6599979: KeyStore.setEntry/setKeyEntry() do not override existing entry for secret key objects

Override existing secret key entry when setEntry/setKeyEntry() is called

Reviewed-by: andreas
This commit is contained in:
Valerie Peng 2008-03-20 18:41:05 -07:00
parent 4b9b2408f3
commit adaa79491e
4 changed files with 437 additions and 133 deletions
jdk
src/share/classes/sun/security/pkcs11
test/sun/security/pkcs11/KeyStore

@ -1,5 +1,5 @@
/*
* Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -156,10 +156,10 @@ final class P11KeyStore extends KeyStoreSpi {
// CKA_CLASS - entry type
private CK_ATTRIBUTE type = null;
// CKA_LABEL of cert
// CKA_LABEL of cert and secret key
private String label = null;
// CKA_ID - of private key/cert
// CKA_ID of the private key/cert pair
private byte[] id = null;
// CKA_TRUSTED - true if cert is trusted
@ -871,10 +871,8 @@ final class P11KeyStore extends KeyStoreSpi {
if ((token.tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) == 0) {
token.provider.login(null, handler);
} else {
// token supports protected authentication path
// (external pin-pad, for example)
if (handler != null &&
!token.config.getKeyStoreCompatibilityMode()) {
throw new LoginException("can not specify password if token " +
@ -1130,19 +1128,14 @@ final class P11KeyStore extends KeyStoreSpi {
SecretKey skey = ske.getSecretKey();
try {
// first see if the key already exists.
// if so, update the CKA_LABEL
if (!updateSkey(alias)) {
// key entry does not exist.
// delete existing entry for alias and
// create new secret key entry
// (new entry might be a secret key
// session object converted into a token object)
// first check if the key already exists
AliasInfo aliasInfo = aliasMap.get(alias);
if (aliasInfo != null) {
engineDeleteEntry(alias);
storeSkey(alias, ske);
}
storeSkey(alias, ske);
} catch (PKCS11Exception pe) {
throw new KeyStoreException(pe);
}
@ -1396,41 +1389,6 @@ final class P11KeyStore extends KeyStoreSpi {
}
}
/**
* return true if update occurred
*/
private boolean updateSkey(String alias)
throws KeyStoreException, PKCS11Exception {
Session session = null;
try {
session = token.getOpSession();
// first update existing secret key CKA_LABEL
THandle h = getTokenObject(session, ATTR_CLASS_SKEY, null, alias);
if (h.type != ATTR_CLASS_SKEY) {
if (debug != null) {
debug.println("did not find secret key " +
"with CKA_LABEL [" + alias + "]");
}
return false;
}
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_LABEL, alias) };
token.p11.C_SetAttributeValue(session.id(), h.handle, attrs);
if (debug != null) {
debug.println("updateSkey set new alias [" +
alias +
"] for secret key entry");
}
return true;
} finally {
token.releaseSession(session);
}
}
/**
* XXX On ibutton, when you C_SetAttribute(CKA_ID) for a private key
@ -1532,30 +1490,6 @@ final class P11KeyStore extends KeyStoreSpi {
}
}
private void updateP11Skey(String alias, P11Key key)
throws PKCS11Exception {
Session session = null;
try {
session = token.getOpSession();
// session key - convert to token key and set CKA_LABEL
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
ATTR_TOKEN_TRUE,
new CK_ATTRIBUTE(CKA_LABEL, alias) };
token.p11.C_CopyObject(session.id(), key.keyID, attrs);
if (debug != null) {
debug.println("updateP11Skey copied secret session key " +
"for [" +
alias +
"] to token entry");
}
} finally {
token.releaseSession(session);
}
}
private void updateP11Pkey(String alias, CK_ATTRIBUTE attribute, P11Key key)
throws PKCS11Exception {
@ -1689,48 +1623,26 @@ final class P11KeyStore extends KeyStoreSpi {
throws PKCS11Exception, KeyStoreException {
SecretKey skey = ske.getSecretKey();
long keyType = CKK_GENERIC_SECRET;
if (skey instanceof P11Key && this.token == ((P11Key)skey).token) {
updateP11Skey(alias, (P11Key)skey);
return;
}
if ("AES".equalsIgnoreCase(skey.getAlgorithm())) {
keyType = CKK_AES;
} else if ("Blowfish".equalsIgnoreCase(skey.getAlgorithm())) {
keyType = CKK_BLOWFISH;
} else if ("DES".equalsIgnoreCase(skey.getAlgorithm())) {
keyType = CKK_DES;
} else if ("DESede".equalsIgnoreCase(skey.getAlgorithm())) {
keyType = CKK_DES3;
} else if ("RC4".equalsIgnoreCase(skey.getAlgorithm()) ||
"ARCFOUR".equalsIgnoreCase(skey.getAlgorithm())) {
keyType = CKK_RC4;
}
// No need to specify CKA_CLASS, CKA_KEY_TYPE, CKA_VALUE since
// they are handled in P11SecretKeyFactory.createKey() method.
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
ATTR_SKEY_TOKEN_TRUE,
ATTR_CLASS_SKEY,
ATTR_PRIVATE_TRUE,
new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
new CK_ATTRIBUTE(CKA_LABEL, alias),
new CK_ATTRIBUTE(CKA_VALUE, skey.getEncoded()) };
attrs = token.getAttributes
(TemplateManager.O_IMPORT, CKO_SECRET_KEY, keyType, attrs);
// create the new entry
Session session = null;
ATTR_SKEY_TOKEN_TRUE,
ATTR_PRIVATE_TRUE,
new CK_ATTRIBUTE(CKA_LABEL, alias),
};
try {
session = token.getOpSession();
token.p11.C_CreateObject(session.id(), attrs);
if (debug != null) {
debug.println("storeSkey created token secret key for [" +
alias +
"]");
}
} finally {
token.releaseSession(session);
P11SecretKeyFactory.convertKey(token, skey, null, attrs);
} catch (InvalidKeyException ike) {
// re-throw KeyStoreException to match javadoc
throw new KeyStoreException("Cannot convert to PKCS11 keys", ike);
}
// update global alias map
aliasMap.put(alias, new AliasInfo(alias));
if (debug != null) {
debug.println("storeSkey created token secret key for [" +
alias + "]");
}
}
@ -2492,7 +2404,8 @@ final class P11KeyStore extends KeyStoreSpi {
// if there are duplicates (either between secret keys,
// or between a secret key and another object),
// throw an exception
HashSet<String> sKeySet = new HashSet<String>();
HashMap<String, AliasInfo> sKeyMap =
new HashMap<String, AliasInfo>();
attrs = new CK_ATTRIBUTE[] {
ATTR_SKEY_TOKEN_TRUE,
@ -2507,8 +2420,8 @@ final class P11KeyStore extends KeyStoreSpi {
// there is a CKA_LABEL
String cka_label = new String(attrs[0].getCharArray());
if (!sKeySet.contains(cka_label)) {
sKeySet.add(cka_label);
if (sKeyMap.get(cka_label) == null) {
sKeyMap.put(cka_label, new AliasInfo(cka_label));
} else {
throw new KeyStoreException("invalid KeyStore state: " +
"found multiple secret keys sharing same " +
@ -2523,7 +2436,7 @@ final class P11KeyStore extends KeyStoreSpi {
ArrayList<AliasInfo> matchedCerts =
mapPrivateKeys(pkeyIDs, certMap);
boolean sharedLabel = mapCerts(matchedCerts, certMap);
mapSecretKeys(sKeySet);
mapSecretKeys(sKeyMap);
return sharedLabel;
@ -2547,7 +2460,7 @@ final class P11KeyStore extends KeyStoreSpi {
HashMap<String, HashSet<AliasInfo>> certMap)
throws PKCS11Exception, CertificateException {
// global alias map
// reset global alias map
aliasMap = new HashMap<String, AliasInfo>();
// list of matched certs that we will return
@ -2722,18 +2635,17 @@ final class P11KeyStore extends KeyStoreSpi {
* If the secret key shares a CKA_LABEL with another entry,
* throw an exception
*/
private void mapSecretKeys(HashSet<String> sKeySet)
private void mapSecretKeys(HashMap<String, AliasInfo> sKeyMap)
throws KeyStoreException {
for (String label : sKeySet) {
if (!aliasMap.containsKey(label)) {
aliasMap.put(label, new AliasInfo(label));
} else {
for (String label : sKeyMap.keySet()) {
if (aliasMap.containsKey(label)) {
throw new KeyStoreException("invalid KeyStore state: " +
"found secret key sharing CKA_LABEL [" +
label +
"] with another token object");
}
}
aliasMap.putAll(sKeyMap);
}
private void dumpTokenMap() {

@ -108,6 +108,17 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
*/
static P11Key convertKey(Token token, Key key, String algo)
throws InvalidKeyException {
return convertKey(token, key, algo, null);
}
/**
* Convert an arbitrary key of algorithm w/ custom attributes into a
* P11Key of provider.
* Used in P11KeyStore.storeSkey.
*/
static P11Key convertKey(Token token, Key key, String algo,
CK_ATTRIBUTE[] extraAttrs)
throws InvalidKeyException {
token.ensureValid();
if (key == null) {
throw new InvalidKeyException("Key must not be null");
@ -134,6 +145,22 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
if (key instanceof P11Key) {
P11Key p11Key = (P11Key)key;
if (p11Key.token == token) {
if (extraAttrs != null) {
Session session = null;
try {
session = token.getObjSession();
long newKeyID = token.p11.C_CopyObject(session.id(),
p11Key.keyID, extraAttrs);
p11Key = (P11Key) (P11Key.secretKey(p11Key.session,
newKeyID, p11Key.algorithm, p11Key.keyLength,
extraAttrs));
} catch (PKCS11Exception p11e) {
throw new InvalidKeyException
("Cannot duplicate the PKCS11 key", p11e);
} finally {
token.releaseSession(session);
}
}
return p11Key;
}
}
@ -141,11 +168,11 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
if (p11Key != null) {
return p11Key;
}
if ("RAW".equals(key.getFormat()) == false) {
if ("RAW".equalsIgnoreCase(key.getFormat()) == false) {
throw new InvalidKeyException("Encoded format must be RAW");
}
byte[] encoded = key.getEncoded();
p11Key = createKey(token, encoded, algo, algoType);
p11Key = createKey(token, encoded, algo, algoType, extraAttrs);
token.secretCache.put(key, p11Key);
return p11Key;
}
@ -159,7 +186,8 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
}
private static P11Key createKey(Token token, byte[] encoded,
String algorithm, long keyType) throws InvalidKeyException {
String algorithm, long keyType, CK_ATTRIBUTE[] extraAttrs)
throws InvalidKeyException {
int n = encoded.length << 3;
int keyLength = n;
try {
@ -220,11 +248,17 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
}
Session session = null;
try {
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
new CK_ATTRIBUTE(CKA_VALUE, encoded)
};
CK_ATTRIBUTE[] attributes;
if (extraAttrs != null) {
attributes = new CK_ATTRIBUTE[3 + extraAttrs.length];
System.arraycopy(extraAttrs, 0, attributes, 3,
extraAttrs.length);
} else {
attributes = new CK_ATTRIBUTE[3];
}
attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY);
attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType);
attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded);
attributes = token.getAttributes
(O_IMPORT, CKO_SECRET_KEY, keyType, attributes);
session = token.getObjSession();
@ -273,7 +307,7 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
private byte[] getKeyBytes(SecretKey key) throws InvalidKeySpecException {
try {
key = engineTranslateKey(key);
if ("RAW".equals(key.getFormat()) == false) {
if ("RAW".equalsIgnoreCase(key.getFormat()) == false) {
throw new InvalidKeySpecException
("Could not obtain key bytes");
}

@ -0,0 +1,194 @@
/*
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
import java.io.*;
import java.util.*;
import java.lang.reflect.*;
import java.security.*;
import java.security.cert.*;
import java.security.spec.*;
import java.security.interfaces.*;
import java.math.BigInteger;
import javax.crypto.*;
import javax.crypto.spec.*;
public class SecretKeysBasic extends PKCS11Test {
private static final char SEP = File.separatorChar;
private static char[] tokenPwd;
private static final char[] nssPwd =
new char[]{'t', 'e', 's', 't', '1', '2'};
private static final char[] solarisPwd =
new char[]{'p', 'i', 'n'};
private static SecretKey sk1;
private static SecretKey sk2;
private static SecretKey softkey;
private static KeyStore ks;
private static final String KS_TYPE = "PKCS11";
private static Provider provider;
public static void main(String[] args) throws Exception {
main(new SecretKeysBasic());
}
public void main(Provider p) throws Exception {
this.provider = p;
// create secret key
byte[] keyVal = new byte[16];
(new SecureRandom()).nextBytes(keyVal);
// NSS will throw CKR_HOST_MEMORY if calling C_DecryptInit w/
// (keyVal[0] == 0)
if (keyVal[0] == 0) {
keyVal[0] = 1;
}
softkey = new SecretKeySpec(keyVal, "AES");
dumpKey("softkey", softkey);
KeyGenerator kg = KeyGenerator.getInstance("DESede", provider);
sk1 = kg.generateKey();
dumpKey("skey1", sk1);
sk2 = kg.generateKey();
dumpKey("skey2", sk2);
String token = System.getProperty("TOKEN");
if (token == null || token.length() == 0) {
System.out.println("Error: missing TOKEN system property");
throw new Exception("token arg required");
}
if ("nss".equals(token)) {
tokenPwd = nssPwd;
} else if ("solaris".equals(token)) {
tokenPwd = solarisPwd;
}
int testnum = 1;
doTest();
}
private static boolean checkSecretKeyEntry(String alias,
SecretKey expected,
boolean saveBeforeCheck)
throws Exception {
if (saveBeforeCheck) {
ks.setKeyEntry(alias, expected, null, null);
}
SecretKey result = (SecretKey) (ks.getKey(alias, null));
String keyEncFormat = result.getFormat();
if (keyEncFormat == null) {
// sensitive or un-extractable keys - verify by encrypt/decrypt
byte[] data = new byte[64];
Cipher c =
Cipher.getInstance(result.getAlgorithm() + "/CBC/NoPadding",
provider);
c.init(Cipher.ENCRYPT_MODE, expected);
byte[] encOut = c.doFinal(data);
c.init(Cipher.DECRYPT_MODE, result, c.getParameters());
byte[] decOut = c.doFinal(encOut);
if (!Arrays.equals(data, decOut)) {
return false;
}
} else if (keyEncFormat.toUpperCase().equals("RAW")) {
if (!Arrays.equals(result.getEncoded(), expected.getEncoded())) {
dumpKey("\texpected:", expected);
dumpKey("\treturns:", result);
return false;
}
}
return true;
}
private static void dumpKey(String info, SecretKey key) {
System.out.println(info + "> " + key);
System.out.println("\tALGO=" + key.getAlgorithm());
if (key.getFormat() != null) {
System.out.println("\t[" + key.getFormat() + "] VALUE=" +
new BigInteger(key.getEncoded()));
} else {
System.out.println("\tVALUE=n/a");
}
}
private static void doTest() throws Exception {
if (ks == null) {
ks = KeyStore.getInstance(KS_TYPE, provider);
ks.load(null, tokenPwd);
}
System.out.println("Number of entries: " + ks.size());
if (ks.size() != 0) {
System.out.println("Deleting entries under aliases: ");
for (Enumeration<String> aliases = ks.aliases();
aliases.hasMoreElements();) {
String alias = aliases.nextElement();
System.out.println("\t" + alias);
ks.deleteEntry(alias);
}
}
String alias = "testSKey";
boolean testResult = checkSecretKeyEntry(alias, softkey, true);
if (!testResult) {
System.out.println("FAILURE: setKey() w/ softSecretKey failed");
}
if (!checkSecretKeyEntry(alias, sk1, true)) {
testResult = false;
System.out.println("FAILURE: setKey() w/ skey1 failed");
}
if (!checkSecretKeyEntry(alias, sk2, true)) {
testResult = false;
System.out.println("FAILURE: setKey() w/ skey2 failed");
}
ks.store(null);
System.out.println("Reloading keystore...");
ks.load(null, "whatever".toCharArray());
if (ks.size() != 1) {
System.out.println("FAILURE: reload#1 ks.size() != 1");
}
if (!checkSecretKeyEntry(alias, sk2, false)) {
testResult = false;
System.out.println("FAILURE: reload#1 ks entry check failed");
}
ks.deleteEntry(alias);
ks.store(null);
System.out.println("Reloading keystore...");
ks.load(null, "whatever".toCharArray());
if (ks.size() != 0) {
testResult = false;
System.out.println("FAILURE: reload#2 ks.size() != 0");
}
if (!testResult) {
throw new Exception("One or more test failed!");
}
}
}

@ -0,0 +1,164 @@
#
# Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6599979
# @summary Ensure that re-assigning the alias works
#
# @run shell SecretKeysBasic.sh
#
# To run by hand:
# %sh SecretKeysBasic.sh
#
# Note:
# . test only runs on solaris at the moment
# set a few environment variables so that the shell-script can run stand-alone
# in the source directory
# if running by hand on windows, change TESTSRC and TESTCLASSES to "."
if [ "${TESTSRC}" = "" ] ; then
TESTSRC=`pwd`
fi
if [ "${TESTCLASSES}" = "" ] ; then
TESTCLASSES=`pwd`
fi
# if running by hand on windows, change this to appropriate value
if [ "${TESTJAVA}" = "" ] ; then
TESTJAVA="/net/shimmer/export/valeriep/jdk7/build/solaris-sparc"
fi
echo TESTSRC=${TESTSRC}
echo TESTCLASSES=${TESTCLASSES}
echo TESTJAVA=${TESTJAVA}
echo ""
#DEBUG=sunpkcs11,pkcs11keystore
echo DEBUG=${DEBUG}
echo ""
OS=`uname -s`
case "$OS" in
SunOS )
FS="/"
PS=":"
SCCS="${FS}usr${FS}ccs${FS}bin${FS}sccs"
CP="${FS}bin${FS}cp -f"
RM="${FS}bin${FS}rm -rf"
MKDIR="${FS}bin${FS}mkdir -p"
CHMOD="${FS}bin${FS}chmod"
;;
* )
echo "Unsupported System ${OS} - Test only runs on Solaris"
exit 0;
;;
esac
TOKENS="nss solaris"
STATUS=0
for token in ${TOKENS}
do
if [ ${token} = "nss" ]
then
# make cert/key DBs writable if token is NSS
${CP} ${TESTSRC}${FS}..${FS}nss${FS}db${FS}cert8.db ${TESTCLASSES}
${CHMOD} +w ${TESTCLASSES}${FS}cert8.db
${CP} ${TESTSRC}${FS}..${FS}nss${FS}db${FS}key3.db ${TESTCLASSES}
${CHMOD} +w ${TESTCLASSES}${FS}key3.db
USED_FILE_LIST="${TESTCLASSES}${FS}cert8.db ${TESTCLASSES}${FS}key3.db"
elif [ ${token} = "solaris" ]
then
OS_VERSION=`uname -r`
case "${OS_VERSION}" in
5.1* )
SOFTTOKEN_DIR=${TESTCLASSES}
export SOFTTOKEN_DIR
;;
* )
echo "Unsupported Version ${OS_VERSION} - Test only runs on Solaris"
exit 0;
;;
esac
# copy keystore into write-able location
if [ -d ${TESTCLASSES}${FS}pkcs11_softtoken ]
then
echo "Removing old pkcs11_keystore, creating new pkcs11_keystore"
echo ${RM} ${TESTCLASSES}${FS}pkcs11_softtoken
${RM} ${TESTCLASSES}${FS}pkcs11_softtoken
fi
echo ${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}private
${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}private
echo ${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}public
${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}public
echo ${CP} ${TESTSRC}${FS}BasicData${FS}pkcs11_softtoken${FS}objstore_info \
${TESTCLASSES}${FS}pkcs11_softtoken
${CP} ${TESTSRC}${FS}BasicData${FS}pkcs11_softtoken${FS}objstore_info \
${TESTCLASSES}${FS}pkcs11_softtoken
echo ${CHMOD} +w ${TESTCLASSES}${FS}pkcs11_softtoken${FS}objstore_info
${CHMOD} 600 ${TESTCLASSES}${FS}pkcs11_softtoken${FS}objstore_info
USED_FILE_LIST="${TESTCLASSES}${FS}pkcs11_softtoken"
fi
cd ${TESTCLASSES}
${TESTJAVA}${FS}bin${FS}javac \
-classpath ${TESTCLASSES} \
-d ${TESTCLASSES} \
${TESTSRC}${FS}SecretKeysBasic.java
# run test
cd ${TESTSRC}
${TESTJAVA}${FS}bin${FS}java \
-DDIR=${TESTSRC}${FS}BasicData${FS} \
-classpath ${TESTCLASSES}${PS}${TESTSRC}${FS}loader.jar \
-DCUSTOM_DB_DIR=${TESTCLASSES} \
-DCUSTOM_P11_CONFIG=${TESTSRC}${FS}BasicData${FS}p11-${token}.txt \
-DNO_DEFAULT=true \
-DNO_DEIMOS=true \
-DTOKEN=${token} \
-Djava.security.debug=${DEBUG} \
SecretKeysBasic
# -DCUSTOM_P11_CONFIG=${TESTSRC}${FS}BasicData${FS}p11-${token}.txt \
# save error status
if [ $? != 0 ]
then
echo "Test against " ${token} " Failed!"
STATUS=1
fi
# clean up
${RM} ${USED_FILE_LIST}
done
# return
exit ${STATUS}