Beispiel #1
0
 private void parseAttributes(String keyword) throws IOException {
   if (templateManager == null) {
     templateManager = new TemplateManager();
   }
   int token = nextToken();
   if (token == '=') {
     String s = parseWord();
     if (s.equals("compatibility") == false) {
       throw excLine("Expected 'compatibility', read " + s);
     }
     setCompatibilityAttributes();
     return;
   }
   if (token != '(') {
     throw excToken("Expected '(' or '=', read");
   }
   String op = parseOperation();
   parseComma();
   long objectClass = parseObjectClass();
   parseComma();
   long keyAlg = parseKeyAlgorithm();
   token = nextToken();
   if (token != ')') {
     throw excToken("Expected ')', read");
   }
   parseEquals();
   parseOpenBraces();
   List<CK_ATTRIBUTE> attributes = new ArrayList<CK_ATTRIBUTE>();
   while (true) {
     token = nextToken();
     if (isCloseBraces(token)) {
       break;
     }
     if (token == TT_EOL) {
       continue;
     }
     if (token != TT_WORD) {
       throw excToken("Expected mechanism, read");
     }
     String attributeName = st.sval;
     long attributeId = decodeAttributeName(attributeName);
     parseEquals();
     String attributeValue = parseWord();
     attributes.add(decodeAttributeValue(attributeId, attributeValue));
   }
   templateManager.addTemplate(op, objectClass, keyAlg, attributes.toArray(CK_A0));
 }
Beispiel #2
0
  private void setCompatibilityAttributes() {
    // all secret keys
    templateManager.addTemplate(
        O_ANY,
        CKO_SECRET_KEY,
        PCKK_ANY,
        new CK_ATTRIBUTE[] {
          TOKEN_FALSE,
          SENSITIVE_FALSE,
          EXTRACTABLE_TRUE,
          ENCRYPT_TRUE,
          DECRYPT_TRUE,
          WRAP_TRUE,
          UNWRAP_TRUE,
        });

    // generic secret keys are special
    // They are used as MAC keys plus for the SSL/TLS (pre)master secrets
    templateManager.addTemplate(
        O_ANY,
        CKO_SECRET_KEY,
        CKK_GENERIC_SECRET,
        new CK_ATTRIBUTE[] {
          SIGN_TRUE, VERIFY_TRUE, ENCRYPT_NULL, DECRYPT_NULL, WRAP_NULL, UNWRAP_NULL, DERIVE_TRUE,
        });

    // all private and public keys
    templateManager.addTemplate(
        O_ANY,
        CKO_PRIVATE_KEY,
        PCKK_ANY,
        new CK_ATTRIBUTE[] {
          TOKEN_FALSE, SENSITIVE_FALSE, EXTRACTABLE_TRUE,
        });
    templateManager.addTemplate(
        O_ANY,
        CKO_PUBLIC_KEY,
        PCKK_ANY,
        new CK_ATTRIBUTE[] {
          TOKEN_FALSE,
        });

    // additional attributes for RSA private keys
    templateManager.addTemplate(
        O_ANY,
        CKO_PRIVATE_KEY,
        CKK_RSA,
        new CK_ATTRIBUTE[] {
          DECRYPT_TRUE, SIGN_TRUE, SIGN_RECOVER_TRUE, UNWRAP_TRUE,
        });
    // additional attributes for RSA public keys
    templateManager.addTemplate(
        O_ANY,
        CKO_PUBLIC_KEY,
        CKK_RSA,
        new CK_ATTRIBUTE[] {
          ENCRYPT_TRUE, VERIFY_TRUE, VERIFY_RECOVER_TRUE, WRAP_TRUE,
        });

    // additional attributes for DSA private keys
    templateManager.addTemplate(
        O_ANY,
        CKO_PRIVATE_KEY,
        CKK_DSA,
        new CK_ATTRIBUTE[] {
          SIGN_TRUE,
        });
    // additional attributes for DSA public keys
    templateManager.addTemplate(
        O_ANY,
        CKO_PUBLIC_KEY,
        CKK_DSA,
        new CK_ATTRIBUTE[] {
          VERIFY_TRUE,
        });

    // additional attributes for DH private keys
    templateManager.addTemplate(
        O_ANY,
        CKO_PRIVATE_KEY,
        CKK_DH,
        new CK_ATTRIBUTE[] {
          DERIVE_TRUE,
        });

    // additional attributes for EC private keys
    templateManager.addTemplate(
        O_ANY,
        CKO_PRIVATE_KEY,
        CKK_EC,
        new CK_ATTRIBUTE[] {
          SIGN_TRUE, DERIVE_TRUE,
        });
    // additional attributes for EC public keys
    templateManager.addTemplate(
        O_ANY,
        CKO_PUBLIC_KEY,
        CKK_EC,
        new CK_ATTRIBUTE[] {
          VERIFY_TRUE,
        });
  }