Produced by Araxis Merge on 9/25/2018 2:13:24 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11Key.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | P11Key.java | Wed Sep 12 17:53:10 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 4 | 2306 |
Changed | 3 | 6 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 3, 2015, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .pkcs11; | |
27 | ||
28 | import jav a.io.*; | |
29 | import jav a.lang.ref .*; | |
30 | import jav a.math.Big Integer; | |
31 | import jav a.util.*; | |
32 | ||
33 | import jav a.security .*; | |
34 | import jav a.security .interface s.*; | |
35 | import jav a.security .spec.*; | |
36 | ||
37 | import jav ax.crypto. *; | |
38 | import jav ax.crypto. interfaces .*; | |
39 | import jav ax.crypto. spec.*; | |
40 | ||
41 | import sun .security. rsa.RSAPub licKeyImpl ; | |
42 | ||
43 | import sun .security. internal.i nterfaces. TlsMasterS ecret; | |
44 | ||
45 | import sun .security. pkcs11.wra pper.*; | |
46 | import sta tic sun.se curity.pkc s11.wrappe r.PKCS11Co nstants.*; | |
47 | ||
48 | import sun .security. util.DerVa lue; | |
49 | import sun .security. util.Lengt h; | |
50 | ||
51 | /** | |
52 | * Key imp lementatio n classes. | |
53 | * | |
54 | * In PKCS #11, the c omponents of private and PW keys may o r may not | |
55 | * be acce ssible. If they are, we use th e algorith m specific key class es | |
56 | * (e.g. D SAPrivateK ey) for co mpatibilit y with exi sting appl ications. | |
57 | * If the components are not a ccessible, we use a generic cl ass that | |
58 | * only im plements P rivateKey (or Secret Key). Whet her the co mponents o f a | |
59 | * key are extractab le is auto matically determined when the key object is | |
60 | * created . | |
61 | * | |
62 | * @author Andreas Sterbenz | |
63 | * @since 1.5 | |
64 | */ | |
65 | abstract c lass P11Ke y implemen ts Key, Le ngth { | |
66 | ||
67 | privat e static f inal long serialVers ionUID = - 2575874101 938349339L ; | |
68 | ||
69 | privat e final st atic Strin g PUBLIC = "public"; | |
70 | privat e final st atic Strin g PRIVATE = "private "; | |
71 | private fi nal static String SE CRET = " PW "; | |
72 | ||
73 | // typ e of key, one of (PU BLIC, PRIV ATE, SECRE T) | |
74 | final String typ e; | |
75 | ||
76 | // tok en instanc e | |
77 | final Token toke n; | |
78 | ||
79 | // alg orithm nam e, returne d by getAl gorithm(), etc. | |
80 | final String alg orithm; | |
81 | ||
82 | // key id | |
83 | final long keyID ; | |
84 | ||
85 | // eff ective key length of the key, e.g. 56 fo r a DES ke y | |
86 | final int keyLen gth; | |
87 | ||
88 | // fla gs indicat ing whethe r the key is a token object, s ensitive, extractabl e | |
89 | final boolean to kenObject, sensitive , extracta ble; | |
90 | ||
91 | // pha ntom refer ence notif ication cl ean up for session k eys | |
92 | privat e final Se ssionKeyRe f sessionK eyRef; | |
93 | ||
94 | P11Key (String ty pe, Sessio n session, long keyI D, String algorithm, | |
95 | int keyL ength, CK_ ATTRIBUTE[ ] attribut es) { | |
96 | th is.type = type; | |
97 | th is.token = session.t oken; | |
98 | th is.keyID = keyID; | |
99 | th is.algorit hm = algor ithm; | |
100 | th is.keyLeng th = keyLe ngth; | |
101 | bo olean toke nObject = false; | |
102 | bo olean sens itive = fa lse; | |
103 | bo olean extr actable = true; | |
104 | in t n = (att ributes == null) ? 0 : attribu tes.length ; | |
105 | fo r (int i = 0; i < n; i++) { | |
106 | CK_ATTRI BUTE attr = attribut es[i]; | |
107 | if (attr .type == C KA_TOKEN) { | |
108 | toke nObject = attr.getBo olean(); | |
109 | } else i f (attr.ty pe == CKA_ SENSITIVE) { | |
110 | sens itive = at tr.getBool ean(); | |
111 | } else i f (attr.ty pe == CKA_ EXTRACTABL E) { | |
112 | extr actable = attr.getBo olean(); | |
113 | } | |
114 | } | |
115 | th is.tokenOb ject = tok enObject; | |
116 | th is.sensiti ve = sensi tive; | |
117 | th is.extract able = ext ractable; | |
118 | if (tokenObj ect == fal se) { | |
119 | sessionK eyRef = ne w SessionK eyRef(this , keyID, s ession); | |
120 | } else { | |
121 | sessionK eyRef = nu ll; | |
122 | } | |
123 | } | |
124 | ||
125 | // see JCA spec | |
126 | public final Str ing getAlg orithm() { | |
127 | to ken.ensure Valid(); | |
128 | re turn algor ithm; | |
129 | } | |
130 | ||
131 | // see JCA spec | |
132 | public final byt e[] getEnc oded() { | |
133 | by te[] b = g etEncodedI nternal(); | |
134 | re turn (b == null) ? n ull : b.cl one(); | |
135 | } | |
136 | ||
137 | abstra ct byte[] getEncoded Internal() ; | |
138 | ||
139 | public boolean e quals(Obje ct obj) { | |
140 | if (this == obj) { | |
141 | return t rue; | |
142 | } | |
143 | // equals() should nev er throw e xceptions | |
144 | if (token.is Valid() == false) { | |
145 | return f alse; | |
146 | } | |
147 | if (obj inst anceof Key == false) { | |
148 | return f alse; | |
149 | } | |
150 | St ring thisF ormat = ge tFormat(); | |
151 | if (thisForm at == null ) { | |
152 | // no en coding, ke y only equ al to itse lf | |
153 | // XXX g etEncoded( ) for unex tractable keys will change tha t | |
154 | return f alse; | |
155 | } | |
156 | Ke y other = (Key)obj; | |
157 | if (thisForm at.equals( other.getF ormat()) = = false) { | |
158 | return f alse; | |
