📄 mekeytool.java
字号:
* Constructs a MEKeyTool and loads its keystore using a filename. * @param meKeystoreFilename serialized keystore file * @exception FileNotFoundException if the file does not exist, is a * directory rather than a regular file, or for some other reason * cannot be opened for reading. * @exception IOException if the key storage was corrupted */ public MEKeyTool(String meKeystoreFilename) throws FileNotFoundException, IOException { FileInputStream input; input = new FileInputStream(new File(meKeystoreFilename)); try { keystore = new PublicKeyStoreBuilderBase(input); } finally { input.close(); } }; /** * Constructs a MEKeyTool and loads its keystore from a file. * @param meKeystoreFile serialized keystore file * @exception FileNotFoundException if the file does not exist, is a * directory rather than a regular file, or for some other reason * cannot be opened for reading. * @exception IOException if the key storage was corrupted */ public MEKeyTool(File meKeystoreFile) throws FileNotFoundException, IOException { FileInputStream input; input = new FileInputStream(meKeystoreFile); try { keystore = new PublicKeyStoreBuilderBase(input); } finally { input.close(); } }; /** * Constructs a MEKeyTool and loads its keystore from a stream. * @param meKeystoreStream serialized keystore stream * @exception IOException if the key storage was corrupted */ public MEKeyTool(InputStream meKeystoreStream) throws IOException { keystore = new PublicKeyStoreBuilderBase(meKeystoreStream); }; /** * Copies a key from a Standard Edition keystore into the ME keystore. * @param jcakeystoreFilename name of the serialized keystore * @param keystorePassword password to unlock the keystore * @param alias the ID of the key in the SE keystore * @param domain security domain of any application authorized * with the corresponding private key */ public void importKeyFromJcaKeystore(String jcakeystoreFilename, String keystorePassword, String alias, String domain) throws IOException, GeneralSecurityException { FileInputStream keystoreStream; KeyStore jcaKeystore; X509Certificate cert; RSAPublicKey rsaKey; String owner; long notBefore; long notAfter; byte[] rawModulus; int i; int keyLen; byte[] modulus; byte[] exponent; // Load the keystore keystoreStream = new FileInputStream(new File(jcakeystoreFilename)); try { jcaKeystore = KeyStore.getInstance(KeyStore.getDefaultType()); jcaKeystore.load(keystoreStream, keystorePassword.toCharArray()); } finally { keystoreStream.close(); } // get the cert from the keystore cert = (X509Certificate)jcaKeystore.getCertificate(alias); if (cert == null) { throw new CertificateException("Certificate not found"); } // ME stores a condensed owner DN for a key owner = condenseDistinguishedName(cert.getSubjectDN().getName()); notBefore = cert.getNotBefore().getTime(); notAfter = cert.getNotAfter().getTime(); // get the key from the cert rsaKey = (RSAPublicKey)cert.getPublicKey(); // get the key parameters from the key rawModulus = rsaKey.getModulus().toByteArray(); /* * the modulus is given as the minimum positive integer, * will not padded to the bit size of the key, or may have a extra * pad to make it positive. KSSL expect the key to be signature * bit size. but we cannot get that from the key, so we should * remove any zero pad bytes and then pad out to a multiple of 8 bytes */ for (i = 0; i < rawModulus.length && rawModulus[i] == 0; i++); keyLen = rawModulus.length - i; keyLen = (keyLen + 7) / 8 * 8; modulus = new byte[keyLen]; int k, j; for (k = rawModulus.length - 1, j = keyLen - 1; k >= 0 && j >= 0; k--, j--) { modulus[j] = rawModulus[k]; } exponent = rsaKey.getPublicExponent().toByteArray(); // add the key if (!keystore.addKey(new PublicKeyInfo(owner, notBefore, notAfter, modulus, exponent, domain))) { throw new CertificateException( "Owner already has a key in the ME keystore"); } } /** * Deletes a public key using the owner's distinguished name. * @param owner name of the key's owner * @return true, if the key was deleted, else false */ public boolean deleteKey(String owner) { return keystore.deleteKey(owner); }; /** * Gets the first key in the keystore. * @return all the information related to the first key */ protected PublicKeyInfo getFirstKey() { owners = keystore.getOwners(); return getNextKey(); }; /** * Gets the next key after the previous one returned by * {@link #getFirstKey} or this method. If getFirstKey is not called * before the first call to this method, null will be returned. * @return all the information related to the next key, or null if * there are no more keys */ protected PublicKeyInfo getNextKey() { String owner; if (owners == null || !owners.hasMoreElements()) { return null; } owner = (String)owners.nextElement(); return keystore.findKey(owner); }; /** * Saves the keystore to a file. * @param meKeystoreFile serialized keystore file */ public void saveKeystore(File meKeystoreFile) throws IOException { FileOutputStream output; output = new FileOutputStream(meKeystoreFile); keystore.serialize(output); output.close(); } /** * Get an enumeration of owner names from the keystore. * @return enumeration of owner names */ public Enumeration getOwners() { return keystore.getOwners(); } /** * Gets the read-write keystore this tool is manipulating. * For advanced users. * @return read-write keystore */ public PublicKeyStoreBuilderBase getKeystore() { return keystore; } /** * Creates a string representation of a key that is displayed to a * user during a list command. The string does not include the modulus * and exponent. * @param keyInfo key to display * @return printable representation of the key */ public static String formatKeyInfo(PublicKeyInfo keyInfo) { return " Owner: " + keyInfo.getOwner() + "\n Valid from " + (new Date(keyInfo.getNotBefore())).toString() + " to " + (new Date(keyInfo.getNotAfter())).toString() + "\n Domain: " + keyInfo.getDomain(); }; /** * Condenses a X.500 distinguished name by removing any quotes, * removing a leading spaces before attribute tags, * and changing any "," separating attributes to a ";" * to match KSSL. * @param dn distinguished name to condense * @return condensed name */ public static String condenseDistinguishedName(String dn) { char[] name = new char[dn.length()]; int len = 0; char current; int ATTR = 1; int QUOTE = 2; int END_OF_QUOTE = 3; int END_OF_ATTR = 4; int state = ATTR; for (int i = 0; i < dn.length(); i++) { current = dn.charAt(i); /* * "," or ";" separates attributes, * except when they appear in quotes */ if (current == '"') { if (state == QUOTE) { state = END_OF_QUOTE; } else { state = QUOTE; } continue; } else if (state != QUOTE) { if (current == ',' || current == ';') { state = END_OF_ATTR; } else if (state == END_OF_ATTR) { if (current == ' ') { // skip any spaces between attributes continue; } else { state = ATTR; } } } // KSSL separates with a ";", so we must to match if (state == END_OF_ATTR) { name[len] = ';'; } else { name[len] = current; } len++; } return new String(name, 0, len); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -