46 import sun.security.util.Debug;
47 import sun.security.util.ResourcesMgr;
48
49 import sun.security.pkcs11.Secmod.*;
50
51 import sun.security.pkcs11.wrapper.*;
52 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
53
54 /**
55 * PKCS#11 provider main class.
56 *
57 * @author Andreas Sterbenz
58 * @since 1.5
59 */
60 public final class SunPKCS11 extends AuthProvider {
61
62 private static final long serialVersionUID = -1354835039035306505L;
63
64 static final Debug debug = Debug.getInstance("sunpkcs11");
65
66 private static int dummyConfigId;
67
68 // the PKCS11 object through which we make the native calls
69 final PKCS11 p11;
70
71 // name of the configuration file
72 private final String configName;
73
74 // configuration information
75 final Config config;
76
77 // id of the PKCS#11 slot we are using
78 final long slotID;
79
80 private CallbackHandler pHandler;
81 private final Object LOCK_HANDLER = new Object();
82
83 final boolean removable;
84
85 final Module nssModule;
86
87 final boolean nssUseSecmodTrust;
88
89 private volatile Token token;
90
91 private TokenPoller poller;
92
93 Token getToken() {
94 return token;
95 }
96
97 public SunPKCS11() {
98 super("SunPKCS11-Dummy", 1.9d, "SunPKCS11-Dummy");
99 throw new ProviderException
100 ("SunPKCS11 requires configuration file argument");
101 }
102
103 public SunPKCS11(String configName) {
104 this(checkNull(configName), null);
105 }
106
107 public SunPKCS11(InputStream configStream) {
108 this(getDummyConfigName(), checkNull(configStream));
109 }
110
111 private static <T> T checkNull(T obj) {
112 if (obj == null) {
113 throw new NullPointerException();
114 }
115 return obj;
116 }
117
118 private static synchronized String getDummyConfigName() {
119 int id = ++dummyConfigId;
120 return "---DummyConfig-" + id + "---";
121 }
122
123 /**
124 * @deprecated use new SunPKCS11(String) or new SunPKCS11(InputStream)
125 * instead
126 */
127 @Deprecated
128 public SunPKCS11(String configName, InputStream configStream) {
129 super("SunPKCS11-" +
130 Config.getConfig(configName, configStream).getName(),
131 1.9d, Config.getConfig(configName, configStream).getDescription());
132 this.configName = configName;
133 this.config = Config.removeConfig(configName);
134
135 if (debug != null) {
136 System.out.println("SunPKCS11 loading " + configName);
137 }
138
139 String library = config.getLibrary();
140 String functionList = config.getFunctionList();
141 long slotID = config.getSlotID();
142 int slotListIndex = config.getSlotListIndex();
143
144 boolean useSecmod = config.getNssUseSecmod();
145 boolean nssUseSecmodTrust = config.getNssUseSecmodTrust();
146 Module nssModule = null;
147
148 //
149 // Initialization via Secmod. The way this works is as follows:
150 // SunPKCS11 is either in normal mode or in NSS Secmod mode.
151 // Secmod is activated by specifying one or more of the following
152 // options in the config file:
153 // nssUseSecmod, nssSecmodDirectory, nssLibrary, nssModule
154 //
155 // XXX add more explanation here
156 //
794 if (enabled == false) {
795 break;
796 }
797 try {
798 provider.initToken(null);
799 } catch (PKCS11Exception e) {
800 // ignore
801 }
802 }
803 }
804 void disable() {
805 enabled = false;
806 }
807 }
808
809 // create the poller thread, if not already active
810 private void createPoller() {
811 if (poller != null) {
812 return;
813 }
814 TokenPoller poller = new TokenPoller(this);
815 Thread t = new ManagedLocalsThread(poller, "Poller " + getName());
816 t.setDaemon(true);
817 t.setPriority(Thread.MIN_PRIORITY);
818 t.start();
819 this.poller = poller;
820 }
821
822 // destroy the poller thread, if active
823 private void destroyPoller() {
824 if (poller != null) {
825 poller.disable();
826 poller = null;
827 }
828 }
829
830 private boolean hasValidToken() {
831 /* Commented out to work with Solaris softtoken impl which
832 returns 0-value flags, e.g. both REMOVABLE_DEVICE and
833 TOKEN_PRESENT are false, when it can't access the token.
834 if (removable == false) {
835 return true;
836 }
837 */
838 Token token = this.token;
1439 return null;
1440 }
1441
1442 private Object writeReplace() throws ObjectStreamException {
1443 return new SunPKCS11Rep(this);
1444 }
1445
1446 /**
1447 * Serialized representation of the SunPKCS11 provider.
1448 */
1449 private static class SunPKCS11Rep implements Serializable {
1450
1451 static final long serialVersionUID = -2896606995897745419L;
1452
1453 private final String providerName;
1454
1455 private final String configName;
1456
1457 SunPKCS11Rep(SunPKCS11 provider) throws NotSerializableException {
1458 providerName = provider.getName();
1459 configName = provider.configName;
1460 if (Security.getProvider(providerName) != provider) {
1461 throw new NotSerializableException("Only SunPKCS11 providers "
1462 + "installed in java.security.Security can be serialized");
1463 }
1464 }
1465
1466 private Object readResolve() throws ObjectStreamException {
1467 SunPKCS11 p = (SunPKCS11)Security.getProvider(providerName);
1468 if ((p == null) || (p.configName.equals(configName) == false)) {
1469 throw new NotSerializableException("Could not find "
1470 + providerName + " in installed providers");
1471 }
1472 return p;
1473 }
1474 }
1475 }
|
46 import sun.security.util.Debug;
47 import sun.security.util.ResourcesMgr;
48
49 import sun.security.pkcs11.Secmod.*;
50
51 import sun.security.pkcs11.wrapper.*;
52 import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
53
54 /**
55 * PKCS#11 provider main class.
56 *
57 * @author Andreas Sterbenz
58 * @since 1.5
59 */
60 public final class SunPKCS11 extends AuthProvider {
61
62 private static final long serialVersionUID = -1354835039035306505L;
63
64 static final Debug debug = Debug.getInstance("sunpkcs11");
65
66 // the PKCS11 object through which we make the native calls
67 final PKCS11 p11;
68
69 // configuration information
70 final Config config;
71
72 // id of the PKCS#11 slot we are using
73 final long slotID;
74
75 private CallbackHandler pHandler;
76 private final Object LOCK_HANDLER = new Object();
77
78 final boolean removable;
79
80 final Module nssModule;
81
82 final boolean nssUseSecmodTrust;
83
84 private volatile Token token;
85
86 private TokenPoller poller;
87
88 Token getToken() {
89 return token;
90 }
91
92 public SunPKCS11() {
93 super("SunPKCS11", 1.9d, "Unconfigured and unusable PKCS11 provider");
94 p11 = null;
95 config = null;
96 slotID = 0;
97 pHandler = null;
98 removable = false;
99 nssModule = null;
100 nssUseSecmodTrust = false;
101 token = null;
102 poller = null;
103 }
104
105 @Override
106 public Provider configure(String configArg) throws InvalidParameterException {
107 if (configArg == null) {
108 throw new InvalidParameterException("SunPKCS11 requires a configuration file");
109 }
110 try {
111 return AccessController.doPrivileged(new PrivilegedExceptionAction<Provider>() {
112 @Override
113 public Provider run() throws Exception {
114 String newConfigName = configArg;
115 return new SunPKCS11(new Config(checkNull(newConfigName)));
116 }
117 });
118 } catch (PrivilegedActionException pae) {
119 InvalidParameterException ipe =
120 new InvalidParameterException("Error configuring SunPKCS11 provider");
121 throw (InvalidParameterException) ipe.initCause(pae.getException());
122 }
123 }
124
125 private static <T> T checkNull(T obj) {
126 if (obj == null) {
127 throw new NullPointerException();
128 }
129 return obj;
130 }
131
132 // Used by Secmod
133 SunPKCS11(Config c) {
134 super("SunPKCS11-" + c.getName(), 1.9d, c.getDescription());
135 this.config = c;
136
137 if (debug != null) {
138 System.out.println("SunPKCS11 loading " + config.getFileName());
139 }
140
141 String library = config.getLibrary();
142 String functionList = config.getFunctionList();
143 long slotID = config.getSlotID();
144 int slotListIndex = config.getSlotListIndex();
145
146 boolean useSecmod = config.getNssUseSecmod();
147 boolean nssUseSecmodTrust = config.getNssUseSecmodTrust();
148 Module nssModule = null;
149
150 //
151 // Initialization via Secmod. The way this works is as follows:
152 // SunPKCS11 is either in normal mode or in NSS Secmod mode.
153 // Secmod is activated by specifying one or more of the following
154 // options in the config file:
155 // nssUseSecmod, nssSecmodDirectory, nssLibrary, nssModule
156 //
157 // XXX add more explanation here
158 //
796 if (enabled == false) {
797 break;
798 }
799 try {
800 provider.initToken(null);
801 } catch (PKCS11Exception e) {
802 // ignore
803 }
804 }
805 }
806 void disable() {
807 enabled = false;
808 }
809 }
810
811 // create the poller thread, if not already active
812 private void createPoller() {
813 if (poller != null) {
814 return;
815 }
816 final TokenPoller poller = new TokenPoller(this);
817 AccessController.doPrivileged(new PrivilegedAction<Void>() {
818 @Override
819 public Void run() {
820 Thread t = new ManagedLocalsThread(poller, "Poller " + getName());
821 t.setDaemon(true);
822 t.setPriority(Thread.MIN_PRIORITY);
823 t.start();
824 return null;
825 }
826 });
827 this.poller = poller;
828 }
829
830 // destroy the poller thread, if active
831 private void destroyPoller() {
832 if (poller != null) {
833 poller.disable();
834 poller = null;
835 }
836 }
837
838 private boolean hasValidToken() {
839 /* Commented out to work with Solaris softtoken impl which
840 returns 0-value flags, e.g. both REMOVABLE_DEVICE and
841 TOKEN_PRESENT are false, when it can't access the token.
842 if (removable == false) {
843 return true;
844 }
845 */
846 Token token = this.token;
1447 return null;
1448 }
1449
1450 private Object writeReplace() throws ObjectStreamException {
1451 return new SunPKCS11Rep(this);
1452 }
1453
1454 /**
1455 * Serialized representation of the SunPKCS11 provider.
1456 */
1457 private static class SunPKCS11Rep implements Serializable {
1458
1459 static final long serialVersionUID = -2896606995897745419L;
1460
1461 private final String providerName;
1462
1463 private final String configName;
1464
1465 SunPKCS11Rep(SunPKCS11 provider) throws NotSerializableException {
1466 providerName = provider.getName();
1467 configName = provider.config.getFileName();
1468 if (Security.getProvider(providerName) != provider) {
1469 throw new NotSerializableException("Only SunPKCS11 providers "
1470 + "installed in java.security.Security can be serialized");
1471 }
1472 }
1473
1474 private Object readResolve() throws ObjectStreamException {
1475 SunPKCS11 p = (SunPKCS11)Security.getProvider(providerName);
1476 if ((p == null) || (p.config.getFileName().equals(configName) == false)) {
1477 throw new NotSerializableException("Could not find "
1478 + providerName + " in installed providers");
1479 }
1480 return p;
1481 }
1482 }
1483 }
|