Class DefaultPkcs11Configuration
- All Implemented Interfaces:
InitializingBean
,Pkcs11Configuration
The SunPKCS11 provider can be configured programatically (using any of the setters or appropriate constructors). In
these cases the first call to getProvider()
returns a configured and ready-to-use provider based on the
assigned configuration.
A SunPKCS11 provider can also be statically configured in the java.security
file. For example:
... security.provider.13=SunPKCS11 /opt/bar/cfg/pkcs11.cfg ...
In these cases the DefaultPkcs11Configuration
should be used with no configuration assigned.
For more information, see the PKCS#11 Reference Guide.
- Author:
- Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)
-
Field Summary
-
Constructor Summary
ConstructorDescriptionDefault constructor.DefaultPkcs11Configuration
(String configurationFile) Constructor assigning the external PKCS#11 configuration file.DefaultPkcs11Configuration
(String library, String name, String slot, Integer slotListIndex) A constructor setting the library, name, slot and slotListIndex individually. -
Method Summary
Modifier and TypeMethodDescriptionvoid
protected String
Gets the provider name (seesetBaseProviderName(String)
).protected String
Gets the configuration data for this configuration.Gets the getter function object that should be used to obtain the private key and certificate from the PKCS#11 device.Gets the getter function object that should be used to obtain a private key from the PKCS#11 device.Gets the Java securityProvider
to use when setting up a PKCS#11 credential.void
setBaseProviderName
(String baseProviderName) Assigns name of the SunPKCS11 security provider that we use to create new instances that have names according to "SunPKCS11-name", where 'name' is gotten from the configuration.Methods inherited from class se.swedenconnect.security.credential.pkcs11conf.AbstractPkcs11Configuration
getConfigurationFile, getLibrary, getName, getSlot, getSlotListIndex, setConfigurationFile, setLibrary, setName, setSlot, setSlotListIndex, toString
-
Field Details
-
DEFAULT_PROVIDER_NAME
Default provider name.- See Also:
-
-
Constructor Details
-
DefaultPkcs11Configuration
public DefaultPkcs11Configuration()Default constructor. -
DefaultPkcs11Configuration
Constructor assigning the external PKCS#11 configuration file.- Parameters:
configurationFile
- complete path to the PKCS#11 configuration file- Throws:
Pkcs11ConfigurationException
- if the supplied configuration file does not exist
-
DefaultPkcs11Configuration
A constructor setting the library, name, slot and slotListIndex individually. See alsoDefaultPkcs11Configuration(String)
.- Parameters:
library
- the PKCS#11 library pathname
- the name of the HSM slotslot
- the slot number/id (may be null)slotListIndex
- the slot index (may be null)
-
-
Method Details
-
afterPropertiesSet
- Specified by:
afterPropertiesSet
in interfaceInitializingBean
- Overrides:
afterPropertiesSet
in classAbstractPkcs11Configuration
- Throws:
Pkcs11ConfigurationException
-
getProvider
Gets the Java securityProvider
to use when setting up a PKCS#11 credential.- Returns:
- a Provider instance
- Throws:
Pkcs11ConfigurationException
- if the configuration is incorrect
-
getPrivateKeyProvider
Gets the getter function object that should be used to obtain a private key from the PKCS#11 device.How the private key is obtained from the device is dependent on the security provider used.
Note: If both the private key and the certificate should be obtained from the device, use
Pkcs11Configuration.getCredentialProvider()
instead.- Returns:
- a Pkcs11ObjectProvider instance
-
getCredentialProvider
Gets the getter function object that should be used to obtain the private key and certificate from the PKCS#11 device.How the objects are obtained from the device is dependent on the security provider used.
In some HSM-deployments the certificate is not kept on the device, only the private key. The
PkiCredential
object returned from the provider will then returnnull
for aPkiCredential.getCertificate()
call.- Returns:
- a Pkcs11ObjectProvider instance
-
getConfigurationData
Gets the configuration data for this configuration. The data returned is supplied in theProvider.configure(String)
call that is made to configure the PKCS#11 security provider.The returned string represents either a file name to an PKCS#11 configuration file or PKCS#11 configuration commands (in that case the string must be prefixed with
--
.- Returns:
- configuration data for a PKCS#11 provider
- Throws:
Pkcs11ConfigurationException
- if the configuration is not valid
-
setBaseProviderName
Assigns name of the SunPKCS11 security provider that we use to create new instances that have names according to "SunPKCS11-name", where 'name' is gotten from the configuration. The reason this is not a constant is for testing purposes where we want to use a mocked provider instead of Sun's.NOTE: FOR TESTING ONLY.
- Parameters:
baseProviderName
- the provider name.
-
getBaseProviderName
Gets the provider name (seesetBaseProviderName(String)
).- Returns:
- the provider name
-