001    /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
002     *
003     * Redistribution and use in  source and binary forms, with or without 
004     * modification, are permitted  provided that the following conditions are met:
005     *
006     * 1. Redistributions of  source code must retain the above copyright notice,
007     *    this list of conditions and the following disclaimer.
008     *
009     * 2. Redistributions in  binary form must reproduce the above copyright notice,
010     *    this list of conditions and the following disclaimer in the documentation
011     *    and/or other materials provided with the distribution.
012     *  
013     * 3. The end-user documentation included with the redistribution, if any, must
014     *    include the following acknowledgment:
015     * 
016     *    "This product includes software developed by IAIK of Graz University of
017     *     Technology."
018     * 
019     *    Alternately, this acknowledgment may appear in the software itself, if 
020     *    and wherever such third-party acknowledgments normally appear.
021     *  
022     * 4. The names "Graz University of Technology" and "IAIK of Graz University of
023     *    Technology" must not be used to endorse or promote products derived from 
024     *    this software without prior written permission.
025     *  
026     * 5. Products derived from this software may not be called 
027     *    "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior 
028     *    written permission of Graz University of Technology.
029     *  
030     *  THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
031     *  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
032     *  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
033     *  PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
034     *  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
035     *  OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
036     *  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
037     *  OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
038     *  ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
039     *  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
040     *  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
041     *  POSSIBILITY  OF SUCH DAMAGE.
042     */
043    
044    package demo.pkcs.pkcs11;
045    
046    import java.io.ByteArrayOutputStream;
047    import java.io.FileInputStream;
048    import java.io.FileOutputStream;
049    import java.io.InputStream;
050    import java.io.OutputStream;
051    import java.io.PrintWriter;
052    import java.math.BigInteger;
053    
054    import iaik.pkcs.pkcs11.Mechanism;
055    import iaik.pkcs.pkcs11.Module;
056    import iaik.pkcs.pkcs11.Session;
057    import iaik.pkcs.pkcs11.Slot;
058    import iaik.pkcs.pkcs11.Token;
059    import iaik.pkcs.pkcs11.objects.Object;
060    import iaik.pkcs.pkcs11.objects.RSAPrivateKey;
061    
062    
063    
064    /**
065     * This program signs a given file. Hereby the hash is calculated on the card.
066     * If you are not sure if your token supports this mechanism, start the
067     * GetInfo demo.
068     *
069     * @author <a href="mailto:Karl.Scheibelhofer@iaik.at"> Karl Scheibelhofer </a>
070     * @version 0.1
071     * @invariants
072     */
073    public class HashAndSign {
074    
075      static PrintWriter output_;
076    
077      static {
078        try {
079          //output_ = new PrintWriter(new FileWriter("HashAndSign_output.txt"), true);
080          output_ = new PrintWriter(System.out, true);
081        } catch (Throwable thr) {
082          thr.printStackTrace();
083          output_ = new PrintWriter(System.out, true);
084        }
085      }
086    
087      public static void main(String[] args) {
088        if ((args.length != 3) && (args.length != 4)) {
089          printUsage();
090          System.exit(1);
091        }
092    
093        try {
094    
095            Module pkcs11Module = Module.getInstance(args[0]);
096            pkcs11Module.initialize(null);
097    
098            Slot[] slots = pkcs11Module.getSlotList(Module.SlotRequirement.TOKEN_PRESENT);
099    
100            if (slots.length == 0) {
101              output_.println("No slot with present token found!");
102              System.exit(0);
103            }
104    
105            Slot selectedSlot = slots[0];
106            Token token = selectedSlot.getToken();
107    
108            Session session =
109                token.openSession(Token.SessionType.SERIAL_SESSION, Token.SessionReadWriteBehavior.RO_SESSION, null, null);
110            session.login(Session.UserType.USER, args[1].toCharArray());
111    
112            output_.println("################################################################################");
113            output_.println("find private signature key");
114            RSAPrivateKey templateSignatureKey = new RSAPrivateKey();
115            templateSignatureKey.getSign().setBooleanValue(Boolean.TRUE);
116    
117            session.findObjectsInit(templateSignatureKey);
118    
119            Object[] foundSignatureKeyObjects = session.findObjects(1); // find first
120    
121            RSAPrivateKey signatureKey = null;
122            if (foundSignatureKeyObjects.length > 0) {
123              signatureKey = (RSAPrivateKey) foundSignatureKeyObjects[0];
124              output_.println("________________________________________________________________________________");
125              output_.println(signatureKey);
126              output_.println("________________________________________________________________________________");
127           } else {
128              output_.println("No RSA private key found that can sign!");
129              System.exit(0);
130            }
131            session.findObjectsFinal();
132    
133            output_.println("################################################################################");
134    
135    
136            output_.println("################################################################################");
137            output_.println("signing data from file: " + args[2]);
138    
139            InputStream dataInputStream = new FileInputStream(args[2]);
140    
141            // to buffer the data to be signed
142            ByteArrayOutputStream dataToBeSignedBuffer = new ByteArrayOutputStream(128);
143    
144            //be sure that your token can process the specified mechanism
145            Mechanism signatureMechanism = Mechanism.SHA1_RSA_PKCS;
146            // initialize for signing
147            session.signInit(signatureMechanism, signatureKey);
148    
149            byte[] dataBuffer = new byte[1024];
150            byte[] helpBuffer;
151            int bytesRead;
152    
153            /* We use the sign(byte]) function, because some drivers do not support
154             * signing multiple data pieces. To buffer the data,
155             * feed all data from the input stream to the data buffer strem.
156             */
157            while ((bytesRead = dataInputStream.read(dataBuffer)) >= 0) {
158              dataToBeSignedBuffer.write(dataBuffer, 0, bytesRead);
159            }
160            byte[] dataToBeSigned = dataToBeSignedBuffer.toByteArray();
161    
162            // This signing operation is implemented in most of the drivers
163            byte[] signatureValue = session.sign(dataToBeSigned);
164    
165            output_.println("The siganture value is: " + new BigInteger(1, signatureValue).toString(16));
166    
167            if (args.length == 4) {
168              output_.println("Writing signature to file: " + args[3]);
169    
170              OutputStream signatureOutput = new FileOutputStream(args[3]);
171              signatureOutput.write(signatureValue);
172              signatureOutput.flush();
173              signatureOutput.close();
174            }
175    
176            output_.println("################################################################################");
177    
178            session.closeSession();
179            pkcs11Module.finalize(null);
180    
181        } catch (Throwable thr) {
182          thr.printStackTrace();
183        } finally {
184          output_.close();
185        }
186      }
187    
188      public static void printUsage() {
189        output_.println("Usage: HashAndSign <PKCS#11 module> <userPIN> <file to be signed> [<signature value file>]");
190        output_.println(" e.g.: HashAndSign pk2priv.dll password data.dat signature.bin");
191        output_.println("The given DLL must be in the search path of the system.");
192      }
193    
194    }