--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/share/classes/sun/security/pkcs11/TemplateManager.java Sat Dec 01 00:00:00 2007 +0000
@@ -0,0 +1,241 @@
+/*
+ * Copyright 2003 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package sun.security.pkcs11;
+
+import java.util.*;
+import java.util.concurrent.*;
+
+import sun.security.pkcs11.wrapper.*;
+import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+
+/**
+ * TemplateManager class.
+ *
+ * Not all PKCS#11 tokens are created equal. One token may require that one
+ * value is specified when creating a certain type of object. Another token
+ * may require a different value. Yet another token may only work if the
+ * attribute is not specified at all.
+ *
+ * In order to allow an application to work unmodified with all those
+ * different tokens, the SunPKCS11 provider makes the attributes that are
+ * specified and their value configurable. Hence, only the SunPKCS11
+ * configuration file has to be tweaked at deployment time to allow all
+ * existing applications to be used.
+ *
+ * The template manager is responsible for reading the attribute configuration
+ * information and to make it available to the various internal components
+ * of the SunPKCS11 provider.
+ *
+ * @author Andreas Sterbenz
+ * @since 1.5
+ */
+final class TemplateManager {
+
+ private final static boolean DEBUG = false;
+
+ // constant for any operation (either O_IMPORT or O_GENERATE)
+ final static String O_ANY = "*";
+ // constant for operation create ("importing" existing key material)
+ final static String O_IMPORT = "import";
+ // constant for operation generate (generating new key material)
+ final static String O_GENERATE = "generate";
+
+ private static class KeyAndTemplate {
+ final TemplateKey key;
+ final Template template;
+
+ KeyAndTemplate(TemplateKey key, Template template) {
+ this.key = key;
+ this.template = template;
+ }
+ }
+
+ // primitive templates contains the individual template configuration
+ // entries from the configuration file
+ private final List<KeyAndTemplate> primitiveTemplates;
+
+ // composite templates is a cache of the exact configuration template for
+ // each specific TemplateKey (no wildcards). the entries are created
+ // on demand during first use by compositing all applicable
+ // primitive template entries. the result is then stored in this map
+ // for performance
+ private final Map<TemplateKey,Template> compositeTemplates;
+
+ TemplateManager() {
+ primitiveTemplates = new ArrayList<KeyAndTemplate>();
+ compositeTemplates = new ConcurrentHashMap<TemplateKey,Template>();
+ }
+
+ // add a template. Called by Config.
+ void addTemplate(String op, long objectClass, long keyAlgorithm,
+ CK_ATTRIBUTE[] attrs) {
+ TemplateKey key = new TemplateKey(op, objectClass, keyAlgorithm);
+ Template template = new Template(attrs);
+ if (DEBUG) {
+ System.out.println("Adding " + key + " -> " + template);
+ }
+ primitiveTemplates.add(new KeyAndTemplate(key, template));
+ }
+
+ private Template getTemplate(TemplateKey key) {
+ Template template = compositeTemplates.get(key);
+ if (template == null) {
+ template = buildCompositeTemplate(key);
+ compositeTemplates.put(key, template);
+ }
+ return template;
+ }
+
+ // Get the attributes for the requested op and combine them with attrs.
+ // This is the method called by the implementation to obtain the
+ // attributes.
+ CK_ATTRIBUTE[] getAttributes(String op, long type, long alg,
+ CK_ATTRIBUTE[] attrs) {
+ TemplateKey key = new TemplateKey(op, type, alg);
+ Template template = getTemplate(key);
+ CK_ATTRIBUTE[] newAttrs = template.getAttributes(attrs);
+ if (DEBUG) {
+ System.out.println(key + " -> " + Arrays.asList(newAttrs));
+ }
+ return newAttrs;
+ }
+
+ // build a composite template for the given key
+ private Template buildCompositeTemplate(TemplateKey key) {
+ Template comp = new Template();
+ // iterate through primitive templates and add all that apply
+ for (KeyAndTemplate entry : primitiveTemplates) {
+ if (entry.key.appliesTo(key)) {
+ comp.add(entry.template);
+ }
+ }
+ return comp;
+ }
+
+ /**
+ * Nested class representing a template identifier.
+ */
+ private static final class TemplateKey {
+ final String operation;
+ final long keyType;
+ final long keyAlgorithm;
+ TemplateKey(String operation, long keyType, long keyAlgorithm) {
+ this.operation = operation;
+ this.keyType = keyType;
+ this.keyAlgorithm = keyAlgorithm;
+ }
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj instanceof TemplateKey == false) {
+ return false;
+ }
+ TemplateKey other = (TemplateKey)obj;
+ boolean match = this.operation.equals(other.operation)
+ && (this.keyType == other.keyType)
+ && (this.keyAlgorithm == other.keyAlgorithm);
+ return match;
+ }
+ public int hashCode() {
+ return operation.hashCode() + (int)keyType + (int)keyAlgorithm;
+ }
+ boolean appliesTo(TemplateKey key) {
+ if (operation.equals(O_ANY) || operation.equals(key.operation)) {
+ if ((keyType == PCKO_ANY) || (keyType == key.keyType)) {
+ if ((keyAlgorithm == PCKK_ANY)
+ || (keyAlgorithm == key.keyAlgorithm)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+ public String toString() {
+ return "(" + operation + ","
+ + Functions.getObjectClassName(keyType)
+ + "," + Functions.getKeyName(keyAlgorithm) + ")";
+ }
+ }
+
+ /**
+ * Nested class representing template attributes.
+ */
+ private static final class Template {
+
+ private final static CK_ATTRIBUTE[] A0 = new CK_ATTRIBUTE[0];
+
+ private CK_ATTRIBUTE[] attributes;
+
+ Template() {
+ attributes = A0;
+ }
+
+ Template(CK_ATTRIBUTE[] attributes) {
+ this.attributes = attributes;
+ }
+
+ void add(Template template) {
+ attributes = getAttributes(template.attributes);
+ }
+
+ CK_ATTRIBUTE[] getAttributes(CK_ATTRIBUTE[] attrs) {
+ return combine(attributes, attrs);
+ }
+
+ /**
+ * Combine two sets of attributes. The second set has precedence
+ * over the first and overrides its settings.
+ */
+ private static CK_ATTRIBUTE[] combine(CK_ATTRIBUTE[] attrs1,
+ CK_ATTRIBUTE[] attrs2) {
+ List<CK_ATTRIBUTE> attrs = new ArrayList<CK_ATTRIBUTE>();
+ for (CK_ATTRIBUTE attr : attrs1) {
+ if (attr.pValue != null) {
+ attrs.add(attr);
+ }
+ }
+ for (CK_ATTRIBUTE attr2 : attrs2) {
+ long type = attr2.type;
+ for (CK_ATTRIBUTE attr1 : attrs1) {
+ if (attr1.type == type) {
+ attrs.remove(attr1);
+ }
+ }
+ if (attr2.pValue != null) {
+ attrs.add(attr2);
+ }
+ }
+ return attrs.toArray(A0);
+ }
+
+ public String toString() {
+ return Arrays.asList(attributes).toString();
+ }
+
+ }
+
+}