📄 jdkpkcs12keystore.java
字号:
// // no authority key id, try the Issuer DN // Principal i = x509c.getIssuerDN(); Principal s = x509c.getSubjectDN(); if (!i.equals(s)) { Enumeration e = chainCerts.keys(); while (e.hasMoreElements()) { X509Certificate crt = (X509Certificate)chainCerts.get(e.nextElement()); Principal sub = crt.getSubjectDN(); if (sub.equals(i)) { try { x509c.verify(crt.getPublicKey()); nextC = crt; break; } catch (Exception ex) { // continue } } } } } cs.addElement(c); if (nextC != c) // self signed - end of the chain { c = nextC; } else { c = null; } } Certificate[] certChain = new Certificate[cs.size()]; for (int i = 0; i != certChain.length; i++) { certChain[i] = (Certificate)cs.elementAt(i); } return certChain; } return null; } public Date engineGetCreationDate(String alias) { return new Date(); } public Key engineGetKey( String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException { if (alias == null) { throw new IllegalArgumentException("null alias passed to getKey."); } return (Key)keys.get(alias); } public boolean engineIsCertificateEntry( String alias) { return (certs.get(alias) != null && keys.get(alias) == null); } public boolean engineIsKeyEntry( String alias) { return (keys.get(alias) != null); } public void engineSetCertificateEntry( String alias, Certificate cert) throws KeyStoreException { if (keys.get(alias) != null) { throw new KeyStoreException("There is a key entry with the name " + alias + "."); } certs.put(alias, cert); chainCerts.put(new CertId(cert.getPublicKey()), cert); } public void engineSetKeyEntry( String alias, byte[] key, Certificate[] chain) throws KeyStoreException { throw new RuntimeException("operation not supported"); } public void engineSetKeyEntry( String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException { if ((key instanceof PrivateKey) && (chain == null)) { throw new KeyStoreException("no certificate chain for private key"); } if (keys.get(alias) != null) { engineDeleteEntry(alias); } keys.put(alias, key); certs.put(alias, chain[0]); for (int i = 0; i != chain.length; i++) { chainCerts.put(new CertId(chain[i].getPublicKey()), chain[i]); } } public int engineSize() { Hashtable tab = new Hashtable(); Enumeration e = certs.keys(); while (e.hasMoreElements()) { tab.put(e.nextElement(), "cert"); } e = keys.keys(); while (e.hasMoreElements()) { String a = (String)e.nextElement(); if (tab.get(a) == null) { tab.put(a, "key"); } } return tab.size(); } protected PrivateKey unwrapKey( AlgorithmIdentifier algId, byte[] data, char[] password, boolean wrongPKCS12Zero) throws IOException { String algorithm = algId.getObjectId().getId(); PKCS12PBEParams pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters()); PBEKeySpec pbeSpec = new PBEKeySpec(password); PrivateKey out; try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance( algorithm, bcProvider); PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); SecretKey k = keyFact.generateSecret(pbeSpec); ((JCEPBEKey)k).setTryWrongPKCS12Zero(wrongPKCS12Zero); Cipher cipher = Cipher.getInstance(algorithm, bcProvider); cipher.init(Cipher.UNWRAP_MODE, k, defParams); // we pass "" as the key algorithm type as it is unknown at this point out = (PrivateKey)cipher.unwrap(data, "", Cipher.PRIVATE_KEY); } catch (Exception e) { throw new IOException("exception unwrapping private key - " + e.toString()); } return out; } protected byte[] wrapKey( String algorithm, Key key, PKCS12PBEParams pbeParams, char[] password) throws IOException { PBEKeySpec pbeSpec = new PBEKeySpec(password); byte[] out; try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance( algorithm, bcProvider); PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); Cipher cipher = Cipher.getInstance(algorithm, bcProvider); cipher.init(Cipher.WRAP_MODE, keyFact.generateSecret(pbeSpec), defParams); out = cipher.wrap(key); } catch (Exception e) { throw new IOException("exception encrypting data - " + e.toString()); } return out; } protected byte[] cryptData( boolean forEncryption, AlgorithmIdentifier algId, char[] password, boolean wrongPKCS12Zero, byte[] data) throws IOException { String algorithm = algId.getObjectId().getId(); PKCS12PBEParams pbeParams = new PKCS12PBEParams((ASN1Sequence)algId.getParameters()); PBEKeySpec pbeSpec = new PBEKeySpec(password); try { SecretKeyFactory keyFact = SecretKeyFactory.getInstance(algorithm, bcProvider); PBEParameterSpec defParams = new PBEParameterSpec( pbeParams.getIV(), pbeParams.getIterations().intValue()); JCEPBEKey key = (JCEPBEKey) keyFact.generateSecret(pbeSpec); key.setTryWrongPKCS12Zero(wrongPKCS12Zero); Cipher cipher = Cipher.getInstance(algorithm, bcProvider); int mode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE; cipher.init(mode, key, defParams); return cipher.doFinal(data); } catch (Exception e) { throw new IOException("exception decrypting data - " + e.toString()); } } public void engineLoad( InputStream stream, char[] password) throws IOException { if (stream == null) // just initialising { return; } if (password == null) { throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); } BufferedInputStream bufIn = new BufferedInputStream(stream); bufIn.mark(10); int head = bufIn.read(); if (head != 0x30) { throw new IOException("stream does not represent a PKCS12 key store"); } bufIn.reset(); ASN1InputStream bIn = new ASN1InputStream(bufIn); ASN1Sequence obj = (ASN1Sequence)bIn.readObject(); Pfx bag = new Pfx(obj); ContentInfo info = bag.getAuthSafe(); Vector chain = new Vector(); boolean unmarkedKey = false; boolean wrongPKCS12Zero = false; if (bag.getMacData() != null) // check the mac code { MacData mData = bag.getMacData(); DigestInfo dInfo = mData.getMac(); AlgorithmIdentifier algId = dInfo.getAlgorithmId(); byte[] salt = mData.getSalt(); int itCount = mData.getIterationCount().intValue(); byte[] data = ((ASN1OctetString)info.getContent()).getOctets(); try { byte[] res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, false, data); byte[] dig = dInfo.getDigest(); if (!Arrays.areEqual(res, dig)) { if (password.length > 0) { throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); } // Try with incorrect zero length password res = calculatePbeMac(algId.getObjectId(), salt, itCount, password, true, data); if (!Arrays.areEqual(res, dig)) { throw new IOException("PKCS12 key store mac invalid - wrong password or corrupted file."); } wrongPKCS12Zero = true; } } catch (IOException e) { throw e; } catch (Exception e) { throw new IOException("error constructing MAC: " + e.toString()); } } keys = new IgnoresCaseHashtable(); localIds = new Hashtable(); if (info.getContentType().equals(data)) { bIn = new ASN1InputStream(((ASN1OctetString)info.getContent()).getOctets()); AuthenticatedSafe authSafe = new AuthenticatedSafe((ASN1Sequence)bIn.readObject()); ContentInfo[] c = authSafe.getContentInfo(); for (int i = 0; i != c.length; i++) { if (c[i].getContentType().equals(data)) { ASN1InputStream dIn = new ASN1InputStream(((ASN1OctetString)c[i].getContent()).getOctets()); ASN1Sequence seq = (ASN1Sequence)dIn.readObject(); for (int j = 0; j != seq.size(); j++) { SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); if (b.getBagId().equals(pkcs8ShroudedKeyBag)) { org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo((ASN1Sequence)b.getBagValue()); PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); // // set the attributes on the key // PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; String alias = null; ASN1OctetString localId = null; if (b.getBagAttributes() != null) { Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -