Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.hardtokenmgmt.core.token
Class BaseToken

java.lang.Object
  extended by org.hardtokenmgmt.core.token.BaseToken
All Implemented Interfaces:
IToken
Direct Known Subclasses:
SetCos431InstantEIDToken, SetCos441InstantEIDToken
public abstract class BaseToken
extends java.lang.Object
implements IToken

A Base Token implementation that contains generic operations on token that can be reused by most token implementations

Version:
$Id$
Author:
Philip Vendil 2006-aug-30

Field Summary
protected  int MAXNUMOBJECTS
          Constant indicating maximum of certificates that can be stored
protected  java.util.HashMap<java.lang.String,iaik.pkcs.pkcs11.Token> tokens
           
 
Fields inherited from interface org.hardtokenmgmt.core.token.IToken
KEYALG_RSA, KEYTYPE_ALL, KEYTYPE_AUTH, KEYTYPE_ENC, KEYTYPE_SIGN, OBJECTTYPE_DATA, PINTYPE_BASIC, PINTYPE_SIGN
 
Constructor Summary
BaseToken()
           
 
Method Summary
 void addObject(java.lang.String pintype, java.lang.String pin, IObject object)
          Adds a object (data, domainparameter) to the token
 PINInfo blockPIN(java.lang.String pintype)
          Method used to block a PIN, used for administrators to later change it
 PINInfo changePIN(java.lang.String pintype, java.lang.String oldpin, java.lang.String newpin)
          Method used to change the value of the
 boolean checkPIN(java.lang.String pintype, java.lang.String pIN)
          Method used to check if a PIN is valid and true if it is
 void clearCertificateCache()
          Method used to clear the internal certificate cache.
 void downloadCert(java.lang.String label, java.lang.String pintype, java.lang.String pin, java.lang.String basicpin, java.security.cert.X509Certificate cert)
          Downloads a certificate to the token.
 void downloadKeyStore(java.lang.String keytype, java.lang.String type, java.lang.String pin, java.lang.String certLabel, java.security.KeyStore keyStore, java.lang.String keyStorePasswd)
          Method that downloads a keystores key and certificate on the token.
 void genKey(java.lang.String pintype, java.lang.String pin, java.lang.String basicpin, java.lang.String keytype, java.lang.String algorithm, int keysize, java.lang.String label)
          Method that should generate a key on the card with the specified algorithm.
 org.bouncycastle.jce.PKCS10CertificationRequest genPKCS10(java.lang.String keytype, java.lang.String pintype, java.lang.String pin, UserDataGenerator userDataGenerator)
          Method that generates a PKCS10 request using the specified key.
 java.security.cert.X509Certificate getCertificate(java.lang.String certificateLabel)
          Method that tries to find a certificate stored on the token wiht the specified label.
 java.util.Collection getCertificates(java.lang.String pintype)
          Method that retrieves all certificates stored on the token.
 java.lang.String getHardTokenSN()
          Method that should return the current hard token serial number of the card.
 java.util.Collection getKeyLabels(java.lang.String pintype)
          Method to get all labels of the keys (private) on the card.
 java.util.Collection getObjects(java.lang.String pintype, java.lang.String pin, java.lang.String objectType)
          Returns all objects of type (data or domain parameters) stored on the card
 PINInfo getPINInfo(java.lang.String pintype)
          Method that returns the current PIN related info about the given PIB
protected abstract  java.lang.String getPINLabel(iaik.pkcs.pkcs11.Token token, java.lang.String pintype)
          Method that should return the label of the tokens virtual slot that is associated with the given pintype.
protected abstract  java.lang.String getPrivateKeyLabel(java.lang.String keytype)
          Method that should find the right key label given the keytype.
 long getSlotId(java.lang.String pintype)
          Method returning the slotId that is associated with this token.
 void init(boolean useVirtualSlots, iaik.pkcs.pkcs11.Token token)
          Method that should be called by the TokenManager only when creating an instance.
protected abstract  boolean isInitialized(iaik.pkcs.pkcs11.Token token)
          Method that should return true if the token is currently initialized.
protected  void reInitToken()
          Method used to reinitialize the token.
protected  void removeAllKeys(java.lang.String pintype, java.lang.String pin, java.lang.String basicpin)
          Removes all keys for a keytype.
 void removeCertificate(java.lang.String pintype, java.lang.String pin, java.lang.String basicpin, java.security.cert.X509Certificate cert)
          Method removing the specified certificate from the token.
 void removeKey(java.lang.String pintype, java.lang.String pin, java.lang.String basicpin, java.lang.String label)
          Method removing a specified key from a card
 void removeObject(java.lang.String pintype, java.lang.String pin, java.lang.String basicpin, IObject object)
          Method that removes a Data or Domain Parameters object from the card
 PINInfo unblockPIN(java.lang.String pintype, java.lang.String puk, java.lang.String newpin)
          Method used to enter the PUK code to unblock a PIN code after to many erronious tries.
 PINInfo unlockPIN(java.lang.String pintype, java.lang.String pin)
          Method used to login to a PIN in order to be able to perform operations on the card, this is not the same as unblock PIN
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.hardtokenmgmt.core.token.IToken
clearToken, generatePUK, getSupportedPINTypes, initToken, isTokenSupported, requirePUKInDB
 

Field Detail

MAXNUMOBJECTS

protected int MAXNUMOBJECTS
Constant indicating maximum of certificates that can be stored

tokens

protected java.util.HashMap<java.lang.String,iaik.pkcs.pkcs11.Token> tokens
Constructor Detail

BaseToken

public BaseToken()
Method Detail

getHardTokenSN

public java.lang.String getHardTokenSN()
                                throws iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method that should return the current hard token serial number of the card. If the token doesn't have any serialnumber yet should null be returned.

Specified by:
getHardTokenSN in interface IToken
Throws:
iaik.pkcs.pkcs11.TokenException
See Also:
IToken.getHardTokenSN()

init

public void init(boolean useVirtualSlots,
                 iaik.pkcs.pkcs11.Token token)
          throws iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method that should be called by the TokenManager only when creating an instance.

Specified by:
init in interface IToken
Throws:
iaik.pkcs.pkcs11.TokenException
See Also:
IToken.init(boolean, Token)

isInitialized

protected abstract boolean isInitialized(iaik.pkcs.pkcs11.Token token)
                                  throws iaik.pkcs.pkcs11.TokenException
Method that should return true if the token is currently initialized.

Returns:
method that should return true if the token is currently initialized.
Throws:
iaik.pkcs.pkcs11.TokenException

getPINLabel

protected abstract java.lang.String getPINLabel(iaik.pkcs.pkcs11.Token token,
                                                java.lang.String pintype)
                                         throws OperationNotSupportedException,
                                                iaik.pkcs.pkcs11.TokenException
Method that should return the label of the tokens virtual slot that is associated with the given pintype.

Parameters:
pintype -
Returns:
The label of the token in the slot
Throws:
OperationNotSupportedException
iaik.pkcs.pkcs11.TokenException

getPrivateKeyLabel

protected abstract java.lang.String getPrivateKeyLabel(java.lang.String keytype)
                                                throws OperationNotSupportedException
Method that should find the right key label given the keytype.

Parameters:
keytype - the keytype to find
Throws:
OperationNotSupportedException

genKey

public void genKey(java.lang.String pintype,
                   java.lang.String pin,
                   java.lang.String basicpin,
                   java.lang.String keytype,
                   java.lang.String algorithm,
                   int keysize,
                   java.lang.String label)
            throws ObjectAlreadyExistsException,
                   OperationNotSupportedException,
                   iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method that should generate a key on the card with the specified algorithm.

Specified by:
genKey in interface IToken
Parameters:
pintype - one of the PINTYPE_ indicating the PIN that should protect the key
pin - the pin to unlock (May not be required, then can null be used)
basicpin - pin to unlock the basic area, might be used for signature keys
keytype - one of the KEYTYPE_ constants or the label of the object for custom keys
algorithm - one of the KEYALG_ constants
keysize - the size of the key
label - a reference to the key to use.
Throws:
ObjectAlreadyExistsException - if the keytype already exists.
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.genKey(String, String, String, String, String, int, String)

genPKCS10

public org.bouncycastle.jce.PKCS10CertificationRequest genPKCS10(java.lang.String keytype,
                                                                 java.lang.String pintype,
                                                                 java.lang.String pin,
                                                                 UserDataGenerator userDataGenerator)
                                                          throws OperationNotSupportedException,
                                                                 iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method that generates a PKCS10 request using the specified key.

Specified by:
genPKCS10 in interface IToken
Parameters:
keytype - which key that should be used for the request.
pintype - of the PIN needed to unlock the token
pin - the pin to unlock (May not be required, then can null be used)
userDataGenerator - user data generator to use when fetching token labels.
Returns:
a PKCS10CertificateRequest for the specified key.
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.genPKCS10(String, String, String, UserDataGenerator)

downloadCert

public void downloadCert(java.lang.String label,
                         java.lang.String pintype,
                         java.lang.String pin,
                         java.lang.String basicpin,
                         java.security.cert.X509Certificate cert)
                  throws ObjectAlreadyExistsException,
                         OperationNotSupportedException,
                         iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Downloads a certificate to the token. Should mainly be used for root certificates.

Specified by:
downloadCert in interface IToken
Parameters:
label - the label used to mark the object on the token.
pintype - of the PIN needed to unlock the token
pin - the pin to unlock (May not be required, then can null be used)
basicpin - to unlock the certificate store.
Throws:
ObjectAlreadyExistsException - if a certificate with the label already exists.
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.downloadCert(String, String, String, String, X509Certificate)

downloadKeyStore

public void downloadKeyStore(java.lang.String keytype,
                             java.lang.String type,
                             java.lang.String pin,
                             java.lang.String certLabel,
                             java.security.KeyStore keyStore,
                             java.lang.String keyStorePasswd)
                      throws ObjectAlreadyExistsException,
                             OperationNotSupportedException,
                             iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method that downloads a keystores key and certificate on the token.

Specified by:
downloadKeyStore in interface IToken
Parameters:
keytype - one of the KEYTYPE_ constants or the label of the object for custom keys
type - of the PIN needed to unlock the token
pin - the pin to unlock (May not be required, then can null be used)
certLabel - label the label used to mark the object on the token.
keyStore - the java keystore to extract the keystore from
keyStorePasswd - the passwordused to lock the keystore
Throws:
ObjectAlreadyExistsException - if a certificate or key with the label already exists.
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.downloadKeyStore(String, String, String, String, KeyStore, String)

getCertificates

public java.util.Collection getCertificates(java.lang.String pintype)
                                     throws OperationNotSupportedException,
                                            iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method that retrieves all certificates stored on the token.

Specified by:
getCertificates in interface IToken
Parameters:
pintype - of the PIN that are connected to the certificates
Returns:
a Collection of X509Certificate
Throws:
OperationNotSupportedException - if this operation isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.getCertificates(String)

getCertificate

public java.security.cert.X509Certificate getCertificate(java.lang.String certificateLabel)
                                                  throws OperationNotSupportedException,
                                                         iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method that tries to find a certificate stored on the token wiht the specified label. The method will traverse through all supported pin types.

Specified by:
getCertificate in interface IToken
Parameters:
certificateLabel - of the certficate to look for
Returns:
the X509Certificate on null of it couldn't be found.
Throws:
OperationNotSupportedException - if this operation isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.getCertificate(String)

removeCertificate

public void removeCertificate(java.lang.String pintype,
                              java.lang.String pin,
                              java.lang.String basicpin,
                              java.security.cert.X509Certificate cert)
                       throws OperationNotSupportedException,
                              iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method removing the specified certificate from the token.

Specified by:
removeCertificate in interface IToken
Parameters:
pintype - of the PIN needed to unlock the token
pin - the pin to unlock (May not be required, then can null be used)
basicpin - pin to unlock the basic area, might be used for signature certificates
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.removeCertificate(String, String, String, X509Certificate)

addObject

public void addObject(java.lang.String pintype,
                      java.lang.String pin,
                      IObject object)
               throws OperationNotSupportedException,
                      iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Adds a object (data, domainparameter) to the token

Specified by:
addObject in interface IToken
Parameters:
pintype - of the PIN that should protect the key, null for no protection
pin - the pin to unlock the private area (May not be required, then can null be used)
object - a object to add to the token
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.addObject(String pintype, String pin, IObject object)

getObjects

public java.util.Collection getObjects(java.lang.String pintype,
                                       java.lang.String pin,
                                       java.lang.String objectType)
                                throws OperationNotSupportedException,
                                       iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Returns all objects of type (data or domain parameters) stored on the card

Specified by:
getObjects in interface IToken
Parameters:
pintype - of the PIN needed to unlock the token, if neccessary
pin - the pin to unlock (May not be required, then can null be used)
objectType - of object to return, one of the OBJECTTYPE_ constants
Returns:
a Collection of IObject
Throws:
OperationNotSupportedException - if this operation isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.getObjects(String, String, String)

removeObject

public void removeObject(java.lang.String pintype,
                         java.lang.String pin,
                         java.lang.String basicpin,
                         IObject object)
                  throws OperationNotSupportedException,
                         iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method that removes a Data or Domain Parameters object from the card

Specified by:
removeObject in interface IToken
Parameters:
pintype - of the PIN needed to unlock the token
pin - the pin to unlock (May not be required, then can null be used)
basicpin - to unlock (May not be required, then can null be used)
object - the iaik.pkcs.pkcs11.objects.Object object to remove
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.removeObject(String, String, String, IObject)

getPINInfo

public PINInfo getPINInfo(java.lang.String pintype)
                   throws OperationNotSupportedException,
                          iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method that returns the current PIN related info about the given PIB

Specified by:
getPINInfo in interface IToken
Parameters:
pintype - one of the PINTYPE_ constants
Returns:
a PINInfo object
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.getPINInfo(String)

changePIN

public PINInfo changePIN(java.lang.String pintype,
                         java.lang.String oldpin,
                         java.lang.String newpin)
                  throws OperationNotSupportedException,
                         iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method used to change the value of the

Specified by:
changePIN in interface IToken
Parameters:
pintype - one of the PINTYPE_ constants
oldpin - the old pinvalue
newpin - the new pinvalue
Returns:
a PIN info object containing the current status of the PIN
Throws:
OperationNotSupportedException
iaik.pkcs.pkcs11.TokenException
See Also:
IToken.changePIN(String, String, String)

unlockPIN

public PINInfo unlockPIN(java.lang.String pintype,
                         java.lang.String pin)
                  throws OperationNotSupportedException,
                         iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method used to login to a PIN in order to be able to perform operations on the card, this is not the same as unblock PIN

Specified by:
unlockPIN in interface IToken
Parameters:
pintype - one of the PINTYPE_ constants
pin - the pin that should be used for login
Returns:
a PIN info object containing the current status of the PIN
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.unlockPIN(String, String)

unblockPIN

public PINInfo unblockPIN(java.lang.String pintype,
                          java.lang.String puk,
                          java.lang.String newpin)
                   throws OperationNotSupportedException,
                          iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method used to enter the PUK code to unblock a PIN code after to many erronious tries.

Specified by:
unblockPIN in interface IToken
Parameters:
pintype - one of the PINTYPE_ constants
puk - the PUK that should be used to unblock
newpin - the new PIN.
Returns:
a PINInfo object indicating the new status of the PIN
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.unblockPIN(String, String, String)

removeKey

public void removeKey(java.lang.String pintype,
                      java.lang.String pin,
                      java.lang.String basicpin,
                      java.lang.String label)
               throws OperationNotSupportedException,
                      iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method removing a specified key from a card

Specified by:
removeKey in interface IToken
Parameters:
pintype - of the PIN needed to unlock the token
pin - the pin to unlock (May not be required, then can null be used)
basicpin - pin to unlock the basic area, might be used for signature certificates
label - of the key
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.removeKey(String, String, String, String)

removeAllKeys

protected void removeAllKeys(java.lang.String pintype,
                             java.lang.String pin,
                             java.lang.String basicpin)
                      throws OperationNotSupportedException,
                             iaik.pkcs.pkcs11.TokenException
Removes all keys for a keytype.

Throws:
OperationNotSupportedException
iaik.pkcs.pkcs11.TokenException

getKeyLabels

public java.util.Collection getKeyLabels(java.lang.String pintype)
                                  throws OperationNotSupportedException,
                                         iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method to get all labels of the keys (private) on the card.

Specified by:
getKeyLabels in interface IToken
Parameters:
pintype - of the PIN needed to unlock the key
Returns:
a collection of String
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.getKeyLabels(String)

reInitToken

protected void reInitToken()
                    throws iaik.pkcs.pkcs11.TokenException
Method used to reinitialize the token. A step that needs to be performe

Throws:
iaik.pkcs.pkcs11.TokenException

blockPIN

public PINInfo blockPIN(java.lang.String pintype)
                 throws OperationNotSupportedException,
                        iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method used to block a PIN, used for administrators to later change it

Specified by:
blockPIN in interface IToken
Parameters:
pintype - one of the PINTYPE_ constants
Returns:
a PINInfo object indicating the new status of the PIN
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.blockPIN(String)

clearCertificateCache

public void clearCertificateCache()
Method used to clear the internal certificate cache.

Specified by:
clearCertificateCache in interface IToken

checkPIN

public boolean checkPIN(java.lang.String pintype,
                        java.lang.String pIN)
                 throws OperationNotSupportedException,
                        iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method used to check if a PIN is valid and true if it is

Specified by:
checkPIN in interface IToken
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.checkPIN(String, String)

getSlotId

public long getSlotId(java.lang.String pintype)
               throws OperationNotSupportedException,
                      iaik.pkcs.pkcs11.TokenException
Description copied from interface: IToken
Method returning the slotId that is associated with this token.

Specified by:
getSlotId in interface IToken
Returns:
the tokens slotId
Throws:
OperationNotSupportedException - if this operation or some of it's parameters isn't supported
iaik.pkcs.pkcs11.TokenException - for other token related failures.
See Also:
IToken.checkPIN(String, String)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD