1 /* |
1 /* |
2 * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
1483 } finally { |
1483 } finally { |
1484 token.releaseSession(session); |
1484 token.releaseSession(session); |
1485 } |
1485 } |
1486 } |
1486 } |
1487 |
1487 |
|
1488 // retrieves the native key handle and either update it directly or make a copy |
1488 private void updateP11Pkey(String alias, CK_ATTRIBUTE attribute, P11Key key) |
1489 private void updateP11Pkey(String alias, CK_ATTRIBUTE attribute, P11Key key) |
1489 throws PKCS11Exception { |
1490 throws PKCS11Exception { |
1490 |
1491 |
1491 // if token key, update alias. |
1492 // if token key, update alias. |
1492 // if session key, convert to token key. |
1493 // if session key, convert to token key. |
1493 |
1494 |
1494 Session session = null; |
1495 Session session = null; |
|
1496 long keyID = key.getKeyID(); |
1495 try { |
1497 try { |
1496 session = token.getOpSession(); |
1498 session = token.getOpSession(); |
1497 if (key.tokenObject == true) { |
1499 if (key.tokenObject == true) { |
1498 |
|
1499 // token key - set new CKA_ID |
1500 // token key - set new CKA_ID |
1500 |
1501 |
1501 CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] { |
1502 CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] { |
1502 new CK_ATTRIBUTE(CKA_ID, alias) }; |
1503 new CK_ATTRIBUTE(CKA_ID, alias) }; |
1503 token.p11.C_SetAttributeValue |
1504 token.p11.C_SetAttributeValue |
1504 (session.id(), key.keyID, attrs); |
1505 (session.id(), keyID, attrs); |
1505 if (debug != null) { |
1506 if (debug != null) { |
1506 debug.println("updateP11Pkey set new alias [" + |
1507 debug.println("updateP11Pkey set new alias [" + |
1507 alias + |
1508 alias + |
1508 "] for key entry"); |
1509 "] for key entry"); |
1509 } |
1510 } |
1510 } else { |
1511 } else { |
1511 |
|
1512 // session key - convert to token key and set CKA_ID |
1512 // session key - convert to token key and set CKA_ID |
1513 |
1513 |
1514 CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] { |
1514 CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] { |
1515 ATTR_TOKEN_TRUE, |
1515 ATTR_TOKEN_TRUE, |
1516 new CK_ATTRIBUTE(CKA_ID, alias), |
1516 new CK_ATTRIBUTE(CKA_ID, alias), |
1517 }; |
1517 }; |
1518 if (attribute != null) { |
1518 if (attribute != null) { |
1519 attrs = addAttribute(attrs, attribute); |
1519 attrs = addAttribute(attrs, attribute); |
1520 } |
1520 } |
1521 token.p11.C_CopyObject(session.id(), key.keyID, attrs); |
1521 // creates a new token key with the desired CKA_ID |
|
1522 token.p11.C_CopyObject(session.id(), keyID, attrs); |
1522 if (debug != null) { |
1523 if (debug != null) { |
1523 debug.println("updateP11Pkey copied private session key " + |
1524 debug.println("updateP11Pkey copied private session key " + |
1524 "for [" + |
1525 "for [" + |
1525 alias + |
1526 alias + |
1526 "] to token entry"); |
1527 "] to token entry"); |
1527 } |
1528 } |
1528 } |
1529 } |
1529 } finally { |
1530 } finally { |
1530 token.releaseSession(session); |
1531 token.releaseSession(session); |
|
1532 key.releaseKeyID(); |
1531 } |
1533 } |
1532 } |
1534 } |
1533 |
1535 |
1534 private void storeCert(String alias, X509Certificate cert) |
1536 private void storeCert(String alias, X509Certificate cert) |
1535 throws PKCS11Exception, CertificateException { |
1537 throws PKCS11Exception, CertificateException { |
1892 CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[2]; |
1894 CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[2]; |
1893 if ((id || netscapeDb) == false) { |
1895 if ((id || netscapeDb) == false) { |
1894 return attrs; |
1896 return attrs; |
1895 } |
1897 } |
1896 String alg = privateKey.getAlgorithm(); |
1898 String alg = privateKey.getAlgorithm(); |
1897 if (id && alg.equals("RSA") && (publicKey instanceof RSAPublicKey)) { |
1899 if (alg.equals("RSA") && (publicKey instanceof RSAPublicKey)) { |
|
1900 if (id) { |
|
1901 BigInteger n = ((RSAPublicKey)publicKey).getModulus(); |
|
1902 attrs[0] = new CK_ATTRIBUTE(CKA_ID, sha1(getMagnitude(n))); |
|
1903 } |
1898 // CKA_NETSCAPE_DB not needed for RSA public keys |
1904 // CKA_NETSCAPE_DB not needed for RSA public keys |
1899 BigInteger n = ((RSAPublicKey)publicKey).getModulus(); |
|
1900 attrs[0] = new CK_ATTRIBUTE(CKA_ID, sha1(getMagnitude(n))); |
|
1901 } else if (alg.equals("DSA") && (publicKey instanceof DSAPublicKey)) { |
1905 } else if (alg.equals("DSA") && (publicKey instanceof DSAPublicKey)) { |
1902 BigInteger y = ((DSAPublicKey)publicKey).getY(); |
1906 BigInteger y = ((DSAPublicKey)publicKey).getY(); |
1903 if (id) { |
1907 if (id) { |
1904 attrs[0] = new CK_ATTRIBUTE(CKA_ID, sha1(getMagnitude(y))); |
1908 attrs[0] = new CK_ATTRIBUTE(CKA_ID, sha1(getMagnitude(y))); |
1905 } |
1909 } |