src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/SunPKCS11.java

Print this page
7191662: JCE providers should be located via ServiceLoader


  46 import sun.security.util.Debug;
  47 import sun.security.util.ResourcesMgr;
  48 
  49 import sun.security.pkcs11.Secmod.*;
  50 
  51 import sun.security.pkcs11.wrapper.*;
  52 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
  53 
  54 /**
  55  * PKCS#11 provider main class.
  56  *
  57  * @author  Andreas Sterbenz
  58  * @since   1.5
  59  */
  60 public final class SunPKCS11 extends AuthProvider {
  61 
  62     private static final long serialVersionUID = -1354835039035306505L;
  63 
  64     static final Debug debug = Debug.getInstance("sunpkcs11");
  65 
  66     private static int dummyConfigId;
  67 
  68     // the PKCS11 object through which we make the native calls
  69     final PKCS11 p11;
  70 
  71     // name of the configuration file
  72     private final String configName;
  73 
  74     // configuration information
  75     final Config config;
  76 
  77     // id of the PKCS#11 slot we are using
  78     final long slotID;
  79 
  80     private CallbackHandler pHandler;
  81     private final Object LOCK_HANDLER = new Object();
  82 
  83     final boolean removable;
  84 
  85     final Module nssModule;
  86 
  87     final boolean nssUseSecmodTrust;
  88 
  89     private volatile Token token;
  90 
  91     private TokenPoller poller;
  92 
  93     Token getToken() {
  94         return token;
  95     }
  96 
  97     public SunPKCS11() {
  98         super("SunPKCS11-Dummy", 1.9d, "SunPKCS11-Dummy");
  99         throw new ProviderException
 100             ("SunPKCS11 requires configuration file argument");







 101     }
 102 
 103     public SunPKCS11(String configName) {
 104         this(checkNull(configName), null);


 105     }
 106 
 107     public SunPKCS11(InputStream configStream) {
 108         this(getDummyConfigName(), checkNull(configStream));



 109     }







 110 
 111     private static <T> T checkNull(T obj) {
 112         if (obj == null) {
 113             throw new NullPointerException();
 114         }
 115         return obj;
 116     }
 117 
 118     private static synchronized String getDummyConfigName() {
 119         int id = ++dummyConfigId;
 120         return "---DummyConfig-" + id + "---";
 121     }
 122 
 123     /**
 124      * @deprecated use new SunPKCS11(String) or new SunPKCS11(InputStream)
 125      *         instead
 126      */
 127     @Deprecated
 128     public SunPKCS11(String configName, InputStream configStream) {
 129         super("SunPKCS11-" +
 130             Config.getConfig(configName, configStream).getName(),
 131             1.9d, Config.getConfig(configName, configStream).getDescription());
 132         this.configName = configName;
 133         this.config = Config.removeConfig(configName);
 134 
 135         if (debug != null) {
 136             System.out.println("SunPKCS11 loading " + configName);
 137         }
 138 
 139         String library = config.getLibrary();
 140         String functionList = config.getFunctionList();
 141         long slotID = config.getSlotID();
 142         int slotListIndex = config.getSlotListIndex();
 143 
 144         boolean useSecmod = config.getNssUseSecmod();
 145         boolean nssUseSecmodTrust = config.getNssUseSecmodTrust();
 146         Module nssModule = null;
 147 
 148         //
 149         // Initialization via Secmod. The way this works is as follows:
 150         // SunPKCS11 is either in normal mode or in NSS Secmod mode.
 151         // Secmod is activated by specifying one or more of the following
 152         // options in the config file:
 153         // nssUseSecmod, nssSecmodDirectory, nssLibrary, nssModule
 154         //
 155         // XXX add more explanation here
 156         //


 794                 if (enabled == false) {
 795                     break;
 796                 }
 797                 try {
 798                     provider.initToken(null);
 799                 } catch (PKCS11Exception e) {
 800                     // ignore
 801                 }
 802             }
 803         }
 804         void disable() {
 805             enabled = false;
 806         }
 807     }
 808 
 809     // create the poller thread, if not already active
 810     private void createPoller() {
 811         if (poller != null) {
 812             return;
 813         }
 814         TokenPoller poller = new TokenPoller(this);



 815         Thread t = new ManagedLocalsThread(poller, "Poller " + getName());
 816         t.setDaemon(true);
 817         t.setPriority(Thread.MIN_PRIORITY);
 818         t.start();



 819         this.poller = poller;
 820     }
 821 
 822     // destroy the poller thread, if active
 823     private void destroyPoller() {
 824         if (poller != null) {
 825             poller.disable();
 826             poller = null;
 827         }
 828     }
 829 
 830     private boolean hasValidToken() {
 831         /* Commented out to work with Solaris softtoken impl which
 832            returns 0-value flags, e.g. both REMOVABLE_DEVICE and
 833            TOKEN_PRESENT are false, when it can't access the token.
 834         if (removable == false) {
 835             return true;
 836         }
 837         */
 838         Token token = this.token;


1439         return null;
1440     }
1441 
1442     private Object writeReplace() throws ObjectStreamException {
1443         return new SunPKCS11Rep(this);
1444     }
1445 
1446     /**
1447      * Serialized representation of the SunPKCS11 provider.
1448      */
1449     private static class SunPKCS11Rep implements Serializable {
1450 
1451         static final long serialVersionUID = -2896606995897745419L;
1452 
1453         private final String providerName;
1454 
1455         private final String configName;
1456 
1457         SunPKCS11Rep(SunPKCS11 provider) throws NotSerializableException {
1458             providerName = provider.getName();
1459             configName = provider.configName;
1460             if (Security.getProvider(providerName) != provider) {
1461                 throw new NotSerializableException("Only SunPKCS11 providers "
1462                     + "installed in java.security.Security can be serialized");
1463             }
1464         }
1465 
1466         private Object readResolve() throws ObjectStreamException {
1467             SunPKCS11 p = (SunPKCS11)Security.getProvider(providerName);
1468             if ((p == null) || (p.configName.equals(configName) == false)) {
1469                 throw new NotSerializableException("Could not find "
1470                         + providerName + " in installed providers");
1471             }
1472             return p;
1473         }
1474     }
1475 }


  46 import sun.security.util.Debug;
  47 import sun.security.util.ResourcesMgr;
  48 
  49 import sun.security.pkcs11.Secmod.*;
  50 
  51 import sun.security.pkcs11.wrapper.*;
  52 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
  53 
  54 /**
  55  * PKCS#11 provider main class.
  56  *
  57  * @author  Andreas Sterbenz
  58  * @since   1.5
  59  */
  60 public final class SunPKCS11 extends AuthProvider {
  61 
  62     private static final long serialVersionUID = -1354835039035306505L;
  63 
  64     static final Debug debug = Debug.getInstance("sunpkcs11");
  65 


  66     // the PKCS11 object through which we make the native calls
  67     final PKCS11 p11;
  68 



  69     // configuration information
  70     final Config config;
  71 
  72     // id of the PKCS#11 slot we are using
  73     final long slotID;
  74 
  75     private CallbackHandler pHandler;
  76     private final Object LOCK_HANDLER = new Object();
  77 
  78     final boolean removable;
  79 
  80     final Module nssModule;
  81 
  82     final boolean nssUseSecmodTrust;
  83 
  84     private volatile Token token;
  85 
  86     private TokenPoller poller;
  87 
  88     Token getToken() {
  89         return token;
  90     }
  91 
  92     public SunPKCS11() {
  93         super("SunPKCS11", 1.9d, "Unconfigured and unusable PKCS11 provider");
  94         p11 = null;
  95         config = null;
  96         slotID = 0;
  97         pHandler = null;
  98         removable = false;
  99         nssModule = null;
 100         nssUseSecmodTrust = false;
 101         token = null;
 102         poller = null;
 103     }
 104 
 105     @Override
 106     public Provider configure(String configArg) throws InvalidParameterException {
 107         if (configArg == null) {
 108             throw new InvalidParameterException("SunPKCS11 requires a configuration file");
 109         }
 110         try {
 111             return AccessController.doPrivileged(new PrivilegedExceptionAction<Provider>() {
 112                 @Override
 113                 public Provider run() throws Exception {
 114                     String newConfigName = configArg;
 115                     return new SunPKCS11(new Config(checkNull(newConfigName)));
 116                 }
 117             });
 118         } catch (PrivilegedActionException pae) {
 119             InvalidParameterException ipe =
 120                 new InvalidParameterException("Error configuring SunPKCS11 provider");
 121             throw (InvalidParameterException) ipe.initCause(pae.getException());
 122         }
 123     }
 124 
 125     private static <T> T checkNull(T obj) {
 126         if (obj == null) {
 127             throw new NullPointerException();
 128         }
 129         return obj;
 130     }
 131 
 132     // Used by Secmod
 133     SunPKCS11(Config c) {
 134         super("SunPKCS11-" + c.getName(), 1.9d, c.getDescription());
 135         this.config = c;
 136 












 137         if (debug != null) {
 138             System.out.println("SunPKCS11 loading " + config.getFileName());
 139         }
 140 
 141         String library = config.getLibrary();
 142         String functionList = config.getFunctionList();
 143         long slotID = config.getSlotID();
 144         int slotListIndex = config.getSlotListIndex();
 145 
 146         boolean useSecmod = config.getNssUseSecmod();
 147         boolean nssUseSecmodTrust = config.getNssUseSecmodTrust();
 148         Module nssModule = null;
 149 
 150         //
 151         // Initialization via Secmod. The way this works is as follows:
 152         // SunPKCS11 is either in normal mode or in NSS Secmod mode.
 153         // Secmod is activated by specifying one or more of the following
 154         // options in the config file:
 155         // nssUseSecmod, nssSecmodDirectory, nssLibrary, nssModule
 156         //
 157         // XXX add more explanation here
 158         //


 796                 if (enabled == false) {
 797                     break;
 798                 }
 799                 try {
 800                     provider.initToken(null);
 801                 } catch (PKCS11Exception e) {
 802                     // ignore
 803                 }
 804             }
 805         }
 806         void disable() {
 807             enabled = false;
 808         }
 809     }
 810 
 811     // create the poller thread, if not already active
 812     private void createPoller() {
 813         if (poller != null) {
 814             return;
 815         }
 816         final TokenPoller poller = new TokenPoller(this);
 817         AccessController.doPrivileged(new PrivilegedAction<Void>() {
 818             @Override
 819             public Void run() {
 820                 Thread t = new ManagedLocalsThread(poller, "Poller " + getName());
 821                 t.setDaemon(true);
 822                 t.setPriority(Thread.MIN_PRIORITY);
 823                 t.start();
 824                 return null;
 825             }
 826         });
 827         this.poller = poller;
 828     }
 829 
 830     // destroy the poller thread, if active
 831     private void destroyPoller() {
 832         if (poller != null) {
 833             poller.disable();
 834             poller = null;
 835         }
 836     }
 837 
 838     private boolean hasValidToken() {
 839         /* Commented out to work with Solaris softtoken impl which
 840            returns 0-value flags, e.g. both REMOVABLE_DEVICE and
 841            TOKEN_PRESENT are false, when it can't access the token.
 842         if (removable == false) {
 843             return true;
 844         }
 845         */
 846         Token token = this.token;


1447         return null;
1448     }
1449 
1450     private Object writeReplace() throws ObjectStreamException {
1451         return new SunPKCS11Rep(this);
1452     }
1453 
1454     /**
1455      * Serialized representation of the SunPKCS11 provider.
1456      */
1457     private static class SunPKCS11Rep implements Serializable {
1458 
1459         static final long serialVersionUID = -2896606995897745419L;
1460 
1461         private final String providerName;
1462 
1463         private final String configName;
1464 
1465         SunPKCS11Rep(SunPKCS11 provider) throws NotSerializableException {
1466             providerName = provider.getName();
1467             configName = provider.config.getFileName();
1468             if (Security.getProvider(providerName) != provider) {
1469                 throw new NotSerializableException("Only SunPKCS11 providers "
1470                     + "installed in java.security.Security can be serialized");
1471             }
1472         }
1473 
1474         private Object readResolve() throws ObjectStreamException {
1475             SunPKCS11 p = (SunPKCS11)Security.getProvider(providerName);
1476             if ((p == null) || (p.config.getFileName().equals(configName) == false)) {
1477                 throw new NotSerializableException("Could not find "
1478                         + providerName + " in installed providers");
1479             }
1480             return p;
1481         }
1482     }
1483 }