[1174] | 1 | /* |
---|
| 2 | * To change this template, choose Tools | Templates |
---|
| 3 | * and open the template in the editor. |
---|
| 4 | */ |
---|
| 5 | |
---|
| 6 | package br.gov.serpro.cert; |
---|
| 7 | |
---|
| 8 | import br.gov.serpro.setup.Setup; |
---|
| 9 | import java.io.ByteArrayInputStream; |
---|
| 10 | import java.io.File; |
---|
[5024] | 11 | import java.io.IOException; |
---|
[1174] | 12 | import java.security.Provider; |
---|
| 13 | import java.security.ProviderException; |
---|
| 14 | import java.security.Security; |
---|
[5024] | 15 | import java.security.cert.CertificateFactory; |
---|
| 16 | import java.util.logging.Level; |
---|
| 17 | import java.util.logging.Logger; |
---|
| 18 | import java.security.cert.X509Certificate; |
---|
| 19 | import java.util.HashMap; |
---|
| 20 | import java.util.Map; |
---|
| 21 | import sun.security.pkcs11.wrapper.CK_ATTRIBUTE; |
---|
| 22 | import sun.security.pkcs11.wrapper.CK_C_INITIALIZE_ARGS; |
---|
| 23 | import sun.security.pkcs11.wrapper.Functions; |
---|
| 24 | import sun.security.pkcs11.wrapper.PKCS11; |
---|
| 25 | import sun.security.pkcs11.wrapper.PKCS11Exception; |
---|
| 26 | import static sun.security.pkcs11.wrapper.PKCS11Constants.*; |
---|
[1174] | 27 | |
---|
| 28 | //TODO: Deal with wildcards for environments variables. |
---|
| 29 | |
---|
| 30 | /** |
---|
| 31 | * |
---|
| 32 | * @author esa |
---|
| 33 | */ |
---|
| 34 | class Token{ |
---|
| 35 | |
---|
| 36 | private final Setup setup; |
---|
| 37 | private String name; |
---|
| 38 | private String libraryPath; |
---|
| 39 | private Provider tokenProvider; |
---|
| 40 | private boolean registered = false; |
---|
[5024] | 41 | private long slot; |
---|
[1174] | 42 | |
---|
[5024] | 43 | static long CK_OBJECT_CLASS; |
---|
| 44 | static long CK_OBJECT_HANDLE; |
---|
| 45 | |
---|
[1174] | 46 | private Token(final Setup setup) { |
---|
| 47 | this.setup = setup; |
---|
| 48 | } |
---|
| 49 | |
---|
| 50 | Token(String name, String libraryPath, final Setup setup){ |
---|
| 51 | this(setup); |
---|
| 52 | this.setName(name); |
---|
| 53 | this.setLibraryPath(libraryPath); |
---|
| 54 | } |
---|
| 55 | |
---|
| 56 | public boolean isRegistered() { |
---|
| 57 | return this.registered; |
---|
| 58 | } |
---|
| 59 | |
---|
| 60 | public void setLibraryPath(String libraryPath) { |
---|
| 61 | this.libraryPath = libraryPath; |
---|
| 62 | } |
---|
| 63 | |
---|
| 64 | public void setName(String name) { |
---|
| 65 | this.name = name; |
---|
| 66 | } |
---|
| 67 | |
---|
| 68 | public String getName() { |
---|
| 69 | return this.name; |
---|
| 70 | } |
---|
| 71 | |
---|
[4198] | 72 | public String getProviderName(){ |
---|
| 73 | return this.tokenProvider.getName(); |
---|
| 74 | } |
---|
[1174] | 75 | |
---|
[5024] | 76 | protected void registerToken(long slot) throws IOException{ |
---|
[4198] | 77 | |
---|
[5024] | 78 | this.slot = slot; |
---|
[4198] | 79 | String tokenConfiguration = new String("name = " + name + "_" + slot + "\n" + |
---|
| 80 | "library = " + libraryPath + "\nslot = " + slot + |
---|
[5024] | 81 | "\ndisabledMechanisms = {\n" + "CKM_SHA1_RSA_PKCS\n}" + |
---|
| 82 | "\n"); |
---|
[4198] | 83 | |
---|
[1174] | 84 | try{ |
---|
| 85 | this.registered = false; |
---|
| 86 | if (libraryExists()){ |
---|
| 87 | Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(new ByteArrayInputStream(tokenConfiguration.getBytes())); |
---|
| 88 | this.tokenProvider = pkcs11Provider; |
---|
[4198] | 89 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 90 | System.out.println("Adding provider: "+pkcs11Provider.getName()); |
---|
| 91 | System.out.println("Provider info: " + pkcs11Provider.getInfo()); |
---|
| 92 | } |
---|
[1174] | 93 | Security.addProvider(pkcs11Provider); |
---|
[4198] | 94 | this.setName(this.tokenProvider.getName()); |
---|
[1174] | 95 | this.registered = true; |
---|
| 96 | } |
---|
| 97 | } |
---|
| 98 | catch (ProviderException e){ |
---|
| 99 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 100 | e.printStackTrace(); |
---|
| 101 | System.out.println("Não foi possível inicializar o seguinte token: " + tokenConfiguration); |
---|
| 102 | } |
---|
| 103 | } |
---|
| 104 | } |
---|
| 105 | |
---|
| 106 | protected void unregisterToken(){ |
---|
| 107 | Security.removeProvider(this.tokenProvider.getName()); |
---|
[5024] | 108 | this.registered = false; |
---|
[1174] | 109 | } |
---|
| 110 | |
---|
[5024] | 111 | Map<String, String> getAliases() throws IOException{ |
---|
| 112 | |
---|
| 113 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 114 | System.out.println("Getting Aliases"); |
---|
| 115 | } |
---|
| 116 | |
---|
| 117 | Map<String, String> aliases = new HashMap<String, String>(); |
---|
| 118 | |
---|
| 119 | CK_C_INITIALIZE_ARGS initArgs = new CK_C_INITIALIZE_ARGS(); |
---|
| 120 | String functionList = "C_GetFunctionList"; |
---|
| 121 | |
---|
| 122 | initArgs.flags = CKF_OS_LOCKING_OK; |
---|
| 123 | |
---|
| 124 | PKCS11 tmpPKCS11 = null; |
---|
| 125 | try { |
---|
| 126 | try { |
---|
| 127 | tmpPKCS11 = PKCS11.getInstance(libraryPath, functionList, initArgs, false); |
---|
| 128 | } catch (IOException ex) { |
---|
| 129 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 130 | Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, ex); |
---|
| 131 | } |
---|
| 132 | throw ex; |
---|
| 133 | } |
---|
| 134 | } catch (PKCS11Exception e) { |
---|
| 135 | try { |
---|
| 136 | initArgs = null; |
---|
| 137 | tmpPKCS11 = PKCS11.getInstance(libraryPath, functionList, initArgs, true); |
---|
| 138 | } catch (IOException ex) { |
---|
| 139 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 140 | Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, ex); |
---|
| 141 | } |
---|
| 142 | } catch (PKCS11Exception ex) { |
---|
| 143 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 144 | Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, ex); |
---|
| 145 | } |
---|
| 146 | } |
---|
| 147 | } |
---|
| 148 | |
---|
| 149 | try { |
---|
| 150 | // cria sessão pública rw. com flag CKF_SERIAL_SESSION |
---|
| 151 | long session = tmpPKCS11.C_OpenSession(this.slot, CKF_SERIAL_SESSION, null, null); |
---|
| 152 | |
---|
| 153 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 154 | System.out.println("session number: "+session); |
---|
| 155 | } |
---|
| 156 | |
---|
| 157 | // TODO: Verifica se está logado, senão loga usuário. Pede pin? ou recebe pin? |
---|
| 158 | |
---|
| 159 | CK_ATTRIBUTE[] TEMPLATE_CERTIFICATE = {new CK_ATTRIBUTE(CKA_CLASS, CKO_CERTIFICATE)}; |
---|
| 160 | CK_ATTRIBUTE[] TEMPLATE_PKEY = {new CK_ATTRIBUTE(CKA_CLASS, CKO_PRIVATE_KEY)}; |
---|
| 161 | CK_ATTRIBUTE[] TEMPLATE_KEY_LABEL_ID = {new CK_ATTRIBUTE(CKA_LABEL), new CK_ATTRIBUTE(CKA_ID)}; |
---|
| 162 | CK_ATTRIBUTE[] TEMPLATE_CERT_LABEL_ID = { |
---|
| 163 | new CK_ATTRIBUTE(CKA_LABEL), |
---|
| 164 | new CK_ATTRIBUTE(CKA_ID), |
---|
| 165 | new CK_ATTRIBUTE(CKA_VALUE) |
---|
| 166 | }; |
---|
| 167 | |
---|
| 168 | tmpPKCS11.C_FindObjectsInit(session, TEMPLATE_CERTIFICATE); |
---|
| 169 | long[] certs = tmpPKCS11.C_FindObjects(session, 20); |
---|
| 170 | |
---|
| 171 | tmpPKCS11.C_FindObjectsFinal(session); |
---|
| 172 | |
---|
| 173 | tmpPKCS11.C_FindObjectsInit(session, TEMPLATE_PKEY); |
---|
| 174 | long[] keys = tmpPKCS11.C_FindObjects(session, 20); |
---|
| 175 | |
---|
| 176 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 177 | System.out.println("Private Keys: "+keys.length); |
---|
| 178 | } |
---|
| 179 | |
---|
| 180 | for (long key : keys){ |
---|
| 181 | tmpPKCS11.C_GetAttributeValue(session, key, TEMPLATE_KEY_LABEL_ID); |
---|
| 182 | |
---|
| 183 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 184 | System.out.print("Private key ID: "); |
---|
| 185 | for (byte b : (byte [])TEMPLATE_KEY_LABEL_ID[1].pValue){ |
---|
| 186 | System.out.print(b); |
---|
| 187 | } |
---|
| 188 | System.out.println(); |
---|
| 189 | if (TEMPLATE_KEY_LABEL_ID[0].pValue != null) |
---|
| 190 | { |
---|
| 191 | System.out.println("Private key LABEL: "+new String((char [])TEMPLATE_KEY_LABEL_ID[0].pValue)); |
---|
| 192 | } |
---|
| 193 | System.out.println("\nCerts:"); |
---|
| 194 | } |
---|
| 195 | |
---|
| 196 | for (long cert : certs){ |
---|
| 197 | tmpPKCS11.C_GetAttributeValue(session, cert, TEMPLATE_CERT_LABEL_ID); |
---|
| 198 | |
---|
| 199 | if (Functions.equals((byte [])TEMPLATE_KEY_LABEL_ID[1].pValue, |
---|
| 200 | (byte [])TEMPLATE_CERT_LABEL_ID[1].pValue)){ |
---|
| 201 | if (TEMPLATE_CERT_LABEL_ID[0].pValue != null) |
---|
| 202 | { |
---|
| 203 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 204 | System.out.println("Certificate LABEL: "+new String((char [])TEMPLATE_CERT_LABEL_ID[0].pValue)); |
---|
| 205 | } |
---|
| 206 | ByteArrayInputStream in = new ByteArrayInputStream((byte [])TEMPLATE_CERT_LABEL_ID[2].pValue); |
---|
| 207 | CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
---|
| 208 | X509Certificate certObj = (X509Certificate)cf.generateCertificate(in); |
---|
| 209 | if (certObj.getBasicConstraints() == -1 ){ |
---|
| 210 | aliases.put(new String((char [])TEMPLATE_CERT_LABEL_ID[0].pValue), |
---|
| 211 | certObj.getSubjectX500Principal().getName()); |
---|
| 212 | } |
---|
| 213 | } |
---|
| 214 | } |
---|
| 215 | |
---|
| 216 | } |
---|
| 217 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 218 | System.out.println(); |
---|
| 219 | } |
---|
| 220 | } |
---|
| 221 | |
---|
| 222 | tmpPKCS11.C_CloseSession(session); |
---|
| 223 | |
---|
| 224 | } catch (PKCS11Exception ex) { |
---|
| 225 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 226 | Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, ex); |
---|
| 227 | } |
---|
| 228 | } catch (Throwable t) { |
---|
| 229 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 230 | Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, t); |
---|
| 231 | } |
---|
| 232 | } |
---|
| 233 | |
---|
| 234 | return aliases; |
---|
| 235 | |
---|
| 236 | } |
---|
| 237 | |
---|
[1174] | 238 | public boolean libraryExists(){ |
---|
| 239 | |
---|
| 240 | File libraryFile = new File(libraryPath); |
---|
| 241 | if (libraryFile.exists()){ |
---|
| 242 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 243 | System.out.println("Arquivo " + libraryPath + " existe."); |
---|
| 244 | } |
---|
| 245 | return true; |
---|
| 246 | } |
---|
| 247 | |
---|
| 248 | if (setup.getParameter("debug").equalsIgnoreCase("true")) { |
---|
| 249 | System.out.println("Biblioteca do Token/SmartCard " + name + " não foi encontrada: " + libraryPath); |
---|
| 250 | } |
---|
| 251 | |
---|
| 252 | return false; |
---|
| 253 | } |
---|
| 254 | |
---|
| 255 | } |
---|