iaik.pkcs.pkcs11.objects

Class PrivateKey

java.lang.Object

iaik.pkcs.pkcs11.objects.Object

iaik.pkcs.pkcs11.objects.Storage

iaik.pkcs.pkcs11.objects.Key

iaik.pkcs.pkcs11.objects.PrivateKey

All Implemented Interfaces:

java.lang.Cloneable

Direct Known Subclasses:

DHPrivateKey, DSAPrivateKey, ECDSAPrivateKey, KEAPrivateKey, RSAPrivateKey

public class PrivateKey
extends Key

This is the base class for private (asymmetric) keys. Objects of this class represent private keys as specified by PKCS#11 v2.11.

Version:

1.0

Author:

Karl Scheibelhofer

Invariants:

(subject_ != null) and (sensitive_ != null) and (secondaryAuth_ != null) and (authPinFlags_ != null) and (decrypt_ != null) and (sign_ != null) and (signRecover_ != null) and (unwrap_ != null) and (extractable_ != null) and (alwaysSensitive_ != null) and (neverExtractable_ != null)

Nested Class Summary

Nested classes/interfaces inherited from class iaik.pkcs.pkcs11.objects.Key

Key.KeyType, Key.VendorDefinedKeyBuilder

Nested classes/interfaces inherited from class iaik.pkcs.pkcs11.objects.Object

Object.ObjectClass, Object.VendorDefinedObjectBuilder

Field Summary

Fields

Modifier and Type	Field and Description
protected BooleanAttribute	alwaysAuthenticate_ True, if the user has to supply the PIN for each use (sign or decrypt) with the key.
protected BooleanAttribute	alwaysSensitive_ True, if this private key was always sensitive.
protected BooleanAttribute	decrypt_ True, if this private key can be used for encryption.
protected BooleanAttribute	extractable_ True, if this private key can not be extracted from the token.
protected BooleanAttribute	neverExtractable_ True, if this private key was never extractable.
protected BooleanAttribute	sensitive_ True, if this private key is sensitive.
protected BooleanAttribute	sign_ True, if this private key can be used for signing.
protected BooleanAttribute	signRecover_ True, if this private key can be used for signing with recover.
protected ByteArrayAttribute	subject_ The subject of this private key.
protected BooleanAttribute	unwrap_ True, if this private key can be used for unwrapping wrapped keys.
protected AttributeArray	unwrapTemplate_ Template of the key, that can be unwrapped.
protected BooleanAttribute	wrapWithTrusted_ True, if this private key can only be wrapped with a wrapping key having set the attribute trusted to true.

Fields inherited from class iaik.pkcs.pkcs11.objects.Key

allowedMechanisms_, derive_, endDate_, id_, keyGenMechanism_, keyType_, keyTypeNames_, local_, startDate_, vendorKeyBuilder_

Fields inherited from class iaik.pkcs.pkcs11.objects.Storage

label_, modifiable_, private_, token_

Fields inherited from class iaik.pkcs.pkcs11.objects.Object

attributeTable_, objectClass_, objectClassNames_, objectHandle_, vendorObjectBuilder_

Constructor Summary

Constructors

Modifier	Constructor and Description
	PrivateKey() Default Constructor.
protected	PrivateKey(Session session, long objectHandle) Called by sub-classes to create an instance of a PKCS#11 private key.

Method Summary

Modifier and Type	Method and Description
protected void	allocateAttributes() Allocates the attribute objects for this class and adds them to the attribute table.
java.lang.Object	clone() Create a (deep) clone of this object.
boolean	equals(java.lang.Object otherObject) Compares all member variables of this object with the other object.
BooleanAttribute	getAlwaysAuthenticate() Gets the always authenticate attribute of this key.
BooleanAttribute	getAlwaysSensitive() Gets the always sensitive attribute of this key.
LongAttribute	getAuthPinFlags() Deprecated. since pkcs#11 v2.11 - always returns null
BooleanAttribute	getDecrypt() Gets the decrypt attribute of this key.
BooleanAttribute	getExtractable() Gets the extractable attribute of this key.
static Object	getInstance(Session session, long objectHandle) The getInstance method of the Object class uses this method to create an instance of a PKCS#11 private key.
BooleanAttribute	getNeverExtractable() Gets the never extractable attribute of this key.
BooleanAttribute	getSecondaryAuth() Deprecated. since pkcs#11 v2.11 - always returns null
BooleanAttribute	getSensitive() Gets the sensitive attribute of this key.
BooleanAttribute	getSign() Gets the sign attribute of this key.
BooleanAttribute	getSignRecover() Gets the sign recover attribute of this key.
ByteArrayAttribute	getSubject() Gets the subject attribute of this key.
protected static Object	getUnknownPrivateKey(Session session, long objectHandle) Try to create a key which has no or an unknown private key type type attribute.
BooleanAttribute	getUnwrap() Gets the unwrap attribute of this key.
AttributeArray	getUnwrapTemplate() Gets the unwrap template attribute of this key.
BooleanAttribute	getWrapWithTrusted() Gets the wrap with trusted attribute of this key.
protected static void	putAttributesInTable(PrivateKey object) Put all attributes of the given object into the attributes table of this object.
java.lang.String	toString() This method returns a string representation of the current object.

Methods inherited from class iaik.pkcs.pkcs11.objects.Key

getAllowedMechanisms, getDerive, getEndDate, getId, getKeyGenMechanism, getKeyType, getKeyTypeName, getLocal, getStartDate, getVendorDefinedKeyBuilder, hashCode, putAttributesInTable, setVendorDefinedKeyBuilder

Methods inherited from class iaik.pkcs.pkcs11.objects.Storage

getLabel, getModifiable, getPrivate, getToken, putAttributesInTable

Methods inherited from class iaik.pkcs.pkcs11.objects.Object

checkAttributesState, checkAttributeState, getAttribute, getAttributeTable, getAttributeValue, getAttributeValues, getObjectClass, getObjectClassName, getObjectHandle, getSetAttributes, getSetAttributes, getUnknownObject, getVendorDefinedObjectBuilder, putAttribute, putAttributesInTable, readAttributes, removeAttribute, setObjectHandle, setVendorDefinedObjectBuilder, toString

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

subject_

protected ByteArrayAttribute subject_

The subject of this private key.

sensitive_

protected BooleanAttribute sensitive_

True, if this private key is sensitive.

decrypt_

protected BooleanAttribute decrypt_

True, if this private key can be used for encryption.

sign_

protected BooleanAttribute sign_

True, if this private key can be used for signing.

signRecover_

protected BooleanAttribute signRecover_

True, if this private key can be used for signing with recover.

unwrap_

protected BooleanAttribute unwrap_

True, if this private key can be used for unwrapping wrapped keys.

extractable_

protected BooleanAttribute extractable_

True, if this private key can not be extracted from the token.

alwaysSensitive_

protected BooleanAttribute alwaysSensitive_

True, if this private key was always sensitive.

neverExtractable_

protected BooleanAttribute neverExtractable_

True, if this private key was never extractable.

wrapWithTrusted_

protected BooleanAttribute wrapWithTrusted_

True, if this private key can only be wrapped with a wrapping key having set the attribute trusted to true.

unwrapTemplate_

protected AttributeArray unwrapTemplate_

Template of the key, that can be unwrapped.

alwaysAuthenticate_

protected BooleanAttribute alwaysAuthenticate_

True, if the user has to supply the PIN for each use (sign or decrypt) with the key.

Constructor Detail

PrivateKey

public PrivateKey()

Default Constructor.

PrivateKey

protected PrivateKey(Session session,
                     long objectHandle)
              throws TokenException

Called by sub-classes to create an instance of a PKCS#11 private key.

Parameters:

session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.

objectHandle - The object handle as given from the PKCS#111 module.

Throws:

TokenException - If getting the attributes failed.

Preconditions:

(session != null)

Method Detail

getInstance

public static Object getInstance(Session session,
                                 long objectHandle)
                          throws TokenException

The getInstance method of the Object class uses this method to create an instance of a PKCS#11 private key. This method reads the key type attribute and calls the getInstance method of the according sub-class. If the key type is a vendor defined it uses the VendorDefinedKeyBuilder set by the application. If no private key could be constructed, this method returns null.

Parameters:

session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.

objectHandle - The object handle as given from the PKCS#111 module.

Returns:

The object representing the PKCS#11 object. The returned object can be casted to the according sub-class.

Throws:

TokenException - If getting the attributes failed.

