Commits

tbrugz committed 7aa51cd

addd initial support for pkcs#11 providers

  • Participants
  • Parent commits d2b0a8c

Comments (0)

Files changed (5)

src/net/sf/pdfsplice/PDFSplice.java

 		signer.setReason(signReason.getText());
 		signer.setLocation(signLocation.getText());
 		
-		/*if(signProvider.getSelectedItem()==Signer.SignProvider.ETOKEN) {
-			st.initializePKCS11(this.pkcs11ConfFile); //TODO: etoken
+		if(signProvider.getSelectedItem()==Signer.SignProvider.PKCS11.toString()) {
+			log.info("pkcs#11 init");
+			st.initializePKCS11(signKeyPath.getAbsolutePath());
 		}
-		else*/
-		if(signProvider.getSelectedItem()==Signer.SignProvider.PKCS12.toString()) {
-			log.info("pkcs12 init");
+		else if(signProvider.getSelectedItem()==Signer.SignProvider.PKCS12.toString()) {
+			log.info("pkcs#12 init");
 			st.initializePKCS12();
 		}
 		else if(signProvider.getSelectedItem()==Signer.SignProvider.JKS.toString()) {

src/net/sf/pdfsplice/sign/CertFileFilter.java

 import javax.swing.filechooser.FileFilter;
 
 public class CertFileFilter extends FileFilter {
-	String[] exts = {".ks", ".jks", ".p12", ".pfx", ".cer", ".crt" };
+	//.ks, .jks: java keystore (JKS)
+	//.p12, .pfx, .cer, .crt: possible file extensions for pkcs#12 certificate files
+	//.cfg, .properties: pkcs#11 config file
+	String[] exts = {".ks", ".jks", ".p12", ".pfx", ".cer", ".crt", ".cfg", ".properties"}; 
 	String desc;
 	
 	{

src/net/sf/pdfsplice/sign/Signer.java

 	Logger log = Logger.getLogger(Signer.class.getName());
 	
 	public enum SignProvider { 
-		//PKCS11,
 		PKCS12,
+		PKCS11,
 		JKS;
 		
 		public String toString() {
 			switch (this) {
-				//case PKCS11:
-				//	return "e-Token";
 				case PKCS12:
 					return "pkcs#12";
+				case PKCS11:
+					return "pkcs#11";
 				case JKS:
 					return "JKS";
 			}
 	public void initializePKCS11(String configFile) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
 		//String configName = "/opt/bar/cfg/pkcs11.cfg";
 		if(configFile!=null) {
+			log.info("pkcs#11: file: "+configFile);
+
 			Provider p = new sun.security.pkcs11.SunPKCS11(configFile);
-			log.info("version: "+p.getVersion());
-			log.info("name: "+p.getName());
+			StringBuffer sb = new StringBuffer();
+			sb.append("version: "+p.getVersion()+"\n");
+			sb.append("name: "+p.getName()+"\n");
+			sb.append("info: "+p.getInfo()+"\n");
 			for(Object o: p.keySet()) {
-				log.info("  o: "+o);
+				sb.append("  key: "+o+"\n");
 			}
 			for(Provider.Service s: p.getServices()) {
-				log.info("  s: "+s);
+				sb.append("  service: "+s+"\n");
 			}
-			log.info("info: "+p.getInfo());
+			log.info(sb.toString());
 			Security.addProvider(p);
-			log.info(p.getName());
 		}
 
 		ks = getKeyStore("pkcs11");
 	
 	protected void initInternal(KeyStore ks) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
 		String alias = null;
-		
+		int numOfAlias = 0;
+
 		for(Enumeration<String> en = ks.aliases(); en.hasMoreElements();) {
 			String s = en.nextElement();
 			log.info("alias: "+s);
-			alias = s;
+			if(alias==null) { alias = s; }
+			numOfAlias++;
 		}
-		//TODO: what if there is more than 1 alias?
+
+		//FIXME: what if there is more than 1 alias?
+		if(numOfAlias!=1) {
+			log.warning("more than one alias: "+numOfAlias+" aliases");
+		}
 		
 		log.info("initInternal: using alias="+alias);
 		key = (PrivateKey)ks.getKey(alias, pass);

test-data/pkcs11/banrisul-JavaPkcs11.cfg

+# This is a configuration file for using the "Cart�o M�ltiplo Banrisul 1.1"
+# PKCS#11 module with the Sun Java PKCS#11 Cryptographic Provider,
+# available since the J2SE 5.0 release.
+#
+# To install this PKCS#11 module statically, you must add one line to the
+# Java Security properties file ($JAVA_HOME/lib/security/java.security) at
+# the 'List of providers and their preference orders' section:
+#
+# security.provider.7=sun.security.pkcs11.SunPKCS11 C:\\Arquivos de programas\\CSP Banrisul Multiplo\\JavaPkcs11.cfg
+#
+# (Please note that in the example, there were 6 previous providers and the
+# "Cart�o M�ltiplo Banrisul 1.1" PKCS#11 module was installed at the
+# "C:\Arquivos de programas\CSP Banrisul Multiplo" directory)
+#
+
+name=CSPBanrisulMultiplo
+library=C:\\WINDOWS\\system32\\PKCS11.DLL
+disabledMechanisms = {
+CKM_SHA1_RSA_PKCS
+}

test-data/pkcs11/eToken.cfg

+# e-Token PKCS#11 config file
+ 
+# Pathname of PKCS#11 implementation
+library=C:\\WINDOWS\\system32\\eTpk4cs11.dll
+ 
+# Name suffix of this provider instance
+name=eToken
+ 
+# Description of this provider instance
+description=eToken PKCS#11 Dynamic Link Library
+
+# Slot id (default = 0)
+#slot=
+ 
+# Slot index (default = 0)
+#slotListIndex=
+ 
+# Brace enclosed, whitespace-separated list of PKCS#11 mechanisms to enable
+#enabledMechanisms=
+ 
+# Brace enclosed, whitespace-separated list of PKCS#11 mechanisms to disable
+#disabledMechanisms=
+ 
+# Additional PKCS#11 attributes
+#attributes=