9fb..733bc30 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Key.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Key.java @@ -20,7 +20,15 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.RSAPublicKeySpec; -import static org.xipki.pkcs11.wrapper.PKCS11Constants.*; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_EC_POINT; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_VALUE; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_DSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_EDWARDS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_MONTGOMERY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_RSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_VENDOR_SM2; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckkCodeToName; /** * {@link P11Key} based on the ipkcs11wrapper or jpkcs11wrapper. diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java index 0e96f30..fcfe628 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java @@ -6,8 +6,20 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.xipki.password.PasswordResolverException; -import org.xipki.pkcs11.wrapper.*; -import org.xipki.util.*; +import org.xipki.pkcs11.wrapper.ModuleInfo; +import org.xipki.pkcs11.wrapper.PKCS11Constants; +import org.xipki.pkcs11.wrapper.PKCS11Exception; +import org.xipki.pkcs11.wrapper.PKCS11Module; +import org.xipki.pkcs11.wrapper.PKCS11Token; +import org.xipki.pkcs11.wrapper.Slot; +import org.xipki.pkcs11.wrapper.SlotInfo; +import org.xipki.pkcs11.wrapper.TokenException; +import org.xipki.pkcs11.wrapper.TokenInfo; +import org.xipki.util.Args; +import org.xipki.util.CollectionUtil; +import org.xipki.util.IoUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.StringUtil; import java.io.IOException; import java.util.HashSet; diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java index 5d30d5f..c59b0f3 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java @@ -3,7 +3,11 @@ package org.xipki.security.pkcs11; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.gm.GMObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; @@ -16,7 +20,21 @@ import org.bouncycastle.util.encoders.Hex; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.xipki.pkcs11.wrapper.*; +import org.xipki.pkcs11.wrapper.AttributeVector; +import org.xipki.pkcs11.wrapper.Functions; +import org.xipki.pkcs11.wrapper.KeyPairTemplate; +import org.xipki.pkcs11.wrapper.Mechanism; +import org.xipki.pkcs11.wrapper.MechanismInfo; +import org.xipki.pkcs11.wrapper.ModuleInfo; +import org.xipki.pkcs11.wrapper.PKCS11Exception; +import org.xipki.pkcs11.wrapper.PKCS11Key; +import org.xipki.pkcs11.wrapper.PKCS11KeyId; +import org.xipki.pkcs11.wrapper.PKCS11KeyPair; +import org.xipki.pkcs11.wrapper.PKCS11Module; +import org.xipki.pkcs11.wrapper.PKCS11Token; +import org.xipki.pkcs11.wrapper.SlotInfo; +import org.xipki.pkcs11.wrapper.TokenException; +import org.xipki.pkcs11.wrapper.TokenInfo; import org.xipki.pkcs11.wrapper.params.ExtraParams; import org.xipki.security.EdECConstants; import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; @@ -36,9 +54,82 @@ import java.security.spec.DSAPublicKeySpec; import java.security.spec.InvalidKeySpecException; import java.security.spec.RSAPublicKeySpec; -import java.util.*; - -import static org.xipki.pkcs11.wrapper.PKCS11Constants.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; + +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_BASE; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_CLASS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_COEFFICIENT; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_EC_PARAMS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_EC_POINT; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_EXPONENT_1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_EXPONENT_2; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_ID; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_KEY_TYPE; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_LABEL; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_MODULUS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_PRIME; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_PRIME_1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_PRIME_2; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_PRIVATE_EXPONENT; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_PUBLIC_EXPONENT; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_SUBPRIME; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_VALUE; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKA_VALUE_LEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKF_DIGEST; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKF_GENERATE; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKF_GENERATE_KEY_PAIR; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKF_SIGN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_AES; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_DES3; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_DSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_EDWARDS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_MONTGOMERY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_GENERIC_SECRET; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_RSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_SHA224_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_SHA256_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_SHA384_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_SHA3_224_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_SHA3_256_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_SHA3_384_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_SHA3_512_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_SHA512_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_SHA_1_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_VENDOR_SM2; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_AES_KEY_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DES3_KEY_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_EC_EDWARDS_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_EC_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_EC_MONTGOMERY_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_GENERIC_SECRET_KEY_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_PKCS_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_X9_31_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_VENDOR_SM2_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKO_PRIVATE_KEY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKO_PUBLIC_KEY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKO_SECRET_KEY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.Category; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckkCodeToName; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckmCodeToName; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckoCodeToName; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.codeToName; /** * {@link P11Slot} based on the ipkcs11wrapper or jpkcs11wrapper. diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11ContentSigner.java b/security/src/main/java/org/xipki/security/pkcs11/P11ContentSigner.java index e484354..f5d6729 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11ContentSigner.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11ContentSigner.java @@ -32,8 +32,113 @@ import java.util.Map; import java.util.Optional; -import static org.xipki.pkcs11.wrapper.PKCS11Constants.*; -import static org.xipki.security.SignAlgo.*; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_AES; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_DSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_EDWARDS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_GENERIC_SECRET; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_RSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_VENDOR_SM2; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA3_224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA3_256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA3_384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA3_512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_EDDSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_X_509; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA1_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA1_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA224_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA224_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA224_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA256_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA256_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA256_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA384_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA384_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA384_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_224_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_224_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_224_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_256_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_256_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_256_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_384_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_384_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_384_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_512_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_512_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_512_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA512_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA512_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA512_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA_1_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_VENDOR_SM2; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_VENDOR_SM2_SM3; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckkCodeToName; +import static org.xipki.security.SignAlgo.DSA_SHA1; +import static org.xipki.security.SignAlgo.DSA_SHA224; +import static org.xipki.security.SignAlgo.DSA_SHA256; +import static org.xipki.security.SignAlgo.DSA_SHA384; +import static org.xipki.security.SignAlgo.DSA_SHA3_224; +import static org.xipki.security.SignAlgo.DSA_SHA3_256; +import static org.xipki.security.SignAlgo.DSA_SHA3_384; +import static org.xipki.security.SignAlgo.DSA_SHA3_512; +import static org.xipki.security.SignAlgo.DSA_SHA512; +import static org.xipki.security.SignAlgo.ECDSA_SHA1; +import static org.xipki.security.SignAlgo.ECDSA_SHA224; +import static org.xipki.security.SignAlgo.ECDSA_SHA256; +import static org.xipki.security.SignAlgo.ECDSA_SHA384; +import static org.xipki.security.SignAlgo.ECDSA_SHA3_224; +import static org.xipki.security.SignAlgo.ECDSA_SHA3_256; +import static org.xipki.security.SignAlgo.ECDSA_SHA3_384; +import static org.xipki.security.SignAlgo.ECDSA_SHA3_512; +import static org.xipki.security.SignAlgo.ECDSA_SHA512; +import static org.xipki.security.SignAlgo.HMAC_SHA1; +import static org.xipki.security.SignAlgo.HMAC_SHA224; +import static org.xipki.security.SignAlgo.HMAC_SHA256; +import static org.xipki.security.SignAlgo.HMAC_SHA384; +import static org.xipki.security.SignAlgo.HMAC_SHA3_224; +import static org.xipki.security.SignAlgo.HMAC_SHA3_256; +import static org.xipki.security.SignAlgo.HMAC_SHA3_384; +import static org.xipki.security.SignAlgo.HMAC_SHA3_512; +import static org.xipki.security.SignAlgo.HMAC_SHA512; +import static org.xipki.security.SignAlgo.RSAPSS_SHA1; +import static org.xipki.security.SignAlgo.RSAPSS_SHA224; +import static org.xipki.security.SignAlgo.RSAPSS_SHA256; +import static org.xipki.security.SignAlgo.RSAPSS_SHA384; +import static org.xipki.security.SignAlgo.RSAPSS_SHA3_224; +import static org.xipki.security.SignAlgo.RSAPSS_SHA3_256; +import static org.xipki.security.SignAlgo.RSAPSS_SHA3_384; +import static org.xipki.security.SignAlgo.RSAPSS_SHA3_512; +import static org.xipki.security.SignAlgo.RSAPSS_SHA512; +import static org.xipki.security.SignAlgo.RSA_SHA1; +import static org.xipki.security.SignAlgo.RSA_SHA224; +import static org.xipki.security.SignAlgo.RSA_SHA256; +import static org.xipki.security.SignAlgo.RSA_SHA384; +import static org.xipki.security.SignAlgo.RSA_SHA3_224; +import static org.xipki.security.SignAlgo.RSA_SHA3_256; +import static org.xipki.security.SignAlgo.RSA_SHA3_384; +import static org.xipki.security.SignAlgo.RSA_SHA3_512; +import static org.xipki.security.SignAlgo.RSA_SHA512; +import static org.xipki.security.SignAlgo.SM2_SM3; /** * PKCS#11 {@link XiContentSigner}. diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java index f34b558..fda7d71 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java @@ -14,7 +14,12 @@ import java.io.File; import java.io.IOException; -import java.util.*; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; /** * An implementation of {@link P11CryptServiceFactory}. diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Key.java b/security/src/main/java/org/xipki/security/pkcs11/P11Key.java index 776c612..009adbc 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Key.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Key.java @@ -16,7 +16,12 @@ import java.math.BigInteger; import java.security.PublicKey; -import static org.xipki.pkcs11.wrapper.PKCS11Constants.*; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKF_DIGEST; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKF_SIGN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_MONTGOMERY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKO_PUBLIC_KEY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKO_SECRET_KEY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckmCodeToName; /** * PKCS#11 key. diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Module.java b/security/src/main/java/org/xipki/security/pkcs11/P11Module.java index 14ecfbb..e25e757 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Module.java @@ -6,7 +6,12 @@ import org.xipki.pkcs11.wrapper.TokenException; import org.xipki.util.Args; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; /** * PKCS#11 module. diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java index ab60c50..e843f3f 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java @@ -14,7 +14,15 @@ import org.xipki.util.StringUtil; import org.xipki.util.exception.InvalidConfException; -import java.util.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; /** * Configuration of a PKCS#11 module. diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Params.java b/security/src/main/java/org/xipki/security/pkcs11/P11Params.java index 776057b..66146e0 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Params.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Params.java @@ -5,10 +5,31 @@ import org.xipki.pkcs11.wrapper.Mechanism; import org.xipki.pkcs11.wrapper.TokenException; -import org.xipki.pkcs11.wrapper.params.*; +import org.xipki.pkcs11.wrapper.params.ByteArrayParams; +import org.xipki.pkcs11.wrapper.params.CkParams; +import org.xipki.pkcs11.wrapper.params.CkParamsWithExtra; +import org.xipki.pkcs11.wrapper.params.ExtraParams; +import org.xipki.pkcs11.wrapper.params.RSA_PKCS_PSS_PARAMS; import org.xipki.security.HashAlgo; -import static org.xipki.pkcs11.wrapper.PKCS11Constants.*; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA3_224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA3_256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA3_384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA3_512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA_1; /** * PKCS#11 params. * diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java index f9d0dbd..4734181 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java @@ -5,9 +5,16 @@ import org.xipki.pkcs11.wrapper.PKCS11Constants; import org.xipki.pkcs11.wrapper.TokenException; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.DfltConcurrentContentSigner; +import org.xipki.security.SecurityFactory; +import org.xipki.security.SignAlgo; +import org.xipki.security.SignerConf; +import org.xipki.security.SignerFactory; +import org.xipki.security.X509Cert; +import org.xipki.security.XiContentSigner; +import org.xipki.security.XiSecurityException; import org.xipki.util.Hex; -import org.xipki.util.LogUtil; import org.xipki.util.exception.ObjectCreationException; import java.security.NoSuchAlgorithmException; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java index 149187c..af6863c 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java @@ -7,7 +7,11 @@ import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.xipki.pkcs11.wrapper.*; +import org.xipki.pkcs11.wrapper.Functions; +import org.xipki.pkcs11.wrapper.MechanismInfo; +import org.xipki.pkcs11.wrapper.PKCS11KeyId; +import org.xipki.pkcs11.wrapper.PKCS11Module; +import org.xipki.pkcs11.wrapper.TokenException; import org.xipki.pkcs11.wrapper.params.ExtraParams; import org.xipki.security.EdECConstants; import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; @@ -26,9 +30,33 @@ import java.security.SecureRandom; import java.security.spec.DSAParameterSpec; import java.security.spec.RSAKeyGenParameterSpec; -import java.util.*; - -import static org.xipki.pkcs11.wrapper.PKCS11Constants.*; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKF_GENERATE_KEY_PAIR; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_DES3; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_DSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_EDWARDS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_MONTGOMERY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_RSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_VENDOR_SM2; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_EC_EDWARDS_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_EC_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_EC_MONTGOMERY_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_PKCS_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_X9_31_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_VENDOR_SM2_KEY_PAIR_GEN; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.Category; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckkCodeToName; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckmCodeToName; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.codeToName; /** * PKCS#11 slot. diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorKeyCryptor.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorKeyCryptor.java index 4ebb260..6199c87 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorKeyCryptor.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorKeyCryptor.java @@ -19,7 +19,12 @@ import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; import java.io.IOException; -import java.security.*; +import java.security.GeneralSecurityException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; import java.security.spec.PKCS8EncodedKeySpec; diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java index fa7098d..fb42ccd 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java @@ -31,16 +31,116 @@ import org.xipki.util.ConcurrentBag; import org.xipki.util.ConcurrentBag.BagEntry; -import javax.crypto.*; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; import java.math.BigInteger; -import java.security.*; +import java.security.GeneralSecurityException; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Signature; +import java.security.SignatureException; import java.util.HashMap; import java.util.Map; import java.util.Optional; import java.util.concurrent.TimeUnit; -import static org.xipki.pkcs11.wrapper.PKCS11Constants.*; -import static org.xipki.security.HashAlgo.*; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA3_224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA3_256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA3_384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA3_512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_DSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_EDWARDS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_EC_MONTGOMERY; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_RSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_VENDOR_SM2; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_AES_GMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA3_224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA3_256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA3_384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA3_512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_DSA_SHA512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA3_512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_ECDSA_SHA512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_EDDSA; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_RSA_X_509; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA1_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA1_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA224_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA224_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA224_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA256_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA256_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA256_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA384_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA384_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA384_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_224; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_224_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_224_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_224_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_256; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_256_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_256_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_256_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_384; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_384_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_384_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_384_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_512_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_512_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA3_512_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA512; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA512_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA512_RSA_PKCS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA512_RSA_PKCS_PSS; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA_1; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_SHA_1_HMAC; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_VENDOR_SM2; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_VENDOR_SM2_SM3; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKM_VENDOR_SM3; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckkCodeToName; +import static org.xipki.pkcs11.wrapper.PKCS11Constants.ckmCodeToName; +import static org.xipki.security.HashAlgo.SHA1; +import static org.xipki.security.HashAlgo.SHA224; +import static org.xipki.security.HashAlgo.SHA256; +import static org.xipki.security.HashAlgo.SHA384; +import static org.xipki.security.HashAlgo.SHA3_224; +import static org.xipki.security.HashAlgo.SHA3_256; +import static org.xipki.security.HashAlgo.SHA3_384; +import static org.xipki.security.HashAlgo.SHA3_512; +import static org.xipki.security.HashAlgo.SHA512; +import static org.xipki.security.HashAlgo.SM3; /** * {@link P11Key} for PKCS#11 emulator. diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java index 425d2db..f39833a 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java @@ -18,7 +18,11 @@ import java.io.File; import java.io.IOException; -import java.util.*; +import java.util.Collections; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; /** * {@link P11Module} for PKCS#11 emulator. diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java index 8101dbf..a9e69d7 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java @@ -3,7 +3,11 @@ package org.xipki.security.pkcs11.emulator; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.DERBitString; +import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.gm.GMObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; @@ -19,7 +23,11 @@ import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.xipki.pkcs11.wrapper.*; +import org.xipki.pkcs11.wrapper.Functions; +import org.xipki.pkcs11.wrapper.MechanismInfo; +import org.xipki.pkcs11.wrapper.PKCS11Exception; +import org.xipki.pkcs11.wrapper.PKCS11KeyId; +import org.xipki.pkcs11.wrapper.TokenException; import org.xipki.pkcs11.wrapper.params.ExtraParams; import org.xipki.security.EdECConstants; import org.xipki.security.HashAlgo; @@ -31,21 +39,47 @@ import org.xipki.security.pkcs11.P11SlotId; import org.xipki.security.util.AlgorithmUtil; import org.xipki.security.util.KeyUtil; -import org.xipki.util.*; +import org.xipki.util.Args; +import org.xipki.util.Hex; +import org.xipki.util.IoUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.StringUtil; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; -import java.io.*; +import java.io.File; +import java.io.FilenameFilter; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.nio.file.Files; -import java.security.*; -import java.security.interfaces.*; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPublicKey; import java.security.spec.DSAPublicKeySpec; import java.security.spec.ECParameterSpec; import java.security.spec.InvalidKeySpecException; import java.security.spec.RSAPublicKeySpec; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.Set; import static org.xipki.pkcs11.wrapper.PKCS11Constants.*; diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java index 3d1c381..be6bad2 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java @@ -12,8 +12,21 @@ import org.xipki.security.pkcs11.P11ModuleConf; import org.xipki.security.pkcs11.P11Slot; import org.xipki.security.pkcs11.P11SlotId; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.*; -import org.xipki.util.*; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.BooleanMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ByteArrayMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ErrorResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GetMechanismInfosResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.IntMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.KeyIdMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.LongArrayMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ModuleCapsResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.P11KeyResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.SlotIdsResponse; +import org.xipki.util.Args; +import org.xipki.util.FileOrBinary; +import org.xipki.util.IoUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.StringUtil; import org.xipki.util.cbor.ByteArrayCborDecoder; import org.xipki.util.cbor.CborConstants; import org.xipki.util.cbor.CborDecoder; @@ -22,21 +35,23 @@ import org.xipki.util.exception.ObjectCreationException; import org.xipki.util.http.HostnameVerifiers; import org.xipki.util.http.SslConf; -import org.xipki.util.http.SslContextBuilder; import org.xipki.util.http.SslContextConf; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSocketFactory; -import java.io.*; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; import java.net.HttpURLConnection; import java.net.URL; -import java.security.KeyManagementException; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; -import java.util.*; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.StringTokenizer; /** * {@link P11Module} for PKCS#11 proxy. diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java index ec2522f..f039daa 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java @@ -18,7 +18,28 @@ import org.xipki.security.pkcs11.P11Params; import org.xipki.security.pkcs11.P11Slot; import org.xipki.security.pkcs11.P11SlotId; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.*; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.BooleanMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ByteArrayMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.DigestSecretKeyRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateDSAKeyPairByKeysizeRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateDSAKeyPairOtfRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateDSAKeyPairRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateECKeyPairOtfRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateECKeyPairRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateRSAKeyPairOtfRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateRSAKeyPairRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateSM2KeyPairRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateSecretKeyRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GetMechanismInfosResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.IdLabelMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ImportSecretKeyRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.IntMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.KeyIdMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.LongArrayMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.LongMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.P11KeyResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ShowDetailsRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.SignRequest; import org.xipki.security.util.KeyUtil; import org.xipki.util.LogUtil; import org.xipki.util.cbor.ByteArrayCborEncoder; diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java index 8627f13..fa75e9d 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java @@ -9,7 +9,11 @@ import org.xipki.pkcs11.wrapper.PKCS11KeyId; import org.xipki.pkcs11.wrapper.TokenException; import org.xipki.pkcs11.wrapper.params.ExtraParams; -import org.xipki.security.pkcs11.*; +import org.xipki.security.pkcs11.P11Key; +import org.xipki.security.pkcs11.P11ModuleConf; +import org.xipki.security.pkcs11.P11Params; +import org.xipki.security.pkcs11.P11Slot; +import org.xipki.security.pkcs11.P11SlotId; import org.xipki.util.Args; import org.xipki.util.cbor.CborDecoder; import org.xipki.util.cbor.CborEncodable; @@ -19,7 +23,13 @@ import java.io.IOException; import java.math.BigInteger; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; /** * The CBOR message. diff --git a/security/src/main/java/org/xipki/security/pkcs12/AESGmacContentSigner.java b/security/src/main/java/org/xipki/security/pkcs12/AESGmacContentSigner.java index 9a285ef..d3bac7b 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/AESGmacContentSigner.java +++ b/security/src/main/java/org/xipki/security/pkcs12/AESGmacContentSigner.java @@ -12,11 +12,19 @@ import org.xipki.util.Args; import org.xipki.util.IoUtil; -import javax.crypto.*; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; import java.io.IOException; import java.io.OutputStream; -import java.security.*; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.SecureRandom; /** * AES GMAC signer. diff --git a/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java b/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java index 92a571c..9dbf5a4 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java +++ b/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java @@ -5,7 +5,16 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.*; +import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; +import org.bouncycastle.asn1.x509.BasicConstraints; +import org.bouncycastle.asn1.x509.ExtendedKeyUsage; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.KeyPurposeId; +import org.bouncycastle.asn1.x509.KeyUsage; +import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.operator.ContentSigner; @@ -16,7 +25,13 @@ import org.xipki.security.util.AlgorithmUtil; import org.xipki.security.util.KeyUtil; import org.xipki.security.util.X509Util; -import org.xipki.util.*; +import org.xipki.util.CollectionUtil; +import org.xipki.util.IoUtil; +import org.xipki.util.JSON; +import org.xipki.util.PemEncoder; +import org.xipki.util.StringUtil; +import org.xipki.util.ValidableConf; +import org.xipki.util.Validity; import org.xipki.util.exception.InvalidConfException; import java.io.ByteArrayOutputStream; @@ -26,10 +41,22 @@ import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.nio.file.Path; -import java.security.*; +import java.security.KeyPair; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.SecureRandom; +import java.security.Security; import java.time.Instant; import java.time.temporal.ChronoUnit; -import java.util.*; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Set; /** * Generate keypairs and certificates. diff --git a/security/src/main/java/org/xipki/security/pkcs12/KeypairWithCert.java b/security/src/main/java/org/xipki/security/pkcs12/KeypairWithCert.java index caf148c..601be99 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/KeypairWithCert.java +++ b/security/src/main/java/org/xipki/security/pkcs12/KeypairWithCert.java @@ -14,7 +14,12 @@ import java.io.IOException; import java.io.InputStream; -import java.security.*; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.UnrecoverableKeyException; import java.security.cert.CertPathBuilderException; import java.security.cert.Certificate; import java.security.cert.CertificateException; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12ContentSignerBuilder.java b/security/src/main/java/org/xipki/security/pkcs12/P12ContentSignerBuilder.java index 1a91b89..74e8c50 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12ContentSignerBuilder.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12ContentSignerBuilder.java @@ -7,19 +7,39 @@ import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.Signer; import org.bouncycastle.crypto.params.AsymmetricKeyParameter; -import org.bouncycastle.crypto.signers.*; +import org.bouncycastle.crypto.signers.DSADigestSigner; +import org.bouncycastle.crypto.signers.DSASigner; +import org.bouncycastle.crypto.signers.ECDSASigner; +import org.bouncycastle.crypto.signers.RSADigestSigner; +import org.bouncycastle.crypto.signers.SM2Signer; import org.bouncycastle.jcajce.provider.asymmetric.dsa.DSAUtil; import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.bc.BcContentSignerBuilder; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.DSAPlainDigestSigner; +import org.xipki.security.DfltConcurrentContentSigner; +import org.xipki.security.SignAlgo; +import org.xipki.security.SignatureSigner; +import org.xipki.security.X509Cert; +import org.xipki.security.XiContentSigner; +import org.xipki.security.XiSecurityException; +import org.xipki.security.XiWrappedContentSigner; import org.xipki.security.util.GMUtil; import org.xipki.security.util.SignerUtil; import org.xipki.util.Args; import org.xipki.util.CollectionUtil; -import java.security.*; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Security; +import java.security.Signature; +import java.security.SignatureException; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.RSAPrivateKey; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java b/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java index 935ff69..7fb1cf8 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java @@ -8,12 +8,23 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSAPublicKey; import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.BasicConstraints; +import org.bouncycastle.asn1.x509.ExtendedKeyUsage; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.KeyPurposeId; import org.bouncycastle.asn1.x509.KeyUsage; -import org.bouncycastle.asn1.x509.*; +import org.bouncycastle.asn1.x509.SubjectKeyIdentifier; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.cert.X509v3CertificateBuilder; import org.bouncycastle.operator.ContentSigner; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.EdECConstants; +import org.xipki.security.HashAlgo; +import org.xipki.security.SignAlgo; +import org.xipki.security.SignatureSigner; +import org.xipki.security.X509Cert; import org.xipki.security.util.GMUtil; import org.xipki.security.util.KeyUtil; import org.xipki.security.util.X509Util; @@ -24,7 +35,12 @@ import javax.crypto.spec.SecretKeySpec; import java.io.ByteArrayOutputStream; import java.math.BigInteger; -import java.security.*; +import java.security.KeyPair; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Signature; import java.security.cert.Certificate; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.ECPrivateKey; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12MacContentSignerBuilder.java b/security/src/main/java/org/xipki/security/pkcs12/P12MacContentSignerBuilder.java index ff02e14..fff30e6 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12MacContentSignerBuilder.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12MacContentSignerBuilder.java @@ -3,7 +3,12 @@ package org.xipki.security.pkcs12; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.DfltConcurrentContentSigner; +import org.xipki.security.HashAlgo; +import org.xipki.security.SignAlgo; +import org.xipki.security.XiContentSigner; +import org.xipki.security.XiSecurityException; import org.xipki.security.util.KeyUtil; import org.xipki.util.Args; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12SignerFactory.java b/security/src/main/java/org/xipki/security/pkcs12/P12SignerFactory.java index 09bcb40..67b9e86 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12SignerFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12SignerFactory.java @@ -7,7 +7,14 @@ import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.xipki.password.PasswordResolverException; import org.xipki.password.Passwords; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.EdECConstants; +import org.xipki.security.SecurityFactory; +import org.xipki.security.SignAlgo; +import org.xipki.security.SignerConf; +import org.xipki.security.SignerFactory; +import org.xipki.security.X509Cert; +import org.xipki.security.XiSecurityException; import org.xipki.util.Base64; import org.xipki.util.IoUtil; import org.xipki.util.StringUtil; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12XdhMacContentSignerBuilder.java b/security/src/main/java/org/xipki/security/pkcs12/P12XdhMacContentSignerBuilder.java index 5179173..f3a16e0 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12XdhMacContentSignerBuilder.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12XdhMacContentSignerBuilder.java @@ -9,14 +9,25 @@ import org.bouncycastle.asn1.pkcs.IssuerAndSerialNumber; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.operator.RuntimeOperatorException; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.DfltConcurrentContentSigner; +import org.xipki.security.EdECConstants; +import org.xipki.security.HashAlgo; +import org.xipki.security.SignAlgo; +import org.xipki.security.X509Cert; +import org.xipki.security.XiContentSigner; +import org.xipki.security.XiSecurityException; import org.xipki.util.Args; import javax.crypto.KeyAgreement; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import java.io.IOException; -import java.security.*; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; import java.util.ArrayList; import java.util.Arrays; import java.util.List; diff --git a/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java b/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java index b0211f9..d5a686d 100644 --- a/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java @@ -6,7 +6,11 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.SecurityFactory; +import org.xipki.security.SignAlgo; +import org.xipki.security.SignerConf; +import org.xipki.security.X509Cert; import org.xipki.util.Args; import org.xipki.util.BenchmarkExecutor; import org.xipki.util.ConfPairs; diff --git a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java index 004c7e9..819cf47 100644 --- a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java @@ -17,7 +17,13 @@ import org.xipki.security.pkcs11.P11Slot.P11NewKeyControl; import org.xipki.security.pkcs11.P11SlotId; import org.xipki.security.util.AlgorithmUtil; -import org.xipki.util.*; +import org.xipki.util.Args; +import org.xipki.util.BenchmarkExecutor; +import org.xipki.util.ConfPairs; +import org.xipki.util.Hex; +import org.xipki.util.LogUtil; +import org.xipki.util.RandomUtil; +import org.xipki.util.StringUtil; import org.xipki.util.exception.ObjectCreationException; import java.math.BigInteger; diff --git a/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java b/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java index 1e5c976..ec843b0 100644 --- a/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java @@ -7,12 +7,21 @@ import org.bouncycastle.asn1.gm.GMObjectIdentifiers; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.EdECConstants; +import org.xipki.security.SecurityFactory; +import org.xipki.security.SignerConf; +import org.xipki.security.X509Cert; import org.xipki.security.pkcs12.KeyStoreWrapper; import org.xipki.security.pkcs12.KeystoreGenerationParameters; import org.xipki.security.pkcs12.P12KeyGenerator; import org.xipki.security.util.AlgorithmUtil; -import org.xipki.util.*; +import org.xipki.util.Args; +import org.xipki.util.Base64; +import org.xipki.util.BenchmarkExecutor; +import org.xipki.util.ConfPairs; +import org.xipki.util.IoUtil; +import org.xipki.util.RandomUtil; import java.io.IOException; import java.io.InputStream; diff --git a/security/src/main/java/org/xipki/security/util/AlgorithmUtil.java b/security/src/main/java/org/xipki/security/util/AlgorithmUtil.java index b7e0632..9284c8c 100644 --- a/security/src/main/java/org/xipki/security/util/AlgorithmUtil.java +++ b/security/src/main/java/org/xipki/security/util/AlgorithmUtil.java @@ -10,7 +10,14 @@ import org.xipki.util.Args; import org.xipki.util.StringUtil; -import java.util.*; +import java.util.Collections; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; /** * Algorithm utility class. diff --git a/security/src/main/java/org/xipki/security/util/KeyUtil.java b/security/src/main/java/org/xipki/security/util/KeyUtil.java index f0b91d2..d085e5b 100644 --- a/security/src/main/java/org/xipki/security/util/KeyUtil.java +++ b/security/src/main/java/org/xipki/security/util/KeyUtil.java @@ -3,14 +3,29 @@ package org.xipki.security.util; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Integer; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1OctetString; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.DERSequence; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.asn1.x9.X962Parameters; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.crypto.params.*; +import org.bouncycastle.crypto.params.AsymmetricKeyParameter; +import org.bouncycastle.crypto.params.DSAParameters; +import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters; +import org.bouncycastle.crypto.params.Ed448PublicKeyParameters; +import org.bouncycastle.crypto.params.RSAKeyParameters; +import org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters; +import org.bouncycastle.crypto.params.X25519PublicKeyParameters; +import org.bouncycastle.crypto.params.X448PublicKeyParameters; import org.bouncycastle.crypto.util.PrivateKeyFactory; import org.bouncycastle.jcajce.interfaces.EdDSAKey; import org.bouncycastle.jcajce.interfaces.XDHKey; @@ -26,9 +41,36 @@ import java.io.IOException; import java.math.BigInteger; -import java.security.*; -import java.security.interfaces.*; -import java.security.spec.*; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.RSAKeyGenParameterSpec; +import java.security.spec.RSAPublicKeySpec; +import java.security.spec.X509EncodedKeySpec; import java.util.Arrays; import java.util.Optional; diff --git a/security/src/main/java/org/xipki/security/util/X509Util.java b/security/src/main/java/org/xipki/security/util/X509Util.java index b8eeed8..d464e8f 100644 --- a/security/src/main/java/org/xipki/security/util/X509Util.java +++ b/security/src/main/java/org/xipki/security/util/X509Util.java @@ -3,7 +3,22 @@ package org.xipki.security.util; -import org.bouncycastle.asn1.*; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1EncodableVector; +import org.bouncycastle.asn1.ASN1Encoding; +import org.bouncycastle.asn1.ASN1GeneralizedTime; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.ASN1Set; +import org.bouncycastle.asn1.ASN1String; +import org.bouncycastle.asn1.ASN1UTCTime; +import org.bouncycastle.asn1.BERTags; +import org.bouncycastle.asn1.DERNull; +import org.bouncycastle.asn1.DERPrintableString; +import org.bouncycastle.asn1.DERSequence; +import org.bouncycastle.asn1.DERTaggedObject; +import org.bouncycastle.asn1.DERUTF8String; +import org.bouncycastle.asn1.DERUniversalString; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.CertificationRequest; import org.bouncycastle.asn1.pkcs.CertificationRequestInfo; @@ -14,9 +29,19 @@ import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x500.style.BCStyle; import org.bouncycastle.asn1.x500.style.IETFUtils; +import org.bouncycastle.asn1.x509.AccessDescription; +import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.Certificate; +import org.bouncycastle.asn1.x509.DSAParameter; +import org.bouncycastle.asn1.x509.ExtendedKeyUsage; import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.*; +import org.bouncycastle.asn1.x509.Extensions; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.KeyPurposeId; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x509.Time; import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.cert.X509CRLHolder; import org.bouncycastle.cert.X509CertificateHolder; @@ -24,21 +49,56 @@ import org.bouncycastle.util.io.pem.PemReader; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.xipki.security.BadInputException; +import org.xipki.security.EdECConstants; +import org.xipki.security.FpIdCalculator; import org.xipki.security.KeyUsage; -import org.xipki.security.*; +import org.xipki.security.ObjectIdentifiers; +import org.xipki.security.X509Cert; +import org.xipki.security.XiSecurityException; import org.xipki.security.asn1.Asn1StreamParser; +import org.xipki.util.Args; import org.xipki.util.Base64; -import org.xipki.util.*; +import org.xipki.util.CollectionUtil; +import org.xipki.util.CompareUtil; +import org.xipki.util.ConfPairs; +import org.xipki.util.FileOrBinary; +import org.xipki.util.Hex; +import org.xipki.util.IoUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.PemEncoder; import org.xipki.util.PemEncoder.PemLabel; +import org.xipki.util.StringUtil; import org.xipki.util.exception.InvalidConfException; -import java.io.*; +import java.io.BufferedInputStream; +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringReader; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.security.NoSuchProviderException; -import java.security.cert.*; +import java.security.cert.CRLException; +import java.security.cert.CertPathBuilderException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; import static org.xipki.util.Args.notNull; diff --git a/security/src/test/java/org/xipki/security/pkcs12/test/CmsEnveloperTest.java b/security/src/test/java/org/xipki/security/pkcs12/test/CmsEnveloperTest.java index 50f099d..df798b2 100644 --- a/security/src/test/java/org/xipki/security/pkcs12/test/CmsEnveloperTest.java +++ b/security/src/test/java/org/xipki/security/pkcs12/test/CmsEnveloperTest.java @@ -10,10 +10,26 @@ import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.RSAESOAEPparams; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cms.*; +import org.bouncycastle.cms.CMSAlgorithm; +import org.bouncycastle.cms.CMSEnvelopedData; +import org.bouncycastle.cms.CMSEnvelopedDataGenerator; +import org.bouncycastle.cms.CMSException; +import org.bouncycastle.cms.CMSProcessableByteArray; +import org.bouncycastle.cms.PasswordRecipient; +import org.bouncycastle.cms.PasswordRecipientInformation; +import org.bouncycastle.cms.RecipientId; +import org.bouncycastle.cms.RecipientInformation; +import org.bouncycastle.cms.RecipientInformationStore; import org.bouncycastle.cms.bc.BcPasswordEnvelopedRecipient; import org.bouncycastle.cms.bc.BcPasswordRecipientInfoGenerator; -import org.bouncycastle.cms.jcajce.*; +import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; +import org.bouncycastle.cms.jcajce.JceKEKEnvelopedRecipient; +import org.bouncycastle.cms.jcajce.JceKEKRecipientInfoGenerator; +import org.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipient; +import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientId; +import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator; +import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; +import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.util.encoders.Hex; import org.junit.Assert; @@ -27,7 +43,11 @@ import java.io.InputStream; import java.nio.file.Files; import java.nio.file.Paths; -import java.security.*; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.Security; import java.security.cert.X509Certificate; import java.util.Iterator; diff --git a/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java b/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java index 8da830a..ccc3e4b 100644 --- a/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java +++ b/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java @@ -8,7 +8,12 @@ import org.bouncycastle.asn1.x509.CRLReason; import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.cert.X509v2CRLBuilder; -import org.xipki.security.*; +import org.xipki.security.ConcurrentContentSigner; +import org.xipki.security.Securities; +import org.xipki.security.SignatureAlgoControl; +import org.xipki.security.SignerConf; +import org.xipki.security.X509Cert; +import org.xipki.security.XiContentSigner; import org.xipki.util.ConcurrentBag.BagEntry; import org.xipki.util.ConfPairs; import org.xipki.util.IoUtil; diff --git a/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java b/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java index df54806..8fae34e 100644 --- a/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java +++ b/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java @@ -7,7 +7,12 @@ import org.slf4j.LoggerFactory; import org.xipki.util.http.XiHttpFilter; -import javax.servlet.*; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; diff --git a/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java b/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java index 6015124..8a6cb72 100644 --- a/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java +++ b/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java @@ -3,7 +3,12 @@ package org.xipki.servlet5; -import jakarta.servlet.*; +import jakarta.servlet.Filter; +import jakarta.servlet.FilterChain; +import jakarta.servlet.FilterConfig; +import jakarta.servlet.ServletException; +import jakarta.servlet.ServletRequest; +import jakarta.servlet.ServletResponse; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.slf4j.Logger; diff --git a/shell-base/src/main/java/org/xipki/shell/Actions.java b/shell-base/src/main/java/org/xipki/shell/Actions.java index 4406fba..9d86794 100644 --- a/shell-base/src/main/java/org/xipki/shell/Actions.java +++ b/shell-base/src/main/java/org/xipki/shell/Actions.java @@ -10,9 +10,12 @@ import org.apache.karaf.shell.api.action.lifecycle.Reference; import org.apache.karaf.shell.api.action.lifecycle.Service; import org.apache.karaf.shell.support.completers.FileCompleter; +import org.xipki.util.Args; import org.xipki.util.Base64; -import org.xipki.util.*; import org.xipki.util.Curl.CurlResult; +import org.xipki.util.FileUtils; +import org.xipki.util.IoUtil; +import org.xipki.util.StringUtil; import org.xipki.util.http.HttpStatusCode; import java.io.BufferedReader; @@ -22,7 +25,12 @@ import java.nio.file.Files; import java.text.SimpleDateFormat; import java.time.Instant; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.StringTokenizer; /** * Basic actions. diff --git a/shell-base/src/main/java/org/xipki/shell/Completers.java b/shell-base/src/main/java/org/xipki/shell/Completers.java index 7f46851..c680659 100644 --- a/shell-base/src/main/java/org/xipki/shell/Completers.java +++ b/shell-base/src/main/java/org/xipki/shell/Completers.java @@ -7,8 +7,14 @@ import org.apache.karaf.shell.support.completers.FileCompleter; import java.nio.file.Path; -import java.util.*; +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; import java.util.Map.Entry; +import java.util.Set; /** * Completers for actions. diff --git a/shell-base/src/main/java/org/xipki/shell/EnumCompleter.java b/shell-base/src/main/java/org/xipki/shell/EnumCompleter.java index 4c5781d..95eac83 100644 --- a/shell-base/src/main/java/org/xipki/shell/EnumCompleter.java +++ b/shell-base/src/main/java/org/xipki/shell/EnumCompleter.java @@ -8,7 +8,11 @@ import org.apache.karaf.shell.api.console.Session; import org.apache.karaf.shell.support.completers.StringsCompleter; -import java.util.*; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; /** * Completer with static enums. diff --git a/shell-base/src/main/java/org/xipki/shell/XiAction.java b/shell-base/src/main/java/org/xipki/shell/XiAction.java index 40b9082..68c0052 100644 --- a/shell-base/src/main/java/org/xipki/shell/XiAction.java +++ b/shell-base/src/main/java/org/xipki/shell/XiAction.java @@ -11,8 +11,16 @@ import org.xipki.password.PasswordResolverException; import org.xipki.password.Passwords; import org.xipki.password.SecurePasswordInputPanel; -import org.xipki.util.*; +import org.xipki.util.Base64; +import org.xipki.util.CollectionUtil; +import org.xipki.util.ConfPairs; +import org.xipki.util.Hex; +import org.xipki.util.IoUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.PemEncoder; import org.xipki.util.PemEncoder.PemLabel; +import org.xipki.util.RandomUtil; +import org.xipki.util.StringUtil; import java.io.ByteArrayInputStream; import java.io.File; diff --git a/util/src/main/java/org/xipki/util/Args.java b/util/src/main/java/org/xipki/util/Args.java index edc67c1..3002de6 100644 --- a/util/src/main/java/org/xipki/util/Args.java +++ b/util/src/main/java/org/xipki/util/Args.java @@ -3,7 +3,12 @@ package org.xipki.util; -import java.util.*; +import java.util.Collection; +import java.util.Dictionary; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; /** * Utility class to validate the parameters. diff --git a/util/src/main/java/org/xipki/util/BatchReplace.java b/util/src/main/java/org/xipki/util/BatchReplace.java index 8bf9891..6577c47 100644 --- a/util/src/main/java/org/xipki/util/BatchReplace.java +++ b/util/src/main/java/org/xipki/util/BatchReplace.java @@ -3,7 +3,12 @@ package org.xipki.util; -import java.io.*; +import java.io.BufferedReader; +import java.io.File; +import java.io.FileOutputStream; +import java.io.FileReader; +import java.io.IOException; +import java.io.OutputStream; import java.nio.charset.StandardCharsets; import java.util.List; import java.util.Map; diff --git a/util/src/main/java/org/xipki/util/CollectionUtil.java b/util/src/main/java/org/xipki/util/CollectionUtil.java index 8e96a4a..78391cd 100644 --- a/util/src/main/java/org/xipki/util/CollectionUtil.java +++ b/util/src/main/java/org/xipki/util/CollectionUtil.java @@ -3,7 +3,14 @@ package org.xipki.util; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; /** * Utility class for operations on {@link Collection}, {@link Set}, {@link List}, {@link Map}, diff --git a/util/src/main/java/org/xipki/util/ConcurrentBag.java b/util/src/main/java/org/xipki/util/ConcurrentBag.java index 431d763..dafd500 100644 --- a/util/src/main/java/org/xipki/util/ConcurrentBag.java +++ b/util/src/main/java/org/xipki/util/ConcurrentBag.java @@ -22,7 +22,15 @@ import java.lang.ref.WeakReference; import java.lang.reflect.Array; -import java.util.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Comparator; +import java.util.Iterator; +import java.util.List; +import java.util.ListIterator; +import java.util.NoSuchElementException; +import java.util.RandomAccess; +import java.util.Spliterator; import java.util.concurrent.CopyOnWriteArrayList; import java.util.concurrent.SynchronousQueue; import java.util.concurrent.TimeUnit; diff --git a/util/src/main/java/org/xipki/util/ConfPairs.java b/util/src/main/java/org/xipki/util/ConfPairs.java index d524bcb..75edcbf 100644 --- a/util/src/main/java/org/xipki/util/ConfPairs.java +++ b/util/src/main/java/org/xipki/util/ConfPairs.java @@ -3,8 +3,17 @@ package org.xipki.util; -import java.util.*; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Locale; +import java.util.Map; import java.util.Map.Entry; +import java.util.Set; /** * Container of name-value pairs. diff --git a/util/src/main/java/org/xipki/util/DefaultCurl.java b/util/src/main/java/org/xipki/util/DefaultCurl.java index e5f775d..0465ab7 100644 --- a/util/src/main/java/org/xipki/util/DefaultCurl.java +++ b/util/src/main/java/org/xipki/util/DefaultCurl.java @@ -19,8 +19,13 @@ import java.net.HttpURLConnection; import java.net.URL; import java.nio.file.Path; -import java.util.*; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; import java.util.Map.Entry; +import java.util.Set; /** * An implementation of {@link Curl}. diff --git a/util/src/main/java/org/xipki/util/IoUtil.java b/util/src/main/java/org/xipki/util/IoUtil.java index 90918fa..89737ae 100644 --- a/util/src/main/java/org/xipki/util/IoUtil.java +++ b/util/src/main/java/org/xipki/util/IoUtil.java @@ -6,8 +6,22 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.io.*; -import java.net.*; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.Closeable; +import java.io.Console; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.RandomAccessFile; +import java.net.HttpURLConnection; +import java.net.Inet4Address; +import java.net.InetAddress; +import java.net.NetworkInterface; +import java.net.SocketException; +import java.net.URL; +import java.net.URLConnection; +import java.net.UnknownHostException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; diff --git a/util/src/main/java/org/xipki/util/JSON.java b/util/src/main/java/org/xipki/util/JSON.java index 19baa47..903615b 100644 --- a/util/src/main/java/org/xipki/util/JSON.java +++ b/util/src/main/java/org/xipki/util/JSON.java @@ -8,13 +8,24 @@ import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.TreeNode; -import com.fasterxml.jackson.core.json.JsonReadFeature; -import com.fasterxml.jackson.databind.*; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectWriter; +import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.module.SimpleModule; import com.fasterxml.jackson.databind.node.TextNode; import com.fasterxml.jackson.databind.node.ValueNode; -import java.io.*; +import java.io.BufferedReader; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.Reader; +import java.io.StringReader; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; diff --git a/util/src/main/java/org/xipki/util/StringUtil.java b/util/src/main/java/org/xipki/util/StringUtil.java index 242e8f4..fac19c1 100644 --- a/util/src/main/java/org/xipki/util/StringUtil.java +++ b/util/src/main/java/org/xipki/util/StringUtil.java @@ -6,7 +6,15 @@ import java.math.BigInteger; import java.net.URL; import java.nio.charset.StandardCharsets; -import java.util.*; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Locale; +import java.util.Set; +import java.util.StringTokenizer; import java.util.jar.Attributes; import java.util.jar.Manifest; diff --git a/util/src/main/java/org/xipki/util/http/HttpResponse.java b/util/src/main/java/org/xipki/util/http/HttpResponse.java index 2fe506a..fe9ea1d 100644 --- a/util/src/main/java/org/xipki/util/http/HttpResponse.java +++ b/util/src/main/java/org/xipki/util/http/HttpResponse.java @@ -7,7 +7,11 @@ import org.xipki.util.CollectionUtil; import java.io.IOException; -import java.util.*; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; /** * diff --git a/util/src/main/java/org/xipki/util/http/SslContextBuilder.java b/util/src/main/java/org/xipki/util/http/SslContextBuilder.java index 51f24df..793ccb2 100644 --- a/util/src/main/java/org/xipki/util/http/SslContextBuilder.java +++ b/util/src/main/java/org/xipki/util/http/SslContextBuilder.java @@ -31,12 +31,23 @@ import org.xipki.util.Args; -import javax.net.ssl.*; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.nio.file.Files; -import java.security.*; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.Security; +import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.Collection; import java.util.Collections; diff --git a/util/src/main/java/org/xipki/util/http/SslContextConf.java b/util/src/main/java/org/xipki/util/http/SslContextConf.java index ac6446d..2274ac2 100644 --- a/util/src/main/java/org/xipki/util/http/SslContextConf.java +++ b/util/src/main/java/org/xipki/util/http/SslContextConf.java @@ -13,7 +13,11 @@ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; -import java.io.*; +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; import java.security.KeyStore; import java.security.cert.Certificate; import java.security.cert.CertificateException; diff --git a/util/src/test/java/org/xipki/common/test/CanonicalizeCode.java b/util/src/test/java/org/xipki/common/test/CanonicalizeCode.java index 31ae0a0..4f6fcd4 100644 --- a/util/src/test/java/org/xipki/common/test/CanonicalizeCode.java +++ b/util/src/test/java/org/xipki/common/test/CanonicalizeCode.java @@ -6,9 +6,20 @@ import org.xipki.util.IoUtil; import org.xipki.util.StringUtil; -import java.io.*; +import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; import java.nio.file.Files; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; /** * Canonicalize the text files. From 998f1548cfbf485cdcc69bec63ca3d917892b8af Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sun, 31 Dec 2023 16:42:23 +0100 Subject: [PATCH 21/36] CanonicalizeCode.java: remove redundant code --- .../xipki/common/test/CanonicalizeCode.java | 37 ++----------------- util/src/test/resources/HEADER.txt | 2 - 2 files changed, 3 insertions(+), 36 deletions(-) delete mode 100644 util/src/test/resources/HEADER.txt diff --git a/util/src/test/java/org/xipki/common/test/CanonicalizeCode.java b/util/src/test/java/org/xipki/common/test/CanonicalizeCode.java index 4f6fcd4..ec4dd20 100644 --- a/util/src/test/java/org/xipki/common/test/CanonicalizeCode.java +++ b/util/src/test/java/org/xipki/common/test/CanonicalizeCode.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.common.test; @@ -13,9 +13,7 @@ import java.io.InputStream; import java.io.OutputStream; import java.nio.file.Files; -import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.HashSet; import java.util.LinkedList; import java.util.List; @@ -31,39 +29,15 @@ public class CanonicalizeCode { private static final int MAX_COUNT_IN_LINE = 120; - private static final List headerLines = new ArrayList<>(20); - private static final Set textFileExtensions = new HashSet<>( Arrays.asList("txt", "xml", "xsd", "cfg", "properties", "script", "jxb", "info")); - private static final Set excludeTextFiles = - new HashSet<>(Collections.singletonList("draft-gutmann-scep-00.txt")); - - private static Throwable initializationError; + private static final Set excludeTextFiles = new HashSet<>(); private final String baseDir; private final int baseDirLen; - static { - try { - String path = "src/test/resources/HEADER.txt"; - File file = new File(path); - if (!file.exists()) { - file = new File("util/" + path); - } - - BufferedReader reader = Files.newBufferedReader(file.toPath()); - String line; - while ((line = reader.readLine()) != null) { - headerLines.add(StringUtil.toUtf8Bytes(line)); - } - reader.close(); - } catch (Throwable th) { - initializationError = th; - } - } - private CanonicalizeCode(String baseDir) { baseDir = IoUtil.expandFilepath(baseDir); this.baseDir = baseDir.endsWith(File.separator) ? baseDir : baseDir + File.separator; @@ -71,11 +45,6 @@ private CanonicalizeCode(String baseDir) { } public static void main(String[] args) { - if (initializationError != null) { - initializationError.printStackTrace(); - return; - } - for (String arg : args) { try { System.out.println("Canonicalize dir " + arg); @@ -328,7 +297,7 @@ private static String canonicalizeLine(String line) { */ private static String canonicalizeTextLine(String line) { return removeTrailingSpaces(line).replaceAll("\t", " "); - } // end canonicalizeTextLine + } private static String removeTrailingSpaces(String line) { final int n = line.length(); diff --git a/util/src/test/resources/HEADER.txt b/util/src/test/resources/HEADER.txt deleted file mode 100644 index 33a1609..0000000 --- a/util/src/test/resources/HEADER.txt +++ /dev/null @@ -1,2 +0,0 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. -// License Apache License 2.0 From a17181c7c90a22b10df4cd787389dae42a71f0ad Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Sun, 31 Dec 2023 16:43:03 +0100 Subject: [PATCH 22/36] happy new year 2024. --- .../java/org/xipki/audit/extra/DatabaseMacAuditService.java | 2 +- audit/src/main/java/org/xipki/audit/AuditEvent.java | 2 +- audit/src/main/java/org/xipki/audit/AuditEventData.java | 2 +- audit/src/main/java/org/xipki/audit/AuditLevel.java | 2 +- audit/src/main/java/org/xipki/audit/AuditService.java | 2 +- .../main/java/org/xipki/audit/AuditServiceRuntimeException.java | 2 +- audit/src/main/java/org/xipki/audit/AuditStatus.java | 2 +- audit/src/main/java/org/xipki/audit/Audits.java | 2 +- audit/src/main/java/org/xipki/audit/PciAuditEvent.java | 2 +- .../main/java/org/xipki/audit/services/EmbedAuditService.java | 2 +- .../main/java/org/xipki/audit/services/FileMacAuditService.java | 2 +- .../src/main/java/org/xipki/audit/services/MacAuditService.java | 2 +- .../main/java/org/xipki/audit/services/NoopAuditService.java | 2 +- .../src/main/java/org/xipki/datasource/DataSourceConf.java | 2 +- .../src/main/java/org/xipki/datasource/DataSourceFactory.java | 2 +- .../src/main/java/org/xipki/datasource/DataSourceWrapper.java | 2 +- datasource/src/main/java/org/xipki/datasource/DatabaseType.java | 2 +- datasource/src/main/java/org/xipki/datasource/ScriptRunner.java | 2 +- .../src/main/java/org/xipki/datasource/SqlErrorCodes.java | 2 +- .../src/main/java/org/xipki/datasource/SqlStateCodes.java | 2 +- password/src/main/java/org/xipki/password/Args.java | 2 +- password/src/main/java/org/xipki/password/ConfPairs.java | 2 +- .../src/main/java/org/xipki/password/OBFPasswordService.java | 2 +- password/src/main/java/org/xipki/password/PBEAlgo.java | 2 +- .../src/main/java/org/xipki/password/PBEPasswordService.java | 2 +- .../main/java/org/xipki/password/PasswordBasedEncryption.java | 2 +- password/src/main/java/org/xipki/password/PasswordCallback.java | 2 +- password/src/main/java/org/xipki/password/PasswordResolver.java | 2 +- .../main/java/org/xipki/password/PasswordResolverException.java | 2 +- password/src/main/java/org/xipki/password/Passwords.java | 2 +- .../main/java/org/xipki/password/SecurePasswordInputPanel.java | 2 +- .../org/xipki/password/demo/PassThroughPasswordCallback.java | 2 +- .../xipki/password/demo/PassThroughSinglePasswordResolver.java | 2 +- .../org/xipki/password/test/PBEWithHmacSHA256AndAES256Test.java | 2 +- .../src/main/java/org/xipki/security/shell/Actions.java | 2 +- .../src/main/java/org/xipki/security/shell/JceActions.java | 2 +- .../src/main/java/org/xipki/security/shell/P11Actions.java | 2 +- .../src/main/java/org/xipki/security/shell/P12Actions.java | 2 +- .../src/main/java/org/xipki/security/shell/PasswordActions.java | 2 +- .../src/main/java/org/xipki/security/shell/QaCompleters.java | 2 +- .../main/java/org/xipki/security/shell/QaSecurityActions.java | 2 +- .../main/java/org/xipki/security/shell/SecurityCompleters.java | 2 +- .../main/java/org/xipki/security/AbstractSecurityFactory.java | 2 +- .../src/main/java/org/xipki/security/AlgorithmValidator.java | 2 +- .../src/main/java/org/xipki/security/BadInputException.java | 2 +- .../src/main/java/org/xipki/security/CertRevocationInfo.java | 2 +- .../main/java/org/xipki/security/CertpathValidationModel.java | 2 +- .../java/org/xipki/security/CollectionAlgorithmValidator.java | 2 +- .../main/java/org/xipki/security/ConcurrentContentSigner.java | 2 +- security/src/main/java/org/xipki/security/CrlReason.java | 2 +- security/src/main/java/org/xipki/security/CryptException.java | 2 +- .../main/java/org/xipki/security/DHSigStaticKeyCertPair.java | 2 +- .../src/main/java/org/xipki/security/DSAPlainDigestSigner.java | 2 +- .../java/org/xipki/security/DfltConcurrentContentSigner.java | 2 +- security/src/main/java/org/xipki/security/EdECConstants.java | 2 +- security/src/main/java/org/xipki/security/FpIdCalculator.java | 2 +- security/src/main/java/org/xipki/security/HashAlgo.java | 2 +- security/src/main/java/org/xipki/security/HashCalculator.java | 2 +- security/src/main/java/org/xipki/security/IssuerHash.java | 2 +- security/src/main/java/org/xipki/security/KeyCertBytesPair.java | 2 +- security/src/main/java/org/xipki/security/KeyUsage.java | 2 +- .../src/main/java/org/xipki/security/NoIdleSignerException.java | 2 +- .../src/main/java/org/xipki/security/ObjectIdentifiers.java | 2 +- security/src/main/java/org/xipki/security/Providers.java | 2 +- security/src/main/java/org/xipki/security/Securities.java | 2 +- security/src/main/java/org/xipki/security/SecurityFactory.java | 2 +- .../src/main/java/org/xipki/security/SecurityFactoryImpl.java | 2 +- security/src/main/java/org/xipki/security/SignAlgo.java | 2 +- .../src/main/java/org/xipki/security/SignatureAlgoControl.java | 2 +- security/src/main/java/org/xipki/security/SignatureSigner.java | 2 +- security/src/main/java/org/xipki/security/SignerConf.java | 2 +- security/src/main/java/org/xipki/security/SignerFactory.java | 2 +- .../src/main/java/org/xipki/security/SignerFactoryRegister.java | 2 +- .../main/java/org/xipki/security/SignerFactoryRegisterImpl.java | 2 +- security/src/main/java/org/xipki/security/TlsExtensionType.java | 2 +- security/src/main/java/org/xipki/security/X509Cert.java | 2 +- security/src/main/java/org/xipki/security/XiContentSigner.java | 2 +- .../src/main/java/org/xipki/security/XiSecurityException.java | 2 +- .../main/java/org/xipki/security/XiWrappedContentSigner.java | 2 +- .../src/main/java/org/xipki/security/asn1/Asn1StreamParser.java | 2 +- .../src/main/java/org/xipki/security/asn1/CrlStreamParser.java | 2 +- .../xipki/security/bc/XiECContentVerifierProviderBuilder.java | 2 +- .../org/xipki/security/bc/XiEdDSAContentVerifierProvider.java | 2 +- .../xipki/security/bc/XiRSAContentVerifierProviderBuilder.java | 2 +- .../org/xipki/security/bc/XiXDHContentVerifierProvider.java | 2 +- security/src/main/java/org/xipki/security/ctlog/CtLog.java | 2 +- .../src/main/java/org/xipki/security/ctlog/CtLogMessages.java | 2 +- security/src/main/java/org/xipki/security/jce/JceSigner.java | 2 +- .../src/main/java/org/xipki/security/jce/JceSignerBuilder.java | 2 +- .../main/java/org/xipki/security/pkcs11/DigestOutputStream.java | 2 +- .../src/main/java/org/xipki/security/pkcs11/NativeP11Key.java | 2 +- .../main/java/org/xipki/security/pkcs11/NativeP11Module.java | 2 +- .../java/org/xipki/security/pkcs11/NativeP11ModuleFactory.java | 2 +- .../src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java | 2 +- .../main/java/org/xipki/security/pkcs11/P11ContentSigner.java | 2 +- .../main/java/org/xipki/security/pkcs11/P11CryptService.java | 2 +- .../java/org/xipki/security/pkcs11/P11CryptServiceFactory.java | 2 +- .../org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java | 2 +- security/src/main/java/org/xipki/security/pkcs11/P11Key.java | 2 +- security/src/main/java/org/xipki/security/pkcs11/P11Module.java | 2 +- .../src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java | 2 +- .../main/java/org/xipki/security/pkcs11/P11ModuleFactory.java | 2 +- .../org/xipki/security/pkcs11/P11ModuleFactoryRegister.java | 2 +- .../org/xipki/security/pkcs11/P11ModuleFactoryRegisterImpl.java | 2 +- security/src/main/java/org/xipki/security/pkcs11/P11Params.java | 2 +- .../main/java/org/xipki/security/pkcs11/P11SignerFactory.java | 2 +- security/src/main/java/org/xipki/security/pkcs11/P11Slot.java | 2 +- security/src/main/java/org/xipki/security/pkcs11/P11SlotId.java | 2 +- .../src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java | 2 +- .../org/xipki/security/pkcs11/emulator/EmulatorKeyCryptor.java | 2 +- .../java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java | 2 +- .../org/xipki/security/pkcs11/emulator/EmulatorP11Module.java | 2 +- .../security/pkcs11/emulator/EmulatorP11ModuleFactory.java | 2 +- .../org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java | 2 +- .../org/xipki/security/pkcs11/emulator/EmulatorSM2Signer.java | 2 +- .../java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java | 2 +- .../org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java | 2 +- .../security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java | 2 +- .../org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java | 2 +- .../java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java | 2 +- .../java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java | 2 +- .../java/org/xipki/security/pkcs12/AESGmacContentSigner.java | 2 +- .../src/main/java/org/xipki/security/pkcs12/GenerateCerts.java | 2 +- .../main/java/org/xipki/security/pkcs12/HmacContentSigner.java | 2 +- .../main/java/org/xipki/security/pkcs12/KeyStoreWrapper.java | 2 +- .../main/java/org/xipki/security/pkcs12/KeypairWithCert.java | 2 +- .../org/xipki/security/pkcs12/KeystoreGenerationParameters.java | 2 +- .../java/org/xipki/security/pkcs12/P12ContentSignerBuilder.java | 2 +- .../main/java/org/xipki/security/pkcs12/P12KeyGenerator.java | 2 +- .../org/xipki/security/pkcs12/P12MacContentSignerBuilder.java | 2 +- .../main/java/org/xipki/security/pkcs12/P12SignerFactory.java | 2 +- .../xipki/security/pkcs12/P12XdhMacContentSignerBuilder.java | 2 +- security/src/main/java/org/xipki/security/qa/JceSignSpeed.java | 2 +- .../src/main/java/org/xipki/security/qa/P11KeyGenSpeed.java | 2 +- security/src/main/java/org/xipki/security/qa/P11SignSpeed.java | 2 +- .../src/main/java/org/xipki/security/qa/P12KeyGenSpeed.java | 2 +- security/src/main/java/org/xipki/security/qa/P12SignSpeed.java | 2 +- .../src/main/java/org/xipki/security/util/AlgorithmUtil.java | 2 +- .../main/java/org/xipki/security/util/DSAParameterCache.java | 2 +- security/src/main/java/org/xipki/security/util/GMUtil.java | 2 +- security/src/main/java/org/xipki/security/util/KeyUtil.java | 2 +- security/src/main/java/org/xipki/security/util/PKCS1Util.java | 2 +- .../src/main/java/org/xipki/security/util/RSABrokenKey.java | 2 +- security/src/main/java/org/xipki/security/util/SignerUtil.java | 2 +- security/src/main/java/org/xipki/security/util/TlsHelper.java | 2 +- security/src/main/java/org/xipki/security/util/X509Util.java | 2 +- .../java/org/xipki/security/pkcs12/test/CmsEnveloperTest.java | 2 +- .../xipki/security/pkcs12/test/Pkcs12SHA256withECDSATest.java | 2 +- .../org/xipki/security/pkcs12/test/Pkcs12SHA256withRSATest.java | 2 +- .../security/pkcs12/test/Pkcs12SHAKE128withRSAPSSTest.java | 2 +- .../security/pkcs12/test/Pkcs12SHAKE256withRSAPSSTest.java | 2 +- .../org/xipki/security/pkcs12/test/Pkcs12SignVerifyTest.java | 2 +- .../test/java/org/xipki/security/test/CrlStreamParserTest.java | 2 +- .../java/org/xipki/security/test/CrlTestVectorGenerateMain.java | 2 +- security/src/test/java/org/xipki/security/test/CtLogTest.java | 2 +- .../src/test/java/org/xipki/security/test/CtLogVerifyTest.java | 2 +- .../src/test/java/org/xipki/security/test/PKCS1UtilTest.java | 2 +- .../src/main/java/org/xipki/servlet3/ServletFilter.java | 2 +- .../src/main/java/org/xipki/servlet3/XiHttpRequestImpl.java | 2 +- .../src/main/java/org/xipki/servlet3/XiHttpResponseImpl.java | 2 +- .../src/main/java/org/xipki/servlet5/ServletFilter.java | 2 +- .../src/main/java/org/xipki/servlet5/XiHttpRequestImpl.java | 2 +- .../src/main/java/org/xipki/servlet5/XiHttpResponseImpl.java | 2 +- shell-base/src/main/java/org/xipki/shell/Actions.java | 2 +- shell-base/src/main/java/org/xipki/shell/CmdFailure.java | 2 +- shell-base/src/main/java/org/xipki/shell/Completers.java | 2 +- .../src/main/java/org/xipki/shell/DynamicEnumCompleter.java | 2 +- shell-base/src/main/java/org/xipki/shell/EnumCompleter.java | 2 +- .../src/main/java/org/xipki/shell/IllegalCmdParamException.java | 2 +- shell-base/src/main/java/org/xipki/shell/XiAction.java | 2 +- util/src/main/java/org/xipki/util/Args.java | 2 +- util/src/main/java/org/xipki/util/BatchReplace.java | 2 +- util/src/main/java/org/xipki/util/BenchmarkExecutor.java | 2 +- util/src/main/java/org/xipki/util/CollectionUtil.java | 2 +- util/src/main/java/org/xipki/util/CompareUtil.java | 2 +- util/src/main/java/org/xipki/util/ConfPairs.java | 2 +- util/src/main/java/org/xipki/util/ConfigurableProperties.java | 2 +- util/src/main/java/org/xipki/util/Curl.java | 2 +- util/src/main/java/org/xipki/util/DateUtil.java | 2 +- util/src/main/java/org/xipki/util/DefaultCurl.java | 2 +- util/src/main/java/org/xipki/util/FileOrBinary.java | 2 +- util/src/main/java/org/xipki/util/FileOrValue.java | 2 +- util/src/main/java/org/xipki/util/FileUtils.java | 2 +- util/src/main/java/org/xipki/util/Hex.java | 2 +- util/src/main/java/org/xipki/util/HourMinute.java | 2 +- util/src/main/java/org/xipki/util/HttpConstants.java | 2 +- util/src/main/java/org/xipki/util/IoUtil.java | 2 +- util/src/main/java/org/xipki/util/JSON.java | 2 +- util/src/main/java/org/xipki/util/LogUtil.java | 2 +- util/src/main/java/org/xipki/util/PemEncoder.java | 2 +- util/src/main/java/org/xipki/util/ProcessLog.java | 2 +- util/src/main/java/org/xipki/util/RandomUtil.java | 2 +- util/src/main/java/org/xipki/util/ReflectiveUtil.java | 2 +- util/src/main/java/org/xipki/util/ReqRespDebug.java | 2 +- util/src/main/java/org/xipki/util/SqlUtil.java | 2 +- util/src/main/java/org/xipki/util/StringUtil.java | 2 +- util/src/main/java/org/xipki/util/TripleState.java | 2 +- util/src/main/java/org/xipki/util/ValidableConf.java | 2 +- util/src/main/java/org/xipki/util/Validity.java | 2 +- util/src/main/java/org/xipki/util/XipkiBaseDir.java | 2 +- util/src/main/java/org/xipki/util/cbor/CborEncodable.java | 2 +- .../src/main/java/org/xipki/util/exception/DecodeException.java | 2 +- .../src/main/java/org/xipki/util/exception/EncodeException.java | 2 +- .../xipki/util/exception/InsufficientPermissionException.java | 2 +- .../java/org/xipki/util/exception/InvalidConfException.java | 2 +- .../java/org/xipki/util/exception/ObjectCreationException.java | 2 +- util/src/main/java/org/xipki/util/http/HostnameVerifiers.java | 2 +- util/src/main/java/org/xipki/util/http/HttpRespContent.java | 2 +- util/src/main/java/org/xipki/util/http/HttpResponse.java | 2 +- util/src/main/java/org/xipki/util/http/HttpStatusCode.java | 2 +- util/src/main/java/org/xipki/util/http/SslConf.java | 2 +- util/src/main/java/org/xipki/util/http/SslContextConf.java | 2 +- .../main/java/org/xipki/util/http/SslContextConfWrapper.java | 2 +- util/src/main/java/org/xipki/util/http/XiHttpClient.java | 2 +- .../main/java/org/xipki/util/http/XiHttpClientException.java | 2 +- util/src/main/java/org/xipki/util/http/XiHttpFilter.java | 2 +- util/src/main/java/org/xipki/util/http/XiHttpRequest.java | 2 +- util/src/main/java/org/xipki/util/http/XiHttpResponse.java | 2 +- util/src/test/java/org/xipki/common/test/Base64UrlTest.java | 2 +- util/src/test/java/org/xipki/common/test/ConfPairsTest.java | 2 +- util/src/test/java/org/xipki/common/test/DateTimeParseTest.java | 2 +- util/src/test/java/org/xipki/common/test/DateUtilTest.java | 2 +- .../src/main/java/org/xipki/tomcat/TomcatPasswordResolver.java | 2 +- .../src/main/java/org/xipki/tomcat/XiHttp11Nio2Protocol.java | 2 +- .../src/main/java/org/xipki/tomcat/XiHttp11NioProtocol.java | 2 +- 225 files changed, 225 insertions(+), 225 deletions(-) diff --git a/audit-extra/src/main/java/org/xipki/audit/extra/DatabaseMacAuditService.java b/audit-extra/src/main/java/org/xipki/audit/extra/DatabaseMacAuditService.java index 9b80d2c..fbe83a9 100644 --- a/audit-extra/src/main/java/org/xipki/audit/extra/DatabaseMacAuditService.java +++ b/audit-extra/src/main/java/org/xipki/audit/extra/DatabaseMacAuditService.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit.extra; diff --git a/audit/src/main/java/org/xipki/audit/AuditEvent.java b/audit/src/main/java/org/xipki/audit/AuditEvent.java index 2932786..7c4c4f1 100644 --- a/audit/src/main/java/org/xipki/audit/AuditEvent.java +++ b/audit/src/main/java/org/xipki/audit/AuditEvent.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit; diff --git a/audit/src/main/java/org/xipki/audit/AuditEventData.java b/audit/src/main/java/org/xipki/audit/AuditEventData.java index 7e6e95d..1e17e5a 100644 --- a/audit/src/main/java/org/xipki/audit/AuditEventData.java +++ b/audit/src/main/java/org/xipki/audit/AuditEventData.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit; diff --git a/audit/src/main/java/org/xipki/audit/AuditLevel.java b/audit/src/main/java/org/xipki/audit/AuditLevel.java index 624cbe8..a16b717 100644 --- a/audit/src/main/java/org/xipki/audit/AuditLevel.java +++ b/audit/src/main/java/org/xipki/audit/AuditLevel.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit; diff --git a/audit/src/main/java/org/xipki/audit/AuditService.java b/audit/src/main/java/org/xipki/audit/AuditService.java index 4327edc..1e23851 100644 --- a/audit/src/main/java/org/xipki/audit/AuditService.java +++ b/audit/src/main/java/org/xipki/audit/AuditService.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit; diff --git a/audit/src/main/java/org/xipki/audit/AuditServiceRuntimeException.java b/audit/src/main/java/org/xipki/audit/AuditServiceRuntimeException.java index 9d5b3f7..ad1dedb 100644 --- a/audit/src/main/java/org/xipki/audit/AuditServiceRuntimeException.java +++ b/audit/src/main/java/org/xipki/audit/AuditServiceRuntimeException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit; diff --git a/audit/src/main/java/org/xipki/audit/AuditStatus.java b/audit/src/main/java/org/xipki/audit/AuditStatus.java index 44521d1..a99ede0 100644 --- a/audit/src/main/java/org/xipki/audit/AuditStatus.java +++ b/audit/src/main/java/org/xipki/audit/AuditStatus.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit; diff --git a/audit/src/main/java/org/xipki/audit/Audits.java b/audit/src/main/java/org/xipki/audit/Audits.java index 5e6b319..e1641ea 100644 --- a/audit/src/main/java/org/xipki/audit/Audits.java +++ b/audit/src/main/java/org/xipki/audit/Audits.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit; diff --git a/audit/src/main/java/org/xipki/audit/PciAuditEvent.java b/audit/src/main/java/org/xipki/audit/PciAuditEvent.java index 1911504..80d4069 100644 --- a/audit/src/main/java/org/xipki/audit/PciAuditEvent.java +++ b/audit/src/main/java/org/xipki/audit/PciAuditEvent.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit; diff --git a/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java b/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java index b426cea..8470203 100644 --- a/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java +++ b/audit/src/main/java/org/xipki/audit/services/EmbedAuditService.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit.services; diff --git a/audit/src/main/java/org/xipki/audit/services/FileMacAuditService.java b/audit/src/main/java/org/xipki/audit/services/FileMacAuditService.java index 9db2a20..64c5895 100644 --- a/audit/src/main/java/org/xipki/audit/services/FileMacAuditService.java +++ b/audit/src/main/java/org/xipki/audit/services/FileMacAuditService.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit.services; diff --git a/audit/src/main/java/org/xipki/audit/services/MacAuditService.java b/audit/src/main/java/org/xipki/audit/services/MacAuditService.java index 316d66e..42835fb 100644 --- a/audit/src/main/java/org/xipki/audit/services/MacAuditService.java +++ b/audit/src/main/java/org/xipki/audit/services/MacAuditService.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit.services; diff --git a/audit/src/main/java/org/xipki/audit/services/NoopAuditService.java b/audit/src/main/java/org/xipki/audit/services/NoopAuditService.java index 388944b..6b0f9de 100644 --- a/audit/src/main/java/org/xipki/audit/services/NoopAuditService.java +++ b/audit/src/main/java/org/xipki/audit/services/NoopAuditService.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.audit.services; diff --git a/datasource/src/main/java/org/xipki/datasource/DataSourceConf.java b/datasource/src/main/java/org/xipki/datasource/DataSourceConf.java index 29eeb5f..c1566c6 100644 --- a/datasource/src/main/java/org/xipki/datasource/DataSourceConf.java +++ b/datasource/src/main/java/org/xipki/datasource/DataSourceConf.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.datasource; diff --git a/datasource/src/main/java/org/xipki/datasource/DataSourceFactory.java b/datasource/src/main/java/org/xipki/datasource/DataSourceFactory.java index 3919894..34426ca 100644 --- a/datasource/src/main/java/org/xipki/datasource/DataSourceFactory.java +++ b/datasource/src/main/java/org/xipki/datasource/DataSourceFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.datasource; diff --git a/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java b/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java index f2d324d..aebcbdd 100644 --- a/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java +++ b/datasource/src/main/java/org/xipki/datasource/DataSourceWrapper.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.datasource; diff --git a/datasource/src/main/java/org/xipki/datasource/DatabaseType.java b/datasource/src/main/java/org/xipki/datasource/DatabaseType.java index fbe2235..ff6ba8f 100644 --- a/datasource/src/main/java/org/xipki/datasource/DatabaseType.java +++ b/datasource/src/main/java/org/xipki/datasource/DatabaseType.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.datasource; diff --git a/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java b/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java index b3aa53d..198f7f7 100644 --- a/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java +++ b/datasource/src/main/java/org/xipki/datasource/ScriptRunner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.datasource; diff --git a/datasource/src/main/java/org/xipki/datasource/SqlErrorCodes.java b/datasource/src/main/java/org/xipki/datasource/SqlErrorCodes.java index c231c7c..fa14b87 100644 --- a/datasource/src/main/java/org/xipki/datasource/SqlErrorCodes.java +++ b/datasource/src/main/java/org/xipki/datasource/SqlErrorCodes.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.datasource; diff --git a/datasource/src/main/java/org/xipki/datasource/SqlStateCodes.java b/datasource/src/main/java/org/xipki/datasource/SqlStateCodes.java index 74f8d15..1bb12e2 100644 --- a/datasource/src/main/java/org/xipki/datasource/SqlStateCodes.java +++ b/datasource/src/main/java/org/xipki/datasource/SqlStateCodes.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.datasource; diff --git a/password/src/main/java/org/xipki/password/Args.java b/password/src/main/java/org/xipki/password/Args.java index e355da8..c1854c6 100644 --- a/password/src/main/java/org/xipki/password/Args.java +++ b/password/src/main/java/org/xipki/password/Args.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/ConfPairs.java b/password/src/main/java/org/xipki/password/ConfPairs.java index ed34aa2..43b53b4 100644 --- a/password/src/main/java/org/xipki/password/ConfPairs.java +++ b/password/src/main/java/org/xipki/password/ConfPairs.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/OBFPasswordService.java b/password/src/main/java/org/xipki/password/OBFPasswordService.java index 6d16b92..8239ca2 100644 --- a/password/src/main/java/org/xipki/password/OBFPasswordService.java +++ b/password/src/main/java/org/xipki/password/OBFPasswordService.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/PBEAlgo.java b/password/src/main/java/org/xipki/password/PBEAlgo.java index c7389ef..29c6e75 100644 --- a/password/src/main/java/org/xipki/password/PBEAlgo.java +++ b/password/src/main/java/org/xipki/password/PBEAlgo.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/PBEPasswordService.java b/password/src/main/java/org/xipki/password/PBEPasswordService.java index 0dd8a6a..d7a0b1f 100644 --- a/password/src/main/java/org/xipki/password/PBEPasswordService.java +++ b/password/src/main/java/org/xipki/password/PBEPasswordService.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/PasswordBasedEncryption.java b/password/src/main/java/org/xipki/password/PasswordBasedEncryption.java index 78edcc1..be2f45d 100644 --- a/password/src/main/java/org/xipki/password/PasswordBasedEncryption.java +++ b/password/src/main/java/org/xipki/password/PasswordBasedEncryption.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/PasswordCallback.java b/password/src/main/java/org/xipki/password/PasswordCallback.java index 49383eb..8a60a7c 100644 --- a/password/src/main/java/org/xipki/password/PasswordCallback.java +++ b/password/src/main/java/org/xipki/password/PasswordCallback.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/PasswordResolver.java b/password/src/main/java/org/xipki/password/PasswordResolver.java index b9a83ef..eaec838 100644 --- a/password/src/main/java/org/xipki/password/PasswordResolver.java +++ b/password/src/main/java/org/xipki/password/PasswordResolver.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/PasswordResolverException.java b/password/src/main/java/org/xipki/password/PasswordResolverException.java index 82c2b7e..578a761 100644 --- a/password/src/main/java/org/xipki/password/PasswordResolverException.java +++ b/password/src/main/java/org/xipki/password/PasswordResolverException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/Passwords.java b/password/src/main/java/org/xipki/password/Passwords.java index bbe313f..d842506 100644 --- a/password/src/main/java/org/xipki/password/Passwords.java +++ b/password/src/main/java/org/xipki/password/Passwords.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/SecurePasswordInputPanel.java b/password/src/main/java/org/xipki/password/SecurePasswordInputPanel.java index 88e2e94..66bae5c 100644 --- a/password/src/main/java/org/xipki/password/SecurePasswordInputPanel.java +++ b/password/src/main/java/org/xipki/password/SecurePasswordInputPanel.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password; diff --git a/password/src/main/java/org/xipki/password/demo/PassThroughPasswordCallback.java b/password/src/main/java/org/xipki/password/demo/PassThroughPasswordCallback.java index 901b882..99cb69d 100644 --- a/password/src/main/java/org/xipki/password/demo/PassThroughPasswordCallback.java +++ b/password/src/main/java/org/xipki/password/demo/PassThroughPasswordCallback.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password.demo; diff --git a/password/src/main/java/org/xipki/password/demo/PassThroughSinglePasswordResolver.java b/password/src/main/java/org/xipki/password/demo/PassThroughSinglePasswordResolver.java index 2d7e7f9..bd605ef 100644 --- a/password/src/main/java/org/xipki/password/demo/PassThroughSinglePasswordResolver.java +++ b/password/src/main/java/org/xipki/password/demo/PassThroughSinglePasswordResolver.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password.demo; diff --git a/password/src/test/java/org/xipki/password/test/PBEWithHmacSHA256AndAES256Test.java b/password/src/test/java/org/xipki/password/test/PBEWithHmacSHA256AndAES256Test.java index 91cab5b..02e87d7 100644 --- a/password/src/test/java/org/xipki/password/test/PBEWithHmacSHA256AndAES256Test.java +++ b/password/src/test/java/org/xipki/password/test/PBEWithHmacSHA256AndAES256Test.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.password.test; diff --git a/security-shell/src/main/java/org/xipki/security/shell/Actions.java b/security-shell/src/main/java/org/xipki/security/shell/Actions.java index 7ce9861..fce2ca7 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/Actions.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.shell; diff --git a/security-shell/src/main/java/org/xipki/security/shell/JceActions.java b/security-shell/src/main/java/org/xipki/security/shell/JceActions.java index 0279f3e..07ec241 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/JceActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/JceActions.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.shell; diff --git a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java index 7c505d9..c4bf624 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.shell; diff --git a/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java index 1acf576..54ebcb8 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.shell; diff --git a/security-shell/src/main/java/org/xipki/security/shell/PasswordActions.java b/security-shell/src/main/java/org/xipki/security/shell/PasswordActions.java index 594bce0..b38ff88 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/PasswordActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/PasswordActions.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.shell; diff --git a/security-shell/src/main/java/org/xipki/security/shell/QaCompleters.java b/security-shell/src/main/java/org/xipki/security/shell/QaCompleters.java index 8515b31..43ad8ae 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/QaCompleters.java +++ b/security-shell/src/main/java/org/xipki/security/shell/QaCompleters.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.shell; diff --git a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java index 38715d5..86e2a7d 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.shell; diff --git a/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java b/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java index a73a266..ac3e5d6 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java +++ b/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.shell; diff --git a/security/src/main/java/org/xipki/security/AbstractSecurityFactory.java b/security/src/main/java/org/xipki/security/AbstractSecurityFactory.java index 0744bd8..5789a91 100644 --- a/security/src/main/java/org/xipki/security/AbstractSecurityFactory.java +++ b/security/src/main/java/org/xipki/security/AbstractSecurityFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/AlgorithmValidator.java b/security/src/main/java/org/xipki/security/AlgorithmValidator.java index f7089f1..1af5ad0 100644 --- a/security/src/main/java/org/xipki/security/AlgorithmValidator.java +++ b/security/src/main/java/org/xipki/security/AlgorithmValidator.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/BadInputException.java b/security/src/main/java/org/xipki/security/BadInputException.java index 2ff25b8..3308d5d 100644 --- a/security/src/main/java/org/xipki/security/BadInputException.java +++ b/security/src/main/java/org/xipki/security/BadInputException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/CertRevocationInfo.java b/security/src/main/java/org/xipki/security/CertRevocationInfo.java index 5f979be..3071ce7 100644 --- a/security/src/main/java/org/xipki/security/CertRevocationInfo.java +++ b/security/src/main/java/org/xipki/security/CertRevocationInfo.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/CertpathValidationModel.java b/security/src/main/java/org/xipki/security/CertpathValidationModel.java index c3a021b..ab88965 100644 --- a/security/src/main/java/org/xipki/security/CertpathValidationModel.java +++ b/security/src/main/java/org/xipki/security/CertpathValidationModel.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/CollectionAlgorithmValidator.java b/security/src/main/java/org/xipki/security/CollectionAlgorithmValidator.java index 9fc736d..414e1d2 100644 --- a/security/src/main/java/org/xipki/security/CollectionAlgorithmValidator.java +++ b/security/src/main/java/org/xipki/security/CollectionAlgorithmValidator.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/ConcurrentContentSigner.java b/security/src/main/java/org/xipki/security/ConcurrentContentSigner.java index 9046263..96f8ce8 100644 --- a/security/src/main/java/org/xipki/security/ConcurrentContentSigner.java +++ b/security/src/main/java/org/xipki/security/ConcurrentContentSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/CrlReason.java b/security/src/main/java/org/xipki/security/CrlReason.java index d4779dd..4b4192b 100644 --- a/security/src/main/java/org/xipki/security/CrlReason.java +++ b/security/src/main/java/org/xipki/security/CrlReason.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/CryptException.java b/security/src/main/java/org/xipki/security/CryptException.java index df1b0ac..648332d 100644 --- a/security/src/main/java/org/xipki/security/CryptException.java +++ b/security/src/main/java/org/xipki/security/CryptException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/DHSigStaticKeyCertPair.java b/security/src/main/java/org/xipki/security/DHSigStaticKeyCertPair.java index e7f6b61..8f86577 100644 --- a/security/src/main/java/org/xipki/security/DHSigStaticKeyCertPair.java +++ b/security/src/main/java/org/xipki/security/DHSigStaticKeyCertPair.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/DSAPlainDigestSigner.java b/security/src/main/java/org/xipki/security/DSAPlainDigestSigner.java index 1225303..be27438 100644 --- a/security/src/main/java/org/xipki/security/DSAPlainDigestSigner.java +++ b/security/src/main/java/org/xipki/security/DSAPlainDigestSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/DfltConcurrentContentSigner.java b/security/src/main/java/org/xipki/security/DfltConcurrentContentSigner.java index c4cdeef..f6baa9b 100644 --- a/security/src/main/java/org/xipki/security/DfltConcurrentContentSigner.java +++ b/security/src/main/java/org/xipki/security/DfltConcurrentContentSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/EdECConstants.java b/security/src/main/java/org/xipki/security/EdECConstants.java index 00720a7..2ba66a5 100644 --- a/security/src/main/java/org/xipki/security/EdECConstants.java +++ b/security/src/main/java/org/xipki/security/EdECConstants.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/FpIdCalculator.java b/security/src/main/java/org/xipki/security/FpIdCalculator.java index 8504e92..1db53bb 100644 --- a/security/src/main/java/org/xipki/security/FpIdCalculator.java +++ b/security/src/main/java/org/xipki/security/FpIdCalculator.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/HashAlgo.java b/security/src/main/java/org/xipki/security/HashAlgo.java index 25d592a..86e4630 100644 --- a/security/src/main/java/org/xipki/security/HashAlgo.java +++ b/security/src/main/java/org/xipki/security/HashAlgo.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/HashCalculator.java b/security/src/main/java/org/xipki/security/HashCalculator.java index 002396a..03ad35f 100644 --- a/security/src/main/java/org/xipki/security/HashCalculator.java +++ b/security/src/main/java/org/xipki/security/HashCalculator.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/IssuerHash.java b/security/src/main/java/org/xipki/security/IssuerHash.java index bb74e0d..d0e3725 100644 --- a/security/src/main/java/org/xipki/security/IssuerHash.java +++ b/security/src/main/java/org/xipki/security/IssuerHash.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/KeyCertBytesPair.java b/security/src/main/java/org/xipki/security/KeyCertBytesPair.java index 86f25ee..7aaa20e 100644 --- a/security/src/main/java/org/xipki/security/KeyCertBytesPair.java +++ b/security/src/main/java/org/xipki/security/KeyCertBytesPair.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/KeyUsage.java b/security/src/main/java/org/xipki/security/KeyUsage.java index b372ea1..95a0134 100644 --- a/security/src/main/java/org/xipki/security/KeyUsage.java +++ b/security/src/main/java/org/xipki/security/KeyUsage.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/NoIdleSignerException.java b/security/src/main/java/org/xipki/security/NoIdleSignerException.java index 6af3d07..9b776a9 100644 --- a/security/src/main/java/org/xipki/security/NoIdleSignerException.java +++ b/security/src/main/java/org/xipki/security/NoIdleSignerException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/ObjectIdentifiers.java b/security/src/main/java/org/xipki/security/ObjectIdentifiers.java index 7738d58..aeb7fce 100644 --- a/security/src/main/java/org/xipki/security/ObjectIdentifiers.java +++ b/security/src/main/java/org/xipki/security/ObjectIdentifiers.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/Providers.java b/security/src/main/java/org/xipki/security/Providers.java index fcada90..76aa15a 100644 --- a/security/src/main/java/org/xipki/security/Providers.java +++ b/security/src/main/java/org/xipki/security/Providers.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/Securities.java b/security/src/main/java/org/xipki/security/Securities.java index 040dc19..648fccf 100644 --- a/security/src/main/java/org/xipki/security/Securities.java +++ b/security/src/main/java/org/xipki/security/Securities.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/SecurityFactory.java b/security/src/main/java/org/xipki/security/SecurityFactory.java index 320f7d8..7c3ea57 100644 --- a/security/src/main/java/org/xipki/security/SecurityFactory.java +++ b/security/src/main/java/org/xipki/security/SecurityFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/SecurityFactoryImpl.java b/security/src/main/java/org/xipki/security/SecurityFactoryImpl.java index c9fc0de..79c355d 100644 --- a/security/src/main/java/org/xipki/security/SecurityFactoryImpl.java +++ b/security/src/main/java/org/xipki/security/SecurityFactoryImpl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/SignAlgo.java b/security/src/main/java/org/xipki/security/SignAlgo.java index 4990eb6..e36f07e 100644 --- a/security/src/main/java/org/xipki/security/SignAlgo.java +++ b/security/src/main/java/org/xipki/security/SignAlgo.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/SignatureAlgoControl.java b/security/src/main/java/org/xipki/security/SignatureAlgoControl.java index ae8f5c4..c211501 100644 --- a/security/src/main/java/org/xipki/security/SignatureAlgoControl.java +++ b/security/src/main/java/org/xipki/security/SignatureAlgoControl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/SignatureSigner.java b/security/src/main/java/org/xipki/security/SignatureSigner.java index d5b37f3..783b2f0 100644 --- a/security/src/main/java/org/xipki/security/SignatureSigner.java +++ b/security/src/main/java/org/xipki/security/SignatureSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/SignerConf.java b/security/src/main/java/org/xipki/security/SignerConf.java index e5e32dd..c36bb55 100644 --- a/security/src/main/java/org/xipki/security/SignerConf.java +++ b/security/src/main/java/org/xipki/security/SignerConf.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/SignerFactory.java b/security/src/main/java/org/xipki/security/SignerFactory.java index 7520448..c1c9638 100644 --- a/security/src/main/java/org/xipki/security/SignerFactory.java +++ b/security/src/main/java/org/xipki/security/SignerFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/SignerFactoryRegister.java b/security/src/main/java/org/xipki/security/SignerFactoryRegister.java index 32ac27d..33c7042 100644 --- a/security/src/main/java/org/xipki/security/SignerFactoryRegister.java +++ b/security/src/main/java/org/xipki/security/SignerFactoryRegister.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/SignerFactoryRegisterImpl.java b/security/src/main/java/org/xipki/security/SignerFactoryRegisterImpl.java index 22d98e0..e925ff3 100644 --- a/security/src/main/java/org/xipki/security/SignerFactoryRegisterImpl.java +++ b/security/src/main/java/org/xipki/security/SignerFactoryRegisterImpl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/TlsExtensionType.java b/security/src/main/java/org/xipki/security/TlsExtensionType.java index 5aeac09..8a9e9c8 100644 --- a/security/src/main/java/org/xipki/security/TlsExtensionType.java +++ b/security/src/main/java/org/xipki/security/TlsExtensionType.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/X509Cert.java b/security/src/main/java/org/xipki/security/X509Cert.java index af21a6e..487c71b 100644 --- a/security/src/main/java/org/xipki/security/X509Cert.java +++ b/security/src/main/java/org/xipki/security/X509Cert.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/XiContentSigner.java b/security/src/main/java/org/xipki/security/XiContentSigner.java index 6dfeef4..e8ffded 100644 --- a/security/src/main/java/org/xipki/security/XiContentSigner.java +++ b/security/src/main/java/org/xipki/security/XiContentSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/XiSecurityException.java b/security/src/main/java/org/xipki/security/XiSecurityException.java index 0861d6b..f6825cd 100644 --- a/security/src/main/java/org/xipki/security/XiSecurityException.java +++ b/security/src/main/java/org/xipki/security/XiSecurityException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/XiWrappedContentSigner.java b/security/src/main/java/org/xipki/security/XiWrappedContentSigner.java index 4dbc671..40e5305 100644 --- a/security/src/main/java/org/xipki/security/XiWrappedContentSigner.java +++ b/security/src/main/java/org/xipki/security/XiWrappedContentSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security; diff --git a/security/src/main/java/org/xipki/security/asn1/Asn1StreamParser.java b/security/src/main/java/org/xipki/security/asn1/Asn1StreamParser.java index 15c2779..d10e472 100644 --- a/security/src/main/java/org/xipki/security/asn1/Asn1StreamParser.java +++ b/security/src/main/java/org/xipki/security/asn1/Asn1StreamParser.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.asn1; diff --git a/security/src/main/java/org/xipki/security/asn1/CrlStreamParser.java b/security/src/main/java/org/xipki/security/asn1/CrlStreamParser.java index c84db72..2c3efd1 100644 --- a/security/src/main/java/org/xipki/security/asn1/CrlStreamParser.java +++ b/security/src/main/java/org/xipki/security/asn1/CrlStreamParser.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.asn1; diff --git a/security/src/main/java/org/xipki/security/bc/XiECContentVerifierProviderBuilder.java b/security/src/main/java/org/xipki/security/bc/XiECContentVerifierProviderBuilder.java index c5763b9..ea77044 100644 --- a/security/src/main/java/org/xipki/security/bc/XiECContentVerifierProviderBuilder.java +++ b/security/src/main/java/org/xipki/security/bc/XiECContentVerifierProviderBuilder.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.bc; diff --git a/security/src/main/java/org/xipki/security/bc/XiEdDSAContentVerifierProvider.java b/security/src/main/java/org/xipki/security/bc/XiEdDSAContentVerifierProvider.java index 4c06b65..b49953c 100644 --- a/security/src/main/java/org/xipki/security/bc/XiEdDSAContentVerifierProvider.java +++ b/security/src/main/java/org/xipki/security/bc/XiEdDSAContentVerifierProvider.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.bc; diff --git a/security/src/main/java/org/xipki/security/bc/XiRSAContentVerifierProviderBuilder.java b/security/src/main/java/org/xipki/security/bc/XiRSAContentVerifierProviderBuilder.java index 267eddb..b7cfcf8 100644 --- a/security/src/main/java/org/xipki/security/bc/XiRSAContentVerifierProviderBuilder.java +++ b/security/src/main/java/org/xipki/security/bc/XiRSAContentVerifierProviderBuilder.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.bc; diff --git a/security/src/main/java/org/xipki/security/bc/XiXDHContentVerifierProvider.java b/security/src/main/java/org/xipki/security/bc/XiXDHContentVerifierProvider.java index e465a06..5161e83 100644 --- a/security/src/main/java/org/xipki/security/bc/XiXDHContentVerifierProvider.java +++ b/security/src/main/java/org/xipki/security/bc/XiXDHContentVerifierProvider.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.bc; diff --git a/security/src/main/java/org/xipki/security/ctlog/CtLog.java b/security/src/main/java/org/xipki/security/ctlog/CtLog.java index 6b83911..0d1addb 100644 --- a/security/src/main/java/org/xipki/security/ctlog/CtLog.java +++ b/security/src/main/java/org/xipki/security/ctlog/CtLog.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.ctlog; diff --git a/security/src/main/java/org/xipki/security/ctlog/CtLogMessages.java b/security/src/main/java/org/xipki/security/ctlog/CtLogMessages.java index 2d83254..306ca5c 100644 --- a/security/src/main/java/org/xipki/security/ctlog/CtLogMessages.java +++ b/security/src/main/java/org/xipki/security/ctlog/CtLogMessages.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.ctlog; diff --git a/security/src/main/java/org/xipki/security/jce/JceSigner.java b/security/src/main/java/org/xipki/security/jce/JceSigner.java index 5045c70..3b1a492 100644 --- a/security/src/main/java/org/xipki/security/jce/JceSigner.java +++ b/security/src/main/java/org/xipki/security/jce/JceSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.jce; diff --git a/security/src/main/java/org/xipki/security/jce/JceSignerBuilder.java b/security/src/main/java/org/xipki/security/jce/JceSignerBuilder.java index 0e5a210..1ea3db9 100644 --- a/security/src/main/java/org/xipki/security/jce/JceSignerBuilder.java +++ b/security/src/main/java/org/xipki/security/jce/JceSignerBuilder.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.jce; diff --git a/security/src/main/java/org/xipki/security/pkcs11/DigestOutputStream.java b/security/src/main/java/org/xipki/security/pkcs11/DigestOutputStream.java index 6ed878a..81ef7d2 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/DigestOutputStream.java +++ b/security/src/main/java/org/xipki/security/pkcs11/DigestOutputStream.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Key.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Key.java index 733bc30..ededd50 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Key.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Key.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java index fcfe628..9c29488 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11ModuleFactory.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11ModuleFactory.java index b1c8dd8..d0058c9 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11ModuleFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11ModuleFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java index c59b0f3..5282a37 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11ContentSigner.java b/security/src/main/java/org/xipki/security/pkcs11/P11ContentSigner.java index f5d6729..30c4078 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11ContentSigner.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11ContentSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11CryptService.java b/security/src/main/java/org/xipki/security/pkcs11/P11CryptService.java index 6a7d6e0..7a2a573 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11CryptService.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11CryptService.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java index 7d85601..23b51e8 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java index fda7d71..4619a2d 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Key.java b/security/src/main/java/org/xipki/security/pkcs11/P11Key.java index 009adbc..9ea66d8 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Key.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Key.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Module.java b/security/src/main/java/org/xipki/security/pkcs11/P11Module.java index e25e757..45d15df 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Module.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java index e843f3f..5c67b64 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactory.java b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactory.java index 1e4521f..7a5199d 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactoryRegister.java b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactoryRegister.java index 6cb2619..91b7e37 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactoryRegister.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactoryRegister.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactoryRegisterImpl.java b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactoryRegisterImpl.java index 62e4d99..0e33df7 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactoryRegisterImpl.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleFactoryRegisterImpl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Params.java b/security/src/main/java/org/xipki/security/pkcs11/P11Params.java index 66146e0..6ada25d 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Params.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Params.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java index 4734181..00c3fc4 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java index af6863c..b4cda56 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11SlotId.java b/security/src/main/java/org/xipki/security/pkcs11/P11SlotId.java index a5dab97..71df087 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11SlotId.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11SlotId.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java b/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java index 38ffc51..27cdc82 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java +++ b/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11; diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorKeyCryptor.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorKeyCryptor.java index 6199c87..3209131 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorKeyCryptor.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorKeyCryptor.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.emulator; diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java index fb42ccd..6c96b73 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.emulator; diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java index f39833a..34f7b62 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.emulator; diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11ModuleFactory.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11ModuleFactory.java index 07687a4..e9f7315 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11ModuleFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11ModuleFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.emulator; diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java index a9e69d7..df7ba33 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.emulator; diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorSM2Signer.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorSM2Signer.java index 852dddd..26c2eb8 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorSM2Signer.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorSM2Signer.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.emulator; diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java index 46b9dbb..80749a4 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.hsmproxy; diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java index be6bad2..be128f5 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.hsmproxy; diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java index 402af89..5d6c593 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.hsmproxy; diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java index f039daa..88409b0 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.hsmproxy; diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java index c8bb605..df2dbc3 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.hsmproxy; diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java index fa75e9d..71d76de 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs11.hsmproxy; diff --git a/security/src/main/java/org/xipki/security/pkcs12/AESGmacContentSigner.java b/security/src/main/java/org/xipki/security/pkcs12/AESGmacContentSigner.java index d3bac7b..cbc872c 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/AESGmacContentSigner.java +++ b/security/src/main/java/org/xipki/security/pkcs12/AESGmacContentSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java b/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java index 9dbf5a4..ac066d3 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java +++ b/security/src/main/java/org/xipki/security/pkcs12/GenerateCerts.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/HmacContentSigner.java b/security/src/main/java/org/xipki/security/pkcs12/HmacContentSigner.java index 87dde9c..49ad04d 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/HmacContentSigner.java +++ b/security/src/main/java/org/xipki/security/pkcs12/HmacContentSigner.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/KeyStoreWrapper.java b/security/src/main/java/org/xipki/security/pkcs12/KeyStoreWrapper.java index 15d291f..68108e0 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/KeyStoreWrapper.java +++ b/security/src/main/java/org/xipki/security/pkcs12/KeyStoreWrapper.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/KeypairWithCert.java b/security/src/main/java/org/xipki/security/pkcs12/KeypairWithCert.java index 601be99..b87880c 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/KeypairWithCert.java +++ b/security/src/main/java/org/xipki/security/pkcs12/KeypairWithCert.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/KeystoreGenerationParameters.java b/security/src/main/java/org/xipki/security/pkcs12/KeystoreGenerationParameters.java index ae22412..ced61e7 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/KeystoreGenerationParameters.java +++ b/security/src/main/java/org/xipki/security/pkcs12/KeystoreGenerationParameters.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12ContentSignerBuilder.java b/security/src/main/java/org/xipki/security/pkcs12/P12ContentSignerBuilder.java index 74e8c50..1a6a4d5 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12ContentSignerBuilder.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12ContentSignerBuilder.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java b/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java index 7fb1cf8..301663f 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12MacContentSignerBuilder.java b/security/src/main/java/org/xipki/security/pkcs12/P12MacContentSignerBuilder.java index fff30e6..38dbfd0 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12MacContentSignerBuilder.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12MacContentSignerBuilder.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12SignerFactory.java b/security/src/main/java/org/xipki/security/pkcs12/P12SignerFactory.java index 67b9e86..30325af 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12SignerFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12SignerFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12XdhMacContentSignerBuilder.java b/security/src/main/java/org/xipki/security/pkcs12/P12XdhMacContentSignerBuilder.java index f3a16e0..ba8a023 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12XdhMacContentSignerBuilder.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12XdhMacContentSignerBuilder.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12; diff --git a/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java b/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java index d5a686d..cc6e11e 100644 --- a/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/JceSignSpeed.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // // License Apache License 2.0 diff --git a/security/src/main/java/org/xipki/security/qa/P11KeyGenSpeed.java b/security/src/main/java/org/xipki/security/qa/P11KeyGenSpeed.java index 70c1762..78ce222 100644 --- a/security/src/main/java/org/xipki/security/qa/P11KeyGenSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P11KeyGenSpeed.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.qa; diff --git a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java index 819cf47..ce68688 100644 --- a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.qa; diff --git a/security/src/main/java/org/xipki/security/qa/P12KeyGenSpeed.java b/security/src/main/java/org/xipki/security/qa/P12KeyGenSpeed.java index aac5088..797b3ea 100644 --- a/security/src/main/java/org/xipki/security/qa/P12KeyGenSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P12KeyGenSpeed.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.qa; diff --git a/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java b/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java index ec843b0..8c30f44 100644 --- a/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.qa; diff --git a/security/src/main/java/org/xipki/security/util/AlgorithmUtil.java b/security/src/main/java/org/xipki/security/util/AlgorithmUtil.java index 9284c8c..532c1e9 100644 --- a/security/src/main/java/org/xipki/security/util/AlgorithmUtil.java +++ b/security/src/main/java/org/xipki/security/util/AlgorithmUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.util; diff --git a/security/src/main/java/org/xipki/security/util/DSAParameterCache.java b/security/src/main/java/org/xipki/security/util/DSAParameterCache.java index 566f02d..4b8db3b 100644 --- a/security/src/main/java/org/xipki/security/util/DSAParameterCache.java +++ b/security/src/main/java/org/xipki/security/util/DSAParameterCache.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.util; diff --git a/security/src/main/java/org/xipki/security/util/GMUtil.java b/security/src/main/java/org/xipki/security/util/GMUtil.java index 6f1ad51..aded3df 100644 --- a/security/src/main/java/org/xipki/security/util/GMUtil.java +++ b/security/src/main/java/org/xipki/security/util/GMUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.util; diff --git a/security/src/main/java/org/xipki/security/util/KeyUtil.java b/security/src/main/java/org/xipki/security/util/KeyUtil.java index d085e5b..4f632d2 100644 --- a/security/src/main/java/org/xipki/security/util/KeyUtil.java +++ b/security/src/main/java/org/xipki/security/util/KeyUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.util; diff --git a/security/src/main/java/org/xipki/security/util/PKCS1Util.java b/security/src/main/java/org/xipki/security/util/PKCS1Util.java index 1734be4..26fa96b 100644 --- a/security/src/main/java/org/xipki/security/util/PKCS1Util.java +++ b/security/src/main/java/org/xipki/security/util/PKCS1Util.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.util; diff --git a/security/src/main/java/org/xipki/security/util/RSABrokenKey.java b/security/src/main/java/org/xipki/security/util/RSABrokenKey.java index 7468a8b..d5434d0 100644 --- a/security/src/main/java/org/xipki/security/util/RSABrokenKey.java +++ b/security/src/main/java/org/xipki/security/util/RSABrokenKey.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.util; diff --git a/security/src/main/java/org/xipki/security/util/SignerUtil.java b/security/src/main/java/org/xipki/security/util/SignerUtil.java index 8268028..018c14d 100644 --- a/security/src/main/java/org/xipki/security/util/SignerUtil.java +++ b/security/src/main/java/org/xipki/security/util/SignerUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.util; diff --git a/security/src/main/java/org/xipki/security/util/TlsHelper.java b/security/src/main/java/org/xipki/security/util/TlsHelper.java index a684669..c8aaf38 100644 --- a/security/src/main/java/org/xipki/security/util/TlsHelper.java +++ b/security/src/main/java/org/xipki/security/util/TlsHelper.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.util; diff --git a/security/src/main/java/org/xipki/security/util/X509Util.java b/security/src/main/java/org/xipki/security/util/X509Util.java index d464e8f..e0a6e9b 100644 --- a/security/src/main/java/org/xipki/security/util/X509Util.java +++ b/security/src/main/java/org/xipki/security/util/X509Util.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.util; diff --git a/security/src/test/java/org/xipki/security/pkcs12/test/CmsEnveloperTest.java b/security/src/test/java/org/xipki/security/pkcs12/test/CmsEnveloperTest.java index df798b2..12be3ee 100644 --- a/security/src/test/java/org/xipki/security/pkcs12/test/CmsEnveloperTest.java +++ b/security/src/test/java/org/xipki/security/pkcs12/test/CmsEnveloperTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12.test; diff --git a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHA256withECDSATest.java b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHA256withECDSATest.java index 32609f4..6506883 100644 --- a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHA256withECDSATest.java +++ b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHA256withECDSATest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12.test; diff --git a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHA256withRSATest.java b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHA256withRSATest.java index 6df82b9..145dc0f 100644 --- a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHA256withRSATest.java +++ b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHA256withRSATest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12.test; diff --git a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHAKE128withRSAPSSTest.java b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHAKE128withRSAPSSTest.java index b503c18..6f1007a 100644 --- a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHAKE128withRSAPSSTest.java +++ b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHAKE128withRSAPSSTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12.test; diff --git a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHAKE256withRSAPSSTest.java b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHAKE256withRSAPSSTest.java index cb754c2..358a4cb 100644 --- a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHAKE256withRSAPSSTest.java +++ b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SHAKE256withRSAPSSTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12.test; diff --git a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SignVerifyTest.java b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SignVerifyTest.java index 7a721ce..b009f80 100644 --- a/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SignVerifyTest.java +++ b/security/src/test/java/org/xipki/security/pkcs12/test/Pkcs12SignVerifyTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.pkcs12.test; diff --git a/security/src/test/java/org/xipki/security/test/CrlStreamParserTest.java b/security/src/test/java/org/xipki/security/test/CrlStreamParserTest.java index 19e1951..e8f8ce2 100644 --- a/security/src/test/java/org/xipki/security/test/CrlStreamParserTest.java +++ b/security/src/test/java/org/xipki/security/test/CrlStreamParserTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.test; diff --git a/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java b/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java index ccc3e4b..4a69d0b 100644 --- a/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java +++ b/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.test; diff --git a/security/src/test/java/org/xipki/security/test/CtLogTest.java b/security/src/test/java/org/xipki/security/test/CtLogTest.java index dfdabe2..bbb2216 100644 --- a/security/src/test/java/org/xipki/security/test/CtLogTest.java +++ b/security/src/test/java/org/xipki/security/test/CtLogTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.test; diff --git a/security/src/test/java/org/xipki/security/test/CtLogVerifyTest.java b/security/src/test/java/org/xipki/security/test/CtLogVerifyTest.java index d32b9af..02c0fe0 100644 --- a/security/src/test/java/org/xipki/security/test/CtLogVerifyTest.java +++ b/security/src/test/java/org/xipki/security/test/CtLogVerifyTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.test; diff --git a/security/src/test/java/org/xipki/security/test/PKCS1UtilTest.java b/security/src/test/java/org/xipki/security/test/PKCS1UtilTest.java index b90d66a..6945e16 100644 --- a/security/src/test/java/org/xipki/security/test/PKCS1UtilTest.java +++ b/security/src/test/java/org/xipki/security/test/PKCS1UtilTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.security.test; diff --git a/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java b/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java index 8fae34e..95f10e0 100644 --- a/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java +++ b/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.servlet3; diff --git a/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpRequestImpl.java b/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpRequestImpl.java index c66d7c2..5eedfe9 100644 --- a/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpRequestImpl.java +++ b/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpRequestImpl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.servlet3; diff --git a/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpResponseImpl.java b/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpResponseImpl.java index 6f4dfc5..bfed8a3 100644 --- a/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpResponseImpl.java +++ b/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpResponseImpl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.servlet3; diff --git a/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java b/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java index 8a6cb72..3d465f5 100644 --- a/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java +++ b/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.servlet5; diff --git a/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpRequestImpl.java b/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpRequestImpl.java index aacf826..c49c4a3 100644 --- a/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpRequestImpl.java +++ b/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpRequestImpl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.servlet5; diff --git a/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpResponseImpl.java b/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpResponseImpl.java index dcf2a3a..c4e1934 100644 --- a/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpResponseImpl.java +++ b/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpResponseImpl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.servlet5; diff --git a/shell-base/src/main/java/org/xipki/shell/Actions.java b/shell-base/src/main/java/org/xipki/shell/Actions.java index 9d86794..8298f46 100644 --- a/shell-base/src/main/java/org/xipki/shell/Actions.java +++ b/shell-base/src/main/java/org/xipki/shell/Actions.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.shell; diff --git a/shell-base/src/main/java/org/xipki/shell/CmdFailure.java b/shell-base/src/main/java/org/xipki/shell/CmdFailure.java index 4309a26..579739c 100644 --- a/shell-base/src/main/java/org/xipki/shell/CmdFailure.java +++ b/shell-base/src/main/java/org/xipki/shell/CmdFailure.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.shell; diff --git a/shell-base/src/main/java/org/xipki/shell/Completers.java b/shell-base/src/main/java/org/xipki/shell/Completers.java index c680659..f90076c 100644 --- a/shell-base/src/main/java/org/xipki/shell/Completers.java +++ b/shell-base/src/main/java/org/xipki/shell/Completers.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.shell; diff --git a/shell-base/src/main/java/org/xipki/shell/DynamicEnumCompleter.java b/shell-base/src/main/java/org/xipki/shell/DynamicEnumCompleter.java index 4783610..5f5b36f 100644 --- a/shell-base/src/main/java/org/xipki/shell/DynamicEnumCompleter.java +++ b/shell-base/src/main/java/org/xipki/shell/DynamicEnumCompleter.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.shell; diff --git a/shell-base/src/main/java/org/xipki/shell/EnumCompleter.java b/shell-base/src/main/java/org/xipki/shell/EnumCompleter.java index 95eac83..1375bed 100644 --- a/shell-base/src/main/java/org/xipki/shell/EnumCompleter.java +++ b/shell-base/src/main/java/org/xipki/shell/EnumCompleter.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.shell; diff --git a/shell-base/src/main/java/org/xipki/shell/IllegalCmdParamException.java b/shell-base/src/main/java/org/xipki/shell/IllegalCmdParamException.java index 8c537bd..04d85ef 100644 --- a/shell-base/src/main/java/org/xipki/shell/IllegalCmdParamException.java +++ b/shell-base/src/main/java/org/xipki/shell/IllegalCmdParamException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.shell; diff --git a/shell-base/src/main/java/org/xipki/shell/XiAction.java b/shell-base/src/main/java/org/xipki/shell/XiAction.java index 68c0052..18a99a5 100644 --- a/shell-base/src/main/java/org/xipki/shell/XiAction.java +++ b/shell-base/src/main/java/org/xipki/shell/XiAction.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.shell; diff --git a/util/src/main/java/org/xipki/util/Args.java b/util/src/main/java/org/xipki/util/Args.java index 3002de6..72fb98c 100644 --- a/util/src/main/java/org/xipki/util/Args.java +++ b/util/src/main/java/org/xipki/util/Args.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/BatchReplace.java b/util/src/main/java/org/xipki/util/BatchReplace.java index 6577c47..afbfc03 100644 --- a/util/src/main/java/org/xipki/util/BatchReplace.java +++ b/util/src/main/java/org/xipki/util/BatchReplace.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/BenchmarkExecutor.java b/util/src/main/java/org/xipki/util/BenchmarkExecutor.java index c2795cd..3a5ce12 100644 --- a/util/src/main/java/org/xipki/util/BenchmarkExecutor.java +++ b/util/src/main/java/org/xipki/util/BenchmarkExecutor.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/CollectionUtil.java b/util/src/main/java/org/xipki/util/CollectionUtil.java index 78391cd..dd81672 100644 --- a/util/src/main/java/org/xipki/util/CollectionUtil.java +++ b/util/src/main/java/org/xipki/util/CollectionUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/CompareUtil.java b/util/src/main/java/org/xipki/util/CompareUtil.java index 5e34a5f..d1a4106 100644 --- a/util/src/main/java/org/xipki/util/CompareUtil.java +++ b/util/src/main/java/org/xipki/util/CompareUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/ConfPairs.java b/util/src/main/java/org/xipki/util/ConfPairs.java index 75edcbf..a88af57 100644 --- a/util/src/main/java/org/xipki/util/ConfPairs.java +++ b/util/src/main/java/org/xipki/util/ConfPairs.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/ConfigurableProperties.java b/util/src/main/java/org/xipki/util/ConfigurableProperties.java index 2096d72..0b42924 100644 --- a/util/src/main/java/org/xipki/util/ConfigurableProperties.java +++ b/util/src/main/java/org/xipki/util/ConfigurableProperties.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/Curl.java b/util/src/main/java/org/xipki/util/Curl.java index 7e3ec6c..babaa43 100644 --- a/util/src/main/java/org/xipki/util/Curl.java +++ b/util/src/main/java/org/xipki/util/Curl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/DateUtil.java b/util/src/main/java/org/xipki/util/DateUtil.java index 8059ecc..0e288a3 100644 --- a/util/src/main/java/org/xipki/util/DateUtil.java +++ b/util/src/main/java/org/xipki/util/DateUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/DefaultCurl.java b/util/src/main/java/org/xipki/util/DefaultCurl.java index 0465ab7..427f45c 100644 --- a/util/src/main/java/org/xipki/util/DefaultCurl.java +++ b/util/src/main/java/org/xipki/util/DefaultCurl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/FileOrBinary.java b/util/src/main/java/org/xipki/util/FileOrBinary.java index 787071d..b75d01f 100644 --- a/util/src/main/java/org/xipki/util/FileOrBinary.java +++ b/util/src/main/java/org/xipki/util/FileOrBinary.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/FileOrValue.java b/util/src/main/java/org/xipki/util/FileOrValue.java index 2bb0308..83605bb 100644 --- a/util/src/main/java/org/xipki/util/FileOrValue.java +++ b/util/src/main/java/org/xipki/util/FileOrValue.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/FileUtils.java b/util/src/main/java/org/xipki/util/FileUtils.java index 654c1bf..50457e7 100644 --- a/util/src/main/java/org/xipki/util/FileUtils.java +++ b/util/src/main/java/org/xipki/util/FileUtils.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/Hex.java b/util/src/main/java/org/xipki/util/Hex.java index 320ac99..cdb4bbf 100644 --- a/util/src/main/java/org/xipki/util/Hex.java +++ b/util/src/main/java/org/xipki/util/Hex.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/HourMinute.java b/util/src/main/java/org/xipki/util/HourMinute.java index 95b8918..70684f7 100644 --- a/util/src/main/java/org/xipki/util/HourMinute.java +++ b/util/src/main/java/org/xipki/util/HourMinute.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/HttpConstants.java b/util/src/main/java/org/xipki/util/HttpConstants.java index 961dfd0..4ec0a98 100644 --- a/util/src/main/java/org/xipki/util/HttpConstants.java +++ b/util/src/main/java/org/xipki/util/HttpConstants.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/IoUtil.java b/util/src/main/java/org/xipki/util/IoUtil.java index 89737ae..a0b062e 100644 --- a/util/src/main/java/org/xipki/util/IoUtil.java +++ b/util/src/main/java/org/xipki/util/IoUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/JSON.java b/util/src/main/java/org/xipki/util/JSON.java index 903615b..a37fb22 100644 --- a/util/src/main/java/org/xipki/util/JSON.java +++ b/util/src/main/java/org/xipki/util/JSON.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/LogUtil.java b/util/src/main/java/org/xipki/util/LogUtil.java index 06d9e3a..f8c5769 100644 --- a/util/src/main/java/org/xipki/util/LogUtil.java +++ b/util/src/main/java/org/xipki/util/LogUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/PemEncoder.java b/util/src/main/java/org/xipki/util/PemEncoder.java index 914380d..97427d4 100644 --- a/util/src/main/java/org/xipki/util/PemEncoder.java +++ b/util/src/main/java/org/xipki/util/PemEncoder.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/ProcessLog.java b/util/src/main/java/org/xipki/util/ProcessLog.java index e665962..f97b77a 100644 --- a/util/src/main/java/org/xipki/util/ProcessLog.java +++ b/util/src/main/java/org/xipki/util/ProcessLog.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/RandomUtil.java b/util/src/main/java/org/xipki/util/RandomUtil.java index f4046ed..7f827be 100644 --- a/util/src/main/java/org/xipki/util/RandomUtil.java +++ b/util/src/main/java/org/xipki/util/RandomUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/ReflectiveUtil.java b/util/src/main/java/org/xipki/util/ReflectiveUtil.java index cc8e5e1..baf0d6a 100644 --- a/util/src/main/java/org/xipki/util/ReflectiveUtil.java +++ b/util/src/main/java/org/xipki/util/ReflectiveUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/ReqRespDebug.java b/util/src/main/java/org/xipki/util/ReqRespDebug.java index 2b3f251..cef7309 100644 --- a/util/src/main/java/org/xipki/util/ReqRespDebug.java +++ b/util/src/main/java/org/xipki/util/ReqRespDebug.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/SqlUtil.java b/util/src/main/java/org/xipki/util/SqlUtil.java index f82edeb..1022851 100644 --- a/util/src/main/java/org/xipki/util/SqlUtil.java +++ b/util/src/main/java/org/xipki/util/SqlUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/StringUtil.java b/util/src/main/java/org/xipki/util/StringUtil.java index fac19c1..a2ef15f 100644 --- a/util/src/main/java/org/xipki/util/StringUtil.java +++ b/util/src/main/java/org/xipki/util/StringUtil.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/TripleState.java b/util/src/main/java/org/xipki/util/TripleState.java index 39c8bac..6e4f556 100644 --- a/util/src/main/java/org/xipki/util/TripleState.java +++ b/util/src/main/java/org/xipki/util/TripleState.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/ValidableConf.java b/util/src/main/java/org/xipki/util/ValidableConf.java index e606ce9..cd719f3 100644 --- a/util/src/main/java/org/xipki/util/ValidableConf.java +++ b/util/src/main/java/org/xipki/util/ValidableConf.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/Validity.java b/util/src/main/java/org/xipki/util/Validity.java index 815fe51..487e3a9 100644 --- a/util/src/main/java/org/xipki/util/Validity.java +++ b/util/src/main/java/org/xipki/util/Validity.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/XipkiBaseDir.java b/util/src/main/java/org/xipki/util/XipkiBaseDir.java index b76530f..3fd9094 100644 --- a/util/src/main/java/org/xipki/util/XipkiBaseDir.java +++ b/util/src/main/java/org/xipki/util/XipkiBaseDir.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util; diff --git a/util/src/main/java/org/xipki/util/cbor/CborEncodable.java b/util/src/main/java/org/xipki/util/cbor/CborEncodable.java index b3d25df..115da68 100644 --- a/util/src/main/java/org/xipki/util/cbor/CborEncodable.java +++ b/util/src/main/java/org/xipki/util/cbor/CborEncodable.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.cbor; diff --git a/util/src/main/java/org/xipki/util/exception/DecodeException.java b/util/src/main/java/org/xipki/util/exception/DecodeException.java index 091e218..1a32f0e 100644 --- a/util/src/main/java/org/xipki/util/exception/DecodeException.java +++ b/util/src/main/java/org/xipki/util/exception/DecodeException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.exception; diff --git a/util/src/main/java/org/xipki/util/exception/EncodeException.java b/util/src/main/java/org/xipki/util/exception/EncodeException.java index 7b4a5f0..29be52e 100644 --- a/util/src/main/java/org/xipki/util/exception/EncodeException.java +++ b/util/src/main/java/org/xipki/util/exception/EncodeException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.exception; diff --git a/util/src/main/java/org/xipki/util/exception/InsufficientPermissionException.java b/util/src/main/java/org/xipki/util/exception/InsufficientPermissionException.java index 5534671..2964e18 100644 --- a/util/src/main/java/org/xipki/util/exception/InsufficientPermissionException.java +++ b/util/src/main/java/org/xipki/util/exception/InsufficientPermissionException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.exception; diff --git a/util/src/main/java/org/xipki/util/exception/InvalidConfException.java b/util/src/main/java/org/xipki/util/exception/InvalidConfException.java index 12c6d47..9750f77 100644 --- a/util/src/main/java/org/xipki/util/exception/InvalidConfException.java +++ b/util/src/main/java/org/xipki/util/exception/InvalidConfException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.exception; diff --git a/util/src/main/java/org/xipki/util/exception/ObjectCreationException.java b/util/src/main/java/org/xipki/util/exception/ObjectCreationException.java index 67fc1ed..8ad1954 100644 --- a/util/src/main/java/org/xipki/util/exception/ObjectCreationException.java +++ b/util/src/main/java/org/xipki/util/exception/ObjectCreationException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.exception; diff --git a/util/src/main/java/org/xipki/util/http/HostnameVerifiers.java b/util/src/main/java/org/xipki/util/http/HostnameVerifiers.java index 87dab67..23e1f2f 100644 --- a/util/src/main/java/org/xipki/util/http/HostnameVerifiers.java +++ b/util/src/main/java/org/xipki/util/http/HostnameVerifiers.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/HttpRespContent.java b/util/src/main/java/org/xipki/util/http/HttpRespContent.java index 55f5fcf..d2bba54 100644 --- a/util/src/main/java/org/xipki/util/http/HttpRespContent.java +++ b/util/src/main/java/org/xipki/util/http/HttpRespContent.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/HttpResponse.java b/util/src/main/java/org/xipki/util/http/HttpResponse.java index fe9ea1d..1d9500a 100644 --- a/util/src/main/java/org/xipki/util/http/HttpResponse.java +++ b/util/src/main/java/org/xipki/util/http/HttpResponse.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/HttpStatusCode.java b/util/src/main/java/org/xipki/util/http/HttpStatusCode.java index 3b317c9..3215514 100644 --- a/util/src/main/java/org/xipki/util/http/HttpStatusCode.java +++ b/util/src/main/java/org/xipki/util/http/HttpStatusCode.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/SslConf.java b/util/src/main/java/org/xipki/util/http/SslConf.java index 68a286f..5ac8610 100644 --- a/util/src/main/java/org/xipki/util/http/SslConf.java +++ b/util/src/main/java/org/xipki/util/http/SslConf.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/SslContextConf.java b/util/src/main/java/org/xipki/util/http/SslContextConf.java index 2274ac2..106c1f6 100644 --- a/util/src/main/java/org/xipki/util/http/SslContextConf.java +++ b/util/src/main/java/org/xipki/util/http/SslContextConf.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/SslContextConfWrapper.java b/util/src/main/java/org/xipki/util/http/SslContextConfWrapper.java index ca16ae7..c1bba66 100644 --- a/util/src/main/java/org/xipki/util/http/SslContextConfWrapper.java +++ b/util/src/main/java/org/xipki/util/http/SslContextConfWrapper.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/XiHttpClient.java b/util/src/main/java/org/xipki/util/http/XiHttpClient.java index c73c266..3338c49 100644 --- a/util/src/main/java/org/xipki/util/http/XiHttpClient.java +++ b/util/src/main/java/org/xipki/util/http/XiHttpClient.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/XiHttpClientException.java b/util/src/main/java/org/xipki/util/http/XiHttpClientException.java index 1a1a6b0..4a2af71 100644 --- a/util/src/main/java/org/xipki/util/http/XiHttpClientException.java +++ b/util/src/main/java/org/xipki/util/http/XiHttpClientException.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/XiHttpFilter.java b/util/src/main/java/org/xipki/util/http/XiHttpFilter.java index e41fa34..ee0480f 100644 --- a/util/src/main/java/org/xipki/util/http/XiHttpFilter.java +++ b/util/src/main/java/org/xipki/util/http/XiHttpFilter.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/XiHttpRequest.java b/util/src/main/java/org/xipki/util/http/XiHttpRequest.java index b5d3af9..b98c3bc 100644 --- a/util/src/main/java/org/xipki/util/http/XiHttpRequest.java +++ b/util/src/main/java/org/xipki/util/http/XiHttpRequest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/main/java/org/xipki/util/http/XiHttpResponse.java b/util/src/main/java/org/xipki/util/http/XiHttpResponse.java index b77c278..e76535e 100644 --- a/util/src/main/java/org/xipki/util/http/XiHttpResponse.java +++ b/util/src/main/java/org/xipki/util/http/XiHttpResponse.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.util.http; diff --git a/util/src/test/java/org/xipki/common/test/Base64UrlTest.java b/util/src/test/java/org/xipki/common/test/Base64UrlTest.java index ecce756..575f090 100644 --- a/util/src/test/java/org/xipki/common/test/Base64UrlTest.java +++ b/util/src/test/java/org/xipki/common/test/Base64UrlTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.common.test; diff --git a/util/src/test/java/org/xipki/common/test/ConfPairsTest.java b/util/src/test/java/org/xipki/common/test/ConfPairsTest.java index 9ec4662..4c7a671 100644 --- a/util/src/test/java/org/xipki/common/test/ConfPairsTest.java +++ b/util/src/test/java/org/xipki/common/test/ConfPairsTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.common.test; diff --git a/util/src/test/java/org/xipki/common/test/DateTimeParseTest.java b/util/src/test/java/org/xipki/common/test/DateTimeParseTest.java index ba13a7f..ef74a89 100644 --- a/util/src/test/java/org/xipki/common/test/DateTimeParseTest.java +++ b/util/src/test/java/org/xipki/common/test/DateTimeParseTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.common.test; diff --git a/util/src/test/java/org/xipki/common/test/DateUtilTest.java b/util/src/test/java/org/xipki/common/test/DateUtilTest.java index 0dbf47d..0b6fcfa 100644 --- a/util/src/test/java/org/xipki/common/test/DateUtilTest.java +++ b/util/src/test/java/org/xipki/common/test/DateUtilTest.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.common.test; diff --git a/xipki-tomcat-password/src/main/java/org/xipki/tomcat/TomcatPasswordResolver.java b/xipki-tomcat-password/src/main/java/org/xipki/tomcat/TomcatPasswordResolver.java index 84c364e..1c356b3 100644 --- a/xipki-tomcat-password/src/main/java/org/xipki/tomcat/TomcatPasswordResolver.java +++ b/xipki-tomcat-password/src/main/java/org/xipki/tomcat/TomcatPasswordResolver.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.tomcat; diff --git a/xipki-tomcat-password/src/main/java/org/xipki/tomcat/XiHttp11Nio2Protocol.java b/xipki-tomcat-password/src/main/java/org/xipki/tomcat/XiHttp11Nio2Protocol.java index dd8d514..bbb8470 100644 --- a/xipki-tomcat-password/src/main/java/org/xipki/tomcat/XiHttp11Nio2Protocol.java +++ b/xipki-tomcat-password/src/main/java/org/xipki/tomcat/XiHttp11Nio2Protocol.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.tomcat; diff --git a/xipki-tomcat-password/src/main/java/org/xipki/tomcat/XiHttp11NioProtocol.java b/xipki-tomcat-password/src/main/java/org/xipki/tomcat/XiHttp11NioProtocol.java index db356d0..c6f2b3e 100644 --- a/xipki-tomcat-password/src/main/java/org/xipki/tomcat/XiHttp11NioProtocol.java +++ b/xipki-tomcat-password/src/main/java/org/xipki/tomcat/XiHttp11NioProtocol.java @@ -1,4 +1,4 @@ -// Copyright (c) 2013-2023 xipki. All rights reserved. +// Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 package org.xipki.tomcat; From 8a31bbb00510ae58498cf6a2011628b8a2c6fdd4 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Mon, 1 Jan 2024 17:18:40 +0100 Subject: [PATCH 23/36] add command xi:export-keycert-pem --- CHANGELOG.md | 30 ++++--- .../org/xipki/security/shell/Actions.java | 79 ++++++++++++++++++- 2 files changed, 94 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1f39120..aea684d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,24 +4,32 @@ See also ## 6.3.4 - Release date: 202y/mm/dd +- Features: + - Audit: Allow null event value. + - Util XiHttpClient: evaluate content type only if SC != OK + - DataSource: methods getFirst*Value: allow null criteria. + - Util Exceptions: add constructor with single param 'cause'. + - Add command xi:export-keycert-pem ## 6.3.3 - Release date: 2023/12/13 - - Feature: command xi:curl: throws Exception if received status code != OK - - Feature: Audit: applicationName is now mandatory, accept also ConfPairs as conf - - Feature: JSON.java: add methods parseConf() which resolves also the ${sys:*} and ${env:*}. - - Feature: remove parameters hashAlgo and gm in methods to generate CSRs - - Feature: add BatchReplace to replaces texts in files + - Command xi:curl: throws Exception if received status code != OK + - Audit: applicationName is now mandatory, accept also ConfPairs as conf + - JSON.java: add methods parseConf() which resolves also the ${sys:*} and ${env:*}. + - Removed parameters hashAlgo and gm in methods to generate CSRs + - Added BatchReplace to replaces texts in files ## 6.3.2 - Release date: 2023/11/26 - - Feature: add new binary of HSM proxy. - - Move (repackage) JSON.java from module security to util. +- Features: + - Add new binary of HSM proxy. + - Moved (repackage) JSON.java from module security to util. - Deleted non-common classes (moved to github:xipki/xipki). - - Feature: Simplified password configuration. - - Feature: add code to generate a set of hierarchic certificates. - - Feature: add karaf command xi:exec to execute terminal command. - - Bugfix: Fixed "MariaDB JDBC driver does not work with old hikaricp (datasource) configuration". + - Simplified password configuration. + - Added code to generate a set of hierarchic certificates. + - Add karaf command xi:exec to execute terminal command. +- Bugfix + - Fixed "MariaDB JDBC driver does not work with old hikaricp (datasource) configuration". - Dependenciees - Bouncycastle: 1.76 -> 1.77 - ipkcs11wrapper: 1.0.7 -> 1.0.8 diff --git a/security-shell/src/main/java/org/xipki/security/shell/Actions.java b/security-shell/src/main/java/org/xipki/security/shell/Actions.java index fce2ca7..4ab9d79 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/Actions.java @@ -48,6 +48,7 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder; import org.bouncycastle.util.io.pem.PemObject; +import org.bouncycastle.util.io.pem.PemReader; import org.xipki.security.BadInputException; import org.xipki.security.ConcurrentContentSigner; import org.xipki.security.DHSigStaticKeyCertPair; @@ -130,9 +131,12 @@ public static class CertInfo extends SecurityAction { @Completion(FileCompleter.class) private String inFile; - @Option(name = "--hex", aliases = "-h", description = "print hex number") + @Option(name = "--hex", aliases = "-h", description = "print (serial) number in hex format") private Boolean hex = Boolean.FALSE; + @Option(name = "--der", description = "print DER-encoded issuer and subject in hex format") + private Boolean der = Boolean.FALSE; + @Option(name = "--serial", description = "print serial number") private Boolean serial; @@ -162,9 +166,13 @@ protected Object execute0() throws Exception { if (serial != null && serial) { return getNumber(cert.getSerialNumber()); } else if (subject != null && subject) { - return cert.getSubject().toString(); + return (der != null && der) + ? Hex.encode(cert.getSubject().getEncoded()) + : cert.getSubject().toString(); } else if (issuer != null && issuer) { - return cert.getIssuer().toString(); + return (der != null && der) + ? Hex.encode(cert.getIssuer().getEncoded()) + : cert.getIssuer().toString(); } else if (notBefore != null && notBefore) { return toUtcTimeyyyyMMddhhmmssZ(cert.getNotBefore()); } else if (notAfter != null && notAfter) { @@ -1040,6 +1048,70 @@ protected Object execute0() throws Exception { } // class ExportCertP7m + @Command(scope = "xi", name = "export-keycert-pem", + description = "export key and certificate from the PEM file") + @Service + public static class ExportKeyCertPem extends SecurityAction { + + @Option(name = "--outform", description = "output format of the key and certificate") + @Completion(Completers.DerPemCompleter.class) + private String outform = "der"; + + @Argument(index = 0, name = "PEM-file", required = true, + description = "PEM file containing the key and certificate") + @Completion(FileCompleter.class) + private String pemFile; + + @Argument(index = 1, name = "key-file", required = true, description = "File to save the private key") + @Completion(FileCompleter.class) + private String keyFile; + + @Argument(index = 2, name = "cert-file", required = true, description = "File to save the certificate") + @Completion(FileCompleter.class) + private String certFile; + + @Override + protected Object execute0() throws Exception { + byte[] keyBytes = null; + byte[] certBytes = null; + + try (PemReader reader = new PemReader(new FileReader(IoUtil.expandFilepath(pemFile)))) { + PemObject pemObject; + while ((pemObject = reader.readPemObject()) != null) { + String type = pemObject.getType(); + if ("PRIVATE KEY".equals(type)) { + if (keyBytes == null) { + keyBytes = pemObject.getContent(); + } + } else if ("CERTIFICATE".equals(type)) { + if (certBytes == null) { + certBytes = pemObject.getContent(); + } + } + + if (keyBytes != null && certBytes != null) { + break; + } + } + + if (keyBytes == null) { + throw new IOException("found no private key block"); + } + + if (certBytes == null) { + throw new IOException("found no certificate block"); + } + + saveVerbose("private key saved to file", keyFile, + derPemEncode(keyBytes, outform, PemEncoder.PemLabel.PRIVATE_KEY)); + + saveVerbose("certificate saved to file", certFile, encodeCert(certBytes, outform)); + } + return null; + } + + } // class ExportKeyCertPem + @Command(scope = "xi", name = "export-keycert-est", description = "export key and certificate from the response of EST's serverkeygen") @Service @@ -1184,7 +1256,6 @@ private static Object[] readBlock(BufferedReader reader, String boundary) throws } } // class ExportKeyCertEst - public abstract static class SecurityAction extends XiAction { @Reference From 851b520854a07ec4175ee7ba704b300926fb5de9 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Mon, 1 Jan 2024 21:58:19 +0100 Subject: [PATCH 24/36] release 6.3.4 --- audit-extra/pom.xml | 2 +- audit/pom.xml | 2 +- datasource/pom.xml | 2 +- password/pom.xml | 2 +- pom.xml | 4 ++-- security-shell/pom.xml | 2 +- security/pom.xml | 2 +- servlet3-common/pom.xml | 2 +- servlet5-common/pom.xml | 2 +- shell-base/pom.xml | 2 +- util/pom.xml | 2 +- xipki-tomcat-password/pom.xml | 2 +- 12 files changed, 13 insertions(+), 13 deletions(-) diff --git a/audit-extra/pom.xml b/audit-extra/pom.xml index 86b7ecd..cb0bff2 100644 --- a/audit-extra/pom.xml +++ b/audit-extra/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 bundle audit-extra diff --git a/audit/pom.xml b/audit/pom.xml index 66fea70..d3a60fc 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 bundle audit diff --git a/datasource/pom.xml b/datasource/pom.xml index 7375830..32f587a 100644 --- a/datasource/pom.xml +++ b/datasource/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 bundle datasource diff --git a/password/pom.xml b/password/pom.xml index 1e653bb..0ba286d 100644 --- a/password/pom.xml +++ b/password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 bundle password diff --git a/pom.xml b/pom.xml index 1e6635d..5641ab7 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ org.xipki.commons xipki-commons-parent pom - 6.3.4-SNAPSHOT + 6.3.4 XiPKI :: ${project.artifactId} XiPKI Parent http://xipki.org @@ -33,7 +33,7 @@ 1.7.36 1.0.8 4.0.3 - 2.16.0 + 2.16.1 4.4.4 4.13.1 diff --git a/security-shell/pom.xml b/security-shell/pom.xml index 6714270..c086fdc 100644 --- a/security-shell/pom.xml +++ b/security-shell/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 security-shell bundle diff --git a/security/pom.xml b/security/pom.xml index d3f5a68..c14345c 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 security bundle diff --git a/servlet3-common/pom.xml b/servlet3-common/pom.xml index 2c5591b..b69864c 100644 --- a/servlet3-common/pom.xml +++ b/servlet3-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 servlet3-common XiPKI :: ${project.artifactId} diff --git a/servlet5-common/pom.xml b/servlet5-common/pom.xml index 8074597..340c57e 100644 --- a/servlet5-common/pom.xml +++ b/servlet5-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 servlet5-common XiPKI :: ${project.artifactId} diff --git a/shell-base/pom.xml b/shell-base/pom.xml index cb29e29..e98b954 100644 --- a/shell-base/pom.xml +++ b/shell-base/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 shell-base bundle diff --git a/util/pom.xml b/util/pom.xml index a0c1e83..3c56474 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 bundle util diff --git a/xipki-tomcat-password/pom.xml b/xipki-tomcat-password/pom.xml index 3487d68..7bce74c 100644 --- a/xipki-tomcat-password/pom.xml +++ b/xipki-tomcat-password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4-SNAPSHOT + 6.3.4 xipki-tomcat-password From 28cfaded182dd3f64f3ee7ed33fa0bddcab795c4 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Mon, 1 Jan 2024 22:04:21 +0100 Subject: [PATCH 25/36] update CHANGELOG --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aea684d..52e0719 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ See also ## 6.3.4 -- Release date: 202y/mm/dd +- Release date: 2024/01/01 - Features: - Audit: Allow null event value. - Util XiHttpClient: evaluate content type only if SC != OK From d1da9a60959aafbe61b6e82cc67c824a8f420d83 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Mon, 1 Jan 2024 22:05:57 +0100 Subject: [PATCH 26/36] Prepare for next development iteration. --- CHANGELOG.md | 3 +++ audit-extra/pom.xml | 2 +- audit/pom.xml | 2 +- datasource/pom.xml | 2 +- password/pom.xml | 2 +- pom.xml | 2 +- security-shell/pom.xml | 2 +- security/pom.xml | 2 +- servlet3-common/pom.xml | 2 +- servlet5-common/pom.xml | 2 +- shell-base/pom.xml | 2 +- util/pom.xml | 2 +- xipki-tomcat-password/pom.xml | 2 +- 13 files changed, 15 insertions(+), 12 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52e0719..1618ff2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ See also +## 6.3.5 +- Release date: 2024/mm/dd + ## 6.3.4 - Release date: 2024/01/01 - Features: diff --git a/audit-extra/pom.xml b/audit-extra/pom.xml index cb0bff2..b0c0a9d 100644 --- a/audit-extra/pom.xml +++ b/audit-extra/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT bundle audit-extra diff --git a/audit/pom.xml b/audit/pom.xml index d3a60fc..cb57a78 100644 --- a/audit/pom.xml +++ b/audit/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT bundle audit diff --git a/datasource/pom.xml b/datasource/pom.xml index 32f587a..8105f86 100644 --- a/datasource/pom.xml +++ b/datasource/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT bundle datasource diff --git a/password/pom.xml b/password/pom.xml index 0ba286d..4bebd19 100644 --- a/password/pom.xml +++ b/password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT bundle password diff --git a/pom.xml b/pom.xml index 5641ab7..042e819 100644 --- a/pom.xml +++ b/pom.xml @@ -11,7 +11,7 @@ org.xipki.commons xipki-commons-parent pom - 6.3.4 + 6.3.5-SNAPSHOT XiPKI :: ${project.artifactId} XiPKI Parent http://xipki.org diff --git a/security-shell/pom.xml b/security-shell/pom.xml index c086fdc..c82dfbd 100644 --- a/security-shell/pom.xml +++ b/security-shell/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT security-shell bundle diff --git a/security/pom.xml b/security/pom.xml index c14345c..c9b46bc 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT security bundle diff --git a/servlet3-common/pom.xml b/servlet3-common/pom.xml index b69864c..d67bd2b 100644 --- a/servlet3-common/pom.xml +++ b/servlet3-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT servlet3-common XiPKI :: ${project.artifactId} diff --git a/servlet5-common/pom.xml b/servlet5-common/pom.xml index 340c57e..469116f 100644 --- a/servlet5-common/pom.xml +++ b/servlet5-common/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT servlet5-common XiPKI :: ${project.artifactId} diff --git a/shell-base/pom.xml b/shell-base/pom.xml index e98b954..7a870ef 100644 --- a/shell-base/pom.xml +++ b/shell-base/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT shell-base bundle diff --git a/util/pom.xml b/util/pom.xml index 3c56474..04241e4 100644 --- a/util/pom.xml +++ b/util/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT bundle util diff --git a/xipki-tomcat-password/pom.xml b/xipki-tomcat-password/pom.xml index 7bce74c..cd28f45 100644 --- a/xipki-tomcat-password/pom.xml +++ b/xipki-tomcat-password/pom.xml @@ -6,7 +6,7 @@ org.xipki.commons xipki-commons-parent - 6.3.4 + 6.3.5-SNAPSHOT xipki-tomcat-password From 8e4df63b600e61790e80d437203e49f9893e0085 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Tue, 16 Jan 2024 21:39:17 +0100 Subject: [PATCH 27/36] fixed typo. --- .../src/main/java/org/xipki/security/ObjectIdentifiers.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/src/main/java/org/xipki/security/ObjectIdentifiers.java b/security/src/main/java/org/xipki/security/ObjectIdentifiers.java index aeb7fce..691dd20 100644 --- a/security/src/main/java/org/xipki/security/ObjectIdentifiers.java +++ b/security/src/main/java/org/xipki/security/ObjectIdentifiers.java @@ -577,7 +577,7 @@ public static final class Extn { public static final ASN1ObjectIdentifier id_ccc_extn = id_ccc.branch("5"); public static final ASN1ObjectIdentifier id_ccc_Vehicle_Cert_K = id_ccc_extn.branch("1"); public static final ASN1ObjectIdentifier id_ccc_External_CA_Cert_F = id_ccc_extn.branch("2"); - public static final ASN1ObjectIdentifier id_ccc_Internal_CA_Cert_E = id_ccc_extn.branch("3"); + public static final ASN1ObjectIdentifier id_ccc_Instance_CA_Cert_E = id_ccc_extn.branch("3"); public static final ASN1ObjectIdentifier id_ccc_Endpoint_Cert_H = id_ccc_extn.branch("4"); public static final ASN1ObjectIdentifier id_ccc_VehicleOEM_Enc_Cert = id_ccc_extn.branch("5"); public static final ASN1ObjectIdentifier id_ccc_VehicleOEM_Sig_Cert = id_ccc_extn.branch("6"); @@ -654,7 +654,7 @@ private static class OidNameMap { // CCC oidNameMap.put(Extn.id_ccc_Vehicle_Cert_K, "CCC Vehicle Certificate [K]"); oidNameMap.put(Extn.id_ccc_External_CA_Cert_F, "CCC External CA Certificate [F]"); - oidNameMap.put(Extn.id_ccc_Internal_CA_Cert_E, "CCC External CA Certificate [E]"); + oidNameMap.put(Extn.id_ccc_Instance_CA_Cert_E, "CCC Instance CA Certificate [E]"); oidNameMap.put(Extn.id_ccc_Endpoint_Cert_H, "Endpoint Certificate [H]"); oidNameMap.put(Extn.id_ccc_VehicleOEM_Enc_Cert, "CCC VehicleOEM.Enc.Cert"); oidNameMap.put(Extn.id_ccc_VehicleOEM_Sig_Cert, "CCC VehicleOEM.Sig.Cert"); From ef789acc7a827664c1b0f522db626b7b115990b1 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Fri, 19 Jan 2024 20:08:41 +0100 Subject: [PATCH 28/36] add end new line. --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8811f68..da89db8 100644 --- a/README.md +++ b/README.md @@ -11,4 +11,5 @@ Just [create issue](https://github.com/xipki/commons/issues). For bug-report please upload the test data and log files, describe the version of XiPKI Commons, OS and -JRE/JDK, and the steps to reproduce the bug. \ No newline at end of file +JRE/JDK, and the steps to reproduce the bug. + From 74b721fcf67938c414fc81cd95ac425cd295e588 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Fri, 12 Apr 2024 21:55:03 +0200 Subject: [PATCH 29/36] ConcurrentBag does not have a fair borrow mechanism, use BlockingQueue instead --- .../org/xipki/security/shell/Actions.java | 5 +- .../security/ConcurrentContentSigner.java | 7 +- .../security/DfltConcurrentContentSigner.java | 43 +- .../java/org/xipki/security/HashAlgo.java | 25 +- .../org/xipki/security/HashCalculator.java | 189 ------ .../java/org/xipki/security/IssuerHash.java | 4 +- .../pkcs11/emulator/EmulatorP11Key.java | 62 +- .../security/pkcs12/P12KeyGenerator.java | 2 +- .../test/CrlTestVectorGenerateMain.java | 7 +- .../java/org/xipki/util/ConcurrentBag.java | 553 ------------------ 10 files changed, 81 insertions(+), 816 deletions(-) delete mode 100644 security/src/main/java/org/xipki/security/HashCalculator.java delete mode 100644 util/src/main/java/org/xipki/util/ConcurrentBag.java diff --git a/security-shell/src/main/java/org/xipki/security/shell/Actions.java b/security-shell/src/main/java/org/xipki/security/shell/Actions.java index 4ab9d79..1d8ec1f 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/Actions.java @@ -74,7 +74,6 @@ import org.xipki.util.Base64; import org.xipki.util.CollectionUtil; import org.xipki.util.CompareUtil; -import org.xipki.util.ConcurrentBag; import org.xipki.util.DateUtil; import org.xipki.util.Hex; import org.xipki.util.IoUtil; @@ -875,7 +874,7 @@ private PKCS10CertificationRequest generateRequest( } } - ConcurrentBag.BagEntry signer0; + XiContentSigner signer0; try { signer0 = signer.borrowSigner(); } catch (NoIdleSignerException ex) { @@ -883,7 +882,7 @@ private PKCS10CertificationRequest generateRequest( } try { - return csrBuilder.build(signer0.value()); + return csrBuilder.build(signer0); } finally { signer.requiteSigner(signer0); } diff --git a/security/src/main/java/org/xipki/security/ConcurrentContentSigner.java b/security/src/main/java/org/xipki/security/ConcurrentContentSigner.java index 96f8ce8..baac18f 100644 --- a/security/src/main/java/org/xipki/security/ConcurrentContentSigner.java +++ b/security/src/main/java/org/xipki/security/ConcurrentContentSigner.java @@ -4,7 +4,6 @@ package org.xipki.security; import org.bouncycastle.operator.ContentSigner; -import org.xipki.util.ConcurrentBag.BagEntry; import java.io.Closeable; import java.security.Key; @@ -98,7 +97,7 @@ public interface ConcurrentContentSigner extends Closeable { * @throws NoIdleSignerException * If no idle signer is available */ - BagEntry borrowSigner() throws NoIdleSignerException; + XiContentSigner borrowSigner() throws NoIdleSignerException; /** * Borrows a signer with the given {@code soTimeout}. @@ -107,9 +106,9 @@ public interface ConcurrentContentSigner extends Closeable { * @throws NoIdleSignerException * If no idle signer is available */ - BagEntry borrowSigner(int soTimeout) throws NoIdleSignerException; + XiContentSigner borrowSigner(int soTimeout) throws NoIdleSignerException; - void requiteSigner(BagEntry signer); + void requiteSigner(XiContentSigner signer); boolean isHealthy(); diff --git a/security/src/main/java/org/xipki/security/DfltConcurrentContentSigner.java b/security/src/main/java/org/xipki/security/DfltConcurrentContentSigner.java index f6baa9b..048f454 100644 --- a/security/src/main/java/org/xipki/security/DfltConcurrentContentSigner.java +++ b/security/src/main/java/org/xipki/security/DfltConcurrentContentSigner.java @@ -7,8 +7,6 @@ import org.slf4j.LoggerFactory; import org.xipki.util.Args; import org.xipki.util.CollectionUtil; -import org.xipki.util.ConcurrentBag; -import org.xipki.util.ConcurrentBag.BagEntry; import org.xipki.util.LogUtil; import java.io.IOException; @@ -20,6 +18,7 @@ import java.util.Arrays; import java.util.List; import java.util.Optional; +import java.util.concurrent.ArrayBlockingQueue; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; @@ -38,7 +37,7 @@ public class DfltConcurrentContentSigner implements ConcurrentContentSigner { private static int defaultSignServiceTimeout = 10000; // 10 seconds - private final ConcurrentBag signers = new ConcurrentBag<>(); + private final ArrayBlockingQueue signers; private final String name; @@ -80,10 +79,8 @@ public DfltConcurrentContentSigner(boolean mac, List signers, K this.mac = mac; this.algorithm = SignAlgo.getInstance(signers.get(0).getAlgorithmIdentifier()); - - for (XiContentSigner signer : signers) { - this.signers.add(new BagEntry<>(signer)); - } + this.signers = new ArrayBlockingQueue<>(signers.size()); + this.signers.addAll(signers); this.signingKey = signingKey; this.name = "defaultSigner-" + NAME_INDEX.getAndIncrement(); @@ -120,7 +117,7 @@ public SignAlgo getAlgorithm() { } @Override - public BagEntry borrowSigner() throws NoIdleSignerException { + public XiContentSigner borrowSigner() throws NoIdleSignerException { return borrowSigner(defaultSignServiceTimeout); } @@ -130,10 +127,10 @@ public BagEntry borrowSigner() throws NoIdleSignerException { * @param soTimeout timeout in milliseconds, 0 for infinitely. */ @Override - public BagEntry borrowSigner(int soTimeout) throws NoIdleSignerException { - BagEntry signer = null; + public XiContentSigner borrowSigner(int soTimeout) throws NoIdleSignerException { + XiContentSigner signer = null; try { - signer = signers.borrow(soTimeout, TimeUnit.MILLISECONDS); + signer = signers.poll(soTimeout, TimeUnit.MILLISECONDS); } catch (InterruptedException ex) { } @@ -142,8 +139,8 @@ public BagEntry borrowSigner(int soTimeout) throws NoIdleSigner } @Override - public void requiteSigner(BagEntry signer) { - signers.requite(signer); + public void requiteSigner(XiContentSigner signer) { + signers.add(signer); } @Override @@ -188,12 +185,12 @@ public X509Cert[] getCertificateChain() { @Override public boolean isHealthy() { - BagEntry signer = null; + XiContentSigner signer = null; try { signer = borrowSigner(); - OutputStream stream = signer.value().getOutputStream(); + OutputStream stream = signer.getOutputStream(); stream.write(new byte[]{1, 2, 3, 4}); - byte[] signature = signer.value().getSignature(); + byte[] signature = signer.getSignature(); return signature != null && signature.length > 0; } catch (Exception ex) { LogUtil.error(LOG, ex); @@ -211,15 +208,15 @@ public void close() { @Override public byte[] sign(byte[] data) throws NoIdleSignerException, SignatureException { - BagEntry signer = borrowSigner(); + XiContentSigner signer = borrowSigner(); try { - OutputStream signatureStream = signer.value().getOutputStream(); + OutputStream signatureStream = signer.getOutputStream(); try { signatureStream.write(data); } catch (IOException ex) { throw new SignatureException("could not write data to SignatureStream: " + ex.getMessage(), ex); } - return signer.value().getSignature(); + return signer.getSignature(); } finally { requiteSigner(signer); } @@ -228,19 +225,17 @@ public byte[] sign(byte[] data) throws NoIdleSignerException, SignatureException @Override public byte[][] sign(byte[][] data) throws NoIdleSignerException, SignatureException { byte[][] signatures = new byte[data.length][]; - BagEntry signer = borrowSigner(); + XiContentSigner signer = borrowSigner(); try { - XiContentSigner xiSigner = signer.value(); - for (int i = 0; i < data.length; i++) { - OutputStream signatureStream = xiSigner.getOutputStream(); + OutputStream signatureStream = signer.getOutputStream(); try { signatureStream.write(data[i]); } catch (IOException ex) { throw new SignatureException("could not write data to SignatureStream: " + ex.getMessage(), ex); } - signatures[i] = xiSigner.getSignature(); + signatures[i] = signer.getSignature(); } } finally { requiteSigner(signer); diff --git a/security/src/main/java/org/xipki/security/HashAlgo.java b/security/src/main/java/org/xipki/security/HashAlgo.java index 86e4630..78fa517 100644 --- a/security/src/main/java/org/xipki/security/HashAlgo.java +++ b/security/src/main/java/org/xipki/security/HashAlgo.java @@ -9,6 +9,7 @@ import org.bouncycastle.asn1.gm.GMObjectIdentifiers; import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.crypto.Digest; import org.bouncycastle.crypto.ExtendedDigest; import org.bouncycastle.crypto.digests.SHA1Digest; import org.bouncycastle.crypto.digests.SHA224Digest; @@ -19,6 +20,8 @@ import org.bouncycastle.crypto.digests.SHAKEDigest; import org.bouncycastle.crypto.digests.SM3Digest; import org.xipki.util.Args; +import org.xipki.util.Base64; +import org.xipki.util.Hex; import java.io.IOException; import java.security.NoSuchAlgorithmException; @@ -226,27 +229,37 @@ public ExtendedDigest createDigest() { } public String hexHash(byte[]... datas) { - return HashCalculator.hexHash(this, datas); + return Hex.encode(hash(datas)); } public String hexHash(byte[] data, int offset, int len) { - return HashCalculator.hexHash(this, data, offset, len); + return Hex.encode(hash(data, offset, len)); } public String base64Hash(byte[]... datas) { - return HashCalculator.base64Hash(this, datas); + return Base64.encodeToString(hash(datas)); } public String base64Hash(byte[] data, int offset, int len) { - return HashCalculator.base64Hash(this, data, offset, len); + return Base64.encodeToString(hash(data, offset, len)); } public byte[] hash(byte[]... datas) { - return HashCalculator.hash(this, datas); + Digest digest = createDigest(); + for (byte[] data : datas) { + digest.update(data, 0, data.length); + } + byte[] rv = new byte[length]; + digest.doFinal(rv, 0); + return rv; } public byte[] hash(byte[] data, int offset, int len) { - return HashCalculator.hash(this, data, offset, len); + Digest digest = createDigest(); + digest.update(data, offset, len); + byte[] rv = new byte[length]; + digest.doFinal(rv, 0); + return rv; } public int getEncodedLength() { diff --git a/security/src/main/java/org/xipki/security/HashCalculator.java b/security/src/main/java/org/xipki/security/HashCalculator.java deleted file mode 100644 index 03ad35f..0000000 --- a/security/src/main/java/org/xipki/security/HashCalculator.java +++ /dev/null @@ -1,189 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 - -package org.xipki.security; - -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.operator.RuntimeOperatorException; -import org.xipki.util.Args; -import org.xipki.util.Base64; -import org.xipki.util.ConcurrentBag; -import org.xipki.util.ConcurrentBag.BagEntry; -import org.xipki.util.Hex; - -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.TimeUnit; - -/** - * Utility class to calculate hash values. - * - * @author Lijun Liao (xipki) - * @since 2.0.0 - */ - -class HashCalculator { - - private static final int PARALLELISM = 50; - - private static final ConcurrentHashMap> - MDS_MAP = new ConcurrentHashMap<>(); - - static { - for (HashAlgo ha : HashAlgo.values()) { - MDS_MAP.put(ha, getMessageDigests(ha)); - } - } - - private HashCalculator() { - } - - private static ConcurrentBag getMessageDigests(HashAlgo hashAlgo) { - ConcurrentBag mds = new ConcurrentBag<>(); - for (int i = 0; i < PARALLELISM; i++) { - mds.add(new BagEntry<>(hashAlgo.createDigest())); - } - return mds; - } - - public static String base64Sha1(byte[]... datas) { - return Base64.encodeToString(hash(HashAlgo.SHA1, datas)); - } - - public static String base64Sha1(byte[] data, int offset, int len) { - return Base64.encodeToString(hash(HashAlgo.SHA1, data, offset, len)); - } - - public static String hexSha1(byte[]... datas) { - return Hex.encode(hash(HashAlgo.SHA1, datas)); - } - - public static String hexSha1(byte[] data, int offset, int len) { - return Hex.encode(hash(HashAlgo.SHA1, data, offset, len)); - } - - public static byte[] sha1(byte[]... datas) { - return hash(HashAlgo.SHA1, datas); - } - - public static byte[] sha1(byte[] data, int offset, int len) { - return hash(HashAlgo.SHA1, data, offset, len); - } - - public static String base64Sha256(byte[]... datas) { - return Base64.encodeToString(hash(HashAlgo.SHA256, datas)); - } - - public static String base64Sha256(byte[] data, int offset, int len) { - return Base64.encodeToString(hash(HashAlgo.SHA256, data, offset, len)); - } - - public static String hexSha256(byte[]... datas) { - return Hex.encode(hash(HashAlgo.SHA256, datas)); - } - - public static String hexSha256(byte[] data, int offset, int len) { - return Hex.encode(hash(HashAlgo.SHA256, data, offset, len)); - } - - public static byte[] sha256(byte[]... datas) { - return hash(HashAlgo.SHA256, datas); - } - - public static byte[] sha256(byte[] data, int offset, int len) { - return hash(HashAlgo.SHA256, data, offset, len); - } - - public static String hexHash(HashAlgo hashAlgo, byte[]... datas) { - return Hex.encode(hash(hashAlgo, datas)); - } - - public static String hexHash(HashAlgo hashAlgo, byte[] data, int offset, int len) { - return Hex.encode(hash(hashAlgo, data, offset, len)); - } - - public static String base64Hash(HashAlgo hashAlgo, byte[]... datas) { - return Base64.encodeToString(hash(hashAlgo, datas)); - } - - public static String base64Hash(HashAlgo hashAlgo, byte[] data, int offset, int len) { - return Base64.encodeToString(hash(hashAlgo, data, offset, len)); - } - - public static byte[] hash(HashAlgo hashAlgo, byte[]... datas) { - Args.notNull(datas, "datas"); - - if (!MDS_MAP.containsKey(Args.notNull(hashAlgo, "hashAlgo"))) { - throw new IllegalArgumentException("unknown hash algo " + hashAlgo); - } - - ConcurrentBag mds = MDS_MAP.get(hashAlgo); - - BagEntry md0 = null; - for (int i = 0; i < 3; i++) { - try { - md0 = mds.borrow(10, TimeUnit.SECONDS); - break; - } catch (InterruptedException ex) { - } - } - - if (md0 == null) { - throw new RuntimeOperatorException("could not get idle MessageDigest"); - } - - try { - Digest md = md0.value(); - md.reset(); - for (byte[] data : datas) { - if (data != null && data.length > 0) { - md.update(data, 0, data.length); - } - } - - byte[] bytes = new byte[md.getDigestSize()]; - md.doFinal(bytes, 0); - return bytes; - } finally { - mds.requite(md0); - } - } // method hash - - public static byte[] hash(HashAlgo hashAlgo, byte[] data, int offset, int len) { - Args.notNull(hashAlgo, "hashAlgo"); - - if (Args.notNull(data, "data").length - offset < len) { - throw new IndexOutOfBoundsException("data.length - offset < len"); - } - - if (!MDS_MAP.containsKey(hashAlgo)) { - throw new IllegalArgumentException("unknown hash algo " + hashAlgo); - } - - ConcurrentBag mds = MDS_MAP.get(hashAlgo); - - BagEntry md0 = null; - for (int i = 0; i < 3; i++) { - try { - md0 = mds.borrow(10, TimeUnit.SECONDS); - break; - } catch (InterruptedException ex) { - } - } - - if (md0 == null) { - throw new RuntimeOperatorException("could not get idle MessageDigest"); - } - - try { - Digest md = md0.value(); - md.reset(); - md.update(data, offset, len); - byte[] bytes = new byte[md.getDigestSize()]; - md.doFinal(bytes, 0); - return bytes; - } finally { - mds.requite(md0); - } - } // method hash - -} diff --git a/security/src/main/java/org/xipki/security/IssuerHash.java b/security/src/main/java/org/xipki/security/IssuerHash.java index d0e3725..7c376c5 100644 --- a/security/src/main/java/org/xipki/security/IssuerHash.java +++ b/security/src/main/java/org/xipki/security/IssuerHash.java @@ -36,8 +36,8 @@ public IssuerHash(HashAlgo hashAlgo, X509Cert issuerCert) throws IOException { this.hashAlgo = Args.notNull(hashAlgo, "hashAlgo"); byte[] encodedName = Args.notNull(issuerCert, "issuerCert").getSubject().getEncoded(); byte[] encodedKey = issuerCert.getSubjectPublicKeyInfo().getPublicKeyData().getBytes(); - this.issuerNameHash = HashCalculator.hash(hashAlgo, encodedName); - this.issuerKeyHash = HashCalculator.hash(hashAlgo, encodedKey); + this.issuerNameHash = hashAlgo.hash(encodedName); + this.issuerKeyHash = hashAlgo.hash(encodedKey); } public HashAlgo getHashAlgo() { diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java index 6c96b73..c5a19f7 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Key.java @@ -28,8 +28,6 @@ import org.xipki.security.util.PKCS1Util; import org.xipki.security.util.SignerUtil; import org.xipki.util.Args; -import org.xipki.util.ConcurrentBag; -import org.xipki.util.ConcurrentBag.BagEntry; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -48,6 +46,8 @@ import java.util.HashMap; import java.util.Map; import java.util.Optional; +import java.util.concurrent.ArrayBlockingQueue; +import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.TimeUnit; import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKG_MGF1_SHA1; @@ -159,13 +159,13 @@ class EmulatorP11Key extends P11Key { private final Key signingKey; - private final ConcurrentBag rsaCiphers = new ConcurrentBag<>(); + private final ArrayBlockingQueue rsaCiphers; - private final ConcurrentBag dsaSignatures = new ConcurrentBag<>(); + private final ArrayBlockingQueue dsaSignatures; - private final ConcurrentBag eddsaSignatures = new ConcurrentBag<>(); + private final ArrayBlockingQueue eddsaSignatures; - private final ConcurrentBag sm2Signers = new ConcurrentBag<>(); + private final ArrayBlockingQueue sm2Signers; private final SecureRandom random; @@ -264,6 +264,10 @@ public EmulatorP11Key( this.signingKey = Args.notNull(signingKey, "signingKey"); this.random = Args.notNull(random, "random"); this.maxSessions = maxSessions; + this.dsaSignatures = new ArrayBlockingQueue<>(maxSessions); + this.eddsaSignatures = new ArrayBlockingQueue<>(maxSessions); + this.sm2Signers = new ArrayBlockingQueue<>(maxSessions); + this.rsaCiphers = new ArrayBlockingQueue<>(maxSessions); } // constructor public void setEcParams(ASN1ObjectIdentifier ecParams) { @@ -312,7 +316,7 @@ private synchronized void init() throws TokenException { } } rsaCipher.init(Cipher.ENCRYPT_MODE, signingKey); - rsaCiphers.add(new BagEntry<>(rsaCipher)); + rsaCiphers.add(rsaCipher); } } else { String algorithm; @@ -334,7 +338,7 @@ private synchronized void init() throws TokenException { for (int i = 0; i < maxSessions; i++) { Signature dsaSignature = Signature.getInstance(algorithm, "BC"); dsaSignature.initSign((PrivateKey) signingKey, random); - dsaSignatures.add(new BagEntry<>(dsaSignature)); + dsaSignatures.add(dsaSignature); } } else if (keyType == CKK_EC_EDWARDS) { algorithm = EdECConstants.getName(getEcParams()); @@ -344,7 +348,7 @@ private synchronized void init() throws TokenException { for (int i = 0; i < maxSessions; i++) { Signature signature = Signature.getInstance(algorithm, "BC"); signature.initSign((PrivateKey) signingKey); - eddsaSignatures.add(new BagEntry<>(signature)); + eddsaSignatures.add(signature); } } else if (keyType == CKK_EC_MONTGOMERY) { // do nothing. not suitable for sign. @@ -352,7 +356,7 @@ private synchronized void init() throws TokenException { for (int i = 0; i < maxSessions; i++) { EmulatorSM2Signer sm2signer = new EmulatorSM2Signer(ECUtil.generatePrivateKeyParameter((PrivateKey) signingKey)); - sm2Signers.add(new BagEntry<>(sm2signer)); + sm2Signers.add(sm2signer); } } } @@ -509,38 +513,37 @@ private byte[] rsaPkcsSign(byte[] contentToSign, HashAlgo hashAlgo) throws Token } // method rsaPkcsSign private byte[] rsaX509Sign(byte[] dataToSign) throws TokenException { - BagEntry cipher; + Cipher cipher; try { - cipher = Optional.ofNullable(rsaCiphers.borrow(5000, TimeUnit.MILLISECONDS)).orElseThrow( + cipher = Optional.ofNullable(rsaCiphers.poll(5000, TimeUnit.MILLISECONDS)).orElseThrow( () -> new TokenException("no idle RSA cipher available")); } catch (InterruptedException ex) { throw new TokenException("could not take any idle signer"); } try { - return cipher.value().doFinal(dataToSign); + return cipher.doFinal(dataToSign); } catch (BadPaddingException ex) { throw new TokenException("BadPaddingException: " + ex.getMessage(), ex); } catch (IllegalBlockSizeException ex) { throw new TokenException("IllegalBlockSizeException: " + ex.getMessage(), ex); } finally { - rsaCiphers.requite(cipher); + rsaCiphers.add(cipher); } } // method rsaX509Sign private byte[] dsaAndEcdsaSign(byte[] dataToSign, HashAlgo hashAlgo) throws TokenException { byte[] hash = (hashAlgo == null) ? dataToSign : hashAlgo.hash(dataToSign); - BagEntry sig0; + Signature sig; try { - sig0 = Optional.ofNullable(dsaSignatures.borrow(5000, TimeUnit.MILLISECONDS)) + sig = Optional.ofNullable(dsaSignatures.poll(5000, TimeUnit.MILLISECONDS)) .orElseThrow(() -> new TokenException("no idle DSA Signature available")); } catch (InterruptedException ex) { throw new TokenException("InterruptedException occurs while retrieving idle signature"); } try { - Signature sig = sig0.value(); sig.update(hash); byte[] x962Signature = sig.sign(); return SignerUtil.dsaSigX962ToPlain(x962Signature, dsaOrderBitLen); @@ -549,7 +552,7 @@ private byte[] dsaAndEcdsaSign(byte[] dataToSign, HashAlgo hashAlgo) throws Toke } catch (XiSecurityException ex) { throw new TokenException("XiSecurityException: " + ex.getMessage(), ex); } finally { - dsaSignatures.requite(sig0); + dsaSignatures.add(sig); } } // method dsaAndEcdsaSign @@ -558,43 +561,42 @@ private byte[] eddsaSign(byte[] dataToSign) throws TokenException { throw new TokenException("given signing key is not suitable for EdDSA sign"); } - BagEntry sig0; + Signature sig; try { - sig0 = Optional.ofNullable(eddsaSignatures.borrow(5000, TimeUnit.MILLISECONDS)) + sig = Optional.ofNullable(eddsaSignatures.poll(5000, TimeUnit.MILLISECONDS)) .orElseThrow(() -> new TokenException("no idle DSA Signature available")); } catch (InterruptedException ex) { throw new TokenException("InterruptedException occurs while retrieving idle signature"); } try { - Signature sig = sig0.value(); sig.update(dataToSign); return sig.sign(); } catch (SignatureException ex) { throw new TokenException("SignatureException: " + ex.getMessage(), ex); } finally { - eddsaSignatures.requite(sig0); + eddsaSignatures.add(sig); } } // method eddsaSign private byte[] sm2SignHash(byte[] hash) throws TokenException { - BagEntry sig; + EmulatorSM2Signer sig; try { - sig = Optional.ofNullable(sm2Signers.borrow(5000, TimeUnit.MILLISECONDS)).orElseThrow( + sig = Optional.ofNullable(sm2Signers.poll(5000, TimeUnit.MILLISECONDS)).orElseThrow( () -> new TokenException("no idle SM2 Signer available")); } catch (InterruptedException ex) { throw new TokenException("InterruptedException occurs while retrieving idle signature"); } try { - byte[] x962Signature = sig.value().generateSignatureForHash(hash); + byte[] x962Signature = sig.generateSignatureForHash(hash); return SignerUtil.dsaSigX962ToPlain(x962Signature, dsaOrderBitLen); } catch (CryptoException ex) { throw new TokenException("CryptoException: " + ex.getMessage(), ex); } catch (XiSecurityException ex) { throw new TokenException("XiSecurityException: " + ex.getMessage(), ex); } finally { - sm2Signers.requite(sig); + sm2Signers.add(sig); } } // method sm2SignHash @@ -610,23 +612,23 @@ private byte[] sm2Sign(P11Params params, byte[] dataToSign) throws TokenExceptio throw new TokenException("params must be instanceof P11ByteArrayParams"); } - BagEntry sig0; + EmulatorSM2Signer sig; try { - sig0 = Optional.ofNullable(sm2Signers.borrow(5000, TimeUnit.MILLISECONDS)).orElseThrow( + sig = Optional.ofNullable(sm2Signers.poll(5000, TimeUnit.MILLISECONDS)).orElseThrow( () -> new TokenException("no idle SM2 Signer available")); } catch (InterruptedException ex) { throw new TokenException("InterruptedException occurs while retrieving idle signature"); } try { - byte[] x962Signature = sig0.value().generateSignatureForMessage(userId, dataToSign); + byte[] x962Signature = sig.generateSignatureForMessage(userId, dataToSign); return SignerUtil.dsaSigX962ToPlain(x962Signature, dsaOrderBitLen); } catch (CryptoException ex) { throw new TokenException("CryptoException: " + ex.getMessage(), ex); } catch (XiSecurityException ex) { throw new TokenException("XiSecurityException: " + ex.getMessage(), ex); } finally { - sm2Signers.requite(sig0); + sm2Signers.add(sig); } } // method sm2Sign diff --git a/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java b/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java index 301663f..cd57612 100644 --- a/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java +++ b/security/src/main/java/org/xipki/security/pkcs12/P12KeyGenerator.java @@ -291,7 +291,7 @@ public static ContentSigner getContentSigner(PrivateKey key, PublicKey publicKey P12ContentSignerBuilder builder = new P12ContentSignerBuilder(key, publicKey); ConcurrentContentSigner csigner = builder.createSigner(algo, 1, null); - return csigner.borrowSigner().value(); + return csigner.borrowSigner(); } // method getContentSigner } diff --git a/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java b/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java index 4a69d0b..86eeba5 100644 --- a/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java +++ b/security/src/test/java/org/xipki/security/test/CrlTestVectorGenerateMain.java @@ -14,7 +14,6 @@ import org.xipki.security.SignerConf; import org.xipki.security.X509Cert; import org.xipki.security.XiContentSigner; -import org.xipki.util.ConcurrentBag.BagEntry; import org.xipki.util.ConfPairs; import org.xipki.util.IoUtil; @@ -53,7 +52,7 @@ private static void genTestVectors() throws Exception { "PKCS12", sconf, (X509Cert) null); X509Cert caCert = csigner.getCertificate(); - BagEntry signer = csigner.borrowSigner(); + XiContentSigner signer = csigner.borrowSigner(); // no revoked certs X509v2CRLBuilder builder = getBuilder(caCert, true, true); buildCrl(builder, signer, "no-revoked-certs.crl"); @@ -87,9 +86,9 @@ private static void genTestVectors() throws Exception { } } - private static void buildCrl(X509v2CRLBuilder builder, BagEntry signer, String fn) + private static void buildCrl(X509v2CRLBuilder builder, XiContentSigner signer, String fn) throws Exception { - byte[] encoded = builder.build(signer.value()).getEncoded(); + byte[] encoded = builder.build(signer).getEncoded(); IoUtil.save("output/" + fn, encoded); } diff --git a/util/src/main/java/org/xipki/util/ConcurrentBag.java b/util/src/main/java/org/xipki/util/ConcurrentBag.java deleted file mode 100644 index dafd500..0000000 --- a/util/src/main/java/org/xipki/util/ConcurrentBag.java +++ /dev/null @@ -1,553 +0,0 @@ -// #THIRDPARTY# HikariCP - -/* - * Copyright (C) 2013, 2014 Brett Wooldridge - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.xipki.util; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.lang.ref.WeakReference; -import java.lang.reflect.Array; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Comparator; -import java.util.Iterator; -import java.util.List; -import java.util.ListIterator; -import java.util.NoSuchElementException; -import java.util.RandomAccess; -import java.util.Spliterator; -import java.util.concurrent.CopyOnWriteArrayList; -import java.util.concurrent.SynchronousQueue; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicInteger; -import java.util.concurrent.atomic.AtomicIntegerFieldUpdater; -import java.util.function.Consumer; -import java.util.function.Predicate; -import java.util.function.UnaryOperator; - -import static java.util.concurrent.TimeUnit.MICROSECONDS; -import static java.util.concurrent.TimeUnit.NANOSECONDS; -import static java.util.concurrent.locks.LockSupport.parkNanos; - -/** - * This is a specialized concurrent bag that achieves superior performance - * to LinkedBlockingQueue and LinkedTransferQueue for the purposes of a - * connection pool. It uses ThreadLocal storage when possible to avoid - * locks, but resorts to scanning a common collection if there are no - * available items in the ThreadLocal list. Not-in-use items in the - * ThreadLocal lists can be "stolen" when the borrowing thread has none - * of its own. It is a "lock-less" implementation using a specialized - * AbstractQueuedLongSynchronizer to manage cross-thread signaling. - *

- * Note that items that are "borrowed" from the bag are not actually - * removed from any collection, so garbage collection will not occur - * even if the reference is abandoned. Thus care must be taken to - * "requite" borrowed objects otherwise a memory leak will result. Only - * the "remove" method can completely remove an object from the bag. - * - * @author Brett Wooldridge - * @author Lijun Liao (xipki) - * - * @param the templated type to store in the bag - */ -public class ConcurrentBag implements AutoCloseable { - - private static final Logger LOG = LoggerFactory.getLogger(ConcurrentBag.class); - - private final CopyOnWriteArrayList> sharedList; - private final boolean weakThreadLocals; - - private final ThreadLocal> threadList; - private final AtomicInteger waiters; - private volatile boolean closed; - - private final SynchronousQueue> handoffQueue; - - private static final int STATE_NOT_IN_USE = 0; - private static final int STATE_IN_USE = 1; - private static final int STATE_REMOVED = -1; - private static final int STATE_RESERVED = -2; - - /** - * Construct a ConcurrentBag with the specified listener. - */ - public ConcurrentBag() { - this.weakThreadLocals = useWeakThreadLocals(); - - this.handoffQueue = new SynchronousQueue<>(true); - this.waiters = new AtomicInteger(); - this.sharedList = new CopyOnWriteArrayList<>(); - if (weakThreadLocals) { - this.threadList = ThreadLocal.withInitial(() -> new ArrayList<>(16)); - } else { - this.threadList = ThreadLocal.withInitial(() -> new FastList<>(BagEntry.class, 16)); - } - } - - /** - * The method will borrow a BagEntry from the bag, blocking for the - * specified timeout if none are available. - * - * @param timeout how long to wait before giving up, in units of unit - * @param timeUnit a TimeUnit determining how to interpret the timeout parameter - * @return a borrowed instance from the bag or null if a timeout occurs - * @throws InterruptedException if interrupted while waiting - */ - public BagEntry borrow(long timeout, final TimeUnit timeUnit) throws InterruptedException { - // Try the thread-local list first - final List list = threadList.get(); - for (int i = list.size() - 1; i >= 0; i--) { - final Object entry = list.remove(i); - @SuppressWarnings("unchecked") - final BagEntry bagEntry = weakThreadLocals ? ((WeakReference>) entry).get() : (BagEntry) entry; - if (bagEntry != null && bagEntry.compareAndSet(STATE_NOT_IN_USE, STATE_IN_USE)) { - return bagEntry; - } - } - - try { - for (BagEntry bagEntry : sharedList) { - if (bagEntry.compareAndSet(STATE_NOT_IN_USE, STATE_IN_USE)) { - return bagEntry; - } - } - - timeout = timeUnit.toNanos(timeout); - do { - final long start = System.nanoTime(); - final BagEntry bagEntry = handoffQueue.poll(timeout, NANOSECONDS); - if (bagEntry == null || bagEntry.compareAndSet(STATE_NOT_IN_USE, STATE_IN_USE)) { - return bagEntry; - } - - timeout -= System.nanoTime() - start; - } while (timeout > 10_000); - - return null; - } finally { - waiters.decrementAndGet(); - } - } - - /** - * This method will return a borrowed object to the bag. Objects - * that are borrowed from the bag but never "requited" will result - * in a memory leak. - * - * @param bagEntry the value to return to the bag - * @throws NullPointerException if value is null - * @throws IllegalStateException if the bagEntry was not borrowed from the bag - */ - public void requite(final BagEntry bagEntry) { - bagEntry.setState(STATE_NOT_IN_USE); - - for (int i = 0; waiters.get() > 0; i++) { - if (bagEntry.getState() != STATE_NOT_IN_USE || handoffQueue.offer(bagEntry)) { - return; - } else if ((i & 0xff) == 0xff) { - parkNanos(MICROSECONDS.toNanos(10)); - } else { - Thread.yield(); - } - } - - final List threadLocalList = threadList.get(); - if (threadLocalList.size() < 50) { - threadLocalList.add(weakThreadLocals ? new WeakReference<>(bagEntry) : bagEntry); - } - } - - /** - * Add a new object to the bag for others to borrow. - * - * @param bagEntry an object to add to the bag - */ - public void add(final BagEntry bagEntry) { - if (closed) { - LOG.info("ConcurrentBag has been closed, ignoring add()"); - throw new IllegalStateException("ConcurrentBag has been closed, ignoring add()"); - } - - sharedList.add(bagEntry); - - // spin until a thread takes it or none are waiting - while (waiters.get() > 0 && bagEntry.getState() == STATE_NOT_IN_USE && !handoffQueue.offer(bagEntry)) { - Thread.yield(); - } - } - - /** - * Remove a value from the bag. This method should only be called - * with objects obtained by borrow(long, TimeUnit) or reserve(T) - * - * @param bagEntry the value to remove - * @return true if the entry was removed, false otherwise - * @throws IllegalStateException if an attempt is made to remove an object - * from the bag that was not borrowed or reserved first - */ - public boolean remove(final BagEntry bagEntry) { - if (!bagEntry.compareAndSet(STATE_IN_USE, STATE_REMOVED) - && !bagEntry.compareAndSet(STATE_RESERVED, STATE_REMOVED) && !closed) { - LOG.warn("Attempt to remove an object from the bag that was not borrowed or reserved: {}", bagEntry); - return false; - } - - final boolean removed = sharedList.remove(bagEntry); - if (!removed && !closed) { - LOG.warn("Attempt to remove an object from the bag that does not exist: {}", bagEntry); - } - - threadList.get().remove(bagEntry); - - return removed; - } - - /** - * Close the bag to further adds. - */ - @Override - public void close() { - closed = true; - } - - /** - * This method provides a "snapshot" in time of the bag items. It - * does not "lock" or reserve items in any way. Call reserve(T) - * on items in the list, or understand the concurrency implications of - * modifying items, before performing any action on them. - * - * @return a possibly empty list of (all) bag items - */ - @SuppressWarnings("unchecked") - public List> values() { - return (List>) sharedList.clone(); - } - - /** - * Get the total number of items in the bag. - * - * @return the number of items in the bag - */ - public int size() { - return sharedList.size(); - } - - /** - * Determine whether to use WeakReferences based on whether there is a - * custom ClassLoader implementation sitting between this class and the - * System ClassLoader. - * - * @return true if we should use WeakReferences in our ThreadLocals, false otherwise - */ - private boolean useWeakThreadLocals() { - try { - return getClass().getClassLoader() != ClassLoader.getSystemClassLoader(); - } catch (SecurityException se) { - return true; - } - } - - public static class BagEntry { - - @SuppressWarnings({ "unused" }) - private volatile int state = 0; // Don't delete me and add final declaration, will be used by the stateUpdater - - private static final AtomicIntegerFieldUpdater stateUpdater; - - private final T value; - - static { - stateUpdater = AtomicIntegerFieldUpdater.newUpdater(BagEntry.class, "state"); - } - - public BagEntry(T value) { - this.value = value; - } - - public T value() { - return value; - } - - public int getState() { - return stateUpdater.get(this); - } - - public boolean compareAndSet(int expect, int update) { - return stateUpdater.compareAndSet(this, expect, update); - } - - public void setState(int update) { - stateUpdater.set(this, update); - } - - } - - /** - * Fast list without range checking. - * - * @author Brett Wooldridge - */ - private static final class FastList implements List, RandomAccess { - - private final Class clazz; - private T[] elementData; - private int size; - - /** - * Construct a FastList with a specified size. - * @param clazz the Class stored in the collection - * @param capacity the initial size of the FastList - */ - @SuppressWarnings("unchecked") - public FastList(Class clazz, int capacity) { - this.elementData = (T[]) Array.newInstance(clazz, capacity); - this.clazz = clazz; - } - - /** - * Add an element to the tail of the FastList. - * - * @param element the element to add - */ - @Override - public boolean add(T element) { - if (size < elementData.length) { - elementData[size++] = element; - } else { - // overflow-conscious code - final int oldCapacity = elementData.length; - final int newCapacity = oldCapacity << 1; - @SuppressWarnings("unchecked") - final T[] newElementData = (T[]) Array.newInstance(clazz, newCapacity); - System.arraycopy(elementData, 0, newElementData, 0, oldCapacity); - newElementData[size++] = element; - elementData = newElementData; - } - - return true; - } - - /** - * Get the element at the specified index. - * - * @param index the index of the element to get - * @return the element, or ArrayIndexOutOfBounds is thrown if the index is invalid - */ - @Override - public T get(int index) { - return elementData[index]; - } - - /** - * This remove method is most efficient when the element being removed - * is the last element. Equality is identity based, not equals() based. - * Only the first matching element is removed. - * - * @param element the element to remove - */ - @Override - public boolean remove(Object element) { - for (int index = size - 1; index >= 0; index--) { - if (element == elementData[index]) { - final int numMoved = size - index - 1; - if (numMoved > 0) { - System.arraycopy(elementData, index + 1, elementData, index, numMoved); - } - elementData[--size] = null; - return true; - } - } - - return false; - } - - /** - * Clear the FastList. - */ - @Override - public void clear() { - for (int i = 0; i < size; i++) { - elementData[i] = null; - } - - size = 0; - } - - /** - * Get the current number of elements in the FastList. - * - * @return the number of current elements - */ - @Override - public int size() { - return size; - } - - @Override - public boolean isEmpty() { - return size == 0; - } - - @Override - public T set(int index, T element) { - T old = elementData[index]; - elementData[index] = element; - return old; - } - - @Override - public T remove(int index) { - if (size == 0) { - return null; - } - - final T old = elementData[index]; - - final int numMoved = size - index - 1; - if (numMoved > 0) { - System.arraycopy(elementData, index + 1, elementData, index, numMoved); - } - - elementData[--size] = null; - - return old; - } - - @Override - public boolean contains(Object o) { - throw new UnsupportedOperationException(); - } - - @Override - public Iterator iterator() { - return new Iterator<>() { - private int index; - - @Override - public boolean hasNext() { - return index < size; - } - - @Override - public T next() { - if (index < size) { - return elementData[index++]; - } - - throw new NoSuchElementException("No more elements in FastList"); - } - }; - } - - @Override - public Object[] toArray() { - throw new UnsupportedOperationException(); - } - - @Override - public E[] toArray(E[] a) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean containsAll(Collection c) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean addAll(Collection c) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean addAll(int index, Collection c) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean removeAll(Collection c) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean retainAll(Collection c) { - throw new UnsupportedOperationException(); - } - - @Override - public void add(int index, T element) { - throw new UnsupportedOperationException(); - } - - @Override - public int indexOf(Object o) { - throw new UnsupportedOperationException(); - } - - @Override - public int lastIndexOf(Object o) { - throw new UnsupportedOperationException(); - } - - @Override - public ListIterator listIterator() { - throw new UnsupportedOperationException(); - } - - @Override - public ListIterator listIterator(int index) { - throw new UnsupportedOperationException(); - } - - @Override - public List subList(int fromIndex, int toIndex) { - throw new UnsupportedOperationException(); - } - - @Override - public Object clone() { - throw new UnsupportedOperationException(); - } - - @Override - public void forEach(Consumer action) { - throw new UnsupportedOperationException(); - } - - @Override - public Spliterator spliterator() { - throw new UnsupportedOperationException(); - } - - @Override - public boolean removeIf(Predicate filter) { - throw new UnsupportedOperationException(); - } - - @Override - public void replaceAll(UnaryOperator operator) { - throw new UnsupportedOperationException(); - } - - @Override - public void sort(Comparator c) { - throw new UnsupportedOperationException(); - } - - } -} From 15dadeee10b3900550041dc6af2254966773925a Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Fri, 12 Apr 2024 21:55:31 +0200 Subject: [PATCH 30/36] rename .security.shell.Actions to security.shell.SecurityActions. --- .../main/java/org/xipki/security/shell/JceActions.java | 2 +- .../main/java/org/xipki/security/shell/P11Actions.java | 6 +++--- .../main/java/org/xipki/security/shell/P12Actions.java | 6 +++--- .../java/org/xipki/security/shell/PasswordActions.java | 2 +- .../java/org/xipki/security/shell/QaSecurityActions.java | 8 ++++---- .../security/shell/{Actions.java => SecurityActions.java} | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) rename security-shell/src/main/java/org/xipki/security/shell/{Actions.java => SecurityActions.java} (99%) diff --git a/security-shell/src/main/java/org/xipki/security/shell/JceActions.java b/security-shell/src/main/java/org/xipki/security/shell/JceActions.java index 07ec241..d16eaa0 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/JceActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/JceActions.java @@ -23,7 +23,7 @@ public class JceActions { @Command(scope = "xi", name = "csr-jce", description = "generate CSR request with JCE device") @Service - public static class CsrJce extends Actions.BaseCsrGenAction { + public static class CsrJce extends SecurityActions.BaseCsrGenAction { @Option(name = "--type", required = true, description = "JCE signer type") private String type; diff --git a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java index c4bf624..b078fb4 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java @@ -28,8 +28,8 @@ import org.xipki.security.pkcs11.P11Slot; import org.xipki.security.pkcs11.P11Slot.P11NewKeyControl; import org.xipki.security.pkcs11.P11SlotId; -import org.xipki.security.shell.Actions.CsrGenAction; -import org.xipki.security.shell.Actions.SecurityAction; +import org.xipki.security.shell.SecurityActions.CsrGenAction; +import org.xipki.security.shell.SecurityActions.SecurityAction; import org.xipki.security.util.AlgorithmUtil; import org.xipki.security.util.KeyUtil; import org.xipki.shell.Completers; @@ -384,7 +384,7 @@ public static class RsaP11 extends P11KeyGenAction { private Integer keysize = 2048; @Option(name = "-e", description = "public exponent") - private String publicExponent = Actions.TEXT_F4; + private String publicExponent = SecurityActions.TEXT_F4; @Override protected Object execute0() throws Exception { diff --git a/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java index 54ebcb8..457ae42 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P12Actions.java @@ -21,8 +21,8 @@ import org.xipki.security.pkcs12.KeypairWithCert; import org.xipki.security.pkcs12.KeystoreGenerationParameters; import org.xipki.security.pkcs12.P12KeyGenerator; -import org.xipki.security.shell.Actions.CsrGenAction; -import org.xipki.security.shell.Actions.SecurityAction; +import org.xipki.security.shell.SecurityActions.CsrGenAction; +import org.xipki.security.shell.SecurityActions.SecurityAction; import org.xipki.security.util.AlgorithmUtil; import org.xipki.security.util.KeyUtil; import org.xipki.security.util.X509Util; @@ -387,7 +387,7 @@ public static class RsaP12 extends P12KeyGenAction { private Integer keysize = 2048; @Option(name = "-e", description = "public exponent") - private String publicExponent = Actions.TEXT_F4; + private String publicExponent = SecurityActions.TEXT_F4; @Override protected Object execute0() throws Exception { diff --git a/security-shell/src/main/java/org/xipki/security/shell/PasswordActions.java b/security-shell/src/main/java/org/xipki/security/shell/PasswordActions.java index b38ff88..0065418 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/PasswordActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/PasswordActions.java @@ -11,7 +11,7 @@ import org.xipki.password.OBFPasswordService; import org.xipki.password.PBEPasswordService; import org.xipki.password.Passwords; -import org.xipki.security.shell.Actions.SecurityAction; +import org.xipki.security.shell.SecurityActions.SecurityAction; import org.xipki.shell.IllegalCmdParamException; import org.xipki.util.Args; import org.xipki.util.IoUtil; diff --git a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java index 86e2a7d..b502e30 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java @@ -545,7 +545,7 @@ public static class SpeedRsaGenP11 extends SpeedP11ActionQa { private Integer keysize = 2048; @Option(name = "--exponent", aliases = "-e", description = "public exponent") - private String publicExponent = Actions.TEXT_F4; + private String publicExponent = SecurityActions.TEXT_F4; @Override protected BenchmarkExecutor getTester() throws Exception { @@ -568,7 +568,7 @@ public static class SpeedRsaSignP11 extends SpeedP11SignActionQa { private Integer keysize = 2048; @Option(name = "-e", description = "public exponent") - private String publicExponent = Actions.TEXT_F4; + private String publicExponent = SecurityActions.TEXT_F4; @Option(name = "--sig-algo", required = true, description = "signature algorithm") @Completion(QaCompleters.RSASigAlgCompleter.class) @@ -892,7 +892,7 @@ public static class SpeedRsaGenP12 extends SingleSpeedActionQa { private Integer keysize = 2048; @Option(name = "-e", description = "public exponent") - private String publicExponent = Actions.TEXT_F4; + private String publicExponent = SecurityActions.TEXT_F4; @Override protected BenchmarkExecutor getTester() throws Exception { @@ -910,7 +910,7 @@ public static class SpeedRsaSignP12 extends SpeedP12SignActionQa { private Integer keysize = 2048; @Option(name = "-e", description = "public exponent") - private String publicExponent = Actions.TEXT_F4; + private String publicExponent = SecurityActions.TEXT_F4; @Option(name = "--sig-algo", required = true, description = "signature algorithm") @Completion(QaCompleters.RSASigAlgCompleter.class) diff --git a/security-shell/src/main/java/org/xipki/security/shell/Actions.java b/security-shell/src/main/java/org/xipki/security/shell/SecurityActions.java similarity index 99% rename from security-shell/src/main/java/org/xipki/security/shell/Actions.java rename to security-shell/src/main/java/org/xipki/security/shell/SecurityActions.java index 1d8ec1f..0cf03fc 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/SecurityActions.java @@ -118,7 +118,7 @@ * @author Lijun Liao (xipki) */ -public class Actions { +public class SecurityActions { public static final String TEXT_F4 = "0x10001"; From cc69e0372beabf1dbf79ba94f5e6e0bf2ae3f2a4 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Thu, 18 Jul 2024 22:04:29 +0200 Subject: [PATCH 31/36] removed instable hsm-proxy module and multiple pkcs11 devices support --- .../org/xipki/security/shell/P11Actions.java | 40 +- .../security/shell/QaSecurityActions.java | 18 +- .../security/shell/SecurityCompleters.java | 22 - .../java/org/xipki/security/Securities.java | 2 - .../security/pkcs11/NativeP11Module.java | 28 +- .../xipki/security/pkcs11/NativeP11Slot.java | 7 +- .../pkcs11/P11CryptServiceFactory.java | 9 +- .../pkcs11/P11CryptServiceFactoryImpl.java | 70 +- .../org/xipki/security/pkcs11/P11Module.java | 4 - .../xipki/security/pkcs11/P11ModuleConf.java | 255 +-- .../security/pkcs11/P11SignerFactory.java | 3 +- .../org/xipki/security/pkcs11/P11Slot.java | 30 +- .../org/xipki/security/pkcs11/Pkcs11conf.java | 440 ++--- .../pkcs11/emulator/EmulatorP11Module.java | 14 +- .../pkcs11/emulator/EmulatorP11Slot.java | 9 +- .../pkcs11/hsmproxy/HsmProxyP11Key.java | 78 - .../pkcs11/hsmproxy/HsmProxyP11Module.java | 428 ----- .../hsmproxy/HsmProxyP11ModuleFactory.java | 34 - .../pkcs11/hsmproxy/HsmProxyP11Slot.java | 375 ----- .../security/pkcs11/hsmproxy/ProxyAction.java | 82 - .../pkcs11/hsmproxy/ProxyMessage.java | 1465 ----------------- .../org/xipki/security/qa/P11SignSpeed.java | 8 +- .../resources/OSGI-INF/blueprint/config.xml | 8 - util/src/main/java/org/xipki/util/Args.java | 1 + 24 files changed, 218 insertions(+), 3212 deletions(-) delete mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java delete mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java delete mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java delete mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java delete mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java delete mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java diff --git a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java index b078fb4..f049a67 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java @@ -79,10 +79,6 @@ public static class CsrP11 extends CsrGenAction { + "either keyId or keyLabel must be specified") private String label; - @Option(name = "--module", description = "name of the PKCS#11 module") - @Completion(SecurityCompleters.P11ModuleNameCompleter.class) - private String moduleName = "default"; - @Override protected ConcurrentContentSigner getSigner() throws Exception { SignatureAlgoControl signatureAlgoControl = getSignatureAlgoControl(); @@ -92,13 +88,13 @@ protected ConcurrentContentSigner getSigner() throws Exception { idBytes = Hex.decode(id); } - SignerConf conf = getPkcs11SignerConf(moduleName, Integer.parseInt(slotIndex), label, + SignerConf conf = getPkcs11SignerConf(Integer.parseInt(slotIndex), label, idBytes, 1, null, signatureAlgoControl); return securityFactory.createSigner("PKCS11", conf, (X509Cert[]) null); } public static SignerConf getPkcs11SignerConf( - String pkcs11ModuleName, int slotIndex, String keyLabel, byte[] keyId, int parallelism, + int slotIndex, String keyLabel, byte[] keyId, int parallelism, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) { Args.positive(parallelism, "parallelism"); @@ -109,10 +105,6 @@ public static SignerConf getPkcs11SignerConf( ConfPairs conf = new ConfPairs(); conf.putPair("parallelism", Integer.toString(parallelism)); - if (pkcs11ModuleName != null && !pkcs11ModuleName.isEmpty()) { - conf.putPair("module", pkcs11ModuleName); - } - conf.putPair("slot", Integer.toString(slotIndex)); if (keyId != null) { @@ -564,30 +556,21 @@ protected char[] getPassword() throws IOException, PasswordResolverException { public abstract static class P11SecurityAction extends SecurityAction { - protected static final String DEFAULT_P11MODULE_NAME = P11CryptServiceFactory.DEFAULT_P11MODULE_NAME; - @Option(name = "--slot", description = "slot index") protected String slotIndex = "0"; // use String instead int so that the default value 0 will be shown in the help. - @Option(name = "--module", description = "name of the PKCS#11 module") - @Completion(SecurityCompleters.P11ModuleNameCompleter.class) - protected String moduleName = DEFAULT_P11MODULE_NAME; - @Reference (optional = true) protected P11CryptServiceFactory p11CryptServiceFactory; protected P11Slot getSlot() throws XiSecurityException, TokenException, IllegalCmdParamException { - P11Module module = getP11Module(moduleName); + P11Module module = getP11Module(); P11SlotId slotId = module.getSlotIdForIndex(Integer.parseInt(slotIndex)); return module.getSlot(slotId); } - protected P11Module getP11Module(String moduleName) - throws XiSecurityException, TokenException, IllegalCmdParamException { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); - if (p11Service == null) { - throw new IllegalCmdParamException("undefined module " + moduleName); - } + protected P11Module getP11Module() + throws XiSecurityException, TokenException { + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); return p11Service.getModule(); } @@ -620,10 +603,6 @@ public static class TokenInfoP11 extends SecurityAction { @Option(name = "--verbose", aliases = "-v", description = "show object information verbosely") private Boolean verbose = Boolean.FALSE; - @Option(name = "--module", description = "name of the PKCS#11 module.") - @Completion(SecurityCompleters.P11ModuleNameCompleter.class) - private String moduleName = P11SecurityAction.DEFAULT_P11MODULE_NAME; - @Option(name = "--slot", description = "slot index") private Integer slotIndex; @@ -635,13 +614,8 @@ public static class TokenInfoP11 extends SecurityAction { @Override protected Object execute0() throws Exception { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); - if (p11Service == null) { - throw new IllegalCmdParamException("undefined module " + moduleName); - } - + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); P11Module module = p11Service.getModule(); - println("module: " + moduleName); println(module.getDescription()); List slots = module.getSlotIds(); diff --git a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java index b502e30..7b10af8 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java @@ -183,15 +183,8 @@ public abstract static class BSpeedP11ActionQa extends BatchSpeedActionQa { @Option(name = "--slot", description = "slot index") protected int slotIndex = 0; - @Option(name = "--module", description = "name of the PKCS#11 module.") - @Completion(SecurityCompleters.P11ModuleNameCompleter.class) - protected String moduleName = P11CryptServiceFactory.DEFAULT_P11MODULE_NAME; - protected P11Slot getSlot() throws XiSecurityException, TokenException, IllegalCmdParamException { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); - if (p11Service == null) { - throw new IllegalCmdParamException("undefined module " + moduleName); - } + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); P11Module module = p11Service.getModule(); return module.getSlot(module.getSlotIdForIndex(slotIndex)); } @@ -358,16 +351,9 @@ public abstract static class SpeedP11ActionQa extends SingleSpeedActionQa { @Option(name = "--slot", description = "slot index") protected int slotIndex = 0; - @Option(name = "--module", description = "Name of the PKCS#11 module.") - @Completion(SecurityCompleters.P11ModuleNameCompleter.class) - protected String moduleName = P11CryptServiceFactory.DEFAULT_P11MODULE_NAME; - protected P11Slot getSlot() throws XiSecurityException, TokenException, IllegalCmdParamException { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); - if (p11Service == null) { - throw new IllegalCmdParamException("undefined module " + moduleName); - } + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); P11Module module = p11Service.getModule(); return module.getSlot(module.getSlotIdForIndex(slotIndex)); } diff --git a/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java b/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java index ac3e5d6..bae05ae 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java +++ b/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java @@ -3,16 +3,11 @@ package org.xipki.security.shell; -import org.apache.karaf.shell.api.action.lifecycle.Reference; import org.apache.karaf.shell.api.action.lifecycle.Service; import org.xipki.security.SignAlgo; -import org.xipki.security.pkcs11.P11CryptServiceFactory; import org.xipki.security.pkcs11.P11Slot.P11KeyUsage; -import org.xipki.shell.DynamicEnumCompleter; import org.xipki.shell.EnumCompleter; -import org.xipki.util.CollectionUtil; -import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -62,23 +57,6 @@ public static Set parseUsages(List usageTexts) { } // class P11KeyUsageCompleter - @Service - public static class P11ModuleNameCompleter extends DynamicEnumCompleter { - - @Reference (optional = true) - private P11CryptServiceFactory p11CryptServiceFactory; - - @Override - protected Set getEnums() { - Set names = p11CryptServiceFactory.getModuleNames(); - if (CollectionUtil.isEmpty(names)) { - return Collections.emptySet(); - } - return names; - } - - } // class P11ModuleNameCompleter - @Service public static class SecretKeyTypeCompleter extends EnumCompleter { diff --git a/security/src/main/java/org/xipki/security/Securities.java b/security/src/main/java/org/xipki/security/Securities.java index 648fccf..048ceb8 100644 --- a/security/src/main/java/org/xipki/security/Securities.java +++ b/security/src/main/java/org/xipki/security/Securities.java @@ -15,7 +15,6 @@ import org.xipki.security.pkcs11.P11SignerFactory; import org.xipki.security.pkcs11.Pkcs11conf; import org.xipki.security.pkcs11.emulator.EmulatorP11ModuleFactory; -import org.xipki.security.pkcs11.hsmproxy.HsmProxyP11ModuleFactory; import org.xipki.security.pkcs12.P12SignerFactory; import org.xipki.util.CollectionUtil; import org.xipki.util.FileOrValue; @@ -142,7 +141,6 @@ private static List createDefaultFactories() { List factories = new ArrayList<>(3); factories.add(new NativeP11ModuleFactory()); factories.add(new EmulatorP11ModuleFactory()); - factories.add(new HsmProxyP11ModuleFactory()); return factories; } diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java index 9c29488..8673623 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java @@ -22,6 +22,8 @@ import org.xipki.util.StringUtil; import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Optional; @@ -71,7 +73,7 @@ private NativeP11Module(PKCS11Module module, P11ModuleConf moduleConf) throws To try { slotList = module.getSlotList(false); } catch (Throwable th) { - final String msg = "could not getSlotList of module " + moduleConf.getName(); + final String msg = "could not getSlotList of module"; LogUtil.error(LOG, th, msg); throw new TokenException(msg); } @@ -129,7 +131,7 @@ private NativeP11Module(PKCS11Module module, P11ModuleConf moduleConf) throws To } } - List pwd; + char[] pwd; try { pwd = moduleConf.getPasswordRetriever().getPassword(slotId); } catch (PasswordResolverException ex) { @@ -140,15 +142,15 @@ private NativeP11Module(PKCS11Module module, P11ModuleConf moduleConf) throws To slot.getModule().nameToCode(PKCS11Constants.Category.CKU, getConf().getUserType())).orElseThrow( () -> new TokenException("Unknown user type " + getConf().getUserType())); - PKCS11Token token = new PKCS11Token(slot.getToken(), moduleConf.isReadOnly(), userType, - moduleConf.getUserName(), pwd, moduleConf.getNumSessions()); + PKCS11Token token = new PKCS11Token(slot.getToken(), moduleConf.isReadOnly(), userType, null, + pwd == null ? null : Collections.singletonList(pwd), moduleConf.getNumSessions()); token.setMaxMessageSize(moduleConf.getMaxMessageSize()); if (moduleConf.getNewSessionTimeout() != null) { token.setTimeOutWaitNewSession(moduleConf.getNewSessionTimeout()); } - P11Slot p11Slot = new NativeP11Slot(moduleConf.getName(), slotId, token , moduleConf.getP11MechanismFilter(), - moduleConf.getP11NewObjectConf(), moduleConf.getSecretKeyTypes(), moduleConf.getKeyPairTypes()); + P11Slot p11Slot = new NativeP11Slot(slotId, token, moduleConf.getP11NewObjectConf(), + moduleConf.getSecretKeyTypes(), moduleConf.getKeyPairTypes()); slots.add(p11Slot); } @@ -177,7 +179,7 @@ public static P11Module getInstance(P11ModuleConf moduleConf) throws TokenExcept try { module = PKCS11Module.getInstance(path); } catch (IOException ex) { - final String msg = "could not load the PKCS#11 module " + moduleConf.getName() + ": " + path; + final String msg = "could not load the PKCS#11 module: " + path; LogUtil.error(LOG, ex, msg); throw new TokenException(msg, ex); } @@ -187,7 +189,7 @@ public static P11Module getInstance(P11ModuleConf moduleConf) throws TokenExcept } catch (PKCS11Exception ex) { if (ex.getErrorCode() != PKCS11Constants.CKR_CRYPTOKI_ALREADY_INITIALIZED) { LogUtil.error(LOG, ex); - close(moduleConf.getName(), module); + closeModule(moduleConf.getNativeLibrary(), module); throw ex; } else { LOG.info("PKCS#11 module already initialized"); @@ -199,7 +201,7 @@ public static P11Module getInstance(P11ModuleConf moduleConf) throws TokenExcept } } catch (Throwable th) { LOG.error("unexpected Exception", th); - close(moduleConf.getName(), module); + closeModule(moduleConf.getNativeLibrary(), module); throw new TokenException(th.getMessage()); } @@ -221,19 +223,19 @@ public void close() { } } - close(conf.getNativeLibrary(), module); + closeModule(conf.getNativeLibrary(), module); } - private static void close(String modulePath, PKCS11Module module) { + private static void closeModule(String path, PKCS11Module module) { if (module == null) { return; } - LOG.info("close PKCS#11 module: {}", modulePath); + LOG.info("close PKCS#11 module {}", path); try { module.finalize(null); } catch (Throwable th) { - LogUtil.error(LOG, th, "could not close module " + modulePath); + LogUtil.error(LOG, th, "could not close module " + path); } } } diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java index 5282a37..86762e8 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java @@ -37,7 +37,6 @@ import org.xipki.pkcs11.wrapper.TokenInfo; import org.xipki.pkcs11.wrapper.params.ExtraParams; import org.xipki.security.EdECConstants; -import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; import org.xipki.security.pkcs11.P11ModuleConf.P11NewObjectConf; import org.xipki.security.util.KeyUtil; import org.xipki.util.Args; @@ -156,10 +155,10 @@ class NativeP11Slot extends P11Slot { private String libDesc; - NativeP11Slot(String moduleName, P11SlotId slotId, PKCS11Token token, P11MechanismFilter mechanismFilter, + NativeP11Slot(P11SlotId slotId, PKCS11Token token, P11NewObjectConf newObjectConf, List secretKeyTypes, List keyPairTypes) throws TokenException { - super(moduleName, slotId, token.isReadOnly(), secretKeyTypes, keyPairTypes, newObjectConf); + super(slotId, token.isReadOnly(), secretKeyTypes, keyPairTypes, newObjectConf); if (slotId.getId() != token.getTokenId()) { throw new IllegalArgumentException("slotId != token.getTokenId"); } @@ -172,7 +171,7 @@ class NativeP11Slot extends P11Slot { libDesc = ""; } - initMechanisms(getSupportedMechanisms(), mechanismFilter); + initMechanisms(getSupportedMechanisms()); rsaKeyPairGenMech = supportsMechanism(CKM_RSA_X9_31_KEY_PAIR_GEN, CKF_GENERATE_KEY_PAIR) ? CKM_RSA_X9_31_KEY_PAIR_GEN : CKM_RSA_PKCS_KEY_PAIR_GEN; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java index 23b51e8..c1d896a 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java @@ -7,7 +7,6 @@ import org.xipki.security.XiSecurityException; import java.io.Closeable; -import java.util.Set; /** * Factory to create {@link P11CryptService}. @@ -18,20 +17,14 @@ public interface P11CryptServiceFactory extends Closeable { - String DEFAULT_P11MODULE_NAME = "default"; - /** * Gets the {@link P11CryptService} of the given module {@code moduleName}. - * @param moduleName - * Module name. {@code null} for default module name. * @return the {@link P11CryptService} of the given module. * @throws TokenException * if PKCS#11 token error occurs. * @throws XiSecurityException * if security error occurs. */ - P11CryptService getP11CryptService(String moduleName) throws TokenException, XiSecurityException; - - Set getModuleNames(); + P11CryptService getP11CryptService() throws TokenException, XiSecurityException; } diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java index 4619a2d..65ce210 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java @@ -32,11 +32,9 @@ public class P11CryptServiceFactoryImpl implements P11CryptServiceFactory { private static final Logger LOG = LoggerFactory.getLogger(P11CryptServiceFactoryImpl.class); - private static final Map services = new HashMap<>(); + private P11CryptService service; - private Map moduleConfs; - - private Set moduleNames; + private P11ModuleConf moduleConf; private String pkcs11ConfFile; @@ -49,7 +47,7 @@ public P11CryptServiceFactoryImpl(P11ModuleFactoryRegister p11ModuleFactoryRegis } public synchronized void init() throws InvalidConfException { - if (moduleConfs != null) { + if (moduleConf != null) { return; } @@ -67,62 +65,31 @@ public synchronized void init() throws InvalidConfException { } } - try { - Map confs = geModuleConfs(); - this.moduleConfs = Collections.unmodifiableMap(confs); - this.moduleNames = Set.copyOf(confs.keySet()); - } catch (RuntimeException ex) { - throw new InvalidConfException("could not create P11Conf: " + ex.getMessage(), ex); - } + this.moduleConf = new P11ModuleConf(pkcs11Conf); } // method init - private Map geModuleConfs() throws InvalidConfException { - List moduleTypes = pkcs11Conf.getModules(); - List mechanismSets = pkcs11Conf.getMechanismSets(); - - Map confs = new HashMap<>(); - for (Pkcs11conf.Module moduleType : moduleTypes) { - P11ModuleConf conf = new P11ModuleConf(moduleType, mechanismSets); - confs.put(conf.getName(), conf); - } - - if (!confs.containsKey(P11CryptServiceFactory.DEFAULT_P11MODULE_NAME)) { - throw new InvalidConfException("module '" + P11CryptServiceFactory.DEFAULT_P11MODULE_NAME + "' is not defined"); - } - return confs; - } - - public synchronized P11CryptService getP11CryptService(String moduleName) - throws XiSecurityException, TokenException { + @Override + public synchronized P11CryptService getP11CryptService() + throws TokenException { try { init(); } catch (InvalidConfException ex) { throw new IllegalStateException("could not initialize P11CryptServiceFactory: " + ex.getMessage(), ex); } - if (moduleConfs == null) { + if (moduleConf == null) { throw new IllegalStateException("please set pkcs11ConfFile and then call init() first"); } - final String name = getModuleName(moduleName); - P11ModuleConf conf = Optional.ofNullable(moduleConfs.get(name)).orElseThrow(() -> - new XiSecurityException("PKCS#11 module " + name + " is not defined")); - - P11CryptService instance = services.get(name); - if (instance == null) { - P11Module p11Module = p11ModuleFactoryRegister.getP11Module(conf); - instance = new P11CryptService(p11Module); - LOG.info("added PKCS#11 module {}\n{}", name, instance.getModule().getDescription()); - services.put(name, instance); + if (service == null) { + P11Module p11Module = p11ModuleFactoryRegister.getP11Module(moduleConf); + service = new P11CryptService(p11Module); + LOG.info("initialized PKCS#11 module \n{}", service.getModule().getDescription()); } - return instance; + return service; } // method getP11CryptService - private String getModuleName(String moduleName) { - return (moduleName == null) ? DEFAULT_P11MODULE_NAME : moduleName; - } - public void setPkcs11ConfFile(String confFile) { this.pkcs11ConfFile = StringUtil.isBlank(confFile) ? null : IoUtil.expandFilepath(confFile); this.pkcs11Conf = null; @@ -138,17 +105,6 @@ public void setPkcs11Conf(Pkcs11conf conf) throws InvalidConfException { @Override public void close() { - services.clear(); - } - - @Override - public Set getModuleNames() { - try { - init(); - } catch (InvalidConfException ex) { - throw new IllegalStateException("could not initialize P11CryptServiceFactory: " + ex.getMessage(), ex); - } - return moduleNames; } } diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Module.java b/security/src/main/java/org/xipki/security/pkcs11/P11Module.java index 45d15df..68926da 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Module.java @@ -36,10 +36,6 @@ public P11Module(P11ModuleConf conf) { public abstract String getDescription(); - public String getName() { - return conf.getName(); - } - public boolean isReadOnly() { return conf.isReadOnly(); } diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java index 5c67b64..5d202f6 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java @@ -8,16 +8,13 @@ import org.xipki.password.PasswordResolverException; import org.xipki.password.Passwords; import org.xipki.pkcs11.wrapper.PKCS11Constants; -import org.xipki.pkcs11.wrapper.PKCS11Module; import org.xipki.util.Args; import org.xipki.util.CollectionUtil; import org.xipki.util.StringUtil; import org.xipki.util.exception.InvalidConfException; import java.util.ArrayList; -import java.util.Collection; import java.util.Collections; -import java.util.HashMap; import java.util.HashSet; import java.util.LinkedList; import java.util.List; @@ -62,135 +59,17 @@ boolean match(P11SlotId slotId) { } // class P11SlotIdFilter - private static final class MechanismSet { - private Set includeMechanisms; - private Set excludeMechanisms; - } - - private static final class P11SingleMechanismFilter { - - private static final Object NULL_MODULE = new Object(); - - private final Set slots; - - private final Collection includeMechanisms; - - private final Collection excludeMechanisms; - - private Object module; - - private final Set includeMechanismCodes = new HashSet<>(); - - private final Set excludeMechanismCodes = new HashSet<>(); - - private P11SingleMechanismFilter(Set slots, Collection includeMechanisms, - Collection excludeMechanisms) { - this.slots = slots; - this.includeMechanisms = CollectionUtil.isEmpty(includeMechanisms) ? null : includeMechanisms; - this.excludeMechanisms = CollectionUtil.isEmpty(excludeMechanisms) ? null : excludeMechanisms; - } - - public boolean match(P11SlotId slot) { - if (slots == null) { - return true; - } - for (P11SlotIdFilter m : slots) { - if (m.match(slot)) { - return true; - } - } - - return false; - } - - public boolean isMechanismSupported(long mechanism, PKCS11Module module) { - if (includeMechanisms == null && excludeMechanisms == null) { - return true; - } - - synchronized (this) { - boolean computeCodes = (module != null) ? (this.module != module) : (this.module != NULL_MODULE); - if (computeCodes) { - includeMechanismCodes.clear(); - excludeMechanismCodes.clear(); - - if (includeMechanisms != null) { - for (String mechName : includeMechanisms) { - Long mechCode = (module != null) ? module.nameToCode(PKCS11Constants.Category.CKM, mechName) - : PKCS11Constants.nameToCode(PKCS11Constants.Category.CKM, mechName); - if (mechCode != null) { - includeMechanismCodes.add(mechCode); - } - } - } - - if (excludeMechanisms != null) { - for (String mechName : excludeMechanisms) { - Long mechCode = (module != null) ? module.nameToCode(PKCS11Constants.Category.CKM, mechName) - : PKCS11Constants.nameToCode(PKCS11Constants.Category.CKM, mechName); - if (mechCode != null) { - excludeMechanismCodes.add(mechCode); - } - } - } - - this.module = (module != null) ? module : NULL_MODULE; - } - } - - if (excludeMechanismCodes.contains(mechanism)) { - return false; - } - - return includeMechanisms == null || includeMechanismCodes.contains(mechanism); - } - - } // class P11SingleMechanismFilter - - public static class P11MechanismFilter { - - private final List singleFilters; - - P11MechanismFilter() { - singleFilters = new LinkedList<>(); - } - - void addEntry(Set slots, Collection includeMechanisms, - Collection excludeMechanisms) { - singleFilters.add( - new P11SingleMechanismFilter(slots, - includeMechanisms, - excludeMechanisms)); - } - - public boolean isMechanismPermitted(P11SlotId slotId, long mechanism, PKCS11Module module) { - Args.notNull(slotId, "slotId"); - if (CollectionUtil.isEmpty(singleFilters)) { - return true; - } - - for (P11SingleMechanismFilter sr : singleFilters) { - if (sr.match(slotId)) { - return sr.isMechanismSupported(mechanism, module); - } - } - - return true; - } - - } // class P11MechanismFilter - public static class P11PasswordsRetriever { private static final class P11SinglePasswordRetriever { private final Set slots; - private final List passwords; + private final String password; - private P11SinglePasswordRetriever(Set slots, List passwords) { + private P11SinglePasswordRetriever(Set slots, String password) { this.slots = slots; - this.passwords = CollectionUtil.isEmpty(passwords) ? null : passwords; + this.password = password; } public boolean match(P11SlotId slot) { @@ -206,17 +85,12 @@ public boolean match(P11SlotId slot) { return false; } - public List getPasswords() throws PasswordResolverException { - if (passwords == null) { + public char[] getPassword() throws PasswordResolverException { + if (password == null) { return null; } - List ret = new ArrayList<>(passwords.size()); - for (String password : passwords) { - ret.add(Passwords.resolvePassword(password)); - } - - return ret; + return Passwords.resolvePassword(password); } } // class P11PasswordsRetriever @@ -227,11 +101,11 @@ public List getPasswords() throws PasswordResolverException { singleRetrievers = new LinkedList<>(); } - void addPasswordEntry(Set slots, List passwords) { - singleRetrievers.add(new P11SinglePasswordRetriever(slots, passwords)); + void addPasswordEntry(Set slots, String password) { + singleRetrievers.add(new P11SinglePasswordRetriever(slots, password)); } - public List getPassword(P11SlotId slotId) throws PasswordResolverException { + public char[] getPassword(P11SlotId slotId) throws PasswordResolverException { Args.notNull(slotId, "slotId"); if (CollectionUtil.isEmpty(singleRetrievers)) { return null; @@ -239,7 +113,7 @@ public List getPassword(P11SlotId slotId) throws PasswordResolverExcepti for (P11SinglePasswordRetriever sr : singleRetrievers) { if (sr.match(slotId)) { - return sr.getPasswords(); + return sr.getPassword(); } } @@ -285,8 +159,6 @@ public void setIdLength(int idLength) { private static final Logger LOG = LoggerFactory.getLogger(P11ModuleConf.class); - private final String name; - private final String type; private final String nativeLibrary; @@ -299,14 +171,10 @@ public void setIdLength(int idLength) { private final P11PasswordsRetriever passwordRetriever; - private final P11MechanismFilter