private void parseAttributes(String keyword) throws IOException {
if (templateManager == null) {
templateManager = new TemplateManager();
}
int token = nextToken();
if (token == '=') {
String s = parseWord();
if (s.equals("compatibility") == false) {
throw excLine("Expected 'compatibility', read " + s);
}
setCompatibilityAttributes();
return;
}
if (token != '(') {
throw excToken("Expected '(' or '=', read");
}
String op = parseOperation();
parseComma();
long objectClass = parseObjectClass();
parseComma();
long keyAlg = parseKeyAlgorithm();
token = nextToken();
if (token != ')') {
throw excToken("Expected ')', read");
}
parseEquals();
parseOpenBraces();
List<CK_ATTRIBUTE> attributes = new ArrayList<CK_ATTRIBUTE>();
while (true) {
token = nextToken();
if (isCloseBraces(token)) {
break;
}
if (token == TT_EOL) {
continue;
}
if (token != TT_WORD) {
throw excToken("Expected mechanism, read");
}
String attributeName = st.sval;
long attributeId = decodeAttributeName(attributeName);
parseEquals();
String attributeValue = parseWord();
attributes.add(decodeAttributeValue(attributeId, attributeValue));
}
templateManager.addTemplate(op, objectClass, keyAlg, attributes.toArray(CK_A0));
}
private void setCompatibilityAttributes() {
// all secret keys
templateManager.addTemplate(
O_ANY,
CKO_SECRET_KEY,
PCKK_ANY,
new CK_ATTRIBUTE[] {
TOKEN_FALSE,
SENSITIVE_FALSE,
EXTRACTABLE_TRUE,
ENCRYPT_TRUE,
DECRYPT_TRUE,
WRAP_TRUE,
UNWRAP_TRUE,
});
// generic secret keys are special
// They are used as MAC keys plus for the SSL/TLS (pre)master secrets
templateManager.addTemplate(
O_ANY,
CKO_SECRET_KEY,
CKK_GENERIC_SECRET,
new CK_ATTRIBUTE[] {
SIGN_TRUE, VERIFY_TRUE, ENCRYPT_NULL, DECRYPT_NULL, WRAP_NULL, UNWRAP_NULL, DERIVE_TRUE,
});
// all private and public keys
templateManager.addTemplate(
O_ANY,
CKO_PRIVATE_KEY,
PCKK_ANY,
new CK_ATTRIBUTE[] {
TOKEN_FALSE, SENSITIVE_FALSE, EXTRACTABLE_TRUE,
});
templateManager.addTemplate(
O_ANY,
CKO_PUBLIC_KEY,
PCKK_ANY,
new CK_ATTRIBUTE[] {
TOKEN_FALSE,
});
// additional attributes for RSA private keys
templateManager.addTemplate(
O_ANY,
CKO_PRIVATE_KEY,
CKK_RSA,
new CK_ATTRIBUTE[] {
DECRYPT_TRUE, SIGN_TRUE, SIGN_RECOVER_TRUE, UNWRAP_TRUE,
});
// additional attributes for RSA public keys
templateManager.addTemplate(
O_ANY,
CKO_PUBLIC_KEY,
CKK_RSA,
new CK_ATTRIBUTE[] {
ENCRYPT_TRUE, VERIFY_TRUE, VERIFY_RECOVER_TRUE, WRAP_TRUE,
});
// additional attributes for DSA private keys
templateManager.addTemplate(
O_ANY,
CKO_PRIVATE_KEY,
CKK_DSA,
new CK_ATTRIBUTE[] {
SIGN_TRUE,
});
// additional attributes for DSA public keys
templateManager.addTemplate(
O_ANY,
CKO_PUBLIC_KEY,
CKK_DSA,
new CK_ATTRIBUTE[] {
VERIFY_TRUE,
});
// additional attributes for DH private keys
templateManager.addTemplate(
O_ANY,
CKO_PRIVATE_KEY,
CKK_DH,
new CK_ATTRIBUTE[] {
DERIVE_TRUE,
});
// additional attributes for EC private keys
templateManager.addTemplate(
O_ANY,
CKO_PRIVATE_KEY,
CKK_EC,
new CK_ATTRIBUTE[] {
SIGN_TRUE, DERIVE_TRUE,
});
// additional attributes for EC public keys
templateManager.addTemplate(
O_ANY,
CKO_PUBLIC_KEY,
CKK_EC,
new CK_ATTRIBUTE[] {
VERIFY_TRUE,
});
}