iaik.pkcs.pkcs11.provider.keyfactories

Class PKCS11KeyFactory

java.lang.Object

java.security.KeyFactorySpi

iaik.pkcs.pkcs11.provider.keyfactories.PKCS11KeyFactory

All Implemented Interfaces:

PKCS11EngineClass

Direct Known Subclasses:

DhKeyFactory, DsaKeyFactory, EcDsaKeyFactory, RsaKeyFactory

public abstract class PKCS11KeyFactory
extends java.security.KeyFactorySpi
implements PKCS11EngineClass

This is a base key factory that transforms asymmetric key specs into PKCS#11 key objects and vice versa. With PKCS11KeySpec, IAIKPKCS11PrivateKey and IAIKPKCS11PublicKey objects it works with the underlying PKCS#11 module. If it is used with non-PKCS#11 keys or key specs, it uses a software key factory of the configured delegate provider. It is the base class for the implementations of the various key factory algorithms.

Author:

Karl Scheibelhofer

Field Summary

Fields

Modifier and Type	Field and Description
protected PKCS11KeySpec	pkcs11KeySpec_ The specification how to generate the key.
protected boolean	pkcs11OperationInitialized_ Indicates, if the PKCS#11 signature/verify is already initialized for the next operation round.
static int	PKCS8_VERSION The PKCS#8 version field in the ASN.1 encoding.
protected iaik.pkcs.pkcs11.Session	session_ The session this object works with.
protected java.security.KeyFactory	softwareDelegate_ This is the software delegate object to use, if the provided key spec is not the key spec for a PKCS#11 key.
protected TokenManager	tokenManager_ Token manager used to login session, if required.

Constructor Summary

Constructors

Constructor and Description
PKCS11KeyFactory() Default constructor.

Method Summary

Modifier and Type	Method and Description
protected java.security.Key	createKey(iaik.pkcs.pkcs11.objects.Object keyCreationTemplate) This method creates a Java key from the given key creation template.
protected java.security.PrivateKey	engineGeneratePrivate(java.security.spec.KeySpec keySpec) Generates a private key object from the provided key specification (key material).
protected java.security.PublicKey	engineGeneratePublic(java.security.spec.KeySpec keySpec) Generates a public key object from the provided key specification (key material).
protected java.security.spec.KeySpec	engineGetKeySpec(java.security.Key key, java.lang.Class keySpecClass) Returns a specification (key material) of the given key object.
protected java.security.Key	engineTranslateKey(java.security.Key key) Translates a key object, whose provider may be unknown or potentially untrusted, into a corresponding key object of this key factory.
protected void	finalize() Tries to close the used session.
protected void	finalizePkcs11Operation() The internal session finalization method, if the current operation has been finished.
protected abstract java.lang.String	getAlgorithmName() Return the JCA standard name of this key factory algorithm.
protected abstract java.lang.String	getSoftwareDelegateAlgorithm() Return the name of the software algorithm to use, if this object must use a softwre delegation object.
protected void	initializePkcs11Operation() The internal session initialization method, if all necessary member variables are set.
protected void	initializeSession() Sets up an appropriate session.
protected void	initializeSoftwareDelegate() Initialize the software delegate secure random and store a reference in softwareDelegate_.
protected boolean	isSessionAppropriate(iaik.pkcs.pkcs11.Session session, PKCS11KeySpec pkcs11KeySpec) Checks, if the given session is appropriate for use accodring to the given key spec.
boolean	isSupportedBy(TokenManager tokenManager) Check, if the current token of the given token manager supports the required features for this engine class.
protected abstract java.security.PrivateKey	pkcs11GeneratePrivate(java.security.spec.KeySpec keySpec) Generates a private key object from the provided key specification (key material).
protected abstract java.security.PublicKey	pkcs11GeneratePublic(java.security.spec.KeySpec keySpec) Generates a public key object from the provided key specification (key material).
protected abstract java.security.spec.KeySpec	pkcs11GetKeySpec(java.security.Key key, java.lang.Class keySpecClass) Returns a specification (key material) of the given key object.
protected java.security.Key	pkcs11TranslateKey(java.security.Key key) Translates a key object, whose provider may be unknown or potentially untrusted, into a corresponding key object of this key factory.

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PKCS8_VERSION

public static final int PKCS8_VERSION

The PKCS#8 version field in the ASN.1 encoding.

See Also:

Constant Field Values

tokenManager_

protected TokenManager tokenManager_

Token manager used to login session, if required.

session_

protected iaik.pkcs.pkcs11.Session session_

The session this object works with.

pkcs11OperationInitialized_

protected boolean pkcs11OperationInitialized_

Indicates, if the PKCS#11 signature/verify is already initialized for the next operation round.

pkcs11KeySpec_

protected PKCS11KeySpec pkcs11KeySpec_

The specification how to generate the key. The subclass must set this member variable before calling initialize().

softwareDelegate_

protected java.security.KeyFactory softwareDelegate_

This is the software delegate object to use, if the provided key spec is not the key spec for a PKCS#11 key. This is only set, if useSoftwareDelegation_ is set.

Constructor Detail

PKCS11KeyFactory

public PKCS11KeyFactory()

Default constructor.

Method Detail

isSupportedBy

public boolean isSupportedBy(TokenManager tokenManager)

Check, if the current token of the given token manager supports the required features for this engine class.

Specified by:

isSupportedBy in interface PKCS11EngineClass

Parameters:

tokenManager - The token manager. Used to get information about the current token.

Returns:

True, if this engine class can be used with the currently present token of the given token manager.

Preconditions:

(tokenManager <> null)

engineGeneratePublic

protected java.security.PublicKey engineGeneratePublic(java.security.spec.KeySpec keySpec)
                                                throws java.security.spec.InvalidKeySpecException

Generates a public key object from the provided key specification (key material).

Specified by:

engineGeneratePublic in class java.security.KeyFactorySpi

Parameters:

keySpec - the specification (key material) of the public key.

Returns:

the public key.

Throws:

java.security.spec.InvalidKeySpecException - if the given key specification is inappropriate for this key factory to produce a public key.

engineGeneratePrivate

protected java.security.PrivateKey engineGeneratePrivate(java.security.spec.KeySpec keySpec)
                                                  throws java.security.spec.InvalidKeySpecException

Generates a private key object from the provided key specification (key material).

Specified by:

engineGeneratePrivate in class java.security.KeyFactorySpi

Parameters:

keySpec - the specification (key material) of the private key.

Returns:

the private key.

Throws:

java.security.spec.InvalidKeySpecException - if the given key specification is inappropriate for this key factory to produce a private key.

engineGetKeySpec

protected java.security.spec.KeySpec engineGetKeySpec(java.security.Key key,
                                                      java.lang.Class keySpecClass)
                                               throws java.security.spec.InvalidKeySpecException

Returns a specification (key material) of the given key object. keySpec identifies the specification class in which the key material should be returned. It could, for example, be DSAPublicKeySpec.class, to indicate that the key material should be returned in an instance of the DSAPublicKeySpec class.

Specified by:

engineGetKeySpec in class java.security.KeyFactorySpi

Parameters:

key - The key.

keySpecClass - The specification class in which the key material should be returned.

Returns:

The underlying key specification (key material) in an instance of the requested specification class.

Throws:

java.security.spec.InvalidKeySpecException - if the requested key specification is inappropriate for the given key, or the given key cannot be dealt with (e.g., the given key has an unrecognized format).

engineTranslateKey

protected java.security.Key engineTranslateKey(java.security.Key key)
                                        throws java.security.InvalidKeyException

Translates a key object, whose provider may be unknown or potentially untrusted, into a corresponding key object of this key factory.

Specified by:

engineTranslateKey in class java.security.KeyFactorySpi

Parameters:

key - the key whose provider is unknown or untrusted.

Returns:

the translated key.

Throws:

java.security.InvalidKeyException - if the given key cannot be processed by this key factory.

getSoftwareDelegateAlgorithm

protected abstract java.lang.String getSoftwareDelegateAlgorithm()

Return the name of the software algorithm to use, if this object must use a softwre delegation object.

Returns:

The name of the software secure random; e.g. RSA.

Postconditions:

(result <> null)

getAlgorithmName

protected abstract java.lang.String getAlgorithmName()

Return the JCA standard name of this key factory algorithm.

Returns:

The JCA name of this key factory algorithm; e.g. RSA.

Postconditions:

(result <> null)

initializeSession

protected void initializeSession()

Sets up an appropriate session. The key must be set before.

initializePkcs11Operation

protected void initializePkcs11Operation()

The internal session initialization method, if all necessary member variables are set.

finalizePkcs11Operation

protected void finalizePkcs11Operation()

The internal session finalization method, if the current operation has been finished.

initializeSoftwareDelegate

protected void initializeSoftwareDelegate()

Initialize the software delegate secure random and store a reference in softwareDelegate_.

isSessionAppropriate

protected boolean isSessionAppropriate(iaik.pkcs.pkcs11.Session session,
                                       PKCS11KeySpec pkcs11KeySpec)
                                throws iaik.pkcs.pkcs11.TokenException

Checks, if the given session is appropriate for use accodring to the given key spec.

Parameters:

session - The seesion to check.

pkcs11KeySpec - The key spec to check against.

Returns:

True, if the given session can be used as is.

Throws:

iaik.pkcs.pkcs11.TokenException - If getting the necessary information about the session fails.

createKey

protected java.security.Key createKey(iaik.pkcs.pkcs11.objects.Object keyCreationTemplate)
                               throws java.security.spec.InvalidKeySpecException

This method creates a Java key from the given key creation template.

Parameters:

keyCreationTemplate - The template for the PKCS#11 key object.

Returns:

The new Java key that contains the created PKCS#11 key.

Throws:

java.security.spec.InvalidKeySpecException - If creating the PKCS#11 key fails.

pkcs11GeneratePublic

protected abstract java.security.PublicKey pkcs11GeneratePublic(java.security.spec.KeySpec keySpec)
                                                         throws java.security.spec.InvalidKeySpecException

Generates a public key object from the provided key specification (key material).

Parameters:

keySpec - the specification (key material) of the public key.

Returns:

the public key.

Throws:

java.security.spec.InvalidKeySpecException - if the given key specification is inappropriate for this key factory to produce a public key.

pkcs11GeneratePrivate

protected abstract java.security.PrivateKey pkcs11GeneratePrivate(java.security.spec.KeySpec keySpec)
                                                           throws java.security.spec.InvalidKeySpecException

Generates a private key object from the provided key specification (key material).

Parameters:

keySpec - the specification (key material) of the private key.

Returns:

the private key.

Throws:

java.security.spec.InvalidKeySpecException - if the given key specification is inappropriate for this key factory to produce a private key.

pkcs11GetKeySpec

protected abstract java.security.spec.KeySpec pkcs11GetKeySpec(java.security.Key key,
                                                               java.lang.Class keySpecClass)
                                                        throws java.security.spec.InvalidKeySpecException

Returns a specification (key material) of the given key object. keySpec identifies the specification class in which the key material should be returned. It could, for example, be DSAPublicKeySpec.class, to indicate that the key material should be returned in an instance of the DSAPublicKeySpec class.

Parameters:

key - The key.

keySpecClass - The specification class in which the key material should be returned.

Returns:

The underlying key specification (key material) in an instance of the requested specification class.

Throws:

java.security.spec.InvalidKeySpecException - if the requested key specification is inappropriate for the given key, or the given key cannot be dealt with (e.g., the given key has an unrecognized format).

Postconditions:

(result <> null)

Preconditions:

(key <> null) and (keySpecClass <> null)

pkcs11TranslateKey

protected java.security.Key pkcs11TranslateKey(java.security.Key key)
                                        throws java.security.InvalidKeyException

Translates a key object, whose provider may be unknown or potentially untrusted, into a corresponding key object of this key factory.

Parameters:

key - the key whose provider is unknown or untrusted.

Returns:

the translated key.

Throws:

java.security.InvalidKeyException - if the given key cannot be processed by this key factory.

finalize

protected void finalize()
                 throws java.lang.Throwable

Tries to close the used session.

Overrides:

finalize in class java.lang.Object

Throws:

java.lang.Throwable - If finalization fails.