jdkpkcs12keystore.java
来自「bouncycastle 是一个JAVA安全提供者」· Java 代码 · 共 1,502 行 · 第 1/4 页
JAVA
1,502 行
} if (nextC == null) { // // no authority key id, try the Issuer DN // Principal i = x509c.getIssuerDN(); Principal s = x509c.getSubjectDN(); if (!i.equals(s)) { Enumeration e = chainCerts.keys(); while (e.hasMoreElements()) { X509Certificate crt = (X509Certificate)chainCerts.get(e.nextElement()); Principal sub = crt.getSubjectDN(); if (sub.equals(i)) { try { x509c.verify(crt.getPublicKey()); nextC = crt; break; } catch (Exception ex) { // continue } } } } } cs.addElement(c); if (nextC != c) // self signed - end of the chain { c = nextC; } else { c = null; } } Certificate[] certChain = new Certificate[cs.size()]; for (int i = 0; i != certChain.length; i++) { certChain[i] = (Certificate)cs.elementAt(i); } return certChain; } return null; } public Date engineGetCreationDate(String alias) { return new Date(); } public Key engineGetKey( String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException { if (alias == null) { throw new IllegalArgumentException("null alias passed to getKey."); } return (Key)keys.get(alias); } public boolean engineIsCertificateEntry( String alias) { return (certs.get(alias) != null && keys.get(alias) == null); } public boolean engineIsKeyEntry( String alias) { return (keys.get(alias) != null); } public void engineSetCertificateEntry( String alias, Certificate cert) throws KeyStoreException { if (certs.get(alias) != null) { throw new KeyStoreException("There is already a certificate with the name " + alias + "."); } certs.put(alias, cert); chainCerts.put(new CertId(cert.getPublicKey()), cert); } public void engineSetKeyEntry( String alias, byte[] key, Certificate[] chain) throws KeyStoreException { throw new RuntimeException("operation not supported"); } public void engineSetKeyEntry( String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException { if ((key instanceof PrivateKey) && (chain == null)) { throw new KeyStoreException("no certificate chain for private key"); } if (keys.get(alias) != null && !key.equals(keys.get(alias))) { throw new KeyStoreException("There is already a key with the name " + alias + "."); } keys.put(alias, key); certs.put(alias, chain[0]); for (int i = 0; i != chain.length; i++) { chainCerts.put(new CertId(chain[i].getPublicKey()), chain[i]); } } public int engineSize() { Hashtable tab = new Hashtable(); Enumeration e = certs.keys(); while (e.hasMoreElements()) { tab.put(e.nextElement(), "cert"); } e = keys.keys(); while (e.hasMoreElements()) { String a = (String)e.nextElement(); if (tab.get(a) == null) { tab.put(a, "key"); } } return tab.size(); } protected PrivateKey unwrapKey( AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero) throws IOException { String algorithm = algId.getObjectId().getId(); PKCS12PBEParams pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters()); PBEKeySpec pbeSpec = new PBEKeySpec(password); PrivateKey out = null; try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance( algorithm, "BC"); PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); SecretKey k = keyFact.generateSecret(pbeSpec); ((JCEPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); Cipher cipher = Cipher.getInstance(algorithm, "BC"); cipher.init(Cipher.UNWRAP_MODE, k, defParams); // we pass "" as the key algorithm type as it is unknown at this point out = (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); } catch (Exception e) { throw new IOException("exception unwrapping private key - " + e.toString()); } return out; } protected byte[] wrapKey( String algorithm, Key key, PKCS12PBEParams pbeParams, char[] password) throws IOException { PBEKeySpec pbeSpec = new PBEKeySpec(password); byte[] out; try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance( algorithm, "BC"); PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); Cipher cipher = Cipher.getInstance(algorithm, "BC"); cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams); out = cipher.wrap(key); } catch (Exception e) { throw new IOException("exception encrypting data - " + e.toString()); } return out; } protected ASN1Sequence decryptData( AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero) throws IOException { String algorithm = algId.getObjectId().getId(); PKCS12PBEParams pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters()); PBEKeySpec pbeSpec = new PBEKeySpec(password); byte[] out = null; try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance( algorithm, "BC"); PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); SecretKey k = keyFact.generateSecret(pbeSpec); ((JCEPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); Cipher cipher = Cipher.getInstance(algorithm, "BC"); cipher.init(Cipher.DECRYPT_MODE, k, defParams); out = cipher.doFinal(data); } catch (Exception e) { throw new IOException("exception decrypting data - " + e.toString()); } ASN1InputStream aIn = new ASN1InputStream(new ByteArrayInputStream(out)); return (ASN1Sequence)aIn.readObject(); } protected byte[] encryptData( String algorithm, byte[] data, PKCS12PBEParams pbeParams, char[] password) throws IOException { PBEKeySpec pbeSpec = new PBEKeySpec(password); byte[] out; try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance( algorithm, "BC"); PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); Cipher cipher = Cipher.getInstance(algorithm, "BC"); cipher.init(Cipher.ENCRYPT_MODE, keyFact.generateSecret(pbeSpec), defParams); out = cipher.doFinal(data); } catch (Exception e) { throw new IOException("exception encrypting data - " + e.toString()); } return out; } public void engineLoad( InputStream stream, char[] password) throws IOException { if (stream == null) // just initialising { return; } if (password == null) { throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); } BufferedInputStream bufIn = new BufferedInputStream(stream); bufIn.mark(10); int head = bufIn.read(); if (head != 0x30) { throw new IOException("stream does not represent a PKCS12 key store"); } bufIn.reset(); ASN1InputStream bIn = new ASN1InputStream(bufIn); ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); Pfx bag = new Pfx(obj); ContentInfo info = bag.getAuthSafe(); Vector chain = new Vector(); boolean unmarkedKey = false; boolean wrongPKCS12Zero = false; if (bag.getMacData() != null) // check the mac code { ByteArrayOutputStream bOut = new ByteArrayOutputStream(); BEROutputStream berOut = new BEROutputStream(bOut); MacData mData = bag.getMacData(); DigestInfo dInfo = mData.getMac(); AlgorithmIdentifier algId = dInfo.getAlgorithmId(); byte[] salt = mData.getSalt(); int itCount = mData.getIterationCount().intValue(); berOut.writeObject(info); byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); try { Mac mac = Mac.getInstance(algId.getObjectId().getId(), "BC"); SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algId.getObjectId().getId(), "BC"); PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); PBEKeySpec pbeSpec = new PBEKeySpec(password); mac.init(keyFact.generateSecret(pbeSpec), defParams); mac.update(data); byte[] res = mac.doFinal(); byte[] dig = dInfo.getDigest(); if (res.length != dInfo.getDigest().length) { throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); } boolean okay = true; ⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?