Class DefaultPkcs11Configuration

java.lang.Object
se.swedenconnect.security.credential.pkcs11conf.AbstractPkcs11Configuration
se.swedenconnect.security.credential.pkcs11conf.DefaultPkcs11Configuration
All Implemented Interfaces:
InitializingBean, Pkcs11Configuration

public class DefaultPkcs11Configuration extends AbstractPkcs11Configuration
The default PKCS#11 configuration class. This implementation assumes that the SunPKCS11 security provider is used.

The SunPKCS11 provider can be configured programatically (using any of the setters or appropriate constructors). In these cases the first call to getProvider() returns a configured and ready-to-use provider based on the assigned configuration.

A SunPKCS11 provider can also be statically configured in the java.security file. For example:

 ...
 security.provider.13=SunPKCS11 /opt/bar/cfg/pkcs11.cfg
 ...
 

In these cases the DefaultPkcs11Configuration should be used with no configuration assigned.

For more information, see the PKCS#11 Reference Guide.

Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
  • Field Details

  • Constructor Details

    • DefaultPkcs11Configuration

      public DefaultPkcs11Configuration()
      Default constructor.
    • DefaultPkcs11Configuration

      public DefaultPkcs11Configuration(String configurationFile) throws Pkcs11ConfigurationException
      Constructor assigning the external PKCS#11 configuration file.
      Parameters:
      configurationFile - complete path to the PKCS#11 configuration file
      Throws:
      Pkcs11ConfigurationException - if the supplied configuration file does not exist
    • DefaultPkcs11Configuration

      public DefaultPkcs11Configuration(String library, String name, String slot, Integer slotListIndex)
      A constructor setting the library, name, slot and slotListIndex individually. See also DefaultPkcs11Configuration(String).
      Parameters:
      library - the PKCS#11 library path
      name - the name of the HSM slot
      slot - the slot number/id (may be null)
      slotListIndex - the slot index (may be null)
  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet() throws Pkcs11ConfigurationException
      Specified by:
      afterPropertiesSet in interface InitializingBean
      Overrides:
      afterPropertiesSet in class AbstractPkcs11Configuration
      Throws:
      Pkcs11ConfigurationException
    • getProvider

      public Provider getProvider() throws Pkcs11ConfigurationException
      Gets the Java security Provider to use when setting up a PKCS#11 credential.
      Returns:
      a Provider instance
      Throws:
      Pkcs11ConfigurationException - if the configuration is incorrect
    • getPrivateKeyProvider

      public Pkcs11ObjectProvider<PrivateKey> getPrivateKeyProvider()
      Gets the getter function object that should be used to obtain a private key from the PKCS#11 device.

      How the private key is obtained from the device is dependent on the security provider used.

      Note: If both the private key and the certificate should be obtained from the device, use Pkcs11Configuration.getCredentialProvider() instead.

      Returns:
      a Pkcs11ObjectProvider instance
    • getCredentialProvider

      public Pkcs11ObjectProvider<PkiCredential> getCredentialProvider()
      Gets the getter function object that should be used to obtain the private key and certificate from the PKCS#11 device.

      How the objects are obtained from the device is dependent on the security provider used.

      In some HSM-deployments the certificate is not kept on the device, only the private key. The PkiCredential object returned from the provider will then return null for a PkiCredential.getCertificate() call.

      Returns:
      a Pkcs11ObjectProvider instance
    • getConfigurationData

      protected String getConfigurationData() throws Pkcs11ConfigurationException
      Gets the configuration data for this configuration. The data returned is supplied in the Provider.configure(String) call that is made to configure the PKCS#11 security provider.

      The returned string represents either a file name to an PKCS#11 configuration file or PKCS#11 configuration commands (in that case the string must be prefixed with --.

      Returns:
      configuration data for a PKCS#11 provider
      Throws:
      Pkcs11ConfigurationException - if the configuration is not valid
    • setBaseProviderName

      public void setBaseProviderName(String baseProviderName)
      Assigns name of the SunPKCS11 security provider that we use to create new instances that have names according to "SunPKCS11-name", where 'name' is gotten from the configuration. The reason this is not a constant is for testing purposes where we want to use a mocked provider instead of Sun's.

      NOTE: FOR TESTING ONLY.

      Parameters:
      baseProviderName - the provider name.
    • getBaseProviderName

      protected String getBaseProviderName()
      Gets the provider name (see setBaseProviderName(String)).
      Returns:
      the provider name