Top Description Inners Fields Constructors Methods
sun.security.pkcs11

public final Class SunPKCS11

extends AuthProvider
Class Inheritance
Imports
java.io.*, java.util.*, java.security.*, java.security.interfaces.*, javax.crypto.interfaces.*, javax.security.auth.Subject, javax.security.auth.login.LoginException, .FailedLoginException, javax.security.auth.callback.Callback, .CallbackHandler, .PasswordCallback, com.sun.crypto.provider.ChaCha20Poly1305Parameters, jdk.internal.misc.InnocuousThread, sun.security.util.Debug, .ResourcesMgr, sun.security.pkcs11.Secmod.*, sun.security.pkcs11.wrapper.*
PKCS#11 provider main class.
Author
Andreas Sterbenz
Since
1.5

Nested and Inner Type Summary

Modifier and TypeClass and Description
private static class
SunPKCS11.Descriptor

private class
SunPKCS11.NativeResourceCleaner

private static class
SunPKCS11.P11Service

private static class
SunPKCS11.SunPKCS11Rep

Serialized representation of the SunPKCS11 provider.

private static class
SunPKCS11.TokenPoller

Field Summary

Modifier and TypeField and Description
private static final String
AGP

private static final String
CIP

pack-priv static SunPKCS11.NativeResourceCleaner
cleaner

pack-priv final Config
config

pack-priv static final Debug
debug

Hides java.security.Provider.debug.

private static final Map<Integer, List<SunPKCS11.Descriptor>>
descriptors

private static final String
KA

private static final String
KF

private static final String
KG

private static final String
KPG

private static final String
KS

private final Object
LOCK_HANDLER

private static final String
MAC

private static final String
MD

pack-priv final Secmod.Module
nssModule

pack-priv final boolean
nssUseSecmodTrust

pack-priv final PKCS11
p11

private CallbackHandler
pHandler

private SunPKCS11.TokenPoller
poller

pack-priv final boolean
removable

private static final long
serialVersionUID

Hides java.security.AuthProvider.serialVersionUID.

private static final String
SIG

private static final String
SKF

pack-priv final long
slotID

private static final String
SR

private volatile Token
token

Constructor Summary

AccessConstructor and Description
public
SunPKCS11()

pack-priv
SunPKCS11(Config c)

Method Summary

Modifier and TypeMethod and Description
private static <T> T
checkNull(T obj)

public Provider
configure(String
the configuration information for configuring this provider.
configArg)

Overrides java.security.Provider.configure.

Apply the supplied configuration argument to this Provider instance and return the configured Provider.

private void
createCleaner()

private void
createPoller()

private static void
d(String type, String algorithm, String className, int[] m)

private static void
d(String type, String algorithm, String className, List<String> aliases, int[] m)

private static void
d(String type, String algorithm, String className, int[] m, int[] requiredMechs)

private static void
dA(String type, String algorithm, String className, int[] m)

private static void
dA(String type, String algorithm, String className, int[] m, int[] requiredMechs)

private void
destroyPoller()

public boolean
equals(Object
object to be compared for equality with this hashtable
obj)

Overrides java.util.Properties.equals.

Implements java.util.Map.equals.

Compares the specified Object with this Map for equality, as per the definition in the Map interface.

private CallbackHandler
getCallbackHandler(CallbackHandler handler)

pack-priv Token
getToken()

public int
hashCode()

Overrides java.util.Properties.hashCode.

Implements java.util.Map.hashCode.

Returns the hash code value for this Map as per the definition in the Map interface.

private boolean
hasValidToken()

private void
initToken(CK_SLOT_INFO slotInfo)

public boolean
isConfigured()

Overrides java.security.Provider.isConfigured.

Check if this Provider instance has been configured.

private static boolean
isLegacy(CK_MECHANISM_INFO mechInfo)

public void
login(Subject
this parameter is ignored
subject, CallbackHandler
the CallbackHandler used by this provider to communicate with the caller
handler)

Implements abstract java.security.AuthProvider.login.

Log in to this provider.

public void
logout()

Implements abstract java.security.AuthProvider.logout.

Log out from this provider

private static int[]
m(long m1)

private static int[]
m(long m1, long m2)

private static int[]
m(long m1, long m2, long m3)

private static int[]
m(long m1, long m2, long m3, long m4)

private static void
register(SunPKCS11.Descriptor d)

public void
setCallbackHandler(CallbackHandler
a CallbackHandler for obtaining authentication information, which may be null
handler)

Implements abstract java.security.AuthProvider.setCallbackHandler.

Set a CallbackHandler

The provider uses this handler if one is not passed to the login method.

private static String
toString(long[] longs)

pack-priv synchronized void
uninitToken(Token token)

private Object
writeReplace()

Field Detail

AGPback to summary
private static final String AGP
CIPback to summary
private static final String CIP
cleanerback to summary
pack-priv static SunPKCS11.NativeResourceCleaner cleaner
configback to summary
pack-priv final Config config
Annotations
@SuppressWarnings:serial
debugback to summary
pack-priv static final Debug debug

Hides java.security.Provider.debug.

descriptorsback to summary
private static final Map<Integer, List<SunPKCS11.Descriptor>> descriptors
KAback to summary
private static final String KA
KFback to summary
private static final String KF
KGback to summary
private static final String KG
KPGback to summary
private static final String KPG
KSback to summary
private static final String KS
LOCK_HANDLERback to summary
private final Object LOCK_HANDLER
Annotations
@SuppressWarnings:serial
MACback to summary
private static final String MAC
MDback to summary
private static final String MD
nssModuleback to summary
pack-priv final Secmod.Module nssModule
Annotations
@SuppressWarnings:serial
nssUseSecmodTrustback to summary
pack-priv final boolean nssUseSecmodTrust
p11back to summary
pack-priv final PKCS11 p11
Annotations
@SuppressWarnings:serial
pHandlerback to summary
private CallbackHandler pHandler
Annotations
@SuppressWarnings:serial
pollerback to summary
private SunPKCS11.TokenPoller poller
Annotations
@SuppressWarnings:serial
removableback to summary
pack-priv final boolean removable
serialVersionUIDback to summary
private static final long serialVersionUID

Hides java.security.AuthProvider.serialVersionUID.

Annotations
@Serial
SIGback to summary
private static final String SIG
SKFback to summary
private static final String SKF
slotIDback to summary
pack-priv final long slotID
SRback to summary
private static final String SR
tokenback to summary
private volatile Token token

Constructor Detail

SunPKCS11back to summary
public SunPKCS11()
SunPKCS11back to summary
pack-priv SunPKCS11(Config c)

Method Detail

checkNullback to summary
private static <T> T checkNull(T obj)
configureback to summary
public Provider configure(String configArg) throws InvalidParameterException

Overrides java.security.Provider.configure.

Doc from java.security.Provider.configure.

Apply the supplied configuration argument to this Provider instance and return the configured Provider. Note that if this Provider cannot be configured in-place, a new Provider will be created and returned. Therefore, callers should always use the returned Provider.

Parameters
configArg:String

the configuration information for configuring this provider.

Returns:Provider

a Provider configured with the supplied configuration argument.

Annotations
@SuppressWarnings:removal
@Override
Exceptions
InvalidParameterException:
if the supplied configuration argument is invalid.
createCleanerback to summary
private void createCleaner()
Annotations
@SuppressWarnings:removal
createPollerback to summary
private void createPoller()
Annotations
@SuppressWarnings:removal
dback to summary
private static void d(String type, String algorithm, String className, int[] m)
dback to summary
private static void d(String type, String algorithm, String className, List<String> aliases, int[] m)
dback to summary
private static void d(String type, String algorithm, String className, int[] m, int[] requiredMechs)
dAback to summary
private static void dA(String type, String algorithm, String className, int[] m)
dAback to summary
private static void dA(String type, String algorithm, String className, int[] m, int[] requiredMechs)
destroyPollerback to summary
private void destroyPoller()
equalsback to summary
public boolean equals(Object obj)

Overrides java.util.Properties.equals.

Implements java.util.Map.equals.

Doc from java.util.Hashtable.equals.

Compares the specified Object with this Map for equality, as per the definition in the Map interface.

Parameters
obj:Object

object to be compared for equality with this hashtable

Returns:boolean

true if the specified Object is equal to this Map

getCallbackHandlerback to summary
private CallbackHandler getCallbackHandler(CallbackHandler handler)
getTokenback to summary
pack-priv Token getToken()
hashCodeback to summary
public int hashCode()

Overrides java.util.Properties.hashCode.

Implements java.util.Map.hashCode.

Doc from java.util.Hashtable.hashCode.

Returns the hash code value for this Map as per the definition in the Map interface.

Returns:int

Doc from java.util.Map.hashCode.

the hash code value for this map

hasValidTokenback to summary
private boolean hasValidToken()
initTokenback to summary
private void initToken(CK_SLOT_INFO slotInfo) throws PKCS11Exception
isConfiguredback to summary
public boolean isConfigured()

Overrides java.security.Provider.isConfigured.

Doc from java.security.Provider.isConfigured.

Check if this Provider instance has been configured.

Returns:boolean

true if no further configuration is needed, false otherwise.

Annotations
@Override
isLegacyback to summary
private static boolean isLegacy(CK_MECHANISM_INFO mechInfo) throws PKCS11Exception
loginback to summary
public void login(Subject subject, CallbackHandler handler) throws LoginException

Implements abstract java.security.AuthProvider.login.

Log in to this provider.

If the token expects a PIN to be supplied by the caller, the handler implementation must support a PasswordCallback.

To determine if the token supports a protected authentication path, the CK_TOKEN_INFO flag, CKF_PROTECTED_AUTHENTICATION_PATH, is consulted.

Parameters
subject:Subject

this parameter is ignored

handler:CallbackHandler

the CallbackHandler used by this provider to communicate with the caller

Exceptions
LoginException:
if the login operation fails
IllegalStateException:
if the provider requires configuration and Provider.configure has not been called
SecurityException:
if the does not pass a security check for SecurityPermission("authProvider.name"), where name is the value returned by this provider's getName method
logoutback to summary
public void logout() throws LoginException

Implements abstract java.security.AuthProvider.logout.

Log out from this provider

Exceptions
LoginException:
if the logout operation fails
IllegalStateException:
if the provider requires configuration and Provider.configure has not been called
SecurityException:
if the does not pass a security check for SecurityPermission("authProvider.name"), where name is the value returned by this provider's getName method
mback to summary
private static int[] m(long m1)
mback to summary
private static int[] m(long m1, long m2)
mback to summary
private static int[] m(long m1, long m2, long m3)
mback to summary
private static int[] m(long m1, long m2, long m3, long m4)
registerback to summary
private static void register(SunPKCS11.Descriptor d)
setCallbackHandlerback to summary
public void setCallbackHandler(CallbackHandler handler)

Implements abstract java.security.AuthProvider.setCallbackHandler.

Set a CallbackHandler

The provider uses this handler if one is not passed to the login method. The provider also uses this handler if it invokes login on behalf of callers. In either case if a handler is not set via this method, the provider queries the auth.login.defaultCallbackHandler security property for the fully qualified class name of a default handler implementation. If the security property is not set, the provider is assumed to have alternative means for obtaining authentication information.

Parameters
handler:CallbackHandler

a CallbackHandler for obtaining authentication information, which may be null

Exceptions
IllegalStateException:
if the provider requires configuration and Provider.configure has not been called
SecurityException:
if the caller does not pass a security check for SecurityPermission("authProvider.name"), where name is the value returned by this provider's getName method
toStringback to summary
private static String toString(long[] longs)
uninitTokenback to summary
pack-priv synchronized void uninitToken(Token token)
Annotations
@SuppressWarnings:removal
writeReplaceback to summary
private Object writeReplace() throws ObjectStreamException
sun.security.pkcs11 back to summary

private final Class SunPKCS11.Descriptor

extends Object
Class Inheritance

Field Summary

Modifier and TypeField and Description
pack-priv final String
algorithm

pack-priv final List<String>
aliases

pack-priv final String
className

pack-priv final int[]
mechanisms

pack-priv final int[]
requiredMechs

pack-priv final String
type

Constructor Summary

AccessConstructor and Description
private
Descriptor(String type, String algorithm, String className, List<String> aliases, int[] mechanisms)

private
Descriptor(String type, String algorithm, String className, List<String> aliases, int[] mechanisms, int[] requiredMechs)

Method Summary

Modifier and TypeMethod and Description
private SunPKCS11.P11Service
service(Token token, int mechanism)

public String
toString()

Overrides java.lang.Object.toString.

Returns a string representation of the object.

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAllwaitwaitwait

Field Detail

algorithmback to summary
pack-priv final String algorithm
aliasesback to summary
pack-priv final List<String> aliases
classNameback to summary
pack-priv final String className
mechanismsback to summary
pack-priv final int[] mechanisms
requiredMechsback to summary
pack-priv final int[] requiredMechs
typeback to summary
pack-priv final String type

Constructor Detail

Descriptorback to summary
private Descriptor(String type, String algorithm, String className, List<String> aliases, int[] mechanisms)
Descriptorback to summary
private Descriptor(String type, String algorithm, String className, List<String> aliases, int[] mechanisms, int[] requiredMechs)

Method Detail

serviceback to summary
private SunPKCS11.P11Service service(Token token, int mechanism)
toStringback to summary
public String toString()

Overrides java.lang.Object.toString.

Doc from java.lang.Object.toString.

Returns a string representation of the object.

Returns:String

a string representation of the object

sun.security.pkcs11 back to summary

private Class SunPKCS11.NativeResourceCleaner

extends Object
implements Runnable
Class Inheritance
All Implemented Interfaces
java.lang.Runnable

Field Summary

Modifier and TypeField and Description
private int
count

pack-priv boolean
keyRefFound

pack-priv boolean
sessRefFound

private long
sleepMillis

Constructor Summary

AccessConstructor and Description
private
NativeResourceCleaner()

Method Summary

Modifier and TypeMethod and Description
public void
run()

Implements java.lang.Runnable.run.

Runs this operation.

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAlltoStringwaitwaitwait

Field Detail

countback to summary
private int count
keyRefFoundback to summary
pack-priv boolean keyRefFound
sessRefFoundback to summary
pack-priv boolean sessRefFound
sleepMillisback to summary
private long sleepMillis

Constructor Detail

NativeResourceCleanerback to summary
private NativeResourceCleaner()

Method Detail

runback to summary
public void run()

Implements java.lang.Runnable.run.

Doc from java.lang.Runnable.run.

Runs this operation.

Annotations
@Override
sun.security.pkcs11 back to summary

private final Class SunPKCS11.P11Service

extends Service
Class Inheritance

Field Summary

Modifier and TypeField and Description
private final long
mechanism

private final Token
token

Constructor Summary

AccessConstructor and Description
pack-priv
P11Service(Token token, String type, String algorithm, String className, List<String> al, long mechanism)

Method Summary

Modifier and TypeMethod and Description
private boolean
isLocalKey(Key key)

public Object
newInstance(Object
the value to pass to the constructor, or null if this type of service does not use a constructorParameter.
param)

Overrides java.security.Provider.Service.newInstance.

Return a new instance of the implementation described by this service.

public Object
newInstance0(Object param)

public boolean
supportsParameter(Object
the parameter to test
param)

Overrides java.security.Provider.Service.supportsParameter.

Test whether this Service can use the specified parameter.

public String
toString()

Overrides java.security.Provider.Service.toString.

Return a String representation of this service.

Inherited from java.security.Provider.Service:
getAlgorithmgetAttributegetClassNamegetProvidergetType

Field Detail

mechanismback to summary
private final long mechanism
tokenback to summary
private final Token token

Constructor Detail

P11Serviceback to summary
pack-priv P11Service(Token token, String type, String algorithm, String className, List<String> al, long mechanism)

Method Detail

isLocalKeyback to summary
private boolean isLocalKey(Key key)
newInstanceback to summary
public Object newInstance(Object param) throws NoSuchAlgorithmException

Overrides java.security.Provider.Service.newInstance.

