132 algoType = getKeyType(algo);
133 } else {
134 algoType = getKeyType(algo);
135 long keyAlgorithmType = getKeyType(key.getAlgorithm());
136 if (algoType != keyAlgorithmType) {
137 if ((algoType == PCKK_HMAC) || (algoType == PCKK_SSLMAC)) {
138 // ignore key algorithm for MACs
139 } else {
140 throw new InvalidKeyException
141 ("Key algorithm must be " + algo);
142 }
143 }
144 }
145 if (key instanceof P11Key) {
146 P11Key p11Key = (P11Key)key;
147 if (p11Key.token == token) {
148 if (extraAttrs != null) {
149 Session session = null;
150 try {
151 session = token.getObjSession();
152 long newKeyID = token.p11.C_CopyObject(session.id(),
153 p11Key.keyID, extraAttrs);
154 p11Key = (P11Key) (P11Key.secretKey(session,
155 newKeyID, p11Key.algorithm, p11Key.keyLength,
156 extraAttrs));
157 } catch (PKCS11Exception p11e) {
158 throw new InvalidKeyException
159 ("Cannot duplicate the PKCS11 key", p11e);
160 } finally {
161 token.releaseSession(session);
162 }
163 }
164 return p11Key;
165 }
166 }
167 P11Key p11Key = token.secretCache.get(key);
168 if (p11Key != null) {
169 return p11Key;
170 }
171 if ("RAW".equalsIgnoreCase(key.getFormat()) == false) {
172 throw new InvalidKeyException("Encoded format must be RAW");
173 }
174 byte[] encoded = key.getEncoded();
175 p11Key = createKey(token, encoded, algo, algoType, extraAttrs);
176 token.secretCache.put(key, p11Key);
247 throw new InvalidKeyException("Could not create key", pe);
248 }
249 Session session = null;
250 try {
251 CK_ATTRIBUTE[] attributes;
252 if (extraAttrs != null) {
253 attributes = new CK_ATTRIBUTE[3 + extraAttrs.length];
254 System.arraycopy(extraAttrs, 0, attributes, 3,
255 extraAttrs.length);
256 } else {
257 attributes = new CK_ATTRIBUTE[3];
258 }
259 attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY);
260 attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType);
261 attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded);
262 attributes = token.getAttributes
263 (O_IMPORT, CKO_SECRET_KEY, keyType, attributes);
264 session = token.getObjSession();
265 long keyID = token.p11.C_CreateObject(session.id(), attributes);
266 P11Key p11Key = (P11Key)P11Key.secretKey
267 (session, keyID, algorithm, keyLength, attributes);
268 return p11Key;
269 } catch (PKCS11Exception e) {
270 throw new InvalidKeyException("Could not create key", e);
271 } finally {
272 token.releaseSession(session);
273 }
274 }
275
276 // see JCE spec
277 protected SecretKey engineGenerateSecret(KeySpec keySpec)
278 throws InvalidKeySpecException {
279 token.ensureValid();
280 if (keySpec == null) {
281 throw new InvalidKeySpecException("KeySpec must not be null");
282 }
283 if (keySpec instanceof SecretKeySpec) {
284 try {
285 Key key = convertKey(token, (SecretKey)keySpec, algorithm);
286 return (SecretKey)key;
287 } catch (InvalidKeyException e) {
|
132 algoType = getKeyType(algo);
133 } else {
134 algoType = getKeyType(algo);
135 long keyAlgorithmType = getKeyType(key.getAlgorithm());
136 if (algoType != keyAlgorithmType) {
137 if ((algoType == PCKK_HMAC) || (algoType == PCKK_SSLMAC)) {
138 // ignore key algorithm for MACs
139 } else {
140 throw new InvalidKeyException
141 ("Key algorithm must be " + algo);
142 }
143 }
144 }
145 if (key instanceof P11Key) {
146 P11Key p11Key = (P11Key)key;
147 if (p11Key.token == token) {
148 if (extraAttrs != null) {
149 Session session = null;
150 try {
151 session = token.getObjSession();
152 p11Key.incNativeKeyRef();
153 long newKeyID;
154 try {
155 newKeyID = token.p11.C_CopyObject(session.id(),
156 p11Key.keyID, extraAttrs);
157 } finally {
158 p11Key.decNativeKeyRef();
159 }
160 p11Key = (P11Key) (P11Key.secretKey(session,
161 newKeyID, p11Key.algorithm, p11Key.keyLength,
162 extraAttrs, true));
163 } catch (PKCS11Exception p11e) {
164 throw new InvalidKeyException
165 ("Cannot duplicate the PKCS11 key", p11e);
166 } finally {
167 token.releaseSession(session);
168 }
169 }
170 return p11Key;
171 }
172 }
173 P11Key p11Key = token.secretCache.get(key);
174 if (p11Key != null) {
175 return p11Key;
176 }
177 if ("RAW".equalsIgnoreCase(key.getFormat()) == false) {
178 throw new InvalidKeyException("Encoded format must be RAW");
179 }
180 byte[] encoded = key.getEncoded();
181 p11Key = createKey(token, encoded, algo, algoType, extraAttrs);
182 token.secretCache.put(key, p11Key);
253 throw new InvalidKeyException("Could not create key", pe);
254 }
255 Session session = null;
256 try {
257 CK_ATTRIBUTE[] attributes;
258 if (extraAttrs != null) {
259 attributes = new CK_ATTRIBUTE[3 + extraAttrs.length];
260 System.arraycopy(extraAttrs, 0, attributes, 3,
261 extraAttrs.length);
262 } else {
263 attributes = new CK_ATTRIBUTE[3];
264 }
265 attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY);
266 attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType);
267 attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded);
268 attributes = token.getAttributes
269 (O_IMPORT, CKO_SECRET_KEY, keyType, attributes);
270 session = token.getObjSession();
271 long keyID = token.p11.C_CreateObject(session.id(), attributes);
272 P11Key p11Key = (P11Key)P11Key.secretKey
273 (session, keyID, algorithm, keyLength, attributes, true);
274 return p11Key;
275 } catch (PKCS11Exception e) {
276 throw new InvalidKeyException("Could not create key", e);
277 } finally {
278 token.releaseSession(session);
279 }
280 }
281
282 // see JCE spec
283 protected SecretKey engineGenerateSecret(KeySpec keySpec)
284 throws InvalidKeySpecException {
285 token.ensureValid();
286 if (keySpec == null) {
287 throw new InvalidKeySpecException("KeySpec must not be null");
288 }
289 if (keySpec instanceof SecretKeySpec) {
290 try {
291 Key key = convertKey(token, (SecretKey)keySpec, algorithm);
292 return (SecretKey)key;
293 } catch (InvalidKeyException e) {
|