📄 keystore.java
字号:
* or null if no such entry exists in this keystore.
*/
public String engineGetCertificateAlias(Certificate cert)
{
if (mTrustedCerts.contains(cert))
{
for (Enumeration enum = mTrustedCerts.keys();
enum.hasMoreElements();)
{
String alias = (String)enum.nextElement();
Certificate acert = (Certificate)mTrustedCerts.get(alias);
if (acert.equals(cert))
return alias;
}
// At this point we have a fundamental problem, the hashtable
// thinks there is a matching value but the equals() never equated.
return null;
}
for (Enumeration enum = mPrivateKeys.keys();
enum.hasMoreElements();)
{
String alias = (String)enum.nextElement();
PrivateKeyEntry entry = (PrivateKeyEntry)mPrivateKeys.get(alias);
if (entry.mCertificates != null && entry.mCertificates[0].equals(cert))
return alias;
}
return null;
}
/**
* Returns the certificate chain associated with the given alias.
*
* @param alias the alias name
*
* @return the certificate chain (ordered with the user's certificate first
* and the root certificate authority last), or null if the given alias
* does not exist or does not contain a certificate chain (i.e., the given
* alias identifies either a <i>trusted certificate entry</i> or a
* <i>key entry</i> without a certificate chain).
*/
public Certificate[] engineGetCertificateChain(String alias)
{
PrivateKeyEntry entry = (PrivateKeyEntry)mPrivateKeys.get(alias);
if (entry != null)
{
// Return all the certificates
return entry.mCertificates;
}
return null;
}
/**
* Returns the creation date of the entry identified by the given alias.
*
* @param alias the alias name
*
* @return the creation date of this entry, or null if the given alias does
* not exist
*/
public Date engineGetCreationDate(String alias)
{
throw new RuntimeException("not implemented");
}
/**
* Returns the key associated with the given alias, using the given
* password to recover it.
*
* @param alias the alias name
* @param password the password for recovering the key
*
* @return the requested key, or null if the given alias does not exist
* or does not identify a <i>key entry</i>.
*
* @exception NoSuchAlgorithmException if the algorithm for recovering the
* key cannot be found
* @exception UnrecoverableKeyException if the key cannot be recovered
* (e.g., the given password is wrong).
*/
public Key engineGetKey(String alias, char[] password)
throws NoSuchAlgorithmException, UnrecoverableKeyException
{
PrivateKeyEntry entry = (PrivateKeyEntry)mPrivateKeys.get(alias);
if (entry == null)
return null;
if (!entry.validate(password))
throw new UnrecoverableKeyException();
// OK they passed, give them what they want
return entry.mKey;
}
/**
* Returns true if the entry identified by the given alias is a
* <i>trusted certificate entry</i>, and false otherwise.
*
* @return true if the entry identified by the given alias is a
* <i>trusted certificate entry</i>, false otherwise.
*/
public boolean engineIsCertificateEntry(String alias)
{
return mTrustedCerts.containsKey(alias);
}
/**
* Returns true if the entry identified by the given alias is a
* <i>key entry</i>, and false otherwise.
*
* @return true if the entry identified by the given alias is a
* <i>key entry</i>, false otherwise.
*/
public boolean engineIsKeyEntry(String alias)
{
return mPrivateKeys.containsKey(alias);
}
/**
* Loads the keystore from the given input stream.
*
* <p>If a password is given, it is used to check the integrity of the
* keystore data. Otherwise, the integrity of the keystore is not checked.
*
* @param stream the input stream from which the keystore is loaded
* @param password the (optional) password used to check the integrity of
* the keystore.
*
* @exception IOException if there is an I/O or format problem with the
* keystore data
* @exception NoSuchAlgorithmException if the algorithm used to check
* the integrity of the keystore cannot be found
* @exception CertificateException if any of the certificates in the
* keystore could not be loaded
*/
public void engineLoad(InputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException
{
byte[] salt = new byte[8];
stream.read(salt);
// Read remaining data from the stream
ByteArrayOutputStream store = new ByteArrayOutputStream();
int b;
while((b = stream.read()) != -1)
{
store.write(b);
}
byte[] input = store.toByteArray();
byte[] origData = encrypt(Cipher.DECRYPT_MODE, salt, password, input);
ByteArrayInputStream ins = new ByteArrayInputStream(origData);
SecurityInputStream in = new SecurityInputStream(ins);
try
{
load(in);
}
catch(InvalidKeySpecException e)
{e.printStackTrace();
// It was not possible to re-create a key that was stored.
// +++ Is this the correct handling of this exception
throw new CertificateException(e.getMessage());
}
catch(ClassNotFoundException e)
{
// All the classes instantiated, are known and must be present
// so this just can't happen
throw new ExceptionInInitializerError(e);
}
}
/**
* Assigns the given certificate to the given alias.
*
* <p>If the given alias already exists in this keystore and identifies a
* <i>trusted certificate entry</i>, the certificate associated with it is
* overridden by the given certificate.
*
* @param alias the alias name
* @param cert the certificate
*
* @exception KeyStoreException if the given alias already exists and does
* not identify a <i>trusted certificate entry</i>, or this operation
* fails for some other reason.
*/
public void engineSetCertificateEntry(String alias,
Certificate cert)
throws KeyStoreException
{
if (mPrivateKeys.get(alias) != null)
throw new KeyStoreException("Alias exists as a Private Key Entry");
mTrustedCerts.put(alias, cert);
}
/**
* Assigns the given key (that has already been protected) to the given
* alias.
*
* <p>If the protected key is of type
* <code>java.security.PrivateKey</code>,
* it must be accompanied by a certificate chain certifying the
* corresponding public key.
*
* <p>If the given alias already exists, the keystore information
* associated with it is overridden by the given key (and possibly
* certificate chain).
*
* @param alias the alias name
* @param key the key (in protected format) to be associated with the alias
* @param chain the certificate chain for the corresponding public
* key (only useful if the protected key is of type
* <code>java.security.PrivateKey</code>).
*
* @exception KeyStoreException if this operation fails.
*/
public void engineSetKeyEntry(String alias, byte[] key,
Certificate[] chain)
throws KeyStoreException
{
throw new RuntimeException("not implemented");
}
/**
* Assigns the given key to the given alias, protecting it with the given
* password.
*
* <p>If the given key is of type <code>java.security.PrivateKey</code>,
* it must be accompanied by a certificate chain certifying the
* corresponding public key.
*
* <p>If the given alias already exists, the keystore information
* associated with it is overridden by the given key (and possibly
* certificate chain).
*
* @param alias the alias name
* @param key the key to be associated with the alias
* @param password the password to protect the key
* @param chain the certificate chain for the corresponding public
* key (only required if the given key is of type
* <code>java.security.PrivateKey</code>).
*
* @exception KeyStoreException if the given key cannot be protected, or
* this operation fails for some other reason
*/
public void engineSetKeyEntry(String alias, Key key,
char[] password,
Certificate[] chain)
throws KeyStoreException
{
if (mTrustedCerts.containsKey(alias))
throw new KeyStoreException("Trusted Cert exists with given alias");
PrivateKeyEntry entry = (PrivateKeyEntry)mPrivateKeys.get(alias);
if (entry != null)
{
// Already exists, validate password
if (!entry.validate(password))
throw new KeyStoreException("Invalid password");
}
else
{
// Never seen this alias before, so create an entry and add to the store
entry = new PrivateKeyEntry();
mPrivateKeys.put(alias, entry);
}
// Fill out the entry, note we copy both arrays.
entry.mKey = key;
entry.mPassword = new char[password.length];
System.arraycopy(password, 0, entry.mPassword, 0, password.length);
if (key instanceof PrivateKey)
{
entry.mCertificates = new Certificate[chain.length];
System.arraycopy(chain, 0, entry.mCertificates, 0, chain.length);
}
}
/**
* Retrieves the number of entries in this keystore.
