< prev index next >
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java
Print this page
@@ -1289,11 +1289,12 @@
token.p11.C_GetAttributeValue(session.id(), oHandle, attrs);
keyLength = (int)attrs[0].getLong();
}
}
- return P11Key.secretKey(session, oHandle, keyType, keyLength, null);
+ return P11Key.secretKey(session, oHandle, keyType, keyLength, null,
+ false);
}
private PrivateKey loadPkey(Session session, long oHandle)
throws PKCS11Exception, KeyStoreException {
@@ -1324,11 +1325,12 @@
return P11Key.privateKey(session,
oHandle,
keyType,
keyLength,
- null);
+ null,
+ false);
} else if (kType == CKK_DSA) {
keyType = "DSA";
@@ -1339,11 +1341,12 @@
return P11Key.privateKey(session,
oHandle,
keyType,
keyLength,
- null);
+ null,
+ false);
} else if (kType == CKK_DH) {
keyType = "DH";
@@ -1354,11 +1357,12 @@
return P11Key.privateKey(session,
oHandle,
keyType,
keyLength,
- null);
+ null,
+ false);
} else if (kType == CKK_EC) {
attrs = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_EC_PARAMS),
@@ -1372,11 +1376,12 @@
} catch (IOException e) {
// we do not want to accept key with unsupported parameters
throw new KeyStoreException("Unsupported parameters", e);
}
- return P11Key.privateKey(session, oHandle, "EC", keyLength, null);
+ return P11Key.privateKey(session, oHandle, "EC", keyLength, null,
+ false);
} else {
if (debug != null) {
debug.println("unknown key type [" + kType + "]");
}
@@ -1498,10 +1503,11 @@
// token key - set new CKA_ID
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_ID, alias) };
+ key.makeNativeKeyPersistent();
token.p11.C_SetAttributeValue
(session.id(), key.keyID, attrs);
if (debug != null) {
debug.println("updateP11Pkey set new alias [" +
alias +
@@ -1516,11 +1522,16 @@
new CK_ATTRIBUTE(CKA_ID, alias),
};
if (attribute != null) {
attrs = addAttribute(attrs, attribute);
}
+ key.incNativeKeyRef();
+ try {
token.p11.C_CopyObject(session.id(), key.keyID, attrs);
+ } finally {
+ key.decNativeKeyRef();
+ }
if (debug != null) {
debug.println("updateP11Pkey copied private session key " +
"for [" +
alias +
"] to token entry");
@@ -1624,11 +1635,12 @@
ATTR_SKEY_TOKEN_TRUE,
ATTR_PRIVATE_TRUE,
new CK_ATTRIBUTE(CKA_LABEL, alias),
};
try {
- P11SecretKeyFactory.convertKey(token, skey, null, attrs);
+ P11Key k = P11SecretKeyFactory.convertKey(token, skey, null, attrs);
+ k.makeNativeKeyPersistent();
} catch (InvalidKeyException ike) {
// re-throw KeyStoreException to match javadoc
throw new KeyStoreException("Cannot convert to PKCS11 keys", ike);
}
@@ -1892,14 +1904,16 @@
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[2];
if ((id || netscapeDb) == false) {
return attrs;
}
String alg = privateKey.getAlgorithm();
- if (id && alg.equals("RSA") && (publicKey instanceof RSAPublicKey)) {
- // CKA_NETSCAPE_DB not needed for RSA public keys
+ if (alg.equals("RSA") && (publicKey instanceof RSAPublicKey)) {
+ if (id) {
BigInteger n = ((RSAPublicKey)publicKey).getModulus();
attrs[0] = new CK_ATTRIBUTE(CKA_ID, sha1(getMagnitude(n)));
+ }
+ // CKA_NETSCAPE_DB not needed for RSA public keys
} else if (alg.equals("DSA") && (publicKey instanceof DSAPublicKey)) {
BigInteger y = ((DSAPublicKey)publicKey).getY();
if (id) {
attrs[0] = new CK_ATTRIBUTE(CKA_ID, sha1(getMagnitude(y)));
}
< prev index next >