com.unbound.client.pkcs11.PKCS11SecretKey Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
package com.unbound.client.pkcs11;
import com.dyadicsec.cryptoki.*;
import com.unbound.client.*;
import com.unbound.provider.KeyParameters;
import java.security.ProviderException;
import java.util.ArrayList;
import static com.dyadicsec.cryptoki.CK.*;
public final class PKCS11SecretKey extends PKCS11Object implements SecretKeyObject
{
PKCS11SecretKey(ObjectType objectType, PKCS11Session session, int handle)
{
super(objectType, handle);
read(session);
}
static ArrayList getNewTemplate(String name, ObjectType type, KeyParameters kp)
{
if (name==null && kp!=null) name = kp.getName();
ArrayList t = new ArrayList();
try
{
t.add(new CK_ATTRIBUTE(CKA_TOKEN, kp==null || kp.isToken()));
t.add(new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY));
t.add(new CK_ATTRIBUTE(CKA_KEY_TYPE, type.getPkcs11KeyType()));
if (name!=null) t.add(new CK_ATTRIBUTE(CKA_ID, strToId(name)));
if (kp!=null)
{
if (kp.isSetSign()) t.add(new CK_ATTRIBUTE(CKA_SIGN, kp.isAllowSign()));
if (kp.isSetVerify()) t.add(new CK_ATTRIBUTE(CKA_VERIFY, kp.isAllowVerify()));
if (kp.isSetEncrypt()) t.add(new CK_ATTRIBUTE(CKA_ENCRYPT, kp.isAllowEncrypt()));
if (kp.isSetDecrypt()) t.add(new CK_ATTRIBUTE(CKA_DECRYPT, kp.isAllowDecrypt()));
if (kp.isSetWrap()) t.add(new CK_ATTRIBUTE(CKA_WRAP, kp.isAllowWrap()));
if (kp.isSetUnwrap()) t.add(new CK_ATTRIBUTE(CKA_UNWRAP, kp.isAllowUnwrap()));
if (kp.isSetDerive()) t.add(new CK_ATTRIBUTE(CKA_DERIVE, kp.isAllowDerive()));
if (kp.isSetTrusted()) t.add(new CK_ATTRIBUTE(CKA_TRUSTED, kp.isTrusted()));
makeExportLevel(t, kp);
}
}
catch (CKR_Exception e)
{
throw new ProviderException(e);
}
return t;
}
static PKCS11SecretKey generate(PKCS11Session session, String name, ObjectType type, int bitSize, KeyParameters kp)
{
try
{
ArrayList t = getNewTemplate(name, type, kp);
if (type!= ObjectType.DES3) t.add(new CK_ATTRIBUTE(CKA_VALUE_LEN, bitSize/8));
int handle = Library.C_GenerateKey(session.getHandle(), new CK_MECHANISM(type.getPkcs11GenMech()), getAttrs(t));
return new PKCS11SecretKey(type, session, handle);
}
catch (CKR_Exception e) { throw new ProviderException(e); }
}
static PKCS11SecretKey importKey(PKCS11Session session, String name, ObjectType type, byte[] keyValue, KeyParameters kp)
{
try
{
ArrayList t = getNewTemplate(name, type, kp);
t.add(new CK_ATTRIBUTE(CKA_VALUE, keyValue));
int handle = Library.C_CreateObject(session.getHandle(), getAttrs(t));
return new PKCS11SecretKey(type, session, handle);
}
catch (CKR_Exception e) { throw new ProviderException(e); }
}
public byte[] getValue(PKCS11Session session)
{
try
{
CK_ATTRIBUTE[] t = new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CK.CKA_VALUE) };
Library.C_GetAttributeValue(session.getHandle(), handle, t);
return (byte[])t[0].pValue;
}
catch (CKR_Exception e) { throw new ProviderException(e); }
}
}