IAIK PKCS#11 Wrapper
version 1.2.16

iaik.pkcs.pkcs11.objects
Class PrivateKey

java.lang.Object
  extended byiaik.pkcs.pkcs11.objects.Object
      extended byiaik.pkcs.pkcs11.objects.Storage
          extended byiaik.pkcs.pkcs11.objects.Key
              extended byiaik.pkcs.pkcs11.objects.PrivateKey
All Implemented Interfaces:
Cloneable
Direct Known Subclasses:
DHPrivateKey, DSAPrivateKey, ECDSAPrivateKey, KEAPrivateKey, RSAPrivateKey, X942DHPrivateKey

public class PrivateKey
extends Key

This is the base class for private (asymmetric) keys. Objects of this class represent private keys as specified by PKCS#11 v2.11.

Invariants
(subject_ <> null) and (sensitive_ <> null) and (secondaryAuth_ <> null) and (authPinFlags_ <> null) and (decrypt_ <> null) and (sign_ <> null) and (signRecover_ <> null) and (unwrap_ <> null) and (extractable_ <> null) and (alwaysSensitive_ <> null) and (neverExtractable_ <> null)

Nested Class Summary
 
Nested classes inherited from class iaik.pkcs.pkcs11.objects.Key
Key.KeyType, Key.VendorDefinedKeyBuilder
 
Nested classes inherited from class iaik.pkcs.pkcs11.objects.Object
Object.ObjectClass, Object.VendorDefinedObjectBuilder
 
Field Summary
protected  BooleanAttribute alwaysSensitive_
          True, if this private key was always sensitive.
protected  LongAttribute authPinFlags_
          The authentication flags for secondary authentication.
protected  BooleanAttribute decrypt_
          True, if this private key can be used for encryption.
protected  BooleanAttribute extractable_
          True, if this private key can not be extracted from the token.
protected  BooleanAttribute neverExtractable_
          True, if this private key was never extractable.
protected  BooleanAttribute secondaryAuth_
          True, if this private key supports secondary authentication.
protected  BooleanAttribute sensitive_
          True, if this private key is sensitive.
protected  BooleanAttribute sign_
          True, if this private key can be used for signing.
protected  BooleanAttribute signRecover_
          True, if this private key can be used for signing with recover.
protected  ByteArrayAttribute subject_
          The subject of this private key.
protected  BooleanAttribute unwrap_
          True, if this private key can be used for unwrapping wrapped keys.
 
Fields inherited from class iaik.pkcs.pkcs11.objects.Key
derive_, endDate_, id_, keyGenMechanism_, keyType_, keyTypeNames_, local_, startDate_, vendorKeyBuilder_
 
Fields inherited from class iaik.pkcs.pkcs11.objects.Storage
label_, modifiable_, private_, token_
 
Fields inherited from class iaik.pkcs.pkcs11.objects.Object
attributeTable_, objectClass_, objectClassNames_, objectHandle_, vendorObjectBuilder_
 
Constructor Summary
  PrivateKey()
          Deafult Constructor.
protected PrivateKey(Session session, long objectHandle)
          Called by sub-classes to create an instance of a PKCS#11 private key.
 
Method Summary
protected  void allocateAttributes()
          Allocates the attribute objects for this class and adds them to the attribute table.
 Object clone()
          Create a (deep) clone of this object.
 boolean equals(Object otherObject)
          Compares all member variables of this object with the other object.
 BooleanAttribute getAlwaysSensitive()
          Gets the always sensitive attribute of this key.
 LongAttribute getAuthPinFlags()
          Gets the authentication flags for secondary authentication of this key.
 BooleanAttribute getDecrypt()
          Gets the decrypt attribute of this key.
 BooleanAttribute getExtractable()
          Gets the extractable attribute of this key.
static Object getInstance(Session session, long objectHandle)
          The getInstance method of the Object class uses this method to create an instance of a PKCS#11 private key.
 BooleanAttribute getNeverExtractable()
          Gets the never extractable attribute of this key.
 BooleanAttribute getSecondaryAuth()
          Gets the secondary authentication attribute of this key.
 BooleanAttribute getSensitive()
          Gets the sensitive attribute of this key.
 BooleanAttribute getSign()
          Gets the sign attribute of this key.
 BooleanAttribute getSignRecover()
          Gets the sign recover attribute of this key.
 ByteArrayAttribute getSubject()
          Gets the subject attribute of this key.
protected static Object getUnknownPrivateKey(Session session, long objectHandle)
          Try to create a key which has no or an unkown private key type type attribute.
 BooleanAttribute getUnwrap()
          Gets the unwrap attribute of this key.
protected static void putAttributesInTable(PrivateKey object)
          Put all attributes of the given object into the attributes table of this object.
 void readAttributes(Session session)
          Read the values of the attributes of this object from the token.
 String toString()
          This method returns a string representation of the current object.
 
Methods inherited from class iaik.pkcs.pkcs11.objects.Key
getDerive, getEndDate, getId, getKeyGenMechanism, getKeyType, getKeyTypeName, getLocal, getStartDate, getVendorDefinedKeyBuilder, hashCode, putAttributesInTable, setVendorDefinedKeyBuilder
 
Methods inherited from class iaik.pkcs.pkcs11.objects.Storage
getLabel, getModifiable, getPrivate, getToken, putAttributesInTable
 
Methods inherited from class iaik.pkcs.pkcs11.objects.Object
getAttributeTable, getAttributeValue, getObjectClass, getObjectClassName, getObjectHandle, getSetAttributes, getSetAttributes, getUnknownObject, getVendorDefinedObjectBuilder, putAttributesInTable, setObjectHandle, setVendorDefinedObjectBuilder
 
Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

subject_

protected ByteArrayAttribute subject_
The subject of this private key.


sensitive_

protected BooleanAttribute sensitive_
True, if this private key is sensitive.


secondaryAuth_

protected BooleanAttribute secondaryAuth_
True, if this private key supports secondary authentication.


authPinFlags_

protected LongAttribute authPinFlags_
The authentication flags for secondary authentication. Only defined, if the secondaryAuth_ is set.


decrypt_

protected BooleanAttribute decrypt_
True, if this private key can be used for encryption.


sign_

protected BooleanAttribute sign_
True, if this private key can be used for signing.


signRecover_

protected BooleanAttribute signRecover_
True, if this private key can be used for signing with recover.


unwrap_

protected BooleanAttribute unwrap_
True, if this private key can be used for unwrapping wrapped keys.


extractable_

protected BooleanAttribute extractable_
True, if this private key can not be extracted from the token.


alwaysSensitive_

protected BooleanAttribute alwaysSensitive_
True, if this private key was always sensitive.


neverExtractable_

protected BooleanAttribute neverExtractable_
True, if this private key was never extractable.

Constructor Detail

PrivateKey

public PrivateKey()
Deafult Constructor.

Preconditions
Postconditions

PrivateKey

protected PrivateKey(Session session,
                     long objectHandle)
              throws TokenException
Called by sub-classes to create an instance of a PKCS#11 private key.

Parameters:
session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.
objectHandle - The object handle as given from the PKCS#111 module.
Throws:
TokenException - If getting the attributes failed.
Preconditions
(session <> null)
Postconditions
Method Detail

getInstance

public static Object getInstance(Session session,
                                 long objectHandle)
                          throws TokenException
The getInstance method of the Object class uses this method to create an instance of a PKCS#11 private key. This method reads the key type attribute and calls the getInstance method of the according sub-class. If the key type is a vendor defined it uses the VendorDefinedKeyBuilder set by the application. If no private key could be constructed, this method returns null.

Parameters:
session - The session to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.
objectHandle - The object handle as given from the PKCS#111 module.
Returns:
The object representing the PKCS#11 object. The returned object can be casted to the according sub-class.
Throws:
TokenException - If getting the attributes failed.
Preconditions
(session <> null)
Postconditions
(result <> null)

getUnknownPrivateKey

protected static Object getUnknownPrivateKey(Session session,
                                             long objectHandle)
                                      throws TokenException
Try to create a key which has no or an unkown private key type type attribute. This implementation will try to use a vendor defined key builder, if such has been set. If this is impossible or fails, it will create just a simple PrivateKey .

Parameters:
session - The session to use.
objectHandle - The handle of the object
Returns:
A new Object.
Throws:
TokenException - If no object could be created.
Preconditions
(session <> null)
Postconditions
(result <> null)

putAttributesInTable

protected static void putAttributesInTable(PrivateKey object)
Put all attributes of the given object into the attributes table of this object. This method is only static to be able to access invoke the implementation of this method for each class separately (see use in clone()).

Parameters:
object - The object to handle.
Preconditions
(object <> null)
Postconditions

allocateAttributes

protected void allocateAttributes()
Allocates the attribute objects for this class and adds them to the attribute table.

Overrides:
allocateAttributes in class Key
Preconditions
Postconditions

clone

public Object clone()
Create a (deep) clone of this object.

Overrides:
clone in class Key
Returns:
A clone of this object.
Preconditions
Postconditions
(result <> null) and (result instanceof PrivateKey) and (result.equals(this))

equals

public boolean equals(Object otherObject)
Compares all member variables of this object with the other object. Returns only true, if all are equal in both objects.

Overrides:
equals in class Key
Parameters:
otherObject - The other object to compare to.
Returns:
True, if other is an instance of this class and all member variables of both objects are equal. False, otherwise.
Preconditions
Postconditions

getSubject

public ByteArrayAttribute getSubject()
Gets the subject attribute of this key.

Returns:
The subject attribute.
Preconditions
Postconditions
(result <> null)

getSensitive

public BooleanAttribute getSensitive()
Gets the sensitive attribute of this key.

Returns:
The sensitive attribute.
Preconditions
Postconditions
(result <> null)

getSecondaryAuth

public BooleanAttribute getSecondaryAuth()
Gets the secondary authentication attribute of this key.

Returns:
The secondary authentication attribute.
Preconditions
Postconditions
(result <> null)

getAuthPinFlags

public LongAttribute getAuthPinFlags()
Gets the authentication flags for secondary authentication of this key.

Returns:
The authentication flags for secondary authentication attribute.
Preconditions
Postconditions
(result <> null)

getDecrypt

public BooleanAttribute getDecrypt()
Gets the decrypt attribute of this key.

Returns:
The decrypt attribute.
Preconditions
Postconditions
(result <> null)

getSign

public BooleanAttribute getSign()
Gets the sign attribute of this key.

Returns:
The sign attribute.
Preconditions
Postconditions
(result <> null)

getSignRecover

public BooleanAttribute getSignRecover()
Gets the sign recover attribute of this key.

Returns:
The sign recover attribute.
Preconditions
Postconditions
(result <> null)

getUnwrap

public BooleanAttribute getUnwrap()
Gets the unwrap attribute of this key.

Returns:
The unwrap attribute.
Preconditions
Postconditions
(result <> null)

getExtractable

public BooleanAttribute getExtractable()
Gets the extractable attribute of this key.

Returns:
The extractable attribute.
Preconditions
Postconditions
(result <> null)

getAlwaysSensitive

public BooleanAttribute getAlwaysSensitive()
Gets the always sensitive attribute of this key.

Returns:
The always sensitive attribute.
Preconditions
Postconditions
(result <> null)

getNeverExtractable

public BooleanAttribute getNeverExtractable()
Gets the never extractable attribute of this key.

Returns:
The never extractable attribute.
Preconditions
Postconditions
(result <> null)

readAttributes

public void readAttributes(Session session)
                    throws TokenException
Read the values of the attributes of this object from the token.

Overrides:
readAttributes in class Key
Parameters:
session - The session handle to use for reading attributes. This session must have the appropriate rights; i.e. it must be a user-session, if it is a private object.
Throws:
TokenException - If getting the attributes failed.
Preconditions
(session <> null)
Postconditions

toString

public String toString()
This method returns a string representation of the current object. The output is only for debugging purposes and should not be used for other purposes.

Overrides:
toString in class Key
Returns:
A string presentation of this object for debugging output.
Preconditions
Postconditions
(result <> null)

IAIK PKCS#11 Wrapper
version 1.2.16

IAIK JavaSecurity Website http://jce.iaik.tugraz.at/

IAIK at Graz University of Technology, Austria, Europe
Copyright 2001-2002, IAIK, Graz University of Technology, Inffeldgasse 16a, 8010 Graz, Austria. All Rights Reserved.