#371

Committed 20 May 2025 09:49AM UTC coverage: 83.194% (-0.1%) from 83.31%

Build # #371

Build Type

push

Committed by

Commit Message

Allow the keystore parameter to be specified with the ETOKEN storetype to distinguish between multiple connected devices (#300)

Run Details

0 of 6 new or added lines in 2 files covered. (0.0%)

36 existing lines in 3 files now uncovered.

4861 of 5843 relevant lines covered (83.19%)

0.83 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

41.67

/jsign-crypto/src/main/java/net/jsign/YubiKey.java

/*
 * Copyright 2021 Emmanuel Bourg
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package net.jsign;

import java.io.File;
import java.io.IOException;
import java.security.AuthProvider;
import java.security.Provider;
import java.security.ProviderException;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Logger;

import sun.security.pkcs11.wrapper.PKCS11;
import sun.security.pkcs11.wrapper.PKCS11Exception;

import net.jsign.jca.AutoLoginProvider;

/**
 * Helper class for working with YubiKeys.
 *
 * @since 4.0
 */
class YubiKey {

    /**
     * Returns the security provider for the YubiKey.
     *
     * @return the YubiKey security provider
     * @throws ProviderException thrown if the provider can't be initialized
     * @since 4.0
     */
    static Provider getProvider() {
        return new AutoLoginProvider((AuthProvider) ProviderUtils.createSunPKCS11Provider(getSunPKCS11Configuration()));
    }

    /**
     * Returns the SunPKCS11 configuration of the YubiKey.
     *
     * @throws ProviderException thrown if the PKCS11 modules cannot be found
     * @since 4.0
     */
    static String getSunPKCS11Configuration() {
        File libykcs11 = getYkcs11Library();
        if (!libykcs11.exists()) {
            throw new ProviderException("YubiKey PKCS11 module (ykcs11) is not installed (" + libykcs11 + " is missing)");
        }

        long slot;
        try {
            slot = getTokenSlot(libykcs11);
        } catch (Exception e) {
            throw new ProviderException(e);
        }

        return new PKCS11Configuration().name("yubikey").library(libykcs11).slot(slot).toString();
    }

    /**
     * Returns the slot index associated to the token.
     *
     * @since 4.1
     */
    static long getTokenSlot(File libraryPath) throws PKCS11Exception, IOException {
        PKCS11 pkcs11 = PKCS11.getInstance(libraryPath.getAbsolutePath(), "C_GetFunctionList", null, false);
        long[] slots = pkcs11.C_GetSlotList(true);
        return slots.length > 0 ? slots[0] : -1;
    }

    /**
     * Tells if a YubiKey is present on the system.
     */
    static boolean isPresent() {
        try {
            return getTokenSlot(getYkcs11Library()) >= 0;
        } catch (Exception e) {
            return false;
        }
    }

    /**
     * Attempts to locate the ykcs11 library on the system.
     *
     * @since 4.0
     */
    static File getYkcs11Library() {
        String osname = System.getProperty("os.name");
        String arch = System.getProperty("sun.arch.data.model");

        if (osname.contains("Windows")) {
            String programfiles;
            if ("32".equals(arch) && System.getenv("ProgramFiles(x86)") != null) {
                programfiles = System.getenv("ProgramFiles(x86)");
            } else {
                programfiles = System.getenv("ProgramFiles");
            }
            File libykcs11 = new File(programfiles + "/Yubico/Yubico PIV Tool/bin/libykcs11.dll");

            if (!System.getenv("PATH").contains("Yubico PIV Tool\\bin")) {
                Logger log = Logger.getLogger(YubiKey.class.getName());
                log.warning("The YubiKey library path (" + libykcs11.getParentFile().getAbsolutePath().replace('/', '\\') + ") is missing from the PATH environment variable");
            }

            return libykcs11;

        } else if (osname.contains("Mac")) {
            return new File("/usr/local/lib/libykcs11.dylib");

        } else {
            // Linux
            List<String> paths = new ArrayList<>();
            if ("32".equals(arch)) {
                paths.add("/usr/lib/libykcs11.so");
                paths.add("/usr/lib/libykcs11.so.1");
                paths.add("/usr/lib/i386-linux-gnu/libykcs11.so");
                paths.add("/usr/lib/arm-linux-gnueabi/libykcs11.so");
                paths.add("/usr/lib/arm-linux-gnueabihf/libykcs11.so");
            } else {
                paths.add("/usr/lib64/libykcs11.so");
                paths.add("/usr/lib64/libykcs11.so.1");
                paths.add("/usr/lib/x86_64-linux-gnu/libykcs11.so");
                paths.add("/usr/lib/aarch64-linux-gnu/libykcs11.so");
                paths.add("/usr/lib/mips64el-linux-gnuabi64/libykcs11.so");
                paths.add("/usr/lib/riscv64-linux-gnu/libykcs11.so");
            }

            for (String path : paths) {
                File libykcs11 = new File(path);
                if (libykcs11.exists()) {
                    return libykcs11;
                }
            }

            return new File("/usr/local/lib/libykcs11.so");
        }
    }
}

1	/*
2	* Copyright 2021 Emmanuel Bourg
3	*
4	* Licensed under the Apache License, Version 2.0 (the "License");
5	* you may not use this file except in compliance with the License.
6	* You may obtain a copy of the License at
7	*
8	* http://www.apache.org/licenses/LICENSE-2.0
9	*
10	* Unless required by applicable law or agreed to in writing, software
11	* distributed under the License is distributed on an "AS IS" BASIS,
12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	* See the License for the specific language governing permissions and
14	* limitations under the License.
15	*/
16
17	package net.jsign;
18
19	import java.io.File;
20	import java.io.IOException;
21	import java.security.AuthProvider;
22	import java.security.Provider;
23	import java.security.ProviderException;
24	import java.util.ArrayList;
25	import java.util.List;
26	import java.util.logging.Logger;
27
28	import sun.security.pkcs11.wrapper.PKCS11;
29	import sun.security.pkcs11.wrapper.PKCS11Exception;
30
31	import net.jsign.jca.AutoLoginProvider;
32
33	/**
34	* Helper class for working with YubiKeys.
35	*
36	* @since 4.0
37	*/
38	class YubiKey {	×
39
40	/**
41	* Returns the security provider for the YubiKey.
42	*
43	* @return the YubiKey security provider
44	* @throws ProviderException thrown if the provider can't be initialized
45	* @since 4.0
46	*/
47	static Provider getProvider() {
48	return new AutoLoginProvider((AuthProvider) ProviderUtils.createSunPKCS11Provider(getSunPKCS11Configuration()));	×
49	}
50
51	/**
52	* Returns the SunPKCS11 configuration of the YubiKey.
53	*
54	* @throws ProviderException thrown if the PKCS11 modules cannot be found
55	* @since 4.0
56	*/
57	static String getSunPKCS11Configuration() {
58	File libykcs11 = getYkcs11Library();	×
59	if (!libykcs11.exists()) {	×
60	throw new ProviderException("YubiKey PKCS11 module (ykcs11) is not installed (" + libykcs11 + " is missing)");	×
61	}
62
63	long slot;
64	try {
65	slot = getTokenSlot(libykcs11);	×
66	} catch (Exception e) {	×
UNCOV 67	throw new ProviderException(e);	×
68	}	×
69
70	return new PKCS11Configuration().name("yubikey").library(libykcs11).slot(slot).toString();	×
71	}
72
73	/**
74	* Returns the slot index associated to the token.
75	*
76	* @since 4.1
77	*/
78	static long getTokenSlot(File libraryPath) throws PKCS11Exception, IOException {
79	PKCS11 pkcs11 = PKCS11.getInstance(libraryPath.getAbsolutePath(), "C_GetFunctionList", null, false);	1✔
UNCOV 80	long[] slots = pkcs11.C_GetSlotList(true);	×
81	return slots.length > 0 ? slots[0] : -1;	×
82	}
83
84	/**
85	* Tells if a YubiKey is present on the system.
86	*/
87	static boolean isPresent() {
88	try {
UNCOV 89	return getTokenSlot(getYkcs11Library()) >= 0;	×
90	} catch (Exception e) {	1✔
91	return false;	1✔
92	}
93	}
94
95	/**
96	* Attempts to locate the ykcs11 library on the system.
97	*
98	* @since 4.0
99	*/
100	static File getYkcs11Library() {
101	String osname = System.getProperty("os.name");	1✔
102	String arch = System.getProperty("sun.arch.data.model");	1✔
103
104	if (osname.contains("Windows")) {	1✔
105	String programfiles;
UNCOV 106	if ("32".equals(arch) && System.getenv("ProgramFiles(x86)") != null) {	×
107	programfiles = System.getenv("ProgramFiles(x86)");	×
108	} else {
UNCOV 109	programfiles = System.getenv("ProgramFiles");	×
110	}
UNCOV 111	File libykcs11 = new File(programfiles + "/Yubico/Yubico PIV Tool/bin/libykcs11.dll");	×
112
UNCOV 113	if (!System.getenv("PATH").contains("Yubico PIV Tool\\bin")) {	×
114	Logger log = Logger.getLogger(YubiKey.class.getName());	×
115	log.warning("The YubiKey library path (" + libykcs11.getParentFile().getAbsolutePath().replace('/', '\\') + ") is missing from the PATH environment variable");	×
116	}
117
UNCOV 118	return libykcs11;	×
119
120	} else if (osname.contains("Mac")) {	1✔
UNCOV 121	return new File("/usr/local/lib/libykcs11.dylib");	×
122
123	} else {
124	// Linux
125	List<String> paths = new ArrayList<>();	1✔
126	if ("32".equals(arch)) {	1✔
UNCOV 127	paths.add("/usr/lib/libykcs11.so");	×
128	paths.add("/usr/lib/libykcs11.so.1");	×
129	paths.add("/usr/lib/i386-linux-gnu/libykcs11.so");	×
130	paths.add("/usr/lib/arm-linux-gnueabi/libykcs11.so");	×
131	paths.add("/usr/lib/arm-linux-gnueabihf/libykcs11.so");	×
132	} else {
133	paths.add("/usr/lib64/libykcs11.so");	1✔
134	paths.add("/usr/lib64/libykcs11.so.1");	1✔
135	paths.add("/usr/lib/x86_64-linux-gnu/libykcs11.so");	1✔
136	paths.add("/usr/lib/aarch64-linux-gnu/libykcs11.so");	1✔
137	paths.add("/usr/lib/mips64el-linux-gnuabi64/libykcs11.so");	1✔
138	paths.add("/usr/lib/riscv64-linux-gnu/libykcs11.so");	1✔
139	}
140
141	for (String path : paths) {	1✔
142	File libykcs11 = new File(path);	1✔
143	if (libykcs11.exists()) {	1✔
144	return libykcs11;	1✔
145	}
146	}	1✔
147
UNCOV 148	return new File("/usr/local/lib/libykcs11.so");	×
149	}
150	}
151	}

ebourg / jsign / #371

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous