jdkpkcs12keystore.java
来自「bouncycastle 是一个JAVA安全提供者」· Java 代码 · 共 1,502 行 · 第 1/4 页
JAVA
1,502 行
package org.bouncycastle.jce.provider;import java.io.BufferedInputStream;import java.io.ByteArrayInputStream;import java.io.ByteArrayOutputStream;import java.io.IOException;import java.io.InputStream;import java.io.OutputStream;import java.security.Key;import java.security.KeyStoreException;import java.security.KeyStoreSpi;import java.security.NoSuchAlgorithmException;import java.security.Principal;import java.security.PrivateKey;import java.security.PublicKey;import java.security.SecureRandom;import java.security.UnrecoverableKeyException;import java.security.cert.Certificate;import java.security.cert.CertificateEncodingException;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.util.Date;import java.util.Enumeration;import java.util.Hashtable;import java.util.Vector;import javax.crypto.Cipher;import javax.crypto.Mac;import javax.crypto.SecretKey;import javax.crypto.SecretKeyFactory;import javax.crypto.spec.PBEKeySpec;import javax.crypto.spec.PBEParameterSpec;import org.bouncycastle.asn1.ASN1EncodableVector;import org.bouncycastle.asn1.ASN1InputStream;import org.bouncycastle.asn1.ASN1OctetString;import org.bouncycastle.asn1.ASN1Sequence;import org.bouncycastle.asn1.ASN1Set;import org.bouncycastle.asn1.BERConstructedOctetString;import org.bouncycastle.asn1.BEROutputStream;import org.bouncycastle.asn1.DERBMPString;import org.bouncycastle.asn1.DERNull;import org.bouncycastle.asn1.DERObject;import org.bouncycastle.asn1.DERObjectIdentifier;import org.bouncycastle.asn1.DEROctetString;import org.bouncycastle.asn1.DEROutputStream;import org.bouncycastle.asn1.DERSequence;import org.bouncycastle.asn1.DERSet;import org.bouncycastle.asn1.pkcs.AuthenticatedSafe;import org.bouncycastle.asn1.pkcs.CertBag;import org.bouncycastle.asn1.pkcs.ContentInfo;import org.bouncycastle.asn1.pkcs.EncryptedData;import org.bouncycastle.asn1.pkcs.MacData;import org.bouncycastle.asn1.pkcs.PKCS12PBEParams;import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;import org.bouncycastle.asn1.pkcs.Pfx;import org.bouncycastle.asn1.pkcs.SafeBag;import org.bouncycastle.asn1.util.ASN1Dump;import org.bouncycastle.asn1.x509.AlgorithmIdentifier;import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;import org.bouncycastle.asn1.x509.DigestInfo;import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;import org.bouncycastle.asn1.x509.X509Extensions;import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;import org.bouncycastle.jce.interfaces.BCKeyStore;import org.bouncycastle.jce.interfaces.PKCS12BagAttributeCarrier;import org.bouncycastle.util.encoders.Hex;public class JDKPKCS12KeyStore extends KeyStoreSpi implements PKCSObjectIdentifiers, X509ObjectIdentifiers, BCKeyStore{ private static final int SALT_SIZE = 20; private static final int MIN_ITERATIONS = 100; // // SHA-1 and 3-key-triple DES. // private static final String KEY_ALGORITHM = "1.2.840.113549.1.12.1.3"; // // SHA-1 and 40 bit RC2. // private static final String CERT_ALGORITHM = "1.2.840.113549.1.12.1.6"; private Hashtable keys = new Hashtable(); private Hashtable localIds = new Hashtable(); private Hashtable certs = new Hashtable(); private Hashtable chainCerts = new Hashtable(); private Hashtable keyCerts = new Hashtable(); // // generic object types // static final int NULL = 0; static final int CERTIFICATE = 1; static final int KEY = 2; static final int SECRET = 3; static final int SEALED = 4; // // key types // static final int KEY_PRIVATE = 0; static final int KEY_PUBLIC = 1; static final int KEY_SECRET = 2; protected SecureRandom random = new SecureRandom(); private CertificateFactory certFact = null; private class CertId { byte[] id; CertId( PublicKey key) { this.id = createSubjectKeyId(key).getKeyIdentifier(); } CertId( byte[] id) { this.id = id; } public int hashCode() { int hash = id[0] & 0xff; for (int i = 1; i != id.length - 4; i++) { hash ^= ((id[i] & 0xff) << 24) | ((id[i + 1] & 0xff) << 16) | ((id[i + 2] & 0xff) << 8) | (id[i + 3] & 0xff); } return hash; } public boolean equals( Object o) { if (!(o instanceof CertId)) { return false; } CertId cId = (CertId)o; if (cId.id.length != id.length) { return false; } for (int i = 0; i != id.length; i++) { if (cId.id[i] != id[i]) { return false; } } return true; } } public JDKPKCS12KeyStore( String provider) { try { if (provider != null) { certFact = CertificateFactory.getInstance("X.509", provider); } else { certFact = CertificateFactory.getInstance("X.509"); } } catch (Exception e) { throw new IllegalArgumentException("can't create cert factory - " + e.toString()); } } private SubjectKeyIdentifier createSubjectKeyId( PublicKey pubKey) { try { ByteArrayInputStream bIn = new ByteArrayInputStream( pubKey.getEncoded()); SubjectPublicKeyInfo info = new SubjectPublicKeyInfo( (ASN1Sequence)new ASN1InputStream(bIn).readObject()); return new SubjectKeyIdentifier(info); } catch (Exception e) { throw new RuntimeException("error creating key"); } } public void setRandom( SecureRandom rand) { this.random = rand; } public Enumeration engineAliases() { Hashtable tab = new Hashtable(); Enumeration e = certs.keys(); while (e.hasMoreElements()) { tab.put(e.nextElement(), "cert"); } e = keys.keys(); while (e.hasMoreElements()) { String a = (String)e.nextElement(); if (tab.get(a) == null) { tab.put(a, "key"); } } return tab.keys(); } public boolean engineContainsAlias( String alias) { return (certs.get(alias) != null || keys.get(alias) != null); } /** * this is quite complete - we should follow up on the chain, a bit * tricky if a certificate appears in more than one chain... */ public void engineDeleteEntry( String alias) throws KeyStoreException { Key k = (Key)keys.remove(alias); Certificate c = (Certificate)certs.remove(alias); if (c != null) { chainCerts.remove(new CertId(c.getPublicKey())); } if (k != null) { String id = (String)localIds.remove(alias); if (id != null) { c = (Certificate)keyCerts.remove(id); } if (c != null) { chainCerts.remove(new CertId(c.getPublicKey())); } } if (c == null && k == null) { throw new KeyStoreException("no such entry as " + alias); } } /** * simply return the cert for the private key */ public Certificate engineGetCertificate( String alias) { if (alias == null) { throw new IllegalArgumentException("null alias passed to getCertificate."); } Certificate c = (Certificate)certs.get(alias); // // look up the key table - and try the local key id // if (c == null) { String id = (String)localIds.get(alias); if (id != null) { c = (Certificate)keyCerts.get(id); } else { c = (Certificate)keyCerts.get(alias); } } return c; } public String engineGetCertificateAlias( Certificate cert) { Enumeration c = certs.elements(); Enumeration k = certs.keys(); while (c.hasMoreElements()) { Certificate tc = (Certificate)c.nextElement(); String ta = (String)k.nextElement(); if (tc.equals(cert)) { return ta; } } return null; } public Certificate[] engineGetCertificateChain( String alias) { if (alias == null) { throw new IllegalArgumentException("null alias passed to getCertificateChain."); } if (!engineIsKeyEntry(alias)) { return null; } Certificate c = engineGetCertificate(alias); if (c != null) { Vector cs = new Vector(); while (c != null) { X509Certificate x509c = (X509Certificate)c; Certificate nextC = null; byte[] bytes = x509c.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId()); if (bytes != null) { try { ByteArrayInputStream bIn = new ByteArrayInputStream(bytes); ASN1InputStream aIn = new ASN1InputStream(bIn); bIn = new ByteArrayInputStream(((ASN1OctetString)aIn.readObject()).getOctets()); aIn = new ASN1InputStream(bIn); AuthorityKeyIdentifier id = new AuthorityKeyIdentifier((ASN1Sequence)aIn.readObject()); if (id.getKeyIdentifier() != null) { nextC = (Certificate)chainCerts.get(new CertId(id.getKeyIdentifier())); } } catch (IOException e) { throw new RuntimeException(e.toString()); }⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?