001/* 002 * Copyright 2008-2020 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2008-2020 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2008-2020 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.util.ssl; 037 038 039 040import java.security.KeyStoreException; 041import java.security.KeyStore; 042import javax.net.ssl.KeyManager; 043import javax.net.ssl.KeyManagerFactory; 044 045import com.unboundid.util.Debug; 046import com.unboundid.util.NotMutable; 047import com.unboundid.util.StaticUtils; 048import com.unboundid.util.ThreadSafety; 049import com.unboundid.util.ThreadSafetyLevel; 050 051import static com.unboundid.util.ssl.SSLMessages.*; 052 053 054 055/** 056 * This class provides an SSL key manager that may be used to retrieve 057 * certificates from a PKCS#11 token. 058 */ 059@NotMutable() 060@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 061public final class PKCS11KeyManager 062 extends WrapperKeyManager 063{ 064 /** 065 * The key store type to use to access PKCS#11 tokens. 066 */ 067 private static final String PKCS11_KEY_STORE_TYPE = "PKCS11"; 068 069 070 071 /** 072 * Creates a new instance of this PKCS11 key manager that provides the ability 073 * to retrieve certificates from a PKCS#11 token. 074 * 075 * @param keyStorePIN The PIN to use to access the contents of the 076 * PKCS#11 token. It may be {@code null} if no PIN 077 * is required. 078 * @param certificateAlias The nickname of the certificate that should be 079 * selected. It may be {@code null} if any 080 * acceptable certificate found may be used. 081 * 082 * @throws KeyStoreException If a problem occurs while initializing this key 083 * manager. 084 */ 085 public PKCS11KeyManager(final char[] keyStorePIN, 086 final String certificateAlias) 087 throws KeyStoreException 088 { 089 super(getKeyManagers(keyStorePIN), certificateAlias); 090 } 091 092 093 094 /** 095 * Retrieves the set of key managers that will be wrapped by this key manager. 096 * 097 * @param keyStorePIN The PIN to use to access the contents of the PKCS#11 098 * token. It may be {@code null} if no PIN is required. 099 * 100 * @return The set of key managers that will be wrapped by this key manager. 101 * 102 * @throws KeyStoreException If a problem occurs while initializing this key 103 * manager. 104 */ 105 private static KeyManager[] getKeyManagers(final char[] keyStorePIN) 106 throws KeyStoreException 107 { 108 final KeyStore ks = KeyStore.getInstance(PKCS11_KEY_STORE_TYPE); 109 try 110 { 111 ks.load(null, keyStorePIN); 112 } 113 catch (final Exception e) 114 { 115 Debug.debugException(e); 116 117 throw new KeyStoreException( 118 ERR_PKCS11_CANNOT_ACCESS.get(StaticUtils.getExceptionMessage(e)), e); 119 } 120 121 try 122 { 123 final KeyManagerFactory factory = KeyManagerFactory.getInstance( 124 KeyManagerFactory.getDefaultAlgorithm()); 125 factory.init(ks, keyStorePIN); 126 return factory.getKeyManagers(); 127 } 128 catch (final Exception e) 129 { 130 Debug.debugException(e); 131 132 throw new KeyStoreException( 133 ERR_PKCS11_CANNOT_GET_KEY_MANAGERS.get( 134 StaticUtils.getExceptionMessage(e)), 135 e); 136 } 137 } 138}