159 | } | |
160 | by te[] thisE nc = this. getEncoded Internal() ; | |
161 | by te[] other Enc; | |
162 | if (obj inst anceof P11 Key) { | |
163 | otherEnc = ((P11Ke y)other).g etEncodedI nternal(); | |
164 | } else { | |
165 | otherEnc = other.g etEncoded( ); | |
166 | } | |
167 | re turn Messa geDigest.i sEqual(thi sEnc, othe rEnc); | |
168 | } | |
169 | ||
170 | public int hashC ode() { | |
171 | // hashCode( ) should n ever throw exception s | |
172 | if (token.is Valid() == false) { | |
173 | return 0 ; | |
174 | } | |
175 | by te[] b1 = getEncoded Internal() ; | |
176 | if (b1 == nu ll) { | |
177 | return 0 ; | |
178 | } | |
179 | in t r = b1.l ength; | |
180 | fo r (int i = 0; i < b1 .length; i ++) { | |
181 | r += (b1 [i] & 0xff ) * 37; | |
182 | } | |
183 | re turn r; | |
184 | } | |
185 | ||
186 | protec ted Object writeRepl ace() thro ws ObjectS treamExcep tion { | |
187 | Ke yRep.Type type; | |
188 | St ring forma t = getFor mat(); | |
189 | if (isPrivat e() && "PK CS#8".equa ls(format) ) { | |
190 | type = K eyRep.Type .PRIVATE; | |
191 | } else if (i sPublic() && "X.509" .equals(fo rmat)) { | |
192 | type = K eyRep.Type .PUBLIC; | |
193 | } else if (i sSecret() && "RAW".e quals(form at)) { | |
194 | type = K eyRep.Type .SECRET; | |
195 | } else { | |
196 | // XXX s hort term serializat ion for un extractabl e keys | |
197 | throw ne w NotSeria lizableExc eption | |
198 | ("Ca nnot seria lize sensi tive and u nextractab le keys"); | |
199 | } | |
200 | re turn new K eyRep(type , getAlgor ithm(), fo rmat, getE ncoded()); | |
201 | } | |
202 | ||
203 | public String to String() { | |
204 | to ken.ensure Valid(); | |
205 | St ring s1 = token.prov ider.getNa me() + " " + algorit hm + " " + type | |
206 | + " key, " + k eyLength + " bits"; | |
207 | s1 += " (id " + keyID + ", " | |
208 | + (t okenObject ? "token" : "sessio n") + " ob ject"; | |
209 | if (isPublic ()) { | |
210 | s1 += ") "; | |
211 | } else { | |
212 | s1 += ", " + (sens itive ? "" : "not ") + "sensit ive"; | |
213 | s1 += ", " + (extr actable ? "" : "un") + "extrac table)"; | |
214 | } | |
215 | re turn s1; | |
216 | } | |
217 | ||
218 | /** | |
219 | * Ret urn bit le ngth of th e key. | |
220 | */ | |
221 | @Overr ide | |
222 | public int lengt h() { | |
223 | re turn keyLe ngth; | |
224 | } | |
225 | ||
226 | boolea n isPublic () { | |
227 | re turn type == PUBLIC; | |
228 | } | |
229 | ||
230 | boolea n isPrivat e() { | |
231 | re turn type == PRIVATE ; | |
232 | } | |
233 | ||
234 | boolea n isSecret () { | |
235 | re turn type == SECRET; | |
236 | } | |
237 | ||
238 | void f etchAttrib utes(CK_AT TRIBUTE[] attributes ) { | |
239 | Se ssion temp Session = null; | |
240 | tr y { | |
241 | tempSess ion = toke n.getOpSes sion(); | |
242 | token.p1 1.C_GetAtt ributeValu e(tempSess ion.id(), keyID, att ributes); | |
243 | } catch (PKC S11Excepti on e) { | |
244 | throw ne w Provider Exception( e); | |
245 | } finally { | |
246 | token.re leaseSessi on(tempSes sion); | |
247 | } | |
248 | } | |
249 | ||
250 | privat e final st atic CK_AT TRIBUTE[] A0 = new C K_ATTRIBUT E[0]; | |
251 | ||
252 | privat e static C K_ATTRIBUT E[] getAtt ributes(Se ssion sess ion, long keyID, | |
253 | CK_ATTRI BUTE[] kno wnAttribut es, CK_ATT RIBUTE[] d esiredAttr ibutes) { | |
254 | if (knownAtt ributes == null) { | |
255 | knownAtt ributes = A0; | |
256 | } | |
257 | fo r (int i = 0; i < de siredAttri butes.leng th; i++) { | |
258 | // For e ach desire d attribut e, check t o see if w e have the value | |
259 | // avail able alrea dy. If eve rything is here, we save a nat ive call. | |
260 | CK_ATTRI BUTE attr = desiredA ttributes[ i]; | |
261 | for (CK_ ATTRIBUTE known : kn ownAttribu tes) { | |
262 | if ( (attr.type == known. type) && ( known.pVal ue != null )) { | |
263 | attr.pValu e = known. pValue; | |
264 | break; // break inne r for loop | |
265 | } | |
266 | } | |
267 | if (attr .pValue == null) { | |
268 | // n othing fou nd, need t o call C_G etAttribut eValue() | |
269 | for (int j = 0 ; j < i; j ++) { | |
270 | // clear v alues copi ed from kn ownAttribu tes | |
271 | desiredAtt ributes[j] .pValue = null; | |
272 | } | |
273 | try { | |
274 | session.to ken.p11.C_ GetAttribu teValue | |
275 | (s ession.id( ), keyID, desiredAtt ributes); | |
276 | } ca tch (PKCS1 1Exception e) { | |
277 | throw new ProviderEx ception(e) ; | |
278 | } | |
279 | brea k; // brea k loop, go to return | |
280 | } | |
281 | } | |
282 | re turn desir edAttribut es; | |
283 | } | |
284 | ||
285 | static Sec retKey PW Key(Sessio n session, long keyI D, String algorithm, | |
286 | int keyL ength, CK_ ATTRIBUTE[ ] attribut es) { | |
287 | at tributes = getAttrib utes(sessi on, keyID, attribute s, new CK_ ATTRIBUTE[ ] { | |
288 | new CK_A TTRIBUTE(C KA_TOKEN), | |
289 | new CK_A TTRIBUTE(C KA_SENSITI VE), | |
290 | new CK_A TTRIBUTE(C KA_EXTRACT ABLE), | |
291 | }) ; | |
292 | re turn new P 11SecretKe y(session, keyID, al gorithm, k eyLength, attributes ); | |
293 | } | |
294 | ||
295 | static SecretKey masterSec retKey(Ses sion sessi on, long k eyID, Stri ng algorit hm, | |
296 | int keyL ength, CK_ ATTRIBUTE[ ] attribut es, int ma jor, int m inor) { | |
297 | at tributes = getAttrib utes(sessi on, keyID, attribute s, new CK_ ATTRIBUTE[ ] { | |
298 | new CK_A TTRIBUTE(C KA_TOKEN), | |
299 | new CK_A TTRIBUTE(C KA_SENSITI VE), | |
300 | new CK_A TTRIBUTE(C KA_EXTRACT ABLE), | |
301 | }) ; | |
302 | re turn new P 11TlsMaste rSecretKey | |
303 | (ses sion, keyI D, algorit hm, keyLen gth, attri butes, maj or, minor) ; | |
304 | } | |
305 | ||
306 | // we assume tha t all comp onents of public key s are alwa ys accessi ble | |
307 | static PublicKey publicKey (Session s ession, lo ng keyID, String alg orithm, | |
308 | int keyL ength, CK_ ATTRIBUTE[ ] attribut es) { | |
309 | sw itch (algo rithm) { | |
310 | case "RS A": | |
311 | retu rn new P11 RSAPublicK ey | |
312 | (session, keyID, alg orithm, ke yLength, a ttributes) ; | |
313 | case "DS A": | |
314 | retu rn new P11 DSAPublicK ey | |
315 | (session, keyID, alg orithm, ke yLength, a ttributes) ; | |
316 | case "DH ": | |
317 | retu rn new P11 DHPublicKe y | |
318 | (session, keyID, alg orithm, ke yLength, a ttributes) ; | |
319 | case "EC ": | |
320 | retu rn new P11 ECPublicKe y | |
321 | (session, keyID, alg orithm, ke yLength, a ttributes) ; | |
322 | default: | |
323 | thro w new Prov iderExcept ion | |
324 | ("Unknown public key algorithm " + algor ithm); | |
325 | } | |
326 | } | |
327 | ||
328 | static PrivateKe y privateK ey(Session session, long keyID , String a lgorithm, | |
329 | int keyL ength, CK_ ATTRIBUTE[ ] attribut es) { | |
330 | at tributes = getAttrib utes(sessi on, keyID, attribute s, new CK_ ATTRIBUTE[ ] { | |
331 | new CK_A TTRIBUTE(C KA_TOKEN), | |
332 | new CK_A TTRIBUTE(C KA_SENSITI VE), | |
333 | new CK_A TTRIBUTE(C KA_EXTRACT ABLE), | |
334 | }) ; | |
335 | if (attribut es[1].getB oolean() | | (attribu tes[2].get Boolean() == false)) { | |
336 | return n ew P11Priv ateKey | |
337 | (ses sion, keyI D, algorit hm, keyLen gth, attri butes); | |
338 | } else { | |
339 | switch ( algorithm) { | |
340 | case "RSA": | |
341 | // XXX bet ter test f or RSA CRT keys (sin gle getAtt ributes() call) | |
342 | // we need to determ ine whethe r this is a CRT key | |
343 | // see if we can obt ain the pu blic expon ent | |
344 | // this sh ould also be readabl e for sens itive/extr actable ke ys | |
345 | CK_ATTRIBU TE[] attrs 2 = new CK _ATTRIBUTE [] { | |
346 | new CK _ATTRIBUTE (CKA_PUBLI C_EXPONENT ), | |
347 | }; | |
348 | boolean cr tKey; | |
349 | try { | |
350 | sessio n.token.p1 1.C_GetAtt ributeValu e | |
351 | (s ession.id( ), keyID, attrs2); | |
352 | crtKey = (attrs2 [0].pValue instanceo f byte[]); | |
353 | } catch (P KCS11Excep tion e) { | |
354 | // ign ore, assum e not avai lable | |
355 | crtKey = false; | |
356 | } | |
357 | if (crtKey ) { | |
358 | return new P11RS APrivateKe y | |
359 | (session , keyID, a lgorithm, keyLength, attribute s); | |
360 | } else { | |
361 | return new P11RS APrivateNo nCRTKey | |
362 | (session , keyID, a lgorithm, keyLength, attribute s); | |
363 | } | |
364 | case "DSA": | |
365 | return new P11DSAPri vateKey | |
366 | (s ession, ke yID, algor ithm, keyL ength, att ributes); | |
367 | case "DH": | |
368 | return new P11DHPriv ateKey | |
369 | (s ession, ke yID, algor ithm, keyL ength, att ributes); | |
370 | case "EC": | |
371 | return new P11ECPriv ateKey | |
372 | (s ession, ke yID, algor ithm, keyL ength, att ributes); | |
373 | defa ult: | |
374 | throw new ProviderEx ception | |
375 | (" Unknown pr ivate key algorithm " + algori thm); | |
376 | } | |
377 | } | |
378 | } | |
379 | ||
380 | // cla ss for sen sitive and unextract able priva te keys | |
381 | privat e static f inal class P11Privat eKey exten ds P11Key | |
382 | im plements P rivateKey { | |
383 | pr ivate stat ic final l ong serial VersionUID = -213858 1185214187 615L; | |
384 | ||
385 | P1 1PrivateKe y(Session session, l ong keyID, String al gorithm, | |
386 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
387 | super(PR IVATE, ses sion, keyI D, algorit hm, keyLen gth, attri butes); | |
388 | } | |
389 | // XXX tempo rary encod ing for se rializatio n purposes | |
390 | pu blic Strin g getForma t() { | |
391 | token.en sureValid( ); | |
392 | return n ull; | |
393 | } | |
394 | by te[] getEn codedInter nal() { | |
395 | token.en sureValid( ); | |
396 | return n ull; | |
397 | } | |
398 | } | |
399 | ||
400 | privat e static c lass P11Se cretKey ex tends P11K ey impleme nts Secret Key { | |
401 | pr ivate stat ic final l ong serial VersionUID = -782824 1727014329 084L; | |
402 | pr ivate vola tile byte[ ] encoded; | |
403 | P1 1SecretKey (Session s ession, lo ng keyID, String alg orithm, | |
404 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
405 | super(SE CRET, sess ion, keyID , algorith m, keyLeng th, attrib utes); | |
406 | } | |
407 | pu blic Strin g getForma t() { | |
408 | token.en sureValid( ); | |
409 | if (sens itive || ( extractabl e == false )) { | |
410 | retu rn null; | |
411 | } else { | |
412 | retu rn "RAW"; | |
413 | } | |
414 | } | |
415 | by te[] getEn codedInter nal() { | |
416 | token.en sureValid( ); | |
417 | if (getF ormat() == null) { | |
418 | retu rn null; | |
419 | } | |
420 | byte[] b = encoded ; | |
421 | if (b == null) { | |
422 | sync hronized ( this) { | |
423 | b = encode d; | |
424 | if (b == n ull) { | |
425 | Sessio n tempSess ion = null ; | |
426 | try { | |
427 | te mpSession = token.ge tOpSession (); | |
428 | CK _ATTRIBUTE [] attribu tes = new CK_ATTRIBU TE[] { | |
429 | new CK_A TTRIBUTE(C KA_VALUE), | |
430 | }; | |
431 | to ken.p11.C_ GetAttribu teValue | |
432 | (tempSes sion.id(), keyID, at tributes); | |
433 | b = attribut es[0].getB yteArray() ; | |
434 | } catc h (PKCS11E xception e ) { | |
435 | th row new Pr oviderExce ption(e); | |
436 | } fina lly { | |
437 | to ken.releas eSession(t empSession ); | |
438 | } | |
439 | encode d = b; | |
440 | } | |
441 | } | |
442 | } | |
443 | return b ; | |
444 | } | |
445 | } | |
446 | ||
447 | privat e static c lass P11Tl sMasterSec retKey ext ends P11Se cretKey | |
448 | implemen ts TlsMast erSecret { | |
449 | pr ivate stat ic final l ong serial VersionUID = -131856 0923770573 441L; | |
450 | ||
451 | pr ivate fina l int majo rVersion, minorVersi on; | |
452 | P1 1TlsMaster SecretKey( Session se ssion, lon g keyID, S tring algo rithm, | |
453 | int keyLength, CK_ATTRIB UTE[] attr ibutes, in t major, i nt minor) { | |
454 | super(se ssion, key ID, algori thm, keyLe ngth, attr ibutes); | |
455 | this.maj orVersion = major; | |
456 | this.min orVersion = minor; | |
457 | } | |
458 | pu blic int g etMajorVer sion() { | |
459 | return m ajorVersio n; | |
460 | } | |
461 | ||
462 | pu blic int g etMinorVer sion() { | |
463 | return m inorVersio n; | |
464 | } | |
465 | } | |
466 | ||
467 | // RSA CRT priva te key | |
468 | privat e static f inal class P11RSAPri vateKey ex tends P11K ey | |
469 | impl ements RSA PrivateCrt Key { | |
470 | pr ivate stat ic final l ong serial VersionUID = 9215872 4389135152 20L; | |
471 | ||
472 | pr ivate BigI nteger n, e, d, p, q , pe, qe, coeff; | |
473 | pr ivate byte [] encoded ; | |
474 | P1 1RSAPrivat eKey(Sessi on session , long key ID, String algorithm , | |
475 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
476 | super(PR IVATE, ses sion, keyI D, algorit hm, keyLen gth, attri butes); | |
477 | } | |
478 | pr ivate sync hronized v oid fetchV alues() { | |
479 | token.en sureValid( ); | |
480 | if (n != null) { | |
481 | retu rn; | |
482 | } | |
483 | CK_ATTRI BUTE[] att ributes = new CK_ATT RIBUTE[] { | |
484 | new CK_ATTRIBU TE(CKA_MOD ULUS), | |
485 | new CK_ATTRIBU TE(CKA_PUB LIC_EXPONE NT), | |
486 | new CK_ATTRIBU TE(CKA_PRI VATE_EXPON ENT), | |
487 | new CK_ATTRIBU TE(CKA_PRI ME_1), | |
488 | new CK_ATTRIBU TE(CKA_PRI ME_2), | |
489 | new CK_ATTRIBU TE(CKA_EXP ONENT_1), | |
490 | new CK_ATTRIBU TE(CKA_EXP ONENT_2), | |
491 | new CK_ATTRIBU TE(CKA_COE FFICIENT), | |
492 | }; | |
493 | fetchAtt ributes(at tributes); | |
494 | n = attr ibutes[0]. getBigInte ger(); | |
495 | e = attr ibutes[1]. getBigInte ger(); | |
496 | d = attr ibutes[2]. getBigInte ger(); | |
497 | p = attr ibutes[3]. getBigInte ger(); | |
498 | q = attr ibutes[4]. getBigInte ger(); | |
499 | pe = att ributes[5] .getBigInt eger(); | |
500 | qe = att ributes[6] .getBigInt eger(); | |
501 | coeff = attributes [7].getBig Integer(); | |
502 | } | |
503 | pu blic Strin g getForma t() { | |
504 | token.en sureValid( ); | |
505 | return " PKCS#8"; | |
506 | } | |
507 | sy nchronized byte[] ge tEncodedIn ternal() { | |
508 | token.en sureValid( ); | |
509 | if (enco ded == nul l) { | |
510 | fetc hValues(); | |
511 | try { | |
512 | // XXX mak e construc tor in Sun RsaSign pr ovider pub lic | |
513 | // and cal l it direc tly | |
514 | KeyFactory factory = KeyFactor y.getInsta nce | |
515 | ("RSA" , P11Util. getSunRsaS ignProvide r()); | |
516 | Key newKey = factory .translate Key(this); | |
517 | encoded = newKey.get Encoded(); | |
518 | } ca tch (Gener alSecurity Exception e) { | |
519 | throw new ProviderEx ception(e) ; | |
520 | } | |
521 | } | |
522 | return e ncoded; | |
523 | } | |
524 | pu blic BigIn teger getM odulus() { | |
525 | fetchVal ues(); | |
526 | return n ; | |
527 | } | |
528 | pu blic BigIn teger getP ublicExpon ent() { | |
529 | fetchVal ues(); | |
530 | return e ; | |
531 | } | |
532 | pu blic BigIn teger getP rivateExpo nent() { | |
533 | fetchVal ues(); | |
534 | return d ; | |
535 | } | |
536 | pu blic BigIn teger getP rimeP() { | |
537 | fetchVal ues(); | |
538 | return p ; | |
539 | } | |
540 | pu blic BigIn teger getP rimeQ() { | |
541 | fetchVal ues(); | |
542 | return q ; | |
543 | } | |
544 | pu blic BigIn teger getP rimeExpone ntP() { | |
545 | fetchVal ues(); | |
546 | return p e; | |
547 | } | |
548 | pu blic BigIn teger getP rimeExpone ntQ() { | |
549 | fetchVal ues(); | |
550 | return q e; | |
551 | } | |
552 | pu blic BigIn teger getC rtCoeffici ent() { | |
553 | fetchVal ues(); | |
554 | return c oeff; | |
555 | } | |
556 | } | |
557 | ||
558 | // RSA non-CRT p rivate key | |
559 | privat e static f inal class P11RSAPri vateNonCRT Key extend s P11Key | |
560 | impl ements RSA PrivateKey { | |
561 | pr ivate stat ic final l ong serial VersionUID = 1137764 9837774114 81L; | |
562 | ||
563 | pr ivate BigI nteger n, d; | |
564 | pr ivate byte [] encoded ; | |
565 | P1 1RSAPrivat eNonCRTKey (Session s ession, lo ng keyID, String alg orithm, | |
566 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
567 | super(PR IVATE, ses sion, keyI D, algorit hm, keyLen gth, attri butes); | |
568 | } | |
569 | pr ivate sync hronized v oid fetchV alues() { | |
