- Timestamp:
- 09/02/11 13:40:07 (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.3/security/ExpressoCert/src/br/gov/serpro/cert/Token.java
r4198 r5024 9 9 import java.io.ByteArrayInputStream; 10 10 import java.io.File; 11 import java.io.IOException; 11 12 import java.security.Provider; 12 13 import java.security.ProviderException; 13 14 import java.security.Security; 15 import java.security.cert.CertificateFactory; 16 import java.util.logging.Level; 17 import java.util.logging.Logger; 18 import java.security.cert.X509Certificate; 19 import java.util.HashMap; 20 import java.util.Map; 21 import sun.security.pkcs11.wrapper.CK_ATTRIBUTE; 22 import sun.security.pkcs11.wrapper.CK_C_INITIALIZE_ARGS; 23 import sun.security.pkcs11.wrapper.Functions; 24 import sun.security.pkcs11.wrapper.PKCS11; 25 import sun.security.pkcs11.wrapper.PKCS11Exception; 26 import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 14 27 15 28 //TODO: Deal with wildcards for environments variables. … … 26 39 private Provider tokenProvider; 27 40 private boolean registered = false; 41 private long slot; 42 43 static long CK_OBJECT_CLASS; 44 static long CK_OBJECT_HANDLE; 28 45 29 46 private Token(final Setup setup) { … … 57 74 } 58 75 59 protected void registerToken(long slot){ 60 76 protected void registerToken(long slot) throws IOException{ 77 78 this.slot = slot; 61 79 String tokenConfiguration = new String("name = " + name + "_" + slot + "\n" + 62 80 "library = " + libraryPath + "\nslot = " + slot + 63 "\ndisabledMechanisms = {\n" + "CKM_SHA1_RSA_PKCS\n}"); 81 "\ndisabledMechanisms = {\n" + "CKM_SHA1_RSA_PKCS\n}" + 82 "\n"); 64 83 65 84 try{ … … 71 90 System.out.println("Adding provider: "+pkcs11Provider.getName()); 72 91 System.out.println("Provider info: " + pkcs11Provider.getInfo()); 73 System.out.println("Provider services:");74 for (Provider.Service service : pkcs11Provider.getServices()){75 System.out.println("\t"+service.toString());76 }77 92 } 78 93 Security.addProvider(pkcs11Provider); … … 91 106 protected void unregisterToken(){ 92 107 Security.removeProvider(this.tokenProvider.getName()); 108 this.registered = false; 109 } 110 111 Map<String, String> getAliases() throws IOException{ 112 113 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 114 System.out.println("Getting Aliases"); 115 } 116 117 Map<String, String> aliases = new HashMap<String, String>(); 118 119 CK_C_INITIALIZE_ARGS initArgs = new CK_C_INITIALIZE_ARGS(); 120 String functionList = "C_GetFunctionList"; 121 122 initArgs.flags = CKF_OS_LOCKING_OK; 123 124 PKCS11 tmpPKCS11 = null; 125 try { 126 try { 127 tmpPKCS11 = PKCS11.getInstance(libraryPath, functionList, initArgs, false); 128 } catch (IOException ex) { 129 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 130 Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, ex); 131 } 132 throw ex; 133 } 134 } catch (PKCS11Exception e) { 135 try { 136 initArgs = null; 137 tmpPKCS11 = PKCS11.getInstance(libraryPath, functionList, initArgs, true); 138 } catch (IOException ex) { 139 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 140 Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, ex); 141 } 142 } catch (PKCS11Exception ex) { 143 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 144 Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, ex); 145 } 146 } 147 } 148 149 try { 150 // cria sessão pública rw. com flag CKF_SERIAL_SESSION 151 long session = tmpPKCS11.C_OpenSession(this.slot, CKF_SERIAL_SESSION, null, null); 152 153 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 154 System.out.println("session number: "+session); 155 } 156 157 // TODO: Verifica se está logado, senão loga usuário. Pede pin? ou recebe pin? 158 159 CK_ATTRIBUTE[] TEMPLATE_CERTIFICATE = {new CK_ATTRIBUTE(CKA_CLASS, CKO_CERTIFICATE)}; 160 CK_ATTRIBUTE[] TEMPLATE_PKEY = {new CK_ATTRIBUTE(CKA_CLASS, CKO_PRIVATE_KEY)}; 161 CK_ATTRIBUTE[] TEMPLATE_KEY_LABEL_ID = {new CK_ATTRIBUTE(CKA_LABEL), new CK_ATTRIBUTE(CKA_ID)}; 162 CK_ATTRIBUTE[] TEMPLATE_CERT_LABEL_ID = { 163 new CK_ATTRIBUTE(CKA_LABEL), 164 new CK_ATTRIBUTE(CKA_ID), 165 new CK_ATTRIBUTE(CKA_VALUE) 166 }; 167 168 tmpPKCS11.C_FindObjectsInit(session, TEMPLATE_CERTIFICATE); 169 long[] certs = tmpPKCS11.C_FindObjects(session, 20); 170 171 tmpPKCS11.C_FindObjectsFinal(session); 172 173 tmpPKCS11.C_FindObjectsInit(session, TEMPLATE_PKEY); 174 long[] keys = tmpPKCS11.C_FindObjects(session, 20); 175 176 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 177 System.out.println("Private Keys: "+keys.length); 178 } 179 180 for (long key : keys){ 181 tmpPKCS11.C_GetAttributeValue(session, key, TEMPLATE_KEY_LABEL_ID); 182 183 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 184 System.out.print("Private key ID: "); 185 for (byte b : (byte [])TEMPLATE_KEY_LABEL_ID[1].pValue){ 186 System.out.print(b); 187 } 188 System.out.println(); 189 if (TEMPLATE_KEY_LABEL_ID[0].pValue != null) 190 { 191 System.out.println("Private key LABEL: "+new String((char [])TEMPLATE_KEY_LABEL_ID[0].pValue)); 192 } 193 System.out.println("\nCerts:"); 194 } 195 196 for (long cert : certs){ 197 tmpPKCS11.C_GetAttributeValue(session, cert, TEMPLATE_CERT_LABEL_ID); 198 199 if (Functions.equals((byte [])TEMPLATE_KEY_LABEL_ID[1].pValue, 200 (byte [])TEMPLATE_CERT_LABEL_ID[1].pValue)){ 201 if (TEMPLATE_CERT_LABEL_ID[0].pValue != null) 202 { 203 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 204 System.out.println("Certificate LABEL: "+new String((char [])TEMPLATE_CERT_LABEL_ID[0].pValue)); 205 } 206 ByteArrayInputStream in = new ByteArrayInputStream((byte [])TEMPLATE_CERT_LABEL_ID[2].pValue); 207 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 208 X509Certificate certObj = (X509Certificate)cf.generateCertificate(in); 209 if (certObj.getBasicConstraints() == -1 ){ 210 aliases.put(new String((char [])TEMPLATE_CERT_LABEL_ID[0].pValue), 211 certObj.getSubjectX500Principal().getName()); 212 } 213 } 214 } 215 216 } 217 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 218 System.out.println(); 219 } 220 } 221 222 tmpPKCS11.C_CloseSession(session); 223 224 } catch (PKCS11Exception ex) { 225 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 226 Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, ex); 227 } 228 } catch (Throwable t) { 229 if (setup.getParameter("debug").equalsIgnoreCase("true")) { 230 Logger.getLogger(TokenCollection.class.getName()).log(Level.SEVERE, null, t); 231 } 232 } 233 234 return aliases; 235 93 236 } 94 237
Note: See TracChangeset
for help on using the changeset viewer.