Back to index...

	/*
	* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.security.pkcs11;

	import java.util.*;
	import java.util.concurrent.*;

	import sun.security.pkcs11.wrapper.*;
	import static sun.security.pkcs11.wrapper.PKCS11Constants.*;

	/**
	* TemplateManager class.
	*
	* Not all PKCS#11 tokens are created equal. One token may require that one
	* value is specified when creating a certain type of object. Another token
	* may require a different value. Yet another token may only work if the
	* attribute is not specified at all.
	*
	* In order to allow an application to work unmodified with all those
	* different tokens, the SunPKCS11 provider makes the attributes that are
	* specified and their value configurable. Hence, only the SunPKCS11
	* configuration file has to be tweaked at deployment time to allow all
	* existing applications to be used.
	*
	* The template manager is responsible for reading the attribute configuration
	* information and to make it available to the various internal components
	* of the SunPKCS11 provider.
	*
	* @author Andreas Sterbenz
	* @since 1.5
	*/
	final class TemplateManager {

	private final static boolean DEBUG = false;

	// constant for any operation (either O_IMPORT or O_GENERATE)
	final static String O_ANY = "*";
	// constant for operation create ("importing" existing key material)
	final static String O_IMPORT = "import";
	// constant for operation generate (generating new key material)
	final static String O_GENERATE = "generate";

	private static class KeyAndTemplate {
	final TemplateKey key;
	final Template template;

	KeyAndTemplate(TemplateKey key, Template template) {
	this.key = key;
	this.template = template;
	}
	}

	// primitive templates contains the individual template configuration
	// entries from the configuration file
	private final List<KeyAndTemplate> primitiveTemplates;

	// composite templates is a cache of the exact configuration template for
	// each specific TemplateKey (no wildcards). the entries are created
	// on demand during first use by compositing all applicable
	// primitive template entries. the result is then stored in this map
	// for performance
	private final Map<TemplateKey,Template> compositeTemplates;

	TemplateManager() {
	primitiveTemplates = new ArrayList<KeyAndTemplate>();
	compositeTemplates = new ConcurrentHashMap<TemplateKey,Template>();
	}

	// add a template. Called by Config.
	void addTemplate(String op, long objectClass, long keyAlgorithm,
	CK_ATTRIBUTE[] attrs) {
	TemplateKey key = new TemplateKey(op, objectClass, keyAlgorithm);
	Template template = new Template(attrs);
	if (DEBUG) {
	System.out.println("Adding " + key + " -> " + template);
	}
	primitiveTemplates.add(new KeyAndTemplate(key, template));
	}

	private Template getTemplate(TemplateKey key) {
	Template template = compositeTemplates.get(key);
	if (template == null) {
	template = buildCompositeTemplate(key);
	compositeTemplates.put(key, template);
	}
	return template;
	}

	// Get the attributes for the requested op and combine them with attrs.
	// This is the method called by the implementation to obtain the
	// attributes.
	CK_ATTRIBUTE[] getAttributes(String op, long type, long alg,
	CK_ATTRIBUTE[] attrs) {
	TemplateKey key = new TemplateKey(op, type, alg);
	Template template = getTemplate(key);
	CK_ATTRIBUTE[] newAttrs = template.getAttributes(attrs);
	if (DEBUG) {
	System.out.println(key + " -> " + Arrays.asList(newAttrs));
	}
	return newAttrs;
	}

	// build a composite template for the given key
	private Template buildCompositeTemplate(TemplateKey key) {
	Template comp = new Template();
	// iterate through primitive templates and add all that apply
	for (KeyAndTemplate entry : primitiveTemplates) {
	if (entry.key.appliesTo(key)) {
	comp.add(entry.template);
	}
	}
	return comp;
	}

	/**
	* Nested class representing a template identifier.
	*/
	private static final class TemplateKey {
	final String operation;
	final long keyType;
	final long keyAlgorithm;
	TemplateKey(String operation, long keyType, long keyAlgorithm) {
	this.operation = operation;
	this.keyType = keyType;
	this.keyAlgorithm = keyAlgorithm;
	}
	public boolean equals(Object obj) {
	if (this == obj) {
	return true;
	}
	if (obj instanceof TemplateKey == false) {
	return false;
	}
	TemplateKey other = (TemplateKey)obj;
	boolean match = this.operation.equals(other.operation)
	&& (this.keyType == other.keyType)
	&& (this.keyAlgorithm == other.keyAlgorithm);
	return match;
	}
	public int hashCode() {
	return operation.hashCode() + (int)keyType + (int)keyAlgorithm;
	}
	boolean appliesTo(TemplateKey key) {
	if (operation.equals(O_ANY) \|\| operation.equals(key.operation)) {
	if ((keyType == PCKO_ANY) \|\| (keyType == key.keyType)) {
	if ((keyAlgorithm == PCKK_ANY)
	\|\| (keyAlgorithm == key.keyAlgorithm)) {
	return true;
	}
	}
	}
	return false;
	}
	public String toString() {
	return "(" + operation + ","
	+ Functions.getObjectClassName(keyType)
	+ "," + Functions.getKeyName(keyAlgorithm) + ")";
	}
	}

	/**
	* Nested class representing template attributes.
	*/
	private static final class Template {

	private final static CK_ATTRIBUTE[] A0 = new CK_ATTRIBUTE[0];

	private CK_ATTRIBUTE[] attributes;

	Template() {
	attributes = A0;
	}

	Template(CK_ATTRIBUTE[] attributes) {
	this.attributes = attributes;
	}

	void add(Template template) {
	attributes = getAttributes(template.attributes);
	}

	CK_ATTRIBUTE[] getAttributes(CK_ATTRIBUTE[] attrs) {
	return combine(attributes, attrs);
	}

	/**
	* Combine two sets of attributes. The second set has precedence
	* over the first and overrides its settings.
	*/
	private static CK_ATTRIBUTE[] combine(CK_ATTRIBUTE[] attrs1,
	CK_ATTRIBUTE[] attrs2) {
	List<CK_ATTRIBUTE> attrs = new ArrayList<CK_ATTRIBUTE>();
	for (CK_ATTRIBUTE attr : attrs1) {
	if (attr.pValue != null) {
	attrs.add(attr);
	}
	}
	for (CK_ATTRIBUTE attr2 : attrs2) {
	long type = attr2.type;
	for (CK_ATTRIBUTE attr1 : attrs1) {
	if (attr1.type == type) {
	attrs.remove(attr1);
	}
	}
	if (attr2.pValue != null) {
	attrs.add(attr2);
	}
	}
	return attrs.toArray(A0);
	}

	public String toString() {
	return Arrays.asList(attributes).toString();
	}

	}

	}

Back to index...