| author | valeriep |
| Fri, 26 Jun 2015 21:34:34 +0000 | |
| changeset 31270 | e6470b24700d |
| parent 28111 | 0b44c833667c |
| child 41603 | bb9d97b4c21b |
| permissions | -rw-r--r-- |
| 2 | 1 |
/* |
|
31270
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
2 |
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. |
| 2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
| 5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
| 2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
| 5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
| 2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
| 5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
| 2 | 24 |
*/ |
25 |
||
26 |
package sun.security.pkcs11; |
|
27 |
||
28 |
import java.io.*; |
|
29 |
import static java.io.StreamTokenizer.*; |
|
30 |
import java.math.BigInteger; |
|
31 |
import java.util.*; |
|
32 |
||
33 |
import java.security.*; |
|
34 |
||
35 |
import sun.security.action.GetPropertyAction; |
|
36 |
import sun.security.util.PropertyExpander; |
|
37 |
||
38 |
import sun.security.pkcs11.wrapper.*; |
|
39 |
import static sun.security.pkcs11.wrapper.PKCS11Constants.*; |
|
40 |
import static sun.security.pkcs11.wrapper.CK_ATTRIBUTE.*; |
|
41 |
||
42 |
import static sun.security.pkcs11.TemplateManager.*; |
|
43 |
||
44 |
/** |
|
45 |
* Configuration container and file parsing. |
|
46 |
* |
|
47 |
* @author Andreas Sterbenz |
|
48 |
* @since 1.5 |
|
49 |
*/ |
|
50 |
final class Config {
|
|
51 |
||
52 |
static final int ERR_HALT = 1; |
|
53 |
static final int ERR_IGNORE_ALL = 2; |
|
54 |
static final int ERR_IGNORE_LIB = 3; |
|
55 |
||
56 |
// same as allowSingleThreadedModules but controlled via a system property |
|
57 |
// and applied to all providers. if set to false, no SunPKCS11 instances |
|
58 |
// will accept single threaded modules regardless of the setting in their |
|
59 |
// config files. |
|
60 |
private static final boolean staticAllowSingleThreadedModules; |
|
61 |
||
62 |
static {
|
|
63 |
String p = "sun.security.pkcs11.allowSingleThreadedModules"; |
|
64 |
String s = AccessController.doPrivileged(new GetPropertyAction(p)); |
|
65 |
if ("false".equalsIgnoreCase(s)) {
|
|
66 |
staticAllowSingleThreadedModules = false; |
|
67 |
} else {
|
|
68 |
staticAllowSingleThreadedModules = true; |
|
69 |
} |
|
70 |
} |
|
71 |
||
72 |
private final static boolean DEBUG = false; |
|
73 |
||
74 |
private static void debug(Object o) {
|
|
75 |
if (DEBUG) {
|
|
76 |
System.out.println(o); |
|
77 |
} |
|
78 |
} |
|
79 |
||
|
31270
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
80 |
// file name containing this configuration |
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
81 |
private String filename; |
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
82 |
|
| 2 | 83 |
// Reader and StringTokenizer used during parsing |
84 |
private Reader reader; |
|
85 |
||
86 |
private StreamTokenizer st; |
|
87 |
||
88 |
private Set<String> parsedKeywords; |
|
89 |
||
90 |
// name suffix of the provider |
|
91 |
private String name; |
|
92 |
||
93 |
// name of the PKCS#11 library |
|
94 |
private String library; |
|
95 |
||
96 |
// description to pass to the provider class |
|
97 |
private String description; |
|
98 |
||
99 |
// slotID of the slot to use |
|
100 |
private int slotID = -1; |
|
101 |
||
102 |
// slot to use, specified as index in the slotlist |
|
103 |
private int slotListIndex = -1; |
|
104 |
||
105 |
// set of enabled mechanisms (or null to use default) |
|
106 |
private Set<Long> enabledMechanisms; |
|
107 |
||
108 |
// set of disabled mechanisms |
|
109 |
private Set<Long> disabledMechanisms; |
|
110 |
||
111 |
// whether to print debug info during startup |
|
112 |
private boolean showInfo = false; |
|
113 |
||
114 |
// template manager, initialized from parsed attributes |
|
115 |
private TemplateManager templateManager; |
|
116 |
||
117 |
// how to handle error during startup, one of ERR_ |
|
118 |
private int handleStartupErrors = ERR_HALT; |
|
119 |
||
120 |
// flag indicating whether the P11KeyStore should |
|
121 |
// be more tolerant of input parameters |
|
122 |
private boolean keyStoreCompatibilityMode = true; |
|
123 |
||
124 |
// flag indicating whether we need to explicitly cancel operations |
|
125 |
// see Token |
|
126 |
private boolean explicitCancel = true; |
|
127 |
||
128 |
// how often to test for token insertion, if no token is present |
|
129 |
private int insertionCheckInterval = 2000; |
|
130 |
||
131 |
// flag inidicating whether to omit the call to C_Initialize() |
|
132 |
// should be used only if we are running within a process that |
|
133 |
// has already called it (e.g. Plugin inside of Mozilla/NSS) |
|
134 |
private boolean omitInitialize = false; |
|
135 |
||
136 |
// whether to allow modules that only support single threaded access. |
|
137 |
// they cannot be used safely from multiple PKCS#11 consumers in the |
