Produced by Araxis Merge on 9/25/2018 2:13:23 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | Config.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\pkcs11 | Config.java | Wed Sep 12 17:53:05 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 3 | 2032 |
Changed | 2 | 6 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 200 3, 2013, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .pkcs11; | |
27 | ||
28 | import jav a.io.*; | |
29 | import sta tic java.i o.StreamTo kenizer.*; | |
30 | import jav a.math.Big Integer; | |
31 | import jav a.util.*; | |
32 | ||
33 | import jav a.security .*; | |
34 | ||
35 | import sun .security. action.Get PropertyAc tion; | |
36 | import sun .security. util.Prope rtyExpande r; | |
37 | ||
38 | import sun .security. pkcs11.wra pper.*; | |
39 | import sta tic sun.se curity.pkc s11.wrappe r.PKCS11Co nstants.*; | |
40 | import sta tic sun.se curity.pkc s11.wrappe r.CK_ATTRI BUTE.*; | |
41 | ||
42 | import sta tic sun.se curity.pkc s11.Templa teManager. *; | |
43 | ||
44 | /** | |
45 | * Configu ration con tainer and file pars ing. | |
46 | * | |
47 | * @author Andreas Sterbenz | |
48 | * @since 1.5 | |
49 | */ | |
50 | final clas s Config { | |
51 | ||
52 | static final int ERR_HALT = 1; | |
53 | static final int ERR_IGNOR E_ALL = 2; | |
54 | static final int ERR_IGNOR E_LIB = 3; | |
55 | static final int ERR_IGNOR E_MULTI_IN IT = 4; | |
56 | ||
57 | // sam e as allow SingleThre adedModule s but cont rolled via a system property | |
58 | // and applied t o all prov iders. if set to fal se, no Sun PKCS11 ins tances | |
59 | // wil l accept s ingle thre aded modul es regardl ess of the setting i n their | |
60 | // con fig files. | |
61 | privat e static f inal boole an staticA llowSingle ThreadedMo dules; | |
62 | ||
63 | static { | |
64 | St ring p = " sun.securi ty.pkcs11. allowSingl eThreadedM odules"; | |
65 | St ring s = A ccessContr oller.doPr ivileged(n ew GetProp ertyAction (p)); | |
66 | if ("false". equalsIgno reCase(s)) { | |
67 | staticAl lowSingleT hreadedMod ules = fal se; | |
68 | } else { | |
69 | staticAl lowSingleT hreadedMod ules = tru e; | |
70 | } | |
71 | } | |
72 | ||
73 | // tem porary sto rage for c onfigurati ons | |
74 | // nee ded becaus e the SunP KCS11 need s to call the superc lass const ructor | |
75 | // in provider b efore acce ssing any instance v ariables | |
76 | privat e final st atic Map<S tring,Conf ig> config Map = | |
77 | new HashMa p<String,C onfig>(); | |
78 | ||
79 | static Config ge tConfig(fi nal String name, fin al InputSt ream strea m) { | |
80 | Co nfig confi g = config Map.get(na me); | |
81 | if (config ! = null) { | |
82 | return c onfig; | |
83 | } | |
84 | tr y { | |
85 | config = new Confi g(name, st ream); | |
86 | configMa p.put(name , config); | |
87 | return c onfig; | |
88 | } catch (Exc eption e) { | |
89 | throw ne w Provider Exception( "Error par sing confi guration", e); | |
90 | } | |
91 | } | |
92 | ||
93 | static Config re moveConfig (String na me) { | |
94 | re turn confi gMap.remov e(name); | |
95 | } | |
96 | ||
97 | privat e final st atic boole an DEBUG = false; | |
98 | ||
99 | privat e static v oid debug( Object o) { | |
100 | if (DEBUG) { | |
101 | System.o ut.println (o); | |
102 | } | |
103 | } | |
104 | ||
105 | // Rea der and St ringTokeni zer used d uring pars ing | |
106 | privat e Reader r eader; | |
107 | ||
108 | privat e StreamTo kenizer st ; | |
109 | ||
110 | privat e Set<Stri ng> parsed Keywords; | |
111 | ||
112 | // nam e suffix o f the prov ider | |
113 | privat e String n ame; | |
114 | ||
115 | // nam e of the P KCS#11 lib rary | |
116 | privat e String l ibrary; | |
117 | ||
118 | // des cription t o pass to the provid er class | |
119 | privat e String d escription ; | |
120 | ||
121 | // slo tID of the slot to u se | |
122 | privat e int slot ID = -1; | |
123 | ||
124 | // slo t to use, specified as index i n the slot list | |
125 | privat e int slot ListIndex = -1; | |
126 | ||
127 | // set of enable d mechanis ms (or nul l to use d efault) | |
128 | privat e Set<Long > enabledM echanisms; | |
129 | ||
130 | // set of disabl ed mechani sms | |
131 | privat e Set<Long > disabled Mechanisms ; | |
132 | ||
133 | // whe ther to pr int debug info durin g startup | |
134 | privat e boolean showInfo = false; | |
135 | ||
136 | // tem plate mana ger, initi alized fro m parsed a ttributes | |
137 | privat e Template Manager te mplateMana ger; | |
138 | ||
139 | // how to handle error dur ing startu p, one of ERR_ | |
140 | privat e int hand leStartupE rrors = ER R_HALT; | |
141 | ||
142 | // fla g indicati ng whether the P11Ke yStore sho uld | |
143 | // be more toler ant of inp ut paramet ers | |
144 | privat e boolean keyStoreCo mpatibilit yMode = tr ue; | |
145 | ||
146 | // fla g indicati ng whether we need t o explicit ly cancel operations | |
147 | // see Token | |
148 | privat e boolean explicitCa ncel = tru e; | |
149 | ||
150 | // how often to test for t oken inser tion, if n o token is present | |
151 | privat e int inse rtionCheck Interval = 2000; | |
152 | ||
153 | // fla g inidicat ing whethe r to omit the call t o C_Initia lize() | |
154 | // sho uld be use d only if we are run ning withi n a proces s that | |
155 | // has already c alled it ( e.g. Plugi n inside o f Mozilla/ NSS) | |
156 | privat e boolean omitInitia lize = fal se; | |
157 | ||
158 | // whe ther to al low module s that onl y support single thr eaded acce ss. | |
159 | // the y cannot b e used saf ely from m ultiple PK CS#11 cons umers in t he | |
160 | // sam e process, for examp le NSS and SunPKCS11 | |
161 | privat e boolean allowSingl eThreadedM odules = t rue; | |
162 | ||
163 | // nam e of the C function that retur ns the PKC S#11 funct ionlist | |
164 | // Thi s option p rimarily e xists for the deprec ated | |
165 | // Sec mod.Module .getProvid er() metho d. | |
166 | privat e String f unctionLis t = "C_Get FunctionLi st"; | |
167 | ||
168 | // whe ther to us e NSS secm od mode. I mplicitly set if nss LibraryDir ectory, | |
169 | // nss SecmodDire ctory, or nssModule is specifi ed. | |
170 | privat e boolean nssUseSecm od; | |
171 | ||
172 | // loc ation of t he NSS lib rary files (libnss3. so, etc.) | |
173 | privat e String n ssLibraryD irectory; | |
174 | ||
175 | // loc ation of s ecmod.db | |
176 | privat e String n ssSecmodDi rectory; | |
177 | ||
178 | // whi ch NSS mod ule to use | |
179 | privat e String n ssModule; | |
180 | ||
181 | privat e Secmod.D bMode nssD bMode = Se cmod.DbMod e.READ_WRI TE; | |
182 | ||
183 | // Whe ther the P 11KeyStore should sp ecify the CKA_NETSCA PE_DB attr ibute | |
184 | // whe n creating private k eys. Only valid if n ssUseSecmo d is true. | |
185 | privat e boolean nssNetscap eDbWorkaro und = true ; | |
186 | ||
187 | // Spe cial init argument s tring for the NSS so fttoken. | |
188 | // Thi s is used when using the NSS s ofttoken d irectly wi thout secm od mode. | |
189 | privat e String n ssArgs; | |
190 | ||
191 | // whe ther to us e NSS trus t attribut es for the KeyStore of this pr ovider | |
192 | // thi s option i s for inte rnal use b y the SunP KCS11 code only and | |
193 | // wor ks only fo r NSS prov iders crea ted via th e Secmod A PI | |
194 | privat e boolean nssUseSecm odTrust = false; | |
195 | ||
196 | // Fla g to indic ate whethe r the X9.6 3 encoding for EC po ints shall be used | |
197 | // (tr ue) or whe ther that encoding s hall be wr apped in a n ASN.1 Oc tetString | |
198 | // (fa lse). | |
199 | privat e boolean useEcX963E ncoding = false; | |
200 | ||
201 | // Fla g to indic ate whethe r NSS shou ld favour performanc e (false) or | |
202 | // mem ory footpr int (true) . | |
203 | privat e boolean nssOptimiz eSpace = f alse; | |
204 | ||
205 | privat e Config(S tring file name, Inpu tStream in ) throws I OException { | |
206 | if (in == nu ll) { | |
207 | if (file name.start sWith("--" )) { | |
208 | // i nline conf ig | |
209 | Stri ng config = filename .substring (2).replac e("\\n", " \n"); | |
210 | read er = new S tringReade r(config); | |
211 | } else { | |
212 | in = new FileI nputStream (expand(fi lename)); | |
213 | } | |
214 | } | |
215 | if (reader = = null) { | |
216 | reader = new Buffe redReader( new InputS treamReade r(in)); | |
217 | } | |
218 | pa rsedKeywor ds = new H ashSet<Str ing>(); | |
219 | st = new Str eamTokeniz er(reader) ; | |
220 | se tupTokeniz er(); | |
221 | pa rse(); | |
222 | } | |
223 | ||
224 | String getName() { | |
225 | re turn name; | |
226 | } | |
227 | ||
228 | String getLibrar y() { | |
229 | re turn libra ry; | |
230 | } | |
231 | ||
232 | String getDescri ption() { | |
233 | if (descript ion != nul l) { | |
234 | return d escription ; | |
235 | } | |
236 | re turn "SunP KCS11-" + name + " u sing libra ry " + lib rary; | |
237 | } | |
238 | ||
239 | int ge tSlotID() { | |
240 | re turn slotI D; | |
241 | } | |
242 | ||
243 | int ge tSlotListI ndex() { | |
244 | if ((slotID == -1) && (slotListI ndex == -1 )) { | |
245 | // if ne ither is s et, defaul t to first slot | |
246 | return 0 ; | |
247 | } else { | |
248 | return s lotListInd ex; | |
249 | } | |
250 | } | |
251 | ||
252 | boolea n getShowI nfo() { | |
253 | re turn (SunP KCS11.debu g != null) || showIn fo; | |
254 | } | |
255 | ||
256 | Templa teManager getTemplat eManager() { | |
257 | if (template Manager == null) { | |
258 | template Manager = new Templa teManager( ); | |
259 | } | |
260 | re turn templ ateManager ; | |
261 | } | |
262 | ||
263 | boolea n isEnable d(long m) { | |
264 | if (enabledM echanisms != null) { | |
265 | return e nabledMech anisms.con tains(Long .valueOf(m )); | |
266 | } | |
267 | if (disabled Mechanisms != null) { | |
268 | return ! disabledMe chanisms.c ontains(Lo ng.valueOf (m)); | |
269 | } | |
270 | re turn true; | |
271 | } | |
272 | ||
273 | int ge tHandleSta rtupErrors () { | |
274 | re turn handl eStartupEr rors; | |
275 | } | |
276 | ||
277 | boolea n getKeySt oreCompati bilityMode () { | |
278 | re turn keySt oreCompati bilityMode ; | |
279 | } | |
280 | ||
281 | boolea n getExpli citCancel( ) { | |
282 | re turn expli citCancel; | |
283 | } | |
284 | ||
285 | int ge tInsertion CheckInter val() { | |
286 | re turn inser tionCheckI nterval; | |
287 | } | |
288 | ||
289 | boolea n getOmitI nitialize( ) { | |
290 | re turn omitI nitialize; | |
291 | } | |
292 | ||
293 | boolea n getAllow SingleThre adedModule s() { | |
294 | re turn stati cAllowSing leThreaded Modules && allowSing leThreaded Modules; | |
295 | } | |
296 | ||
297 | String getFuncti onList() { | |
298 | re turn funct ionList; | |
299 | } | |
300 | ||
301 | boolea n getNssUs eSecmod() { | |
302 | re turn nssUs eSecmod; | |
303 | } | |
304 | ||
305 | String getNssLib raryDirect ory() { | |
306 | re turn nssLi braryDirec tory; | |
307 | } | |
308 | ||
309 | String getNssSec modDirecto ry() { | |
310 | re turn nssSe cmodDirect ory; | |
311 | } | |
312 | ||
313 | String getNssMod ule() { | |
314 | re turn nssMo dule; | |
315 | } | |
316 | ||
317 | Secmod .DbMode ge tNssDbMode () { | |
318 | re turn nssDb Mode; | |
319 | } | |
320 | ||
321 | public boolean g etNssNetsc apeDbWorka round() { | |
322 | re turn nssUs eSecmod && nssNetsca peDbWorkar ound; | |
323 | } | |
324 | ||
325 | String getNssArg s() { | |
326 | re turn nssAr gs; | |
327 | } | |
328 | ||
329 | boolea n getNssUs eSecmodTru st() { | |
330 | re turn nssUs eSecmodTru st; | |
331 | } | |
332 | ||
333 | boolea n getUseEc X963Encodi ng() { | |
334 | re turn useEc X963Encodi ng; | |
335 | } | |
336 | ||
337 | boolea n getNssOp timizeSpac e() { | |
338 | re turn nssOp timizeSpac e; | |
339 | } | |
340 | ||
341 | privat e static S tring expa nd(final S tring s) t hrows IOEx ception { | |
342 | tr y { | |
343 | return P ropertyExp ander.expa nd(s); | |
344 | } catch (Exc eption e) { | |
345 | throw ne w RuntimeE xception(e .getMessag e()); | |
346 | } | |
347 | } | |
348 | ||
349 | privat e void set upTokenize r() { | |
350 | st .resetSynt ax(); | |
351 | st .wordChars ('a', 'z') ; | |
352 | st .wordChars ('A', 'Z') ; | |
353 | st .wordChars ('0', '9') ; | |
354 | st .wordChars (':', ':') ; | |
355 | st .wordChars ('.', '.') ; | |
356 | st .wordChars ('_', '_') ; | |
357 | st .wordChars ('-', '-') ; | |
358 | st .wordChars ('/', '/') ; | |
359 | st .wordChars ('\\', '\\ '); | |
360 | st .wordChars ('$', '$') ; | |
361 | st .wordChars ('{', '{') ; // need {} for pro perty subs t | |
362 | st .wordChars ('}', '}') ; | |
363 | st .wordChars ('*', '*') ; | |
364 | st .wordChars ('+', '+') ; | |
365 | st .wordChars ('~', '~') ; | |
366 | // XXX check ASCII tab le and add all other character s except s pecial | |
367 | ||
368 | // special: #="(), | |
369 | st .whitespac eChars(0, ' '); | |
370 | st .commentCh ar('#'); | |
371 | st .eolIsSign ificant(tr ue); | |
372 | st .quoteChar ('\"'); | |
373 | } | |
374 | ||
375 | privat e Configur ationExcep tion excTo ken(String msg) { | |
376 | re turn new C onfigurati onExceptio n(msg + " " + st); | |
377 | } | |
378 | ||
379 | privat e Configur ationExcep tion excLi ne(String msg) { | |
380 | re turn new C onfigurati onExceptio n(msg + ", line " + st.lineno( )); | |
381 | } | |
382 | ||
383 | privat e void par se() throw s IOExcept ion { | |
384 | wh ile (true) { | |
385 | int toke n = nextTo ken(); | |
386 | if (toke n == TT_EO F) { | |
387 | brea k; | |
388 | } | |
389 | if (toke n == TT_EO L) { | |
390 | cont inue; | |
391 | } | |
392 | if (toke n != TT_WO RD) { | |
393 | thro w excToken ("Unexpect ed token:" ); | |
394 | } | |
395 | String w ord = st.s val; | |
396 | if (word .equals("n ame")) { | |
397 | name = parseSt ringEntry( word); | |
398 | } else i f (word.eq uals("libr ary")) { | |
399 | libr ary = pars eLibrary(w ord); | |
400 | } else i f (word.eq uals("desc ription")) { | |
401 | pars eDescripti on(word); | |
402 | } else i f (word.eq uals("slot ")) { | |
403 | pars eSlotID(wo rd); | |
404 | } else i f (word.eq uals("slot ListIndex" )) { | |
405 | pars eSlotListI ndex(word) ; | |
406 | } else i f (word.eq uals("enab ledMechani sms")) { | |
407 | pars eEnabledMe chanisms(w ord); | |
408 | } else i f (word.eq uals("disa bledMechan isms")) { | |
409 | pars eDisabledM echanisms( word); | |
410 | } else i f (word.eq uals("attr ibutes")) { | |
411 | pars eAttribute s(word); | |
412 | } else i f (word.eq uals("hand leStartupE rrors")) { | |
413 | pars eHandleSta rtupErrors (word); | |
414 | } else i f (word.en dsWith("in sertionChe ckInterval ")) { | |
415 | inse rtionCheck Interval = parseInte gerEntry(w ord); | |
416 | if ( insertionC heckInterv al < 100) { | |
417 | throw excL ine(word + " must be at least 100 ms"); | |
418 | } | |
419 | } else i f (word.eq uals("show Info")) { | |
420 | show Info = par seBooleanE ntry(word) ; | |
421 | } else i f (word.eq uals("keyS toreCompat ibilityMod e")) { | |
422 | keyS toreCompat ibilityMod e = parseB ooleanEntr y(word); | |
423 | } else i f (word.eq uals("expl icitCancel ")) { | |
424 | expl icitCancel = parseBo oleanEntry (word); | |
425 | } else i f (word.eq uals("omit Initialize ")) { | |
426 | omit Initialize = parseBo oleanEntry (word); | |
427 | } else i f (word.eq uals("allo wSingleThr eadedModul es")) { | |
428 | allo wSingleThr eadedModul es = parse BooleanEnt ry(word); | |
429 | } else i f (word.eq uals("func tionList") ) { | |
430 | func tionList = parseStri ngEntry(wo rd); | |
431 | } else i f (word.eq uals("nssU seSecmod") ) { | |
432 | nssU seSecmod = parseBool eanEntry(w ord); | |
433 | } else i f (word.eq uals("nssL ibraryDire ctory")) { | |
434 | nssL ibraryDire ctory = pa rseLibrary (word); | |
435 | nssU seSecmod = true; | |
436 | } else i f (word.eq uals("nssS ecmodDirec tory")) { | |
437 | nssS ecmodDirec tory = exp and(parseS tringEntry (word)); | |
438 | nssU seSecmod = true; | |
439 | } else i f (word.eq uals("nssM odule")) { | |
440 | nssM odule = pa rseStringE ntry(word) ; | |
441 | nssU seSecmod = true; | |
442 | } else i f (word.eq uals("nssD bMode")) { | |
443 | Stri ng mode = parseStrin gEntry(wor d); | |
444 | if ( mode.equal s("readWri te")) { | |
445 | nssDbMode = Secmod.D bMode.READ _WRITE; | |
446 | } el se if (mod e.equals(" readOnly") ) { | |
447 | nssDbMode = Secmod.D bMode.READ _ONLY; | |
448 | } el se if (mod e.equals(" noDb")) { | |
449 | nssDbMode = Secmod.D bMode.NO_D B; | |
450 | } el se { | |
451 | throw excT oken("nssD bMode must be one of readWrite , readOnly , and noDb :"); | |
452 | } | |
453 | nssU seSecmod = true; | |
454 | } else i f (word.eq uals("nssN etscapeDbW orkaround" )) { | |
455 | nssN etscapeDbW orkaround = parseBoo leanEntry( word); | |
456 | nssU seSecmod = true; | |
457 | } else i f (word.eq uals("nssA rgs")) { | |
458 | pars eNSSArgs(w ord); | |
459 | } else i f (word.eq uals("nssU seSecmodTr ust")) { | |
460 | nssU seSecmodTr ust = pars eBooleanEn try(word); | |
461 | } else i f (word.eq uals("useE cX963Encod ing")) { | |
462 | useE cX963Encod ing = pars eBooleanEn try(word); | |
463 | } else i f (word.eq uals("nssO ptimizeSpa ce")) { | |
464 | nssO ptimizeSpa ce = parse BooleanEnt ry(word); | |
465 | } else { | |
466 | thro w new Conf igurationE xception | |
467 | ("Unkn own keywor d '" + wor d + "', li ne " + st. lineno()); | |
468 | } | |
469 | parsedKe ywords.add (word); | |
470 | } | |
471 | re ader.close (); | |
472 | re ader = nul l; | |
473 | st = null; | |
474 | pa rsedKeywor ds = null; | |
475 | if (name == null) { | |
476 | throw ne w Configur ationExcep tion("name must be s pecified") ; | |
477 | } | |
478 | if (nssUseSe cmod == fa lse) { | |
479 | if (libr ary == nul l) { | |
480 | thro w new Conf igurationE xception(" library mu st be spec ified"); | |
481 | } | |
482 | } else { | |
483 | if (libr ary != nul l) { | |
484 | thro w new Conf igurationE xception | |
485 | ("library must not b e specifie d in NSS m ode"); | |
486 | } | |
487 | if ((slo tID != -1) || (slotL istIndex ! = -1)) { | |
488 | thro w new Conf igurationE xception | |
489 | ("slot and slotListI ndex must not be spe cified in NSS mode") ; | |
490 | } | |
491 | if (nssA rgs != nul l) { | |
492 | thro w new Conf igurationE xception | |
493 | ("nssArgs must not b e specifie d in NSS m ode"); | |
494 | } | |
495 | if (nssU seSecmodTr ust != fal se) { | |
496 | thro w new Conf igurationE xception(" nssUseSecm odTrust is an " | |
497 | + "interna l option a nd must no t be speci fied in NS S mode"); | |
498 | } | |
499 | } | |
500 | } | |
501 | ||
502 | // | |
503 | // Par sing helpe r methods | |
504 | // | |
505 | ||
506 | privat e int next Token() th rows IOExc eption { | |
507 | in t token = st.nextTok en(); | |
508 | de bug(st); | |
509 | re turn token ; | |
510 | } | |
511 | ||
512 | privat e void par seEquals() throws IO Exception { | |
513 | in t token = nextToken( ); | |
514 | if (token != '=') { | |
515 | throw ex cToken("Ex pected '=' , read"); | |
516 | } | |
517 | } | |
518 | ||
519 | privat e void par seOpenBrac es() throw s IOExcept ion { | |
520 | wh ile (true) { | |
521 | int toke n = nextTo ken(); | |
522 | if (toke n == TT_EO L) { | |
523 | cont inue; | |
524 | } | |
525 | if ((tok en == TT_W ORD) && st .sval.equa ls("{")) { | |
526 | retu rn; | |
527 | } | |
528 | throw ex cToken("Ex pected '{' , read"); | |
529 | } | |
530 | } | |
531 | ||
532 | privat e boolean isCloseBra ces(int to ken) { | |
533 | re turn (toke n == TT_WO RD) && st. sval.equal s("}"); | |
534 | } | |
535 | ||
536 | privat e String p arseWord() throws IO Exception { | |
537 | in t token = nextToken( ); | |
538 | if (token != TT_WORD) { | |
539 | throw ex cToken("Un expected v alue:"); | |
540 | } | |
541 | re turn st.sv al; | |
542 | } | |
543 | ||
544 | privat e String p arseString Entry(Stri ng keyword ) throws I OException { | |
545 | ch eckDup(key word); | |
546 | pa rseEquals( ); | |
547 | ||
548 | in t token = nextToken( ); | |
549 | if (token != TT_WORD & & token != '\"') { | |
550 | // not a word toke n nor a st ring enclo sed by dou ble quotes | |
551 | throw ex cToken("Un expected v alue:"); | |
552 | } | |
553 | St ring value = st.sval ; | |
554 | ||
555 | de bug(keywor d + ": " + value); | |
556 | re turn value ; | |
557 | } | |
558 | ||
559 | privat e boolean parseBoole anEntry(St ring keywo rd) throws IOExcepti on { | |
560 | ch eckDup(key word); | |
561 | pa rseEquals( ); | |
562 | bo olean valu e = parseB oolean(); | |
563 | de bug(keywor d + ": " + value); | |
564 | re turn value ; | |
565 | } | |
566 | ||
567 | privat e int pars eIntegerEn try(String keyword) throws IOE xception { | |
568 | ch eckDup(key word); | |
569 | pa rseEquals( ); | |
570 | in t value = decodeNumb er(parseWo rd()); | |
571 | de bug(keywor d + ": " + value); | |
572 | re turn value ; | |
573 | } | |
574 | ||
575 | privat e boolean parseBoole an() throw s IOExcept ion { | |
576 | St ring val = parseWord (); | |
577 | sw itch (val) { | |
578 | case "tr ue": | |
579 | retu rn true; | |
580 | case "fa lse": | |
581 | retu rn false; | |
582 | default: | |
583 | thro w excToken ("Expected boolean v alue, read :"); | |
584 | } | |
585 | } | |
586 | ||
587 | privat e String p arseLine() throws IO Exception { | |
588 | // allow quo ted string as part o f line | |
589 | St ring s = n ull; | |
590 | wh ile (true) { | |
591 | int toke n = nextTo ken(); | |
592 | if ((tok en == TT_E OL) || (to ken == TT_ EOF)) { | |
593 | brea k; | |
594 | } | |
595 | if (toke n != TT_WO RD && toke n != '\"') { | |
596 | thro w excToken ("Unexpect ed value") ; | |
597 | } | |
598 | if (s == null) { | |
599 | s = st.sval; | |
600 | } else { | |
601 | s = s + " " + st.sval; | |
602 | } | |
603 | } | |
604 | if (s == nul l) { | |
605 | throw ex cToken("Un expected e mpty line" ); | |
606 | } | |
607 | re turn s; | |
608 | } | |
609 | ||
610 | privat e int deco deNumber(S tring str) throws IO Exception { | |
611 | tr y { | |
612 | if (str. startsWith ("0x") || str.starts With("0X") ) { | |
613 | retu rn Integer .parseInt( str.substr ing(2), 16 ); | |
614 | } else { | |
615 | retu rn Integer .parseInt( str); | |
616 | } | |
617 | } catch (Num berFormatE xception e ) { | |
618 | throw ex cToken("Ex pected num ber, read" ); | |
619 | } | |
620 | } | |
621 | ||
622 | privat e static b oolean isN umber(Stri ng s) { | |
623 | if (s.length () == 0) { | |
624 | return f alse; | |
625 | } | |
626 | ch ar ch = s. charAt(0); | |
627 | re turn ((ch >= '0') && (ch <= '9 ')); | |
628 | } | |
629 | ||
630 | privat e void par seComma() throws IOE xception { | |
631 | in t token = nextToken( ); | |
632 | if (token != ',') { | |
633 | throw ex cToken("Ex pected ',' , read"); | |
634 | } | |
635 | } | |
636 | ||
637 | privat e static b oolean isB yteArray(S tring val) { | |
638 | re turn val.s tartsWith( "0h"); | |
639 | } | |
640 | ||
641 | privat e byte[] d ecodeByteA rray(Strin g str) thr ows IOExce ption { | |
642 | if (str.star tsWith("0h ") == fals e) { | |
643 | throw ex cToken("Ex pected byt e array va lue, read" ); | |
644 | } | |
645 | st r = str.su bstring(2) ; | |
646 | // XXX prope r hex pars ing | |
647 | tr y { | |
648 | return n ew BigInte ger(str, 1 6).toByteA rray(); | |
649 | } catch (Num berFormatE xception e ) { | |
650 | throw ex cToken("Ex pected byt e array va lue, read" ); | |
651 | } | |
652 | } | |
653 | ||
654 | privat e void che ckDup(Stri ng keyword ) throws I OException { | |
655 | if (parsedKe ywords.con tains(keyw ord)) { | |
656 | throw ex cLine(keyw ord + " mu st only be specified once"); | |
657 | } | |
658 | } | |
659 | ||
660 | // | |
661 | // ind ividual en try parsin g methods | |
662 | // | |
663 | ||
664 | privat e String p arseLibrar y(String k eyword) th rows IOExc eption { | |
665 | ch eckDup(key word); | |
666 | pa rseEquals( ); | |
667 | St ring lib = parseLine (); | |
668 | li b = expand (lib); | |
669 | in t i = lib. indexOf("/ $ISA/"); | |
670 | if (i != -1) { | |
671 | // repla ce "/$ISA/ " with "/s parcv9/" o n 64-bit S olaris SPA RC | |
672 | // and w ith "/amd6 4/" on Sol aris AMD64 . | |
673 | // On al l other pl atforms, j ust turn i t into a " /" | |
674 | String o sName = Sy stem.getPr operty("os .name", "" ); | |
675 | String o sArch = Sy stem.getPr operty("os .arch", "" ); | |
676 | String p refix = li b.substrin g(0, i); | |
677 | String s uffix = li b.substrin g(i + 5); | |
678 | if (osNa me.equals( "SunOS") & & osArch.e quals("spa rcv9")) { | |
679 | lib = prefix + "/sparcv9 " + suffix ; | |
680 | } else i f (osName. equals("Su nOS") && o sArch.equa ls("amd64" )) { | |
681 | lib = prefix + "/amd64" + suffix; | |
682 | } else { | |
683 | lib = prefix + suffix; | |
684 | } | |
685 | } | |
686 | de bug(keywor d + ": " + lib); | |
687 | ||
688 | // Check to see if ful l path is specified to prevent the DLL | |
689 | // preloadin g attack | |
690 | if (!(new Fi le(lib)).i sAbsolute( )) { | |
691 | throw ne w Configur ationExcep tion( | |
692 | "Abs olute path required for librar y value: " + lib); | |
693 | } | |
694 | re turn lib; | |
695 | } | |
696 | ||
697 | privat e void par seDescript ion(String keyword) throws IOE xception { | |
698 | ch eckDup(key word); | |
699 | pa rseEquals( ); | |
700 | de scription = parseLin e(); | |
701 | de bug("descr iption: " + descript ion); | |
702 | } | |
703 | ||
704 | privat e void par seSlotID(S tring keyw ord) throw s IOExcept ion { | |
705 | if (slotID > = 0) { | |
706 | throw ex cLine("Dup licate slo t definiti on"); | |
707 | } | |
708 | if (slotList Index >= 0 ) { | |
709 | throw ex cLine | |
710 | ("On ly one of slot and s lotListInd ex must be specified "); | |
711 | } | |
712 | pa rseEquals( ); | |
713 | St ring slotS tring = pa rseWord(); | |
714 | sl otID = dec odeNumber( slotString ); | |
715 | de bug("slot: " + slotI D); | |
716 | } | |
717 | ||
718 | privat e void par seSlotList Index(Stri ng keyword ) throws I OException { | |
719 | if (slotList Index >= 0 ) { | |
720 | throw ex cLine("Dup licate slo tListIndex definitio n"); | |
721 | } | |
722 | if (slotID > = 0) { | |
723 | throw ex cLine | |
724 | ("On ly one of slot and s lotListInd ex must be specified "); | |
725 | } | |
726 | pa rseEquals( ); | |
727 | St ring slotS tring = pa rseWord(); | |
728 | sl otListInde x = decode Number(slo tString); | |
729 | de bug("slotL istIndex: " + slotLi stIndex); | |
730 | } | |
731 | ||
732 | privat e void par seEnabledM echanisms( String key word) thro ws IOExcep tion { | |
733 | en abledMecha nisms = pa rseMechani sms(keywor d); | |
734 | } | |
735 | ||
736 | privat e void par seDisabled Mechanisms (String ke yword) thr ows IOExce ption { | |
737 | di sabledMech anisms = p arseMechan isms(keywo rd); | |
738 | } | |
739 | ||
740 | privat e Set<Long > parseMec hanisms(St ring keywo rd) throws IOExcepti on { | |
741 | ch eckDup(key word); | |
742 | Se t<Long> me chs = new HashSet<Lo ng>(); | |
743 | pa rseEquals( ); | |
744 | pa rseOpenBra ces(); | |
745 | wh ile (true) { | |
746 | int toke n = nextTo ken(); | |
747 | if (isCl oseBraces( token)) { | |
748 | brea k; | |
749 | } | |
750 | if (toke n == TT_EO L) { | |
751 | cont inue; | |
752 | } | |
753 | if (toke n != TT_WO RD) { | |
754 | thro w excToken ("Expected mechanism , read"); | |
755 | } | |
756 | long mec h = parseM echanism(s t.sval); | |
757 | mechs.ad d(Long.val ueOf(mech) ); | |
758 | } | |
759 | if (DEBUG) { | |
760 | System.o ut.print(" mechanisms : ["); | |
761 | for (Lon g mech : m echs) { | |
762 | Syst em.out.pri nt(Functio ns.getMech anismName( mech)); | |
763 | Syst em.out.pri nt(", "); | |
764 | } | |
765 | System.o ut.println ("]"); | |
766 | } | |
767 | re turn mechs ; | |
768 | } | |
769 | ||
770 | privat e long par seMechanis m(String m ech) throw s IOExcept ion { | |
771 | if (isNumber (mech)) { | |
772 | return d ecodeNumbe r(mech); | |
773 | } else { | |
774 | try { | |
775 | retu rn Functio ns.getMech anismId(me ch); | |
776 | } catch (IllegalAr gumentExce ption e) { | |
777 | thro w excLine( "Unknown m echanism: " + mech); | |
778 | } | |
779 | } | |
780 | } | |
781 | ||
782 | privat e void par seAttribut es(String keyword) t hrows IOEx ception { | |
783 | if (template Manager == null) { | |
784 | template Manager = new Templa teManager( ); | |
785 | } | |
786 | in t token = nextToken( ); | |
787 | if (token == '=') { | |
788 | String s = parseWo rd(); | |
789 | if (s.eq uals("comp atibility" ) == false ) { | |
790 | thro w excLine( "Expected 'compatibi lity', rea d " + s); | |
791 | } | |
792 | setCompa tibilityAt tributes() ; | |
793 | return; | |
794 | } | |
795 | if (token != '(') { | |
796 | throw ex cToken("Ex pected '(' or '=', r ead"); | |
797 | } | |
798 | St ring op = parseOpera tion(); | |
799 | pa rseComma() ; | |
800 | lo ng objectC lass = par seObjectCl ass(); | |
801 | pa rseComma() ; | |
802 | lo ng keyAlg = parseKey Algorithm( ); | |
803 | to ken = next Token(); | |
804 | if (token != ')') { | |
805 | throw ex cToken("Ex pected ')' , read"); | |
806 | } | |
807 | pa rseEquals( ); | |
808 | pa rseOpenBra ces(); | |
809 | Li st<CK_ATTR IBUTE> att ributes = new ArrayL ist<CK_ATT RIBUTE>(); | |
810 | wh ile (true) { | |
811 | token = nextToken( ); | |
812 | if (isCl oseBraces( token)) { | |
813 | brea k; | |
814 | } | |
815 | if (toke n == TT_EO L) { | |
816 | cont inue; | |
817 | } | |
818 | if (toke n != TT_WO RD) { | |
819 | thro w excToken ("Expected mechanism , read"); | |
820 | } | |
821 | String a ttributeNa me = st.sv al; | |
822 | long att ributeId = decodeAtt ributeName (attribute Name); | |
823 | parseEqu als(); | |
824 | String a ttributeVa lue = pars eWord(); | |
825 | attribut es.add(dec odeAttribu teValue(at tributeId, attribute Value)); | |
826 | } | |
827 | te mplateMana ger.addTem plate | |
828 | (op, objectCla ss, keyAlg , attribut es.toArray (CK_A0)); | |
829 | } | |
830 | ||
831 | privat e void set Compatibil ityAttribu tes() { | |
832 | // all PW keys | |
833 | te mplateMana ger.addTem plate(O_AN Y, CKO_SEC RET_KEY, P CKK_ANY, | |
834 | ne w CK_ATTRI BUTE[] { | |
835 | TOKEN_FA LSE, | |
836 | SENSITIV E_FALSE, | |
837 | EXTRACTA BLE_TRUE, | |
838 | ENCRYPT_ TRUE, | |
839 | DECRYPT_ TRUE, | |
840 | WRAP_TRU E, | |
841 | UNWRAP_T RUE, | |
842 | }) ; | |
843 | ||
844 | // generic PW keys are s pecial | |
845 | // They ar e used as MAC keys p lus for th e SSL/TLS (pre)maste r PW s | |
846 | te mplateMana ger.addTem plate(O_AN Y, CKO_SEC RET_KEY, C KK_GENERIC _SECRET, | |
847 | ne w CK_ATTRI BUTE[] { | |
848 | SIGN_TRU E, | |
849 | VERIFY_T RUE, | |
850 | ENCRYPT_ NULL, | |
851 | DECRYPT_ NULL, | |
852 | WRAP_NUL L, | |
853 | UNWRAP_N ULL, | |
854 | DERIVE_T RUE, | |
855 | }) ; | |
856 | ||
857 | // all priva te and pub lic keys | |
858 | te mplateMana ger.addTem plate(O_AN Y, CKO_PRI VATE_KEY, PCKK_ANY, | |
859 | ne w CK_ATTRI BUTE[] { | |
860 | TOKEN_FA LSE, | |
861 | SENSITIV E_FALSE, | |
862 | EXTRACTA BLE_TRUE, | |
863 | }) ; | |
864 | te mplateMana ger.addTem plate(O_AN Y, CKO_PUB LIC_KEY, P CKK_ANY, | |
865 | ne w CK_ATTRI BUTE[] { | |
866 | TOKEN_FA LSE, | |
867 | }) ; | |
868 | ||
869 | // additiona l attribut es for RSA private k eys | |
870 | te mplateMana ger.addTem plate(O_AN Y, CKO_PRI VATE_KEY, CKK_RSA, | |
871 | ne w CK_ATTRI BUTE[] { | |
872 | DECRYPT_ TRUE, | |
873 | SIGN_TRU E, | |
874 | SIGN_REC OVER_TRUE, | |
875 | UNWRAP_T RUE, | |
876 | }) ; | |
877 | // additiona l attribut es for RSA public ke ys | |
878 | te mplateMana ger.addTem plate(O_AN Y, CKO_PUB LIC_KEY, C KK_RSA, | |
879 | ne w CK_ATTRI BUTE[] { | |
880 | ENCRYPT_ TRUE, | |
881 | VERIFY_T RUE, | |
882 | VERIFY_R ECOVER_TRU E, | |
883 | WRAP_TRU E, | |
884 | }) ; | |
885 | ||
886 | // additiona l attribut es for DSA private k eys | |
887 | te mplateMana ger.addTem plate(O_AN Y, CKO_PRI VATE_KEY, CKK_DSA, | |
888 | ne w CK_ATTRI BUTE[] { | |
889 | SIGN_TRU E, | |
890 | }) ; | |
891 | // additiona l attribut es for DSA public ke ys | |
892 | te mplateMana ger.addTem plate(O_AN Y, CKO_PUB LIC_KEY, C KK_DSA, | |
893 | ne w CK_ATTRI BUTE[] { | |
894 | VERIFY_T RUE, | |
895 | }) ; | |
896 | ||
897 | // additiona l attribut es for DH private ke ys | |
898 | te mplateMana ger.addTem plate(O_AN Y, CKO_PRI VATE_KEY, CKK_DH, | |
899 | ne w CK_ATTRI BUTE[] { | |
900 | DERIVE_T RUE, | |
901 | }) ; | |
902 | ||
903 | // additiona l attribut es for EC private ke ys | |
904 | te mplateMana ger.addTem plate(O_AN Y, CKO_PRI VATE_KEY, CKK_EC, | |
905 | ne w CK_ATTRI BUTE[] { | |
906 | SIGN_TRU E, | |
907 | DERIVE_T RUE, | |
908 | }) ; | |
909 | // additiona l attribut es for EC public key s | |
910 | te mplateMana ger.addTem plate(O_AN Y, CKO_PUB LIC_KEY, C KK_EC, | |
911 | ne w CK_ATTRI BUTE[] { | |
912 | VERIFY_T RUE, | |
913 | }) ; | |
914 | } | |
915 | ||
916 | privat e final st atic CK_AT TRIBUTE[] CK_A0 = ne w CK_ATTRI BUTE[0]; | |
917 | ||
918 | privat e String p arseOperat ion() thro ws IOExcep tion { | |
919 | St ring op = parseWord( ); | |
920 | sw itch (op) { | |
921 | case "*" : | |
922 | retu rn Templat eManager.O _ANY; | |
923 | case "ge nerate": | |
924 | retu rn Templat eManager.O _GENERATE; | |
925 | case "im port": | |
926 | retu rn Templat eManager.O _IMPORT; | |
927 | default: | |
928 | thro w excLine( "Unknown o peration " + op); | |
929 | } | |
930 | } | |
931 | ||
932 | privat e long par seObjectCl ass() thro ws IOExcep tion { | |
933 | St ring name = parseWor d(); | |
934 | tr y { | |
935 | return F unctions.g etObjectCl assId(name ); | |
936 | } catch (Ill egalArgume ntExceptio n e) { | |
937 | throw ex cLine("Unk nown objec t class " + name); | |
938 | } | |
939 | } | |
940 | ||
941 | privat e long par seKeyAlgor ithm() thr ows IOExce ption { | |
942 | St ring name = parseWor d(); | |
943 | if (isNumber (name)) { | |
944 | return d ecodeNumbe r(name); | |
945 | } else { | |
946 | try { | |
947 | retu rn Functio ns.getKeyI d(name); | |
948 | } catch (IllegalAr gumentExce ption e) { | |
949 | thro w excLine( "Unknown k ey algorit hm " + nam e); | |
950 | } | |
951 | } | |
952 | } | |
953 | ||
954 | privat e long dec odeAttribu teName(Str ing name) throws IOE xception { | |
955 | if (isNumber (name)) { | |
956 | return d ecodeNumbe r(name); | |
957 | } else { | |
958 | try { | |
959 | retu rn Functio ns.getAttr ibuteId(na me); | |
960 | } catch (IllegalAr gumentExce ption e) { | |
961 | thro w excLine( "Unknown a ttribute n ame " + na me); | |
962 | } | |
963 | } | |
964 | } | |
965 | ||
966 | privat e CK_ATTRI BUTE decod eAttribute Value(long id, Strin g value) | |
967 | throws I OException { | |
968 | if (value.eq uals("null ")) { | |
969 | return n ew CK_ATTR IBUTE(id); | |
970 | } else if (v alue.equal s("true")) { | |
971 | return n ew CK_ATTR IBUTE(id, true); | |
972 | } else if (v alue.equal s("false") ) { | |
973 | return n ew CK_ATTR IBUTE(id, false); | |
974 | } else if (i sByteArray (value)) { | |
975 | return n ew CK_ATTR IBUTE(id, decodeByte Array(valu e)); | |
976 | } else if (i sNumber(va lue)) { | |
977 | return n ew CK_ATTR IBUTE(id, Integer.va lueOf(deco deNumber(v alue))); | |
978 | } else { | |
979 | throw ex cLine("Unk nown attri bute value " + value ); | |
980 | } | |
981 | } | |
982 | ||
983 | privat e void par seNSSArgs( String key word) thro ws IOExcep tion { | |
984 | ch eckDup(key word); | |
985 | pa rseEquals( ); | |
986 | in t token = nextToken( ); | |
987 | if (token != '"') { | |
988 | throw ex cToken("Ex pected quo ted string "); | |
989 | } | |
990 | ns sArgs = ex pand(st.sv al); | |
991 | de bug("nssAr gs: " + ns sArgs); | |
992 | } | |
993 | ||
994 | privat e void par seHandleSt artupError s(String k eyword) th rows IOExc eption { | |
995 | ch eckDup(key word); | |
996 | pa rseEquals( ); | |
997 | St ring val = parseWord (); | |
998 | if (val.equa ls("ignore All")) { | |
999 | handleSt artupError s = ERR_IG NORE_ALL; | |
1000 | } else if (v al.equals( "ignoreMis singLibrar y")) { | |
1001 | handleSt artupError s = ERR_IG NORE_LIB; | |
1002 | } else if (v al.equals( "halt")) { | |
1003 | handleSt artupError s = ERR_HA LT; | |
1004 | } else if (v al.equals( "ignoreMul tipleIniti alisation" )) { | |
1005 | handleSt artupError s = ERR_IG NORE_MULTI _INIT; | |
1006 | } else { | |
1007 | throw ex cToken("In valid valu e for hand leStartupE rrors:"); | |
1008 | } | |
1009 | de bug("handl eStartupEr rors: " + handleStar tupErrors) ; | |
1010 | } | |
1011 | ||
1012 | } | |
1013 | ||
1014 | class Conf igurationE xception e xtends IOE xception { | |
1015 | privat e static f inal long serialVers ionUID = 2 5449275880 7673194L; | |
1016 | Config urationExc eption(Str ing msg) { | |
1017 | su per(msg); | |
1018 | } | |
1019 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.