private static Set<P11SlotIdentifier> getSlots(final SlotsType type) throws ConfigurationException { if (type == null || CollectionUtil.isEmpty(type.getSlot())) { return null; } Set<P11SlotIdentifier> slots = new HashSet<>(); for (SlotType slotType : type.getSlot()) { Long slotId = null; if (slotType.getId() != null) { String str = slotType.getId().trim(); try { if (StringUtil.startsWithIgnoreCase(str, "0X")) { slotId = Long.parseLong(str.substring(2), 16); } else { slotId = Long.parseLong(str); } } catch (NumberFormatException e) { String message = "invalid slotId '" + str + "'"; LOG.error(message); throw new ConfigurationException(message); } } slots.add(new P11SlotIdentifier(slotType.getIndex(), slotId)); } return slots; }
/* * sigAlgoControl will be considered only if hashAlgo is not set * */ private ConcurrentContentSigner doCreateSigner( String type, final String conf, final String hashAlgo, final SignatureAlgoControl sigAlgoControl, final X509Certificate[] certificateChain) throws SignerException { if (signerTypeMapping.containsKey(type)) { type = signerTypeMapping.get(type); } if ("PKCS11".equalsIgnoreCase(type) || "PKCS12".equalsIgnoreCase(type) || "JKS".equalsIgnoreCase(type)) { CmpUtf8Pairs keyValues = new CmpUtf8Pairs(conf); String s = keyValues.getValue("parallelism"); int parallelism = defaultParallelism; if (s != null) { try { parallelism = Integer.parseInt(s); } catch (NumberFormatException e) { throw new SignerException("invalid parallelism " + s); } if (parallelism < 1) { throw new SignerException("invalid parallelism " + s); } } if ("PKCS11".equalsIgnoreCase(type)) { String pkcs11Module = keyValues.getValue("module"); if (pkcs11Module == null) { pkcs11Module = DEFAULT_P11MODULE_NAME; } s = keyValues.getValue("slot"); Integer slotIndex = (s == null) ? null : Integer.parseInt(s); s = keyValues.getValue("slot-id"); Long slotId = (s == null) ? null : Long.parseLong(s); if ((slotIndex == null && slotId == null) || (slotIndex != null && slotId != null)) { throw new SignerException("exactly one of slot (index) and slot-id must be specified"); } P11SlotIdentifier slot = new P11SlotIdentifier(slotIndex, slotId); String keyLabel = keyValues.getValue("key-label"); s = keyValues.getValue("key-id"); byte[] keyId = null; if (s != null) { keyId = Hex.decode(s); } if ((keyId == null && keyLabel == null) || (keyId != null && keyLabel != null)) { throw new SignerException("exactly one of key-id and key-label must be specified"); } P11KeyIdentifier keyIdentifier; if (keyId != null) { keyIdentifier = new P11KeyIdentifier(keyId); } else { keyIdentifier = new P11KeyIdentifier(keyLabel); } P11CryptService p11CryptService = getP11CryptService(pkcs11Module); P11ContentSignerBuilder signerBuilder = new P11ContentSignerBuilder(p11CryptService, slot, keyIdentifier, certificateChain); try { AlgorithmIdentifier signatureAlgId; if (hashAlgo == null) { signatureAlgId = getSignatureAlgoId(conf); } else { PublicKey pubKey; try { pubKey = getPkcs11PublicKey(pkcs11Module, slot, keyIdentifier); } catch (InvalidKeyException e) { throw new SignerException("invalid key: " + e.getMessage(), e); } signatureAlgId = AlgorithmUtil.getSignatureAlgoId(pubKey, hashAlgo, sigAlgoControl); } return signerBuilder.createSigner(signatureAlgId, parallelism); } catch (OperatorCreationException | NoSuchPaddingException | NoSuchAlgorithmException e) { throw new SignerException(e.getMessage(), e); } } else { String passwordHint = keyValues.getValue("password"); char[] password; if (passwordHint == null) { password = null; } else { if (passwordResolver == null) { password = passwordHint.toCharArray(); } else { try { password = passwordResolver.resolvePassword(passwordHint); } catch (PasswordResolverException e) { throw new SignerException("could not resolve password. Message: " + e.getMessage()); } } } s = keyValues.getValue("keystore"); String keyLabel = keyValues.getValue("key-label"); InputStream keystoreStream; if (StringUtil.startsWithIgnoreCase(s, "base64:")) { keystoreStream = new ByteArrayInputStream(Base64.decode(s.substring("base64:".length()))); } else if (StringUtil.startsWithIgnoreCase(s, "file:")) { String fn = s.substring("file:".length()); try { keystoreStream = new FileInputStream(IoUtil.expandFilepath(fn)); } catch (FileNotFoundException e) { throw new SignerException("file not found: " + fn); } } else { throw new SignerException("unknown keystore content format"); } SoftTokenContentSignerBuilder signerBuilder = new SoftTokenContentSignerBuilder( type, keystoreStream, password, keyLabel, password, certificateChain); try { AlgorithmIdentifier signatureAlgId; if (hashAlgo == null) { signatureAlgId = getSignatureAlgoId(conf); } else { PublicKey pubKey = signerBuilder.getCert().getPublicKey(); signatureAlgId = AlgorithmUtil.getSignatureAlgoId(pubKey, hashAlgo, sigAlgoControl); } return signerBuilder.createSigner(signatureAlgId, parallelism); } catch (OperatorCreationException | NoSuchPaddingException | NoSuchAlgorithmException e) { throw new SignerException(e.getMessage()); } } } else if (StringUtil.startsWithIgnoreCase(type, "java:")) { if (hashAlgo == null) { ConcurrentContentSigner contentSigner; String classname = type.substring("java:".length()); try { Class<?> clazz = Class.forName(classname); contentSigner = (ConcurrentContentSigner) clazz.newInstance(); } catch (Exception e) { throw new SignerException(e.getMessage(), e); } contentSigner.initialize(conf, passwordResolver); if (certificateChain != null) { contentSigner.setCertificateChain(certificateChain); } return contentSigner; } else { throw new SignerException("unknwon type: " + type); } } else { throw new SignerException("unknwon type: " + type); } }