< prev index next >

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java

Print this page

        

@@ -1289,11 +1289,12 @@
                 token.p11.C_GetAttributeValue(session.id(), oHandle, attrs);
                 keyLength = (int)attrs[0].getLong();
             }
         }
 
-        return P11Key.secretKey(session, oHandle, keyType, keyLength, null);
+        return P11Key.secretKey(session, oHandle, keyType, keyLength, null,
+                false);
     }
 
     private PrivateKey loadPkey(Session session, long oHandle)
         throws PKCS11Exception, KeyStoreException {
 

@@ -1324,11 +1325,12 @@
 
             return P11Key.privateKey(session,
                                 oHandle,
                                 keyType,
                                 keyLength,
-                                null);
+                                null,
+                                false);
 
         } else if (kType == CKK_DSA) {
 
             keyType = "DSA";
 

@@ -1339,11 +1341,12 @@
 
             return P11Key.privateKey(session,
                                 oHandle,
                                 keyType,
                                 keyLength,
-                                null);
+                                null,
+                                false);
 
         } else if (kType == CKK_DH) {
 
             keyType = "DH";
 

@@ -1354,11 +1357,12 @@
 
             return P11Key.privateKey(session,
                                 oHandle,
                                 keyType,
                                 keyLength,
-                                null);
+                                null,
+                                false);
 
         } else if (kType == CKK_EC) {
 
             attrs = new CK_ATTRIBUTE[] {
                 new CK_ATTRIBUTE(CKA_EC_PARAMS),

@@ -1372,11 +1376,12 @@
             } catch (IOException e) {
                 // we do not want to accept key with unsupported parameters
                 throw new KeyStoreException("Unsupported parameters", e);
             }
 
-            return P11Key.privateKey(session, oHandle, "EC", keyLength, null);
+            return P11Key.privateKey(session, oHandle, "EC", keyLength, null,
+                    false);
 
         } else {
             if (debug != null) {
                 debug.println("unknown key type [" + kType + "]");
             }

@@ -1498,10 +1503,11 @@
 
                 // token key - set new CKA_ID
 
                 CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
                                 new CK_ATTRIBUTE(CKA_ID, alias) };
+                key.makeNativeKeyPersistent();
                 token.p11.C_SetAttributeValue
                                 (session.id(), key.keyID, attrs);
                 if (debug != null) {
                     debug.println("updateP11Pkey set new alias [" +
                                 alias +

@@ -1516,11 +1522,16 @@
                     new CK_ATTRIBUTE(CKA_ID, alias),
                 };
                 if (attribute != null) {
                     attrs = addAttribute(attrs, attribute);
                 }
+                key.incNativeKeyRef();
+                try {
                 token.p11.C_CopyObject(session.id(), key.keyID, attrs);
+                } finally {
+                    key.decNativeKeyRef();
+                }
                 if (debug != null) {
                     debug.println("updateP11Pkey copied private session key " +
                                 "for [" +
                                 alias +
                                 "] to token entry");

@@ -1624,11 +1635,12 @@
             ATTR_SKEY_TOKEN_TRUE,
             ATTR_PRIVATE_TRUE,
             new CK_ATTRIBUTE(CKA_LABEL, alias),
         };
         try {
-            P11SecretKeyFactory.convertKey(token, skey, null, attrs);
+            P11Key k = P11SecretKeyFactory.convertKey(token, skey, null, attrs);
+            k.makeNativeKeyPersistent();
         } catch (InvalidKeyException ike) {
             // re-throw KeyStoreException to match javadoc
             throw new KeyStoreException("Cannot convert to PKCS11 keys", ike);
         }
 

@@ -1892,14 +1904,16 @@
         CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[2];
         if ((id || netscapeDb) == false) {
             return attrs;
         }
         String alg = privateKey.getAlgorithm();
-        if (id && alg.equals("RSA") && (publicKey instanceof RSAPublicKey)) {
-            // CKA_NETSCAPE_DB not needed for RSA public keys
+        if (alg.equals("RSA") && (publicKey instanceof RSAPublicKey)) {
+            if (id) {
             BigInteger n = ((RSAPublicKey)publicKey).getModulus();
             attrs[0] = new CK_ATTRIBUTE(CKA_ID, sha1(getMagnitude(n)));
+            }
+            // CKA_NETSCAPE_DB not needed for RSA public keys
         } else if (alg.equals("DSA") && (publicKey instanceof DSAPublicKey)) {
             BigInteger y = ((DSAPublicKey)publicKey).getY();
             if (id) {
                 attrs[0] = new CK_ATTRIBUTE(CKA_ID, sha1(getMagnitude(y)));
             }
< prev index next >