001: /*************************************************************************
002: * *
003: * EJBCA: The OpenSource Certificate Authority *
004: * *
005: * This software is free software; you can redistribute it and/or *
006: * modify it under the terms of the GNU Lesser General Public *
007: * License as published by the Free Software Foundation; either *
008: * version 2.1 of the License, or any later version. *
009: * *
010: * See terms of license at gnu.org. *
011: * *
012: *************************************************************************/package org.ejbca.core.model.ca.catoken;
013:
014: import java.security.KeyStore;
015: import java.security.Security;
016: import java.security.KeyStore.PasswordProtection;
017: import java.util.HashMap;
018: import java.util.Properties;
019:
020: import org.apache.log4j.Logger;
021: import org.ejbca.core.model.InternalResources;
022: import org.ejbca.util.KeyTools;
023:
024: /**
025: * @author lars
026: * @version $Id: PKCS11CAToken.java,v 1.17 2008/02/27 09:50:33 anatom Exp $
027: */
028: public class PKCS11CAToken extends BaseCAToken {
029:
030: /** Log4j instance */
031: private static final Logger log = Logger
032: .getLogger(PKCS11CAToken.class);
033: /** Internal localization of logs and errors */
034: private static final InternalResources intres = InternalResources
035: .getInstance();
036:
037: /**
038: * @param providerClass
039: * @throws InstantiationException
040: */
041: public PKCS11CAToken() throws InstantiationException {
042: super ();
043: try {
044: PKCS11CAToken.class.getClassLoader().loadClass(
045: KeyTools.SUNPKCS11CLASS);
046: } catch (Throwable t) {
047: throw new InstantiationException(
048: "SUN pkcs11 wrapper class \"SunPKCS11\" not found.");
049: }
050: }
051:
052: /* (non-Javadoc)
053: * @see org.ejbca.core.model.ca.catoken.BaseCAToken#activate(java.lang.String)
054: */
055: @Override
056: public void activate(String authCode)
057: throws CATokenOfflineException,
058: CATokenAuthenticationFailedException {
059: try {
060: final PasswordProtection pwp = new PasswordProtection(
061: (authCode != null && authCode.length() > 0) ? authCode
062: .toCharArray()
063: : null);
064: final KeyStore.Builder builder = KeyStore.Builder
065: .newInstance("PKCS11", Security
066: .getProvider(getProvider()), pwp);
067: final KeyStore keyStore = builder.getKeyStore();
068: log.debug("Loading key from slot '" + sSlotLabel
069: + "' using pin.");
070: keyStore.load(null, null);
071: setKeys(keyStore, null);
072: pwp.destroy();
073: } catch (Throwable t) {
074: log.error("Failed to initialize PKCS11 provider slot '"
075: + sSlotLabel + "'.", t);
076: throw new CATokenAuthenticationFailedException(
077: "Failed to initialize PKCS11 provider slot '"
078: + sSlotLabel + "'.");
079: }
080: String msg = intres.getLocalizedMessage("catoken.activated",
081: "PKCS11");
082: log.info(msg);
083: }
084:
085: /* (non-Javadoc)
086: * @see org.ejbca.core.model.ca.catoken.ICAToken#init(java.util.Properties, java.lang.String)
087: */
088: public void init(Properties properties, HashMap data,
089: String signaturealgorithm) throws Exception {
090: // Don't autoactivate this right away, we must dynamically create the auth-provider with a slot
091: init("slot", properties, signaturealgorithm, false);
092: final boolean isIndex;
093: if (sSlotLabel == null) {
094: sSlotLabel = properties.getProperty("slotListIndex");
095: sSlotLabel = sSlotLabel != null ? sSlotLabel.trim() : "-1";
096: isIndex = sSlotLabel != null;
097: } else
098: isIndex = false;
099: setJCAProvider(KeyTools.getP11AuthProvider(sSlotLabel,
100: properties.getProperty("sharedLibrary"), isIndex));
101: autoActivate();
102: }
103: }
|