Doc from java.security.Provider.Service.newInstance.

Return a new instance of the implementation described by this service. The security provider framework uses this method to construct implementations. Applications will typically not need to call it.

The default implementation uses reflection to invoke the standard constructor for this type of service. Security providers can override this method to implement instantiation in a different way. For details and the values of constructorParameter that are valid for the various types of services see the Java Cryptography Architecture (JCA) Reference Guide.

Parameters
param:Object

the value to pass to the constructor, or null if this type of service does not use a constructorParameter.

Returns:Object

a new implementation of this service

Annotations
@Override
Exceptions
NoSuchAlgorithmException:
if instantiation failed for any other reason.
newInstance0back to summary
public Object newInstance0(Object param) throws PKCS11Exception, NoSuchAlgorithmException
supportsParameterback to summary
public boolean supportsParameter(Object param)

Overrides java.security.Provider.Service.supportsParameter.

Doc from java.security.Provider.Service.supportsParameter.

Test whether this Service can use the specified parameter. Returns false if this service cannot use the parameter. Returns true if this service can use the parameter, if a fast test is infeasible, or if the status is unknown.

The security provider framework uses this method with some types of services to quickly exclude non-matching implementations for consideration. Applications will typically not need to call it.

For details and the values of parameter that are valid for the various types of services see the top of this class and the Java Cryptography Architecture (JCA) Reference Guide. Security providers can override it to implement their own test.

Parameters
param:Object

the parameter to test

Returns:boolean

false if this service cannot use the specified parameter; true if it can possibly use the parameter

toStringback to summary
public String toString()

Overrides java.security.Provider.Service.toString.

Doc from java.security.Provider.Service.toString.

Return a String representation of this service.

Returns:String

a String representation of this service.

sun.security.pkcs11 back to summary

private Class SunPKCS11.SunPKCS11Rep

extends Object
implements Serializable
Class Inheritance
All Implemented Interfaces
java.io.Serializable
Serialized representation of the SunPKCS11 provider.

Field Summary

Modifier and TypeField and Description
private final String
configName

private final String
providerName

pack-priv static final long
serialVersionUID

Constructor Summary

AccessConstructor and Description
pack-priv
SunPKCS11Rep(SunPKCS11 provider)

Method Summary

Modifier and TypeMethod and Description
private Object
readResolve()

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAlltoStringwaitwaitwait

Field Detail

configNameback to summary
private final String configName
providerNameback to summary
private final String providerName
serialVersionUIDback to summary
pack-priv static final long serialVersionUID

Constructor Detail

SunPKCS11Repback to summary
pack-priv SunPKCS11Rep(SunPKCS11 provider) throws NotSerializableException

Method Detail

readResolveback to summary
private Object readResolve() throws ObjectStreamException
sun.security.pkcs11 back to summary

private Class SunPKCS11.TokenPoller

extends Object
implements Runnable
Class Inheritance
All Implemented Interfaces
java.lang.Runnable

Field Summary

Modifier and TypeField and Description
private volatile boolean
enabled

private final SunPKCS11
provider

Constructor Summary

AccessConstructor and Description
private
TokenPoller(SunPKCS11 provider)

Method Summary

Modifier and TypeMethod and Description
pack-priv void
disable()

public void
run()

Implements java.lang.Runnable.run.

Runs this operation.

Inherited from java.lang.Object:
cloneequalsfinalizegetClasshashCodenotifynotifyAlltoStringwaitwaitwait

Field Detail

enabledback to summary
private volatile boolean enabled
providerback to summary
private final SunPKCS11 provider

Constructor Detail

TokenPollerback to summary
private TokenPoller(SunPKCS11 provider)

Method Detail

disableback to summary
pack-priv void disable()
runback to summary
public void run()

Implements java.lang.Runnable.run.

Doc from java.lang.Runnable.run.

Runs this operation.

Annotations
@Override