|
138 |
// same process, for example NSS and SunPKCS11 |
|
139 |
private boolean allowSingleThreadedModules = true; |
|
140 |
||
141 |
// name of the C function that returns the PKCS#11 functionlist |
|
142 |
// This option primarily exists for the deprecated |
|
143 |
// Secmod.Module.getProvider() method. |
|
144 |
private String functionList = "C_GetFunctionList"; |
|
145 |
||
146 |
// whether to use NSS secmod mode. Implicitly set if nssLibraryDirectory, |
|
147 |
// nssSecmodDirectory, or nssModule is specified. |
|
148 |
private boolean nssUseSecmod; |
|
149 |
||
150 |
// location of the NSS library files (libnss3.so, etc.) |
|
151 |
private String nssLibraryDirectory; |
|
152 |
||
153 |
// location of secmod.db |
|
154 |
private String nssSecmodDirectory; |
|
155 |
||
156 |
// which NSS module to use |
|
157 |
private String nssModule; |
|
158 |
||
159 |
private Secmod.DbMode nssDbMode = Secmod.DbMode.READ_WRITE; |
|
160 |
||
161 |
// Whether the P11KeyStore should specify the CKA_NETSCAPE_DB attribute |
|
162 |
// when creating private keys. Only valid if nssUseSecmod is true. |
|
163 |
private boolean nssNetscapeDbWorkaround = true; |
|
164 |
||
165 |
// Special init argument string for the NSS softtoken. |
|
166 |
// This is used when using the NSS softtoken directly without secmod mode. |
|
167 |
private String nssArgs; |
|
168 |
||
169 |
// whether to use NSS trust attributes for the KeyStore of this provider |
|
170 |
// this option is for internal use by the SunPKCS11 code only and |
|
171 |
// works only for NSS providers created via the Secmod API |
|
172 |
private boolean nssUseSecmodTrust = false; |
|
173 |
||
|
10781
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
174 |
// Flag to indicate whether the X9.63 encoding for EC points shall be used |
|
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
175 |
// (true) or whether that encoding shall be wrapped in an ASN.1 OctetString |
|
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
176 |
// (false). |
|
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
177 |
private boolean useEcX963Encoding = false; |
|
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
178 |
|
|
18772
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
179 |
// Flag to indicate whether NSS should favour performance (false) or |
|
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
180 |
// memory footprint (true). |
|
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
181 |
private boolean nssOptimizeSpace = false; |
|
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
182 |
|
|
31270
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
183 |
Config(String fn) throws IOException {
|
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
184 |
this.filename = fn; |
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
185 |
if (filename.startsWith("--")) {
|
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
186 |
// inline config |
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
187 |
String config = filename.substring(2).replace("\\n", "\n");
|
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
188 |
reader = new StringReader(config); |
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
189 |
} else {
|
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
190 |
reader = new BufferedReader(new InputStreamReader |
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
191 |
(new FileInputStream(expand(filename)))); |
| 2 | 192 |
} |
193 |
parsedKeywords = new HashSet<String>(); |
|
194 |
st = new StreamTokenizer(reader); |
|
195 |
setupTokenizer(); |
|
196 |
parse(); |
|
197 |
} |
|
198 |
||
|
31270
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
199 |
String getFileName() {
|
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
200 |
return filename; |
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
201 |
} |
|
e6470b24700d
7191662: JCE providers should be located via ServiceLoader
valeriep
parents:
28111
diff
changeset
|
202 |
|
| 2 | 203 |
String getName() {
|
204 |
return name; |
|
205 |
} |
|
206 |
||
207 |
String getLibrary() {
|
|
208 |
return library; |
|
209 |
} |
|
210 |
||
211 |
String getDescription() {
|
|
212 |
if (description != null) {
|
|
213 |
return description; |
|
214 |
} |
|
215 |
return "SunPKCS11-" + name + " using library " + library; |
|
216 |
} |
|
217 |
||
218 |
int getSlotID() {
|
|
219 |
return slotID; |
|
220 |
} |
|
221 |
||
222 |
int getSlotListIndex() {
|
|
223 |
if ((slotID == -1) && (slotListIndex == -1)) {
|
|
224 |
// if neither is set, default to first slot |
|
225 |
return 0; |
|
226 |
} else {
|
|
227 |
return slotListIndex; |
|
228 |
} |
|
229 |
} |
|
230 |
||
231 |
boolean getShowInfo() {
|
|
232 |
return (SunPKCS11.debug != null) || showInfo; |
|
233 |
} |
|
234 |
||
235 |
TemplateManager getTemplateManager() {
|
|
236 |
if (templateManager == null) {
|
|
237 |
templateManager = new TemplateManager(); |
|
238 |
} |
|
239 |
return templateManager; |
|
240 |
} |
|
241 |
||
242 |
boolean isEnabled(long m) {
|
|
243 |
if (enabledMechanisms != null) {
|
|
244 |
return enabledMechanisms.contains(Long.valueOf(m)); |
|
245 |
} |
|
246 |
if (disabledMechanisms != null) {
|
|
247 |
return !disabledMechanisms.contains(Long.valueOf(m)); |
|
248 |
} |
|
249 |
return true; |
|
250 |
} |
|
251 |
||
252 |
int getHandleStartupErrors() {
|
|
253 |
return handleStartupErrors; |
|
254 |
} |
|
255 |
||
256 |
boolean getKeyStoreCompatibilityMode() {
|
|
257 |
return keyStoreCompatibilityMode; |
|
258 |
} |
|
259 |
||
260 |
boolean getExplicitCancel() {
|
|
261 |
return explicitCancel; |
|
262 |
} |
|
263 |
||
264 |
int getInsertionCheckInterval() {
|
|
265 |
return insertionCheckInterval; |
|
266 |
} |
|
267 |
||
268 |
boolean getOmitInitialize() {
|
|
269 |
return omitInitialize; |
|
270 |
} |
|
271 |
||
272 |
boolean getAllowSingleThreadedModules() {
|
|
273 |
return staticAllowSingleThreadedModules && allowSingleThreadedModules; |
|
274 |
} |
|
275 |
||
276 |
String getFunctionList() {
|
|
277 |
return functionList; |
|
278 |
} |
|
279 |
||
280 |
boolean getNssUseSecmod() {
|
|
281 |
return nssUseSecmod; |
|
282 |
} |
|
283 |
||
284 |
String getNssLibraryDirectory() {
|
|
285 |
return nssLibraryDirectory; |
|
286 |
} |
|
287 |
||
288 |
String getNssSecmodDirectory() {
|
|
289 |
return nssSecmodDirectory; |
|
290 |
} |
|
291 |
||
292 |
String getNssModule() {
|
|
293 |
return nssModule; |
|
294 |
} |
|
295 |
||
296 |
Secmod.DbMode getNssDbMode() {
|
|
297 |
return nssDbMode; |
|
298 |
} |
|
299 |
||
300 |
public boolean getNssNetscapeDbWorkaround() {
|
|
301 |
return nssUseSecmod && nssNetscapeDbWorkaround; |
|
302 |
} |
|
303 |
||
304 |
String getNssArgs() {
|
|
305 |
return nssArgs; |
|
306 |
} |
|
307 |
||
308 |
boolean getNssUseSecmodTrust() {
|
|
309 |
return nssUseSecmodTrust; |
|
310 |
} |
|
311 |
||
|
10781
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
312 |
boolean getUseEcX963Encoding() {
|
|
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
313 |
return useEcX963Encoding; |
|
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
314 |
} |
|
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
315 |
|
|
18772
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
316 |
boolean getNssOptimizeSpace() {
|
|
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
317 |
return nssOptimizeSpace; |
|
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
318 |
} |
|
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
319 |
|
| 2 | 320 |
private static String expand(final String s) throws IOException {
|
321 |
try {
|
|
322 |
return PropertyExpander.expand(s); |
|
323 |
} catch (Exception e) {
|
|
324 |
throw new RuntimeException(e.getMessage()); |
|
325 |
} |
|
326 |
} |
|
327 |
||
328 |
private void setupTokenizer() {
|
|
329 |
st.resetSyntax(); |
|
330 |
st.wordChars('a', 'z');
|
|
331 |
st.wordChars('A', 'Z');
|
|
332 |
st.wordChars('0', '9');
|
|
333 |
st.wordChars(':', ':');
|
|
334 |
st.wordChars('.', '.');
|
|
335 |
st.wordChars('_', '_');
|
|
336 |
st.wordChars('-', '-');
|
|
337 |
st.wordChars('/', '/');
|
|
338 |
st.wordChars('\\', '\\');
|
|
339 |
st.wordChars('$', '$');
|
|
340 |
st.wordChars('{', '{'); // need {} for property subst
|
|
341 |
st.wordChars('}', '}');
|
|
342 |
st.wordChars('*', '*');
|
|
|
9261
efb29ab3324e
6986789: Sun pkcs11 provider fails to parse path name containing "+"
valeriep
parents:
7808
diff
changeset
|
343 |
st.wordChars('+', '+');
|
|
7808
992bb9918576
6581254: pkcs11 provider fails to parse configuration file contains windows short path
valeriep
parents:
5506
diff
changeset
|
344 |
st.wordChars('~', '~');
|
| 2 | 345 |
// XXX check ASCII table and add all other characters except special |
346 |
||
347 |
// special: #="(), |
|
348 |
st.whitespaceChars(0, ' '); |
|
349 |
st.commentChar('#');
|
|
350 |
st.eolIsSignificant(true); |
|
351 |
st.quoteChar('\"');
|
|
352 |
} |
|
353 |
||
354 |
private ConfigurationException excToken(String msg) {
|
|
355 |
return new ConfigurationException(msg + " " + st); |
|
356 |
} |
|
357 |
||
358 |
private ConfigurationException excLine(String msg) {
|
|
359 |
return new ConfigurationException(msg + ", line " + st.lineno()); |
|
360 |
} |
|
361 |
||
362 |
private void parse() throws IOException {
|
|
363 |
while (true) {
|
|
364 |
int token = nextToken(); |
|
365 |
if (token == TT_EOF) {
|
|
366 |
break; |
|
367 |
} |
|
368 |
if (token == TT_EOL) {
|
|
369 |
continue; |
|
370 |
} |
|
371 |
if (token != TT_WORD) {
|
|
372 |
throw excToken("Unexpected token:");
|
|
373 |
} |
|
374 |
String word = st.sval; |
|
375 |
if (word.equals("name")) {
|
|
376 |
name = parseStringEntry(word); |
|
377 |
} else if (word.equals("library")) {
|
|
378 |
library = parseLibrary(word); |
|
379 |
} else if (word.equals("description")) {
|
|
380 |
parseDescription(word); |
|
381 |
} else if (word.equals("slot")) {
|
|
382 |
parseSlotID(word); |
|
383 |
} else if (word.equals("slotListIndex")) {
|
|
384 |
parseSlotListIndex(word); |
|
385 |
} else if (word.equals("enabledMechanisms")) {
|
|
386 |
parseEnabledMechanisms(word); |
|
387 |
} else if (word.equals("disabledMechanisms")) {
|
|
388 |
parseDisabledMechanisms(word); |
|
389 |
} else if (word.equals("attributes")) {
|
|
390 |
parseAttributes(word); |
|
391 |
} else if (word.equals("handleStartupErrors")) {
|
|
392 |
parseHandleStartupErrors(word); |
|
393 |
} else if (word.endsWith("insertionCheckInterval")) {
|
|
394 |
insertionCheckInterval = parseIntegerEntry(word); |
|
395 |
if (insertionCheckInterval < 100) {
|
|
396 |
throw excLine(word + " must be at least 100 ms"); |
|
397 |
} |
|
398 |
} else if (word.equals("showInfo")) {
|
|
399 |
showInfo = parseBooleanEntry(word); |
|
400 |
} else if (word.equals("keyStoreCompatibilityMode")) {
|
|
401 |
keyStoreCompatibilityMode = parseBooleanEntry(word); |
|
402 |
} else if (word.equals("explicitCancel")) {
|
|
403 |
explicitCancel = parseBooleanEntry(word); |
|
404 |
} else if (word.equals("omitInitialize")) {
|
|
405 |
omitInitialize = parseBooleanEntry(word); |
|
406 |
} else if (word.equals("allowSingleThreadedModules")) {
|
|
407 |
allowSingleThreadedModules = parseBooleanEntry(word); |
|
408 |
} else if (word.equals("functionList")) {
|
|
409 |
functionList = parseStringEntry(word); |
|
410 |
} else if (word.equals("nssUseSecmod")) {
|
|
411 |
nssUseSecmod = parseBooleanEntry(word); |
|
412 |
} else if (word.equals("nssLibraryDirectory")) {
|
|
413 |
nssLibraryDirectory = parseLibrary(word); |
|
414 |
nssUseSecmod = true; |
|
415 |
} else if (word.equals("nssSecmodDirectory")) {
|
|
416 |
nssSecmodDirectory = expand(parseStringEntry(word)); |
|
417 |
nssUseSecmod = true; |
|
418 |
} else if (word.equals("nssModule")) {
|
|
419 |
nssModule = parseStringEntry(word); |
|
420 |
nssUseSecmod = true; |
|
421 |
} else if (word.equals("nssDbMode")) {
|
|
422 |
String mode = parseStringEntry(word); |
|
423 |
if (mode.equals("readWrite")) {
|
|
424 |
nssDbMode = Secmod.DbMode.READ_WRITE; |
|
425 |
} else if (mode.equals("readOnly")) {
|
|
426 |
nssDbMode = Secmod.DbMode.READ_ONLY; |
|
427 |
} else if (mode.equals("noDb")) {
|
|
428 |
nssDbMode = Secmod.DbMode.NO_DB; |
|
429 |
} else {
|
|
430 |
throw excToken("nssDbMode must be one of readWrite, readOnly, and noDb:");
|
|
431 |
} |
|
432 |
nssUseSecmod = true; |
|
433 |
} else if (word.equals("nssNetscapeDbWorkaround")) {
|
|
434 |
nssNetscapeDbWorkaround = parseBooleanEntry(word); |
|
435 |
nssUseSecmod = true; |
|
436 |
} else if (word.equals("nssArgs")) {
|
|
437 |
parseNSSArgs(word); |
|
438 |
} else if (word.equals("nssUseSecmodTrust")) {
|
|
439 |
nssUseSecmodTrust = parseBooleanEntry(word); |
|
|
10781
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
440 |
} else if (word.equals("useEcX963Encoding")) {
|
|
f8a00c400655
7099228: Use a PKCS11 config attribute to control encoding of an EC point
vinnie
parents:
10336
diff
changeset
|
441 |
useEcX963Encoding = parseBooleanEntry(word); |
|
18772
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
442 |
} else if (word.equals("nssOptimizeSpace")) {
|
|
ab43f18c524e
7165807: Non optimized initialization of NSS crypto library leads to scalability issues
vinnie
parents:
17478
diff
changeset
|
443 |
nssOptimizeSpace = parseBooleanEntry(word); |
| 2 | 444 |
} else {
|
445 |
throw new ConfigurationException |
|
446 |
("Unknown keyword '" + word + "', line " + st.lineno());
|
|
447 |
} |
|
448 |
parsedKeywords.add(word); |
|
449 |
} |
|
450 |
reader.close(); |
|
451 |
reader = null; |
|
452 |
st = null; |
|
453 |
parsedKeywords = null; |
|
454 |
if (name == null) {
|
|
455 |
throw new ConfigurationException("name must be specified");
|
|
456 |
} |
|
457 |
if (nssUseSecmod == false) {
|
|
458 |
if (library == null) {
|
|
459 |
throw new ConfigurationException("library must be specified");
|
|
460 |
} |
|
461 |
} else {
|
|
462 |
if (library != null) {
|
|
463 |
throw new ConfigurationException |
|
464 |
("library must not be specified in NSS mode");
|
|
465 |
} |
|
466 |
if ((slotID != -1) || (slotListIndex != -1)) {
|
|
467 |
throw new ConfigurationException |
|
468 |
("slot and slotListIndex must not be specified in NSS mode");
|
|
469 |
} |
|
470 |
if (nssArgs != null) {
|
|
471 |
throw new ConfigurationException |
|
472 |
("nssArgs must not be specified in NSS mode");
|
|
473 |
} |
|
474 |
if (nssUseSecmodTrust != false) {
|
|
475 |
throw new ConfigurationException("nssUseSecmodTrust is an "
|
|
476 |
+ "internal option and must not be specified in NSS mode"); |
|
477 |
} |
|
478 |
} |
|
479 |
} |
|
480 |
||
481 |
// |
|
482 |
// Parsing helper methods |
|
483 |
// |
|
484 |
||
485 |
private int nextToken() throws IOException {
|
|
486 |
int token = st.nextToken(); |
|
487 |
debug(st); |
|
488 |
return token; |
|
489 |
} |
|
490 |
||
491 |
private void parseEquals() throws IOException {
|
|
492 |
int token = nextToken(); |
|
493 |
if (token != '=') {
|
|
494 |
throw excToken("Expected '=', read");
|
|
495 |
} |
|
496 |
} |
|
497 |
||
498 |
private void parseOpenBraces() throws IOException {
|
|
499 |
while (true) {
|
|
500 |
int token = nextToken(); |
|
501 |
if (token == TT_EOL) {
|
|
502 |
continue; |
|
503 |
} |
|
504 |
if ((token == TT_WORD) && st.sval.equals("{")) {
|
|
505 |
return; |
|
506 |
} |
|
507 |
throw excToken("Expected '{', read");
|
|
508 |
} |
|
509 |
} |
|
510 |
||
511 |
private boolean isCloseBraces(int token) {
|
|
512 |
return (token == TT_WORD) && st.sval.equals("}");
|
|
513 |
} |
|
514 |
||
515 |
private String parseWord() throws IOException {
|
|
516 |
int token = nextToken(); |
|
517 |
if (token != TT_WORD) {
|
|
518 |
throw excToken("Unexpected value:");
|
|
519 |
} |
|
520 |
return st.sval; |
|
521 |
} |
|
522 |
||
523 |
private String parseStringEntry(String keyword) throws IOException {
|
|
524 |
checkDup(keyword); |
|
525 |
parseEquals(); |
|
526 |
||
527 |
int token = nextToken(); |
|
528 |
if (token != TT_WORD && token != '\"') {
|
|
529 |
// not a word token nor a string enclosed by double quotes |
|
530 |
throw excToken("Unexpected value:");
|
|
531 |
} |
|
532 |
String value = st.sval; |
|
533 |
||
534 |
debug(keyword + ": " + value); |
|
535 |
return value; |
|
536 |
} |
|
537 |
||
538 |
private boolean parseBooleanEntry(String keyword) throws IOException {
|
|
539 |
checkDup(keyword); |
|
540 |
parseEquals(); |
|
541 |
boolean value = parseBoolean(); |
|
542 |
debug(keyword + ": " + value); |
|
543 |
return value; |
|
544 |
} |
|
545 |
||
546 |
private int parseIntegerEntry(String keyword) throws IOException {
|
|
547 |
checkDup(keyword); |
|
548 |
parseEquals(); |
|
549 |
int value = decodeNumber(parseWord()); |
|
550 |
debug(keyword + ": " + value); |
|
551 |
return value; |
|
552 |
} |
|
553 |
||
554 |
private boolean parseBoolean() throws IOException {
|
|
555 |
String val = parseWord(); |
|
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
556 |
switch (val) {
|
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
557 |
case "true": |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
558 |
return true; |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
559 |
case "false": |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
560 |
return false; |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
561 |
default: |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
562 |
throw excToken("Expected boolean value, read:");
|
| 2 | 563 |
} |
564 |
} |
|
565 |
||
566 |
private String parseLine() throws IOException {
|
|
|
28111
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
567 |
// allow quoted string as part of line |
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
568 |
String s = null; |
| 2 | 569 |
while (true) {
|
570 |
int token = nextToken(); |
|
571 |
if ((token == TT_EOL) || (token == TT_EOF)) {
|
|
572 |
break; |
|
573 |
} |
|
|
28111
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
574 |
if (token != TT_WORD && token != '\"') {
|
| 2 | 575 |
throw excToken("Unexpected value");
|
576 |
} |
|
|
28111
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
577 |
if (s == null) {
|
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
578 |
s = st.sval; |
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
579 |
} else {
|
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
580 |
s = s + " " + st.sval; |
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
581 |
} |
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
582 |
} |
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
583 |
if (s == null) {
|
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
584 |
throw excToken("Unexpected empty line");
|
| 2 | 585 |
} |
586 |
return s; |
|
587 |
} |
|
588 |
||
589 |
private int decodeNumber(String str) throws IOException {
|
|
590 |
try {
|
|
591 |
if (str.startsWith("0x") || str.startsWith("0X")) {
|
|
592 |
return Integer.parseInt(str.substring(2), 16); |
|
593 |
} else {
|
|
594 |
return Integer.parseInt(str); |
|
595 |
} |
|
596 |
} catch (NumberFormatException e) {
|
|
597 |
throw excToken("Expected number, read");
|
|
598 |
} |
|
599 |
} |
|
600 |
||
601 |
private static boolean isNumber(String s) {
|
|
602 |
if (s.length() == 0) {
|
|
603 |
return false; |
|
604 |
} |
|
605 |
char ch = s.charAt(0); |
|
606 |
return ((ch >= '0') && (ch <= '9')); |
|
607 |
} |
|
608 |
||
609 |
private void parseComma() throws IOException {
|
|
610 |
int token = nextToken(); |
|
611 |
if (token != ',') {
|
|
612 |
throw excToken("Expected ',', read");
|
|
613 |
} |
|
614 |
} |
|
615 |
||
616 |
private static boolean isByteArray(String val) {
|
|
617 |
