keychainset.java

eclipseme的最新版本的source,欢迎j2me程序员使用

/*  
 ********************************************************************
 * 
 *	File    	:   KeyChainSet.java
 *  Package     :   eclipseme.core.internal.signing
 *	System      :   eclipseme.core
 *	Author      :   Kevin Hunter
 *	Description :   This class manages the private key and certificate
 *					used to sign a MIDlet suite.
 *	                
 * Copyright (c) 2004 Kevin Hunter
 * All Rights Reserved.
 * Licensed under the Eclipse Public License - v 1.0
 * For more information see http://www.eclipse.org/legal/epl-v10.html
 *
 *
 *  CVS
 *	$$Source: /cvsroot/eclipseme/eclipseme.core/src/eclipseme/core/internal/signing/KeyChainSet.java,v $$
 *	$$Author: kdhunter $$
 *	$$Date: 2004/12/07 02:42:54 $$
 *	$$Revision: 1.4 $$
 *
 ********************************************************************
 */

package eclipseme.core.internal.signing;

import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import org.eclipse.core.runtime.CoreException;

import eclipseme.core.EclipseMECoreErrors;

/**
 * KeyChainSet
 * 
 * This class manages a PrivateKey and an optional associated X509
 * certificate chain.  This class handles all the work of loading
 * the key and the certificate chain from a keystore.  Instances of
 * this class cannot be created directly - the <code>getInstance</code>
 * factory functions have to be used to load the contained data from
 * a keystore.
 * 
 * <p>Note that,
 * to make things easier for the code using this class, all low-level
 * exceptions that the crypto classes can throw are wrapped in
 * an instance of <code>KeyChainSetException</code>.</p>
 * 
 */

public class KeyChainSet
{
	private PrivateKey			m_key;			// key used for signing
	private X509Certificate[]	m_certChain;	// certificate chain for key
	private String				m_strProvider;	// optional provider for crypto classes
	
	/**
	 * This constructor is private so that one is forced to obtain
	 * an instance of KeyChainSet using the factory functions.
	 * 
	 * @param key		Instance of <code>PrivateKey</code> that will
	 * 					be used to sign the MIDlet suite.
	 * @param certChain	Array of <code>X509Certificate</code> objects
	 * 					that provide the validation certificate chain
	 * 					for <code>key</code>.
	 */
	private KeyChainSet(PrivateKey key, X509Certificate[] certChain, String strProvider)
	{
		m_key = key;
		m_certChain = certChain;
		m_strProvider = strProvider;
	}
	
	/**
	 * Returns the <code>PrivateKey</code> managed by this object.
	 * 
	 * @return	An instance of <code>java.security.PrivateKey</code>.  This is
	 * 			guaranteed not to be null.
	 */
	public PrivateKey getKey()
	{
		return(m_key);
	}
	
	/**
	 * Returns the (optional) <code>X509Certificate</code> chain managed
	 * by this object.  If a chain is present, the first entry in the array
	 * will be the certificate for the associated <code>PrivateKey</code>,
	 * and subsequent entries in the chain will be "parent" certificates,
	 * tracing back to the root certificate.
	 * 
	 * @return	Array of <code>java.security.cert.X509Certificate</code>
	 * 			objects.  May be null.
	 */
	public X509Certificate[] getCertificateChain()
	{
		return(m_certChain);
	}
	
	/**
	 * Returns the (optional) provider string.  Will be <code>null</code>
	 * if the system default provider is being used.
	 * 
	 * @return
	 */
	public String getProvider()
	{
		return(m_strProvider);
	}
	
	/**
	 * Creates a <code>KeyChainSet</code> object from the specified keystore
	 * stream, loading the key specified by <code>strKeyAlias</code>
	 * 
	 * @param isKeyStore		<code>InputStream</code> containing the
	 * 							keystore from which the key is to be loaded.
	 * @param strKeyStorePass	Password for the keystore as a whole.
	 * @param strKeyAlias		Alias identifying the key within the keystore
	 * @param strKeyPass		Password for the specific key.
	 * @return	<code>KeyChainSet</code> containing the private key identified by
	 * 			<code>strKeyAlias</code> along with the matching certificate chain,
	 * 			if it is present.
	 * 
	 * @throws KeyChainSetException
	 * @throws IOException
	 */
	public static KeyChainSet getInstance(	InputStream keyStoreStream, 
											String strKeyStorePass,
											String strKeyAlias,
											String strKeyPass)
		throws CoreException
	{
		return(getInstance(keyStoreStream, null, null, strKeyStorePass, strKeyAlias, strKeyPass));
	}
	
	/**
	 * Creates a <code>KeyChainSet</code> object from the specified keystore
	 * stream, loading the key specified by <code>strKeyAlias</code>.  This version
	 * of the factory function allows non-default keystore types and keystore
	 * providers to be specified.
	 * 
	 * @param isKeyStore		<code>InputStream</code> containing the
	 * 							keystore from which the key is to be loaded.
	 * @param strKeyStoreType	String identifying the particular keystore type
	 * 							being accessed.  If <code>null</code>, the system
	 * 							default keystore type is assumed.
	 * @param strKeyStoreProvider	String identifying the particular keystore provider.
	 * 							If <code>null</code>, the preferred implementation for
	 * 							the specified type will be used. 
	 * @param strKeyStorePass	Password for the keystore as a whole.
	 * @param strKeyAlias		Alias identifying the key within the keystore
	 * @param strKeyPass		Password for the specific key.
	 * @return	<code>KeyChainSet</code> containing the private key identified by
	 * 			<code>strKeyAlias</code> along with the matching certificate chain,
	 * 			if it is present.
	 * 
	 * @throws KeyChainSetException
	 * @throws IOException
	 */
	public static KeyChainSet getInstance(	InputStream keyStoreStream, 
											String strKeyStoreType, 
											String strKeyStoreProvider,
											String strKeyStorePass,
											String strKeyAlias,
											String strKeyPass)
		throws CoreException
	{
		KeyStore store = null;
		PrivateKey theKey = null;
		X509Certificate[] orderedCertChain = null;
		
		if (strKeyStoreProvider != null)
		{
			if (strKeyStoreProvider.length() == 0)
			{
				strKeyStoreProvider = null;
			}
		}
		
		if (strKeyStoreType != null)
		{
			if (strKeyStoreType.length() == 0)
			{
				strKeyStoreType = null;
			}
		}
		
	    try
	    {
	    	/*
	    	 * "null" is allowed for the key store type.  In that case,
	    	 * we simply use the default key store type, which is "jks"
	    	 * for most JRE's.  (This is the Sun default keystore type)
	    	 */
	    	
	        if (strKeyStoreType == null)
	        {
	        	strKeyStoreType = KeyStore.getDefaultType();
	        }
	        
	        /*
	         * "null" is also allowed for the provider.  It is possible
	         * to register non-default providers (e.g. bouncycastle) by
	         * configuring the JDK or JRE appropriately.  This operation
	         * can throw a KeyStoreException if the key store type is
	         * not available.  The second form can also thow a 
	         * NoSuchProviderException.
	         */
	        
	        if (strKeyStoreProvider == null)
	        {
	            store = KeyStore.getInstance(strKeyStoreType);