📄 jdkkeystore.java
字号:
return (Certificate)entry.getObject(); } else { Certificate[] chain = entry.getCertificateChain(); if (chain != null) { return chain[0]; } } } return null; } public String engineGetCertificateAlias( Certificate cert) { Enumeration e = table.elements(); while (e.hasMoreElements()) { StoreEntry entry = (StoreEntry)e.nextElement(); if (entry.getObject() instanceof Certificate) { Certificate c = (Certificate)entry.getObject(); if (c.equals(cert)) { return entry.getAlias(); } } else { Certificate[] chain = entry.getCertificateChain(); if (chain != null && chain[0].equals(cert)) { return entry.getAlias(); } } } return null; } public Certificate[] engineGetCertificateChain( String alias) { StoreEntry entry = (StoreEntry)table.get(alias); if (entry != null) { return entry.getCertificateChain(); } return null; } public Date engineGetCreationDate(String alias) { StoreEntry entry = (StoreEntry)table.get(alias); if (entry != null) { return entry.getDate(); } return null; } public Key engineGetKey( String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException { StoreEntry entry = (StoreEntry)table.get(alias); if (entry == null || entry.getType() == CERTIFICATE) { return null; } return (Key)entry.getObject(password); } public boolean engineIsCertificateEntry( String alias) { StoreEntry entry = (StoreEntry)table.get(alias); if (entry != null && entry.getType() == CERTIFICATE) { return true; } return false; } public boolean engineIsKeyEntry( String alias) { StoreEntry entry = (StoreEntry)table.get(alias); if (entry != null && entry.getType() != CERTIFICATE) { return true; } return false; } public void engineSetCertificateEntry( String alias, Certificate cert) throws KeyStoreException { StoreEntry entry = (StoreEntry)table.get(alias); if (entry != null && entry.getType() != CERTIFICATE) { throw new KeyStoreException("key store already has a key entry with alias " + alias); } table.put(alias, new StoreEntry(alias, cert)); } public void engineSetKeyEntry( String alias, byte[] key, Certificate[] chain) throws KeyStoreException { table.put(alias, new StoreEntry(alias, key, chain)); } public void engineSetKeyEntry( String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException { if ((key instanceof PrivateKey) && (chain == null)) { throw new KeyStoreException("no certificate chain for private key"); } try { table.put(alias, new StoreEntry(alias, key, password, chain)); } catch (Exception e) { throw new KeyStoreException(e.toString()); } } public int engineSize() { return table.size(); } protected boolean isSameAs( byte[] one, byte[] two) { if (one.length != two.length) { return false; } for (int i = 0; i != one.length; i++) { if (one[i] != two[i]) { return false; } } return true; } protected void loadStore( InputStream in) throws IOException { DataInputStream dIn = new DataInputStream(in); int type = dIn.read(); while (type > NULL) { String alias = dIn.readUTF(); Date date = new Date(dIn.readLong()); int chainLength = dIn.readInt(); Certificate[] chain = null; if (chainLength != 0) { chain = new Certificate[chainLength]; for (int i = 0; i != chainLength; i++) { chain[i] = decodeCertificate(dIn); } } switch (type) { case CERTIFICATE: Certificate cert = decodeCertificate(dIn); table.put(alias, new StoreEntry(alias, date, CERTIFICATE, cert)); break; case KEY: Key key = decodeKey(dIn); table.put(alias, new StoreEntry(alias, date, KEY, key, chain)); break; case SECRET: case SEALED: byte[] b = new byte[dIn.readInt()]; dIn.readFully(b); table.put(alias, new StoreEntry(alias, date, type, b, chain)); break; default: throw new RuntimeException("Unknown object type in store."); } type = dIn.read(); } } protected void saveStore( OutputStream out) throws IOException { Enumeration e = table.elements(); DataOutputStream dOut = new DataOutputStream(out); while (e.hasMoreElements()) { StoreEntry entry = (StoreEntry)e.nextElement(); dOut.write(entry.getType()); dOut.writeUTF(entry.getAlias()); dOut.writeLong(entry.getDate().getTime()); Certificate[] chain = entry.getCertificateChain(); if (chain == null) { dOut.writeInt(0); } else { dOut.writeInt(chain.length); for (int i = 0; i != chain.length; i++) { encodeCertificate(chain[i], dOut); } } switch (entry.getType()) { case CERTIFICATE: encodeCertificate((Certificate)entry.getObject(), dOut); break; case KEY: encodeKey((Key)entry.getObject(), dOut); break; case SEALED: case SECRET: byte[] b = (byte[])entry.getObject(); dOut.writeInt(b.length); dOut.write(b); break; default: throw new RuntimeException("Unknown object type in store."); } } dOut.write(NULL); } public void engineLoad( InputStream stream, char[] password) throws IOException { table.clear(); if (stream == null) // just initialising { return; } DataInputStream dIn = new DataInputStream(stream); int version = dIn.readInt(); if (version != STORE_VERSION) { if (version != 0) { throw new IOException("Wrong version of key store."); } } byte[] salt = new byte[dIn.readInt()]; dIn.readFully(salt); int iterationCount = dIn.readInt(); HMac hMac = new HMac(new SHA1Digest()); MacInputStream mIn = new MacInputStream(dIn, hMac); PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); pbeGen.init(passKey, salt, iterationCount); hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); for (int i = 0; i != passKey.length; i++) { passKey[i] = 0; } loadStore(mIn); byte[] mac = new byte[hMac.getMacSize()]; byte[] oldMac = new byte[hMac.getMacSize()]; hMac.doFinal(mac, 0); for (int i = 0; i != oldMac.length; i++) { oldMac[i] = (byte)dIn.read(); } // // we only do an integrity check if the password is provided. // if ((password != null && password.length != 0) && !isSameAs(mac, oldMac)) { table.clear(); throw new IOException("KeyStore integrity check failed."); } } public void engineStore(OutputStream stream, char[] password) throws IOException { DataOutputStream dOut = new DataOutputStream(stream); byte[] salt = new byte[STORE_SALT_SIZE]; int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); random.nextBytes(salt); dOut.writeInt(STORE_VERSION); dOut.writeInt(salt.length); dOut.write(salt); dOut.writeInt(iterationCount); HMac hMac = new HMac(new SHA1Digest()); MacOutputStream mOut = new MacOutputStream(dOut, hMac); PBEParametersGenerator pbeGen = new PKCS12ParametersGenerator(new SHA1Digest()); byte[] passKey = PBEParametersGenerator.PKCS12PasswordToBytes(password); pbeGen.init(passKey, salt, iterationCount); hMac.init(pbeGen.generateDerivedMacParameters(hMac.getMacSize())); for (int i = 0; i != passKey.length; i++) { passKey[i] = 0; } saveStore(mOut); byte[] mac = new byte[hMac.getMacSize()]; hMac.doFinal(mac, 0); dOut.write(mac); dOut.close(); } /** * the BouncyCastle store. This wont work with the key tool as the * store is stored encrypteed on disk, so the password is mandatory, * however if you hard drive is in a bad part of town and you absolutely, * positively, don't want nobody peeking at your things, this is the * one to use, no problem! After all in a Bouncy Castle nothing can * touch you. * * Also referred to by the alias UBER. */ public static class BouncyCastleStore extends JDKKeyStore { public void engineLoad( InputStream stream, char[] password) throws IOException { table.clear(); if (stream == null) // just initialising { return; } Cipher cipher; DataInputStream dIn = new DataInputStream(stream); int version = dIn.readInt(); if (version != STORE_VERSION) { if (version != 0) { throw new IOException("Wrong version of key store."); } } byte[] salt = new byte[dIn.readInt()]; if (salt.length != STORE_SALT_SIZE) { throw new IOException("Key store corrupted."); } dIn.readFully(salt); int iterationCount = dIn.readInt(); if ((iterationCount < 0) || (iterationCount > 4 * MIN_ITERATIONS)) { throw new IOException("Key store corrupted."); } if (version == 0) { cipher = this.makePBECipher("Old" + STORE_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); } else { cipher = this.makePBECipher(STORE_CIPHER, Cipher.DECRYPT_MODE, password, salt, iterationCount); } CipherInputStream cIn = new CipherInputStream(dIn, cipher); DigestInputStream dgIn = new DigestInputStream(cIn, new SHA1Digest()); this.loadStore(dgIn); Digest dig = dgIn.getDigest(); int digSize = dig.getDigestSize(); byte[] hash = new byte[digSize]; byte[] oldHash = new byte[digSize]; dig.doFinal(hash, 0); for (int i = 0; i != digSize; i++) { oldHash[i] = (byte)cIn.read(); } if (!this.isSameAs(hash, oldHash)) { table.clear(); throw new IOException("KeyStore integrity check failed."); } } public void engineStore(OutputStream stream, char[] password) throws IOException { Cipher cipher; DataOutputStream dOut = new DataOutputStream(stream); byte[] salt = new byte[STORE_SALT_SIZE]; int iterationCount = MIN_ITERATIONS + (random.nextInt() & 0x3ff); random.nextBytes(salt); dOut.writeInt(STORE_VERSION); dOut.writeInt(salt.length); dOut.write(salt); dOut.writeInt(iterationCount); cipher = this.makePBECipher(STORE_CIPHER, Cipher.ENCRYPT_MODE, password, salt, iterationCount); CipherOutputStream cOut = new CipherOutputStream(dOut, cipher); DigestOutputStream dgOut = new DigestOutputStream(cOut, new SHA1Digest()); this.saveStore(dgOut); Digest dig = dgOut.getDigest(); byte[] hash = new byte[dig.getDigestSize()]; dig.doFinal(hash, 0); cOut.write(hash); cOut.close(); } }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -