keychainset.java

eclipseme的最新版本的source,欢迎j2me程序员使用

	        }
	        else
	        {
	            store = KeyStore.getInstance(strKeyStoreType, strKeyStoreProvider);
	        }
	        
	        /*
	         * Load the keystore data.  This can throw an IOException, if the
	         * keystore file isn't validly formed, a NoSuchAlgorithmException
	         * if the algorithm used to check the integrity of the keystore
	         * can't be found, or a CertificateException if any of the certificates
	         * in the store can't be loaded.
	         */
	        store.load(keyStoreStream, strKeyStorePass.toCharArray());
	        
	        /*
	         * Load the key.  This will return "null" if the key alias doesn't
	         * exist or doesn't reference a key.  It will throw an UnrecoverableKeyException
	         * if the wrong password is provided, a NoSuchAlgorithmException if the
	         * algorithm for recovering the key cannot be found.  In addition, the
	         * signature specifies that it could throw a KeyStoreException if the
	         * store wasn't initialized, but that shouldn't happen for us.
	         */
            Key k = store.getKey(strKeyAlias, strKeyPass.toCharArray());
            
            if (k == null)
            {
            	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_KEY_NOT_FOUND);
            }
            
            if (!(k instanceof PrivateKey))
            {
            	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_BAD_KEY_TYPE);
            }
            
            theKey = (PrivateKey)k;
            
            /*
             * At this point, we've recovered the key, now try to recover the
             * certificate chain.  We will get null back from both of these
             * if there isn't a certificate associated with the key.
             */
            Certificate[] rawChain = store.getCertificateChain(strKeyAlias);
            Certificate rawCert = store.getCertificate(strKeyAlias);
            if (rawChain != null && rawCert != null)
            {
            	/*
            	 * Make sure we're dealing with X509Certificate instances
            	 */
	            if (!(rawCert instanceof X509Certificate))
	            {
	            	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_INVALID_CERTIFICATE_CHAIN);
	            }
	            
	            X509Certificate baseCert = (X509Certificate)rawCert;
	            
	            X509Certificate[] certChain = new X509Certificate[rawChain.length];
	            int i;
	            for (i = 0; i < rawChain.length; i++)
	            {
	                if (rawChain[i] instanceof X509Certificate)
	                {
	                    certChain[i] = (X509Certificate)rawChain[i];
	                }
	                else
	                {
	                	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_INVALID_CERTIFICATE_CHAIN);
	                }
	            }
	            
	            /*
	             * Apparently, judging from other code I've seen, if there's a 
	             * multi-certificate chain, the chain members might not be returned 
	             * in the correct order.  This code will reorder the items in
	             * the certificate chain so that each certificate is immediately
	             * followed by its "parent" certificate.
	             */
	            
	            if (certChain[0].equals(baseCert))
	            {
	                orderedCertChain = certChain;
	            }
	            else
	            {
	            	orderedCertChain = new X509Certificate[rawChain.length];
	            	orderedCertChain[0] = baseCert;
		            
		            for (i = 1; i < rawChain.length; i++)
		            {
		            	orderedCertChain[i] = findParentCertificate(orderedCertChain[i-1], certChain);
		                
		                if (orderedCertChain[i] == null)
		                {
		                	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_INVALID_CERTIFICATE_CHAIN);
		                }
		            }
	            }
            }
	    }
	    catch(IOException ioe)
		{
	    	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_BAD_KEYSTORE_OR_PASSWORD);
		}
	    catch(KeyStoreException kse)
	    {
	    	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_KEYSTORE_TYPE_NOT_AVAILABLE, kse);
	    }
	    catch(NoSuchProviderException nspe)
	    {
	    	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_PROVIDER_NOT_CONFIGURED, nspe);
	    }
	    catch(NoSuchAlgorithmException nsae)
	    {
	    	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_MISSING_KEYSTORE_INTEGRITY_ALGORITHM, nsae);
	    }
	    catch(CertificateException ce)
	    {
	    	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_COULDNT_LOAD_CERTIFICATE, ce);
	    }
        catch(UnrecoverableKeyException uke)
        {
        	EclipseMECoreErrors.throwCoreExceptionError(EclipseMECoreErrors.SIGNING_INVALID_KEY_PASSWORD, uke);
        }
	    
		KeyChainSet kcs = new KeyChainSet(theKey, orderedCertChain, strKeyStoreProvider);
		
		return(kcs);
	}

	/**
	 * This routine searches a certificate array to find the certificate
	 * that is the "parent" for a particular certificate.  Note that, as a side
	 * effect, the "parent" entry in the array is "nulled out" to improve
	 * performance during the operation.
	 * 
	 * @param child		The certificate whose parent is to be found.
	 * @param chain		The certificate array to be searched.
	 * @return	The parent certificate, or <code>null</code> if one cannot be found.
	 * 			(Indicates an error).
	 */
    private static X509Certificate findParentCertificate(X509Certificate child, X509Certificate[] chain)
    {
        Principal issuer = child.getIssuerDN();
        X509Certificate retval = null;
        
        for (int i = 0; i < chain.length; i++)
        {
            if (chain[i] != null)
            {
	            Principal certDN = chain[i].getSubjectDN();
	            if (certDN.equals(issuer))
	            {
	                retval = chain[i];
	                chain[i] = null;
	                break;
	            }
            }
        }
        
        return(retval);
    }
    
	/**
	 * Sets the <code>PrivateKey</code> managed by this object.  Primarily included
	 * for unit testing purposes - under normal circumstances, the key should only
	 * be set via the <code>getInstance</code> methods.
	 * 
	 * @param value
	 */
	/*package*/ void setKey(PrivateKey value)
	{
		m_key = value;
	}
	
	/**
	 * Sets the certificate chain managed by this object.  Primarily included
	 * for unit testing purposes - under normal circumstances, the key should only
	 * be set via the <code>getInstance</code> methods.
	 * 
	 * @param value
	 */
	/*package*/ void setCertificateChain(X509Certificate[] value)
	{
		m_certChain = value;
	}
	
	/**
	 * Sets the provider string managed by this object.  Primarily included
	 * for unit testing purposes - under normal circumstances, the key should only
	 * be set via the <code>getInstance</code> methods.
	 * 
	 * @param value
	 */
	/*package*/ void setProvider(String value)
	{
		m_strProvider = value;
	}
}


/*
 ********************************************************************
 *	CVS History:
 *	$$Log: KeyChainSet.java,v $
 *	$Revision 1.4  2004/12/07 02:42:54  kdhunter
 *	$Switched from custom exception classes to CoreException
 *	$in signing routines.
 *	$Set up basic error code and error message handling, including
 *	$prep for internationalization
 *	$
 *	$Revision 1.3  2004/11/27 21:13:54  kdhunter
 *	$Handle case when empty strings get passed instead of nulls
 *	$
 *	$Revision 1.2  2004/11/26 20:53:26  kdhunter
 *	$Added package access methods for unit test purposes
 *	$
 *	$Revision 1.1  2004/11/26 14:59:22  kdhunter
 *	$Moved here from original "external" package
 *	$$
 *
 ********************************************************************
 */