pkcs11implementation.java

java 实现的签名方案

/* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
 *
 * Redistribution and use in  source and binary forms, with or without 
 * modification, are permitted  provided that the following conditions are met:
 *
 * 1. Redistributions of  source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in  binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *  
 * 3. The end-user documentation included with the redistribution, if any, must
 *    include the following acknowledgment:
 * 
 *    "This product includes software developed by IAIK of Graz University of
 *     Technology."
 * 
 *    Alternately, this acknowledgment may appear in the software itself, if 
 *    and wherever such third-party acknowledgments normally appear.
 *  
 * 4. The names "Graz University of Technology" and "IAIK of Graz University of
 *    Technology" must not be used to endorse or promote products derived from 
 *    this software without prior written permission.
 *  
 * 5. Products derived from this software may not be called 
 *    "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior 
 *    written permission of Graz University of Technology.
 *  
 *  THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
 *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 *  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
 *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
 *  OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 *  OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
 *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 *  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 *  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 *  POSSIBILITY  OF SUCH DAMAGE.
 */

package iaik.pkcs.pkcs11.wrapper;

import java.io.File;
import java.io.IOException;



/**
 * This is the default implementation of the PKCS11 interface. It connects to
 * the <code>pkcs11wrapper.dll</code> (or <code>libpkcs11wrapper.so</code>), 
 * which is the native part of this library.
 * The strange and awkward looking initialization was chosen to avoid calling
 * <code>System.loadLibrary(String)</code> from a static initialization block, 
 * because this would complicate the use in applets.
 *
 * @author Karl Scheibelhofer <Karl.Scheibelhofer@iaik.at>
 * @author Martin Schl鋐fer <schlaeff@sbox.tugraz.at>
 * @invariants (pkcs11ModulePath_ <> null)
 */
public class PKCS11Implementation implements PKCS11 {

  /**
   * The name of the native part of the wrapper; i.e. the filename without
   * the extension (e.g. ".DLL" or ".so").
   */
  private static final String PKCS11_WRAPPER = "pkcs11wrapper";

  /**
   * Indicates, if the static linking and initialization of the library is already done.
   */
  protected static boolean linkedAndInitialized_;

  /**
   * The PKCS#11 module to connect to. This is the PKCS#11 driver of the token;
   * e.g. pk2priv.dll.
   */
  protected String pkcs11ModulePath_;

  /**
   * This method does the initialization of the native library. It is called
   * exactly once for this class.
   *
   * @preconditions
   * @postconditions
   */
  protected static synchronized native void initializeLibrary();

  /**
   * This method does the finalization of the native library. It is called
   * exactly once for this class. The library uses this method for a clean-up
   * of any resources.
   *
   * @preconditions
   * @postconditions
   */
  protected static synchronized native void finalizeLibrary();

  /**
   * This method ensures that the library is linked to this class and that it
   * is initialized.
   *
   * @preconditions
   * @postconditions
   */
  public static synchronized void ensureLinkedAndInitialized() {
    if (!linkedAndInitialized_) {
      /* We do not call loadLibrary in a static initializer to allow better use in
       * applets. Static initialization blocks have a differrent security context.
       */
      System.loadLibrary(PKCS11_WRAPPER);
      initializeLibrary();
      linkedAndInitialized_ = true;
    }
  }

  /**
   * This method does a clean-up in the native module of the wrapper. After
   * a call to this method, this class cannot be used any longer.
   * Because there are no means in Java to really unlink the native code
   * analog to a <code>System.loadLibrary()</code> call, this method also
   * cannot effectively unload the native part.
   *
   * @preconditions
   * @postconditions
   */
  public static synchronized void ensureUnlinkedAndFinalized() {
    if (linkedAndInitialized_) {
      finalizeLibrary();
      linkedAndInitialized_ = false;
      // there is nothing like System.unloadLibrary(PKCS11_WRAPPER) so let's trust in GC
    }
  }

  /**
   * Connects to the PKCS#11 driver given. The filename must contain the
   * path, if the driver is not in the system's search path.
   *
   * @param pkcs11ModulePath the PKCS#11 library path
   * @preconditions (pkcs11ModulePath <> null)
   * @postconditions
   */
  PKCS11Implementation(String pkcs11ModulePath)
      throws IOException
  {
    ensureLinkedAndInitialized();
    connect(pkcs11ModulePath);
    pkcs11ModulePath_ = pkcs11ModulePath;
  }

  /**
   * Connects this object to the specified PKCS#11 library. This method is for
   * internal use only.
   * Declared protected, because incorrect handling may result in errors in the
   * native part.
   *
   * @param pkcs11ModulePath The PKCS#11 library path.
   * @preconditions (pkcs11ModulePath <> null)
   * @postconditions
   */
  protected synchronized native void connect(String pkcs11ModulePath) throws IOException;

  /**
   * Disconnects the PKCS#11 library from this object. After calling this
   * method, this object is no longer connected to a native PKCS#11 module
   * and any subsequent calls to C_ methods will fail. This method is for
   * internal use only.
   * Declared protected, because incorrect handling may result in errors in the
   * native part.
   *
   * @preconditions
   * @postconditions
   */
  protected synchronized native void disconnect();


  // Implementation of PKCS11 methods delegated to native pkcs11wrapper library

/* *****************************************************************************
 * General-purpose
 ******************************************************************************/

  /**
   * C_Initialize initializes the Cryptoki library.
   * (General-purpose)
   *
   * @param pInitArgs if pInitArgs is not NULL it gets casted to
   *         CK_C_INITIALIZE_ARGS_PTR and dereferenced
   *         (PKCS#11 param: CK_VOID_PTR pInitArgs)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public native void C_Initialize(Object pInitArgs) throws PKCS11Exception;

  /**
   * C_Finalize indicates that an application is done with the
   * Cryptoki library
   * (General-purpose)
   *
   * @param pReserved is reserved. Should be NULL_PTR
   *         (PKCS#11 param: CK_VOID_PTR pReserved)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions (pReserved == null)
   * @postconditions
   */
  public native void C_Finalize(Object pReserved) throws PKCS11Exception;


  /**
   * C_GetInfo returns general information about Cryptoki.
   * (General-purpose)
   *
   * @return the information.
   *         (PKCS#11 param: CK_INFO_PTR pInfo)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public native CK_INFO C_GetInfo() throws PKCS11Exception;


/* *****************************************************************************
 * Slot and token management
 ******************************************************************************/

  /**
   * C_GetSlotList obtains a list of slots in the system.
   * (Slot and token management)
   *
   * @param tokenPresent if true only Slot IDs with a token are returned
   *         (PKCS#11 param: CK_BBOOL tokenPresent)
   * @return a long array of slot IDs and number of Slot IDs
   *         (PKCS#11 param: CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public native long[] C_GetSlotList(boolean tokenPresent) throws PKCS11Exception;


  /**
   * C_GetSlotInfo obtains information about a particular slot in
   * the system.
   * (Slot and token management)
   *
   * @param slotID the ID of the slot
   *         (PKCS#11 param: CK_SLOT_ID slotID)
   * @return the slot information
   *         (PKCS#11 param: CK_SLOT_INFO_PTR pInfo)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public native CK_SLOT_INFO C_GetSlotInfo(long slotID) throws PKCS11Exception;


  /**
   * C_GetTokenInfo obtains information about a particular token
   * in the system.
   * (Slot and token management)
   *
   * @param slotID ID of the token's slot
   *         (PKCS#11 param: CK_SLOT_ID slotID)
   * @return the token information
   *         (PKCS#11 param: CK_TOKEN_INFO_PTR pInfo)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public native CK_TOKEN_INFO C_GetTokenInfo(long slotID) throws PKCS11Exception;


  /**
   * C_GetMechanismList obtains a list of mechanism types
   * supported by a token.
   * (Slot and token management)
   *
   * @param slotID ID of the token's slot
   *         (PKCS#11 param: CK_SLOT_ID slotID)
   * @return a long array of mechanism types and number of mechanism types
   *         (PKCS#11 param: CK_MECHANISM_TYPE_PTR pMechanismList,
   *                         CK_ULONG_PTR pulCount)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public native long[] C_GetMechanismList(long slotID) throws PKCS11Exception;


  /**
   * C_GetMechanismInfo obtains information about a particular
   * mechanism possibly supported by a token.
   * (Slot and token management)
   *
   * @param slotID ID of the token's slot
   *         (PKCS#11 param: CK_SLOT_ID slotID)
   * @param type type of mechanism
   *         (PKCS#11 param: CK_MECHANISM_TYPE type)
   * @return the mechanism info
   *         (PKCS#11 param: CK_MECHANISM_INFO_PTR pInfo)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions (result <> null)
   */
  public native CK_MECHANISM_INFO C_GetMechanismInfo(long slotID, long type) throws PKCS11Exception;


  /**
   * C_InitToken initializes a token.
   * (Slot and token management)
   *
   * @param slotID ID of the token's slot
   *         (PKCS#11 param: CK_SLOT_ID slotID)
   * @param pPin the SO's initial PIN and the length in bytes of the PIN
   *         (PKCS#11 param: CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
   * @param pLabel 32-byte token label (blank padded)
   *         (PKCS#11 param: CK_UTF8CHAR_PTR pLabel)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public native void C_InitToken(long slotID, char[] pPin, char[] pLabel) throws PKCS11Exception;


  /**
   * C_InitPIN initializes the normal user's PIN.
   * (Slot and token management)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pPin the normal user's PIN and the length in bytes of the PIN
   *         (PKCS#11 param: CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public native void C_InitPIN(long hSession, char[] pPin) throws PKCS11Exception;


  /**
   * C_SetPIN modifies the PIN of the user who is logged in.
   * (Slot and token management)
   *
   * @param hSession the session's handle
   *         (PKCS#11 param: CK_SESSION_HANDLE hSession)
   * @param pOldPin the old PIN and the length of the old PIN
   *         (PKCS#11 param: CK_CHAR_PTR pOldPin, CK_ULONG ulOldLen)
   * @param pNewPin the new PIN and the length of the new PIN
   *         (PKCS#11 param: CK_CHAR_PTR pNewPin, CK_ULONG ulNewLen)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions
   */
  public native void C_SetPIN(long hSession, char[] pOldPin, char[] pNewPin) throws PKCS11Exception;



/* *****************************************************************************
 * Session management
 ******************************************************************************/

  /**
   * C_OpenSession opens a session between an application and a
   * token.
   * (Session management)
   *
   * @param slotID the slot's ID
   *         (PKCS#11 param: CK_SLOT_ID slotID)
   * @param flags of CK_SESSION_INFO
   *         (PKCS#11 param: CK_FLAGS flags)
   * @param pApplication passed to callback
   *         (PKCS#11 param: CK_VOID_PTR pApplication)
   * @param Notify the callback function
   *         (PKCS#11 param: CK_NOTIFY Notify)
   * @return the session handle
   *         (PKCS#11 param: CK_SESSION_HANDLE_PTR phSession)
   * @exception PKCS11Exception If function returns other value than CKR_OK.
   * @preconditions
   * @postconditions