se.swedenconnect.opensaml.pkcs11.providerimpl

Class PKCS11SoftHsmProvider

java.lang.Object

se.swedenconnect.opensaml.pkcs11.providerimpl.PKCS11SoftHsmProvider

All Implemented Interfaces:

PKCS11Provider

public class PKCS11SoftHsmProvider
extends Object
implements PKCS11Provider

Utility class for loading keys from a key directory into a PKCS11 Soft HSM slot. This utility class assumes the following conditions on the host:

• Soft HSM version 2 is installed
• The command line tool tool pkcs11-tool is installed

This class utilises pkcs11-tool to initialize the HSM slot and to load keys and certificates into the soft HSM.

After import of keys in the folder. This class makes available the following information to support key import into key stores:

• Name of the Provider holding the keys (A SunPKCS11 provider). The name will be SunPKCS11-{slotName}
• Lists of aliases of successfully imported keys and certificates
• A Map of certificates imported

Author:

Stefan Santesson (stefan@idsec.se), Martin Lindström (martin@idsec.se)

Field Summary

Fields inherited from interface se.swedenconnect.opensaml.pkcs11.PKCS11Provider

SUN_PROVIDER_PREFIX

Constructor Summary

Constructors

Constructor and Description
PKCS11SoftHsmProvider(List<SoftHsmCredentialConfiguration> credentialConfigurationList, String name, String lib, String pin, PKCS11ProviderInstance providerInstance) The constructor checks the specified key folder and forms a list of aliases of keys that can be imported.
PKCS11SoftHsmProvider(PKCS11SoftHsmProviderConfiguration configuration, PKCS11ProviderInstance providerInstance) Constructor taking a PKCS11SoftHsmProviderConfiguration.

Method Summary

Modifier and Type	Method and Description
List<String>	getAliasList() Returns the key aliases
static X509Certificate	getCert(File certFile)
Map<String,X509Certificate>	getCertificateMap() Returns a map of aliases and associated certificates.
List<String>	getProviderNameList() Returns the names of the PKCS#11 security provider.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PKCS11SoftHsmProvider

public PKCS11SoftHsmProvider(List<SoftHsmCredentialConfiguration> credentialConfigurationList,
                             String name,
                             String lib,
                             String pin,
                             PKCS11ProviderInstance providerInstance)

The constructor checks the specified key folder and forms a list of aliases of keys that can be imported.

Parameters:

credentialConfigurationList - configuration data credentials to be loaded into Soft HSM

name - the name of this provider instance that will be used also as label of the slot

lib - the PKCS11 library location on the host

pin - the soft HSM PIN

providerInstance - Provider instantiation implementation (Depending on runtime Java version)

PKCS11SoftHsmProvider

public PKCS11SoftHsmProvider(PKCS11SoftHsmProviderConfiguration configuration,
                             PKCS11ProviderInstance providerInstance)

Constructor taking a PKCS11SoftHsmProviderConfiguration. See PKCS11SoftHsmProvider(List, String, String, String, PKCS11ProviderInstance).

Parameters:

configuration - the configuration instance

providerInstance - Provider instantiation implementation (Depending on runtime Java version)

Method Detail

getCert

public static X509Certificate getCert(File certFile)
                               throws CertificateException,
                                      IOException

Throws:

CertificateException

IOException

getAliasList

public List<String> getAliasList()

Returns the key aliases

Returns:

list of key aliases

getProviderNameList

public List<String> getProviderNameList()

Returns the names of the PKCS#11 security provider.

Specified by:

getProviderNameList in interface PKCS11Provider

Returns:

provider name

getCertificateMap

public Map<String,X509Certificate> getCertificateMap()

Returns a map of aliases and associated certificates.

Returns:

the map of loaded certificates having its alias as key