Postconditions:

(result != null)

Preconditions:

(session != null)

getUnknownPrivateKey

protected static Object getUnknownPrivateKey(Session session,
                                             long objectHandle)
                                      throws TokenException

Try to create a key which has no or an unknown private key type type attribute. This implementation will try to use a vendor defined key builder, if such has been set. If this is impossible or fails, it will create just a simple PrivateKey .

Parameters:

session - The session to use.

objectHandle - The handle of the object

Returns:

A new Object.

Throws:

TokenException - If no object could be created.

Postconditions:

(result != null)

Preconditions:

(session != null)

putAttributesInTable

protected static void putAttributesInTable(PrivateKey object)

Put all attributes of the given object into the attributes table of this object. This method is only static to be able to access invoke the implementation of this method for each class separately (see use in clone()).

Parameters:

object - The object to handle.

Preconditions:

(object != null)

allocateAttributes

protected void allocateAttributes()

Allocates the attribute objects for this class and adds them to the attribute table.

Overrides:

allocateAttributes in class Key

clone

public java.lang.Object clone()

Create a (deep) clone of this object.

Overrides:

clone in class Key

Returns:

A clone of this object.

Postconditions:

(result != null) and (result instanceof PrivateKey) and (result.equals(this))

equals

public boolean equals(java.lang.Object otherObject)

Compares all member variables of this object with the other object. Returns only true, if all are equal in both objects.

Overrides:

equals in class Key

Parameters:

otherObject - The other object to compare to.

Returns:

True, if other is an instance of this class and all member variables of both objects are equal. False, otherwise.

getSubject

public ByteArrayAttribute getSubject()

Gets the subject attribute of this key.

Returns:

The subject attribute.

Postconditions:

(result != null)

getSensitive

public BooleanAttribute getSensitive()

Gets the sensitive attribute of this key.

Returns:

The sensitive attribute.

Postconditions:

(result != null)

getSecondaryAuth

public BooleanAttribute getSecondaryAuth()

Deprecated. since pkcs#11 v2.11 - always returns null

Gets the secondary authentication attribute of this key.

Returns:

The secondary authentication attribute.

Postconditions:

(result != null)

getAuthPinFlags

public LongAttribute getAuthPinFlags()

Deprecated. since pkcs#11 v2.11 - always returns null

Gets the authentication flags for secondary authentication of this key.

Returns:

The authentication flags for secondary authentication attribute.

Postconditions:

(result != null)

getDecrypt

public BooleanAttribute getDecrypt()

Gets the decrypt attribute of this key.

Returns:

The decrypt attribute.

Postconditions:

(result != null)

getSign

public BooleanAttribute getSign()

Gets the sign attribute of this key.

Returns:

The sign attribute.

Postconditions:

(result != null)

getSignRecover

public BooleanAttribute getSignRecover()

Gets the sign recover attribute of this key.

Returns:

The sign recover attribute.

Postconditions:

(result != null)

getUnwrap

public BooleanAttribute getUnwrap()

Gets the unwrap attribute of this key.

Returns:

The unwrap attribute.

Postconditions:

(result != null)

getExtractable

public BooleanAttribute getExtractable()

Gets the extractable attribute of this key.

Returns:

The extractable attribute.

Postconditions:

(result != null)

getAlwaysSensitive

public BooleanAttribute getAlwaysSensitive()

Gets the always sensitive attribute of this key.

Returns:

The always sensitive attribute.

Postconditions:

(result != null)

getNeverExtractable

public BooleanAttribute getNeverExtractable()

Gets the never extractable attribute of this key.

Returns:

The never extractable attribute.

Postconditions:

(result != null)

getWrapWithTrusted

public BooleanAttribute getWrapWithTrusted()

Gets the wrap with trusted attribute of this key.

Returns:

The wrap with trusted attribute.

Postconditions:

(result != null)

getUnwrapTemplate

public AttributeArray getUnwrapTemplate()

Gets the unwrap template attribute of this key. This attribute can only be used with PKCS#11 modules supporting cryptoki version 2.20 or higher.

Returns:

The unwrap template attribute.

Postconditions:

(result != null)

getAlwaysAuthenticate

public BooleanAttribute getAlwaysAuthenticate()

Gets the always authenticate attribute of this key.

Returns:

The always authenticate attribute.

Postconditions:

(result != null)

toString

public java.lang.String toString()

This method returns a string representation of the current object. The output is only for debugging purposes and should not be used for other purposes.

Overrides:

toString in class Key

Returns:

A string presentation of this object for debugging output.

Postconditions:

(result != null)