public void setPkcs11ConfFile(final String confFile) {
if (StringUtil.isBlank(confFile)) {
this.pkcs11ConfFile = null;
} else {
this.pkcs11ConfFile = confFile;
}
}
public void setSignerTypeMap(String signerTypeMap) {
if (signerTypeMap == null) {
LOG.debug("signerTypeMap is null");
return;
}
signerTypeMap = signerTypeMap.trim();
if (StringUtil.isBlank(signerTypeMap)) {
LOG.debug("signerTypeMap is empty");
return;
}
StringTokenizer st = new StringTokenizer(signerTypeMap, " \t");
while (st.hasMoreTokens()) {
String token = st.nextToken();
StringTokenizer st2 = new StringTokenizer(token, "=");
if (st2.countTokens() != 2) {
LOG.warn("invalid signerTypeMap entry '" + token + "'");
continue;
}
String alias = st2.nextToken();
if (signerTypeMapping.containsKey(alias)) {
LOG.warn("signerType alias '" + alias + "' already defined, ignore map '" + token + "'");
continue;
}
String signerType = st2.nextToken();
signerTypeMapping.put(alias, signerType);
LOG.info("add alias '" + alias + "' for signerType '" + signerType + "'");
}
}
private void initPkcs11ModuleConf() {
if (p11Control != null) {
return;
}
if (StringUtil.isBlank(pkcs11ConfFile)) {
throw new IllegalStateException("pkcs11ConfFile is not set");
}
try {
JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
SchemaFactory schemaFact =
SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema schema = schemaFact.newSchema(getClass().getResource("/xsd/pkcs11-conf.xsd"));
unmarshaller.setSchema(schema);
@SuppressWarnings("unchecked")
JAXBElement<PKCS11ConfType> rootElement =
(JAXBElement<PKCS11ConfType>) unmarshaller.unmarshal(new File(pkcs11ConfFile));
PKCS11ConfType pkcs11Conf = rootElement.getValue();
ModulesType modulesType = pkcs11Conf.getModules();
Map<String, P11ModuleConf> confs = new HashMap<>();
for (ModuleType moduleType : modulesType.getModule()) {
String name = moduleType.getName();
if (DEFAULT_P11MODULE_NAME.equals(name)) {
throw new ConfigurationException(
"invald module name " + DEFAULT_P11MODULE_NAME + ", it is reserved");
}
if (confs.containsKey(name)) {
throw new ConfigurationException(
"multiple modules with the same module name is not permitted");
}
P11PasswordRetriever pwdRetriever;
PasswordsType passwordsType = moduleType.getPasswords();
if (passwordsType == null || CollectionUtil.isEmpty(passwordsType.getPassword())) {
pwdRetriever = P11NullPasswordRetriever.INSTANCE;
} else {
pwdRetriever = new P11PasswordRetrieverImpl();
((P11PasswordRetrieverImpl) pwdRetriever).setPasswordResolver(passwordResolver);
for (PasswordType passwordType : passwordsType.getPassword()) {
Set<P11SlotIdentifier> slots = getSlots(passwordType.getSlots());
((P11PasswordRetrieverImpl) pwdRetriever)
.addPasswordEntry(slots, new ArrayList<>(passwordType.getSinglePassword()));
}
}
Set<P11SlotIdentifier> includeSlots = getSlots(moduleType.getIncludeSlots());
Set<P11SlotIdentifier> excludeSlots = getSlots(moduleType.getExcludeSlots());
final String osName = System.getProperty("os.name").toLowerCase();
String nativeLibraryPath = null;
for (NativeLibraryType library : moduleType.getNativeLibraries().getNativeLibrary()) {
List<String> osNames = library.getOs();
if (CollectionUtil.isEmpty(osNames)) {
nativeLibraryPath = library.getPath();
} else {
for (String entry : osNames) {
if (osName.contains(entry.toLowerCase())) {
nativeLibraryPath = library.getPath();
break;
}
}
}
if (nativeLibraryPath != null) {
break;
}
}
if (nativeLibraryPath == null) {
throw new ConfigurationException("could not find PKCS#11 library for OS " + osName);
}
P11ModuleConf conf =
new P11ModuleConf(name, nativeLibraryPath, pwdRetriever, includeSlots, excludeSlots);
confs.put(name, conf);
}
final String defaultModuleName = modulesType.getDefaultModule();
if (confs.containsKey(defaultModuleName) == false) {
throw new ConfigurationException("default module " + defaultModuleName + " is not defined");
}
this.p11Control = new P11Control(defaultModuleName, new HashSet<>(confs.values()));
} catch (JAXBException | SAXException | ConfigurationException e) {
final String message = "invalid configuration file " + pkcs11ConfFile;
if (LOG.isErrorEnabled()) {
final String exceptionMessage;
if (e instanceof JAXBException) {
exceptionMessage = XMLUtil.getMessage((JAXBException) e);
} else {
exceptionMessage = e.getMessage();
}
LOG.error(
LogUtil.buildExceptionLogFormat(message), e.getClass().getName(), exceptionMessage);
}
LOG.debug(message, e);
throw new RuntimeException(message);
}
}