1 /*
2 * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
756 Throwable cause = e.getCause();
757 if (cause instanceof PKCS11Exception) {
758 PKCS11Exception pe = (PKCS11Exception) cause;
759 if (pe.getErrorCode() == CKR_PIN_INCORRECT) {
760 // if password is wrong, the cause of the IOException
761 // should be an UnrecoverableKeyException
762 throw new IOException("load failed",
763 new UnrecoverableKeyException().initCause(e));
764 }
765 }
766 throw new IOException("load failed", e);
767 }
768
769 try {
770 if (mapLabels() == true) {
771 // CKA_LABELs are shared by multiple certs
772 writeDisabled = true;
773 }
774 if (debug != null) {
775 dumpTokenMap();
776 }
777 } catch (KeyStoreException | PKCS11Exception e) {
778 throw new IOException("load failed", e);
779 }
780 }
781
782 /**
783 * Loads the keystore using the given
784 * <code>KeyStore.LoadStoreParameter</code>.
785 *
786 * <p> The <code>LoadStoreParameter.getProtectionParameter()</code>
787 * method is expected to return a <code>KeyStore.PasswordProtection</code>
788 * object. The password is retrieved from that object and used
789 * to unlock the PKCS#11 token.
790 *
791 * <p> If the token supports a CKF_PROTECTED_AUTHENTICATION_PATH
792 * then the provided password must be <code>null</code>.
793 *
794 * @param param the <code>KeyStore.LoadStoreParameter</code>
795 *
|
1 /*
2 * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
756 Throwable cause = e.getCause();
757 if (cause instanceof PKCS11Exception) {
758 PKCS11Exception pe = (PKCS11Exception) cause;
759 if (pe.getErrorCode() == CKR_PIN_INCORRECT) {
760 // if password is wrong, the cause of the IOException
761 // should be an UnrecoverableKeyException
762 throw new IOException("load failed",
763 new UnrecoverableKeyException().initCause(e));
764 }
765 }
766 throw new IOException("load failed", e);
767 }
768
769 try {
770 if (mapLabels() == true) {
771 // CKA_LABELs are shared by multiple certs
772 writeDisabled = true;
773 }
774 if (debug != null) {
775 dumpTokenMap();
776 debug.println("P11KeyStore load. Entry count: " +
777 aliasMap.size());
778 }
779 } catch (KeyStoreException | PKCS11Exception e) {
780 throw new IOException("load failed", e);
781 }
782 }
783
784 /**
785 * Loads the keystore using the given
786 * <code>KeyStore.LoadStoreParameter</code>.
787 *
788 * <p> The <code>LoadStoreParameter.getProtectionParameter()</code>
789 * method is expected to return a <code>KeyStore.PasswordProtection</code>
790 * object. The password is retrieved from that object and used
791 * to unlock the PKCS#11 token.
792 *
793 * <p> If the token supports a CKF_PROTECTED_AUTHENTICATION_PATH
794 * then the provided password must be <code>null</code>.
795 *
796 * @param param the <code>KeyStore.LoadStoreParameter</code>
797 *
|