return val.startsWith("0h");
|
|
618 |
} |
|
619 |
||
620 |
private byte[] decodeByteArray(String str) throws IOException {
|
|
621 |
if (str.startsWith("0h") == false) {
|
|
622 |
throw excToken("Expected byte array value, read");
|
|
623 |
} |
|
624 |
str = str.substring(2); |
|
625 |
// XXX proper hex parsing |
|
626 |
try {
|
|
627 |
return new BigInteger(str, 16).toByteArray(); |
|
628 |
} catch (NumberFormatException e) {
|
|
629 |
throw excToken("Expected byte array value, read");
|
|
630 |
} |
|
631 |
} |
|
632 |
||
633 |
private void checkDup(String keyword) throws IOException {
|
|
634 |
if (parsedKeywords.contains(keyword)) {
|
|
635 |
throw excLine(keyword + " must only be specified once"); |
|
636 |
} |
|
637 |
} |
|
638 |
||
639 |
// |
|
640 |
// individual entry parsing methods |
|
641 |
// |
|
642 |
||
643 |
private String parseLibrary(String keyword) throws IOException {
|
|
|
28111
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
644 |
checkDup(keyword); |
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
645 |
parseEquals(); |
|
0b44c833667c
8062170: java.security.ProviderException: Error parsing configuration with space
valeriep
parents:
25859
diff
changeset
|
646 |
String lib = parseLine(); |
| 2 | 647 |
lib = expand(lib); |
648 |
int i = lib.indexOf("/$ISA/");
|
|
649 |
if (i != -1) {
|
|
650 |
// replace "/$ISA/" with "/sparcv9/" on 64-bit Solaris SPARC |
|
651 |
// and with "/amd64/" on Solaris AMD64. |
|
652 |
// On all other platforms, just turn it into a "/" |
|
653 |
String osName = System.getProperty("os.name", "");
|
|
654 |
String osArch = System.getProperty("os.arch", "");
|
|
655 |
String prefix = lib.substring(0, i); |
|
656 |
String suffix = lib.substring(i + 5); |
|
657 |
if (osName.equals("SunOS") && osArch.equals("sparcv9")) {
|
|
658 |
lib = prefix + "/sparcv9" + suffix; |
|
659 |
} else if (osName.equals("SunOS") && osArch.equals("amd64")) {
|
|
660 |
lib = prefix + "/amd64" + suffix; |
|
661 |
} else {
|
|
662 |
lib = prefix + suffix; |
|
663 |
} |
|
664 |
} |
|
665 |
debug(keyword + ": " + lib); |
|
|
9849
eb437e9fba66
7003952: SEC: securely load DLLs and launch executables using fully qualified path
valeriep
parents:
9275
diff
changeset
|
666 |
|
|
eb437e9fba66
7003952: SEC: securely load DLLs and launch executables using fully qualified path
valeriep
parents:
9275
diff
changeset
|
667 |
// Check to see if full path is specified to prevent the DLL |
|
eb437e9fba66
7003952: SEC: securely load DLLs and launch executables using fully qualified path
valeriep
parents:
9275
diff
changeset
|
668 |
// preloading attack |
|
eb437e9fba66
7003952: SEC: securely load DLLs and launch executables using fully qualified path
valeriep
parents:
9275
diff
changeset
|
669 |
if (!(new File(lib)).isAbsolute()) {
|
|
eb437e9fba66
7003952: SEC: securely load DLLs and launch executables using fully qualified path
valeriep
parents:
9275
diff
changeset
|
670 |
throw new ConfigurationException( |
|
eb437e9fba66
7003952: SEC: securely load DLLs and launch executables using fully qualified path
valeriep
parents:
9275
diff
changeset
|
671 |
"Absolute path required for library value: " + lib); |
|
eb437e9fba66
7003952: SEC: securely load DLLs and launch executables using fully qualified path
valeriep
parents:
9275
diff
changeset
|
672 |
} |
| 2 | 673 |
return lib; |
674 |
} |
|
675 |
||
676 |
private void parseDescription(String keyword) throws IOException {
|
|
677 |
checkDup(keyword); |
|
678 |
parseEquals(); |
|
679 |
description = parseLine(); |
|
680 |
debug("description: " + description);
|
|
681 |
} |
|
682 |
||
683 |
private void parseSlotID(String keyword) throws IOException {
|
|
684 |
if (slotID >= 0) {
|
|
685 |
throw excLine("Duplicate slot definition");
|
|
686 |
} |
|
687 |
if (slotListIndex >= 0) {
|
|
688 |
throw excLine |
|
689 |
("Only one of slot and slotListIndex must be specified");
|
|
690 |
} |
|
691 |
parseEquals(); |
|
692 |
String slotString = parseWord(); |
|
693 |
slotID = decodeNumber(slotString); |
|
694 |
debug("slot: " + slotID);
|
|
695 |
} |
|
696 |
||
697 |
private void parseSlotListIndex(String keyword) throws IOException {
|
|
698 |
if (slotListIndex >= 0) {
|
|
699 |
throw excLine("Duplicate slotListIndex definition");
|
|
700 |
} |
|
701 |
if (slotID >= 0) {
|
|
702 |
throw excLine |
|
703 |
("Only one of slot and slotListIndex must be specified");
|
|
704 |
} |
|
705 |
parseEquals(); |
|
706 |
String slotString = parseWord(); |
|
707 |
slotListIndex = decodeNumber(slotString); |
|
708 |
debug("slotListIndex: " + slotListIndex);
|
|
709 |
} |
|
710 |
||
711 |
private void parseEnabledMechanisms(String keyword) throws IOException {
|
|
712 |
enabledMechanisms = parseMechanisms(keyword); |
|
713 |
} |
|
714 |
||
715 |
private void parseDisabledMechanisms(String keyword) throws IOException {
|
|
716 |
disabledMechanisms = parseMechanisms(keyword); |
|
717 |
} |
|
718 |
||
719 |
private Set<Long> parseMechanisms(String keyword) throws IOException {
|
|
720 |
checkDup(keyword); |
|
721 |
Set<Long> mechs = new HashSet<Long>(); |
|
722 |
parseEquals(); |
|
723 |
parseOpenBraces(); |
|
724 |
while (true) {
|
|
725 |
int token = nextToken(); |
|
726 |
if (isCloseBraces(token)) {
|
|
727 |
break; |
|
728 |
} |
|
729 |
if (token == TT_EOL) {
|
|
730 |
continue; |
|
731 |
} |
|
732 |
if (token != TT_WORD) {
|
|
733 |
throw excToken("Expected mechanism, read");
|
|
734 |
} |
|
735 |
long mech = parseMechanism(st.sval); |
|
736 |
mechs.add(Long.valueOf(mech)); |
|
737 |
} |
|
738 |
if (DEBUG) {
|
|
739 |
System.out.print("mechanisms: [");
|
|
740 |
for (Long mech : mechs) {
|
|
741 |
System.out.print(Functions.getMechanismName(mech)); |
|
742 |
System.out.print(", ");
|
|
743 |
} |
|
744 |
System.out.println("]");
|
|
745 |
} |
|
746 |
return mechs; |
|
747 |
} |
|
748 |
||
749 |
private long parseMechanism(String mech) throws IOException {
|
|
750 |
if (isNumber(mech)) {
|
|
751 |
return decodeNumber(mech); |
|
752 |
} else {
|
|
753 |
try {
|
|
754 |
return Functions.getMechanismId(mech); |
|
755 |
} catch (IllegalArgumentException e) {
|
|
756 |
throw excLine("Unknown mechanism: " + mech);
|
|
757 |
} |
|
758 |
} |
|
759 |
} |
|
760 |
||
761 |
private void parseAttributes(String keyword) throws IOException {
|
|
762 |
if (templateManager == null) {
|
|
763 |
templateManager = new TemplateManager(); |
|
764 |
} |
|
765 |
int token = nextToken(); |
|
766 |
if (token == '=') {
|
|
767 |
String s = parseWord(); |
|
768 |
if (s.equals("compatibility") == false) {
|
|
769 |
throw excLine("Expected 'compatibility', read " + s);
|
|
770 |
} |
|
771 |
setCompatibilityAttributes(); |
|
772 |
return; |
|
773 |
} |
|
774 |
if (token != '(') {
|
|
775 |
throw excToken("Expected '(' or '=', read");
|
|
776 |
} |
|
777 |
String op = parseOperation(); |
|
778 |
parseComma(); |
|
779 |
long objectClass = parseObjectClass(); |
|
780 |
parseComma(); |
|
781 |
long keyAlg = parseKeyAlgorithm(); |
|
782 |
token = nextToken(); |
|
783 |
if (token != ')') {
|
|
784 |
throw excToken("Expected ')', read");
|
|
785 |
} |
|
786 |
parseEquals(); |
|
787 |
parseOpenBraces(); |
|
788 |
List<CK_ATTRIBUTE> attributes = new ArrayList<CK_ATTRIBUTE>(); |
|
789 |
while (true) {
|
|
790 |
token = nextToken(); |
|
791 |
if (isCloseBraces(token)) {
|
|
792 |
break; |
|
793 |
} |
|
794 |
if (token == TT_EOL) {
|
|
795 |
continue; |
|
796 |
} |
|
797 |
if (token != TT_WORD) {
|
|
798 |
throw excToken("Expected mechanism, read");
|
|
799 |
} |
|
800 |
String attributeName = st.sval; |
|
801 |
long attributeId = decodeAttributeName(attributeName); |
|
802 |
parseEquals(); |
|
803 |
String attributeValue = parseWord(); |
|
804 |
attributes.add(decodeAttributeValue(attributeId, attributeValue)); |
|
805 |
} |
|
806 |
templateManager.addTemplate |
|
807 |
(op, objectClass, keyAlg, attributes.toArray(CK_A0)); |
|
808 |
} |
|
809 |
||
810 |
private void setCompatibilityAttributes() {
|
|
811 |
// all secret keys |
|
812 |
templateManager.addTemplate(O_ANY, CKO_SECRET_KEY, PCKK_ANY, |
|
813 |
new CK_ATTRIBUTE[] {
|
|
814 |
TOKEN_FALSE, |
|
815 |
SENSITIVE_FALSE, |
|
816 |
EXTRACTABLE_TRUE, |
|
817 |
ENCRYPT_TRUE, |
|
818 |
DECRYPT_TRUE, |
|
819 |
WRAP_TRUE, |
|
820 |
UNWRAP_TRUE, |
|
821 |
}); |
|
822 |
||
823 |
// generic secret keys are special |
|
824 |
// They are used as MAC keys plus for the SSL/TLS (pre)master secrets |
|
825 |
templateManager.addTemplate(O_ANY, CKO_SECRET_KEY, CKK_GENERIC_SECRET, |
|
826 |
new CK_ATTRIBUTE[] {
|
|
827 |
SIGN_TRUE, |
|
828 |
VERIFY_TRUE, |
|
829 |
ENCRYPT_NULL, |
|
830 |
DECRYPT_NULL, |
|
831 |
WRAP_NULL, |
|
832 |
UNWRAP_NULL, |
|
833 |
DERIVE_TRUE, |
|
834 |
}); |
|
835 |
||
836 |
// all private and public keys |
|
837 |
templateManager.addTemplate(O_ANY, CKO_PRIVATE_KEY, PCKK_ANY, |
|
838 |
new CK_ATTRIBUTE[] {
|
|
839 |
TOKEN_FALSE, |
|
840 |
SENSITIVE_FALSE, |
|
841 |
EXTRACTABLE_TRUE, |
|
842 |
}); |
|
843 |
templateManager.addTemplate(O_ANY, CKO_PUBLIC_KEY, PCKK_ANY, |
|
844 |
new CK_ATTRIBUTE[] {
|
|
845 |
TOKEN_FALSE, |
|
846 |
}); |
|
847 |
||
848 |
// additional attributes for RSA private keys |
|
849 |
templateManager.addTemplate(O_ANY, CKO_PRIVATE_KEY, CKK_RSA, |
|
850 |
new CK_ATTRIBUTE[] {
|
|
851 |
DECRYPT_TRUE, |
|
852 |
SIGN_TRUE, |
|
853 |
SIGN_RECOVER_TRUE, |
|
854 |
UNWRAP_TRUE, |
|
855 |
}); |
|
856 |
// additional attributes for RSA public keys |
|
857 |
templateManager.addTemplate(O_ANY, CKO_PUBLIC_KEY, CKK_RSA, |
|
858 |
new CK_ATTRIBUTE[] {
|
|
859 |
ENCRYPT_TRUE, |
|
860 |
VERIFY_TRUE, |
|
861 |
VERIFY_RECOVER_TRUE, |
|
862 |
WRAP_TRUE, |
|
863 |
}); |
|
864 |
||
865 |
// additional attributes for DSA private keys |
|
866 |
templateManager.addTemplate(O_ANY, CKO_PRIVATE_KEY, CKK_DSA, |
|
867 |
new CK_ATTRIBUTE[] {
|
|
868 |
SIGN_TRUE, |
|
869 |
}); |
|
870 |
// additional attributes for DSA public keys |
|
871 |
templateManager.addTemplate(O_ANY, CKO_PUBLIC_KEY, CKK_DSA, |
|
872 |
new CK_ATTRIBUTE[] {
|
|
873 |
VERIFY_TRUE, |
|
874 |
}); |
|
875 |
||
876 |
// additional attributes for DH private keys |
|
877 |
templateManager.addTemplate(O_ANY, CKO_PRIVATE_KEY, CKK_DH, |
|
878 |
new CK_ATTRIBUTE[] {
|
|
879 |
DERIVE_TRUE, |
|
880 |
}); |
|
881 |
||
882 |
// additional attributes for EC private keys |
|
883 |
templateManager.addTemplate(O_ANY, CKO_PRIVATE_KEY, CKK_EC, |
|
884 |
new CK_ATTRIBUTE[] {
|
|
885 |
SIGN_TRUE, |
|
886 |
DERIVE_TRUE, |
|
887 |
}); |
|
888 |
// additional attributes for EC public keys |
|
889 |
templateManager.addTemplate(O_ANY, CKO_PUBLIC_KEY, CKK_EC, |
|
890 |
new CK_ATTRIBUTE[] {
|
|
891 |
VERIFY_TRUE, |
|
892 |
}); |
|
893 |
} |
|
894 |
||
895 |
private final static CK_ATTRIBUTE[] CK_A0 = new CK_ATTRIBUTE[0]; |
|
896 |
||
897 |
private String parseOperation() throws IOException {
|
|
898 |
String op = parseWord(); |
|
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
899 |
switch (op) {
|
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
900 |
case "*": |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
901 |
return TemplateManager.O_ANY; |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
902 |
case "generate": |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
903 |
return TemplateManager.O_GENERATE; |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
904 |
case "import": |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
905 |
return TemplateManager.O_IMPORT; |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
906 |
default: |
|
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
907 |
throw excLine("Unknown operation " + op);
|
| 2 | 908 |
} |
909 |
} |
|
910 |
||
911 |
private long parseObjectClass() throws IOException {
|
|
912 |
String name = parseWord(); |
|
913 |
try {
|
|
914 |
return Functions.getObjectClassId(name); |
|
915 |
} catch (IllegalArgumentException e) {
|
|
916 |
throw excLine("Unknown object class " + name);
|
|
917 |
} |
|
918 |
} |
|
919 |
||
920 |
private long parseKeyAlgorithm() throws IOException {
|
|
921 |
String name = parseWord(); |
|
922 |
if (isNumber(name)) {
|
|
923 |
return decodeNumber(name); |
|
924 |
} else {
|
|
925 |
try {
|
|
926 |
return Functions.getKeyId(name); |
|
927 |
} catch (IllegalArgumentException e) {
|
|
928 |
throw excLine("Unknown key algorithm " + name);
|
|
929 |
} |
|
930 |
} |
|
931 |
} |
|
932 |
||
933 |
private long decodeAttributeName(String name) throws IOException {
|
|
934 |
if (isNumber(name)) {
|
|
935 |
return decodeNumber(name); |
|
936 |
} else {
|
|
937 |
try {
|
|
938 |
return Functions.getAttributeId(name); |
|
939 |
} catch (IllegalArgumentException e) {
|
|
940 |
throw excLine("Unknown attribute name " + name);
|
|
941 |
} |
|
942 |
} |
|
943 |
} |
|
944 |
||
945 |
private CK_ATTRIBUTE decodeAttributeValue(long id, String value) |
|
946 |
throws IOException {
|
|
947 |
if (value.equals("null")) {
|
|
948 |
return new CK_ATTRIBUTE(id); |
|
949 |
} else if (value.equals("true")) {
|
|
950 |
return new CK_ATTRIBUTE(id, true); |
|
951 |
} else if (value.equals("false")) {
|
|
952 |
return new CK_ATTRIBUTE(id, false); |
|
953 |
} else if (isByteArray(value)) {
|
|
954 |
return new CK_ATTRIBUTE(id, decodeByteArray(value)); |
|
955 |
} else if (isNumber(value)) {
|
|
956 |
return new CK_ATTRIBUTE(id, Integer.valueOf(decodeNumber(value))); |
|
957 |
} else {
|
|
958 |
throw excLine("Unknown attribute value " + value);
|
|
959 |
} |
|
960 |
} |
|
961 |
||
962 |
private void parseNSSArgs(String keyword) throws IOException {
|
|
963 |
checkDup(keyword); |
|
964 |
parseEquals(); |
|
965 |
int token = nextToken(); |
|
966 |
if (token != '"') {
|
|
967 |
throw excToken("Expected quoted string");
|
|
968 |
} |
|
969 |
nssArgs = expand(st.sval); |
|
970 |
debug("nssArgs: " + nssArgs);
|
|
971 |
} |
|
972 |
||
973 |
private void parseHandleStartupErrors(String keyword) throws IOException {
|
|
974 |
checkDup(keyword); |
|
975 |
parseEquals(); |
|
976 |
String val = parseWord(); |
|
977 |
if (val.equals("ignoreAll")) {
|
|
978 |
handleStartupErrors = ERR_IGNORE_ALL; |
|
979 |
} else if (val.equals("ignoreMissingLibrary")) {
|
|
980 |
handleStartupErrors = ERR_IGNORE_LIB; |
|
981 |
} else if (val.equals("halt")) {
|
|
982 |
handleStartupErrors = ERR_HALT; |
|
983 |
} else {
|
|
984 |
throw excToken("Invalid value for handleStartupErrors:");
|
|
985 |
} |
|
986 |
debug("handleStartupErrors: " + handleStartupErrors);
|
|
987 |
} |
|
988 |
||
989 |
} |
|
990 |
||
991 |
class ConfigurationException extends IOException {
|
|
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9849
diff
changeset
|
992 |
private static final long serialVersionUID = 254492758807673194L; |
| 2 | 993 |
ConfigurationException(String msg) {
|
994 |
super(msg); |
|
995 |
} |
|
996 |
} |