1 /** 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * SPDX-License-Identifier: Apache-2.0. 4 */ 5 6 package software.amazon.awssdk.crt.io; 7 8 import software.amazon.awssdk.crt.CrtResource; 9 10 /** 11 * Options for TLS using a PKCS#11 library for private key operations. 12 * 13 * @see TlsContextOptions#withMtlsPkcs11(TlsContextPkcs11Options) 14 */ 15 public class TlsContextPkcs11Options extends CrtResource { 16 Pkcs11Lib pkcs11Lib; 17 String userPin; 18 Long slotId; 19 String tokenLabel; 20 String privateKeyObjectLabel; 21 String certificateFilePath; 22 String certificateFileContents; 23 24 /** 25 * Constructor 26 * 27 * @param pkcs11Lib use this PKCS#11 library 28 */ TlsContextPkcs11Options(Pkcs11Lib pkcs11Lib)29 public TlsContextPkcs11Options(Pkcs11Lib pkcs11Lib) { 30 addReferenceTo(pkcs11Lib); 31 this.pkcs11Lib = pkcs11Lib; 32 } 33 34 /** 35 * Use this PIN to log the user into the PKCS#11 token. Leave unspecified to log 36 * into a token with a "protected authentication path". 37 * 38 * @param pin PIN 39 * @return this 40 */ withUserPin(String pin)41 public TlsContextPkcs11Options withUserPin(String pin) { 42 this.userPin = pin; 43 return this; 44 } 45 46 /** 47 * Specify the slot ID containing a PKCS#11 token. If not specified, the token 48 * will be chosen based on other criteria (such as token label). 49 * 50 * @param slotId slot ID 51 * @return this 52 */ withSlotId(long slotId)53 public TlsContextPkcs11Options withSlotId(long slotId) { 54 this.slotId = slotId; 55 return this; 56 } 57 58 /** 59 * Specify the label of the PKCS#11 token to use. If not specified, the token 60 * will be chosen based on other criteria (such as slot ID). 61 * 62 * @param label label of token 63 * @return this 64 */ withTokenLabel(String label)65 public TlsContextPkcs11Options withTokenLabel(String label) { 66 this.tokenLabel = label; 67 return this; 68 } 69 70 /** 71 * Specify the label of the private key object on the PKCS#11 token. If not 72 * specified, the key will be chosen based on other criteria (such as being the 73 * only available private key on the token). 74 * 75 * @param label label of private key object 76 * @return this 77 */ withPrivateKeyObjectLabel(String label)78 public TlsContextPkcs11Options withPrivateKeyObjectLabel(String label) { 79 this.privateKeyObjectLabel = label; 80 return this; 81 } 82 83 /** 84 * Use this X.509 certificate (file on disk). The certificate may be specified 85 * by other means instead (ex: {@link withCertificateFileContents}) 86 * 87 * @param path path to PEM-formatted certificate file on disk. 88 * @return this 89 */ withCertificateFilePath(String path)90 public TlsContextPkcs11Options withCertificateFilePath(String path) { 91 this.certificateFilePath = path; 92 return this; 93 } 94 95 /** 96 * Use this X.509 certificate (contents in memory). The certificate may be 97 * specified by other means instead (ex: {@link withCertificateFilePath}) 98 * 99 * @param contents contents of PEM-formatted certificate file. 100 * @return this 101 */ withCertificateFileContents(String contents)102 public TlsContextPkcs11Options withCertificateFileContents(String contents) { 103 this.certificateFileContents = contents; 104 return this; 105 } 106 107 /* 108 * Doesn't actually have a native handle. This class is just a CrtResource 109 * because it references one 110 */ 111 @Override releaseNativeHandle()112 protected void releaseNativeHandle() { 113 } 114 115 /* 116 * Doesn't actually have a native handle. This class is just a CrtResource 117 * because it references one 118 */ 119 @Override canReleaseReferencesImmediately()120 protected boolean canReleaseReferencesImmediately() { 121 return true; 122 } 123 } 124