mechanismFilter; - private final Integer newSessionTimeout; private final String userType; - private final char[] userName; - private boolean readOnly; private int maxMessageSize; @@ -319,25 +187,22 @@ public void setIdLength(int idLength) { private List keyPairTypes; - public P11ModuleConf( - Pkcs11conf.Module moduleType, List mechanismSets) + public P11ModuleConf(Pkcs11conf conf) throws InvalidConfException { - this.name = Args.notNull(moduleType, "moduleType").getName(); - this.readOnly = moduleType.isReadonly(); + this.readOnly = conf.isReadonly(); - this.userType = moduleType.getUser().toUpperCase(); - this.userName = (moduleType.getUserName() == null) ? null : moduleType.getUserName().toCharArray(); + this.userType = conf.getUser().toUpperCase(); - this.maxMessageSize = moduleType.getMaxMessageSize(); - this.type = moduleType.getType(); + this.maxMessageSize = conf.getMaxMessageSize(); + this.type = conf.getType(); if (maxMessageSize < 256) { throw new InvalidConfException("invalid maxMessageSize (< 256): " + maxMessageSize); } - this.numSessions = moduleType.getNumSessions(); - this.newSessionTimeout = moduleType.getNewSessionTimeout(); + this.numSessions = conf.getNumSessions(); + this.newSessionTimeout = conf.getNewSessionTimeout(); - List list = moduleType.getSecretKeyTypes(); + List list = conf.getSecretKeyTypes(); if (list == null) { this.secretKeyTypes = null; } else { @@ -351,7 +216,7 @@ public P11ModuleConf( this.secretKeyTypes = Collections.unmodifiableList(ll); } - list = moduleType.getKeyPairTypes(); + list = conf.getKeyPairTypes(); if (list == null) { this.keyPairTypes = null; } else { @@ -365,83 +230,34 @@ public P11ModuleConf( this.keyPairTypes = Collections.unmodifiableList(ll); } - Map mechanismSetsMap = new HashMap<>(); - // parse mechanismSets - if (mechanismSets != null) { - for (Pkcs11conf.MechanismSet m : mechanismSets) { - String name = m.getName(); - if (mechanismSetsMap.containsKey(name)) { - throw new InvalidConfException("Duplication mechanismSets named " + name); - } - - MechanismSet mechanismSet = new MechanismSet(); - mechanismSet.includeMechanisms = new HashSet<>(); - mechanismSet.excludeMechanisms = new HashSet<>(); - - for (String mechStr : m.getMechanisms()) { - mechStr = mechStr.trim().toUpperCase(); - if (mechStr.equals("ALL")) { - mechanismSet.includeMechanisms = null; // accept all mechanisms - break; - } - - mechanismSet.includeMechanisms.add(mechStr); - } - - for (String mechStr : m.getExcludeMechanisms()) { - mechanismSet.excludeMechanisms.add(mechStr.trim().toUpperCase()); - } - - mechanismSetsMap.put(name, mechanismSet); - } - } - - // Mechanism filter - mechanismFilter = new P11MechanismFilter(); - - List mechFilters = moduleType.getMechanismFilters(); - if (CollectionUtil.isNotEmpty(mechFilters)) { - for (Pkcs11conf.MechanismFilter filterType : mechFilters) { - Set slots = getSlotIdFilters(filterType.getSlots()); - String mechanismSetName = filterType.getMechanismSet(); - - MechanismSet mechanismSet = mechanismSetsMap.get(mechanismSetName); - if (mechanismSet == null) { - throw new InvalidConfException("MechanismSet '" + mechanismSetName + "' is not defined"); - } else { - mechanismFilter.addEntry(slots, mechanismSet.includeMechanisms, mechanismSet.excludeMechanisms); - } - } - } - // Password retriever passwordRetriever = new P11PasswordsRetriever(); - List passwordsList = moduleType.getPasswordSets(); + List passwordsList = conf.getPasswordSets(); if (CollectionUtil.isNotEmpty(passwordsList)) { for (Pkcs11conf.PasswordSet passwordType : passwordsList) { Set slots = getSlotIdFilters(passwordType.getSlots()); - passwordRetriever.addPasswordEntry(slots, new ArrayList<>(passwordType.getPasswords())); + passwordRetriever.addPasswordEntry(slots, passwordType.getPassword()); } } - includeSlots = getSlotIdFilters(moduleType.getIncludeSlots()); - excludeSlots = getSlotIdFilters(moduleType.getExcludeSlots()); + includeSlots = getSlotIdFilters(conf.getIncludeSlots()); + excludeSlots = getSlotIdFilters(conf.getExcludeSlots()); final String osName = System.getProperty("os.name").toLowerCase(); - Pkcs11conf.NativeLibrary matchLibrary = getNativeLibrary(moduleType, osName); + Pkcs11conf.NativeLibrary matchLibrary = getNativeLibrary(conf, osName); this.nativeLibrary = matchLibrary.getPath(); this.nativeLibraryProperties = matchLibrary.getProperties(); - this.newObjectConf = (moduleType.getNewObjectConf() == null) ? new P11NewObjectConf() - : new P11NewObjectConf(moduleType.getNewObjectConf()); + this.newObjectConf = (conf.getNewObjectConf() == null) ? new P11NewObjectConf() + : new P11NewObjectConf(conf.getNewObjectConf()); } // constructor - private static Pkcs11conf.NativeLibrary getNativeLibrary(Pkcs11conf.Module moduleType, String osName) + private static Pkcs11conf.NativeLibrary getNativeLibrary(Pkcs11conf conf, String osName) throws InvalidConfException { Pkcs11conf.NativeLibrary matchLibrary = null; - for (Pkcs11conf.NativeLibrary library : moduleType.getNativeLibraries()) { + for (Pkcs11conf.NativeLibrary library : conf.getNativeLibraries()) { List osNames = library.getOperationSystems(); if (CollectionUtil.isEmpty(osNames)) { matchLibrary = library; @@ -461,10 +277,6 @@ private static Pkcs11conf.NativeLibrary getNativeLibrary(Pkcs11conf.Module modul return matchLibrary; } - public String getName() { - return name; - } - public String getType() { return type; } @@ -505,10 +317,6 @@ public String getUserType() { return userType; } - public char[] getUserName() { - return userName; - } - public P11PasswordsRetriever getPasswordRetriever() { return passwordRetriever; } @@ -573,15 +381,12 @@ public boolean isSlotIncluded(P11SlotId slotId) { return true; } // method isSlotIncluded - public P11MechanismFilter getP11MechanismFilter() { - return mechanismFilter; - } - public P11NewObjectConf getP11NewObjectConf() { return newObjectConf; } - private static Set getSlotIdFilters(List slotTypes) throws InvalidConfException { + private static Set getSlotIdFilters(List slotTypes) + throws InvalidConfException { if (CollectionUtil.isEmpty(slotTypes)) { return null; } diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java index 00c3fc4..e607a91 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java @@ -88,7 +88,6 @@ public ConcurrentContentSigner newSigner(String type, SignerConf conf, X509Cert[ } } - String moduleName = conf.getConfValue("module"); str = conf.getConfValue("slot"); Integer slotIndex = (str == null) ? null : Integer.parseInt(str); @@ -112,7 +111,7 @@ public ConcurrentContentSigner newSigner(String type, SignerConf conf, X509Cert[ P11Slot slot; try { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); P11Module module = p11Service.getModule(); P11SlotId p11SlotId = (slotId != null) ? module.getSlotIdForId(slotId) : module.getSlotIdForIndex(slotIndex); diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java index b4cda56..ae2e2f7 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java @@ -14,7 +14,6 @@ import org.xipki.pkcs11.wrapper.TokenException; import org.xipki.pkcs11.wrapper.params.ExtraParams; import org.xipki.security.EdECConstants; -import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; import org.xipki.security.pkcs11.P11ModuleConf.P11NewObjectConf; import org.xipki.security.util.DSAParameterCache; import org.xipki.util.Args; @@ -139,8 +138,6 @@ public void setUsages(Set usages) { private static final Logger LOG = LoggerFactory.getLogger(P11Slot.class); - protected final String moduleName; - protected final P11SlotId slotId; private final boolean readOnly; @@ -155,10 +152,9 @@ public void setUsages(Set usages) { protected final P11NewObjectConf newObjectConf; protected P11Slot( - String moduleName, P11SlotId slotId, boolean readOnly, + P11SlotId slotId, boolean readOnly, List secretKeyTypes, List keyPairTypes, P11NewObjectConf newObjectConf) { this.newObjectConf = Args.notNull(newObjectConf, "newObjectConf"); - this.moduleName = Args.notBlank(moduleName, "moduleName"); this.slotId = Args.notNull(slotId, "slotId"); this.readOnly = readOnly; this.secretKeyTypes = secretKeyTypes; @@ -381,25 +377,19 @@ protected PKCS11Module getPKCS11Module() { @Override public abstract void close(); - protected void initMechanisms(Map supportedMechanisms, P11MechanismFilter mechanismFilter) { + protected void initMechanisms(Map supportedMechanisms) { mechanisms.clear(); - List ignoreMechs = new ArrayList<>(); PKCS11Module pkcs11Module = getPKCS11Module(); for (Map.Entry entry : supportedMechanisms.entrySet()) { long mech = entry.getKey(); - if (mechanismFilter.isMechanismPermitted(slotId, mech, pkcs11Module)) { - mechanisms.put(mech, entry.getValue()); - } else { - ignoreMechs.add(mech); - } + mechanisms.put(mech, entry.getValue()); } - Collections.sort(ignoreMechs); if (LOG.isInfoEnabled()) { StringBuilder sb = new StringBuilder(); - sb.append("initialized module ").append(moduleName).append(", slot ").append(slotId); + sb.append("initialized slot ").append(slotId); sb.append("\nsupported mechanisms:\n"); if (mechanisms.isEmpty()) { @@ -408,14 +398,6 @@ protected void initMechanisms(Map supportedMechanisms, P11M printMechanisms(sb, mechanisms); } - sb.append("\nsupported by device but ignored mechanisms:\n"); - if (ignoreMechs.isEmpty()) { - sb.append(" NONE\n"); - } else { - for (Long mech : ignoreMechs) { - sb.append("\n ").append(mechanismCodeToName(mech)); - } - } LOG.info(sb.toString()); } } @@ -446,10 +428,6 @@ public void assertMechanismSupported(long mechanism, long flagBit) throws TokenE } } - public String getModuleName() { - return moduleName; - } - public P11SlotId getSlotId() { return slotId; } diff --git a/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java b/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java index 27cdc82..3bd910b 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java +++ b/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java @@ -19,306 +19,175 @@ public class Pkcs11conf extends ValidableConf { - public static class MechanismFilter extends ValidableConf { + private String type; - /** - * name of the mechanismSet. - */ - private String mechanismSet; - - /** - * To which slots the mechanism should be applied. - * Absent for all slots. - */ - private List slots; - - public String getMechanismSet() { - return mechanismSet; - } - - public void setMechanismSet(String mechanismSet) { - this.mechanismSet = mechanismSet; - } - - public List getSlots() { - if (slots == null) { - slots = new LinkedList<>(); - } - return slots; - } - - public void setSlots(List slots) { - this.slots = slots; - } - - @Override - public void validate() throws InvalidConfException { - notBlank(mechanismSet, "mechanismSet"); - validate(slots); - } - - } // class MechanismFilter - - public static class MechanismSet extends ValidableConf { - - private String name; - - /** - * The mechanism. Set mechanism to ALL to accept all available mechanisms. - */ - private List mechanisms; - - /** - * The mechanism to be excluded. - */ - private List excludeMechanisms; - - public String getName() { - return name; - } - - public void setName(String name) { - this.name = name; - } - - public List getMechanisms() { - if (mechanisms == null) { - mechanisms = new LinkedList<>(); - } - return mechanisms; - } - - public void setMechanisms(List mechanisms) { - this.mechanisms = mechanisms; - } - - public List getExcludeMechanisms() { - if (excludeMechanisms == null) { - excludeMechanisms = new LinkedList<>(); - } - return excludeMechanisms; - } - - public void setExcludeMechanisms(List excludeMechanisms) { - this.excludeMechanisms = excludeMechanisms; - } - - @Override - public void validate() throws InvalidConfException { - notBlank(name, "name"); - notEmpty(mechanisms, "mechanisms"); - } - - } // class MechanismSet - - public static class Module extends ValidableConf { - - private String name; - - private String type; - - private List nativeLibraries; - - private NewObjectConf newObjectConf; - - /** - * Which slots should be considered. Absent for all slots. - */ - private List includeSlots; - - /** - * Which slots should be considered. Absent for no slot. - */ - private List excludeSlots; - - private boolean readonly; - - private List secretKeyTypes; + private List nativeLibraries; - private List keyPairTypes; + private NewObjectConf newObjectConf; - private Integer numSessions; - - /** - * specify the user type, use either the long value or identifier as - * defined in the PKCS#11 standards. In version up to 2.40 the - * following users are defined. - * - 0 or 0x0 or CKU_SO - * - 1 or 0x1 or CKU_USER - * - 2 or 0x2 or CKU_CONTEXT_SPECIFIC - * For vendor user type, only the long value is allowed. - */ - private String user; - - private String userName; - - /** - * maximal size of the message sent to the PKCS#11 device. - */ - private Integer maxMessageSize; - - /** - * Timeout to borrow a new session. - */ - private Integer newSessionTimeout; - - private List passwordSets; + /** + * Which slots should be considered. Absent for all slots. + */ + private List includeSlots; - private List mechanismFilters; + /** + * Which slots should be considered. Absent for no slot. + */ + private List excludeSlots; - public String getName() { - return name; - } + private boolean readonly; - public void setName(String name) { - this.name = name; - } + private List secretKeyTypes; - public String getType() { - return type; - } + private List keyPairTypes; - public void setType(String type) { - this.type = type; - } + private Integer numSessions; - public List getNativeLibraries() { - if (nativeLibraries == null) { - nativeLibraries = new LinkedList<>(); - } - return nativeLibraries; - } + /** + * specify the user type, use either the long value or identifier as + * defined in the PKCS#11 standards. In version up to 2.40 the + * following users are defined. + * - 0 or 0x0 or CKU_SO + * - 1 or 0x1 or CKU_USER + * - 2 or 0x2 or CKU_CONTEXT_SPECIFIC + * For vendor user type, only the long value is allowed. + */ + private String user; - public void setNativeLibraries(List nativeLibraries) { - this.nativeLibraries = nativeLibraries; - } + /** + * maximal size of the message sent to the PKCS#11 device. + */ + private Integer maxMessageSize; - public NewObjectConf getNewObjectConf() { - return newObjectConf; - } + /** + * Timeout to borrow a new session. + */ + private Integer newSessionTimeout; - public void setNewObjectConf(NewObjectConf newObjectConf) { - this.newObjectConf = newObjectConf; - } + private List passwordSets; - public List getIncludeSlots() { - if (includeSlots == null) { - includeSlots = new LinkedList<>(); - } - return includeSlots; - } + public String getType() { + return type; + } - public void setIncludeSlots(List includeSlots) { - this.includeSlots = includeSlots; - } + public void setType(String type) { + this.type = type; + } - public List getExcludeSlots() { - if (excludeSlots == null) { - excludeSlots = new LinkedList<>(); - } - return excludeSlots; + public List getNativeLibraries() { + if (nativeLibraries == null) { + nativeLibraries = new LinkedList<>(); } + return nativeLibraries; + } - public void setExcludeSlots(List excludeSlots) { - this.excludeSlots = excludeSlots; - } + public void setNativeLibraries(List nativeLibraries) { + this.nativeLibraries = nativeLibraries; + } - public boolean isReadonly() { - return readonly; - } + public NewObjectConf getNewObjectConf() { + return newObjectConf; + } - public void setReadonly(boolean readonly) { - this.readonly = readonly; - } + public void setNewObjectConf(NewObjectConf newObjectConf) { + this.newObjectConf = newObjectConf; + } - public List getPasswordSets() { - if (passwordSets == null) { - passwordSets = new LinkedList<>(); - } - return passwordSets; + public List getIncludeSlots() { + if (includeSlots == null) { + includeSlots = new LinkedList<>(); } + return includeSlots; + } - public void setPasswordSets(List passwordSets) { - this.passwordSets = passwordSets; - } + public void setIncludeSlots(List includeSlots) { + this.includeSlots = includeSlots; + } - public List getMechanismFilters() { - if (mechanismFilters == null) { - mechanismFilters = new LinkedList<>(); - } - return mechanismFilters; + public List getExcludeSlots() { + if (excludeSlots == null) { + excludeSlots = new LinkedList<>(); } + return excludeSlots; + } - public void setMechanismFilters(List mechanismFilters) { - this.mechanismFilters = mechanismFilters; - } + public void setExcludeSlots(List excludeSlots) { + this.excludeSlots = excludeSlots; + } - public void setUser(String user) { - this.user = user; - } + public boolean isReadonly() { + return readonly; + } - public void setUserName(String userName) { - this.userName = userName; - } + public void setReadonly(boolean readonly) { + this.readonly = readonly; + } - public void setMaxMessageSize(Integer maxMessageSize) { - this.maxMessageSize = maxMessageSize; + public List getPasswordSets() { + if (passwordSets == null) { + passwordSets = new LinkedList<>(); } + return passwordSets; + } - public String getUser() { - return user == null ? "CKU_USER" : user; - } + public void setPasswordSets(List passwordSets) { + this.passwordSets = passwordSets; + } - public String getUserName() { - return userName; - } + public void setUser(String user) { + this.user = user; + } - public int getMaxMessageSize() { - return maxMessageSize == null ? 16384 : maxMessageSize; - } + public void setMaxMessageSize(Integer maxMessageSize) { + this.maxMessageSize = maxMessageSize; + } - public List getSecretKeyTypes() { - return secretKeyTypes; - } + public String getUser() { + return user == null ? "CKU_USER" : user; + } - public void setSecretKeyTypes(List secretKeyTypes) { - this.secretKeyTypes = secretKeyTypes; - } + public int getMaxMessageSize() { + return maxMessageSize == null ? 16384 : maxMessageSize; + } - public List getKeyPairTypes() { - return keyPairTypes; - } + public List getSecretKeyTypes() { + return secretKeyTypes; + } - public void setKeyPairTypes(List keyPairTypes) { - this.keyPairTypes = keyPairTypes; - } + public void setSecretKeyTypes(List secretKeyTypes) { + this.secretKeyTypes = secretKeyTypes; + } - public Integer getNumSessions() { - return numSessions; - } + public List getKeyPairTypes() { + return keyPairTypes; + } - public void setNumSessions(Integer numSessions) { - this.numSessions = numSessions; - } + public void setKeyPairTypes(List keyPairTypes) { + this.keyPairTypes = keyPairTypes; + } - public Integer getNewSessionTimeout() { - return newSessionTimeout; - } + public Integer getNumSessions() { + return numSessions; + } - public void setNewSessionTimeout(Integer newSessionTimeout) { - this.newSessionTimeout = newSessionTimeout; - } + public void setNumSessions(Integer numSessions) { + this.numSessions = numSessions; + } - @Override - public void validate() throws InvalidConfException { - notBlank(name, "name"); - notBlank(type, "type"); - notEmpty(nativeLibraries, "nativeLibraries"); + public Integer getNewSessionTimeout() { + return newSessionTimeout; + } - validate(nativeLibraries, includeSlots, excludeSlots, passwordSets, mechanismFilters); - } + public void setNewSessionTimeout(Integer newSessionTimeout) { + this.newSessionTimeout = newSessionTimeout; + } - } // class Module + @Override + public void validate() throws InvalidConfException { + notBlank(type, "type"); + notEmpty(nativeLibraries, "nativeLibraries"); + validate(nativeLibraries, includeSlots, excludeSlots, passwordSets); + } public static class NativeLibrary extends ValidableConf { @@ -397,7 +266,7 @@ public static class PasswordSet extends ValidableConf { private List slots; - private List passwords; + private String password; public List getSlots() { if (slots == null) { @@ -410,20 +279,16 @@ public void setSlots(List slots) { this.slots = slots; } - public List getPasswords() { - if (passwords == null) { - passwords = new LinkedList<>(); - } - return passwords; + public String getPassword() { + return password; } - public void setPasswords(List passwords) { - this.passwords = passwords; + public void setPassword(String password) { + this.password = password; } @Override public void validate() throws InvalidConfException { - notEmpty(passwords, "passwords"); } } // class PasswordSet @@ -459,47 +324,4 @@ public void validate() throws InvalidConfException { } // class Slot - /** - * exactly one module must have the name 'default'. - */ - private List modules; - - private List mechanismSets; - - public List getModules() { - return modules; - } - - public void setModules(List modules) { - if (modules == null) { - modules = new LinkedList<>(); - } - this.modules = modules; - } - - public List getMechanismSets() { - if (mechanismSets == null) { - mechanismSets = new LinkedList<>(); - } - return mechanismSets; - } - - public void setMechanismSets(List mechanismSets) { - this.mechanismSets = mechanismSets; - } - - public void addModule(Module module) { - getModules().add(module); - } - - public void addMechanismSet(MechanismSet mechanismSet) { - getMechanismSets().add(mechanismSet); - } - - @Override - public void validate() throws InvalidConfException { - notEmpty(modules, "modules"); - validate(modules, mechanismSets); - } - } diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java index 34f7b62..19f32e7 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java @@ -141,7 +141,7 @@ private EmulatorP11Module(P11ModuleConf moduleConf) throws TokenException { Set slots = new HashSet<>(); for (P11SlotId slotId : slotIds) { - List pwd; + char[] pwd; try { pwd = moduleConf.getPasswordRetriever().getPassword(slotId); } catch (PasswordResolverException ex) { @@ -154,14 +154,8 @@ private EmulatorP11Module(P11ModuleConf moduleConf) throws TokenException { throw new TokenException("no password is configured"); } - if (pwd.size() != 1) { - throw new TokenException(pwd.size() + " passwords are configured, but 1 is permitted"); - } - - char[] firstPwd = pwd.get(0); - - slots.add(new EmulatorP11Slot(moduleConf.getName(), slotDir, slotId, - moduleConf.isReadOnly(), new EmulatorKeyCryptor(firstPwd), moduleConf.getP11MechanismFilter(), + slots.add(new EmulatorP11Slot(slotDir, slotId, + moduleConf.isReadOnly(), new EmulatorKeyCryptor(pwd), moduleConf.getP11NewObjectConf(), moduleConf.getNumSessions(), moduleConf.getSecretKeyTypes(), moduleConf.getKeyPairTypes())); } @@ -180,7 +174,7 @@ public String getDescription() { @Override public void close() { - LOG.info("close PKCS#11 module: {}", getName()); + LOG.info("close PKCS#11 module"); } private void createExampleRepository(File dir) throws IOException { diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java index df7ba33..46ae4c9 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java @@ -32,7 +32,6 @@ import org.xipki.security.EdECConstants; import org.xipki.security.HashAlgo; import org.xipki.security.pkcs11.P11Key; -import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; import org.xipki.security.pkcs11.P11ModuleConf.P11NewObjectConf; import org.xipki.security.pkcs11.P11Params; import org.xipki.security.pkcs11.P11Slot; @@ -222,11 +221,11 @@ public boolean accept(File dir, String name) { } EmulatorP11Slot( - String moduleName, File slotDir, P11SlotId slotId, boolean readOnly, - EmulatorKeyCryptor keyCryptor, P11MechanismFilter mechanismFilter, P11NewObjectConf newObjectConf, + File slotDir, P11SlotId slotId, boolean readOnly, + EmulatorKeyCryptor keyCryptor, P11NewObjectConf newObjectConf, Integer numSessions, List secretKeyTypes, List keypairTypes) throws TokenException { - super(moduleName, slotId, readOnly, secretKeyTypes, keypairTypes, newObjectConf); + super(slotId, readOnly, secretKeyTypes, keypairTypes, newObjectConf); this.keyCryptor = Args.notNull(keyCryptor, "keyCryptor"); this.maxSessions = numSessions == null ? 20 : Args.positive(numSessions, "numSessions"); @@ -250,7 +249,7 @@ public boolean accept(File dir, String name) { this.namedCurveSupported = true; } - initMechanisms(supportedMechs, mechanismFilter); + initMechanisms(supportedMechs); } // constructor private List getFilesForLabel(File dir, String label) throws TokenException { diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java deleted file mode 100644 index 80749a4..0000000 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java +++ /dev/null @@ -1,78 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 - -package org.xipki.security.pkcs11.hsmproxy; - -import org.xipki.pkcs11.wrapper.PKCS11KeyId; -import org.xipki.pkcs11.wrapper.TokenException; -import org.xipki.pkcs11.wrapper.params.ExtraParams; -import org.xipki.security.pkcs11.P11Key; -import org.xipki.security.pkcs11.P11Params; -import org.xipki.security.util.KeyUtil; -import org.xipki.util.Args; - -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.RSAPublicKeySpec; - -import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_RSA; - -/** - * {@link P11Key} based on the HSM proxy. - * - * @author Lijun Liao (xipki) - */ - -class HsmProxyP11Key extends P11Key { - - public HsmProxyP11Key(HsmProxyP11Slot slot, PKCS11KeyId keyId) { - super(slot, keyId); - } - - @Override - protected byte[] digestSecretKey0(long mechanism) throws TokenException { - return slot.digestSecretKey(mechanism, keyId.getHandle()); - } - - @Override - protected PublicKey getPublicKey0() throws TokenException { - long keyType = keyId.getKeyType(); - if (keyType == CKK_RSA) { - try { - return KeyUtil.generateRSAPublicKey( - new RSAPublicKeySpec(rsaModulus, rsaPublicExponent)); - } catch (InvalidKeySpecException ex) { - throw new TokenException(ex.getMessage(), ex); - } - } - - Long publicKeyHandle = keyId.getPublicKeyHandle(); - return (publicKeyHandle == null) ? null : slot.getPublicKey(publicKeyHandle); - } - - @Override - public void destroy() throws TokenException { - long[] failedHandles; - if (keyId.getPublicKeyHandle() == null) { - failedHandles = slot.destroyObjectsByHandle(keyId.getHandle()); - } else { - failedHandles = slot.destroyObjectsByHandle(keyId.getHandle(), keyId.getPublicKeyHandle()); - } - if (failedHandles != null && failedHandles.length > 0) { - throw new TokenException("error destroying key " + keyId); - } - } - - @Override - protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws TokenException { - Args.notNull(content, "content"); - ExtraParams extraParams = null; - if (ecOrderBitSize != null) { - extraParams = new ExtraParams(); - extraParams.ecOrderBitSize(ecOrderBitSize); - } - - return slot.sign(mechanism, parameters, extraParams, keyId.getHandle(), content); - } - -} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java deleted file mode 100644 index be128f5..0000000 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java +++ /dev/null @@ -1,428 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 - -package org.xipki.security.pkcs11.hsmproxy; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.xipki.pkcs11.wrapper.PKCS11Constants; -import org.xipki.pkcs11.wrapper.PKCS11Exception; -import org.xipki.pkcs11.wrapper.TokenException; -import org.xipki.security.pkcs11.P11Module; -import org.xipki.security.pkcs11.P11ModuleConf; -import org.xipki.security.pkcs11.P11Slot; -import org.xipki.security.pkcs11.P11SlotId; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.BooleanMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ByteArrayMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ErrorResponse; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GetMechanismInfosResponse; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.IntMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.KeyIdMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.LongArrayMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ModuleCapsResponse; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.P11KeyResponse; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.SlotIdsResponse; -import org.xipki.util.Args; -import org.xipki.util.FileOrBinary; -import org.xipki.util.IoUtil; -import org.xipki.util.LogUtil; -import org.xipki.util.StringUtil; -import org.xipki.util.cbor.ByteArrayCborDecoder; -import org.xipki.util.cbor.CborConstants; -import org.xipki.util.cbor.CborDecoder; -import org.xipki.util.cbor.CborType; -import org.xipki.util.exception.DecodeException; -import org.xipki.util.exception.ObjectCreationException; -import org.xipki.util.http.HostnameVerifiers; -import org.xipki.util.http.SslConf; -import org.xipki.util.http.SslContextConf; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLSocketFactory; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.net.HttpURLConnection; -import java.net.URL; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.StringTokenizer; - -/** - * {@link P11Module} for PKCS#11 proxy. - * - * @author Lijun Liao (xipki) - */ - -class HsmProxyP11Module extends P11Module { - - public static final String TYPE = "hsmproxy"; - - private static final String PROP_SSL_STORETYPE = "ssl.storeType"; - - private static final String PROP_SSL_KEYSTORE = "ssl.keystore"; - - private static final String PROP_SSL_KEYSTOREPASSWORD = "ssl.keystorePassword"; - - private static final String PROP_SSL_TRUSTCERTS = "ssl.trustcerts"; - - private static final String PROP_SSL_HOStNAMEVERIFIER = "ssl.hostnameVerifier"; - - private static final Logger LOG = LoggerFactory.getLogger(HsmProxyP11Module.class); - - private static final String REQUEST_MIMETYPE = "application/x-xipki-pkcs11"; - - private static final String RESPONSE_MIMETYPE = "application/x-xipki-pkcs11"; - - private static final byte[] SLOT_ID_NULL_CONTENT_NULL_REQUEST = new byte[]{(byte) 0x82, (byte) 0xf6, (byte) 0xf6}; - - private final String description; - - private final String serverUrl; - - private final SSLSocketFactory sslSocketFactory; - - private final HostnameVerifier hostnameVerifier; - - private HsmProxyP11Module(P11ModuleConf moduleConf) throws TokenException { - super(moduleConf); - - final String modulePath = moduleConf.getNativeLibrary(); - - Map properties = moduleConf.getNativeLibraryProperties(); - if (properties == null) { - throw new TokenException("The properties field is not present"); - } - this.description = StringUtil.concat("PKCS#11 proxy", "\nPath: ", modulePath); - this.serverUrl = modulePath.endsWith("/") ? modulePath.substring(0, modulePath.length() - 1) : modulePath; - - SslConf sslConf = new SslConf(); - - String sslStoreType = properties.get(PROP_SSL_STORETYPE); - sslConf.setStoreType(sslStoreType); - - String sslKeystore = properties.get(PROP_SSL_KEYSTORE); - sslConf.setKeystore(FileOrBinary.ofFile(sslKeystore)); - - String sslKeystorePassword = properties.get(PROP_SSL_KEYSTOREPASSWORD); - sslConf.setKeystorePassword(sslKeystorePassword); - - String sslTrustCerts = properties.get(PROP_SSL_TRUSTCERTS); - if (sslTrustCerts != null) { - StringTokenizer tokens = new StringTokenizer(sslTrustCerts, ",;:"); - List files = new ArrayList<>(tokens.countTokens()); - while (tokens.hasMoreTokens()) { - String file = tokens.nextToken().trim(); - files.add(FileOrBinary.ofFile(file)); - } - sslConf.setTrustanchors(files.toArray(new FileOrBinary[0])); - } - - String sslHostnameVerifier = properties.get(PROP_SSL_HOStNAMEVERIFIER); - if (sslHostnameVerifier != null) { - sslConf.setHostnameVerifier(sslHostnameVerifier); - } - - SslContextConf sslContextConf = SslContextConf.ofSslConf(sslConf); - - try { - this.sslSocketFactory = sslContextConf.getSslSocketFactory(); - } catch (ObjectCreationException ex) { - throw new TokenException("could not build SSLSocketFactroy", ex); - } - try { - this.hostnameVerifier = HostnameVerifiers.createHostnameVerifier(sslHostnameVerifier); - } catch (ObjectCreationException ex) { - throw new TokenException("could not create HostnameVerifier", ex); - } - - ModuleCapsResponse moduleCaps = - (ModuleCapsResponse) sendModuleAction(ProxyAction.moduleCaps); - if (!moduleConf.isReadOnly()) { - moduleConf.setReadOnly(moduleCaps.isReadOnly()); - } - - if (moduleConf.getMaxMessageSize() > moduleCaps.getMaxMessageSize()) { - moduleConf.setMaxMessageSize(moduleCaps.getMaxMessageSize()); - } - - if (moduleCaps.getNewObjectConf() != null) { - moduleConf.setNewObjectConf(moduleCaps.getNewObjectConf()); - } - - if (moduleCaps.getSecretKeyTypes() != null) { - moduleConf.setSecretKeyTypes( - intersect(moduleConf.getSecretKeyTypes(), moduleCaps.getSecretKeyTypes())); - } - - if (moduleCaps.getKeyPairTypes() != null) { - moduleConf.setKeyPairTypes( - intersect(moduleConf.getKeyPairTypes(), moduleCaps.getKeyPairTypes())); - } - - // initialize the slots - SlotIdsResponse resp = (SlotIdsResponse) sendModuleAction(ProxyAction.slotIds); - Set slots = new HashSet<>(); - for (P11SlotId slotId : resp.getSlotIds() ) { - if (!conf.isSlotIncluded(slotId)) { - continue; - } - - if (!conf.isSlotIncluded(slotId)) { - LOG.info("skipped slot {}", slotId); - continue; - } - - HsmProxyP11Slot slot = new HsmProxyP11Slot(slotId, moduleConf.isReadOnly(), this, - conf.getP11MechanismFilter(), moduleCaps.getNewObjectConf(), - moduleCaps.getSecretKeyTypes(), moduleCaps.getKeyPairTypes()); - slots.add(slot); - } - setSlots(slots); - } // constructor - - private static List intersect(List a, List b) { - if (a == null) { - return b; - } else if (b == null) { - return a; - } - - if (new HashSet<>(a).containsAll(b) && a.size() == b.size()) { - return a; - } - - List r = new ArrayList<>(Math.min(a.size(), b.size())); - for (T ta : a) { - if (b.contains(ta)) { - r.add(ta); - } - } - return r; - } - - public static P11Module getInstance(P11ModuleConf moduleConf) throws TokenException { - Args.notNull(moduleConf, "moduleConf"); - if (moduleConf.getUserName() != null) { - throw new TokenException("userName is present but shall be null"); - } - - return new HsmProxyP11Module(moduleConf); - } - - @Override - public String getDescription() { - return description; - } - - @Override - public void close() { - for (P11SlotId slotId : getSlotIds()) { - try { - getSlot(slotId).close(); - } catch (Throwable th) { - LogUtil.error(LOG, th, "could not close PKCS#11 slot " + slotId); - } - } - } - - protected byte[] doSend(ProxyAction action, byte[] request) throws IOException { - Args.notNull(request, "request"); - - String thisUrl = serverUrl + "/" + action.getAlias(); - - HttpURLConnection httpUrlConnection = IoUtil.openHttpConn(new URL(thisUrl)); - - if (httpUrlConnection instanceof HttpsURLConnection) { - if (sslSocketFactory != null) { - ((HttpsURLConnection) httpUrlConnection).setSSLSocketFactory(sslSocketFactory); - } - - if (hostnameVerifier != null) { - ((HttpsURLConnection) httpUrlConnection).setHostnameVerifier(hostnameVerifier); - } - } - - httpUrlConnection.setDoOutput(true); - httpUrlConnection.setUseCaches(false); - - int size = request.length; - - httpUrlConnection.setRequestMethod("POST"); - httpUrlConnection.setRequestProperty("Content-Type", REQUEST_MIMETYPE); - httpUrlConnection.setRequestProperty("Content-Length", Integer.toString(size)); - OutputStream outputstream = httpUrlConnection.getOutputStream(); - outputstream.write(request); - outputstream.flush(); - - if (httpUrlConnection.getResponseCode() != HttpURLConnection.HTTP_OK) { - try { - try { - InputStream is = httpUrlConnection.getInputStream(); - if (is != null) { - is.close(); - } - } catch (IOException ex) { - InputStream errStream = httpUrlConnection.getErrorStream(); - if (errStream != null) { - errStream.close(); - } - } - } catch (Throwable th) { - // ignore it - } - - throw new IOException("bad response: code=" + httpUrlConnection.getResponseCode() - + ", message=" + httpUrlConnection.getResponseMessage()); - } - - InputStream inputstream; - try { - inputstream = httpUrlConnection.getInputStream(); - } catch (IOException ex) { - InputStream errStream = httpUrlConnection.getErrorStream(); - if (errStream != null) { - errStream.close(); - } - throw ex; - } - - try { - String responseContentType = httpUrlConnection.getContentType(); - boolean isValidContentType = false; - if (responseContentType != null) { - if (responseContentType.equalsIgnoreCase(RESPONSE_MIMETYPE)) { - isValidContentType = true; - } - } - if (!isValidContentType) { - throw new IOException("bad response: mime type " + responseContentType - + " is not supported!"); - } - - byte[] buf = new byte[4096]; - ByteArrayOutputStream bytearrayoutputstream = new ByteArrayOutputStream(); - do { - int readedByte = inputstream.read(buf); - if (readedByte == -1) { - break; - } - bytearrayoutputstream.write(buf, 0, readedByte); - } while (true); - - return bytearrayoutputstream.toByteArray(); - } finally { - inputstream.close(); - } - } // method send - - public ProxyMessage sendModuleAction(ProxyAction action) throws TokenException { - return send(action, SLOT_ID_NULL_CONTENT_NULL_REQUEST.clone()); - } - - public ProxyMessage send(ProxyAction action, byte[] request) throws TokenException { - Args.notNull(request, "request"); - - byte[] respBytes; - try { - respBytes = doSend(action, request); - } catch (IOException ex) { - LOG.error("IO error", request); - throw new TokenException(ex.getMessage(), ex); - } - - CborDecoder decoder = new ByteArrayCborDecoder(respBytes); - ErrorResponse errorResp = null; - - try { - CborType type = decoder.peekType(); - if (CborDecoder.isNull(type)) { - decoder.readNull(); - return null; - } else if (type.getMajorType() == CborConstants.TYPE_TAG) { - long tag = decoder.readTag(); - if (ErrorResponse.CBOR_TAG_ERROR_RESPONSE != tag) { - throw new TokenException("response is tagged but not with tag CBOR_TAG_ERROR_RESPONSE"); - } - - errorResp = ErrorResponse.decode(decoder); - } - } catch (IOException ex) { - throw new TokenException("IO error decoding response", ex); - } catch (DecodeException ex) { - throw new TokenException("DecodeException decoding response", ex); - } - - if (errorResp != null) { - ErrorResponse.ProxyErrorCode errorCode = errorResp.getErrorCode(); - String detail = errorResp.getDetail(); - - switch (errorCode) { - case badRequest: - case internalError: - throw new TokenException(errorCode + ": " + detail); - case pkcs11Exception: - long ckrCode; - try { - ckrCode = detail.startsWith("CKR_") || detail.startsWith("ckr_") - ? PKCS11Constants.ckrNameToCode(detail) : Long.parseLong(detail); - } catch (Exception ex) { - LOG.warn("could not parse CKR code '" + detail + "'"); - ckrCode = PKCS11Constants.CKR_GENERAL_ERROR; - } - throw new PKCS11Exception(ckrCode); - case tokenException: - throw new TokenException(detail); - } - } - - try { - switch (action) { - case moduleCaps: - return ModuleCapsResponse.decode(decoder); - case slotIds: - return SlotIdsResponse.decode(decoder); - case mechInfos: - return GetMechanismInfosResponse.decode(decoder); - case keyByKeyId: - case keyByIdLabel: - return P11KeyResponse.decode(decoder); - case objectExistsByIdLabel: - return BooleanMessage.decode(decoder); - case destroyAllObjects: - case destroyObjectsByIdLabel: - return IntMessage.decode(decoder); - case destroyObjectsByHandle: - return LongArrayMessage.decode(decoder); - case keyIdByIdLabel: - case genSecretKey: - case importSecretKey: - case genRSAKeypair: - case genDSAKeypair2: - case genDSAKeypair: - case genECKeypair: - case genSM2Keypair: - return KeyIdMessage.decode(decoder); - case genRSAKeypairOtf: - case genDSAKeypairOtf: - case genECKeypairOtf: - case genSM2KeypairOtf: - case publicKeyByHandle: - case showDetails: - case sign: - case digestSecretKey: - return ByteArrayMessage.decode(decoder); - default: - throw new IllegalStateException("should not reach here, unknown action " + action); - } - } catch (DecodeException ex) { - throw new TokenException("DecodingException while decoding response.", ex); - } - } - -} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java deleted file mode 100644 index 5d6c593..0000000 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 - -package org.xipki.security.pkcs11.hsmproxy; - -import org.xipki.pkcs11.wrapper.TokenException; -import org.xipki.security.pkcs11.P11Module; -import org.xipki.security.pkcs11.P11ModuleConf; -import org.xipki.security.pkcs11.P11ModuleFactory; -import org.xipki.util.XipkiBaseDir; - -/** - * {@link P11ModuleFactory} to create {@link P11Module} of type "hsmproxy". - * - * @author Lijun Liao (xipki) - * - */ -public class HsmProxyP11ModuleFactory implements P11ModuleFactory { - - public HsmProxyP11ModuleFactory() { - XipkiBaseDir.init(); - } - - @Override - public boolean canCreateModule(String type) { - return HsmProxyP11Module.TYPE.equalsIgnoreCase(type); - } - - @Override - public P11Module newModule(P11ModuleConf conf) throws TokenException { - return HsmProxyP11Module.getInstance(conf); - } - -} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java deleted file mode 100644 index 88409b0..0000000 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java +++ /dev/null @@ -1,375 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 - -package org.xipki.security.pkcs11.hsmproxy; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.xipki.pkcs11.wrapper.MechanismInfo; -import org.xipki.pkcs11.wrapper.PKCS11KeyId; -import org.xipki.pkcs11.wrapper.TokenException; -import org.xipki.pkcs11.wrapper.params.ExtraParams; -import org.xipki.security.pkcs11.P11Key; -import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; -import org.xipki.security.pkcs11.P11ModuleConf.P11NewObjectConf; -import org.xipki.security.pkcs11.P11Params; -import org.xipki.security.pkcs11.P11Slot; -import org.xipki.security.pkcs11.P11SlotId; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.BooleanMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ByteArrayMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.DigestSecretKeyRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateDSAKeyPairByKeysizeRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateDSAKeyPairOtfRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateDSAKeyPairRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateECKeyPairOtfRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateECKeyPairRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateRSAKeyPairOtfRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateRSAKeyPairRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateSM2KeyPairRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateSecretKeyRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GetMechanismInfosResponse; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.IdLabelMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ImportSecretKeyRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.IntMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.KeyIdMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.LongArrayMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.LongMessage; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.P11KeyResponse; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ShowDetailsRequest; -import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.SignRequest; -import org.xipki.security.util.KeyUtil; -import org.xipki.util.LogUtil; -import org.xipki.util.cbor.ByteArrayCborEncoder; -import org.xipki.util.exception.EncodeException; - -import java.io.IOException; -import java.io.OutputStream; -import java.math.BigInteger; -import java.nio.charset.StandardCharsets; -import java.security.PublicKey; -import java.security.spec.InvalidKeySpecException; -import java.util.Collections; -import java.util.List; -import java.util.Map; - -/** - * {@link P11Slot} based on the HSM proxy. - * - * @author Lijun Liao (xipki) - */ -class HsmProxyP11Slot extends P11Slot { - - private static final Logger LOG = LoggerFactory.getLogger(HsmProxyP11Slot.class); - - private final HsmProxyP11Module module; - - HsmProxyP11Slot(P11SlotId slotId, boolean readOnly, HsmProxyP11Module module, P11MechanismFilter mechanismFilter, - P11NewObjectConf newObjectConf, List secretKeyTypes, List keyPairTypes) - throws TokenException { - super(module.getName(), slotId, readOnly, secretKeyTypes, keyPairTypes, newObjectConf); - - this.module = module; - GetMechanismInfosResponse resp = (GetMechanismInfosResponse) send(ProxyAction.mechInfos, null); - Map mechanismInfoMap = resp == null ? Collections.emptyMap() : resp.getMechamismInfoMap(); - initMechanisms(mechanismInfoMap, mechanismFilter); - } - - @Override - public final void close() { - } - - @Override - public P11Key getKey(PKCS11KeyId keyId) throws TokenException { - return toP11Key(send(ProxyAction.keyByKeyId, new KeyIdMessage(keyId))); - } - - @Override - public P11Key getKey(byte[] keyId, String keyLabel) throws TokenException { - return toP11Key(send(ProxyAction.keyByIdLabel, new IdLabelMessage(keyId, keyLabel))); - } - - @Override - public PKCS11KeyId getKeyId(byte[] keyId, String keyLabel) throws TokenException { - return toPKCS11KeyId(send(ProxyAction.keyIdByIdLabel, new IdLabelMessage(keyId, keyLabel))); - } - - @Override - public byte[] sign(long mechanism, P11Params params, ExtraParams extraParams, - long keyHandle, byte[] content) throws TokenException { - SignRequest req = new SignRequest(keyHandle, mechanism, params, extraParams, content); - return toByteArray(send(ProxyAction.sign, req)); - } - - @Override - public PublicKey getPublicKey(long handle) throws TokenException { - byte[] bytes = toByteArray(send(ProxyAction.publicKeyByHandle, new LongMessage(handle))); - try { - return bytes == null ? null : KeyUtil.generatePublicKey( - SubjectPublicKeyInfo.getInstance(bytes)); - } catch (InvalidKeySpecException ex) { - throw new TokenException("error parsing SubjectPublicKeyInfo", ex); - } - } - - @Override - public byte[] digestSecretKey(long mechanism, long handle) throws TokenException { - DigestSecretKeyRequest req = new DigestSecretKeyRequest(mechanism, handle); - return toByteArray(send(ProxyAction.digestSecretKey, req)); - } - - @Override - public boolean objectExistsByIdLabel(byte[] id, String label) throws TokenException { - return ((BooleanMessage) send(ProxyAction.objectExistsByIdLabel, new IdLabelMessage(id, label))).getValue(); - } - - @Override - public int destroyAllObjects() { - try { - return ((IntMessage) send(ProxyAction.destroyAllObjects, null)).getValue(); - } catch (TokenException e) { - LogUtil.warn(LOG, e, "error destroyAllObjects()"); - return 0; - } - } - - @Override - public long[] destroyObjectsByHandle(long[] handles) { - try { - LongArrayMessage resp = ((LongArrayMessage) send( - ProxyAction.destroyObjectsByHandle, new LongArrayMessage(handles))); - return resp == null ? null : resp.getValue(); - } catch (Exception e) { - LogUtil.warn(LOG, e, "error destroyObjectsByHandle()"); - return handles.clone(); - } - } - - @Override - public int destroyObjectsByIdLabel(byte[] id, String label) throws TokenException { - try { - return ((IntMessage) send(ProxyAction.destroyObjectsByIdLabel, new IdLabelMessage(id, label))).getValue(); - } catch (TokenException e) { - LogUtil.warn(LOG, e, "error destroyAllObjects()"); - return 0; - } - } - - @Override - public PKCS11KeyId generateSecretKey(long keyType, Integer keysize, P11NewKeyControl control) - throws TokenException { - return toPKCS11KeyId(send(ProxyAction.genSecretKey, new GenerateSecretKeyRequest(keyType, keysize, control))); - } // method generateSecretKey0 - - @Override - public PKCS11KeyId importSecretKey(long keyType, byte[] keyValue, P11NewKeyControl control) throws TokenException { - return toPKCS11KeyId(send(ProxyAction.importSecretKey, new ImportSecretKeyRequest(keyType, keyValue, control))); - } // method importSecretKey0 - - @Override - public PKCS11KeyId generateRSAKeypair(int keysize, BigInteger publicExponent, P11NewKeyControl control) - throws TokenException { - return toPKCS11KeyId(send(ProxyAction.genRSAKeypair, - new GenerateRSAKeyPairRequest(keysize, publicExponent, control))); - } - - @Override - public PrivateKeyInfo generateRSAKeypairOtf(int keysize, BigInteger publicExponent) throws TokenException { - return toPrivateKeyInfo(send(ProxyAction.genRSAKeypairOtf, - new GenerateRSAKeyPairOtfRequest(keysize, publicExponent))); - } - - @Override - public PKCS11KeyId generateDSAKeypair(int plength, int qlength, P11NewKeyControl control) throws TokenException { - return toPKCS11KeyId(send(ProxyAction.genDSAKeypair2, - new GenerateDSAKeyPairByKeysizeRequest(plength, qlength, control))); - } - - @Override - public PKCS11KeyId generateDSAKeypair(BigInteger p, BigInteger q, BigInteger g, P11NewKeyControl control) - throws TokenException { - return toPKCS11KeyId(send(ProxyAction.genDSAKeypair, new GenerateDSAKeyPairRequest(p, q, g, control))); - } - - @Override - public PrivateKeyInfo generateDSAKeypairOtf(BigInteger p, BigInteger q, BigInteger g) throws TokenException { - return toPrivateKeyInfo(send(ProxyAction.genDSAKeypairOtf, new GenerateDSAKeyPairOtfRequest(p, q, g))); - } - - @Override - public PKCS11KeyId generateECKeypair(ASN1ObjectIdentifier curveId, P11NewKeyControl control) throws TokenException { - return toPKCS11KeyId(send(ProxyAction.genECKeypair, new GenerateECKeyPairRequest(curveId, control))); - } - - @Override - public PrivateKeyInfo generateECKeypairOtf(ASN1ObjectIdentifier curveId) throws TokenException { - return toPrivateKeyInfo(send(ProxyAction.genECKeypair, new GenerateECKeyPairOtfRequest(curveId))); - } - - @Override - public PKCS11KeyId generateSM2Keypair(P11NewKeyControl control) throws TokenException { - return toPKCS11KeyId(send(ProxyAction.genSM2Keypair, new GenerateSM2KeyPairRequest(control))); - } - - @Override - public PrivateKeyInfo generateSM2KeypairOtf() throws TokenException { - return toPrivateKeyInfo(send(ProxyAction.genSM2KeypairOtf, null)); - } - - private P11Key toP11Key(ProxyMessage response) throws TokenException { - if (response == null) { - return null; - } - - if (!(response instanceof P11KeyResponse)) { - throw new TokenException("response is not a P11KeyResponse"); - } - - return ((P11KeyResponse) response).getP11Key(this); - } - - private static byte[] toByteArray(ProxyMessage response) throws TokenException { - if (response == null) { - return null; - } - - if (!(response instanceof ByteArrayMessage)) { - throw new TokenException("response is not a ByteArrayMessage"); - } - - return ((ByteArrayMessage) response).getValue(); - } - - private static PKCS11KeyId toPKCS11KeyId(ProxyMessage response) throws TokenException { - if (response == null) { - return null; - } - - if (!(response instanceof KeyIdMessage)) { - throw new TokenException("response is not a KeyIdMessage"); - } - - return ((KeyIdMessage) response).getKeyId(); - } - - private static PrivateKeyInfo toPrivateKeyInfo(ProxyMessage response) throws TokenException { - byte[] bytes = toByteArray(response); - if (bytes == null) { - return null; - } - - try { - return PrivateKeyInfo.getInstance(bytes); - } catch (IllegalArgumentException ex) { - throw new TokenException("invalid PrivateKeyInfo", ex); - } - } - - /** - * The specified stream remains open after this method returns. - */ - @Override - public void showDetails(OutputStream stream, Long objectHandle, boolean verbose) throws IOException { - ShowDetailsRequest req = new ShowDetailsRequest(objectHandle, verbose); - byte[] details; - try { - details = ((ByteArrayMessage) send(ProxyAction.showDetails, req)).getValue(); - } catch (TokenException e) { - details = ("ERROR: " + e.getMessage()).getBytes(StandardCharsets.UTF_8); - } - stream.write(details); - } - - private ProxyMessage send(ProxyAction action, ProxyMessage request) throws TokenException { - ByteArrayCborEncoder encoder = new ByteArrayCborEncoder(); - try { - encoder.writeArrayStart(2); - // slot id - encoder.writeInt(slotId.getId()); - if (request == null) { - encoder.writeNull(); - } else { - request.encode(encoder); - } - } catch (EncodeException ex) { - throw new TokenException("Encode error while building request", ex); - } catch (IOException ex) { - throw new TokenException("IO error while building request", ex); - } - - return module.send(action, encoder.toByteArray()); - } - - @Override - protected PKCS11KeyId doGenerateSecretKey(long keyType, Integer keysize, P11NewKeyControl control) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PKCS11KeyId doImportSecretKey(long keyType, byte[] keyValue, P11NewKeyControl control) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PKCS11KeyId doGenerateDSAKeypair(BigInteger p, BigInteger q, BigInteger g, P11NewKeyControl control) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PKCS11KeyId doGenerateECEdwardsKeypair(ASN1ObjectIdentifier curveId, P11NewKeyControl control) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PrivateKeyInfo doGenerateECEdwardsKeypairOtf(ASN1ObjectIdentifier curveId) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PKCS11KeyId doGenerateECMontgomeryKeypair(ASN1ObjectIdentifier curveId, P11NewKeyControl control) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PrivateKeyInfo doGenerateECMontgomeryKeypairOtf(ASN1ObjectIdentifier curveId) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PKCS11KeyId doGenerateECKeypair(ASN1ObjectIdentifier curveId, P11NewKeyControl control) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PrivateKeyInfo doGenerateECKeypairOtf(ASN1ObjectIdentifier curveId) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PKCS11KeyId doGenerateSM2Keypair(P11NewKeyControl control) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PrivateKeyInfo doGenerateSM2KeypairOtf() { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PKCS11KeyId doGenerateRSAKeypair(int keysize, BigInteger publicExponent, P11NewKeyControl control) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PrivateKeyInfo doGenerateRSAKeypairOtf(int keysize, BigInteger publicExponent) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - - @Override - protected PrivateKeyInfo generateDSAKeypairOtf0(BigInteger p, BigInteger q, BigInteger g) { - throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); - } - -} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java deleted file mode 100644 index df2dbc3..0000000 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java +++ /dev/null @@ -1,82 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 - -package org.xipki.security.pkcs11.hsmproxy; - -import java.util.HashMap; -import java.util.Map; - -/** - * The HSM proxy action enumeration. - * - * @author Lijun Liao (xipki) - */ - -public enum ProxyAction { - - moduleCaps ("mcaps"), - slotIds ("sids"), - - // mechanism infos - mechInfos ("mis"), - - publicKeyByHandle ("pkbh"), - - keyByKeyId ("kbi"), - keyByIdLabel ("kbil"), - keyIdByIdLabel ("kibil"), - - objectExistsByIdLabel ("ebil"), - - destroyAllObjects ("dao"), - destroyObjectsByHandle ("dobh"), - destroyObjectsByIdLabel ("dobil"), - - genSecretKey ("gsk"), - importSecretKey ("isk"), - - genRSAKeypair ("grsa"), - genRSAKeypairOtf ("grsao"), - // genDSAKeypairByKeysize - genDSAKeypair2 ("gdsa2"), - genDSAKeypair ("gdsa"), - genDSAKeypairOtf ("gdsao"), - genECKeypair ("gec"), - genECKeypairOtf ("geco"), - genSM2Keypair ("gsm2"), - genSM2KeypairOtf ("gsm2o"), - showDetails ("d"), - sign ("s"), - digestSecretKey ("dsk"); - - private final String alias; - - private static final Map namealiasActionMap = new HashMap<>(); - - static { - for (ProxyAction p : ProxyAction.values()) { - namealiasActionMap.put(p.name().toLowerCase(), p); - } - - for (ProxyAction p : ProxyAction.values()) { - String lc = p.alias.toLowerCase(); - if (namealiasActionMap.containsKey(lc)) { - throw new IllegalStateException("invalid alias " + p.alias); - } - namealiasActionMap.put(lc, p); - } - } - - ProxyAction(String alias) { - this.alias = alias; - } - - public String getAlias() { - return alias; - } - - public static ProxyAction ofNameIgnoreCase(String name) { - return namealiasActionMap.get(name.toLowerCase()); - } - -} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java deleted file mode 100644 index 71d76de..0000000 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java +++ /dev/null @@ -1,1465 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 - -package org.xipki.security.pkcs11.hsmproxy; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.xipki.pkcs11.wrapper.MechanismInfo; -import org.xipki.pkcs11.wrapper.PKCS11Exception; -import org.xipki.pkcs11.wrapper.PKCS11KeyId; -import org.xipki.pkcs11.wrapper.TokenException; -import org.xipki.pkcs11.wrapper.params.ExtraParams; -import org.xipki.security.pkcs11.P11Key; -import org.xipki.security.pkcs11.P11ModuleConf; -import org.xipki.security.pkcs11.P11Params; -import org.xipki.security.pkcs11.P11Slot; -import org.xipki.security.pkcs11.P11SlotId; -import org.xipki.util.Args; -import org.xipki.util.cbor.CborDecoder; -import org.xipki.util.cbor.CborEncodable; -import org.xipki.util.cbor.CborEncoder; -import org.xipki.util.exception.DecodeException; -import org.xipki.util.exception.EncodeException; - -import java.io.IOException; -import java.math.BigInteger; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Optional; -import java.util.Set; - -/** - * The CBOR message. - * - * @author Lijun Liao (xipki) - */ -public abstract class ProxyMessage implements CborEncodable { - - protected abstract void encode0(CborEncoder encoder) throws EncodeException, IOException; - - @Override - public final void encode(CborEncoder encoder) throws EncodeException { - try { - encode0(encoder); - } catch (IOException ex) { - throw new EncodeException("IO error", ex); - } - } - - private static boolean isNotNullOrElseWriteNull(CborEncoder encoder, Object obj) throws IOException { - if (obj == null) { - encoder.writeNull(); - return false; - } - return true; - } - - private static void writeBigInt(CborEncoder encoder, BigInteger value) throws IOException { - if (isNotNullOrElseWriteNull(encoder, value)) { - encoder.writeByteString(value.toByteArray()); - } - } - - private static void writeOid(CborEncoder encoder, ASN1ObjectIdentifier value) throws IOException { - if (isNotNullOrElseWriteNull(encoder, value)) { - encoder.writeTextString(value.getId()); - } - } - - private static ASN1ObjectIdentifier readOid(CborDecoder decoder) throws IOException, DecodeException { - String text = decoder.readTextString(); - if (text == null) { - return null; - } - - try { - return new ASN1ObjectIdentifier(text); - } catch (IllegalArgumentException ex) { - throw new DecodeException(text + " is not a valid ObjectIdentifier"); - } - } - - private static void writeNewKeyControl(CborEncoder encoder, P11Slot.P11NewKeyControl control) throws IOException { - if (control == null) { - encoder.writeNull(); - return; - } - - encoder.writeArrayStart(5); - encoder.writeByteString(control.getId()); - encoder.writeTextString(control.getLabel()); - encoder.writeBooleanObj(control.getSensitive()); - encoder.writeBooleanObj(control.getExtractable()); - - Set usages = control.getUsages(); - if (usages == null) { - encoder.writeNull(); - } else { - encoder.writeArrayStart(usages.size()); - for (P11Slot.P11KeyUsage usage: usages) { - encoder.writeTextString(usage.name()); - } - } - } - - private static P11Slot.P11NewKeyControl decodeNewKeyControl(CborDecoder decoder) throws DecodeException { - try { - if (decoder.readNullOrArrayLength(5)) { - return null; - } - - byte[] id = decoder.readByteString(); - String label = decoder.readTextString(); - P11Slot.P11NewKeyControl control = new P11Slot.P11NewKeyControl(id, label); - control.setSensitive(decoder.readBooleanObj()); - control.setExtractable(decoder.readBooleanObj()); - - // usages - Integer usagesLen = decoder.readNullOrArrayLength(); - if (usagesLen != null) { - Set usages = new HashSet<>(usagesLen * 5 / 4); - for (int i = 0; i < usagesLen; i++) { - String usageText = decoder.readTextString(); - P11Slot.P11KeyUsage usage; - try { - usage = P11Slot.P11KeyUsage.valueOf(usageText); - } catch (IllegalArgumentException e) { - throw new DecodeException("unknown P11KeyUsage " + usageText); - } - usages.add(usage); - } - - control.setUsages(usages); - } - - return control; - } catch (IOException ex) { - throw new DecodeException("IO error", ex); - } - } - - private static void writeKeyId(CborEncoder encoder, PKCS11KeyId keyId) throws IOException { - encoder.writeArrayStart(6); - encoder.writeInt(keyId.getHandle()); - encoder.writeInt(keyId.getObjectCLass()); - encoder.writeInt(keyId.getKeyType()); - encoder.writeByteString(keyId.getId()); - encoder.writeTextString(keyId.getLabel()); - encoder.writeIntObj(keyId.getPublicKeyHandle()); - } - - private static PKCS11KeyId decodeKeyId(CborDecoder decoder) throws DecodeException { - try { - if (decoder.readNullOrArrayLength(6)) { - return null; - } - - long handle = decoder.readLong(); - long objectCLass = decoder.readLong(); - long keyType = decoder.readLong(); - byte[] id = decoder.readByteString(); - String label = decoder.readTextString(); - Long publicKeyHandle = decoder.readLongObj(); - - PKCS11KeyId keyId = new PKCS11KeyId(handle, objectCLass, keyType, id, label); - keyId.setPublicKeyHandle(publicKeyHandle); - return keyId; - } catch (IOException ex) { - throw new DecodeException("IO error decoding PKCS11KeyId", ex); - } - } - - private static void assertArraySize(CborDecoder decoder, int arraySize, String name) throws DecodeException { - try { - if (decoder.readNullOrArrayLength(arraySize)) { - throw new DecodeException(name + " shall not be null"); - } - } catch (IOException ex) { - throw new DecodeException("IO error reading arrayLength of " + name); - } - } - - /** - * The message wrapper for boolean. - */ - public static class BooleanMessage extends ProxyMessage { - - private final boolean value; - - public BooleanMessage(boolean value) { - this.value = value; - } - - public boolean getValue() { - return value; - } - - @Override - public void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeBoolean(value); - } - - public static BooleanMessage decode(CborDecoder decoder) throws DecodeException { - try { - boolean b = Optional.ofNullable(decoder.readBooleanObj()).orElseThrow( - () -> new DecodeException("BooleanMessage shall not be null")); - return new BooleanMessage(b); - } catch (IOException ex) { - throw new DecodeException("IO error decoding BooleanMessage", ex); - } - } - - } - - /** - * The message wrapper for byte[]. - */ - public static class ByteArrayMessage extends ProxyMessage { - - private final byte[] value; - - public ByteArrayMessage(byte[] value) { - this.value = Args.notNull(value, "value"); - } - - public byte[] getValue() { - return value; - } - - @Override - protected void encode0(CborEncoder encoder) throws IOException { - encoder.writeByteString(value); - } - - public static ByteArrayMessage decode(CborDecoder decoder) throws DecodeException { - try { - byte[] b = Optional.ofNullable(decoder.readByteString()).orElseThrow( - () -> new DecodeException("ByteArrayMessage shall not be null")); - - return new ByteArrayMessage(b); - } catch (IOException ex) { - throw new DecodeException("IO error decoding ByteArrayMessage", ex); - } - } - - } - - /** - * The request to digest secret key. - */ - public static class DigestSecretKeyRequest extends ProxyMessage { - - private static final int NUM_FIELDS = 2; - - private final long mechanism; - - private final long objectHandle; - - public DigestSecretKeyRequest(long mechanism, long objectHandle) { - this.mechanism = mechanism; - this.objectHandle = objectHandle; - } - - public long getMechanism() { - return mechanism; - } - - public long getObjectHandle() { - return objectHandle; - } - - @Override - protected void encode0(CborEncoder encoder) throws IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeInt(mechanism); - encoder.writeInt(objectHandle); - } - - public static DigestSecretKeyRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "DigestSecretKeyRequest"); - try { - long mechanism = decoder.readLong(); - long objectHandle = decoder.readLong(); - return new DigestSecretKeyRequest(mechanism, objectHandle); - } catch (IOException ex) { - throw new DecodeException("IO error decoding DigestSecretKeyRequest", ex); - } - } - - } - - public enum ProxyErrorCode { - - internalError(1), - badRequest(2), - tokenException(3), - pkcs11Exception(4); - - private final int code; - - ProxyErrorCode(int code) { - this.code = code; - } - - public int getCode() { - return code; - } - - public static ProxyErrorCode ofCode(int code) { - for (ProxyErrorCode m : ProxyErrorCode.values()) { - if (m.code == code) { - return m; - } - } - return null; - } - - } - - /** - * The error response. - */ - public static class ErrorResponse extends ProxyMessage { - - public static final long CBOR_TAG_ERROR_RESPONSE = 0x80000; - - private static final int NUM_FIELDS = 2; - - private final ProxyErrorCode errorCode; - - private final String detail; - - public ErrorResponse(ProxyErrorCode errorCode, String detail) { - this.errorCode = errorCode; - this.detail = detail; - } - - public ErrorResponse(Throwable t) { - if (t instanceof PKCS11Exception) { - this.errorCode = ProxyErrorCode.pkcs11Exception; - this.detail = Long.toString(((PKCS11Exception) t).getErrorCode()); - } else if (t instanceof TokenException) { - this.errorCode = ProxyErrorCode.tokenException; - this.detail = t.getMessage(); - } else { - this.errorCode = ProxyErrorCode.tokenException; - this.detail = t.getMessage(); - } - } - - public ProxyErrorCode getErrorCode() { - return errorCode; - } - - public String getDetail() { - return detail; - } - - @Override - public void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeInt(errorCode.code); - encoder.writeTextString(detail); - } - - public static ErrorResponse decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "ErrorResponnse"); - try { - int code = decoder.readInt(); - ProxyErrorCode errorCode = Optional.ofNullable(ProxyErrorCode.ofCode(code)).orElseThrow( - () -> new DecodeException("unknown error code " + code)); - String detail = decoder.readTextString(); - return new ErrorResponse(errorCode, detail); - } catch (IOException ex) { - throw new DecodeException("IO error decoding ErrorResponse", ex); - } - } - - } - - /** - * The request to generate-then-save DSA keypair for given keysize. - */ - public static class GenerateDSAKeyPairByKeysizeRequest extends ProxyMessage { - - private static final int NUM_FIELDS = 3; - - private final int plength; - - private final int qlength; - - private final P11Slot.P11NewKeyControl newKeyControl; - - public GenerateDSAKeyPairByKeysizeRequest(int plength, int qlength, P11Slot.P11NewKeyControl newKeyControl) { - this.plength = plength; - this.qlength = qlength; - this.newKeyControl = newKeyControl; - } - - public int getPlength() { - return plength; - } - - public int getQlength() { - return qlength; - } - - public P11Slot.P11NewKeyControl getNewKeyControl() { - return newKeyControl; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeInt(plength); - encoder.writeInt(qlength); - writeNewKeyControl(encoder, newKeyControl); - } - - public static GenerateDSAKeyPairByKeysizeRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "GenerateDSAKeyPairByKeysizeRequest"); - try { - int plength = decoder.readInt(); - int qlength = decoder.readInt(); - P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); - return new GenerateDSAKeyPairByKeysizeRequest(plength, qlength, control); - } catch (IOException ex) { - throw new DecodeException("IO error decoding GenerateDSAKeyPairByKeysizeRequest", ex); - } - } - - } - - /** - * The request to generate-then-destroy DSA keypair for given (P, Q, G). - */ - public static class GenerateDSAKeyPairOtfRequest extends ProxyMessage { - - private static final int NUM_FIELDS = 3; - - protected final BigInteger p; - - protected final BigInteger q; - - protected final BigInteger g; - - public GenerateDSAKeyPairOtfRequest(BigInteger p, BigInteger q, BigInteger g) { - this.p = Args.notNull(p, "p"); - this.q = Args.notNull(q, "q"); - this.g = Args.notNull(g, "g"); - } - - public BigInteger getP() { - return p; - } - - public BigInteger getQ() { - return q; - } - - public BigInteger getG() { - return g; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeByteString(p.toByteArray()); - encoder.writeByteString(q.toByteArray()); - encoder.writeByteString(g.toByteArray()); - } - - public static GenerateDSAKeyPairOtfRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "GenerateDSAKeyPairOtfRequest"); - try { - BigInteger p = decoder.readBigInt(); - BigInteger q = decoder.readBigInt(); - BigInteger g = decoder.readBigInt(); - return new GenerateDSAKeyPairOtfRequest(p, q, g); - } catch (IOException ex) { - throw new DecodeException("IO error decoding GenerateDSAKeyPairOtfRequest", ex); - } - } - - } - - /** - * The request to generate-then-save DSA keypair for given (P, Q, G). - */ - public static class GenerateDSAKeyPairRequest extends GenerateDSAKeyPairOtfRequest { - - private static final int NUM_FIELDS = 4; - - private final P11Slot.P11NewKeyControl newKeyControl; - - public GenerateDSAKeyPairRequest(BigInteger p, BigInteger q, BigInteger g, P11Slot.P11NewKeyControl newKeyControl) { - super(p, q, g); - this.newKeyControl = newKeyControl; - } - - public P11Slot.P11NewKeyControl getNewKeyControl() { - return newKeyControl; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeByteString(p.toByteArray()); - encoder.writeByteString(q.toByteArray()); - encoder.writeByteString(g.toByteArray()); - writeNewKeyControl(encoder, newKeyControl); - } - - public static GenerateDSAKeyPairRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "GenerateDSAKeyPairRequest"); - try { - BigInteger p = decoder.readBigInt(); - BigInteger q = decoder.readBigInt(); - BigInteger g = decoder.readBigInt(); - P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); - return new GenerateDSAKeyPairRequest(p, q, g, control); - } catch (IOException ex) { - throw new DecodeException("IO error decoding GenerateDSAKeyPairRequest", ex); - } - } - - } - - /** - * The request to generate-then-destroy EC keypair. - */ - public static class GenerateECKeyPairOtfRequest extends ProxyMessage { - - private static final int NUM_FIELDS = 1; - - protected final ASN1ObjectIdentifier curveOid; - - public GenerateECKeyPairOtfRequest(ASN1ObjectIdentifier curveOid) { - this.curveOid = Args.notNull(curveOid, "curveOid"); - } - - public ASN1ObjectIdentifier getCurveOid() { - return curveOid; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - writeOid(encoder, curveOid); - } - - public static GenerateECKeyPairOtfRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "GenerateECKeyPairOtfRequest"); - try { - ASN1ObjectIdentifier curveOid = readOid(decoder); - return new GenerateECKeyPairOtfRequest(curveOid); - } catch (IOException ex) { - throw new DecodeException("IO error decoding GenerateECKeyPairOtfRequest", ex); - } - } - - } - - /** - * The request to generate-then-save EC keypair. - */ - public static class GenerateECKeyPairRequest extends GenerateECKeyPairOtfRequest { - - private static final int NUM_FIELDS = 2; - - private final P11Slot.P11NewKeyControl newKeyControl; - - public GenerateECKeyPairRequest(ASN1ObjectIdentifier curveOid, P11Slot.P11NewKeyControl newKeyControl) { - super(curveOid); - this.newKeyControl = newKeyControl; - } - - public P11Slot.P11NewKeyControl getNewKeyControl() { - return newKeyControl; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - ProxyMessage.writeOid(encoder, curveOid); - ProxyMessage.writeNewKeyControl(encoder, newKeyControl); - } - - public static GenerateECKeyPairRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "GenerateECKeyPairRequest"); - try { - ASN1ObjectIdentifier curveOid = ProxyMessage.readOid(decoder); - P11Slot.P11NewKeyControl control = ProxyMessage.decodeNewKeyControl(decoder); - return new GenerateECKeyPairRequest(curveOid, control); - } catch (IOException ex) { - throw new DecodeException("IO error decoding GenerateECKeyPairRequest", ex); - } - } - - } - - /** - * The request to generate-then-destroy RSA keypair. - */ - public static class GenerateRSAKeyPairOtfRequest extends ProxyMessage { - - private static final int NUM_FIELDS = 2; - - protected final int keySize; - - protected final BigInteger publicExponent; - - public GenerateRSAKeyPairOtfRequest(int keySize, BigInteger publicExponent) { - this.keySize = keySize; - this.publicExponent = publicExponent; - } - - public int getKeySize() { - return keySize; - } - - public BigInteger getPublicExponent() { - return publicExponent; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeInt(keySize); - encoder.writeByteString(publicExponent == null ? null : publicExponent.toByteArray()); - } - - public static GenerateRSAKeyPairOtfRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "GenerateRSAKeyPairOtfRequest"); - try { - int keysize = decoder.readInt(); - BigInteger publicExponent = decoder.readBigInt(); - return new GenerateRSAKeyPairOtfRequest(keysize, publicExponent); - } catch (IOException ex) { - throw new DecodeException("IO error decoding GenerateRSAKeyPairOtfRequest", ex); - } - } - - } - - /** - * The request to generate-then-save RSA keypair. - */ - public static class GenerateRSAKeyPairRequest extends GenerateRSAKeyPairOtfRequest { - - private static final int NUM_FIELDS = 2; - - private final P11Slot.P11NewKeyControl newKeyControl; - - public GenerateRSAKeyPairRequest(int keySize, BigInteger publicExponent, P11Slot.P11NewKeyControl newKeyControl) { - super(keySize, publicExponent); - this.newKeyControl = newKeyControl; - } - - public P11Slot.P11NewKeyControl getNewKeyControl() { - return newKeyControl; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeInt(keySize); - writeBigInt(encoder, publicExponent); - writeNewKeyControl(encoder, newKeyControl); - } - - public static GenerateRSAKeyPairRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "GenerateRSAKeyPairRequest"); - try { - int keysize = decoder.readInt(); - BigInteger publicExponent = decoder.readBigInt(); - P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); - return new GenerateRSAKeyPairRequest(keysize, publicExponent, control); - } catch (IOException ex) { - throw new DecodeException("IO error decoding GenerateRSAKeyPairRequest", ex); - } - } - - } - - /** - * The request to generate-then-destroy SM2 keypair. - */ - public static class GenerateSecretKeyRequest extends ProxyMessage { - - private static final int NUM_FIELDS = 3; - private final long keyType; - private final Integer keySize; - private final P11Slot.P11NewKeyControl newKeyControl; - - public GenerateSecretKeyRequest(long keyType, Integer keySize, P11Slot.P11NewKeyControl newKeyControl) { - this.keyType = keyType; - this.keySize = keySize; - this.newKeyControl = newKeyControl; - } - - public long getKeyType() { - return keyType; - } - - public Integer getKeySize() { - return keySize; - } - - public P11Slot.P11NewKeyControl getNewOKeyControl() { - return newKeyControl; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeInt(keyType); - encoder.writeIntObj(keySize); - writeNewKeyControl(encoder, newKeyControl); - } - - public static GenerateSecretKeyRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "GenerateSecretKeyRequest"); - try { - long keyType = decoder.readLong(); - Integer keySize = decoder.readIntObj(); - P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); - return new GenerateSecretKeyRequest(keyType, keySize, control); - } catch (IOException ex) { - throw new DecodeException("IO error decoding GenerateSecretKeyRequest", ex); - } - } - - } - - /** - * The request to generate-then-save SM2 keypair. - */ - public static class GenerateSM2KeyPairRequest extends ProxyMessage { - - private static final int NUM_FIELDS = 1; - - private final P11Slot.P11NewKeyControl newKeyControl; - - public GenerateSM2KeyPairRequest(P11Slot.P11NewKeyControl newKeyControl) { - this.newKeyControl = newKeyControl; - } - - public P11Slot.P11NewKeyControl getNewKeyControl() { - return newKeyControl; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - writeNewKeyControl(encoder, newKeyControl); - } - - public static GenerateSM2KeyPairRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "GenerateSM2KeyPairRequest"); - P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); - return new GenerateSM2KeyPairRequest(control); - } - - } - - /** - * The request to get mechanism infos. - */ - public static class GetMechanismInfosResponse extends ProxyMessage { - - private final Map mechamismInfoMap; - - public GetMechanismInfosResponse(Map mechamismInfoMap) { - this.mechamismInfoMap = mechamismInfoMap; - } - - @Override - public void encode0(CborEncoder encoder) throws IOException, EncodeException { - encoder.writeMapStart(mechamismInfoMap.size()); - for (Map.Entry entry : mechamismInfoMap.entrySet()) { - encoder.writeInt(entry.getKey()); - MechanismInfo mi = entry.getValue(); - if (entry.getValue() == null) { - encoder.writeNull(); - } else { - encoder.writeArrayStart(3); - encoder.writeInt(mi.getMinKeySize()); - encoder.writeInt(mi.getMaxKeySize()); - encoder.writeInt(mi.getFlags()); - } - } - } - - public Map getMechamismInfoMap() { - return mechamismInfoMap; - } - - public static GetMechanismInfosResponse decode(CborDecoder decoder) throws DecodeException { - try { - Integer mapLen = decoder.readNullOrMapLength(); - if (mapLen == null) { - throw new DecodeException("GetMechanismInfosResponse shall not be null"); - } - - Map map = new HashMap<>(mapLen * 5 / 4); - for (int i = 0; i < mapLen; i++) { - long code = decoder.readLong(); - boolean isNull = decoder.readNullOrArrayLength(3); - if (isNull) { - map.put(code, null); - } else { - long minSize = decoder.readLong(); - long maxSize = decoder.readLong(); - long flags = decoder.readLong(); - map.put(code, new MechanismInfo(minSize, maxSize, flags)); - } - } - - return new GetMechanismInfosResponse(map); - } catch (IOException ex) { - throw new DecodeException("IO error decoding GetMechanismInfosResponse", ex); - } - } - - } - - /** - * The message wrapper for ia and label. - */ - public static class IdLabelMessage extends ProxyMessage { - - private static final int NUM_FIELDS = 2; - - private final byte[] id; - - private final String label; - - public IdLabelMessage(byte[] id, String label) { - this.id = id; - this.label = label; - } - - public byte[] getId() { - return id; - } - - public String getLabel() { - return label; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeByteString(id); - encoder.writeTextString(label); - } - - public static IdLabelMessage decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "IdLabelMessage"); - try { - byte[] id = decoder.readByteString(); - String label = decoder.readTextString(); - return new IdLabelMessage(id, label); - } catch (IOException ex) { - throw new DecodeException("IO error decoding IdLabelMessage", ex); - } - } - - } - - /** - * The request to import secret key. - */ - public static class ImportSecretKeyRequest extends ProxyMessage { - private static final int NUM_FIELDS = 3; - private final long keyType; - private final byte[] keyValue; - private final P11Slot.P11NewKeyControl newKeyControl; - - public ImportSecretKeyRequest(long keyType, byte[] keyValue, P11Slot.P11NewKeyControl newKeyControl) { - this.keyType = keyType; - this.keyValue = Args.notNull(keyValue, "keyValue"); - this.newKeyControl = newKeyControl; - } - - public long getKeyType() { - return keyType; - } - - public byte[] getKeyValue() { - return keyValue; - } - - public P11Slot.P11NewKeyControl getNewKeyControl() { - return newKeyControl; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeInt(keyType); - encoder.writeByteString(keyValue); - writeNewKeyControl(encoder, newKeyControl); - } - - public static ImportSecretKeyRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "ImportSecretKeyRequest"); - try { - long keyType = decoder.readLong(); - byte[] keyValue = decoder.readByteString(); - P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); - return new ImportSecretKeyRequest(keyType, keyValue, control); - } catch (IOException ex) { - throw new DecodeException("IO error decoding ImportSecretKeyRequest", ex); - } - } - - } - - /** - * The message wrapper for int. - */ - public static class IntMessage extends ProxyMessage { - - private final int value; - - public IntMessage(int value) { - this.value = value; - } - - public int getValue() { - return value; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeInt(value); - } - - public static IntMessage decode(CborDecoder decoder) throws DecodeException { - try { - int b = Optional.ofNullable(decoder.readIntObj()).orElseThrow( - () -> new DecodeException("IntMessage shall not be null")); - return new IntMessage(b); - } catch (IOException ex) { - throw new DecodeException("IO error decoding IntMessage", ex); - } - } - - } - - /** - * The message wrapper for {@link PKCS11KeyId}. - */ - public static class KeyIdMessage extends ProxyMessage { - private static final int NUM_FIELDS = 6; - private final PKCS11KeyId keyId; - - public KeyIdMessage(PKCS11KeyId keyId) { - this.keyId = keyId; - } - - public PKCS11KeyId getKeyId() { - return keyId; - } - - @Override - public void encode0(CborEncoder encoder) throws IOException, EncodeException { - if (keyId == null) { - encoder.writeNull(); - return; - } - - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeInt(keyId.getHandle()); - encoder.writeInt(keyId.getKeyType()); - encoder.writeInt(keyId.getObjectCLass()); - encoder.writeByteString(keyId.getId()); - encoder.writeTextString(keyId.getLabel()); - encoder.writeIntObj(keyId.getPublicKeyHandle()); - } - - public static KeyIdMessage decode(CborDecoder decoder) throws DecodeException { - PKCS11KeyId keyId = Optional.ofNullable(decodeKeyId(decoder)).orElseThrow( - () -> new DecodeException("KeyIdMessage shall not be null")); - return new KeyIdMessage(keyId); - } - - } - - /** - * The message wrapper for long[]. - */ - public static class LongArrayMessage extends ProxyMessage { - - private final long[] value; - - public LongArrayMessage(long[] value) { - this.value = value; - } - - public long[] getValue() { - return value; - } - - @Override - public void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeLongs(value); - } - - public static LongArrayMessage decode(CborDecoder decoder) throws DecodeException { - try { - long[] value = Optional.ofNullable(decoder.readLongs()).orElseThrow( - () -> new DecodeException("LongMessage shall not be null")); - return new LongArrayMessage(value); - } catch (IOException ex) { - throw new DecodeException("IO error decoding LongArrayMessage", ex); - } - } - - } - - /** - * The message wrapper for long. - */ - public static class LongMessage extends ProxyMessage { - - private final long value; - - public LongMessage(long value) { - this.value = value; - } - - public long getValue() { - return value; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeInt(value); - } - - public static LongMessage decode(CborDecoder decoder) throws DecodeException { - try { - long b = Optional.ofNullable(decoder.readLongObj()).orElseThrow( - () -> new DecodeException("LongMessage shall not be null")); - return new LongMessage(b); - } catch (IOException ex) { - throw new DecodeException("IO error decoding LongMessage", ex); - } - } - - } - - /** - * The response of getting module capability. - */ - public static class ModuleCapsResponse extends ProxyMessage { - - private static final int NUM_FIELDS = 5; - - private final boolean readOnly; - - private final int maxMessageSize; - - private final P11ModuleConf.P11NewObjectConf newObjectConf; - - private final List secretKeyTypes; - - private final List keyPairTypes; - - public ModuleCapsResponse(boolean readOnly, int maxMessageSize, P11ModuleConf.P11NewObjectConf newObjectConf, - List secretKeyTypes, List keyPairTypes) { - this.readOnly = readOnly; - this.maxMessageSize = maxMessageSize; - this.newObjectConf = newObjectConf; - this.secretKeyTypes = secretKeyTypes; - this.keyPairTypes = keyPairTypes; - } - - public boolean isReadOnly() { - return readOnly; - } - - public int getMaxMessageSize() { - return maxMessageSize; - } - - public P11ModuleConf.P11NewObjectConf getNewObjectConf() { - return newObjectConf; - } - - public List getSecretKeyTypes() { - return secretKeyTypes; - } - - public List getKeyPairTypes() { - return keyPairTypes; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeBoolean(readOnly); - encoder.writeInt(maxMessageSize); - if (newObjectConf == null) { - encoder.writeNull(); - } else { - encoder.writeArrayStart(2); - encoder.writeBoolean(newObjectConf.isIgnoreLabel()); - encoder.writeInt(newObjectConf.getIdLength()); - } - - encoder.writeLongs(secretKeyTypes); - encoder.writeLongs(keyPairTypes); - } - - public static ModuleCapsResponse decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "ModuleCapsResponse"); - try { - boolean readOnly = decoder.readBoolean(); - int maxMessageSize = decoder.readInt(); - P11ModuleConf.P11NewObjectConf newObjectConf; - if (decoder.readNullOrArrayLength(2)) { - newObjectConf = null; - } else { - newObjectConf = new P11ModuleConf.P11NewObjectConf(); - newObjectConf.setIgnoreLabel(decoder.readBoolean()); - newObjectConf.setIdLength(decoder.readInt()); - } - - List secretKeyTypes = decoder.readLongList(); - List keyPairTypes = decoder.readLongList(); - - return new ModuleCapsResponse(readOnly, maxMessageSize, newObjectConf, secretKeyTypes, keyPairTypes); - } catch (IOException ex) { - throw new DecodeException("IO error decoding ModuleCapsResponse", ex); - } - } - - } // class ServerCaps - - /** - * The response of getting PKCS#11 key. - */ - public static class P11KeyResponse extends ProxyMessage { - - private static final int NUM_FIELDS = 9; - - private final PKCS11KeyId keyId; - - private boolean sign; - - private ASN1ObjectIdentifier ecParams; - - private Integer ecOrderBitSize; - - private BigInteger rsaModulus; - - private BigInteger rsaPublicExponent; - - private BigInteger dsaP; - - private BigInteger dsaQ; - - private BigInteger dsaG; - - public P11KeyResponse(P11Key key) { - Args.notNull(key, "key"); - this.keyId = key.getKeyId(); - this.ecParams = key.getEcParams(); - this.ecOrderBitSize = key.getEcOrderBitSize(); - this.dsaP = key.getDsaP(); - this.dsaQ = key.getDsaQ(); - this.dsaG = key.getDsaG(); - this.rsaModulus = key.getRsaModulus(); - this.rsaPublicExponent = key.getRsaPublicExponent(); - this.sign = key.isSign(); - } - - public P11KeyResponse(PKCS11KeyId keyId) { - this.keyId = Args.notNull(keyId, "keyId"); - } - - public P11Key getP11Key(HsmProxyP11Slot slot) { - HsmProxyP11Key key = new HsmProxyP11Key(slot, keyId); - key.setEcParams(ecParams); - key.setDsaParameters(dsaP, dsaQ, dsaG); - key.setRsaMParameters(rsaModulus, rsaPublicExponent); - key.sign(sign); - return key; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - writeKeyId(encoder, keyId); - encoder.writeBoolean(sign); - writeOid(encoder, ecParams); - encoder.writeIntObj(ecOrderBitSize); - writeBigInt(encoder, rsaModulus); - writeBigInt(encoder, rsaPublicExponent); - writeBigInt(encoder, dsaP); - writeBigInt(encoder, dsaQ); - writeBigInt(encoder, dsaG); - } - - public static P11KeyResponse decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "ModuleCapsResponse"); - try { - PKCS11KeyId keyId = decodeKeyId(decoder); - P11KeyResponse ret = new P11KeyResponse(keyId); - ret.sign = decoder.readBoolean(); - ret.ecParams = readOid(decoder); - ret.ecOrderBitSize = decoder.readIntObj(); - ret.rsaModulus = decoder.readBigInt(); - ret.rsaPublicExponent = decoder.readBigInt(); - ret.dsaP = decoder.readBigInt(); - ret.dsaQ = decoder.readBigInt(); - ret.dsaG = decoder.readBigInt(); - - return ret; - } catch (IOException ex) { - throw new DecodeException("IO error decoding P11KeyResponse", ex); - } - } - - } - - /** - * The request to show details of given slot, and optional given object handle. - */ - public static class ShowDetailsRequest extends ProxyMessage { - - private static final int NUM_FIELDS = 2; - - private final Long objectHandle; - - private final boolean verbose; - - public ShowDetailsRequest(Long objectHandle, boolean verbose) { - this.objectHandle = objectHandle; - this.verbose = verbose; - } - - public Long getObjectHandle() { - return objectHandle; - } - - public boolean isVerbose() { - return verbose; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeIntObj(objectHandle); - encoder.writeBoolean(verbose); - } - - public static ShowDetailsRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "ShowDetailsRequest"); - try { - Long objectHandle = decoder.readLongObj(); - boolean verbose = decoder.readBoolean(); - return new ShowDetailsRequest(objectHandle, verbose); - } catch (IOException ex) { - throw new DecodeException("IO error decoding P11KeyResponse", ex); - } - } - - } - - /** - * The request to sign message. - */ - public static class SignRequest extends ProxyMessage { - - private static final int NUM_FIELDS = 5; - - private static final int TAG_P11ByteArrayParams = 80000; - - private static final int TAG_P11RSAPkcsPssParams = 80001; - - private final long keyHandle; - - private final long mechanism; - - private final P11Params p11params; - - private final ExtraParams extraParams; - - private final byte[] content; - - public SignRequest(long keyHandle, long mechanism, P11Params p11params, ExtraParams extraParams, byte[] content) { - this.keyHandle = keyHandle; - this.mechanism = mechanism; - this.p11params = p11params; - this.extraParams = extraParams; - this.content = content; - } - - public long getKeyHandle() { - return keyHandle; - } - - public byte[] getContent() { - return content; - } - - public long getMechanism() { - return mechanism; - } - - public P11Params getP11params() { - return p11params; - } - - public ExtraParams getExtraParams() { - return extraParams; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(NUM_FIELDS); - encoder.writeInt(keyHandle); - encoder.writeInt(mechanism); - writeP11Params(encoder, p11params); - writeExtraParams(encoder, extraParams); - encoder.writeByteString(content); - } - - public static SignRequest decode(CborDecoder decoder) throws DecodeException { - assertArraySize(decoder, NUM_FIELDS, "SignRequest"); - try { - long handle = decoder.readLong(); - long mechanism = decoder.readLong(); - P11Params params = decodeP11Params(decoder); - ExtraParams extraParams = decodeExtraParams(decoder); - byte[] content = decoder.readByteString(); - return new SignRequest(handle, mechanism, params, extraParams, content); - } catch (IOException ex) { - throw new DecodeException("IO error decoding SignRequest", ex); - } - } - - private static void writeExtraParams(CborEncoder encoder, ExtraParams params) throws IOException { - if (params == null) { - encoder.writeNull(); - return; - } - encoder.writeArrayStart(1); - encoder.writeInt(params.ecOrderBitSize()); - } - - private static ExtraParams decodeExtraParams(CborDecoder decoder) throws DecodeException { - try { - if (decoder.readNullOrArrayLength(1)) { - return null; - } - - return new ExtraParams().ecOrderBitSize(decoder.readInt()); - } catch (IOException ex) { - throw new DecodeException("IO error", ex); - } - } - - protected static void writeP11Params(CborEncoder encoder, P11Params params) - throws IOException { - if (params == null) { - encoder.writeNull(); - return; - } - - if (params instanceof P11Params.P11ByteArrayParams) { - P11Params.P11ByteArrayParams tParams = (P11Params.P11ByteArrayParams) params; - encoder.writeTag(TAG_P11ByteArrayParams); - encoder.writeArrayStart(1); - encoder.writeByteString(tParams.getBytes()); - } else if (params instanceof P11Params.P11RSAPkcsPssParams) { - P11Params.P11RSAPkcsPssParams tParams = (P11Params.P11RSAPkcsPssParams) params; - encoder.writeTag(TAG_P11RSAPkcsPssParams); - encoder.writeArrayStart(3); - encoder.writeInt(tParams.getHashAlgorithm()); - encoder.writeInt(tParams.getMaskGenerationFunction()); - encoder.writeInt(tParams.getSaltLength()); - } else { - throw new IllegalStateException("unknown params " + params.getClass().getName()); - } - } - - public static P11Params decodeP11Params(CborDecoder decoder) throws DecodeException { - try { - Long tag = decoder.readTagObj(); - if (tag == null) { - return null; - } - - if (TAG_P11ByteArrayParams == tag) { - assertArraySize(decoder, 1, "P11ByteArrayParams"); - return new P11Params.P11ByteArrayParams(decoder.readByteString()); - } else if (TAG_P11RSAPkcsPssParams == tag) { - assertArraySize(decoder, 3, "P11RSAPkcsPssParams"); - long hashAlgorithm = decoder.readLong(); - long maskGenerationFunction = decoder.readLong(); - int saltLength = decoder.readInt(); - return new P11Params.P11RSAPkcsPssParams(hashAlgorithm, maskGenerationFunction, saltLength); - } else { - throw new DecodeException("unknown tag " + tag); - } - } catch (IOException ex) { - throw new DecodeException("IO error", ex); - } - } - - } - - /** - * The response of getting slot identifiers. - */ - public static class SlotIdsResponse extends ProxyMessage { - - private final List slotIds; - - public SlotIdsResponse(List slotIds) { - this.slotIds = Args.notNull(slotIds, "slotIds"); - } - - public List getSlotIds() { - return slotIds; - } - - @Override - protected void encode0(CborEncoder encoder) throws EncodeException, IOException { - encoder.writeArrayStart(slotIds.size()); - for (P11SlotId slotId : slotIds) { - encoder.writeArrayStart(2); - encoder.writeInt(slotId.getIndex()); - encoder.writeInt(slotId.getId()); - } - } - - public static SlotIdsResponse decode(CborDecoder decoder) throws DecodeException { - try { - int arrayLen = Optional.ofNullable(decoder.readNullOrArrayLength()).orElseThrow( - () -> new DecodeException("SlotIdsResponse shall not be null")); - - List list = new ArrayList<>(arrayLen); - for (int i = 0; i < arrayLen; i++) { - assertArraySize(decoder, 2, "P11SlotId"); - int index = decoder.readInt(); - long id = decoder.readLong(); - list.add(new P11SlotId(index, id)); - } - - return new SlotIdsResponse(list); - } catch (IOException ex) { - throw new DecodeException("IO error decoding SlotIdsResponse", ex); - } - } - } -} diff --git a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java index ce68688..849d604 100644 --- a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java @@ -252,7 +252,7 @@ public P11SignSpeed(SecurityFactory securityFactory, P11Slot slot, String signat this.deleteKeyAfterTest = deleteKeyAfterTest; P11SlotId slotId = slot.getSlotId(); - SignerConf signerConf = getPkcs11SignerConf(slot.getModuleName(), + SignerConf signerConf = getPkcs11SignerConf( slotId.getId(), keyId.getId(), Args.notBlank(signatureAlgorithm, "signatureAlgorithm"), threads + Math.max(2, threads * 5 / 4)); @@ -297,14 +297,10 @@ protected Runnable getTester() throws Exception { } private static SignerConf getPkcs11SignerConf( - String pkcs11ModuleName, Long slotId, byte[] keyId, String signatureAlgorithm, int parallelism) { + Long slotId, byte[] keyId, String signatureAlgorithm, int parallelism) { ConfPairs conf = new ConfPairs("algo", signatureAlgorithm) .putPair("parallelism", Integer.toString(parallelism)); - if (pkcs11ModuleName != null && !pkcs11ModuleName.isEmpty()) { - conf.putPair("module", pkcs11ModuleName); - } - if (slotId != null) { conf.putPair("slot-id", slotId.toString()); } diff --git a/security/src/main/resources/OSGI-INF/blueprint/config.xml b/security/src/main/resources/OSGI-INF/blueprint/config.xml index 063bfba..d5bd74c 100644 --- a/security/src/main/resources/OSGI-INF/blueprint/config.xml +++ b/security/src/main/resources/OSGI-INF/blueprint/config.xml @@ -92,12 +92,4 @@ - - - - - - diff --git a/util/src/main/java/org/xipki/util/Args.java b/util/src/main/java/org/xipki/util/Args.java index 72fb98c..18bb2a0 100644 --- a/util/src/main/java/org/xipki/util/Args.java +++ b/util/src/main/java/org/xipki/util/Args.java @@ -3,6 +3,7 @@ package org.xipki.util; +import java.util.Arrays; import java.util.Collection; import java.util.Dictionary; import java.util.List; From 05822d4c89be2f0f6c9c6eaea40f582c57e946ff Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Thu, 7 Nov 2024 17:44:24 +0100 Subject: [PATCH 32/36] Revert "removed instable hsm-proxy module and multiple pkcs11 devices support" This reverts commit cc69e0372beabf1dbf79ba94f5e6e0bf2ae3f2a4. --- .../org/xipki/security/shell/P11Actions.java | 40 +- .../security/shell/QaSecurityActions.java | 18 +- .../security/shell/SecurityCompleters.java | 22 + .../java/org/xipki/security/Securities.java | 2 + .../security/pkcs11/NativeP11Module.java | 28 +- .../xipki/security/pkcs11/NativeP11Slot.java | 7 +- .../pkcs11/P11CryptServiceFactory.java | 9 +- .../pkcs11/P11CryptServiceFactoryImpl.java | 70 +- .../org/xipki/security/pkcs11/P11Module.java | 4 + .../xipki/security/pkcs11/P11ModuleConf.java | 255 ++- .../security/pkcs11/P11SignerFactory.java | 3 +- .../org/xipki/security/pkcs11/P11Slot.java | 30 +- .../org/xipki/security/pkcs11/Pkcs11conf.java | 440 +++-- .../pkcs11/emulator/EmulatorP11Module.java | 14 +- .../pkcs11/emulator/EmulatorP11Slot.java | 9 +- .../pkcs11/hsmproxy/HsmProxyP11Key.java | 78 + .../pkcs11/hsmproxy/HsmProxyP11Module.java | 428 +++++ .../hsmproxy/HsmProxyP11ModuleFactory.java | 34 + .../pkcs11/hsmproxy/HsmProxyP11Slot.java | 375 +++++ .../security/pkcs11/hsmproxy/ProxyAction.java | 82 + .../pkcs11/hsmproxy/ProxyMessage.java | 1465 +++++++++++++++++ .../org/xipki/security/qa/P11SignSpeed.java | 8 +- .../resources/OSGI-INF/blueprint/config.xml | 8 + util/src/main/java/org/xipki/util/Args.java | 1 - 24 files changed, 3212 insertions(+), 218 deletions(-) create mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java create mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java create mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java create mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java create mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java create mode 100644 security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java diff --git a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java index f049a67..b078fb4 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/P11Actions.java @@ -79,6 +79,10 @@ public static class CsrP11 extends CsrGenAction { + "either keyId or keyLabel must be specified") private String label; + @Option(name = "--module", description = "name of the PKCS#11 module") + @Completion(SecurityCompleters.P11ModuleNameCompleter.class) + private String moduleName = "default"; + @Override protected ConcurrentContentSigner getSigner() throws Exception { SignatureAlgoControl signatureAlgoControl = getSignatureAlgoControl(); @@ -88,13 +92,13 @@ protected ConcurrentContentSigner getSigner() throws Exception { idBytes = Hex.decode(id); } - SignerConf conf = getPkcs11SignerConf(Integer.parseInt(slotIndex), label, + SignerConf conf = getPkcs11SignerConf(moduleName, Integer.parseInt(slotIndex), label, idBytes, 1, null, signatureAlgoControl); return securityFactory.createSigner("PKCS11", conf, (X509Cert[]) null); } public static SignerConf getPkcs11SignerConf( - int slotIndex, String keyLabel, byte[] keyId, int parallelism, + String pkcs11ModuleName, int slotIndex, String keyLabel, byte[] keyId, int parallelism, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) { Args.positive(parallelism, "parallelism"); @@ -105,6 +109,10 @@ public static SignerConf getPkcs11SignerConf( ConfPairs conf = new ConfPairs(); conf.putPair("parallelism", Integer.toString(parallelism)); + if (pkcs11ModuleName != null && !pkcs11ModuleName.isEmpty()) { + conf.putPair("module", pkcs11ModuleName); + } + conf.putPair("slot", Integer.toString(slotIndex)); if (keyId != null) { @@ -556,21 +564,30 @@ protected char[] getPassword() throws IOException, PasswordResolverException { public abstract static class P11SecurityAction extends SecurityAction { + protected static final String DEFAULT_P11MODULE_NAME = P11CryptServiceFactory.DEFAULT_P11MODULE_NAME; + @Option(name = "--slot", description = "slot index") protected String slotIndex = "0"; // use String instead int so that the default value 0 will be shown in the help. + @Option(name = "--module", description = "name of the PKCS#11 module") + @Completion(SecurityCompleters.P11ModuleNameCompleter.class) + protected String moduleName = DEFAULT_P11MODULE_NAME; + @Reference (optional = true) protected P11CryptServiceFactory p11CryptServiceFactory; protected P11Slot getSlot() throws XiSecurityException, TokenException, IllegalCmdParamException { - P11Module module = getP11Module(); + P11Module module = getP11Module(moduleName); P11SlotId slotId = module.getSlotIdForIndex(Integer.parseInt(slotIndex)); return module.getSlot(slotId); } - protected P11Module getP11Module() - throws XiSecurityException, TokenException { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); + protected P11Module getP11Module(String moduleName) + throws XiSecurityException, TokenException, IllegalCmdParamException { + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); + if (p11Service == null) { + throw new IllegalCmdParamException("undefined module " + moduleName); + } return p11Service.getModule(); } @@ -603,6 +620,10 @@ public static class TokenInfoP11 extends SecurityAction { @Option(name = "--verbose", aliases = "-v", description = "show object information verbosely") private Boolean verbose = Boolean.FALSE; + @Option(name = "--module", description = "name of the PKCS#11 module.") + @Completion(SecurityCompleters.P11ModuleNameCompleter.class) + private String moduleName = P11SecurityAction.DEFAULT_P11MODULE_NAME; + @Option(name = "--slot", description = "slot index") private Integer slotIndex; @@ -614,8 +635,13 @@ public static class TokenInfoP11 extends SecurityAction { @Override protected Object execute0() throws Exception { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); + if (p11Service == null) { + throw new IllegalCmdParamException("undefined module " + moduleName); + } + P11Module module = p11Service.getModule(); + println("module: " + moduleName); println(module.getDescription()); List slots = module.getSlotIds(); diff --git a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java index 7b10af8..b502e30 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java +++ b/security-shell/src/main/java/org/xipki/security/shell/QaSecurityActions.java @@ -183,8 +183,15 @@ public abstract static class BSpeedP11ActionQa extends BatchSpeedActionQa { @Option(name = "--slot", description = "slot index") protected int slotIndex = 0; + @Option(name = "--module", description = "name of the PKCS#11 module.") + @Completion(SecurityCompleters.P11ModuleNameCompleter.class) + protected String moduleName = P11CryptServiceFactory.DEFAULT_P11MODULE_NAME; + protected P11Slot getSlot() throws XiSecurityException, TokenException, IllegalCmdParamException { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); + if (p11Service == null) { + throw new IllegalCmdParamException("undefined module " + moduleName); + } P11Module module = p11Service.getModule(); return module.getSlot(module.getSlotIdForIndex(slotIndex)); } @@ -351,9 +358,16 @@ public abstract static class SpeedP11ActionQa extends SingleSpeedActionQa { @Option(name = "--slot", description = "slot index") protected int slotIndex = 0; + @Option(name = "--module", description = "Name of the PKCS#11 module.") + @Completion(SecurityCompleters.P11ModuleNameCompleter.class) + protected String moduleName = P11CryptServiceFactory.DEFAULT_P11MODULE_NAME; + protected P11Slot getSlot() throws XiSecurityException, TokenException, IllegalCmdParamException { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); + if (p11Service == null) { + throw new IllegalCmdParamException("undefined module " + moduleName); + } P11Module module = p11Service.getModule(); return module.getSlot(module.getSlotIdForIndex(slotIndex)); } diff --git a/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java b/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java index bae05ae..ac3e5d6 100644 --- a/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java +++ b/security-shell/src/main/java/org/xipki/security/shell/SecurityCompleters.java @@ -3,11 +3,16 @@ package org.xipki.security.shell; +import org.apache.karaf.shell.api.action.lifecycle.Reference; import org.apache.karaf.shell.api.action.lifecycle.Service; import org.xipki.security.SignAlgo; +import org.xipki.security.pkcs11.P11CryptServiceFactory; import org.xipki.security.pkcs11.P11Slot.P11KeyUsage; +import org.xipki.shell.DynamicEnumCompleter; import org.xipki.shell.EnumCompleter; +import org.xipki.util.CollectionUtil; +import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -57,6 +62,23 @@ public static Set parseUsages(List usageTexts) { } // class P11KeyUsageCompleter + @Service + public static class P11ModuleNameCompleter extends DynamicEnumCompleter { + + @Reference (optional = true) + private P11CryptServiceFactory p11CryptServiceFactory; + + @Override + protected Set getEnums() { + Set names = p11CryptServiceFactory.getModuleNames(); + if (CollectionUtil.isEmpty(names)) { + return Collections.emptySet(); + } + return names; + } + + } // class P11ModuleNameCompleter + @Service public static class SecretKeyTypeCompleter extends EnumCompleter { diff --git a/security/src/main/java/org/xipki/security/Securities.java b/security/src/main/java/org/xipki/security/Securities.java index 048ceb8..648fccf 100644 --- a/security/src/main/java/org/xipki/security/Securities.java +++ b/security/src/main/java/org/xipki/security/Securities.java @@ -15,6 +15,7 @@ import org.xipki.security.pkcs11.P11SignerFactory; import org.xipki.security.pkcs11.Pkcs11conf; import org.xipki.security.pkcs11.emulator.EmulatorP11ModuleFactory; +import org.xipki.security.pkcs11.hsmproxy.HsmProxyP11ModuleFactory; import org.xipki.security.pkcs12.P12SignerFactory; import org.xipki.util.CollectionUtil; import org.xipki.util.FileOrValue; @@ -141,6 +142,7 @@ private static List createDefaultFactories() { List factories = new ArrayList<>(3); factories.add(new NativeP11ModuleFactory()); factories.add(new EmulatorP11ModuleFactory()); + factories.add(new HsmProxyP11ModuleFactory()); return factories; } diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java index 8673623..9c29488 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Module.java @@ -22,8 +22,6 @@ import org.xipki.util.StringUtil; import java.io.IOException; -import java.util.Arrays; -import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Optional; @@ -73,7 +71,7 @@ private NativeP11Module(PKCS11Module module, P11ModuleConf moduleConf) throws To try { slotList = module.getSlotList(false); } catch (Throwable th) { - final String msg = "could not getSlotList of module"; + final String msg = "could not getSlotList of module " + moduleConf.getName(); LogUtil.error(LOG, th, msg); throw new TokenException(msg); } @@ -131,7 +129,7 @@ private NativeP11Module(PKCS11Module module, P11ModuleConf moduleConf) throws To } } - char[] pwd; + List pwd; try { pwd = moduleConf.getPasswordRetriever().getPassword(slotId); } catch (PasswordResolverException ex) { @@ -142,15 +140,15 @@ private NativeP11Module(PKCS11Module module, P11ModuleConf moduleConf) throws To slot.getModule().nameToCode(PKCS11Constants.Category.CKU, getConf().getUserType())).orElseThrow( () -> new TokenException("Unknown user type " + getConf().getUserType())); - PKCS11Token token = new PKCS11Token(slot.getToken(), moduleConf.isReadOnly(), userType, null, - pwd == null ? null : Collections.singletonList(pwd), moduleConf.getNumSessions()); + PKCS11Token token = new PKCS11Token(slot.getToken(), moduleConf.isReadOnly(), userType, + moduleConf.getUserName(), pwd, moduleConf.getNumSessions()); token.setMaxMessageSize(moduleConf.getMaxMessageSize()); if (moduleConf.getNewSessionTimeout() != null) { token.setTimeOutWaitNewSession(moduleConf.getNewSessionTimeout()); } - P11Slot p11Slot = new NativeP11Slot(slotId, token, moduleConf.getP11NewObjectConf(), - moduleConf.getSecretKeyTypes(), moduleConf.getKeyPairTypes()); + P11Slot p11Slot = new NativeP11Slot(moduleConf.getName(), slotId, token , moduleConf.getP11MechanismFilter(), + moduleConf.getP11NewObjectConf(), moduleConf.getSecretKeyTypes(), moduleConf.getKeyPairTypes()); slots.add(p11Slot); } @@ -179,7 +177,7 @@ public static P11Module getInstance(P11ModuleConf moduleConf) throws TokenExcept try { module = PKCS11Module.getInstance(path); } catch (IOException ex) { - final String msg = "could not load the PKCS#11 module: " + path; + final String msg = "could not load the PKCS#11 module " + moduleConf.getName() + ": " + path; LogUtil.error(LOG, ex, msg); throw new TokenException(msg, ex); } @@ -189,7 +187,7 @@ public static P11Module getInstance(P11ModuleConf moduleConf) throws TokenExcept } catch (PKCS11Exception ex) { if (ex.getErrorCode() != PKCS11Constants.CKR_CRYPTOKI_ALREADY_INITIALIZED) { LogUtil.error(LOG, ex); - closeModule(moduleConf.getNativeLibrary(), module); + close(moduleConf.getName(), module); throw ex; } else { LOG.info("PKCS#11 module already initialized"); @@ -201,7 +199,7 @@ public static P11Module getInstance(P11ModuleConf moduleConf) throws TokenExcept } } catch (Throwable th) { LOG.error("unexpected Exception", th); - closeModule(moduleConf.getNativeLibrary(), module); + close(moduleConf.getName(), module); throw new TokenException(th.getMessage()); } @@ -223,19 +221,19 @@ public void close() { } } - closeModule(conf.getNativeLibrary(), module); + close(conf.getNativeLibrary(), module); } - private static void closeModule(String path, PKCS11Module module) { + private static void close(String modulePath, PKCS11Module module) { if (module == null) { return; } - LOG.info("close PKCS#11 module {}", path); + LOG.info("close PKCS#11 module: {}", modulePath); try { module.finalize(null); } catch (Throwable th) { - LogUtil.error(LOG, th, "could not close module " + path); + LogUtil.error(LOG, th, "could not close module " + modulePath); } } } diff --git a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java index 86762e8..5282a37 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/NativeP11Slot.java @@ -37,6 +37,7 @@ import org.xipki.pkcs11.wrapper.TokenInfo; import org.xipki.pkcs11.wrapper.params.ExtraParams; import org.xipki.security.EdECConstants; +import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; import org.xipki.security.pkcs11.P11ModuleConf.P11NewObjectConf; import org.xipki.security.util.KeyUtil; import org.xipki.util.Args; @@ -155,10 +156,10 @@ class NativeP11Slot extends P11Slot { private String libDesc; - NativeP11Slot(P11SlotId slotId, PKCS11Token token, + NativeP11Slot(String moduleName, P11SlotId slotId, PKCS11Token token, P11MechanismFilter mechanismFilter, P11NewObjectConf newObjectConf, List secretKeyTypes, List keyPairTypes) throws TokenException { - super(slotId, token.isReadOnly(), secretKeyTypes, keyPairTypes, newObjectConf); + super(moduleName, slotId, token.isReadOnly(), secretKeyTypes, keyPairTypes, newObjectConf); if (slotId.getId() != token.getTokenId()) { throw new IllegalArgumentException("slotId != token.getTokenId"); } @@ -171,7 +172,7 @@ class NativeP11Slot extends P11Slot { libDesc = ""; } - initMechanisms(getSupportedMechanisms()); + initMechanisms(getSupportedMechanisms(), mechanismFilter); rsaKeyPairGenMech = supportsMechanism(CKM_RSA_X9_31_KEY_PAIR_GEN, CKF_GENERATE_KEY_PAIR) ? CKM_RSA_X9_31_KEY_PAIR_GEN : CKM_RSA_PKCS_KEY_PAIR_GEN; diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java index c1d896a..23b51e8 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactory.java @@ -7,6 +7,7 @@ import org.xipki.security.XiSecurityException; import java.io.Closeable; +import java.util.Set; /** * Factory to create {@link P11CryptService}. @@ -17,14 +18,20 @@ public interface P11CryptServiceFactory extends Closeable { + String DEFAULT_P11MODULE_NAME = "default"; + /** * Gets the {@link P11CryptService} of the given module {@code moduleName}. + * @param moduleName + * Module name. {@code null} for default module name. * @return the {@link P11CryptService} of the given module. * @throws TokenException * if PKCS#11 token error occurs. * @throws XiSecurityException * if security error occurs. */ - P11CryptService getP11CryptService() throws TokenException, XiSecurityException; + P11CryptService getP11CryptService(String moduleName) throws TokenException, XiSecurityException; + + Set getModuleNames(); } diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java index 65ce210..4619a2d 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11CryptServiceFactoryImpl.java @@ -32,9 +32,11 @@ public class P11CryptServiceFactoryImpl implements P11CryptServiceFactory { private static final Logger LOG = LoggerFactory.getLogger(P11CryptServiceFactoryImpl.class); - private P11CryptService service; + private static final Map services = new HashMap<>(); - private P11ModuleConf moduleConf; + private Map moduleConfs; + + private Set moduleNames; private String pkcs11ConfFile; @@ -47,7 +49,7 @@ public P11CryptServiceFactoryImpl(P11ModuleFactoryRegister p11ModuleFactoryRegis } public synchronized void init() throws InvalidConfException { - if (moduleConf != null) { + if (moduleConfs != null) { return; } @@ -65,31 +67,62 @@ public synchronized void init() throws InvalidConfException { } } - this.moduleConf = new P11ModuleConf(pkcs11Conf); + try { + Map confs = geModuleConfs(); + this.moduleConfs = Collections.unmodifiableMap(confs); + this.moduleNames = Set.copyOf(confs.keySet()); + } catch (RuntimeException ex) { + throw new InvalidConfException("could not create P11Conf: " + ex.getMessage(), ex); + } } // method init - @Override - public synchronized P11CryptService getP11CryptService() - throws TokenException { + private Map geModuleConfs() throws InvalidConfException { + List moduleTypes = pkcs11Conf.getModules(); + List mechanismSets = pkcs11Conf.getMechanismSets(); + + Map confs = new HashMap<>(); + for (Pkcs11conf.Module moduleType : moduleTypes) { + P11ModuleConf conf = new P11ModuleConf(moduleType, mechanismSets); + confs.put(conf.getName(), conf); + } + + if (!confs.containsKey(P11CryptServiceFactory.DEFAULT_P11MODULE_NAME)) { + throw new InvalidConfException("module '" + P11CryptServiceFactory.DEFAULT_P11MODULE_NAME + "' is not defined"); + } + return confs; + } + + public synchronized P11CryptService getP11CryptService(String moduleName) + throws XiSecurityException, TokenException { try { init(); } catch (InvalidConfException ex) { throw new IllegalStateException("could not initialize P11CryptServiceFactory: " + ex.getMessage(), ex); } - if (moduleConf == null) { + if (moduleConfs == null) { throw new IllegalStateException("please set pkcs11ConfFile and then call init() first"); } - if (service == null) { - P11Module p11Module = p11ModuleFactoryRegister.getP11Module(moduleConf); - service = new P11CryptService(p11Module); - LOG.info("initialized PKCS#11 module \n{}", service.getModule().getDescription()); + final String name = getModuleName(moduleName); + P11ModuleConf conf = Optional.ofNullable(moduleConfs.get(name)).orElseThrow(() -> + new XiSecurityException("PKCS#11 module " + name + " is not defined")); + + P11CryptService instance = services.get(name); + if (instance == null) { + P11Module p11Module = p11ModuleFactoryRegister.getP11Module(conf); + instance = new P11CryptService(p11Module); + LOG.info("added PKCS#11 module {}\n{}", name, instance.getModule().getDescription()); + services.put(name, instance); } - return service; + return instance; } // method getP11CryptService + private String getModuleName(String moduleName) { + return (moduleName == null) ? DEFAULT_P11MODULE_NAME : moduleName; + } + public void setPkcs11ConfFile(String confFile) { this.pkcs11ConfFile = StringUtil.isBlank(confFile) ? null : IoUtil.expandFilepath(confFile); this.pkcs11Conf = null; @@ -105,6 +138,17 @@ public void setPkcs11Conf(Pkcs11conf conf) throws InvalidConfException { @Override public void close() { + services.clear(); + } + + @Override + public Set getModuleNames() { + try { + init(); + } catch (InvalidConfException ex) { + throw new IllegalStateException("could not initialize P11CryptServiceFactory: " + ex.getMessage(), ex); + } + return moduleNames; } } diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Module.java b/security/src/main/java/org/xipki/security/pkcs11/P11Module.java index 68926da..45d15df 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Module.java @@ -36,6 +36,10 @@ public P11Module(P11ModuleConf conf) { public abstract String getDescription(); + public String getName() { + return conf.getName(); + } + public boolean isReadOnly() { return conf.isReadOnly(); } diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java index 5d202f6..5c67b64 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11ModuleConf.java @@ -8,13 +8,16 @@ import org.xipki.password.PasswordResolverException; import org.xipki.password.Passwords; import org.xipki.pkcs11.wrapper.PKCS11Constants; +import org.xipki.pkcs11.wrapper.PKCS11Module; import org.xipki.util.Args; import org.xipki.util.CollectionUtil; import org.xipki.util.StringUtil; import org.xipki.util.exception.InvalidConfException; import java.util.ArrayList; +import java.util.Collection; import java.util.Collections; +import java.util.HashMap; import java.util.HashSet; import java.util.LinkedList; import java.util.List; @@ -59,17 +62,135 @@ boolean match(P11SlotId slotId) { } // class P11SlotIdFilter + private static final class MechanismSet { + private Set includeMechanisms; + private Set excludeMechanisms; + } + + private static final class P11SingleMechanismFilter { + + private static final Object NULL_MODULE = new Object(); + + private final Set slots; + + private final Collection includeMechanisms; + + private final Collection excludeMechanisms; + + private Object module; + + private final Set includeMechanismCodes = new HashSet<>(); + + private final Set excludeMechanismCodes = new HashSet<>(); + + private P11SingleMechanismFilter(Set slots, Collection includeMechanisms, + Collection excludeMechanisms) { + this.slots = slots; + this.includeMechanisms = CollectionUtil.isEmpty(includeMechanisms) ? null : includeMechanisms; + this.excludeMechanisms = CollectionUtil.isEmpty(excludeMechanisms) ? null : excludeMechanisms; + } + + public boolean match(P11SlotId slot) { + if (slots == null) { + return true; + } + for (P11SlotIdFilter m : slots) { + if (m.match(slot)) { + return true; + } + } + + return false; + } + + public boolean isMechanismSupported(long mechanism, PKCS11Module module) { + if (includeMechanisms == null && excludeMechanisms == null) { + return true; + } + + synchronized (this) { + boolean computeCodes = (module != null) ? (this.module != module) : (this.module != NULL_MODULE); + if (computeCodes) { + includeMechanismCodes.clear(); + excludeMechanismCodes.clear(); + + if (includeMechanisms != null) { + for (String mechName : includeMechanisms) { + Long mechCode = (module != null) ? module.nameToCode(PKCS11Constants.Category.CKM, mechName) + : PKCS11Constants.nameToCode(PKCS11Constants.Category.CKM, mechName); + if (mechCode != null) { + includeMechanismCodes.add(mechCode); + } + } + } + + if (excludeMechanisms != null) { + for (String mechName : excludeMechanisms) { + Long mechCode = (module != null) ? module.nameToCode(PKCS11Constants.Category.CKM, mechName) + : PKCS11Constants.nameToCode(PKCS11Constants.Category.CKM, mechName); + if (mechCode != null) { + excludeMechanismCodes.add(mechCode); + } + } + } + + this.module = (module != null) ? module : NULL_MODULE; + } + } + + if (excludeMechanismCodes.contains(mechanism)) { + return false; + } + + return includeMechanisms == null || includeMechanismCodes.contains(mechanism); + } + + } // class P11SingleMechanismFilter + + public static class P11MechanismFilter { + + private final List singleFilters; + + P11MechanismFilter() { + singleFilters = new LinkedList<>(); + } + + void addEntry(Set slots, Collection includeMechanisms, + Collection excludeMechanisms) { + singleFilters.add( + new P11SingleMechanismFilter(slots, + includeMechanisms, + excludeMechanisms)); + } + + public boolean isMechanismPermitted(P11SlotId slotId, long mechanism, PKCS11Module module) { + Args.notNull(slotId, "slotId"); + if (CollectionUtil.isEmpty(singleFilters)) { + return true; + } + + for (P11SingleMechanismFilter sr : singleFilters) { + if (sr.match(slotId)) { + return sr.isMechanismSupported(mechanism, module); + } + } + + return true; + } + + } // class P11MechanismFilter + public static class P11PasswordsRetriever { private static final class P11SinglePasswordRetriever { private final Set slots; - private final String password; + private final List passwords; - private P11SinglePasswordRetriever(Set slots, String password) { + private P11SinglePasswordRetriever(Set slots, List passwords) { this.slots = slots; - this.password = password; + this.passwords = CollectionUtil.isEmpty(passwords) ? null : passwords; } public boolean match(P11SlotId slot) { @@ -85,12 +206,17 @@ public boolean match(P11SlotId slot) { return false; } - public char[] getPassword() throws PasswordResolverException { - if (password == null) { + public List getPasswords() throws PasswordResolverException { + if (passwords == null) { return null; } - return Passwords.resolvePassword(password); + List ret = new ArrayList<>(passwords.size()); + for (String password : passwords) { + ret.add(Passwords.resolvePassword(password)); + } + + return ret; } } // class P11PasswordsRetriever @@ -101,11 +227,11 @@ public char[] getPassword() throws PasswordResolverException { singleRetrievers = new LinkedList<>(); } - void addPasswordEntry(Set slots, String password) { - singleRetrievers.add(new P11SinglePasswordRetriever(slots, password)); + void addPasswordEntry(Set slots, List passwords) { + singleRetrievers.add(new P11SinglePasswordRetriever(slots, passwords)); } - public char[] getPassword(P11SlotId slotId) throws PasswordResolverException { + public List getPassword(P11SlotId slotId) throws PasswordResolverException { Args.notNull(slotId, "slotId"); if (CollectionUtil.isEmpty(singleRetrievers)) { return null; @@ -113,7 +239,7 @@ public char[] getPassword(P11SlotId slotId) throws PasswordResolverException { for (P11SinglePasswordRetriever sr : singleRetrievers) { if (sr.match(slotId)) { - return sr.getPassword(); + return sr.getPasswords(); } } @@ -159,6 +285,8 @@ public void setIdLength(int idLength) { private static final Logger LOG = LoggerFactory.getLogger(P11ModuleConf.class); + private final String name; + private final String type; private final String nativeLibrary; @@ -171,10 +299,14 @@ public void setIdLength(int idLength) { private final P11PasswordsRetriever passwordRetriever; + private final P11MechanismFilter mechanismFilter; + private final Integer newSessionTimeout; private final String userType; + private final char[] userName; + private boolean readOnly; private int maxMessageSize; @@ -187,22 +319,25 @@ public void setIdLength(int idLength) { private List keyPairTypes; - public P11ModuleConf(Pkcs11conf conf) + public P11ModuleConf( + Pkcs11conf.Module moduleType, List mechanismSets) throws InvalidConfException { - this.readOnly = conf.isReadonly(); + this.name = Args.notNull(moduleType, "moduleType").getName(); + this.readOnly = moduleType.isReadonly(); - this.userType = conf.getUser().toUpperCase(); + this.userType = moduleType.getUser().toUpperCase(); + this.userName = (moduleType.getUserName() == null) ? null : moduleType.getUserName().toCharArray(); - this.maxMessageSize = conf.getMaxMessageSize(); - this.type = conf.getType(); + this.maxMessageSize = moduleType.getMaxMessageSize(); + this.type = moduleType.getType(); if (maxMessageSize < 256) { throw new InvalidConfException("invalid maxMessageSize (< 256): " + maxMessageSize); } - this.numSessions = conf.getNumSessions(); - this.newSessionTimeout = conf.getNewSessionTimeout(); + this.numSessions = moduleType.getNumSessions(); + this.newSessionTimeout = moduleType.getNewSessionTimeout(); - List list = conf.getSecretKeyTypes(); + List list = moduleType.getSecretKeyTypes(); if (list == null) { this.secretKeyTypes = null; } else { @@ -216,7 +351,7 @@ public P11ModuleConf(Pkcs11conf conf) this.secretKeyTypes = Collections.unmodifiableList(ll); } - list = conf.getKeyPairTypes(); + list = moduleType.getKeyPairTypes(); if (list == null) { this.keyPairTypes = null; } else { @@ -230,34 +365,83 @@ public P11ModuleConf(Pkcs11conf conf) this.keyPairTypes = Collections.unmodifiableList(ll); } + Map mechanismSetsMap = new HashMap<>(); + // parse mechanismSets + if (mechanismSets != null) { + for (Pkcs11conf.MechanismSet m : mechanismSets) { + String name = m.getName(); + if (mechanismSetsMap.containsKey(name)) { + throw new InvalidConfException("Duplication mechanismSets named " + name); + } + + MechanismSet mechanismSet = new MechanismSet(); + mechanismSet.includeMechanisms = new HashSet<>(); + mechanismSet.excludeMechanisms = new HashSet<>(); + + for (String mechStr : m.getMechanisms()) { + mechStr = mechStr.trim().toUpperCase(); + if (mechStr.equals("ALL")) { + mechanismSet.includeMechanisms = null; // accept all mechanisms + break; + } + + mechanismSet.includeMechanisms.add(mechStr); + } + + for (String mechStr : m.getExcludeMechanisms()) { + mechanismSet.excludeMechanisms.add(mechStr.trim().toUpperCase()); + } + + mechanismSetsMap.put(name, mechanismSet); + } + } + + // Mechanism filter + mechanismFilter = new P11MechanismFilter(); + + List mechFilters = moduleType.getMechanismFilters(); + if (CollectionUtil.isNotEmpty(mechFilters)) { + for (Pkcs11conf.MechanismFilter filterType : mechFilters) { + Set slots = getSlotIdFilters(filterType.getSlots()); + String mechanismSetName = filterType.getMechanismSet(); + + MechanismSet mechanismSet = mechanismSetsMap.get(mechanismSetName); + if (mechanismSet == null) { + throw new InvalidConfException("MechanismSet '" + mechanismSetName + "' is not defined"); + } else { + mechanismFilter.addEntry(slots, mechanismSet.includeMechanisms, mechanismSet.excludeMechanisms); + } + } + } + // Password retriever passwordRetriever = new P11PasswordsRetriever(); - List passwordsList = conf.getPasswordSets(); + List passwordsList = moduleType.getPasswordSets(); if (CollectionUtil.isNotEmpty(passwordsList)) { for (Pkcs11conf.PasswordSet passwordType : passwordsList) { Set slots = getSlotIdFilters(passwordType.getSlots()); - passwordRetriever.addPasswordEntry(slots, passwordType.getPassword()); + passwordRetriever.addPasswordEntry(slots, new ArrayList<>(passwordType.getPasswords())); } } - includeSlots = getSlotIdFilters(conf.getIncludeSlots()); - excludeSlots = getSlotIdFilters(conf.getExcludeSlots()); + includeSlots = getSlotIdFilters(moduleType.getIncludeSlots()); + excludeSlots = getSlotIdFilters(moduleType.getExcludeSlots()); final String osName = System.getProperty("os.name").toLowerCase(); - Pkcs11conf.NativeLibrary matchLibrary = getNativeLibrary(conf, osName); + Pkcs11conf.NativeLibrary matchLibrary = getNativeLibrary(moduleType, osName); this.nativeLibrary = matchLibrary.getPath(); this.nativeLibraryProperties = matchLibrary.getProperties(); - this.newObjectConf = (conf.getNewObjectConf() == null) ? new P11NewObjectConf() - : new P11NewObjectConf(conf.getNewObjectConf()); + this.newObjectConf = (moduleType.getNewObjectConf() == null) ? new P11NewObjectConf() + : new P11NewObjectConf(moduleType.getNewObjectConf()); } // constructor - private static Pkcs11conf.NativeLibrary getNativeLibrary(Pkcs11conf conf, String osName) + private static Pkcs11conf.NativeLibrary getNativeLibrary(Pkcs11conf.Module moduleType, String osName) throws InvalidConfException { Pkcs11conf.NativeLibrary matchLibrary = null; - for (Pkcs11conf.NativeLibrary library : conf.getNativeLibraries()) { + for (Pkcs11conf.NativeLibrary library : moduleType.getNativeLibraries()) { List osNames = library.getOperationSystems(); if (CollectionUtil.isEmpty(osNames)) { matchLibrary = library; @@ -277,6 +461,10 @@ private static Pkcs11conf.NativeLibrary getNativeLibrary(Pkcs11conf conf, String return matchLibrary; } + public String getName() { + return name; + } + public String getType() { return type; } @@ -317,6 +505,10 @@ public String getUserType() { return userType; } + public char[] getUserName() { + return userName; + } + public P11PasswordsRetriever getPasswordRetriever() { return passwordRetriever; } @@ -381,12 +573,15 @@ public boolean isSlotIncluded(P11SlotId slotId) { return true; } // method isSlotIncluded + public P11MechanismFilter getP11MechanismFilter() { + return mechanismFilter; + } + public P11NewObjectConf getP11NewObjectConf() { return newObjectConf; } - private static Set getSlotIdFilters(List slotTypes) - throws InvalidConfException { + private static Set getSlotIdFilters(List slotTypes) throws InvalidConfException { if (CollectionUtil.isEmpty(slotTypes)) { return null; } diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java index e607a91..00c3fc4 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11SignerFactory.java @@ -88,6 +88,7 @@ public ConcurrentContentSigner newSigner(String type, SignerConf conf, X509Cert[ } } + String moduleName = conf.getConfValue("module"); str = conf.getConfValue("slot"); Integer slotIndex = (str == null) ? null : Integer.parseInt(str); @@ -111,7 +112,7 @@ public ConcurrentContentSigner newSigner(String type, SignerConf conf, X509Cert[ P11Slot slot; try { - P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(); + P11CryptService p11Service = p11CryptServiceFactory.getP11CryptService(moduleName); P11Module module = p11Service.getModule(); P11SlotId p11SlotId = (slotId != null) ? module.getSlotIdForId(slotId) : module.getSlotIdForIndex(slotIndex); diff --git a/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java index ae2e2f7..b4cda56 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/P11Slot.java @@ -14,6 +14,7 @@ import org.xipki.pkcs11.wrapper.TokenException; import org.xipki.pkcs11.wrapper.params.ExtraParams; import org.xipki.security.EdECConstants; +import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; import org.xipki.security.pkcs11.P11ModuleConf.P11NewObjectConf; import org.xipki.security.util.DSAParameterCache; import org.xipki.util.Args; @@ -138,6 +139,8 @@ public void setUsages(Set usages) { private static final Logger LOG = LoggerFactory.getLogger(P11Slot.class); + protected final String moduleName; + protected final P11SlotId slotId; private final boolean readOnly; @@ -152,9 +155,10 @@ public void setUsages(Set usages) { protected final P11NewObjectConf newObjectConf; protected P11Slot( - P11SlotId slotId, boolean readOnly, + String moduleName, P11SlotId slotId, boolean readOnly, List secretKeyTypes, List keyPairTypes, P11NewObjectConf newObjectConf) { this.newObjectConf = Args.notNull(newObjectConf, "newObjectConf"); + this.moduleName = Args.notBlank(moduleName, "moduleName"); this.slotId = Args.notNull(slotId, "slotId"); this.readOnly = readOnly; this.secretKeyTypes = secretKeyTypes; @@ -377,19 +381,25 @@ protected PKCS11Module getPKCS11Module() { @Override public abstract void close(); - protected void initMechanisms(Map supportedMechanisms) { + protected void initMechanisms(Map supportedMechanisms, P11MechanismFilter mechanismFilter) { mechanisms.clear(); + List ignoreMechs = new ArrayList<>(); PKCS11Module pkcs11Module = getPKCS11Module(); for (Map.Entry entry : supportedMechanisms.entrySet()) { long mech = entry.getKey(); - mechanisms.put(mech, entry.getValue()); + if (mechanismFilter.isMechanismPermitted(slotId, mech, pkcs11Module)) { + mechanisms.put(mech, entry.getValue()); + } else { + ignoreMechs.add(mech); + } } + Collections.sort(ignoreMechs); if (LOG.isInfoEnabled()) { StringBuilder sb = new StringBuilder(); - sb.append("initialized slot ").append(slotId); + sb.append("initialized module ").append(moduleName).append(", slot ").append(slotId); sb.append("\nsupported mechanisms:\n"); if (mechanisms.isEmpty()) { @@ -398,6 +408,14 @@ protected void initMechanisms(Map supportedMechanisms) { printMechanisms(sb, mechanisms); } + sb.append("\nsupported by device but ignored mechanisms:\n"); + if (ignoreMechs.isEmpty()) { + sb.append(" NONE\n"); + } else { + for (Long mech : ignoreMechs) { + sb.append("\n ").append(mechanismCodeToName(mech)); + } + } LOG.info(sb.toString()); } } @@ -428,6 +446,10 @@ public void assertMechanismSupported(long mechanism, long flagBit) throws TokenE } } + public String getModuleName() { + return moduleName; + } + public P11SlotId getSlotId() { return slotId; } diff --git a/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java b/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java index 3bd910b..27cdc82 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java +++ b/security/src/main/java/org/xipki/security/pkcs11/Pkcs11conf.java @@ -19,175 +19,306 @@ public class Pkcs11conf extends ValidableConf { - private String type; + public static class MechanismFilter extends ValidableConf { - private List nativeLibraries; + /** + * name of the mechanismSet. + */ + private String mechanismSet; - private NewObjectConf newObjectConf; + /** + * To which slots the mechanism should be applied. + * Absent for all slots. + */ + private List slots; - /** - * Which slots should be considered. Absent for all slots. - */ - private List includeSlots; + public String getMechanismSet() { + return mechanismSet; + } - /** - * Which slots should be considered. Absent for no slot. - */ - private List excludeSlots; + public void setMechanismSet(String mechanismSet) { + this.mechanismSet = mechanismSet; + } - private boolean readonly; + public List getSlots() { + if (slots == null) { + slots = new LinkedList<>(); + } + return slots; + } - private List secretKeyTypes; + public void setSlots(List slots) { + this.slots = slots; + } - private List keyPairTypes; + @Override + public void validate() throws InvalidConfException { + notBlank(mechanismSet, "mechanismSet"); + validate(slots); + } - private Integer numSessions; + } // class MechanismFilter - /** - * specify the user type, use either the long value or identifier as - * defined in the PKCS#11 standards. In version up to 2.40 the - * following users are defined. - * - 0 or 0x0 or CKU_SO - * - 1 or 0x1 or CKU_USER - * - 2 or 0x2 or CKU_CONTEXT_SPECIFIC - * For vendor user type, only the long value is allowed. - */ - private String user; + public static class MechanismSet extends ValidableConf { - /** - * maximal size of the message sent to the PKCS#11 device. - */ - private Integer maxMessageSize; + private String name; - /** - * Timeout to borrow a new session. - */ - private Integer newSessionTimeout; + /** + * The mechanism. Set mechanism to ALL to accept all available mechanisms. + */ + private List mechanisms; - private List passwordSets; + /** + * The mechanism to be excluded. + */ + private List excludeMechanisms; - public String getType() { - return type; - } + public String getName() { + return name; + } - public void setType(String type) { - this.type = type; - } + public void setName(String name) { + this.name = name; + } - public List getNativeLibraries() { - if (nativeLibraries == null) { - nativeLibraries = new LinkedList<>(); + public List getMechanisms() { + if (mechanisms == null) { + mechanisms = new LinkedList<>(); + } + return mechanisms; } - return nativeLibraries; - } - public void setNativeLibraries(List nativeLibraries) { - this.nativeLibraries = nativeLibraries; - } + public void setMechanisms(List mechanisms) { + this.mechanisms = mechanisms; + } - public NewObjectConf getNewObjectConf() { - return newObjectConf; - } + public List getExcludeMechanisms() { + if (excludeMechanisms == null) { + excludeMechanisms = new LinkedList<>(); + } + return excludeMechanisms; + } - public void setNewObjectConf(NewObjectConf newObjectConf) { - this.newObjectConf = newObjectConf; - } + public void setExcludeMechanisms(List excludeMechanisms) { + this.excludeMechanisms = excludeMechanisms; + } - public List getIncludeSlots() { - if (includeSlots == null) { - includeSlots = new LinkedList<>(); + @Override + public void validate() throws InvalidConfException { + notBlank(name, "name"); + notEmpty(mechanisms, "mechanisms"); } - return includeSlots; - } - public void setIncludeSlots(List includeSlots) { - this.includeSlots = includeSlots; - } + } // class MechanismSet + + public static class Module extends ValidableConf { + + private String name; + + private String type; + + private List nativeLibraries; + + private NewObjectConf newObjectConf; + + /** + * Which slots should be considered. Absent for all slots. + */ + private List includeSlots; + + /** + * Which slots should be considered. Absent for no slot. + */ + private List excludeSlots; + + private boolean readonly; + + private List secretKeyTypes; + + private List keyPairTypes; + + private Integer numSessions; + + /** + * specify the user type, use either the long value or identifier as + * defined in the PKCS#11 standards. In version up to 2.40 the + * following users are defined. + * - 0 or 0x0 or CKU_SO + * - 1 or 0x1 or CKU_USER + * - 2 or 0x2 or CKU_CONTEXT_SPECIFIC + * For vendor user type, only the long value is allowed. + */ + private String user; + + private String userName; + + /** + * maximal size of the message sent to the PKCS#11 device. + */ + private Integer maxMessageSize; + + /** + * Timeout to borrow a new session. + */ + private Integer newSessionTimeout; + + private List passwordSets; + + private List mechanismFilters; - public List getExcludeSlots() { - if (excludeSlots == null) { - excludeSlots = new LinkedList<>(); + public String getName() { + return name; } - return excludeSlots; - } - public void setExcludeSlots(List excludeSlots) { - this.excludeSlots = excludeSlots; - } + public void setName(String name) { + this.name = name; + } - public boolean isReadonly() { - return readonly; - } + public String getType() { + return type; + } - public void setReadonly(boolean readonly) { - this.readonly = readonly; - } + public void setType(String type) { + this.type = type; + } - public List getPasswordSets() { - if (passwordSets == null) { - passwordSets = new LinkedList<>(); + public List getNativeLibraries() { + if (nativeLibraries == null) { + nativeLibraries = new LinkedList<>(); + } + return nativeLibraries; } - return passwordSets; - } - public void setPasswordSets(List passwordSets) { - this.passwordSets = passwordSets; - } + public void setNativeLibraries(List nativeLibraries) { + this.nativeLibraries = nativeLibraries; + } - public void setUser(String user) { - this.user = user; - } + public NewObjectConf getNewObjectConf() { + return newObjectConf; + } - public void setMaxMessageSize(Integer maxMessageSize) { - this.maxMessageSize = maxMessageSize; - } + public void setNewObjectConf(NewObjectConf newObjectConf) { + this.newObjectConf = newObjectConf; + } - public String getUser() { - return user == null ? "CKU_USER" : user; - } + public List getIncludeSlots() { + if (includeSlots == null) { + includeSlots = new LinkedList<>(); + } + return includeSlots; + } - public int getMaxMessageSize() { - return maxMessageSize == null ? 16384 : maxMessageSize; - } + public void setIncludeSlots(List includeSlots) { + this.includeSlots = includeSlots; + } - public List getSecretKeyTypes() { - return secretKeyTypes; - } + public List getExcludeSlots() { + if (excludeSlots == null) { + excludeSlots = new LinkedList<>(); + } + return excludeSlots; + } - public void setSecretKeyTypes(List secretKeyTypes) { - this.secretKeyTypes = secretKeyTypes; - } + public void setExcludeSlots(List excludeSlots) { + this.excludeSlots = excludeSlots; + } - public List getKeyPairTypes() { - return keyPairTypes; - } + public boolean isReadonly() { + return readonly; + } - public void setKeyPairTypes(List keyPairTypes) { - this.keyPairTypes = keyPairTypes; - } + public void setReadonly(boolean readonly) { + this.readonly = readonly; + } - public Integer getNumSessions() { - return numSessions; - } + public List getPasswordSets() { + if (passwordSets == null) { + passwordSets = new LinkedList<>(); + } + return passwordSets; + } - public void setNumSessions(Integer numSessions) { - this.numSessions = numSessions; - } + public void setPasswordSets(List passwordSets) { + this.passwordSets = passwordSets; + } - public Integer getNewSessionTimeout() { - return newSessionTimeout; - } + public List getMechanismFilters() { + if (mechanismFilters == null) { + mechanismFilters = new LinkedList<>(); + } + return mechanismFilters; + } - public void setNewSessionTimeout(Integer newSessionTimeout) { - this.newSessionTimeout = newSessionTimeout; - } + public void setMechanismFilters(List mechanismFilters) { + this.mechanismFilters = mechanismFilters; + } - @Override - public void validate() throws InvalidConfException { - notBlank(type, "type"); - notEmpty(nativeLibraries, "nativeLibraries"); - validate(nativeLibraries, includeSlots, excludeSlots, passwordSets); - } + public void setUser(String user) { + this.user = user; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public void setMaxMessageSize(Integer maxMessageSize) { + this.maxMessageSize = maxMessageSize; + } + + public String getUser() { + return user == null ? "CKU_USER" : user; + } + + public String getUserName() { + return userName; + } + + public int getMaxMessageSize() { + return maxMessageSize == null ? 16384 : maxMessageSize; + } + + public List getSecretKeyTypes() { + return secretKeyTypes; + } + + public void setSecretKeyTypes(List secretKeyTypes) { + this.secretKeyTypes = secretKeyTypes; + } + + public List getKeyPairTypes() { + return keyPairTypes; + } + + public void setKeyPairTypes(List keyPairTypes) { + this.keyPairTypes = keyPairTypes; + } + + public Integer getNumSessions() { + return numSessions; + } + + public void setNumSessions(Integer numSessions) { + this.numSessions = numSessions; + } + + public Integer getNewSessionTimeout() { + return newSessionTimeout; + } + + public void setNewSessionTimeout(Integer newSessionTimeout) { + this.newSessionTimeout = newSessionTimeout; + } + + @Override + public void validate() throws InvalidConfException { + notBlank(name, "name"); + notBlank(type, "type"); + notEmpty(nativeLibraries, "nativeLibraries"); + + validate(nativeLibraries, includeSlots, excludeSlots, passwordSets, mechanismFilters); + } + + } // class Module public static class NativeLibrary extends ValidableConf { @@ -266,7 +397,7 @@ public static class PasswordSet extends ValidableConf { private List slots; - private String password; + private List passwords; public List getSlots() { if (slots == null) { @@ -279,16 +410,20 @@ public void setSlots(List slots) { this.slots = slots; } - public String getPassword() { - return password; + public List getPasswords() { + if (passwords == null) { + passwords = new LinkedList<>(); + } + return passwords; } - public void setPassword(String password) { - this.password = password; + public void setPasswords(List passwords) { + this.passwords = passwords; } @Override public void validate() throws InvalidConfException { + notEmpty(passwords, "passwords"); } } // class PasswordSet @@ -324,4 +459,47 @@ public void validate() throws InvalidConfException { } // class Slot + /** + * exactly one module must have the name 'default'. + */ + private List modules; + + private List mechanismSets; + + public List getModules() { + return modules; + } + + public void setModules(List modules) { + if (modules == null) { + modules = new LinkedList<>(); + } + this.modules = modules; + } + + public List getMechanismSets() { + if (mechanismSets == null) { + mechanismSets = new LinkedList<>(); + } + return mechanismSets; + } + + public void setMechanismSets(List mechanismSets) { + this.mechanismSets = mechanismSets; + } + + public void addModule(Module module) { + getModules().add(module); + } + + public void addMechanismSet(MechanismSet mechanismSet) { + getMechanismSets().add(mechanismSet); + } + + @Override + public void validate() throws InvalidConfException { + notEmpty(modules, "modules"); + validate(modules, mechanismSets); + } + } diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java index 19f32e7..34f7b62 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Module.java @@ -141,7 +141,7 @@ private EmulatorP11Module(P11ModuleConf moduleConf) throws TokenException { Set slots = new HashSet<>(); for (P11SlotId slotId : slotIds) { - char[] pwd; + List pwd; try { pwd = moduleConf.getPasswordRetriever().getPassword(slotId); } catch (PasswordResolverException ex) { @@ -154,8 +154,14 @@ private EmulatorP11Module(P11ModuleConf moduleConf) throws TokenException { throw new TokenException("no password is configured"); } - slots.add(new EmulatorP11Slot(slotDir, slotId, - moduleConf.isReadOnly(), new EmulatorKeyCryptor(pwd), + if (pwd.size() != 1) { + throw new TokenException(pwd.size() + " passwords are configured, but 1 is permitted"); + } + + char[] firstPwd = pwd.get(0); + + slots.add(new EmulatorP11Slot(moduleConf.getName(), slotDir, slotId, + moduleConf.isReadOnly(), new EmulatorKeyCryptor(firstPwd), moduleConf.getP11MechanismFilter(), moduleConf.getP11NewObjectConf(), moduleConf.getNumSessions(), moduleConf.getSecretKeyTypes(), moduleConf.getKeyPairTypes())); } @@ -174,7 +180,7 @@ public String getDescription() { @Override public void close() { - LOG.info("close PKCS#11 module"); + LOG.info("close PKCS#11 module: {}", getName()); } private void createExampleRepository(File dir) throws IOException { diff --git a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java index 46ae4c9..df7ba33 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java +++ b/security/src/main/java/org/xipki/security/pkcs11/emulator/EmulatorP11Slot.java @@ -32,6 +32,7 @@ import org.xipki.security.EdECConstants; import org.xipki.security.HashAlgo; import org.xipki.security.pkcs11.P11Key; +import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; import org.xipki.security.pkcs11.P11ModuleConf.P11NewObjectConf; import org.xipki.security.pkcs11.P11Params; import org.xipki.security.pkcs11.P11Slot; @@ -221,11 +222,11 @@ public boolean accept(File dir, String name) { } EmulatorP11Slot( - File slotDir, P11SlotId slotId, boolean readOnly, - EmulatorKeyCryptor keyCryptor, P11NewObjectConf newObjectConf, + String moduleName, File slotDir, P11SlotId slotId, boolean readOnly, + EmulatorKeyCryptor keyCryptor, P11MechanismFilter mechanismFilter, P11NewObjectConf newObjectConf, Integer numSessions, List secretKeyTypes, List keypairTypes) throws TokenException { - super(slotId, readOnly, secretKeyTypes, keypairTypes, newObjectConf); + super(moduleName, slotId, readOnly, secretKeyTypes, keypairTypes, newObjectConf); this.keyCryptor = Args.notNull(keyCryptor, "keyCryptor"); this.maxSessions = numSessions == null ? 20 : Args.positive(numSessions, "numSessions"); @@ -249,7 +250,7 @@ public boolean accept(File dir, String name) { this.namedCurveSupported = true; } - initMechanisms(supportedMechs); + initMechanisms(supportedMechs, mechanismFilter); } // constructor private List getFilesForLabel(File dir, String label) throws TokenException { diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java new file mode 100644 index 0000000..80749a4 --- /dev/null +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Key.java @@ -0,0 +1,78 @@ +// Copyright (c) 2013-2024 xipki. All rights reserved. +// License Apache License 2.0 + +package org.xipki.security.pkcs11.hsmproxy; + +import org.xipki.pkcs11.wrapper.PKCS11KeyId; +import org.xipki.pkcs11.wrapper.TokenException; +import org.xipki.pkcs11.wrapper.params.ExtraParams; +import org.xipki.security.pkcs11.P11Key; +import org.xipki.security.pkcs11.P11Params; +import org.xipki.security.util.KeyUtil; +import org.xipki.util.Args; + +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.RSAPublicKeySpec; + +import static org.xipki.pkcs11.wrapper.PKCS11Constants.CKK_RSA; + +/** + * {@link P11Key} based on the HSM proxy. + * + * @author Lijun Liao (xipki) + */ + +class HsmProxyP11Key extends P11Key { + + public HsmProxyP11Key(HsmProxyP11Slot slot, PKCS11KeyId keyId) { + super(slot, keyId); + } + + @Override + protected byte[] digestSecretKey0(long mechanism) throws TokenException { + return slot.digestSecretKey(mechanism, keyId.getHandle()); + } + + @Override + protected PublicKey getPublicKey0() throws TokenException { + long keyType = keyId.getKeyType(); + if (keyType == CKK_RSA) { + try { + return KeyUtil.generateRSAPublicKey( + new RSAPublicKeySpec(rsaModulus, rsaPublicExponent)); + } catch (InvalidKeySpecException ex) { + throw new TokenException(ex.getMessage(), ex); + } + } + + Long publicKeyHandle = keyId.getPublicKeyHandle(); + return (publicKeyHandle == null) ? null : slot.getPublicKey(publicKeyHandle); + } + + @Override + public void destroy() throws TokenException { + long[] failedHandles; + if (keyId.getPublicKeyHandle() == null) { + failedHandles = slot.destroyObjectsByHandle(keyId.getHandle()); + } else { + failedHandles = slot.destroyObjectsByHandle(keyId.getHandle(), keyId.getPublicKeyHandle()); + } + if (failedHandles != null && failedHandles.length > 0) { + throw new TokenException("error destroying key " + keyId); + } + } + + @Override + protected byte[] sign0(long mechanism, P11Params parameters, byte[] content) throws TokenException { + Args.notNull(content, "content"); + ExtraParams extraParams = null; + if (ecOrderBitSize != null) { + extraParams = new ExtraParams(); + extraParams.ecOrderBitSize(ecOrderBitSize); + } + + return slot.sign(mechanism, parameters, extraParams, keyId.getHandle(), content); + } + +} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java new file mode 100644 index 0000000..be128f5 --- /dev/null +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java @@ -0,0 +1,428 @@ +// Copyright (c) 2013-2024 xipki. All rights reserved. +// License Apache License 2.0 + +package org.xipki.security.pkcs11.hsmproxy; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.xipki.pkcs11.wrapper.PKCS11Constants; +import org.xipki.pkcs11.wrapper.PKCS11Exception; +import org.xipki.pkcs11.wrapper.TokenException; +import org.xipki.security.pkcs11.P11Module; +import org.xipki.security.pkcs11.P11ModuleConf; +import org.xipki.security.pkcs11.P11Slot; +import org.xipki.security.pkcs11.P11SlotId; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.BooleanMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ByteArrayMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ErrorResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GetMechanismInfosResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.IntMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.KeyIdMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.LongArrayMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ModuleCapsResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.P11KeyResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.SlotIdsResponse; +import org.xipki.util.Args; +import org.xipki.util.FileOrBinary; +import org.xipki.util.IoUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.StringUtil; +import org.xipki.util.cbor.ByteArrayCborDecoder; +import org.xipki.util.cbor.CborConstants; +import org.xipki.util.cbor.CborDecoder; +import org.xipki.util.cbor.CborType; +import org.xipki.util.exception.DecodeException; +import org.xipki.util.exception.ObjectCreationException; +import org.xipki.util.http.HostnameVerifiers; +import org.xipki.util.http.SslConf; +import org.xipki.util.http.SslContextConf; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSocketFactory; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.HttpURLConnection; +import java.net.URL; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.StringTokenizer; + +/** + * {@link P11Module} for PKCS#11 proxy. + * + * @author Lijun Liao (xipki) + */ + +class HsmProxyP11Module extends P11Module { + + public static final String TYPE = "hsmproxy"; + + private static final String PROP_SSL_STORETYPE = "ssl.storeType"; + + private static final String PROP_SSL_KEYSTORE = "ssl.keystore"; + + private static final String PROP_SSL_KEYSTOREPASSWORD = "ssl.keystorePassword"; + + private static final String PROP_SSL_TRUSTCERTS = "ssl.trustcerts"; + + private static final String PROP_SSL_HOStNAMEVERIFIER = "ssl.hostnameVerifier"; + + private static final Logger LOG = LoggerFactory.getLogger(HsmProxyP11Module.class); + + private static final String REQUEST_MIMETYPE = "application/x-xipki-pkcs11"; + + private static final String RESPONSE_MIMETYPE = "application/x-xipki-pkcs11"; + + private static final byte[] SLOT_ID_NULL_CONTENT_NULL_REQUEST = new byte[]{(byte) 0x82, (byte) 0xf6, (byte) 0xf6}; + + private final String description; + + private final String serverUrl; + + private final SSLSocketFactory sslSocketFactory; + + private final HostnameVerifier hostnameVerifier; + + private HsmProxyP11Module(P11ModuleConf moduleConf) throws TokenException { + super(moduleConf); + + final String modulePath = moduleConf.getNativeLibrary(); + + Map properties = moduleConf.getNativeLibraryProperties(); + if (properties == null) { + throw new TokenException("The properties field is not present"); + } + this.description = StringUtil.concat("PKCS#11 proxy", "\nPath: ", modulePath); + this.serverUrl = modulePath.endsWith("/") ? modulePath.substring(0, modulePath.length() - 1) : modulePath; + + SslConf sslConf = new SslConf(); + + String sslStoreType = properties.get(PROP_SSL_STORETYPE); + sslConf.setStoreType(sslStoreType); + + String sslKeystore = properties.get(PROP_SSL_KEYSTORE); + sslConf.setKeystore(FileOrBinary.ofFile(sslKeystore)); + + String sslKeystorePassword = properties.get(PROP_SSL_KEYSTOREPASSWORD); + sslConf.setKeystorePassword(sslKeystorePassword); + + String sslTrustCerts = properties.get(PROP_SSL_TRUSTCERTS); + if (sslTrustCerts != null) { + StringTokenizer tokens = new StringTokenizer(sslTrustCerts, ",;:"); + List files = new ArrayList<>(tokens.countTokens()); + while (tokens.hasMoreTokens()) { + String file = tokens.nextToken().trim(); + files.add(FileOrBinary.ofFile(file)); + } + sslConf.setTrustanchors(files.toArray(new FileOrBinary[0])); + } + + String sslHostnameVerifier = properties.get(PROP_SSL_HOStNAMEVERIFIER); + if (sslHostnameVerifier != null) { + sslConf.setHostnameVerifier(sslHostnameVerifier); + } + + SslContextConf sslContextConf = SslContextConf.ofSslConf(sslConf); + + try { + this.sslSocketFactory = sslContextConf.getSslSocketFactory(); + } catch (ObjectCreationException ex) { + throw new TokenException("could not build SSLSocketFactroy", ex); + } + try { + this.hostnameVerifier = HostnameVerifiers.createHostnameVerifier(sslHostnameVerifier); + } catch (ObjectCreationException ex) { + throw new TokenException("could not create HostnameVerifier", ex); + } + + ModuleCapsResponse moduleCaps = + (ModuleCapsResponse) sendModuleAction(ProxyAction.moduleCaps); + if (!moduleConf.isReadOnly()) { + moduleConf.setReadOnly(moduleCaps.isReadOnly()); + } + + if (moduleConf.getMaxMessageSize() > moduleCaps.getMaxMessageSize()) { + moduleConf.setMaxMessageSize(moduleCaps.getMaxMessageSize()); + } + + if (moduleCaps.getNewObjectConf() != null) { + moduleConf.setNewObjectConf(moduleCaps.getNewObjectConf()); + } + + if (moduleCaps.getSecretKeyTypes() != null) { + moduleConf.setSecretKeyTypes( + intersect(moduleConf.getSecretKeyTypes(), moduleCaps.getSecretKeyTypes())); + } + + if (moduleCaps.getKeyPairTypes() != null) { + moduleConf.setKeyPairTypes( + intersect(moduleConf.getKeyPairTypes(), moduleCaps.getKeyPairTypes())); + } + + // initialize the slots + SlotIdsResponse resp = (SlotIdsResponse) sendModuleAction(ProxyAction.slotIds); + Set slots = new HashSet<>(); + for (P11SlotId slotId : resp.getSlotIds() ) { + if (!conf.isSlotIncluded(slotId)) { + continue; + } + + if (!conf.isSlotIncluded(slotId)) { + LOG.info("skipped slot {}", slotId); + continue; + } + + HsmProxyP11Slot slot = new HsmProxyP11Slot(slotId, moduleConf.isReadOnly(), this, + conf.getP11MechanismFilter(), moduleCaps.getNewObjectConf(), + moduleCaps.getSecretKeyTypes(), moduleCaps.getKeyPairTypes()); + slots.add(slot); + } + setSlots(slots); + } // constructor + + private static List intersect(List a, List b) { + if (a == null) { + return b; + } else if (b == null) { + return a; + } + + if (new HashSet<>(a).containsAll(b) && a.size() == b.size()) { + return a; + } + + List r = new ArrayList<>(Math.min(a.size(), b.size())); + for (T ta : a) { + if (b.contains(ta)) { + r.add(ta); + } + } + return r; + } + + public static P11Module getInstance(P11ModuleConf moduleConf) throws TokenException { + Args.notNull(moduleConf, "moduleConf"); + if (moduleConf.getUserName() != null) { + throw new TokenException("userName is present but shall be null"); + } + + return new HsmProxyP11Module(moduleConf); + } + + @Override + public String getDescription() { + return description; + } + + @Override + public void close() { + for (P11SlotId slotId : getSlotIds()) { + try { + getSlot(slotId).close(); + } catch (Throwable th) { + LogUtil.error(LOG, th, "could not close PKCS#11 slot " + slotId); + } + } + } + + protected byte[] doSend(ProxyAction action, byte[] request) throws IOException { + Args.notNull(request, "request"); + + String thisUrl = serverUrl + "/" + action.getAlias(); + + HttpURLConnection httpUrlConnection = IoUtil.openHttpConn(new URL(thisUrl)); + + if (httpUrlConnection instanceof HttpsURLConnection) { + if (sslSocketFactory != null) { + ((HttpsURLConnection) httpUrlConnection).setSSLSocketFactory(sslSocketFactory); + } + + if (hostnameVerifier != null) { + ((HttpsURLConnection) httpUrlConnection).setHostnameVerifier(hostnameVerifier); + } + } + + httpUrlConnection.setDoOutput(true); + httpUrlConnection.setUseCaches(false); + + int size = request.length; + + httpUrlConnection.setRequestMethod("POST"); + httpUrlConnection.setRequestProperty("Content-Type", REQUEST_MIMETYPE); + httpUrlConnection.setRequestProperty("Content-Length", Integer.toString(size)); + OutputStream outputstream = httpUrlConnection.getOutputStream(); + outputstream.write(request); + outputstream.flush(); + + if (httpUrlConnection.getResponseCode() != HttpURLConnection.HTTP_OK) { + try { + try { + InputStream is = httpUrlConnection.getInputStream(); + if (is != null) { + is.close(); + } + } catch (IOException ex) { + InputStream errStream = httpUrlConnection.getErrorStream(); + if (errStream != null) { + errStream.close(); + } + } + } catch (Throwable th) { + // ignore it + } + + throw new IOException("bad response: code=" + httpUrlConnection.getResponseCode() + + ", message=" + httpUrlConnection.getResponseMessage()); + } + + InputStream inputstream; + try { + inputstream = httpUrlConnection.getInputStream(); + } catch (IOException ex) { + InputStream errStream = httpUrlConnection.getErrorStream(); + if (errStream != null) { + errStream.close(); + } + throw ex; + } + + try { + String responseContentType = httpUrlConnection.getContentType(); + boolean isValidContentType = false; + if (responseContentType != null) { + if (responseContentType.equalsIgnoreCase(RESPONSE_MIMETYPE)) { + isValidContentType = true; + } + } + if (!isValidContentType) { + throw new IOException("bad response: mime type " + responseContentType + + " is not supported!"); + } + + byte[] buf = new byte[4096]; + ByteArrayOutputStream bytearrayoutputstream = new ByteArrayOutputStream(); + do { + int readedByte = inputstream.read(buf); + if (readedByte == -1) { + break; + } + bytearrayoutputstream.write(buf, 0, readedByte); + } while (true); + + return bytearrayoutputstream.toByteArray(); + } finally { + inputstream.close(); + } + } // method send + + public ProxyMessage sendModuleAction(ProxyAction action) throws TokenException { + return send(action, SLOT_ID_NULL_CONTENT_NULL_REQUEST.clone()); + } + + public ProxyMessage send(ProxyAction action, byte[] request) throws TokenException { + Args.notNull(request, "request"); + + byte[] respBytes; + try { + respBytes = doSend(action, request); + } catch (IOException ex) { + LOG.error("IO error", request); + throw new TokenException(ex.getMessage(), ex); + } + + CborDecoder decoder = new ByteArrayCborDecoder(respBytes); + ErrorResponse errorResp = null; + + try { + CborType type = decoder.peekType(); + if (CborDecoder.isNull(type)) { + decoder.readNull(); + return null; + } else if (type.getMajorType() == CborConstants.TYPE_TAG) { + long tag = decoder.readTag(); + if (ErrorResponse.CBOR_TAG_ERROR_RESPONSE != tag) { + throw new TokenException("response is tagged but not with tag CBOR_TAG_ERROR_RESPONSE"); + } + + errorResp = ErrorResponse.decode(decoder); + } + } catch (IOException ex) { + throw new TokenException("IO error decoding response", ex); + } catch (DecodeException ex) { + throw new TokenException("DecodeException decoding response", ex); + } + + if (errorResp != null) { + ErrorResponse.ProxyErrorCode errorCode = errorResp.getErrorCode(); + String detail = errorResp.getDetail(); + + switch (errorCode) { + case badRequest: + case internalError: + throw new TokenException(errorCode + ": " + detail); + case pkcs11Exception: + long ckrCode; + try { + ckrCode = detail.startsWith("CKR_") || detail.startsWith("ckr_") + ? PKCS11Constants.ckrNameToCode(detail) : Long.parseLong(detail); + } catch (Exception ex) { + LOG.warn("could not parse CKR code '" + detail + "'"); + ckrCode = PKCS11Constants.CKR_GENERAL_ERROR; + } + throw new PKCS11Exception(ckrCode); + case tokenException: + throw new TokenException(detail); + } + } + + try { + switch (action) { + case moduleCaps: + return ModuleCapsResponse.decode(decoder); + case slotIds: + return SlotIdsResponse.decode(decoder); + case mechInfos: + return GetMechanismInfosResponse.decode(decoder); + case keyByKeyId: + case keyByIdLabel: + return P11KeyResponse.decode(decoder); + case objectExistsByIdLabel: + return BooleanMessage.decode(decoder); + case destroyAllObjects: + case destroyObjectsByIdLabel: + return IntMessage.decode(decoder); + case destroyObjectsByHandle: + return LongArrayMessage.decode(decoder); + case keyIdByIdLabel: + case genSecretKey: + case importSecretKey: + case genRSAKeypair: + case genDSAKeypair2: + case genDSAKeypair: + case genECKeypair: + case genSM2Keypair: + return KeyIdMessage.decode(decoder); + case genRSAKeypairOtf: + case genDSAKeypairOtf: + case genECKeypairOtf: + case genSM2KeypairOtf: + case publicKeyByHandle: + case showDetails: + case sign: + case digestSecretKey: + return ByteArrayMessage.decode(decoder); + default: + throw new IllegalStateException("should not reach here, unknown action " + action); + } + } catch (DecodeException ex) { + throw new TokenException("DecodingException while decoding response.", ex); + } + } + +} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java new file mode 100644 index 0000000..5d6c593 --- /dev/null +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11ModuleFactory.java @@ -0,0 +1,34 @@ +// Copyright (c) 2013-2024 xipki. All rights reserved. +// License Apache License 2.0 + +package org.xipki.security.pkcs11.hsmproxy; + +import org.xipki.pkcs11.wrapper.TokenException; +import org.xipki.security.pkcs11.P11Module; +import org.xipki.security.pkcs11.P11ModuleConf; +import org.xipki.security.pkcs11.P11ModuleFactory; +import org.xipki.util.XipkiBaseDir; + +/** + * {@link P11ModuleFactory} to create {@link P11Module} of type "hsmproxy". + * + * @author Lijun Liao (xipki) + * + */ +public class HsmProxyP11ModuleFactory implements P11ModuleFactory { + + public HsmProxyP11ModuleFactory() { + XipkiBaseDir.init(); + } + + @Override + public boolean canCreateModule(String type) { + return HsmProxyP11Module.TYPE.equalsIgnoreCase(type); + } + + @Override + public P11Module newModule(P11ModuleConf conf) throws TokenException { + return HsmProxyP11Module.getInstance(conf); + } + +} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java new file mode 100644 index 0000000..88409b0 --- /dev/null +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Slot.java @@ -0,0 +1,375 @@ +// Copyright (c) 2013-2024 xipki. All rights reserved. +// License Apache License 2.0 + +package org.xipki.security.pkcs11.hsmproxy; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.xipki.pkcs11.wrapper.MechanismInfo; +import org.xipki.pkcs11.wrapper.PKCS11KeyId; +import org.xipki.pkcs11.wrapper.TokenException; +import org.xipki.pkcs11.wrapper.params.ExtraParams; +import org.xipki.security.pkcs11.P11Key; +import org.xipki.security.pkcs11.P11ModuleConf.P11MechanismFilter; +import org.xipki.security.pkcs11.P11ModuleConf.P11NewObjectConf; +import org.xipki.security.pkcs11.P11Params; +import org.xipki.security.pkcs11.P11Slot; +import org.xipki.security.pkcs11.P11SlotId; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.BooleanMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ByteArrayMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.DigestSecretKeyRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateDSAKeyPairByKeysizeRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateDSAKeyPairOtfRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateDSAKeyPairRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateECKeyPairOtfRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateECKeyPairRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateRSAKeyPairOtfRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateRSAKeyPairRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateSM2KeyPairRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GenerateSecretKeyRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.GetMechanismInfosResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.IdLabelMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ImportSecretKeyRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.IntMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.KeyIdMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.LongArrayMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.LongMessage; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.P11KeyResponse; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.ShowDetailsRequest; +import org.xipki.security.pkcs11.hsmproxy.ProxyMessage.SignRequest; +import org.xipki.security.util.KeyUtil; +import org.xipki.util.LogUtil; +import org.xipki.util.cbor.ByteArrayCborEncoder; +import org.xipki.util.exception.EncodeException; + +import java.io.IOException; +import java.io.OutputStream; +import java.math.BigInteger; +import java.nio.charset.StandardCharsets; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +/** + * {@link P11Slot} based on the HSM proxy. + * + * @author Lijun Liao (xipki) + */ +class HsmProxyP11Slot extends P11Slot { + + private static final Logger LOG = LoggerFactory.getLogger(HsmProxyP11Slot.class); + + private final HsmProxyP11Module module; + + HsmProxyP11Slot(P11SlotId slotId, boolean readOnly, HsmProxyP11Module module, P11MechanismFilter mechanismFilter, + P11NewObjectConf newObjectConf, List secretKeyTypes, List keyPairTypes) + throws TokenException { + super(module.getName(), slotId, readOnly, secretKeyTypes, keyPairTypes, newObjectConf); + + this.module = module; + GetMechanismInfosResponse resp = (GetMechanismInfosResponse) send(ProxyAction.mechInfos, null); + Map mechanismInfoMap = resp == null ? Collections.emptyMap() : resp.getMechamismInfoMap(); + initMechanisms(mechanismInfoMap, mechanismFilter); + } + + @Override + public final void close() { + } + + @Override + public P11Key getKey(PKCS11KeyId keyId) throws TokenException { + return toP11Key(send(ProxyAction.keyByKeyId, new KeyIdMessage(keyId))); + } + + @Override + public P11Key getKey(byte[] keyId, String keyLabel) throws TokenException { + return toP11Key(send(ProxyAction.keyByIdLabel, new IdLabelMessage(keyId, keyLabel))); + } + + @Override + public PKCS11KeyId getKeyId(byte[] keyId, String keyLabel) throws TokenException { + return toPKCS11KeyId(send(ProxyAction.keyIdByIdLabel, new IdLabelMessage(keyId, keyLabel))); + } + + @Override + public byte[] sign(long mechanism, P11Params params, ExtraParams extraParams, + long keyHandle, byte[] content) throws TokenException { + SignRequest req = new SignRequest(keyHandle, mechanism, params, extraParams, content); + return toByteArray(send(ProxyAction.sign, req)); + } + + @Override + public PublicKey getPublicKey(long handle) throws TokenException { + byte[] bytes = toByteArray(send(ProxyAction.publicKeyByHandle, new LongMessage(handle))); + try { + return bytes == null ? null : KeyUtil.generatePublicKey( + SubjectPublicKeyInfo.getInstance(bytes)); + } catch (InvalidKeySpecException ex) { + throw new TokenException("error parsing SubjectPublicKeyInfo", ex); + } + } + + @Override + public byte[] digestSecretKey(long mechanism, long handle) throws TokenException { + DigestSecretKeyRequest req = new DigestSecretKeyRequest(mechanism, handle); + return toByteArray(send(ProxyAction.digestSecretKey, req)); + } + + @Override + public boolean objectExistsByIdLabel(byte[] id, String label) throws TokenException { + return ((BooleanMessage) send(ProxyAction.objectExistsByIdLabel, new IdLabelMessage(id, label))).getValue(); + } + + @Override + public int destroyAllObjects() { + try { + return ((IntMessage) send(ProxyAction.destroyAllObjects, null)).getValue(); + } catch (TokenException e) { + LogUtil.warn(LOG, e, "error destroyAllObjects()"); + return 0; + } + } + + @Override + public long[] destroyObjectsByHandle(long[] handles) { + try { + LongArrayMessage resp = ((LongArrayMessage) send( + ProxyAction.destroyObjectsByHandle, new LongArrayMessage(handles))); + return resp == null ? null : resp.getValue(); + } catch (Exception e) { + LogUtil.warn(LOG, e, "error destroyObjectsByHandle()"); + return handles.clone(); + } + } + + @Override + public int destroyObjectsByIdLabel(byte[] id, String label) throws TokenException { + try { + return ((IntMessage) send(ProxyAction.destroyObjectsByIdLabel, new IdLabelMessage(id, label))).getValue(); + } catch (TokenException e) { + LogUtil.warn(LOG, e, "error destroyAllObjects()"); + return 0; + } + } + + @Override + public PKCS11KeyId generateSecretKey(long keyType, Integer keysize, P11NewKeyControl control) + throws TokenException { + return toPKCS11KeyId(send(ProxyAction.genSecretKey, new GenerateSecretKeyRequest(keyType, keysize, control))); + } // method generateSecretKey0 + + @Override + public PKCS11KeyId importSecretKey(long keyType, byte[] keyValue, P11NewKeyControl control) throws TokenException { + return toPKCS11KeyId(send(ProxyAction.importSecretKey, new ImportSecretKeyRequest(keyType, keyValue, control))); + } // method importSecretKey0 + + @Override + public PKCS11KeyId generateRSAKeypair(int keysize, BigInteger publicExponent, P11NewKeyControl control) + throws TokenException { + return toPKCS11KeyId(send(ProxyAction.genRSAKeypair, + new GenerateRSAKeyPairRequest(keysize, publicExponent, control))); + } + + @Override + public PrivateKeyInfo generateRSAKeypairOtf(int keysize, BigInteger publicExponent) throws TokenException { + return toPrivateKeyInfo(send(ProxyAction.genRSAKeypairOtf, + new GenerateRSAKeyPairOtfRequest(keysize, publicExponent))); + } + + @Override + public PKCS11KeyId generateDSAKeypair(int plength, int qlength, P11NewKeyControl control) throws TokenException { + return toPKCS11KeyId(send(ProxyAction.genDSAKeypair2, + new GenerateDSAKeyPairByKeysizeRequest(plength, qlength, control))); + } + + @Override + public PKCS11KeyId generateDSAKeypair(BigInteger p, BigInteger q, BigInteger g, P11NewKeyControl control) + throws TokenException { + return toPKCS11KeyId(send(ProxyAction.genDSAKeypair, new GenerateDSAKeyPairRequest(p, q, g, control))); + } + + @Override + public PrivateKeyInfo generateDSAKeypairOtf(BigInteger p, BigInteger q, BigInteger g) throws TokenException { + return toPrivateKeyInfo(send(ProxyAction.genDSAKeypairOtf, new GenerateDSAKeyPairOtfRequest(p, q, g))); + } + + @Override + public PKCS11KeyId generateECKeypair(ASN1ObjectIdentifier curveId, P11NewKeyControl control) throws TokenException { + return toPKCS11KeyId(send(ProxyAction.genECKeypair, new GenerateECKeyPairRequest(curveId, control))); + } + + @Override + public PrivateKeyInfo generateECKeypairOtf(ASN1ObjectIdentifier curveId) throws TokenException { + return toPrivateKeyInfo(send(ProxyAction.genECKeypair, new GenerateECKeyPairOtfRequest(curveId))); + } + + @Override + public PKCS11KeyId generateSM2Keypair(P11NewKeyControl control) throws TokenException { + return toPKCS11KeyId(send(ProxyAction.genSM2Keypair, new GenerateSM2KeyPairRequest(control))); + } + + @Override + public PrivateKeyInfo generateSM2KeypairOtf() throws TokenException { + return toPrivateKeyInfo(send(ProxyAction.genSM2KeypairOtf, null)); + } + + private P11Key toP11Key(ProxyMessage response) throws TokenException { + if (response == null) { + return null; + } + + if (!(response instanceof P11KeyResponse)) { + throw new TokenException("response is not a P11KeyResponse"); + } + + return ((P11KeyResponse) response).getP11Key(this); + } + + private static byte[] toByteArray(ProxyMessage response) throws TokenException { + if (response == null) { + return null; + } + + if (!(response instanceof ByteArrayMessage)) { + throw new TokenException("response is not a ByteArrayMessage"); + } + + return ((ByteArrayMessage) response).getValue(); + } + + private static PKCS11KeyId toPKCS11KeyId(ProxyMessage response) throws TokenException { + if (response == null) { + return null; + } + + if (!(response instanceof KeyIdMessage)) { + throw new TokenException("response is not a KeyIdMessage"); + } + + return ((KeyIdMessage) response).getKeyId(); + } + + private static PrivateKeyInfo toPrivateKeyInfo(ProxyMessage response) throws TokenException { + byte[] bytes = toByteArray(response); + if (bytes == null) { + return null; + } + + try { + return PrivateKeyInfo.getInstance(bytes); + } catch (IllegalArgumentException ex) { + throw new TokenException("invalid PrivateKeyInfo", ex); + } + } + + /** + * The specified stream remains open after this method returns. + */ + @Override + public void showDetails(OutputStream stream, Long objectHandle, boolean verbose) throws IOException { + ShowDetailsRequest req = new ShowDetailsRequest(objectHandle, verbose); + byte[] details; + try { + details = ((ByteArrayMessage) send(ProxyAction.showDetails, req)).getValue(); + } catch (TokenException e) { + details = ("ERROR: " + e.getMessage()).getBytes(StandardCharsets.UTF_8); + } + stream.write(details); + } + + private ProxyMessage send(ProxyAction action, ProxyMessage request) throws TokenException { + ByteArrayCborEncoder encoder = new ByteArrayCborEncoder(); + try { + encoder.writeArrayStart(2); + // slot id + encoder.writeInt(slotId.getId()); + if (request == null) { + encoder.writeNull(); + } else { + request.encode(encoder); + } + } catch (EncodeException ex) { + throw new TokenException("Encode error while building request", ex); + } catch (IOException ex) { + throw new TokenException("IO error while building request", ex); + } + + return module.send(action, encoder.toByteArray()); + } + + @Override + protected PKCS11KeyId doGenerateSecretKey(long keyType, Integer keysize, P11NewKeyControl control) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PKCS11KeyId doImportSecretKey(long keyType, byte[] keyValue, P11NewKeyControl control) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PKCS11KeyId doGenerateDSAKeypair(BigInteger p, BigInteger q, BigInteger g, P11NewKeyControl control) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PKCS11KeyId doGenerateECEdwardsKeypair(ASN1ObjectIdentifier curveId, P11NewKeyControl control) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PrivateKeyInfo doGenerateECEdwardsKeypairOtf(ASN1ObjectIdentifier curveId) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PKCS11KeyId doGenerateECMontgomeryKeypair(ASN1ObjectIdentifier curveId, P11NewKeyControl control) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PrivateKeyInfo doGenerateECMontgomeryKeypairOtf(ASN1ObjectIdentifier curveId) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PKCS11KeyId doGenerateECKeypair(ASN1ObjectIdentifier curveId, P11NewKeyControl control) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PrivateKeyInfo doGenerateECKeypairOtf(ASN1ObjectIdentifier curveId) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PKCS11KeyId doGenerateSM2Keypair(P11NewKeyControl control) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PrivateKeyInfo doGenerateSM2KeypairOtf() { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PKCS11KeyId doGenerateRSAKeypair(int keysize, BigInteger publicExponent, P11NewKeyControl control) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PrivateKeyInfo doGenerateRSAKeypairOtf(int keysize, BigInteger publicExponent) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + + @Override + protected PrivateKeyInfo generateDSAKeypairOtf0(BigInteger p, BigInteger q, BigInteger g) { + throw new UnsupportedOperationException("doGenerateSecretKey() unsupported"); + } + +} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java new file mode 100644 index 0000000..df2dbc3 --- /dev/null +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyAction.java @@ -0,0 +1,82 @@ +// Copyright (c) 2013-2024 xipki. All rights reserved. +// License Apache License 2.0 + +package org.xipki.security.pkcs11.hsmproxy; + +import java.util.HashMap; +import java.util.Map; + +/** + * The HSM proxy action enumeration. + * + * @author Lijun Liao (xipki) + */ + +public enum ProxyAction { + + moduleCaps ("mcaps"), + slotIds ("sids"), + + // mechanism infos + mechInfos ("mis"), + + publicKeyByHandle ("pkbh"), + + keyByKeyId ("kbi"), + keyByIdLabel ("kbil"), + keyIdByIdLabel ("kibil"), + + objectExistsByIdLabel ("ebil"), + + destroyAllObjects ("dao"), + destroyObjectsByHandle ("dobh"), + destroyObjectsByIdLabel ("dobil"), + + genSecretKey ("gsk"), + importSecretKey ("isk"), + + genRSAKeypair ("grsa"), + genRSAKeypairOtf ("grsao"), + // genDSAKeypairByKeysize + genDSAKeypair2 ("gdsa2"), + genDSAKeypair ("gdsa"), + genDSAKeypairOtf ("gdsao"), + genECKeypair ("gec"), + genECKeypairOtf ("geco"), + genSM2Keypair ("gsm2"), + genSM2KeypairOtf ("gsm2o"), + showDetails ("d"), + sign ("s"), + digestSecretKey ("dsk"); + + private final String alias; + + private static final Map namealiasActionMap = new HashMap<>(); + + static { + for (ProxyAction p : ProxyAction.values()) { + namealiasActionMap.put(p.name().toLowerCase(), p); + } + + for (ProxyAction p : ProxyAction.values()) { + String lc = p.alias.toLowerCase(); + if (namealiasActionMap.containsKey(lc)) { + throw new IllegalStateException("invalid alias " + p.alias); + } + namealiasActionMap.put(lc, p); + } + } + + ProxyAction(String alias) { + this.alias = alias; + } + + public String getAlias() { + return alias; + } + + public static ProxyAction ofNameIgnoreCase(String name) { + return namealiasActionMap.get(name.toLowerCase()); + } + +} diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java new file mode 100644 index 0000000..71d76de --- /dev/null +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/ProxyMessage.java @@ -0,0 +1,1465 @@ +// Copyright (c) 2013-2024 xipki. All rights reserved. +// License Apache License 2.0 + +package org.xipki.security.pkcs11.hsmproxy; + +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.xipki.pkcs11.wrapper.MechanismInfo; +import org.xipki.pkcs11.wrapper.PKCS11Exception; +import org.xipki.pkcs11.wrapper.PKCS11KeyId; +import org.xipki.pkcs11.wrapper.TokenException; +import org.xipki.pkcs11.wrapper.params.ExtraParams; +import org.xipki.security.pkcs11.P11Key; +import org.xipki.security.pkcs11.P11ModuleConf; +import org.xipki.security.pkcs11.P11Params; +import org.xipki.security.pkcs11.P11Slot; +import org.xipki.security.pkcs11.P11SlotId; +import org.xipki.util.Args; +import org.xipki.util.cbor.CborDecoder; +import org.xipki.util.cbor.CborEncodable; +import org.xipki.util.cbor.CborEncoder; +import org.xipki.util.exception.DecodeException; +import org.xipki.util.exception.EncodeException; + +import java.io.IOException; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; + +/** + * The CBOR message. + * + * @author Lijun Liao (xipki) + */ +public abstract class ProxyMessage implements CborEncodable { + + protected abstract void encode0(CborEncoder encoder) throws EncodeException, IOException; + + @Override + public final void encode(CborEncoder encoder) throws EncodeException { + try { + encode0(encoder); + } catch (IOException ex) { + throw new EncodeException("IO error", ex); + } + } + + private static boolean isNotNullOrElseWriteNull(CborEncoder encoder, Object obj) throws IOException { + if (obj == null) { + encoder.writeNull(); + return false; + } + return true; + } + + private static void writeBigInt(CborEncoder encoder, BigInteger value) throws IOException { + if (isNotNullOrElseWriteNull(encoder, value)) { + encoder.writeByteString(value.toByteArray()); + } + } + + private static void writeOid(CborEncoder encoder, ASN1ObjectIdentifier value) throws IOException { + if (isNotNullOrElseWriteNull(encoder, value)) { + encoder.writeTextString(value.getId()); + } + } + + private static ASN1ObjectIdentifier readOid(CborDecoder decoder) throws IOException, DecodeException { + String text = decoder.readTextString(); + if (text == null) { + return null; + } + + try { + return new ASN1ObjectIdentifier(text); + } catch (IllegalArgumentException ex) { + throw new DecodeException(text + " is not a valid ObjectIdentifier"); + } + } + + private static void writeNewKeyControl(CborEncoder encoder, P11Slot.P11NewKeyControl control) throws IOException { + if (control == null) { + encoder.writeNull(); + return; + } + + encoder.writeArrayStart(5); + encoder.writeByteString(control.getId()); + encoder.writeTextString(control.getLabel()); + encoder.writeBooleanObj(control.getSensitive()); + encoder.writeBooleanObj(control.getExtractable()); + + Set usages = control.getUsages(); + if (usages == null) { + encoder.writeNull(); + } else { + encoder.writeArrayStart(usages.size()); + for (P11Slot.P11KeyUsage usage: usages) { + encoder.writeTextString(usage.name()); + } + } + } + + private static P11Slot.P11NewKeyControl decodeNewKeyControl(CborDecoder decoder) throws DecodeException { + try { + if (decoder.readNullOrArrayLength(5)) { + return null; + } + + byte[] id = decoder.readByteString(); + String label = decoder.readTextString(); + P11Slot.P11NewKeyControl control = new P11Slot.P11NewKeyControl(id, label); + control.setSensitive(decoder.readBooleanObj()); + control.setExtractable(decoder.readBooleanObj()); + + // usages + Integer usagesLen = decoder.readNullOrArrayLength(); + if (usagesLen != null) { + Set usages = new HashSet<>(usagesLen * 5 / 4); + for (int i = 0; i < usagesLen; i++) { + String usageText = decoder.readTextString(); + P11Slot.P11KeyUsage usage; + try { + usage = P11Slot.P11KeyUsage.valueOf(usageText); + } catch (IllegalArgumentException e) { + throw new DecodeException("unknown P11KeyUsage " + usageText); + } + usages.add(usage); + } + + control.setUsages(usages); + } + + return control; + } catch (IOException ex) { + throw new DecodeException("IO error", ex); + } + } + + private static void writeKeyId(CborEncoder encoder, PKCS11KeyId keyId) throws IOException { + encoder.writeArrayStart(6); + encoder.writeInt(keyId.getHandle()); + encoder.writeInt(keyId.getObjectCLass()); + encoder.writeInt(keyId.getKeyType()); + encoder.writeByteString(keyId.getId()); + encoder.writeTextString(keyId.getLabel()); + encoder.writeIntObj(keyId.getPublicKeyHandle()); + } + + private static PKCS11KeyId decodeKeyId(CborDecoder decoder) throws DecodeException { + try { + if (decoder.readNullOrArrayLength(6)) { + return null; + } + + long handle = decoder.readLong(); + long objectCLass = decoder.readLong(); + long keyType = decoder.readLong(); + byte[] id = decoder.readByteString(); + String label = decoder.readTextString(); + Long publicKeyHandle = decoder.readLongObj(); + + PKCS11KeyId keyId = new PKCS11KeyId(handle, objectCLass, keyType, id, label); + keyId.setPublicKeyHandle(publicKeyHandle); + return keyId; + } catch (IOException ex) { + throw new DecodeException("IO error decoding PKCS11KeyId", ex); + } + } + + private static void assertArraySize(CborDecoder decoder, int arraySize, String name) throws DecodeException { + try { + if (decoder.readNullOrArrayLength(arraySize)) { + throw new DecodeException(name + " shall not be null"); + } + } catch (IOException ex) { + throw new DecodeException("IO error reading arrayLength of " + name); + } + } + + /** + * The message wrapper for boolean. + */ + public static class BooleanMessage extends ProxyMessage { + + private final boolean value; + + public BooleanMessage(boolean value) { + this.value = value; + } + + public boolean getValue() { + return value; + } + + @Override + public void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeBoolean(value); + } + + public static BooleanMessage decode(CborDecoder decoder) throws DecodeException { + try { + boolean b = Optional.ofNullable(decoder.readBooleanObj()).orElseThrow( + () -> new DecodeException("BooleanMessage shall not be null")); + return new BooleanMessage(b); + } catch (IOException ex) { + throw new DecodeException("IO error decoding BooleanMessage", ex); + } + } + + } + + /** + * The message wrapper for byte[]. + */ + public static class ByteArrayMessage extends ProxyMessage { + + private final byte[] value; + + public ByteArrayMessage(byte[] value) { + this.value = Args.notNull(value, "value"); + } + + public byte[] getValue() { + return value; + } + + @Override + protected void encode0(CborEncoder encoder) throws IOException { + encoder.writeByteString(value); + } + + public static ByteArrayMessage decode(CborDecoder decoder) throws DecodeException { + try { + byte[] b = Optional.ofNullable(decoder.readByteString()).orElseThrow( + () -> new DecodeException("ByteArrayMessage shall not be null")); + + return new ByteArrayMessage(b); + } catch (IOException ex) { + throw new DecodeException("IO error decoding ByteArrayMessage", ex); + } + } + + } + + /** + * The request to digest secret key. + */ + public static class DigestSecretKeyRequest extends ProxyMessage { + + private static final int NUM_FIELDS = 2; + + private final long mechanism; + + private final long objectHandle; + + public DigestSecretKeyRequest(long mechanism, long objectHandle) { + this.mechanism = mechanism; + this.objectHandle = objectHandle; + } + + public long getMechanism() { + return mechanism; + } + + public long getObjectHandle() { + return objectHandle; + } + + @Override + protected void encode0(CborEncoder encoder) throws IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeInt(mechanism); + encoder.writeInt(objectHandle); + } + + public static DigestSecretKeyRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "DigestSecretKeyRequest"); + try { + long mechanism = decoder.readLong(); + long objectHandle = decoder.readLong(); + return new DigestSecretKeyRequest(mechanism, objectHandle); + } catch (IOException ex) { + throw new DecodeException("IO error decoding DigestSecretKeyRequest", ex); + } + } + + } + + public enum ProxyErrorCode { + + internalError(1), + badRequest(2), + tokenException(3), + pkcs11Exception(4); + + private final int code; + + ProxyErrorCode(int code) { + this.code = code; + } + + public int getCode() { + return code; + } + + public static ProxyErrorCode ofCode(int code) { + for (ProxyErrorCode m : ProxyErrorCode.values()) { + if (m.code == code) { + return m; + } + } + return null; + } + + } + + /** + * The error response. + */ + public static class ErrorResponse extends ProxyMessage { + + public static final long CBOR_TAG_ERROR_RESPONSE = 0x80000; + + private static final int NUM_FIELDS = 2; + + private final ProxyErrorCode errorCode; + + private final String detail; + + public ErrorResponse(ProxyErrorCode errorCode, String detail) { + this.errorCode = errorCode; + this.detail = detail; + } + + public ErrorResponse(Throwable t) { + if (t instanceof PKCS11Exception) { + this.errorCode = ProxyErrorCode.pkcs11Exception; + this.detail = Long.toString(((PKCS11Exception) t).getErrorCode()); + } else if (t instanceof TokenException) { + this.errorCode = ProxyErrorCode.tokenException; + this.detail = t.getMessage(); + } else { + this.errorCode = ProxyErrorCode.tokenException; + this.detail = t.getMessage(); + } + } + + public ProxyErrorCode getErrorCode() { + return errorCode; + } + + public String getDetail() { + return detail; + } + + @Override + public void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeInt(errorCode.code); + encoder.writeTextString(detail); + } + + public static ErrorResponse decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "ErrorResponnse"); + try { + int code = decoder.readInt(); + ProxyErrorCode errorCode = Optional.ofNullable(ProxyErrorCode.ofCode(code)).orElseThrow( + () -> new DecodeException("unknown error code " + code)); + String detail = decoder.readTextString(); + return new ErrorResponse(errorCode, detail); + } catch (IOException ex) { + throw new DecodeException("IO error decoding ErrorResponse", ex); + } + } + + } + + /** + * The request to generate-then-save DSA keypair for given keysize. + */ + public static class GenerateDSAKeyPairByKeysizeRequest extends ProxyMessage { + + private static final int NUM_FIELDS = 3; + + private final int plength; + + private final int qlength; + + private final P11Slot.P11NewKeyControl newKeyControl; + + public GenerateDSAKeyPairByKeysizeRequest(int plength, int qlength, P11Slot.P11NewKeyControl newKeyControl) { + this.plength = plength; + this.qlength = qlength; + this.newKeyControl = newKeyControl; + } + + public int getPlength() { + return plength; + } + + public int getQlength() { + return qlength; + } + + public P11Slot.P11NewKeyControl getNewKeyControl() { + return newKeyControl; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeInt(plength); + encoder.writeInt(qlength); + writeNewKeyControl(encoder, newKeyControl); + } + + public static GenerateDSAKeyPairByKeysizeRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "GenerateDSAKeyPairByKeysizeRequest"); + try { + int plength = decoder.readInt(); + int qlength = decoder.readInt(); + P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); + return new GenerateDSAKeyPairByKeysizeRequest(plength, qlength, control); + } catch (IOException ex) { + throw new DecodeException("IO error decoding GenerateDSAKeyPairByKeysizeRequest", ex); + } + } + + } + + /** + * The request to generate-then-destroy DSA keypair for given (P, Q, G). + */ + public static class GenerateDSAKeyPairOtfRequest extends ProxyMessage { + + private static final int NUM_FIELDS = 3; + + protected final BigInteger p; + + protected final BigInteger q; + + protected final BigInteger g; + + public GenerateDSAKeyPairOtfRequest(BigInteger p, BigInteger q, BigInteger g) { + this.p = Args.notNull(p, "p"); + this.q = Args.notNull(q, "q"); + this.g = Args.notNull(g, "g"); + } + + public BigInteger getP() { + return p; + } + + public BigInteger getQ() { + return q; + } + + public BigInteger getG() { + return g; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeByteString(p.toByteArray()); + encoder.writeByteString(q.toByteArray()); + encoder.writeByteString(g.toByteArray()); + } + + public static GenerateDSAKeyPairOtfRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "GenerateDSAKeyPairOtfRequest"); + try { + BigInteger p = decoder.readBigInt(); + BigInteger q = decoder.readBigInt(); + BigInteger g = decoder.readBigInt(); + return new GenerateDSAKeyPairOtfRequest(p, q, g); + } catch (IOException ex) { + throw new DecodeException("IO error decoding GenerateDSAKeyPairOtfRequest", ex); + } + } + + } + + /** + * The request to generate-then-save DSA keypair for given (P, Q, G). + */ + public static class GenerateDSAKeyPairRequest extends GenerateDSAKeyPairOtfRequest { + + private static final int NUM_FIELDS = 4; + + private final P11Slot.P11NewKeyControl newKeyControl; + + public GenerateDSAKeyPairRequest(BigInteger p, BigInteger q, BigInteger g, P11Slot.P11NewKeyControl newKeyControl) { + super(p, q, g); + this.newKeyControl = newKeyControl; + } + + public P11Slot.P11NewKeyControl getNewKeyControl() { + return newKeyControl; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeByteString(p.toByteArray()); + encoder.writeByteString(q.toByteArray()); + encoder.writeByteString(g.toByteArray()); + writeNewKeyControl(encoder, newKeyControl); + } + + public static GenerateDSAKeyPairRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "GenerateDSAKeyPairRequest"); + try { + BigInteger p = decoder.readBigInt(); + BigInteger q = decoder.readBigInt(); + BigInteger g = decoder.readBigInt(); + P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); + return new GenerateDSAKeyPairRequest(p, q, g, control); + } catch (IOException ex) { + throw new DecodeException("IO error decoding GenerateDSAKeyPairRequest", ex); + } + } + + } + + /** + * The request to generate-then-destroy EC keypair. + */ + public static class GenerateECKeyPairOtfRequest extends ProxyMessage { + + private static final int NUM_FIELDS = 1; + + protected final ASN1ObjectIdentifier curveOid; + + public GenerateECKeyPairOtfRequest(ASN1ObjectIdentifier curveOid) { + this.curveOid = Args.notNull(curveOid, "curveOid"); + } + + public ASN1ObjectIdentifier getCurveOid() { + return curveOid; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + writeOid(encoder, curveOid); + } + + public static GenerateECKeyPairOtfRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "GenerateECKeyPairOtfRequest"); + try { + ASN1ObjectIdentifier curveOid = readOid(decoder); + return new GenerateECKeyPairOtfRequest(curveOid); + } catch (IOException ex) { + throw new DecodeException("IO error decoding GenerateECKeyPairOtfRequest", ex); + } + } + + } + + /** + * The request to generate-then-save EC keypair. + */ + public static class GenerateECKeyPairRequest extends GenerateECKeyPairOtfRequest { + + private static final int NUM_FIELDS = 2; + + private final P11Slot.P11NewKeyControl newKeyControl; + + public GenerateECKeyPairRequest(ASN1ObjectIdentifier curveOid, P11Slot.P11NewKeyControl newKeyControl) { + super(curveOid); + this.newKeyControl = newKeyControl; + } + + public P11Slot.P11NewKeyControl getNewKeyControl() { + return newKeyControl; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + ProxyMessage.writeOid(encoder, curveOid); + ProxyMessage.writeNewKeyControl(encoder, newKeyControl); + } + + public static GenerateECKeyPairRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "GenerateECKeyPairRequest"); + try { + ASN1ObjectIdentifier curveOid = ProxyMessage.readOid(decoder); + P11Slot.P11NewKeyControl control = ProxyMessage.decodeNewKeyControl(decoder); + return new GenerateECKeyPairRequest(curveOid, control); + } catch (IOException ex) { + throw new DecodeException("IO error decoding GenerateECKeyPairRequest", ex); + } + } + + } + + /** + * The request to generate-then-destroy RSA keypair. + */ + public static class GenerateRSAKeyPairOtfRequest extends ProxyMessage { + + private static final int NUM_FIELDS = 2; + + protected final int keySize; + + protected final BigInteger publicExponent; + + public GenerateRSAKeyPairOtfRequest(int keySize, BigInteger publicExponent) { + this.keySize = keySize; + this.publicExponent = publicExponent; + } + + public int getKeySize() { + return keySize; + } + + public BigInteger getPublicExponent() { + return publicExponent; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeInt(keySize); + encoder.writeByteString(publicExponent == null ? null : publicExponent.toByteArray()); + } + + public static GenerateRSAKeyPairOtfRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "GenerateRSAKeyPairOtfRequest"); + try { + int keysize = decoder.readInt(); + BigInteger publicExponent = decoder.readBigInt(); + return new GenerateRSAKeyPairOtfRequest(keysize, publicExponent); + } catch (IOException ex) { + throw new DecodeException("IO error decoding GenerateRSAKeyPairOtfRequest", ex); + } + } + + } + + /** + * The request to generate-then-save RSA keypair. + */ + public static class GenerateRSAKeyPairRequest extends GenerateRSAKeyPairOtfRequest { + + private static final int NUM_FIELDS = 2; + + private final P11Slot.P11NewKeyControl newKeyControl; + + public GenerateRSAKeyPairRequest(int keySize, BigInteger publicExponent, P11Slot.P11NewKeyControl newKeyControl) { + super(keySize, publicExponent); + this.newKeyControl = newKeyControl; + } + + public P11Slot.P11NewKeyControl getNewKeyControl() { + return newKeyControl; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeInt(keySize); + writeBigInt(encoder, publicExponent); + writeNewKeyControl(encoder, newKeyControl); + } + + public static GenerateRSAKeyPairRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "GenerateRSAKeyPairRequest"); + try { + int keysize = decoder.readInt(); + BigInteger publicExponent = decoder.readBigInt(); + P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); + return new GenerateRSAKeyPairRequest(keysize, publicExponent, control); + } catch (IOException ex) { + throw new DecodeException("IO error decoding GenerateRSAKeyPairRequest", ex); + } + } + + } + + /** + * The request to generate-then-destroy SM2 keypair. + */ + public static class GenerateSecretKeyRequest extends ProxyMessage { + + private static final int NUM_FIELDS = 3; + private final long keyType; + private final Integer keySize; + private final P11Slot.P11NewKeyControl newKeyControl; + + public GenerateSecretKeyRequest(long keyType, Integer keySize, P11Slot.P11NewKeyControl newKeyControl) { + this.keyType = keyType; + this.keySize = keySize; + this.newKeyControl = newKeyControl; + } + + public long getKeyType() { + return keyType; + } + + public Integer getKeySize() { + return keySize; + } + + public P11Slot.P11NewKeyControl getNewOKeyControl() { + return newKeyControl; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeInt(keyType); + encoder.writeIntObj(keySize); + writeNewKeyControl(encoder, newKeyControl); + } + + public static GenerateSecretKeyRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "GenerateSecretKeyRequest"); + try { + long keyType = decoder.readLong(); + Integer keySize = decoder.readIntObj(); + P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); + return new GenerateSecretKeyRequest(keyType, keySize, control); + } catch (IOException ex) { + throw new DecodeException("IO error decoding GenerateSecretKeyRequest", ex); + } + } + + } + + /** + * The request to generate-then-save SM2 keypair. + */ + public static class GenerateSM2KeyPairRequest extends ProxyMessage { + + private static final int NUM_FIELDS = 1; + + private final P11Slot.P11NewKeyControl newKeyControl; + + public GenerateSM2KeyPairRequest(P11Slot.P11NewKeyControl newKeyControl) { + this.newKeyControl = newKeyControl; + } + + public P11Slot.P11NewKeyControl getNewKeyControl() { + return newKeyControl; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + writeNewKeyControl(encoder, newKeyControl); + } + + public static GenerateSM2KeyPairRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "GenerateSM2KeyPairRequest"); + P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); + return new GenerateSM2KeyPairRequest(control); + } + + } + + /** + * The request to get mechanism infos. + */ + public static class GetMechanismInfosResponse extends ProxyMessage { + + private final Map mechamismInfoMap; + + public GetMechanismInfosResponse(Map mechamismInfoMap) { + this.mechamismInfoMap = mechamismInfoMap; + } + + @Override + public void encode0(CborEncoder encoder) throws IOException, EncodeException { + encoder.writeMapStart(mechamismInfoMap.size()); + for (Map.Entry entry : mechamismInfoMap.entrySet()) { + encoder.writeInt(entry.getKey()); + MechanismInfo mi = entry.getValue(); + if (entry.getValue() == null) { + encoder.writeNull(); + } else { + encoder.writeArrayStart(3); + encoder.writeInt(mi.getMinKeySize()); + encoder.writeInt(mi.getMaxKeySize()); + encoder.writeInt(mi.getFlags()); + } + } + } + + public Map getMechamismInfoMap() { + return mechamismInfoMap; + } + + public static GetMechanismInfosResponse decode(CborDecoder decoder) throws DecodeException { + try { + Integer mapLen = decoder.readNullOrMapLength(); + if (mapLen == null) { + throw new DecodeException("GetMechanismInfosResponse shall not be null"); + } + + Map map = new HashMap<>(mapLen * 5 / 4); + for (int i = 0; i < mapLen; i++) { + long code = decoder.readLong(); + boolean isNull = decoder.readNullOrArrayLength(3); + if (isNull) { + map.put(code, null); + } else { + long minSize = decoder.readLong(); + long maxSize = decoder.readLong(); + long flags = decoder.readLong(); + map.put(code, new MechanismInfo(minSize, maxSize, flags)); + } + } + + return new GetMechanismInfosResponse(map); + } catch (IOException ex) { + throw new DecodeException("IO error decoding GetMechanismInfosResponse", ex); + } + } + + } + + /** + * The message wrapper for ia and label. + */ + public static class IdLabelMessage extends ProxyMessage { + + private static final int NUM_FIELDS = 2; + + private final byte[] id; + + private final String label; + + public IdLabelMessage(byte[] id, String label) { + this.id = id; + this.label = label; + } + + public byte[] getId() { + return id; + } + + public String getLabel() { + return label; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeByteString(id); + encoder.writeTextString(label); + } + + public static IdLabelMessage decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "IdLabelMessage"); + try { + byte[] id = decoder.readByteString(); + String label = decoder.readTextString(); + return new IdLabelMessage(id, label); + } catch (IOException ex) { + throw new DecodeException("IO error decoding IdLabelMessage", ex); + } + } + + } + + /** + * The request to import secret key. + */ + public static class ImportSecretKeyRequest extends ProxyMessage { + private static final int NUM_FIELDS = 3; + private final long keyType; + private final byte[] keyValue; + private final P11Slot.P11NewKeyControl newKeyControl; + + public ImportSecretKeyRequest(long keyType, byte[] keyValue, P11Slot.P11NewKeyControl newKeyControl) { + this.keyType = keyType; + this.keyValue = Args.notNull(keyValue, "keyValue"); + this.newKeyControl = newKeyControl; + } + + public long getKeyType() { + return keyType; + } + + public byte[] getKeyValue() { + return keyValue; + } + + public P11Slot.P11NewKeyControl getNewKeyControl() { + return newKeyControl; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeInt(keyType); + encoder.writeByteString(keyValue); + writeNewKeyControl(encoder, newKeyControl); + } + + public static ImportSecretKeyRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "ImportSecretKeyRequest"); + try { + long keyType = decoder.readLong(); + byte[] keyValue = decoder.readByteString(); + P11Slot.P11NewKeyControl control = decodeNewKeyControl(decoder); + return new ImportSecretKeyRequest(keyType, keyValue, control); + } catch (IOException ex) { + throw new DecodeException("IO error decoding ImportSecretKeyRequest", ex); + } + } + + } + + /** + * The message wrapper for int. + */ + public static class IntMessage extends ProxyMessage { + + private final int value; + + public IntMessage(int value) { + this.value = value; + } + + public int getValue() { + return value; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeInt(value); + } + + public static IntMessage decode(CborDecoder decoder) throws DecodeException { + try { + int b = Optional.ofNullable(decoder.readIntObj()).orElseThrow( + () -> new DecodeException("IntMessage shall not be null")); + return new IntMessage(b); + } catch (IOException ex) { + throw new DecodeException("IO error decoding IntMessage", ex); + } + } + + } + + /** + * The message wrapper for {@link PKCS11KeyId}. + */ + public static class KeyIdMessage extends ProxyMessage { + private static final int NUM_FIELDS = 6; + private final PKCS11KeyId keyId; + + public KeyIdMessage(PKCS11KeyId keyId) { + this.keyId = keyId; + } + + public PKCS11KeyId getKeyId() { + return keyId; + } + + @Override + public void encode0(CborEncoder encoder) throws IOException, EncodeException { + if (keyId == null) { + encoder.writeNull(); + return; + } + + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeInt(keyId.getHandle()); + encoder.writeInt(keyId.getKeyType()); + encoder.writeInt(keyId.getObjectCLass()); + encoder.writeByteString(keyId.getId()); + encoder.writeTextString(keyId.getLabel()); + encoder.writeIntObj(keyId.getPublicKeyHandle()); + } + + public static KeyIdMessage decode(CborDecoder decoder) throws DecodeException { + PKCS11KeyId keyId = Optional.ofNullable(decodeKeyId(decoder)).orElseThrow( + () -> new DecodeException("KeyIdMessage shall not be null")); + return new KeyIdMessage(keyId); + } + + } + + /** + * The message wrapper for long[]. + */ + public static class LongArrayMessage extends ProxyMessage { + + private final long[] value; + + public LongArrayMessage(long[] value) { + this.value = value; + } + + public long[] getValue() { + return value; + } + + @Override + public void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeLongs(value); + } + + public static LongArrayMessage decode(CborDecoder decoder) throws DecodeException { + try { + long[] value = Optional.ofNullable(decoder.readLongs()).orElseThrow( + () -> new DecodeException("LongMessage shall not be null")); + return new LongArrayMessage(value); + } catch (IOException ex) { + throw new DecodeException("IO error decoding LongArrayMessage", ex); + } + } + + } + + /** + * The message wrapper for long. + */ + public static class LongMessage extends ProxyMessage { + + private final long value; + + public LongMessage(long value) { + this.value = value; + } + + public long getValue() { + return value; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeInt(value); + } + + public static LongMessage decode(CborDecoder decoder) throws DecodeException { + try { + long b = Optional.ofNullable(decoder.readLongObj()).orElseThrow( + () -> new DecodeException("LongMessage shall not be null")); + return new LongMessage(b); + } catch (IOException ex) { + throw new DecodeException("IO error decoding LongMessage", ex); + } + } + + } + + /** + * The response of getting module capability. + */ + public static class ModuleCapsResponse extends ProxyMessage { + + private static final int NUM_FIELDS = 5; + + private final boolean readOnly; + + private final int maxMessageSize; + + private final P11ModuleConf.P11NewObjectConf newObjectConf; + + private final List secretKeyTypes; + + private final List keyPairTypes; + + public ModuleCapsResponse(boolean readOnly, int maxMessageSize, P11ModuleConf.P11NewObjectConf newObjectConf, + List secretKeyTypes, List keyPairTypes) { + this.readOnly = readOnly; + this.maxMessageSize = maxMessageSize; + this.newObjectConf = newObjectConf; + this.secretKeyTypes = secretKeyTypes; + this.keyPairTypes = keyPairTypes; + } + + public boolean isReadOnly() { + return readOnly; + } + + public int getMaxMessageSize() { + return maxMessageSize; + } + + public P11ModuleConf.P11NewObjectConf getNewObjectConf() { + return newObjectConf; + } + + public List getSecretKeyTypes() { + return secretKeyTypes; + } + + public List getKeyPairTypes() { + return keyPairTypes; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeBoolean(readOnly); + encoder.writeInt(maxMessageSize); + if (newObjectConf == null) { + encoder.writeNull(); + } else { + encoder.writeArrayStart(2); + encoder.writeBoolean(newObjectConf.isIgnoreLabel()); + encoder.writeInt(newObjectConf.getIdLength()); + } + + encoder.writeLongs(secretKeyTypes); + encoder.writeLongs(keyPairTypes); + } + + public static ModuleCapsResponse decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "ModuleCapsResponse"); + try { + boolean readOnly = decoder.readBoolean(); + int maxMessageSize = decoder.readInt(); + P11ModuleConf.P11NewObjectConf newObjectConf; + if (decoder.readNullOrArrayLength(2)) { + newObjectConf = null; + } else { + newObjectConf = new P11ModuleConf.P11NewObjectConf(); + newObjectConf.setIgnoreLabel(decoder.readBoolean()); + newObjectConf.setIdLength(decoder.readInt()); + } + + List secretKeyTypes = decoder.readLongList(); + List keyPairTypes = decoder.readLongList(); + + return new ModuleCapsResponse(readOnly, maxMessageSize, newObjectConf, secretKeyTypes, keyPairTypes); + } catch (IOException ex) { + throw new DecodeException("IO error decoding ModuleCapsResponse", ex); + } + } + + } // class ServerCaps + + /** + * The response of getting PKCS#11 key. + */ + public static class P11KeyResponse extends ProxyMessage { + + private static final int NUM_FIELDS = 9; + + private final PKCS11KeyId keyId; + + private boolean sign; + + private ASN1ObjectIdentifier ecParams; + + private Integer ecOrderBitSize; + + private BigInteger rsaModulus; + + private BigInteger rsaPublicExponent; + + private BigInteger dsaP; + + private BigInteger dsaQ; + + private BigInteger dsaG; + + public P11KeyResponse(P11Key key) { + Args.notNull(key, "key"); + this.keyId = key.getKeyId(); + this.ecParams = key.getEcParams(); + this.ecOrderBitSize = key.getEcOrderBitSize(); + this.dsaP = key.getDsaP(); + this.dsaQ = key.getDsaQ(); + this.dsaG = key.getDsaG(); + this.rsaModulus = key.getRsaModulus(); + this.rsaPublicExponent = key.getRsaPublicExponent(); + this.sign = key.isSign(); + } + + public P11KeyResponse(PKCS11KeyId keyId) { + this.keyId = Args.notNull(keyId, "keyId"); + } + + public P11Key getP11Key(HsmProxyP11Slot slot) { + HsmProxyP11Key key = new HsmProxyP11Key(slot, keyId); + key.setEcParams(ecParams); + key.setDsaParameters(dsaP, dsaQ, dsaG); + key.setRsaMParameters(rsaModulus, rsaPublicExponent); + key.sign(sign); + return key; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + writeKeyId(encoder, keyId); + encoder.writeBoolean(sign); + writeOid(encoder, ecParams); + encoder.writeIntObj(ecOrderBitSize); + writeBigInt(encoder, rsaModulus); + writeBigInt(encoder, rsaPublicExponent); + writeBigInt(encoder, dsaP); + writeBigInt(encoder, dsaQ); + writeBigInt(encoder, dsaG); + } + + public static P11KeyResponse decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "ModuleCapsResponse"); + try { + PKCS11KeyId keyId = decodeKeyId(decoder); + P11KeyResponse ret = new P11KeyResponse(keyId); + ret.sign = decoder.readBoolean(); + ret.ecParams = readOid(decoder); + ret.ecOrderBitSize = decoder.readIntObj(); + ret.rsaModulus = decoder.readBigInt(); + ret.rsaPublicExponent = decoder.readBigInt(); + ret.dsaP = decoder.readBigInt(); + ret.dsaQ = decoder.readBigInt(); + ret.dsaG = decoder.readBigInt(); + + return ret; + } catch (IOException ex) { + throw new DecodeException("IO error decoding P11KeyResponse", ex); + } + } + + } + + /** + * The request to show details of given slot, and optional given object handle. + */ + public static class ShowDetailsRequest extends ProxyMessage { + + private static final int NUM_FIELDS = 2; + + private final Long objectHandle; + + private final boolean verbose; + + public ShowDetailsRequest(Long objectHandle, boolean verbose) { + this.objectHandle = objectHandle; + this.verbose = verbose; + } + + public Long getObjectHandle() { + return objectHandle; + } + + public boolean isVerbose() { + return verbose; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeIntObj(objectHandle); + encoder.writeBoolean(verbose); + } + + public static ShowDetailsRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "ShowDetailsRequest"); + try { + Long objectHandle = decoder.readLongObj(); + boolean verbose = decoder.readBoolean(); + return new ShowDetailsRequest(objectHandle, verbose); + } catch (IOException ex) { + throw new DecodeException("IO error decoding P11KeyResponse", ex); + } + } + + } + + /** + * The request to sign message. + */ + public static class SignRequest extends ProxyMessage { + + private static final int NUM_FIELDS = 5; + + private static final int TAG_P11ByteArrayParams = 80000; + + private static final int TAG_P11RSAPkcsPssParams = 80001; + + private final long keyHandle; + + private final long mechanism; + + private final P11Params p11params; + + private final ExtraParams extraParams; + + private final byte[] content; + + public SignRequest(long keyHandle, long mechanism, P11Params p11params, ExtraParams extraParams, byte[] content) { + this.keyHandle = keyHandle; + this.mechanism = mechanism; + this.p11params = p11params; + this.extraParams = extraParams; + this.content = content; + } + + public long getKeyHandle() { + return keyHandle; + } + + public byte[] getContent() { + return content; + } + + public long getMechanism() { + return mechanism; + } + + public P11Params getP11params() { + return p11params; + } + + public ExtraParams getExtraParams() { + return extraParams; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(NUM_FIELDS); + encoder.writeInt(keyHandle); + encoder.writeInt(mechanism); + writeP11Params(encoder, p11params); + writeExtraParams(encoder, extraParams); + encoder.writeByteString(content); + } + + public static SignRequest decode(CborDecoder decoder) throws DecodeException { + assertArraySize(decoder, NUM_FIELDS, "SignRequest"); + try { + long handle = decoder.readLong(); + long mechanism = decoder.readLong(); + P11Params params = decodeP11Params(decoder); + ExtraParams extraParams = decodeExtraParams(decoder); + byte[] content = decoder.readByteString(); + return new SignRequest(handle, mechanism, params, extraParams, content); + } catch (IOException ex) { + throw new DecodeException("IO error decoding SignRequest", ex); + } + } + + private static void writeExtraParams(CborEncoder encoder, ExtraParams params) throws IOException { + if (params == null) { + encoder.writeNull(); + return; + } + encoder.writeArrayStart(1); + encoder.writeInt(params.ecOrderBitSize()); + } + + private static ExtraParams decodeExtraParams(CborDecoder decoder) throws DecodeException { + try { + if (decoder.readNullOrArrayLength(1)) { + return null; + } + + return new ExtraParams().ecOrderBitSize(decoder.readInt()); + } catch (IOException ex) { + throw new DecodeException("IO error", ex); + } + } + + protected static void writeP11Params(CborEncoder encoder, P11Params params) + throws IOException { + if (params == null) { + encoder.writeNull(); + return; + } + + if (params instanceof P11Params.P11ByteArrayParams) { + P11Params.P11ByteArrayParams tParams = (P11Params.P11ByteArrayParams) params; + encoder.writeTag(TAG_P11ByteArrayParams); + encoder.writeArrayStart(1); + encoder.writeByteString(tParams.getBytes()); + } else if (params instanceof P11Params.P11RSAPkcsPssParams) { + P11Params.P11RSAPkcsPssParams tParams = (P11Params.P11RSAPkcsPssParams) params; + encoder.writeTag(TAG_P11RSAPkcsPssParams); + encoder.writeArrayStart(3); + encoder.writeInt(tParams.getHashAlgorithm()); + encoder.writeInt(tParams.getMaskGenerationFunction()); + encoder.writeInt(tParams.getSaltLength()); + } else { + throw new IllegalStateException("unknown params " + params.getClass().getName()); + } + } + + public static P11Params decodeP11Params(CborDecoder decoder) throws DecodeException { + try { + Long tag = decoder.readTagObj(); + if (tag == null) { + return null; + } + + if (TAG_P11ByteArrayParams == tag) { + assertArraySize(decoder, 1, "P11ByteArrayParams"); + return new P11Params.P11ByteArrayParams(decoder.readByteString()); + } else if (TAG_P11RSAPkcsPssParams == tag) { + assertArraySize(decoder, 3, "P11RSAPkcsPssParams"); + long hashAlgorithm = decoder.readLong(); + long maskGenerationFunction = decoder.readLong(); + int saltLength = decoder.readInt(); + return new P11Params.P11RSAPkcsPssParams(hashAlgorithm, maskGenerationFunction, saltLength); + } else { + throw new DecodeException("unknown tag " + tag); + } + } catch (IOException ex) { + throw new DecodeException("IO error", ex); + } + } + + } + + /** + * The response of getting slot identifiers. + */ + public static class SlotIdsResponse extends ProxyMessage { + + private final List slotIds; + + public SlotIdsResponse(List slotIds) { + this.slotIds = Args.notNull(slotIds, "slotIds"); + } + + public List getSlotIds() { + return slotIds; + } + + @Override + protected void encode0(CborEncoder encoder) throws EncodeException, IOException { + encoder.writeArrayStart(slotIds.size()); + for (P11SlotId slotId : slotIds) { + encoder.writeArrayStart(2); + encoder.writeInt(slotId.getIndex()); + encoder.writeInt(slotId.getId()); + } + } + + public static SlotIdsResponse decode(CborDecoder decoder) throws DecodeException { + try { + int arrayLen = Optional.ofNullable(decoder.readNullOrArrayLength()).orElseThrow( + () -> new DecodeException("SlotIdsResponse shall not be null")); + + List list = new ArrayList<>(arrayLen); + for (int i = 0; i < arrayLen; i++) { + assertArraySize(decoder, 2, "P11SlotId"); + int index = decoder.readInt(); + long id = decoder.readLong(); + list.add(new P11SlotId(index, id)); + } + + return new SlotIdsResponse(list); + } catch (IOException ex) { + throw new DecodeException("IO error decoding SlotIdsResponse", ex); + } + } + } +} diff --git a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java index 849d604..ce68688 100644 --- a/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P11SignSpeed.java @@ -252,7 +252,7 @@ public P11SignSpeed(SecurityFactory securityFactory, P11Slot slot, String signat this.deleteKeyAfterTest = deleteKeyAfterTest; P11SlotId slotId = slot.getSlotId(); - SignerConf signerConf = getPkcs11SignerConf( + SignerConf signerConf = getPkcs11SignerConf(slot.getModuleName(), slotId.getId(), keyId.getId(), Args.notBlank(signatureAlgorithm, "signatureAlgorithm"), threads + Math.max(2, threads * 5 / 4)); @@ -297,10 +297,14 @@ protected Runnable getTester() throws Exception { } private static SignerConf getPkcs11SignerConf( - Long slotId, byte[] keyId, String signatureAlgorithm, int parallelism) { + String pkcs11ModuleName, Long slotId, byte[] keyId, String signatureAlgorithm, int parallelism) { ConfPairs conf = new ConfPairs("algo", signatureAlgorithm) .putPair("parallelism", Integer.toString(parallelism)); + if (pkcs11ModuleName != null && !pkcs11ModuleName.isEmpty()) { + conf.putPair("module", pkcs11ModuleName); + } + if (slotId != null) { conf.putPair("slot-id", slotId.toString()); } diff --git a/security/src/main/resources/OSGI-INF/blueprint/config.xml b/security/src/main/resources/OSGI-INF/blueprint/config.xml index d5bd74c..063bfba 100644 --- a/security/src/main/resources/OSGI-INF/blueprint/config.xml +++ b/security/src/main/resources/OSGI-INF/blueprint/config.xml @@ -92,4 +92,12 @@ + + + + + + diff --git a/util/src/main/java/org/xipki/util/Args.java b/util/src/main/java/org/xipki/util/Args.java index 18bb2a0..72fb98c 100644 --- a/util/src/main/java/org/xipki/util/Args.java +++ b/util/src/main/java/org/xipki/util/Args.java @@ -3,7 +3,6 @@ package org.xipki.util; -import java.util.Arrays; import java.util.Collection; import java.util.Dictionary; import java.util.List; From ddaa2fd491bc000cae232afe2e2cfd8d84ca50cd Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Thu, 7 Nov 2024 19:39:24 +0100 Subject: [PATCH 33/36] merged ByteArrayCborDecoder to CborDecoder --- .../xipki/util/cbor/ByteArrayCborDecoder.java | 44 ------------------- .../java/org/xipki/util/cbor/CborDecoder.java | 18 ++++++-- 2 files changed, 15 insertions(+), 47 deletions(-) delete mode 100644 util/src/main/java/org/xipki/util/cbor/ByteArrayCborDecoder.java diff --git a/util/src/main/java/org/xipki/util/cbor/ByteArrayCborDecoder.java b/util/src/main/java/org/xipki/util/cbor/ByteArrayCborDecoder.java deleted file mode 100644 index 787ab49..0000000 --- a/util/src/main/java/org/xipki/util/cbor/ByteArrayCborDecoder.java +++ /dev/null @@ -1,44 +0,0 @@ -// #THIRDPARTY -/* - * JACOB - CBOR implementation in Java. - * - * (C) Copyright - 2013 - J.W. Janssen - * - * Licensed under Apache License v2.0. - */ -package org.xipki.util.cbor; - -import org.xipki.util.Args; - -import java.io.ByteArrayInputStream; - -public class ByteArrayCborDecoder extends CborDecoder { - - /** - * Creates a new {@link ByteArrayCborDecoder} instance. - * @param bytes the encoded cbor message. - */ - public ByteArrayCborDecoder(byte[] bytes) { - this(bytes, 0, bytes.length); - } - - /** - * Creates a new {@link ByteArrayCborDecoder} instance. - * @param bytes the encoded cbor message. - * @param offset offset of bytes. - */ - public ByteArrayCborDecoder(byte[] bytes, int offset) { - this(bytes, offset, bytes.length - offset); - } - - /** - * Creates a new {@link ByteArrayCborDecoder} instance. - * @param bytes the encoded cbor message. - * @param offset offset of bytes for the cbor message. - * @param len length of the bytes for the cbor message. - */ - public ByteArrayCborDecoder(byte[] bytes, int offset, int len) { - super(new ByteArrayInputStream(bytes, Args.min(offset, "offset", 0), Args.min(len, "len", 0))); - } - -} diff --git a/util/src/main/java/org/xipki/util/cbor/CborDecoder.java b/util/src/main/java/org/xipki/util/cbor/CborDecoder.java index 6d046ed..d1600f4 100644 --- a/util/src/main/java/org/xipki/util/cbor/CborDecoder.java +++ b/util/src/main/java/org/xipki/util/cbor/CborDecoder.java @@ -10,6 +10,7 @@ import org.xipki.util.DateUtil; import org.xipki.util.exception.DecodeException; +import java.io.ByteArrayInputStream; import java.io.EOFException; import java.io.IOException; import java.io.InputStream; @@ -27,6 +28,17 @@ public class CborDecoder implements AutoCloseable { protected final PushbackInputStream m_is; + + public CborDecoder(byte[] bytes) { + this(bytes, 0, bytes.length); + } + + public CborDecoder(byte[] bytes, int offset, int length) { + this(new ByteArrayInputStream(bytes, + Args.min(offset, "offset", 0), + Args.min(length, "length", 0))); + } + /** * Creates a new {@link CborDecoder} instance. * @@ -533,7 +545,7 @@ protected int readUInt16() throws IOException { */ protected long readUInt32() throws IOException { byte[] buf = readFully(new byte[4]); - return ((buf[0] & 0xFF) << 24 | (buf[1] & 0xFF) << 16 | (buf[2] & 0xFF) << 8 | (buf[3] & 0xFF)) & 0xffffffffL; + return ((buf[0] & 0xFFL) << 24 | (buf[1] & 0xFF) << 16 | (buf[2] & 0xFF) << 8 | (buf[3] & 0xFF)) & 0xffffffffL; } /** @@ -619,7 +631,7 @@ public Integer readNullOrArrayLength() throws IOException, DecodeException { } } - public Integer readNullOrArrayLength(Class clazz) throws DecodeException { + public Integer readNullOrArrayLength(Class clazz) throws DecodeException { try { return readNullOrArrayLength(); } catch (IOException ex) { @@ -777,7 +789,7 @@ public BigInteger[] readBigInts() throws IOException, DecodeException { } BigInteger[] ret = new BigInteger[arrayLen]; - for (int i = 0; i < arrayLen.intValue(); i++) { + for (int i = 0; i < arrayLen; i++) { ret[i] = readBigInt(); } From dcbf6251e9eff1da92caedc34bbe1b1321c56b7a Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Thu, 7 Nov 2024 19:39:54 +0100 Subject: [PATCH 34/36] Use static method correctly. --- .../pkcs11/hsmproxy/HsmProxyP11Module.java | 3 +-- .../java/org/xipki/security/qa/P12SignSpeed.java | 14 +++++++------- .../java/org/xipki/security/util/PKCS1Util.java | 4 ++-- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java index be128f5..d1e7e09 100644 --- a/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java +++ b/security/src/main/java/org/xipki/security/pkcs11/hsmproxy/HsmProxyP11Module.java @@ -27,7 +27,6 @@ import org.xipki.util.IoUtil; import org.xipki.util.LogUtil; import org.xipki.util.StringUtil; -import org.xipki.util.cbor.ByteArrayCborDecoder; import org.xipki.util.cbor.CborConstants; import org.xipki.util.cbor.CborDecoder; import org.xipki.util.cbor.CborType; @@ -336,7 +335,7 @@ public ProxyMessage send(ProxyAction action, byte[] request) throws TokenExcepti throw new TokenException(ex.getMessage(), ex); } - CborDecoder decoder = new ByteArrayCborDecoder(respBytes); + CborDecoder decoder = new CborDecoder(respBytes); ErrorResponse errorResp = null; try { diff --git a/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java b/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java index 8c30f44..07ff7a8 100644 --- a/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java +++ b/security/src/main/java/org/xipki/security/qa/P12SignSpeed.java @@ -46,7 +46,7 @@ public AESGmac(SecurityFactory securityFactory, String signatureAlgorithm, int t private static byte[] generateKeystore(String signatureAlgorithm) throws Exception { int keysize = getKeysize(signatureAlgorithm); - KeyStoreWrapper identity = new P12KeyGenerator().generateSecretKey( + KeyStoreWrapper identity = P12KeyGenerator.generateSecretKey( "AES", keysize, new KeystoreGenerationParameters(PASSWORD.toCharArray())); return identity.keystore(); } @@ -86,7 +86,7 @@ private static byte[] generateKeystore(int plength, int qlength) throws Exceptio if (keystoreBytes == null) { KeystoreGenerationParameters params = new KeystoreGenerationParameters(PASSWORD.toCharArray()); params.setRandom(new SecureRandom()); - KeyStoreWrapper identity = new P12KeyGenerator().generateDSAKeypair(plength, qlength, params, null); + KeyStoreWrapper identity = P12KeyGenerator.generateDSAKeypair(plength, qlength, params, null); keystoreBytes = identity.keystore(); } return keystoreBytes; @@ -108,8 +108,8 @@ private static byte[] generateKeystore(ASN1ObjectIdentifier curveOid) throws Exc KeystoreGenerationParameters params = new KeystoreGenerationParameters(PASSWORD.toCharArray()); params.setRandom(new SecureRandom()); KeyStoreWrapper identity = EdECConstants.isEdwardsOrMontgomeryCurve(curveOid) - ? new P12KeyGenerator().generateEdECKeypair(curveOid, params, null) - : new P12KeyGenerator().generateECKeypair(curveOid, params, null); + ? P12KeyGenerator.generateEdECKeypair(curveOid, params, null) + : P12KeyGenerator.generateECKeypair(curveOid, params, null); keystoreBytes = identity.keystore(); } @@ -127,7 +127,7 @@ public HMAC(SecurityFactory securityFactory, String signatureAlgorithm, int thre private static byte[] generateKeystore(String signatureAlgorithm) throws Exception { int keysize = getKeysize(signatureAlgorithm); - KeyStoreWrapper identity = new P12KeyGenerator().generateSecretKey( + KeyStoreWrapper identity = P12KeyGenerator.generateSecretKey( "GENERIC", keysize, new KeystoreGenerationParameters(PASSWORD.toCharArray())); return identity.keystore(); } @@ -177,7 +177,7 @@ private static byte[] generateKeystore(int keysize, BigInteger publicExponent) t if (keystoreBytes == null) { KeystoreGenerationParameters params = new KeystoreGenerationParameters(PASSWORD.toCharArray()); params.setRandom(new SecureRandom()); - KeyStoreWrapper identity = new P12KeyGenerator().generateRSAKeypair(keysize, publicExponent, params, null); + KeyStoreWrapper identity = P12KeyGenerator.generateRSAKeypair(keysize, publicExponent, params, null); keystoreBytes = identity.keystore(); } return keystoreBytes; @@ -197,7 +197,7 @@ private static byte[] generateKeystore(ASN1ObjectIdentifier curveNOid) throws Ex if (keystoreBytes == null) { KeystoreGenerationParameters params = new KeystoreGenerationParameters(PASSWORD.toCharArray()); params.setRandom(new SecureRandom()); - KeyStoreWrapper identity = new P12KeyGenerator().generateECKeypair(curveNOid, params, null); + KeyStoreWrapper identity = P12KeyGenerator.generateECKeypair(curveNOid, params, null); keystoreBytes = identity.keystore(); } return keystoreBytes; diff --git a/security/src/main/java/org/xipki/security/util/PKCS1Util.java b/security/src/main/java/org/xipki/security/util/PKCS1Util.java index 26fa96b..4fbdfc3 100644 --- a/security/src/main/java/org/xipki/security/util/PKCS1Util.java +++ b/security/src/main/java/org/xipki/security/util/PKCS1Util.java @@ -142,7 +142,7 @@ public static byte[] EMSA_PSS_ENCODE(HashAlgo contentDigest, byte[] hashValue, H block[i] ^= dbMask[i]; } - block[0] &= (0xff >> ((block.length * 8) - emBits)); + block[0] &= (byte) (0xff >> ((block.length * 8) - emBits)); System.arraycopy(hv, 0, block, block.length - hLen - 1, hLen); @@ -211,7 +211,7 @@ public static boolean EMSA_PSS_DECODE(HashAlgo mgfDigest, byte[] mHash, byte[] E DB[i] = (byte)(DB[i] ^ dbMask[i]); } // 9. Set the leftmost 8.emLen ? emBits bits of DB to zero. - DB[0] &= (0xFF >>> (8*emLen - emBits)); + DB[0] &= (byte) (0xFF >>> (8*emLen - emBits)); // 10. If the emLen - hLen -sLen -2 leftmost octets of DB are not zero or // if the octet at position emLen -hLen -sLen -1 is not equal to 0x01, // output 'inconsistent' and stop. From e836126eae2bbe914af1aef2a49fb0f8ee3c0350 Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Thu, 7 Nov 2024 19:57:17 +0100 Subject: [PATCH 35/36] update dependencies --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 042e819..358edda 100644 --- a/pom.xml +++ b/pom.xml @@ -29,12 +29,12 @@ UTF-8 - 1.77 + 1.78.1 1.7.36 - 1.0.8 + 1.0.9 4.0.3 2.16.1 - 4.4.4 + 4.4.6 4.13.1 From 7afbae83307a32ae1b8aa5b3195335ba12cf23df Mon Sep 17 00:00:00 2001 From: Lijun Liao Date: Thu, 7 Nov 2024 22:43:04 +0100 Subject: [PATCH 36/36] remove support of servlet3 --- pom.xml | 3 +- {servlet5-common => servlet-common}/pom.xml | 2 +- .../org/xipki/servlet}/ServletFilter.java | 2 +- .../org/xipki/servlet}/XiHttpRequestImpl.java | 2 +- .../xipki/servlet}/XiHttpResponseImpl.java | 2 +- servlet3-common/pom.xml | 26 ------ .../org/xipki/servlet3/ServletFilter.java | 73 ---------------- .../org/xipki/servlet3/XiHttpRequestImpl.java | 83 ------------------- .../xipki/servlet3/XiHttpResponseImpl.java | 59 ------------- xipki-tomcat-password/pom.xml | 2 +- 10 files changed, 6 insertions(+), 248 deletions(-) rename {servlet5-common => servlet-common}/pom.xml (95%) rename {servlet5-common/src/main/java/org/xipki/servlet5 => servlet-common/src/main/java/org/xipki/servlet}/ServletFilter.java (98%) rename {servlet5-common/src/main/java/org/xipki/servlet5 => servlet-common/src/main/java/org/xipki/servlet}/XiHttpRequestImpl.java (98%) rename {servlet5-common/src/main/java/org/xipki/servlet5 => servlet-common/src/main/java/org/xipki/servlet}/XiHttpResponseImpl.java (97%) delete mode 100644 servlet3-common/pom.xml delete mode 100644 servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java delete mode 100644 servlet3-common/src/main/java/org/xipki/servlet3/XiHttpRequestImpl.java delete mode 100644 servlet3-common/src/main/java/org/xipki/servlet3/XiHttpResponseImpl.java diff --git a/pom.xml b/pom.xml index 358edda..e213a0c 100644 --- a/pom.xml +++ b/pom.xml @@ -49,8 +49,7 @@ shell-base security-shell xipki-tomcat-password - servlet3-common - servlet5-common + servlet-common scm:git:git@github.com:xipki/commons.git diff --git a/servlet5-common/pom.xml b/servlet-common/pom.xml similarity index 95% rename from servlet5-common/pom.xml rename to servlet-common/pom.xml index 469116f..0298965 100644 --- a/servlet5-common/pom.xml +++ b/servlet-common/pom.xml @@ -8,7 +8,7 @@ xipki-commons-parent 6.3.5-SNAPSHOT - servlet5-common + servlet-common XiPKI :: ${project.artifactId} bundle diff --git a/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java b/servlet-common/src/main/java/org/xipki/servlet/ServletFilter.java similarity index 98% rename from servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java rename to servlet-common/src/main/java/org/xipki/servlet/ServletFilter.java index 3d465f5..2a6a088 100644 --- a/servlet5-common/src/main/java/org/xipki/servlet5/ServletFilter.java +++ b/servlet-common/src/main/java/org/xipki/servlet/ServletFilter.java @@ -1,7 +1,7 @@ // Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 -package org.xipki.servlet5; +package org.xipki.servlet; import jakarta.servlet.Filter; import jakarta.servlet.FilterChain; diff --git a/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpRequestImpl.java b/servlet-common/src/main/java/org/xipki/servlet/XiHttpRequestImpl.java similarity index 98% rename from servlet5-common/src/main/java/org/xipki/servlet5/XiHttpRequestImpl.java rename to servlet-common/src/main/java/org/xipki/servlet/XiHttpRequestImpl.java index c49c4a3..20e84ea 100644 --- a/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpRequestImpl.java +++ b/servlet-common/src/main/java/org/xipki/servlet/XiHttpRequestImpl.java @@ -1,6 +1,6 @@ // Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 -package org.xipki.servlet5; +package org.xipki.servlet; import jakarta.servlet.http.HttpServletRequest; import org.xipki.util.http.XiHttpRequest; diff --git a/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpResponseImpl.java b/servlet-common/src/main/java/org/xipki/servlet/XiHttpResponseImpl.java similarity index 97% rename from servlet5-common/src/main/java/org/xipki/servlet5/XiHttpResponseImpl.java rename to servlet-common/src/main/java/org/xipki/servlet/XiHttpResponseImpl.java index c4e1934..f1e1a19 100644 --- a/servlet5-common/src/main/java/org/xipki/servlet5/XiHttpResponseImpl.java +++ b/servlet-common/src/main/java/org/xipki/servlet/XiHttpResponseImpl.java @@ -1,6 +1,6 @@ // Copyright (c) 2013-2024 xipki. All rights reserved. // License Apache License 2.0 -package org.xipki.servlet5; +package org.xipki.servlet; import jakarta.servlet.http.HttpServletResponse; import org.xipki.util.Args; diff --git a/servlet3-common/pom.xml b/servlet3-common/pom.xml deleted file mode 100644 index d67bd2b..0000000 --- a/servlet3-common/pom.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - 4.0.0 - - org.xipki.commons - xipki-commons-parent - 6.3.5-SNAPSHOT - - servlet3-common - XiPKI :: ${project.artifactId} - bundle - - - ${project.groupId} - util - ${project.version} - - - javax.servlet - javax.servlet-api - 3.1.0 - - - diff --git a/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java b/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java deleted file mode 100644 index 95f10e0..0000000 --- a/servlet3-common/src/main/java/org/xipki/servlet3/ServletFilter.java +++ /dev/null @@ -1,73 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 - -package org.xipki.servlet3; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.xipki.util.http.XiHttpFilter; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; - -/** - * Filter. - * - * @author Lijun Liao (xipki) - * @since 6.0.0 - */ -public abstract class ServletFilter implements Filter { - - private static final Logger LOG = LoggerFactory.getLogger(ServletFilter.class); - - private XiHttpFilter filter0; - - protected abstract XiHttpFilter initFilter(FilterConfig filterConfig) throws Exception; - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - try { - filter0 = initFilter(filterConfig); - } catch (Exception ex) { - LOG.error("error initializing ServletFiler", ex); - throw new ServletException(ex); - } - } - - @Override - public void destroy() { - if (filter0 != null) { - filter0.destroy(); - filter0 = null; - } - } - - @Override - public final void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) - throws IOException, ServletException { - if (filter0 == null) { - throw new ServletException("filter is not initialized"); - } - - if (!(request instanceof HttpServletRequest & response instanceof HttpServletResponse)) { - throw new ServletException("Only HTTP request is supported"); - } - - try { - filter0.doFilter(new XiHttpRequestImpl((HttpServletRequest) request), - new XiHttpResponseImpl((HttpServletResponse) response)); - } catch (IOException ex) { - throw ex; - } catch (Exception ex) { - throw new ServletException(ex); - } - } - -} diff --git a/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpRequestImpl.java b/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpRequestImpl.java deleted file mode 100644 index 5eedfe9..0000000 --- a/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpRequestImpl.java +++ /dev/null @@ -1,83 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 -package org.xipki.servlet3; - -import org.xipki.util.Args; -import org.xipki.util.http.XiHttpRequest; - -import javax.servlet.http.HttpServletRequest; -import java.io.IOException; -import java.io.InputStream; -import java.security.cert.X509Certificate; - -/** - * HTTP request wrapper. - * - * @author Lijun Liao (xipki) - * @since 3.0.1 - */ - -public class XiHttpRequestImpl implements XiHttpRequest { - - private final HttpServletRequest req; - - public XiHttpRequestImpl(HttpServletRequest req) { - this.req = Args.notNull(req, "req"); - } - - @Override - public String getHeader(String headerName) { - return req.getHeader(headerName); - } - - @Override - public String getParameter(String paramName) { - return req.getParameter(paramName); - } - - @Override - public String getMethod() { - return req.getMethod(); - } - - @Override - public String getServletPath() { - return req.getServletPath(); - } - - @Override - public String getContentType() { - return req.getContentType(); - } - - @Override - public Object getAttribute(String name) { - return req.getAttribute(name); - } - - @Override - public String getRequestURI() { - return req.getRequestURI(); - } - - @Override - public String getContextPath() { - return req.getContextPath(); - } - - @Override - public X509Certificate[] getCertificateChain() { - return (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate"); - } - - @Override - public InputStream getInputStream() throws IOException { - return req.getInputStream(); - } - - @Override - public void setAttribute(String name, String value) { - req.setAttribute(name, value); - } - -} diff --git a/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpResponseImpl.java b/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpResponseImpl.java deleted file mode 100644 index bfed8a3..0000000 --- a/servlet3-common/src/main/java/org/xipki/servlet3/XiHttpResponseImpl.java +++ /dev/null @@ -1,59 +0,0 @@ -// Copyright (c) 2013-2024 xipki. All rights reserved. -// License Apache License 2.0 -package org.xipki.servlet3; - -import org.xipki.util.Args; -import org.xipki.util.http.XiHttpResponse; - -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.OutputStream; - -/** - * HTTP response wrapper. - * - * @author Lijun Liao (xipki) - */ -public class XiHttpResponseImpl implements XiHttpResponse { - - private final HttpServletResponse resp; - - public XiHttpResponseImpl(HttpServletResponse resp) { - this.resp = Args.notNull(resp, "resp"); - } - - @Override - public void setStatus(int sc) { - resp.setStatus(sc); - } - - @Override - public void sendError(int sc) throws IOException { - resp.sendError(sc); - } - - @Override - public void setContentType(String type) { - resp.setContentType(type); - } - - @Override - public void addHeader(String name, String value) { - resp.addHeader(name, value); - } - - @Override - public void setHeader(String name, String value) { - resp.setHeader(name, value); - } - - @Override - public void setContentLength(int len) { - resp.setContentLength(len); - } - - @Override - public OutputStream getOutputStream() throws IOException { - return resp.getOutputStream(); - } -} diff --git a/xipki-tomcat-password/pom.xml b/xipki-tomcat-password/pom.xml index cd28f45..8f0eb0a 100644 --- a/xipki-tomcat-password/pom.xml +++ b/xipki-tomcat-password/pom.xml @@ -14,7 +14,7 @@ org.apache.tomcat tomcat-coyote - 9.0.73 + 10.1.31 ${project.groupId}