Exemple #1
0
  public X509IssuerInfo(
      final List<String> caIssuerURLs,
      final List<String> ocspURLs,
      final List<String> crlURLs,
      final List<String> deltaCrlURLs,
      final byte[] certBytes)
      throws CertificateException {
    ParamChecker.assertNotNull("certBytes", certBytes);

    if (CollectionUtil.isEmpty(caIssuerURLs)) {
      this.caIssuerURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(caIssuerURLs);
      this.caIssuerURLs = Collections.unmodifiableSet(set);
    }

    if (CollectionUtil.isEmpty(ocspURLs)) {
      this.ocspURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(ocspURLs);
      this.ocspURLs = Collections.unmodifiableSet(set);
    }

    if (CollectionUtil.isEmpty(crlURLs)) {
      this.crlURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(crlURLs);
      this.crlURLs = Collections.unmodifiableSet(set);
    }

    if (CollectionUtil.isEmpty(deltaCrlURLs)) {
      this.deltaCrlURLs = null;
    } else {
      Set<String> set = new HashSet<>();
      set.addAll(deltaCrlURLs);
      this.deltaCrlURLs = Collections.unmodifiableSet(set);
    }

    try {
      this.cert = X509Util.parseCert(certBytes);
    } catch (IOException e) {
      throw new CertificateException(e.getMessage(), e);
    }
    this.bcCert = Certificate.getInstance(certBytes);
    this.ski = X509Util.extractSKI(cert);
  }
  private static Set<P11SlotIdentifier> getSlots(final SlotsType type)
      throws ConfigurationException {
    if (type == null || CollectionUtil.isEmpty(type.getSlot())) {
      return null;
    }

    Set<P11SlotIdentifier> slots = new HashSet<>();
    for (SlotType slotType : type.getSlot()) {
      Long slotId = null;
      if (slotType.getId() != null) {
        String str = slotType.getId().trim();
        try {
          if (StringUtil.startsWithIgnoreCase(str, "0X")) {
            slotId = Long.parseLong(str.substring(2), 16);
          } else {
            slotId = Long.parseLong(str);
          }
        } catch (NumberFormatException e) {
          String message = "invalid slotId '" + str + "'";
          LOG.error(message);
          throw new ConfigurationException(message);
        }
      }
      slots.add(new P11SlotIdentifier(slotType.getIndex(), slotId));
    }

    return slots;
  }
 @Override
 protected Set<String> getEnums() {
   Set<String> names = securityFactory.getPkcs11ModuleNames();
   if (CollectionUtil.isEmpty(names)) {
     return Collections.emptySet();
   }
   Set<String> ret = new HashSet<>(names);
   if (!ret.contains(SecurityFactory.DEFAULT_P11MODULE_NAME)) {
     ret.add(SecurityFactory.DEFAULT_P11MODULE_NAME);
   }
   return ret;
 }
Exemple #4
0
  protected static String toString(final Collection<? extends Object> tokens) {
    if (CollectionUtil.isEmpty(tokens)) {
      return null;
    }

    StringBuilder sb = new StringBuilder();

    int size = tokens.size();
    int idx = 0;
    for (Object token : tokens) {
      sb.append(token);
      if (idx++ < size - 1) {
        sb.append(", ");
      }
    }
    return sb.toString();
  }
Exemple #5
0
 public void setPermissions(final Set<Permission> permissions) {
   this.permissions = CollectionUtil.unmodifiableSet(permissions);
 }
  private void initPkcs11ModuleConf() {
    if (p11Control != null) {
      return;
    }

    if (StringUtil.isBlank(pkcs11ConfFile)) {
      throw new IllegalStateException("pkcs11ConfFile is not set");
    }

    try {
      JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
      Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
      SchemaFactory schemaFact =
          SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
      Schema schema = schemaFact.newSchema(getClass().getResource("/xsd/pkcs11-conf.xsd"));
      unmarshaller.setSchema(schema);
      @SuppressWarnings("unchecked")
      JAXBElement<PKCS11ConfType> rootElement =
          (JAXBElement<PKCS11ConfType>) unmarshaller.unmarshal(new File(pkcs11ConfFile));
      PKCS11ConfType pkcs11Conf = rootElement.getValue();
      ModulesType modulesType = pkcs11Conf.getModules();

      Map<String, P11ModuleConf> confs = new HashMap<>();
      for (ModuleType moduleType : modulesType.getModule()) {
        String name = moduleType.getName();
        if (DEFAULT_P11MODULE_NAME.equals(name)) {
          throw new ConfigurationException(
              "invald module name " + DEFAULT_P11MODULE_NAME + ", it is reserved");
        }

        if (confs.containsKey(name)) {
          throw new ConfigurationException(
              "multiple modules with the same module name is not permitted");
        }

        P11PasswordRetriever pwdRetriever;

        PasswordsType passwordsType = moduleType.getPasswords();
        if (passwordsType == null || CollectionUtil.isEmpty(passwordsType.getPassword())) {
          pwdRetriever = P11NullPasswordRetriever.INSTANCE;
        } else {
          pwdRetriever = new P11PasswordRetrieverImpl();
          ((P11PasswordRetrieverImpl) pwdRetriever).setPasswordResolver(passwordResolver);

          for (PasswordType passwordType : passwordsType.getPassword()) {
            Set<P11SlotIdentifier> slots = getSlots(passwordType.getSlots());
            ((P11PasswordRetrieverImpl) pwdRetriever)
                .addPasswordEntry(slots, new ArrayList<>(passwordType.getSinglePassword()));
          }
        }

        Set<P11SlotIdentifier> includeSlots = getSlots(moduleType.getIncludeSlots());
        Set<P11SlotIdentifier> excludeSlots = getSlots(moduleType.getExcludeSlots());

        final String osName = System.getProperty("os.name").toLowerCase();
        String nativeLibraryPath = null;
        for (NativeLibraryType library : moduleType.getNativeLibraries().getNativeLibrary()) {
          List<String> osNames = library.getOs();
          if (CollectionUtil.isEmpty(osNames)) {
            nativeLibraryPath = library.getPath();
          } else {
            for (String entry : osNames) {
              if (osName.contains(entry.toLowerCase())) {
                nativeLibraryPath = library.getPath();
                break;
              }
            }
          }

          if (nativeLibraryPath != null) {
            break;
          }
        }

        if (nativeLibraryPath == null) {
          throw new ConfigurationException("could not find PKCS#11 library for OS " + osName);
        }

        P11ModuleConf conf =
            new P11ModuleConf(name, nativeLibraryPath, pwdRetriever, includeSlots, excludeSlots);
        confs.put(name, conf);
      }

      final String defaultModuleName = modulesType.getDefaultModule();
      if (confs.containsKey(defaultModuleName) == false) {
        throw new ConfigurationException("default module " + defaultModuleName + " is not defined");
      }

      this.p11Control = new P11Control(defaultModuleName, new HashSet<>(confs.values()));
    } catch (JAXBException | SAXException | ConfigurationException e) {
      final String message = "invalid configuration file " + pkcs11ConfFile;
      if (LOG.isErrorEnabled()) {
        final String exceptionMessage;
        if (e instanceof JAXBException) {
          exceptionMessage = XMLUtil.getMessage((JAXBException) e);
        } else {
          exceptionMessage = e.getMessage();
        }
        LOG.error(
            LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), exceptionMessage);
      }
      LOG.debug(message, e);

      throw new RuntimeException(message);
    }
  }