*
* @return the number of entries in this keystore
*/
public int engineSize()
{
return mPrivateKeys.size() + mTrustedCerts.size();
}
/**
* Stores this keystore to the given output stream, and protects its
* integrity with the given password.
*
* @param stream the output stream to which this keystore is written.
* @param password the password to generate the keystore integrity check
*
* @exception IOException if there was an I/O problem with data
* @exception NoSuchAlgorithmException if the appropriate data integrity
* algorithm could not be found
* @exception CertificateException if any of the certificates included in
* the keystore data could not be stored
*/
public synchronized void engineStore(OutputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException
{
// Create a nice little object stream to save our stuff.
ByteArrayOutputStream outs = new ByteArrayOutputStream();
SecurityOutputStream out = new SecurityOutputStream(outs);
store(out);
out.flush();
byte[] input = outs.toByteArray();
// Convert from char[] to byte[]
byte[] pwd = new byte[password.length];
for (int i = 0; i < password.length; i++)
pwd[i] = (byte)password[i];
// Create some salt
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(pwd);
md.update(input);
byte[] digest = md.digest();
// Move digest into the salt
byte[] salt = new byte[8];
System.arraycopy(digest, 0, salt, 0, salt.length);
byte[] output = encrypt(Cipher.ENCRYPT_MODE, salt, password, input);
// Finally get the data out the stream
stream.write(salt);
stream.write(output);
out.close();
}
/* Loads the current Key store to the stream
* Version (float)
* Count of Trusted Certs (int)
* [0..*]
* alias (string)
* Cert
* Count of Private Keys (int)
* [0..*]
* alias (string)
* Password
* Key
* Count of Certs (int)
* [0..*]
* Cert
*/
private void load(SecurityInputStream in)
throws IOException, CertificateException, ClassNotFoundException,
InvalidKeySpecException, NoSuchAlgorithmException
{
mTrustedCerts.clear();
// Read The trusted certs.
int trustedCertCount = in.readInt();
for (int i = 0; i < trustedCertCount; i++)
{
String alias = (String)in.readObject();
Certificate cert = in.readCert();
mTrustedCerts.put(alias, cert);
}
// Read The private keys.
mPrivateKeys.clear();
int privateKeysCount = in.readInt();
for (int i = 0; i < privateKeysCount; i++)
{
String alias = (String)in.readObject();
PrivateKeyEntry pke = new PrivateKeyEntry();
mPrivateKeys.put(alias, pke);
// Write the password
pke.mPassword = in.readPassword();
// Write the key
pke.mKey = in.readKey();
// Write the cert chain
int certCount = in.readInt();
if (certCount != 0)
pke.mCertificates = new Certificate[certCount];
for (int j = 0; j < certCount; j++)
pke.mCertificates[j] = in.readCert();
}
}
/* Saves the current Key store to the stream
* Version (float)
* Count of Trusted Certs (int)
* [0..*]
* alias (string)
* Cert
* Count of Private Keys (int)
* [0..*]
* alias (string)
* Password
* Key
* Count of Certs (int)
* [0..*]
* Cert
*/
private void store(SecurityOutputStream out)
throws IOException, CertificateException
{
// Write The trusted certs.
out.writeInt(mTrustedCerts.size());
for (Enumeration enum = mTrustedCerts.keys(); enum.hasMoreElements();)
{
String alias = (String)enum.nextElement();
out.writeObject(alias);
out.writeCert((Certificate)mTrustedCerts.get(alias));
}
// Write The trusted certs.
out.writeInt(mPrivateKeys.size());
for (Enumeration enum = mPrivateKeys.keys(); enum.hasMoreElements();)
{
String alias = (String)enum.nextElement();
out.writeObject(alias);
PrivateKeyEntry pke = (PrivateKeyEntry)mPrivateKeys.get(alias);
// Write the password
out.writePassword(pke.mPassword);
// Write the key
out.writeKey(pke.mKey);
// Write the cert chain
int certCount = pke.mCertificates != null ? pke.mCertificates.length : 0;
out.writeInt(certCount);
for (int i = 0; i < certCount; i++)
out.writeCert(pke.mCertificates[i]);
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -