📄 keystore.java
字号:
/*
Name: Keystore.java
Licensing: LGPL
API: Sun (http://java.sun.com) JCE 1.2.2 API (cleanroom implementation by Bouncy Castle)
Provider: Bouncy Castle (http://www.bouncycastle.org)
Disclaimer:
COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE
IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE
RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE
PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR)
ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY
CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED
HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
(C) Copyright 2003 Gert Van Ham
*/
package net.sourceforge.jcetaglib.lib;
import net.sourceforge.jcetaglib.exceptions.KeystoreException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.SecureRandom;
import java.security.Security;
/**
* Load & generate symmetric keystores
*
* @author Gert Van Ham
* @author hamgert@users.sourceforge.net
* @author http://jcetaglib.sourceforge.net
* @version $Id: Keystore.java,v 1.3 2004/04/15 07:28:25 hamgert Exp $
*/
public class Keystore {
// secret key keystore parameters
static final String SECRET_KEYSTORE_ALGORITHM = "PBEWithSHAAndTwofish-CBC";
static final int SECRET_KEYSTORE_COUNT = 100;
/**
* Generates a secret (= symmetric) key object and store it in a file
*
* @param algorithm encryption algorithm (e.g. "Rijndael")
* @param strength the keysize in bits (e.g. 128)
* @param seed seed for SecureRandom (optional)
* @param file the file(name) to store the key
* @param passphrase the passphrase for the keystore
* @throws KeystoreException for all errors
**/
public static void generateKey(String algorithm
, int strength
, byte[] seed
, String file
, StringBuffer passphrase)
throws KeystoreException {
KeyGenerator kg = null;
Key key;
PBEKeySpec pbeKeySpec;
PBEParameterSpec pbeParamSpec;
SecretKeyFactory keyFac;
SecretKey pbeKey;
Cipher pbeCipher;
FileOutputStream fos = null;
try {
Security.addProvider(new BouncyCastleProvider());
SecureRandom sr = Seed.getSecureRandom(seed);
// get a key generator for the algorithm.
kg = KeyGenerator.getInstance(algorithm, "BC");
kg.init(strength, sr);
// create a secret key from the keygenerator.
key = kg.generateKey();
// secure the new key with PBE encryption
// Create a random salt of 64 bits (8 bytes)
byte[] randomsalt = new byte[8];
sr.nextBytes(randomsalt);
// Create PBE parameter set
pbeParamSpec = new PBEParameterSpec(randomsalt, SECRET_KEYSTORE_COUNT);
pbeKeySpec = new PBEKeySpec(passphrase.toString().toCharArray());
keyFac = SecretKeyFactory.getInstance(SECRET_KEYSTORE_ALGORITHM);
pbeKey = keyFac.generateSecret(pbeKeySpec);
// Create PBE Cipher
pbeCipher = Cipher.getInstance(SECRET_KEYSTORE_ALGORITHM);
// wrap the block cipher key
pbeCipher.init(Cipher.WRAP_MODE, pbeKey, pbeParamSpec);
byte[] wrappedKey = pbeCipher.wrap(key);
// save the wrapped key to disk
fos = new FileOutputStream(file);
fos.write(randomsalt);
fos.write(wrappedKey);
} catch (Exception ex) {
ex.printStackTrace();
throw new KeystoreException(ex.getMessage());
} finally {
// close the file
if (fos != null) {
try {
fos.close();
} catch (IOException ioe) {
;
}
}
// cleanup
key = null;
pbeKey = null;
Clean.blank(passphrase);
passphrase = null;
}
}
/**
* Load the secret (= symmetric) key object from the keystore
*
* @param algorithm String encryption algorithm (e.g. "Rijndael")
* @param file String the keystore file(name)
* @param passphrase StringBuffer the passphrase for the keystore
* @return Keystore secretkey object
* @throws KeystoreException for all errors
**/
public static Key loadKey(String algorithm
, String file
, StringBuffer passphrase)
throws KeystoreException {
FileInputStream fInput = null;
ByteArrayOutputStream baos = null;
PBEKeySpec pbeKeySpec;
PBEParameterSpec pbeParamSpec;
SecretKeyFactory keyFac;
SecretKey pbeKey;
Cipher pbeCipher;
Key newkey;
try {
// Add Bouncy Castle provider
Security.addProvider(new BouncyCastleProvider());
fInput = new FileInputStream(file);
// read the salt
byte[] randomsalt = new byte[8];
fInput.read(randomsalt);
// read the wrapped key
baos = new ByteArrayOutputStream();
int i = 0;
while ((i = fInput.read()) != -1) {
baos.write(i);
}
byte[] wrappedKey = baos.toByteArray();
// Create PBE parameter set
pbeParamSpec = new PBEParameterSpec(randomsalt, SECRET_KEYSTORE_COUNT);
pbeKeySpec = new PBEKeySpec(passphrase.toString().toCharArray());
keyFac = SecretKeyFactory.getInstance(SECRET_KEYSTORE_ALGORITHM);
pbeKey = keyFac.generateSecret(pbeKeySpec);
// Create PBE Cipher
pbeCipher = Cipher.getInstance(SECRET_KEYSTORE_ALGORITHM);
// Unwrap the key
pbeCipher.init(Cipher.UNWRAP_MODE, pbeKey, pbeParamSpec);
newkey = pbeCipher.unwrap(wrappedKey, algorithm, Cipher.SECRET_KEY);
return newkey;
} catch (Exception ex) {
ex.printStackTrace();
throw new KeystoreException(ex.getMessage());
} finally {
// close the file
if (fInput != null) {
try {
fInput.close();
} catch (IOException ioe) {
;
}
}
// close the outputstream
if (baos != null) {
try {
baos.close();
} catch (IOException ioe) {
;
}
}
// cleanup
pbeKey = null;
Clean.blank(passphrase);
passphrase = null;
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -