1/* 2 * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26package sun.security.pkcs11; 27 28import java.util.*; 29import java.util.concurrent.*; 30 31import sun.security.pkcs11.wrapper.*; 32import static sun.security.pkcs11.wrapper.PKCS11Constants.*; 33 34/** 35 * TemplateManager class. 36 * 37 * Not all PKCS#11 tokens are created equal. One token may require that one 38 * value is specified when creating a certain type of object. Another token 39 * may require a different value. Yet another token may only work if the 40 * attribute is not specified at all. 41 * 42 * In order to allow an application to work unmodified with all those 43 * different tokens, the SunPKCS11 provider makes the attributes that are 44 * specified and their value configurable. Hence, only the SunPKCS11 45 * configuration file has to be tweaked at deployment time to allow all 46 * existing applications to be used. 47 * 48 * The template manager is responsible for reading the attribute configuration 49 * information and to make it available to the various internal components 50 * of the SunPKCS11 provider. 51 * 52 * @author Andreas Sterbenz 53 * @since 1.5 54 */ 55final class TemplateManager { 56 57 private final static boolean DEBUG = false; 58 59 // constant for any operation (either O_IMPORT or O_GENERATE) 60 final static String O_ANY = "*"; 61 // constant for operation create ("importing" existing key material) 62 final static String O_IMPORT = "import"; 63 // constant for operation generate (generating new key material) 64 final static String O_GENERATE = "generate"; 65 66 private static class KeyAndTemplate { 67 final TemplateKey key; 68 final Template template; 69 70 KeyAndTemplate(TemplateKey key, Template template) { 71 this.key = key; 72 this.template = template; 73 } 74 } 75 76 // primitive templates contains the individual template configuration 77 // entries from the configuration file 78 private final List<KeyAndTemplate> primitiveTemplates; 79 80 // composite templates is a cache of the exact configuration template for 81 // each specific TemplateKey (no wildcards). the entries are created 82 // on demand during first use by compositing all applicable 83 // primitive template entries. the result is then stored in this map 84 // for performance 85 private final Map<TemplateKey,Template> compositeTemplates; 86 87 TemplateManager() { 88 primitiveTemplates = new ArrayList<KeyAndTemplate>(); 89 compositeTemplates = new ConcurrentHashMap<TemplateKey,Template>(); 90 } 91 92 // add a template. Called by Config. 93 void addTemplate(String op, long objectClass, long keyAlgorithm, 94 CK_ATTRIBUTE[] attrs) { 95 TemplateKey key = new TemplateKey(op, objectClass, keyAlgorithm); 96 Template template = new Template(attrs); 97 if (DEBUG) { 98 System.out.println("Adding " + key + " -> " + template); 99 } 100 primitiveTemplates.add(new KeyAndTemplate(key, template)); 101 } 102 103 private Template getTemplate(TemplateKey key) { 104 Template template = compositeTemplates.get(key); 105 if (template == null) { 106 template = buildCompositeTemplate(key); 107 compositeTemplates.put(key, template); 108 } 109 return template; 110 } 111 112 // Get the attributes for the requested op and combine them with attrs. 113 // This is the method called by the implementation to obtain the 114 // attributes. 115 CK_ATTRIBUTE[] getAttributes(String op, long type, long alg, 116 CK_ATTRIBUTE[] attrs) { 117 TemplateKey key = new TemplateKey(op, type, alg); 118 Template template = getTemplate(key); 119 CK_ATTRIBUTE[] newAttrs = template.getAttributes(attrs); 120 if (DEBUG) { 121 System.out.println(key + " -> " + Arrays.asList(newAttrs)); 122 } 123 return newAttrs; 124 } 125 126 // build a composite template for the given key 127 private Template buildCompositeTemplate(TemplateKey key) { 128 Template comp = new Template(); 129 // iterate through primitive templates and add all that apply 130 for (KeyAndTemplate entry : primitiveTemplates) { 131 if (entry.key.appliesTo(key)) { 132 comp.add(entry.template); 133 } 134 } 135 return comp; 136 } 137 138 /** 139 * Nested class representing a template identifier. 140 */ 141 private static final class TemplateKey { 142 final String operation; 143 final long keyType; 144 final long keyAlgorithm; 145 TemplateKey(String operation, long keyType, long keyAlgorithm) { 146 this.operation = operation; 147 this.keyType = keyType; 148 this.keyAlgorithm = keyAlgorithm; 149 } 150 public boolean equals(Object obj) { 151 if (this == obj) { 152 return true; 153 } 154 if (obj instanceof TemplateKey == false) { 155 return false; 156 } 157 TemplateKey other = (TemplateKey)obj; 158 boolean match = this.operation.equals(other.operation) 159 && (this.keyType == other.keyType) 160 && (this.keyAlgorithm == other.keyAlgorithm); 161 return match; 162 } 163 public int hashCode() { 164 return operation.hashCode() + (int)keyType + (int)keyAlgorithm; 165 } 166 boolean appliesTo(TemplateKey key) { 167 if (operation.equals(O_ANY) || operation.equals(key.operation)) { 168 if ((keyType == PCKO_ANY) || (keyType == key.keyType)) { 169 if ((keyAlgorithm == PCKK_ANY) 170 || (keyAlgorithm == key.keyAlgorithm)) { 171 return true; 172 } 173 } 174 } 175 return false; 176 } 177 public String toString() { 178 return "(" + operation + "," 179 + Functions.getObjectClassName(keyType) 180 + "," + Functions.getKeyName(keyAlgorithm) + ")"; 181 } 182 } 183 184 /** 185 * Nested class representing template attributes. 186 */ 187 private static final class Template { 188 189 private final static CK_ATTRIBUTE[] A0 = new CK_ATTRIBUTE[0]; 190 191 private CK_ATTRIBUTE[] attributes; 192 193 Template() { 194 attributes = A0; 195 } 196 197 Template(CK_ATTRIBUTE[] attributes) { 198 this.attributes = attributes; 199 } 200 201 void add(Template template) { 202 attributes = getAttributes(template.attributes); 203 } 204 205 CK_ATTRIBUTE[] getAttributes(CK_ATTRIBUTE[] attrs) { 206 return combine(attributes, attrs); 207 } 208 209 /** 210 * Combine two sets of attributes. The second set has precedence 211 * over the first and overrides its settings. 212 */ 213 private static CK_ATTRIBUTE[] combine(CK_ATTRIBUTE[] attrs1, 214 CK_ATTRIBUTE[] attrs2) { 215 List<CK_ATTRIBUTE> attrs = new ArrayList<CK_ATTRIBUTE>(); 216 for (CK_ATTRIBUTE attr : attrs1) { 217 if (attr.pValue != null) { 218 attrs.add(attr); 219 } 220 } 221 for (CK_ATTRIBUTE attr2 : attrs2) { 222 long type = attr2.type; 223 for (CK_ATTRIBUTE attr1 : attrs1) { 224 if (attr1.type == type) { 225 attrs.remove(attr1); 226 } 227 } 228 if (attr2.pValue != null) { 229 attrs.add(attr2); 230 } 231 } 232 return attrs.toArray(A0); 233 } 234 235 public String toString() { 236 return Arrays.asList(attributes).toString(); 237 } 238 239 } 240 241} 242