Java Globus API: Class PKCS11Util
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

org.globus.pkcs11
Class PKCS11Util

java.lang.Object
  |
  +--org.globus.pkcs11.PKCS11Util
public class PKCS11Util
extends Object

Contains various utility methods for dealing with PKCS 11 compliant devices. This includes performing the following operations:

  • Session management
  • Retrieving certificates from the device
  • Retrieving private keys from the device
  • Loading certificates onto the device
  • Loading private keys onto the device
This package depends on libraries from IBM alphaworks that we are not currently distributing with the Java CoG Kit. These libraries are can be downloaded from IBM AlphaWorks This class assumes ONE session, and would be hopelessly confused if you tried to use it with more than ONE.

Constructor Summary
PKCS11Util()
           
 
Method Summary
static void closeSession()
           
static void initiateSession(String pin, int flags)
          Initiates a session with the PKCS11 device with the given flags, and logs in as a regular user with the given pin.
static com.ibm.pkcs11.PKCS11Object instantiateUserCert(org.globus.pkcs11.X509Certificate userCert, byte[] id)
          Loads a certificate onto the PKCS11 device with a default label
static com.ibm.pkcs11.PKCS11Object instantiateUserCert(org.globus.pkcs11.X509Certificate userCert, String label, byte[] id)
          Loads a certificate onto the PKCS11 device and labels it with the specified label
static com.ibm.pkcs11.PKCS11Object instantiateUserPrivateKey(org.globus.pkcs11.RSAPrivateKey userPrivateKey, Principal subject, byte[] id)
          Loads the specified private key onto the PKCS11 device.
static com.ibm.pkcs11.PKCS11Object retrieveObjectByLabel(Integer classType, String label)
           
static com.ibm.pkcs11.PKCS11Object retrievePrivateKeyHandle(String keyLabel)
          Retrieves a handle to a private key with the given label.
static com.ibm.pkcs11.PKCS11Object retrieveUserCertHandle(String certLabel)
          Retrieves a handle to a user certificate with the given label that is on the PKCS11 device.
static org.globus.pkcs11.X509Certificate signCertificate(org.globus.pkcs11.X509Certificate cert, com.ibm.pkcs11.PKCS11Object userPrivKeyHandle)
          Creates a signed certificate from the passed in certificate.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKCS11Util

public PKCS11Util()
Method Detail

initiateSession

public static void initiateSession(String pin,
                                   int flags)
                            throws PKCS11Exception
Initiates a session with the PKCS11 device with the given flags, and logs in as a regular user with the given pin. Also, if there happens to be more than one PKCS11 device attached, this function will simply grab the first one it encounters.

retrieveUserCertHandle

public static com.ibm.pkcs11.PKCS11Object retrieveUserCertHandle(String certLabel)
Retrieves a handle to a user certificate with the given label that is on the PKCS11 device. This handle can be used to instantiate an X509Certificate object.

retrievePrivateKeyHandle

public static com.ibm.pkcs11.PKCS11Object retrievePrivateKeyHandle(String keyLabel)
Retrieves a handle to a private key with the given label. The private key never actually leaves the ibutton device, but this handle can be used later to initialize a signing operation.

retrieveObjectByLabel

public static com.ibm.pkcs11.PKCS11Object retrieveObjectByLabel(Integer classType,
                                                                String label)

signCertificate

public static org.globus.pkcs11.X509Certificate signCertificate(org.globus.pkcs11.X509Certificate cert,
                                                                com.ibm.pkcs11.PKCS11Object userPrivKeyHandle)
                                                         throws PKCS11Exception
Creates a signed certificate from the passed in certificate. Signs the certificate with the specified private key

instantiateUserCert

public static com.ibm.pkcs11.PKCS11Object instantiateUserCert(org.globus.pkcs11.X509Certificate userCert,
                                                              byte[] id)
                                                       throws CertificateEncodingException
Loads a certificate onto the PKCS11 device with a default label

instantiateUserCert

public static com.ibm.pkcs11.PKCS11Object instantiateUserCert(org.globus.pkcs11.X509Certificate userCert,
                                                              String label,
                                                              byte[] id)
                                                       throws CertificateEncodingException
Loads a certificate onto the PKCS11 device and labels it with the specified label

instantiateUserPrivateKey

public static com.ibm.pkcs11.PKCS11Object instantiateUserPrivateKey(org.globus.pkcs11.RSAPrivateKey userPrivateKey,
                                                                    Principal subject,
                                                                    byte[] id)
Loads the specified private key onto the PKCS11 device. The subject param should be the subject of the certificate this private key is associated with.

closeSession

public static void closeSession()
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD