public X509IssuerInfo(
final List<String> caIssuerURLs,
final List<String> ocspURLs,
final List<String> crlURLs,
final List<String> deltaCrlURLs,
final byte[] certBytes)
throws CertificateException {
ParamChecker.assertNotNull("certBytes", certBytes);
if (CollectionUtil.isEmpty(caIssuerURLs)) {
this.caIssuerURLs = null;
} else {
Set<String> set = new HashSet<>();
set.addAll(caIssuerURLs);
this.caIssuerURLs = Collections.unmodifiableSet(set);
}
if (CollectionUtil.isEmpty(ocspURLs)) {
this.ocspURLs = null;
} else {
Set<String> set = new HashSet<>();
set.addAll(ocspURLs);
this.ocspURLs = Collections.unmodifiableSet(set);
}
if (CollectionUtil.isEmpty(crlURLs)) {
this.crlURLs = null;
} else {
Set<String> set = new HashSet<>();
set.addAll(crlURLs);
this.crlURLs = Collections.unmodifiableSet(set);
}
if (CollectionUtil.isEmpty(deltaCrlURLs)) {
this.deltaCrlURLs = null;
} else {
Set<String> set = new HashSet<>();
set.addAll(deltaCrlURLs);
this.deltaCrlURLs = Collections.unmodifiableSet(set);
}
try {
this.cert = X509Util.parseCert(certBytes);
} catch (IOException e) {
throw new CertificateException(e.getMessage(), e);
}
this.bcCert = Certificate.getInstance(certBytes);
this.ski = X509Util.extractSKI(cert);
}
private static Set<P11SlotIdentifier> getSlots(final SlotsType type)
throws ConfigurationException {
if (type == null || CollectionUtil.isEmpty(type.getSlot())) {
return null;
}
Set<P11SlotIdentifier> slots = new HashSet<>();
for (SlotType slotType : type.getSlot()) {
Long slotId = null;
if (slotType.getId() != null) {
String str = slotType.getId().trim();
try {
if (StringUtil.startsWithIgnoreCase(str, "0X")) {
slotId = Long.parseLong(str.substring(2), 16);
} else {
slotId = Long.parseLong(str);
}
} catch (NumberFormatException e) {
String message = "invalid slotId '" + str + "'";
LOG.error(message);
throw new ConfigurationException(message);
}
}
slots.add(new P11SlotIdentifier(slotType.getIndex(), slotId));
}
return slots;
}
@Override
protected Set<String> getEnums() {
Set<String> names = securityFactory.getPkcs11ModuleNames();
if (CollectionUtil.isEmpty(names)) {
return Collections.emptySet();
}
Set<String> ret = new HashSet<>(names);
if (!ret.contains(SecurityFactory.DEFAULT_P11MODULE_NAME)) {
ret.add(SecurityFactory.DEFAULT_P11MODULE_NAME);
}
return ret;
}
protected static String toString(final Collection<? extends Object> tokens) {
if (CollectionUtil.isEmpty(tokens)) {
return null;
}
StringBuilder sb = new StringBuilder();
int size = tokens.size();
int idx = 0;
for (Object token : tokens) {
sb.append(token);
if (idx++ < size - 1) {
sb.append(", ");
}
}
return sb.toString();
}
public void setPermissions(final Set<Permission> permissions) {
this.permissions = CollectionUtil.unmodifiableSet(permissions);
}
private void initPkcs11ModuleConf() {
if (p11Control != null) {
return;
}
if (StringUtil.isBlank(pkcs11ConfFile)) {
throw new IllegalStateException("pkcs11ConfFile is not set");
}
try {
JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
SchemaFactory schemaFact =
SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema schema = schemaFact.newSchema(getClass().getResource("/xsd/pkcs11-conf.xsd"));
unmarshaller.setSchema(schema);
@SuppressWarnings("unchecked")
JAXBElement<PKCS11ConfType> rootElement =
(JAXBElement<PKCS11ConfType>) unmarshaller.unmarshal(new File(pkcs11ConfFile));
PKCS11ConfType pkcs11Conf = rootElement.getValue();
ModulesType modulesType = pkcs11Conf.getModules();
Map<String, P11ModuleConf> confs = new HashMap<>();
for (ModuleType moduleType : modulesType.getModule()) {
String name = moduleType.getName();
if (DEFAULT_P11MODULE_NAME.equals(name)) {
throw new ConfigurationException(
"invald module name " + DEFAULT_P11MODULE_NAME + ", it is reserved");
}
if (confs.containsKey(name)) {
throw new ConfigurationException(
"multiple modules with the same module name is not permitted");
}
P11PasswordRetriever pwdRetriever;
PasswordsType passwordsType = moduleType.getPasswords();
if (passwordsType == null || CollectionUtil.isEmpty(passwordsType.getPassword())) {
pwdRetriever = P11NullPasswordRetriever.INSTANCE;
} else {
pwdRetriever = new P11PasswordRetrieverImpl();
((P11PasswordRetrieverImpl) pwdRetriever).setPasswordResolver(passwordResolver);
for (PasswordType passwordType : passwordsType.getPassword()) {
Set<P11SlotIdentifier> slots = getSlots(passwordType.getSlots());
((P11PasswordRetrieverImpl) pwdRetriever)
.addPasswordEntry(slots, new ArrayList<>(passwordType.getSinglePassword()));
}
}
Set<P11SlotIdentifier> includeSlots = getSlots(moduleType.getIncludeSlots());
Set<P11SlotIdentifier> excludeSlots = getSlots(moduleType.getExcludeSlots());
final String osName = System.getProperty("os.name").toLowerCase();
String nativeLibraryPath = null;
for (NativeLibraryType library : moduleType.getNativeLibraries().getNativeLibrary()) {
List<String> osNames = library.getOs();
if (CollectionUtil.isEmpty(osNames)) {
nativeLibraryPath = library.getPath();
} else {
for (String entry : osNames) {
if (osName.contains(entry.toLowerCase())) {
nativeLibraryPath = library.getPath();
break;
}
}
}
if (nativeLibraryPath != null) {
break;
}
}
if (nativeLibraryPath == null) {
throw new ConfigurationException("could not find PKCS#11 library for OS " + osName);
}
P11ModuleConf conf =
new P11ModuleConf(name, nativeLibraryPath, pwdRetriever, includeSlots, excludeSlots);
confs.put(name, conf);
}
final String defaultModuleName = modulesType.getDefaultModule();
if (confs.containsKey(defaultModuleName) == false) {
throw new ConfigurationException("default module " + defaultModuleName + " is not defined");
}
this.p11Control = new P11Control(defaultModuleName, new HashSet<>(confs.values()));
} catch (JAXBException | SAXException | ConfigurationException e) {
final String message = "invalid configuration file " + pkcs11ConfFile;
if (LOG.isErrorEnabled()) {
final String exceptionMessage;
if (e instanceof JAXBException) {
exceptionMessage = XMLUtil.getMessage((JAXBException) e);
} else {
exceptionMessage = e.getMessage();
}
LOG.error(
LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), exceptionMessage);
}
LOG.debug(message, e);
throw new RuntimeException(message);
}
}
