static byte[] concat(byte[] b1, byte[] b2) {
int n1 = b1.length;
int n2 = b2.length;
byte[] b = new byte[n1 + n2];
System.arraycopy(b1, 0, b, 0, n1);
System.arraycopy(b2, 0, b, n1, n2);
return b;
}
private byte[] doFinal() throws BadPaddingException, IllegalBlockSizeException {
byte[] t = new byte[2048];
int n = implDoFinal(t, 0, t.length);
byte[] out = new byte[n];
System.arraycopy(t, 0, out, 0, n);
return out;
}
// see JCE spec
protected byte[] engineDoFinal(byte[] in, int inOfs, int inLen)
throws IllegalBlockSizeException, BadPaddingException {
implUpdate(in, inOfs, inLen);
int n = implDoFinal(buffer, 0, buffer.length);
byte[] out = new byte[n];
System.arraycopy(buffer, 0, out, 0, n);
return out;
}
private int implDoFinal(byte[] out, int outOfs, int outLen)
throws BadPaddingException, IllegalBlockSizeException {
if (bufOfs > maxInputSize) {
throw new IllegalBlockSizeException(
"Data must not be longer " + "than " + maxInputSize + " bytes");
}
try {
ensureInitialized();
PKCS11 p11 = token.p11;
int n;
switch (mode) {
case MODE_ENCRYPT:
n = p11.C_Encrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
break;
case MODE_DECRYPT:
n = p11.C_Decrypt(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
break;
case MODE_SIGN:
byte[] tmpBuffer = new byte[bufOfs];
System.arraycopy(buffer, 0, tmpBuffer, 0, bufOfs);
tmpBuffer = p11.C_Sign(session.id(), tmpBuffer);
if (tmpBuffer.length > outLen) {
throw new BadPaddingException("Output buffer too small");
}
System.arraycopy(tmpBuffer, 0, out, outOfs, tmpBuffer.length);
n = tmpBuffer.length;
break;
case MODE_VERIFY:
n = p11.C_VerifyRecover(session.id(), buffer, 0, bufOfs, out, outOfs, outLen);
break;
default:
throw new ProviderException("internal error");
}
return n;
} catch (PKCS11Exception e) {
throw (BadPaddingException) new BadPaddingException("doFinal() failed").initCause(e);
} finally {
initialized = false;
session = token.releaseSession(session);
}
}
private void implUpdate(byte[] in, int inOfs, int inLen) {
try {
ensureInitialized();
} catch (PKCS11Exception e) {
throw new ProviderException("update() failed", e);
}
if ((inLen == 0) || (in == null)) {
return;
}
if (bufOfs + inLen > maxInputSize) {
bufOfs = maxInputSize + 1;
return;
}
System.arraycopy(in, inOfs, buffer, bufOfs, inLen);
bufOfs += inLen;
}
/*
* Parse a keystore domain configuration file and associated collection
* of keystore passwords to create a collection of KeyStore.Builder.
*/
private List<KeyStoreBuilderComponents> getBuilders(
URI configuration, Map<String, KeyStore.ProtectionParameter> passwords) throws IOException {
PolicyParser parser = new PolicyParser(true); // expand properties
Collection<PolicyParser.DomainEntry> domains = null;
List<KeyStoreBuilderComponents> builders = new ArrayList<>();
String uriDomain = configuration.getFragment();
try (InputStreamReader configurationReader =
new InputStreamReader(PolicyUtil.getInputStream(configuration.toURL()), "UTF-8")) {
parser.read(configurationReader);
domains = parser.getDomainEntries();
} catch (MalformedURLException mue) {
throw new IOException(mue);
} catch (PolicyParser.ParsingException pe) {
throw new IOException(pe);
}
for (PolicyParser.DomainEntry domain : domains) {
Map<String, String> domainProperties = domain.getProperties();
if (uriDomain != null && (!uriDomain.equalsIgnoreCase(domain.getName()))) {
continue; // skip this domain
}
if (domainProperties.containsKey(ENTRY_NAME_SEPARATOR)) {
this.entryNameSeparator = domainProperties.get(ENTRY_NAME_SEPARATOR);
// escape any regex meta characters
char ch = 0;
StringBuilder s = new StringBuilder();
for (int i = 0; i < this.entryNameSeparator.length(); i++) {
ch = this.entryNameSeparator.charAt(i);
if (REGEX_META.indexOf(ch) != -1) {
s.append('\\');
}
s.append(ch);
}
this.entryNameSeparatorRegEx = s.toString();
}
Collection<PolicyParser.KeyStoreEntry> keystores = domain.getEntries();
for (PolicyParser.KeyStoreEntry keystore : keystores) {
String keystoreName = keystore.getName();
Map<String, String> properties = new HashMap<>(domainProperties);
properties.putAll(keystore.getProperties());
String keystoreType = DEFAULT_KEYSTORE_TYPE;
if (properties.containsKey(KEYSTORE_TYPE)) {
keystoreType = properties.get(KEYSTORE_TYPE);
}
Provider keystoreProvider = null;
if (properties.containsKey(KEYSTORE_PROVIDER_NAME)) {
String keystoreProviderName = properties.get(KEYSTORE_PROVIDER_NAME);
keystoreProvider = Security.getProvider(keystoreProviderName);
if (keystoreProvider == null) {
throw new IOException("Error locating JCE provider: " + keystoreProviderName);
}
}
File keystoreFile = null;
if (properties.containsKey(KEYSTORE_URI)) {
String uri = properties.get(KEYSTORE_URI);
try {
if (uri.startsWith("file://")) {
keystoreFile = new File(new URI(uri));
} else {
keystoreFile = new File(uri);
}
} catch (URISyntaxException | IllegalArgumentException e) {
throw new IOException(
"Error processing keystore property: " + "keystoreURI=\"" + uri + "\"", e);
}
}
KeyStore.ProtectionParameter keystoreProtection = null;
if (passwords.containsKey(keystoreName)) {
keystoreProtection = passwords.get(keystoreName);
} else if (properties.containsKey(KEYSTORE_PASSWORD_ENV)) {
String env = properties.get(KEYSTORE_PASSWORD_ENV);
String pwd = System.getenv(env);
if (pwd != null) {
keystoreProtection = new KeyStore.PasswordProtection(pwd.toCharArray());
} else {
throw new IOException(
"Error processing keystore property: " + "keystorePasswordEnv=\"" + env + "\"");
}
} else {
keystoreProtection = new KeyStore.PasswordProtection(null);
}
builders.add(
new KeyStoreBuilderComponents(
keystoreName, keystoreType, keystoreProvider, keystoreFile, keystoreProtection));
}
break; // skip other domains
}
if (builders.isEmpty()) {
throw new IOException("Error locating domain configuration data " + "for: " + configuration);
}
return builders;
}