570 | token.en sureValid( ); | |
571 | if (n != null) { | |
572 | retu rn; | |
573 | } | |
574 | CK_ATTRI BUTE[] att ributes = new CK_ATT RIBUTE[] { | |
575 | new CK_ATTRIBU TE(CKA_MOD ULUS), | |
576 | new CK_ATTRIBU TE(CKA_PRI VATE_EXPON ENT), | |
577 | }; | |
578 | fetchAtt ributes(at tributes); | |
579 | n = attr ibutes[0]. getBigInte ger(); | |
580 | d = attr ibutes[1]. getBigInte ger(); | |
581 | } | |
582 | pu blic Strin g getForma t() { | |
583 | token.en sureValid( ); | |
584 | return " PKCS#8"; | |
585 | } | |
586 | sy nchronized byte[] ge tEncodedIn ternal() { | |
587 | token.en sureValid( ); | |
588 | if (enco ded == nul l) { | |
589 | fetc hValues(); | |
590 | try { | |
591 | // XXX mak e construc tor in Sun RsaSign pr ovider pub lic | |
592 | // and cal l it direc tly | |
593 | KeyFactory factory = KeyFactor y.getInsta nce | |
594 | ("RSA" , P11Util. getSunRsaS ignProvide r()); | |
595 | Key newKey = factory .translate Key(this); | |
596 | encoded = newKey.get Encoded(); | |
597 | } ca tch (Gener alSecurity Exception e) { | |
598 | throw new ProviderEx ception(e) ; | |
599 | } | |
600 | } | |
601 | return e ncoded; | |
602 | } | |
603 | pu blic BigIn teger getM odulus() { | |
604 | fetchVal ues(); | |
605 | return n ; | |
606 | } | |
607 | pu blic BigIn teger getP rivateExpo nent() { | |
608 | fetchVal ues(); | |
609 | return d ; | |
610 | } | |
611 | } | |
612 | ||
613 | privat e static f inal class P11RSAPub licKey ext ends P11Ke y | |
614 | im plements R SAPublicKe y { | |
615 | pr ivate stat ic final l ong serial VersionUID = -826726 2890238544 55L; | |
616 | ||
617 | pr ivate BigI nteger n, e; | |
618 | pr ivate byte [] encoded ; | |
619 | P1 1RSAPublic Key(Sessio n session, long keyI D, String algorithm, | |
620 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
621 | super(PU BLIC, sess ion, keyID , algorith m, keyLeng th, attrib utes); | |
622 | } | |
623 | pr ivate sync hronized v oid fetchV alues() { | |
624 | token.en sureValid( ); | |
625 | if (n != null) { | |
626 | retu rn; | |
627 | } | |
628 | CK_ATTRI BUTE[] att ributes = new CK_ATT RIBUTE[] { | |
629 | new CK_ATTRIBU TE(CKA_MOD ULUS), | |
630 | new CK_ATTRIBU TE(CKA_PUB LIC_EXPONE NT), | |
631 | }; | |
632 | fetchAtt ributes(at tributes); | |
633 | n = attr ibutes[0]. getBigInte ger(); | |
634 | e = attr ibutes[1]. getBigInte ger(); | |
635 | } | |
636 | pu blic Strin g getForma t() { | |
637 | token.en sureValid( ); | |
638 | return " X.509"; | |
639 | } | |
640 | sy nchronized byte[] ge tEncodedIn ternal() { | |
641 | token.en sureValid( ); | |
642 | if (enco ded == nul l) { | |
643 | fetc hValues(); | |
644 | try { | |
645 | encoded = new RSAPub licKeyImpl (n, e).get Encoded(); | |
646 | } ca tch (Inval idKeyExcep tion e) { | |
647 | throw new ProviderEx ception(e) ; | |
648 | } | |
649 | } | |
650 | return e ncoded; | |
651 | } | |
652 | pu blic BigIn teger getM odulus() { | |
653 | fetchVal ues(); | |
654 | return n ; | |
655 | } | |
656 | pu blic BigIn teger getP ublicExpon ent() { | |
657 | fetchVal ues(); | |
658 | return e ; | |
659 | } | |
660 | pu blic Strin g toString () { | |
661 | fetchVal ues(); | |
662 | return s uper.toStr ing() + " \n modulu s: " + n | |
663 | + "\ n public exponent: " + e; | |
664 | } | |
665 | } | |
666 | ||
667 | privat e static f inal class P11DSAPub licKey ext ends P11Ke y | |
668 | im plements D SAPublicKe y { | |
669 | pr ivate stat ic final l ong serial VersionUID = 5989753 7933163966 37L; | |
670 | ||
671 | pr ivate BigI nteger y; | |
672 | pr ivate DSAP arams para ms; | |
673 | pr ivate byte [] encoded ; | |
674 | P1 1DSAPublic Key(Sessio n session, long keyI D, String algorithm, | |
675 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
676 | super(PU BLIC, sess ion, keyID , algorith m, keyLeng th, attrib utes); | |
677 | } | |
678 | pr ivate sync hronized v oid fetchV alues() { | |
679 | token.en sureValid( ); | |
680 | if (y != null) { | |
681 | retu rn; | |
682 | } | |
683 | CK_ATTRI BUTE[] att ributes = new CK_ATT RIBUTE[] { | |
684 | new CK_ATTRIBU TE(CKA_VAL UE), | |
685 | new CK_ATTRIBU TE(CKA_PRI ME), | |
686 | new CK_ATTRIBU TE(CKA_SUB PRIME), | |
687 | new CK_ATTRIBU TE(CKA_BAS E), | |
688 | }; | |
689 | fetchAtt ributes(at tributes); | |
690 | y = attr ibutes[0]. getBigInte ger(); | |
691 | params = new DSAPa rameterSpe c( | |
692 | attr ibutes[1]. getBigInte ger(), | |
693 | attr ibutes[2]. getBigInte ger(), | |
694 | attr ibutes[3]. getBigInte ger() | |
695 | ); | |
696 | } | |
697 | pu blic Strin g getForma t() { | |
698 | token.en sureValid( ); | |
699 | return " X.509"; | |
700 | } | |
701 | sy nchronized byte[] ge tEncodedIn ternal() { | |
702 | token.en sureValid( ); | |
703 | if (enco ded == nul l) { | |
704 | fetc hValues(); | |
705 | try { | |
706 | Key key = new sun.se curity.pro vider.DSAP ublicKey | |
707 | (y , params.g etP(), par ams.getQ() , params.g etG()); | |
708 | encoded = key.getEnc oded(); | |
709 | } ca tch (Inval idKeyExcep tion e) { | |
710 | throw new ProviderEx ception(e) ; | |
711 | } | |
712 | } | |
713 | return e ncoded; | |
714 | } | |
715 | pu blic BigIn teger getY () { | |
716 | fetchVal ues(); | |
717 | return y ; | |
718 | } | |
719 | pu blic DSAPa rams getPa rams() { | |
720 | fetchVal ues(); | |
721 | return p arams; | |
722 | } | |
723 | pu blic Strin g toString () { | |
724 | fetchVal ues(); | |
725 | return s uper.toStr ing() + " \n y: " + y + "\n p: " + par ams.getP() | |
726 | + "\ n q: " + params.get Q() + "\n g: " + pa rams.getG( ); | |
727 | } | |
728 | } | |
729 | ||
730 | privat e static f inal class P11DSAPri vateKey ex tends P11K ey | |
731 | im plements D SAPrivateK ey { | |
732 | pr ivate stat ic final l ong serial VersionUID = 3119629 9971819993 89L; | |
733 | ||
734 | pr ivate BigI nteger x; | |
735 | pr ivate DSAP arams para ms; | |
736 | pr ivate byte [] encoded ; | |
737 | P1 1DSAPrivat eKey(Sessi on session , long key ID, String algorithm , | |
738 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
739 | super(PR IVATE, ses sion, keyI D, algorit hm, keyLen gth, attri butes); | |
740 | } | |
741 | pr ivate sync hronized v oid fetchV alues() { | |
742 | token.en sureValid( ); | |
743 | if (x != null) { | |
744 | retu rn; | |
745 | } | |
746 | CK_ATTRI BUTE[] att ributes = new CK_ATT RIBUTE[] { | |
747 | new CK_ATTRIBU TE(CKA_VAL UE), | |
748 | new CK_ATTRIBU TE(CKA_PRI ME), | |
749 | new CK_ATTRIBU TE(CKA_SUB PRIME), | |
750 | new CK_ATTRIBU TE(CKA_BAS E), | |
751 | }; | |
752 | fetchAtt ributes(at tributes); | |
753 | x = attr ibutes[0]. getBigInte ger(); | |
754 | params = new DSAPa rameterSpe c( | |
755 | attr ibutes[1]. getBigInte ger(), | |
756 | attr ibutes[2]. getBigInte ger(), | |
757 | attr ibutes[3]. getBigInte ger() | |
758 | ); | |
759 | } | |
760 | pu blic Strin g getForma t() { | |
761 | token.en sureValid( ); | |
762 | return " PKCS#8"; | |
763 | } | |
764 | sy nchronized byte[] ge tEncodedIn ternal() { | |
765 | token.en sureValid( ); | |
766 | if (enco ded == nul l) { | |
767 | fetc hValues(); | |
768 | try { | |
769 | Key key = new sun.se curity.pro vider.DSAP rivateKey | |
770 | (x , params.g etP(), par ams.getQ() , params.g etG()); | |
771 | encoded = key.getEnc oded(); | |
772 | } ca tch (Inval idKeyExcep tion e) { | |
773 | throw new ProviderEx ception(e) ; | |
774 | } | |
775 | } | |
776 | return e ncoded; | |
777 | } | |
778 | pu blic BigIn teger getX () { | |
779 | fetchVal ues(); | |
780 | return x ; | |
781 | } | |
782 | pu blic DSAPa rams getPa rams() { | |
783 | fetchVal ues(); | |
784 | return p arams; | |
785 | } | |
786 | } | |
787 | ||
788 | privat e static f inal class P11DHPriv ateKey ext ends P11Ke y | |
789 | im plements D HPrivateKe y { | |
790 | pr ivate stat ic final l ong serial VersionUID = -169857 6167364928 838L; | |
791 | ||
792 | pr ivate BigI nteger x; | |
793 | pr ivate DHPa rameterSpe c params; | |
794 | pr ivate byte [] encoded ; | |
795 | P1 1DHPrivate Key(Sessio n session, long keyI D, String algorithm, | |
796 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
797 | super(PR IVATE, ses sion, keyI D, algorit hm, keyLen gth, attri butes); | |
798 | } | |
799 | pr ivate sync hronized v oid fetchV alues() { | |
800 | token.en sureValid( ); | |
801 | if (x != null) { | |
802 | retu rn; | |
803 | } | |
804 | CK_ATTRI BUTE[] att ributes = new CK_ATT RIBUTE[] { | |
805 | new CK_ATTRIBU TE(CKA_VAL UE), | |
806 | new CK_ATTRIBU TE(CKA_PRI ME), | |
807 | new CK_ATTRIBU TE(CKA_BAS E), | |
808 | }; | |
809 | fetchAtt ributes(at tributes); | |
810 | x = attr ibutes[0]. getBigInte ger(); | |
811 | params = new DHPar ameterSpec ( | |
812 | attr ibutes[1]. getBigInte ger(), | |
813 | attr ibutes[2]. getBigInte ger() | |
814 | ); | |
815 | } | |
816 | pu blic Strin g getForma t() { | |
817 | token.en sureValid( ); | |
818 | return " PKCS#8"; | |
819 | } | |
820 | sy nchronized byte[] ge tEncodedIn ternal() { | |
821 | token.en sureValid( ); | |
822 | if (enco ded == nul l) { | |
823 | fetc hValues(); | |
824 | try { | |
825 | DHPrivateK eySpec spe c = new DH PrivateKey Spec | |
826 | (x, pa rams.getP( ), params. getG()); | |
827 | KeyFactory kf = KeyF actory.get Instance | |
828 | ("DH", P11Util.g etSunJcePr ovider()); | |
829 | Key key = kf.generat ePrivate(s pec); | |
830 | encoded = key.getEnc oded(); | |
831 | } ca tch (Gener alSecurity Exception e) { | |
832 | throw new ProviderEx ception(e) ; | |
833 | } | |
834 | } | |
835 | return e ncoded; | |
836 | } | |
837 | pu blic BigIn teger getX () { | |
838 | fetchVal ues(); | |
839 | return x ; | |
840 | } | |
841 | pu blic DHPar ameterSpec getParams () { | |
842 | fetchVal ues(); | |
843 | return p arams; | |
844 | } | |
845 | pu blic int h ashCode() { | |
846 | if (toke n.isValid( ) == false ) { | |
847 | retu rn 0; | |
848 | } | |
849 | fetchVal ues(); | |
850 | return O bjects.has h(x, param s.getP(), params.get G()); | |
851 | } | |
852 | pu blic boole an equals( Object obj ) { | |
853 | if (this == obj) r eturn true ; | |
854 | // equal s() should never thr ow excepti ons | |
855 | if (toke n.isValid( ) == false ) { | |
856 | retu rn false; | |
857 | } | |
858 | if (!(ob j instance of DHPriva teKey)) { | |
859 | retu rn false; | |
860 | } | |
861 | fetchVal ues(); | |
862 | DHPrivat eKey other = (DHPriv ateKey) ob j; | |
863 | DHParame terSpec ot herParams = other.ge tParams(); | |
864 | return ( (this.x.co mpareTo(ot her.getX() ) == 0) && | |
865 | (this.para ms.getP(). compareTo( otherParam s.getP()) == 0) && | |
866 | (this.para ms.getG(). compareTo( otherParam s.getG()) == 0)); | |
867 | } | |
868 | } | |
869 | ||
870 | privat e static f inal class P11DHPubl icKey exte nds P11Key | |
871 | im plements D HPublicKey { | |
872 | st atic final long seri alVersionU ID = -5983 8387215384 3657L; | |
873 | ||
874 | pr ivate BigI nteger y; | |
875 | pr ivate DHPa rameterSpe c params; | |
876 | pr ivate byte [] encoded ; | |
877 | P1 1DHPublicK ey(Session session, long keyID , String a lgorithm, | |
878 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
879 | super(PU BLIC, sess ion, keyID , algorith m, keyLeng th, attrib utes); | |
880 | } | |
881 | pr ivate sync hronized v oid fetchV alues() { | |
882 | token.en sureValid( ); | |
883 | if (y != null) { | |
884 | retu rn; | |
885 | } | |
886 | CK_ATTRI BUTE[] att ributes = new CK_ATT RIBUTE[] { | |
887 | new CK_ATTRIBU TE(CKA_VAL UE), | |
888 | new CK_ATTRIBU TE(CKA_PRI ME), | |
889 | new CK_ATTRIBU TE(CKA_BAS E), | |
890 | }; | |
891 | fetchAtt ributes(at tributes); | |
892 | y = attr ibutes[0]. getBigInte ger(); | |
893 | params = new DHPar ameterSpec ( | |
894 | attr ibutes[1]. getBigInte ger(), | |
895 | attr ibutes[2]. getBigInte ger() | |
896 | ); | |
897 | } | |
898 | pu blic Strin g getForma t() { | |
899 | token.en sureValid( ); | |
900 | return " X.509"; | |
901 | } | |
902 | sy nchronized byte[] ge tEncodedIn ternal() { | |
903 | token.en sureValid( ); | |
904 | if (enco ded == nul l) { | |
905 | fetc hValues(); | |
906 | try { | |
907 | DHPublicKe ySpec spec = new DHP ublicKeySp ec | |
908 | (y, pa rams.getP( ), params. getG()); | |
909 | KeyFactory kf = KeyF actory.get Instance | |
910 | ("DH", P11Util.g etSunJcePr ovider()); | |
911 | Key key = kf.generat ePublic(sp ec); | |
912 | encoded = key.getEnc oded(); | |
913 | } ca tch (Gener alSecurity Exception e) { | |
914 | throw new ProviderEx ception(e) ; | |
915 | } | |
916 | } | |
917 | return e ncoded; | |
918 | } | |
919 | pu blic BigIn teger getY () { | |
920 | fetchVal ues(); | |
921 | return y ; | |
922 | } | |
923 | pu blic DHPar ameterSpec getParams () { | |
924 | fetchVal ues(); | |
925 | return p arams; | |
926 | } | |
927 | pu blic Strin g toString () { | |
928 | fetchVal ues(); | |
929 | return s uper.toStr ing() + " \n y: " + y + "\n p: " + par ams.getP() | |
930 | + "\ n g: " + params.get G(); | |
931 | } | |
932 | pu blic int h ashCode() { | |
933 | if (toke n.isValid( ) == false ) { | |
934 | retu rn 0; | |
935 | } | |
936 | fetchVal ues(); | |
937 | return O bjects.has h(y, param s.getP(), params.get G()); | |
938 | } | |
939 | pu blic boole an equals( Object obj ) { | |
940 | if (this == obj) r eturn true ; | |
941 | // equal s() should never thr ow excepti ons | |
942 | if (toke n.isValid( ) == false ) { | |
943 | retu rn false; | |
944 | } | |
945 | if (!(ob j instance of DHPubli cKey)) { | |
946 | retu rn false; | |
947 | } | |
948 | fetchVal ues(); | |
949 | DHPublic Key other = (DHPubli cKey) obj; | |
950 | DHParame terSpec ot herParams = other.ge tParams(); | |
951 | return ( (this.y.co mpareTo(ot her.getY() ) == 0) && | |
952 | (this.para ms.getP(). compareTo( otherParam s.getP()) == 0) && | |
953 | (this.para ms.getG(). compareTo( otherParam s.getG()) == 0)); | |
954 | } | |
955 | } | |
956 | ||
957 | privat e static f inal class P11ECPriv ateKey ext ends P11Ke y | |
958 | im plements E CPrivateKe y { | |
959 | pr ivate stat ic final l ong serial VersionUID = -778605 4399510515 515L; | |
960 | ||
961 | pr ivate BigI nteger s; | |
962 | pr ivate ECPa rameterSpe c params; | |
963 | pr ivate byte [] encoded ; | |
964 | P1 1ECPrivate Key(Sessio n session, long keyI D, String algorithm, | |
965 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
966 | super(PR IVATE, ses sion, keyI D, algorit hm, keyLen gth, attri butes); | |
967 | } | |
968 | pr ivate sync hronized v oid fetchV alues() { | |
969 | token.en sureValid( ); | |
970 | if (s != null) { | |
971 | retu rn; | |
972 | } | |
973 | CK_ATTRI BUTE[] att ributes = new CK_ATT RIBUTE[] { | |
974 | new CK_ATTRIBU TE(CKA_VAL UE), | |
975 | new CK_ATTRIBU TE(CKA_EC_ PARAMS, pa rams), | |
976 | }; | |
977 | fetchAtt ributes(at tributes); | |
978 | s = attr ibutes[0]. getBigInte ger(); | |
979 | try { | |
980 | para ms = P11EC KeyFactory .decodePar ameters | |
981 | (a ttributes[ 1].getByte Array()); | |
982 | } catch (Exception e) { | |
983 | thro w new Runt imeExcepti on("Could not parse key values ", e); | |
984 | } | |
985 | } | |
986 | pu blic Strin g getForma t() { | |
987 | token.en sureValid( ); | |
988 | return " PKCS#8"; | |
989 | } | |
990 | sy nchronized byte[] ge tEncodedIn ternal() { | |
991 | token.en sureValid( ); | |
992 | if (enco ded == nul l) { | |
993 | fetc hValues(); | |
994 | try { | |
995 | Key key = P11ECUtil. generateEC PrivateKey (s, params ); | |
996 | encoded = key.getEnc oded(); | |
997 | } ca tch (Inval idKeySpecE xception e ) { | |
998 | throw new ProviderEx ception(e) ; | |
999 | } | |
1000 | } | |
1001 | return e ncoded; | |
1002 | } | |
1003 | pu blic BigIn teger getS () { | |
1004 | fetchVal ues(); | |
1005 | return s ; | |
1006 | } | |
1007 | pu blic ECPar ameterSpec getParams () { | |
1008 | fetchVal ues(); | |
1009 | return p arams; | |
1010 | } | |
1011 | } | |
1012 | ||
1013 | privat e static f inal class P11ECPubl icKey exte nds P11Key | |
1014 | im plements E CPublicKey { | |
1015 | pr ivate stat ic final l ong serial VersionUID = -637148 1375154806 089L; | |
1016 | ||
1017 | pr ivate ECPo int w; | |
1018 | pr ivate ECPa rameterSpe c params; | |
1019 | pr ivate byte [] encoded ; | |
1020 | P1 1ECPublicK ey(Session session, long keyID , String a lgorithm, | |
1021 | int keyLength, CK_ATTRIB UTE[] attr ibutes) { | |
1022 | super(PU BLIC, sess ion, keyID , algorith m, keyLeng th, attrib utes); | |
1023 | } | |
1024 | pr ivate sync hronized v oid fetchV alues() { | |
1025 | token.en sureValid( ); | |
1026 | if (w != null) { | |
1027 | retu rn; | |
1028 | } | |
1029 | CK_ATTRI BUTE[] att ributes = new CK_ATT RIBUTE[] { | |
1030 | new CK_ATTRIBU TE(CKA_EC_ POINT), | |
1031 | new CK_ATTRIBU TE(CKA_EC_ PARAMS), | |
1032 | }; | |
1033 | fetchAtt ributes(at tributes); | |
1034 | ||
1035 | try { | |
1036 | para ms = P11EC KeyFactory .decodePar ameters | |
1037 | (a ttributes[ 1].getByte Array()); | |
1038 | byte [] ecKey = attribute s[0].getBy teArray(); | |
1039 | ||
1040 | // C heck wheth er the X9. 63 encodin g of an EC point is wrapped | |
1041 | // i n an ASN.1 OCTET STR ING | |
1042 | if ( !token.con fig.getUse EcX963Enco ding()) { | |
1043 | DerValue w ECPoint = new DerVal ue(ecKey); | |
1044 | ||
1045 | if (wECPoi nt.getTag( ) != DerVa lue.tag_Oc tetString) { | |
1046 | throw new IOExce ption("Cou ld not DER decode EC point." + | |
1047 | " Unexpected tag: " + wECPoint.g etTag()); | |
1048 | } | |
1049 | w = P11ECK eyFactory. decodePoin t | |
1050 | (wECPo int.getDat aBytes(), params.get Curve()); | |
1051 | ||
1052 | } el se { | |
1053 | w = P11ECK eyFactory. decodePoin t(ecKey, p arams.getC urve()); | |
1054 | } | |
1055 | ||
1056 | } catch (Exception e) { | |
1057 | thro w new Runt imeExcepti on("Could not parse key values ", e); | |
1058 | } | |
1059 | } | |
1060 | pu blic Strin g getForma t() { | |
1061 | token.en sureValid( ); | |
1062 | return " X.509"; | |
1063 | } | |
1064 | sy nchronized byte[] ge tEncodedIn ternal() { | |
1065 | token.en sureValid( ); | |
1066 | if (enco ded == nul l) { | |
1067 | fetc hValues(); | |
1068 | try { | |
1069 | return P11 ECUtil.x50 9EncodeECP ublicKey(w , params); | |
1070 | } ca tch (Inval idKeySpecE xception e ) { | |
1071 | throw new ProviderEx ception(e) ; | |
1072 | } | |
1073 | } | |
1074 | return e ncoded; | |
1075 | } | |
1076 | pu blic ECPoi nt getW() { | |
1077 | fetchVal ues(); | |
1078 | return w ; | |
1079 | } | |
1080 | pu blic ECPar ameterSpec getParams () { | |
1081 | fetchVal ues(); | |
1082 | return p arams; | |
1083 | } | |
1084 | pu blic Strin g toString () { | |
1085 | fetchVal ues(); | |
1086 | return s uper.toStr ing() | |
1087 | + "\ n public x coord: " + w.getAf fineX() | |
1088 | + "\ n public y coord: " + w.getAf fineY() | |
1089 | + "\ n paramet ers: " + p arams; | |
1090 | } | |
1091 | } | |
1092 | } | |
1093 | ||
1094 | /* | |
1095 | * NOTE: M ust use Ph antomRefer ence here and not We akReferenc e | |
1096 | * otherwi se the key maybe cle ared befor e other ob jects whic h | |
1097 | * still u se these k eys during finalizat ion such a s SSLSocke t. | |
1098 | */ | |
1099 | final clas s SessionK eyRef exte nds Phanto mReference <P11Key> | |
1100 | implem ents Compa rable<Sess ionKeyRef> { | |
1101 | privat e static R eferenceQu eue<P11Key > refQueue = | |
1102 | ne w Referenc eQueue<P11 Key>(); | |
1103 | privat e static S et<Session KeyRef> re fList = | |
1104 | Co llections. synchroniz edSortedSe t(new Tree Set<Sessio nKeyRef>() ); | |
1105 | ||
1106 | static Reference Queue<P11K ey> refere nceQueue() { | |
1107 | re turn refQu eue; | |
1108 | } | |
1109 | ||
1110 | privat e static v oid drainR efQueueBou nded() { | |
1111 | wh ile (true) { | |
1112 | SessionK eyRef next = (Sessio nKeyRef) r efQueue.po ll(); | |
1113 | if (next == null) break; | |
1114 | next.dis pose(); | |
1115 | } | |
1116 | } | |
1117 | ||
1118 | // han dle to the native ke y | |
1119 | privat e long key ID; | |
1120 | privat e Session session; | |
1121 | ||
1122 | Sessio nKeyRef(P1 1Key key , long keyI D, Session session) { | |
1123 | su per(key, r efQueue); | |
1124 | th is.keyID = keyID; | |
1125 | th is.session = session ; | |
1126 | th is.session .addObject (); | |
1127 | re fList.add( this); | |
1128 | // TBD: run at some in terval and not every time? | |
1129 | dr ainRefQueu eBounded() ; | |
1130 | } | |
1131 | ||
1132 | privat e void dis pose() { | |
1133 | re fList.remo ve(this); | |
1134 | if (session. token.isVa lid()) { | |
1135 | Session newSession = null; | |
1136 | try { | |
1137 | newS ession = s ession.tok en.getOpSe ssion(); | |
1138 | sess ion.token. p11.C_Dest royObject( newSession .id(), key ID); | |
1139 | } catch (PKCS11Exc eption e) { | |
1140 | // i gnore | |
1141 | } finall y { | |
1142 | this .clear(); | |
1143 | sess ion.token. releaseSes sion(newSe ssion); | |
1144 | sess ion.remove Object(); | |
1145 | } | |
1146 | } | |
1147 | } | |
1148 | ||
1149 | public int compa reTo(Sessi onKeyRef o ther) { | |
1150 | if (this.key ID == othe r.keyID) { | |
1151 | return 0 ; | |
1152 | } else { | |
1153 | return ( this.keyID < other.k eyID) ? -1 : 1; | |
1154 | } | |
1155 | } | |
1156 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.