webpublickeystore.java

用于移动设备上的java虚拟机源代码

/*
 * @(#)WebPublicKeyStore.java	1.12 02/09/19 @(#)
 *
 * Copyright (c) 2001-2002 Sun Microsystems, Inc.  All rights reserved.
 * PROPRIETARY/CONFIDENTIAL
 * Use is subject to license terms.
 */

package com.sun.midp.publickeystore;

import java.io.*;
import java.util.*;
 
import javax.microedition.io.*;

import com.sun.midp.ssl.*;

import com.sun.midp.io.j2me.storage.*;

import com.sun.midp.security.*;

/**
 * A public keystore that can used with SSL.
 * To work with SSL this class implements the SSL
 * {@link PublicKeyStore} interface.
 */
public class WebPublicKeyStore extends PublicKeyStore implements CertStore {
    /** This class has a different security domain than the MIDlet suite */
    private static SecurityToken classSecurityToken;

    /** keystore this package uses for verifying descriptors */
    private static WebPublicKeyStore trustedKeyStore;

    /**
     * Initializes the security domain for this class, so it can
     * perform actions that a normal MIDlet Suite cannot.
     *
     * @param token security token for this class.
     */
    static public void initSecurityToken(SecurityToken token) {
        if (classSecurityToken == null) {
            classSecurityToken = token;
        }
    }
        
    /**
     * Load the certificate authorities for the MIDP RI from storage
     * into the SSL keystore.
     */
    public static void loadCertificateAuthorities() {
        RandomAccessStream storage;
        InputStream tks;
        WebPublicKeyStore ks;

        if (trustedKeyStore != null) {
            return;
        }

        try {
            storage = new RandomAccessStream(classSecurityToken);
            storage.connect(File.getStorageRoot() + "_main.ks",
                            Connector.READ);
            tks = storage.openInputStream();
        } catch (Exception e) {
            System.out.println("Could not open the trusted key store, " +
                               "cannot authenticate HTTPS servers");
            return;
        }

        try {
            ks = new com.sun.midp.publickeystore.WebPublicKeyStore(tks);
        } catch (Exception e) {
            System.out.println("Corrupt key store file, " +
                               "cannot authenticate HTTPS servers");
            e.printStackTrace();
            return;
        } finally {
            try {
                storage.disconnect();
            } catch (Exception e) {
                // nothing we can do.
            }
        }

        WebPublicKeyStore.setTrustedKeyStore(ks);
    }

    /**
     * Establish the given keystore as the system trusted keystore.
     * This is a one-shot method, it will only set the trusted keystore
     * it there is no keystore set. For security purposes only
     * read-only PublicKeyStores should be set.
     * @param keyStore keystore to be the system trusted keystore
     * @see #getTrustedKeyStore
     */
    private static void setTrustedKeyStore(WebPublicKeyStore keyStore) {
        if (trustedKeyStore != null) {
            return;
        }

        trustedKeyStore = keyStore;

        SSLStreamConnection.setTrustedCertStore(keyStore);
        SSLStreamConnection.lockTrustedCertStore();     
    }

    /**
     * Provides the keystore of resident public keys for
     * security domain owners and other CA's.
     * @return keystore of domain owner and CA keys
     * @see #setTrustedKeyStore
     */
    public static WebPublicKeyStore getTrustedKeyStore() {
        return trustedKeyStore;
    }

    /**
     * Constructs an extendable keystore from a serialized keystore created
     * by {@link PublicKeyStoreBuilder}.
     * @param in stream to read a keystore serialized by
     *        {@link PublicKeyStoreBuilder#serialize(OutputStream)} from
     * @exception IOException if the key storage was corrupted
     */
    public WebPublicKeyStore(InputStream in) throws IOException {
        super(in);
    }

    /**
     * Returns the certificate(s) corresponding to a 
     * subject name string.
     * 
     * @param subjectName subject name of the certificate in printable form.
     *
     * @return corresponding certificates or null (if not found)
     */ 
    public X509Certificate[] getCertificates(String subjectName) {
        Vector keys;
        X509Certificate[] certs;

        keys = findKeys(subjectName);
        if (keys == null) {
            return null;
        }

        certs = new X509Certificate[keys.size()];
        for (int i = 0; i < keys.size(); i++) {
            certs[i] = createCertificate((PublicKeyInfo)keys.elementAt(i));
        }

        return certs;
    }

    /**
     * Creates an {@link X509Certificate} using the given public key
     * information.
     * @param keyInfo key information
     * @return X509 certificate
     */
    public static X509Certificate createCertificate(PublicKeyInfo keyInfo) {
        if (keyInfo == null) {
            return null;
        }

	try {
	    X509Certificate cert;

	    cert = new X509Certificate((byte)1, // fixed at version 1
                                new byte[0],
                                keyInfo.getOwner(),
                                keyInfo.getOwner(), // issuer same as subject
                                keyInfo.getNotBefore(),
                                keyInfo.getNotAfter(),
                                keyInfo.getModulus(),
                                keyInfo.getExponent(),
                                null, // we don't use finger prints
                                0);
	    return cert;
	} catch (Exception e) {
	    return null;
	}
    }
}