34 import javax.security.auth.login.LoginException; |
34 import javax.security.auth.login.LoginException; |
35 |
35 |
36 import sun.security.jca.JCAUtil; |
36 import sun.security.jca.JCAUtil; |
37 |
37 |
38 import sun.security.pkcs11.wrapper.*; |
38 import sun.security.pkcs11.wrapper.*; |
|
39 import static sun.security.pkcs11.TemplateManager.*; |
39 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; |
40 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; |
40 |
41 |
41 /** |
42 /** |
42 * PKCS#11 token. |
43 * PKCS#11 token. |
43 * |
44 * |
119 private final static Object CHECK_LOCK = new Object(); |
120 private final static Object CHECK_LOCK = new Object(); |
120 |
121 |
121 // object for indicating unsupported mechanism in 'mechInfoMap' |
122 // object for indicating unsupported mechanism in 'mechInfoMap' |
122 private final static CK_MECHANISM_INFO INVALID_MECH = |
123 private final static CK_MECHANISM_INFO INVALID_MECH = |
123 new CK_MECHANISM_INFO(0, 0, 0); |
124 new CK_MECHANISM_INFO(0, 0, 0); |
|
125 |
|
126 // flag indicating whether the token supports raw secret key material import |
|
127 private Boolean supportsRawSecretKeyImport; |
124 |
128 |
125 Token(SunPKCS11 provider) throws PKCS11Exception { |
129 Token(SunPKCS11 provider) throws PKCS11Exception { |
126 this.provider = provider; |
130 this.provider = provider; |
127 this.removable = provider.removable; |
131 this.removable = provider.removable; |
128 this.valid = true; |
132 this.valid = true; |
156 new ConcurrentHashMap<Long, CK_MECHANISM_INFO>(10); |
160 new ConcurrentHashMap<Long, CK_MECHANISM_INFO>(10); |
157 } |
161 } |
158 |
162 |
159 boolean isWriteProtected() { |
163 boolean isWriteProtected() { |
160 return writeProtected; |
164 return writeProtected; |
|
165 } |
|
166 |
|
167 // return whether the token supports raw secret key material import |
|
168 boolean supportsRawSecretKeyImport() { |
|
169 if (supportsRawSecretKeyImport == null) { |
|
170 SecureRandom random = JCAUtil.getSecureRandom(); |
|
171 byte[] encoded = new byte[48]; |
|
172 random.nextBytes(encoded); |
|
173 |
|
174 CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[3]; |
|
175 attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY); |
|
176 attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, CKK_GENERIC_SECRET); |
|
177 attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded); |
|
178 |
|
179 Session session = null; |
|
180 try { |
|
181 attributes = getAttributes(O_IMPORT, |
|
182 CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes); |
|
183 session = getObjSession(); |
|
184 long keyID = p11.C_CreateObject(session.id(), attributes); |
|
185 |
|
186 supportsRawSecretKeyImport = Boolean.TRUE; |
|
187 } catch (PKCS11Exception e) { |
|
188 supportsRawSecretKeyImport = Boolean.FALSE; |
|
189 } finally { |
|
190 releaseSession(session); |
|
191 } |
|
192 } |
|
193 |
|
194 return supportsRawSecretKeyImport; |
161 } |
195 } |
162 |
196 |
163 // return whether we are logged in |
197 // return whether we are logged in |
164 // uses cached result if current. session is optional and may be null |
198 // uses cached result if current. session is optional and may be null |
165 boolean isLoggedIn(Session session) throws PKCS11Exception { |
199 boolean isLoggedIn(Session session) throws PKCS11Exception { |