📄 jdkpkcs12keystore.java
字号:
ASN1Sequence sq = (ASN1Sequence)e.nextElement(); DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); DERObject attr = null; if (attrSet.size() > 0) { attr = (DERObject)attrSet.getObjectAt(0); bagAttr.setBagAttribute(aOid, attr); } if (aOid.equals(pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); keys.put(alias, privKey); } else if (aOid.equals(pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } } if (localId != null) { String name = new String(Hex.encode(localId.getOctets())); if (alias == null) { keys.put(name, privKey); } else { localIds.put(alias, name); } } else { unmarkedKey = true; keys.put("unmarked", privKey); } } else if (b.getBagId().equals(certBag)) { chain.addElement(b); } else { System.out.println("extra in data " + b.getBagId()); System.out.println(ASN1Dump.dumpAsString(b)); } } } else if (c[i].getContentType().equals(encryptedData)) { EncryptedData d = new EncryptedData((ASN1Sequence)c[i].getContent()); byte[] octets = cryptData(false, d.getEncryptionAlgorithm(), password, wrongPKCS12Zero, d.getContent().getOctets()); ASN1Sequence seq = (ASN1Sequence) ASN1Object.fromByteArray(octets); for (int j = 0; j != seq.size(); j++) { SafeBag b = new SafeBag((ASN1Sequence)seq.getObjectAt(j)); if (b.getBagId().equals(certBag)) { chain.addElement(b); } else if (b.getBagId().equals(pkcs8ShroudedKeyBag)) { org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo eIn = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo((ASN1Sequence)b.getBagValue()); PrivateKey privKey = unwrapKey(eIn.getEncryptionAlgorithm(), eIn.getEncryptedData(), password, wrongPKCS12Zero); // // set the attributes on the key // PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; String alias = null; ASN1OctetString localId = null; Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { ASN1Sequence sq = (ASN1Sequence)e.nextElement(); DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet= (ASN1Set)sq.getObjectAt(1); DERObject attr = null; if (attrSet.size() > 0) { attr = (DERObject)attrSet.getObjectAt(0); bagAttr.setBagAttribute(aOid, attr); } if (aOid.equals(pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); keys.put(alias, privKey); } else if (aOid.equals(pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } String name = new String(Hex.encode(localId.getOctets())); if (alias == null) { keys.put(name, privKey); } else { localIds.put(alias, name); } } else if (b.getBagId().equals(keyBag)) { org.bouncycastle.asn1.pkcs.PrivateKeyInfo pIn = new org.bouncycastle.asn1.pkcs.PrivateKeyInfo((ASN1Sequence)b.getBagValue()); PrivateKey privKey = JDKKeyFactory.createPrivateKeyFromPrivateKeyInfo(pIn); // // set the attributes on the key // PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier)privKey; String alias = null; ASN1OctetString localId = null; Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { ASN1Sequence sq = (ASN1Sequence)e.nextElement(); DERObjectIdentifier aOid = (DERObjectIdentifier)sq.getObjectAt(0); ASN1Set attrSet = (ASN1Set)sq.getObjectAt(1); DERObject attr = null; if (attrSet.size() > 0) { attr = (DERObject)attrSet.getObjectAt(0); bagAttr.setBagAttribute(aOid, attr); } if (aOid.equals(pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); keys.put(alias, privKey); } else if (aOid.equals(pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } String name = new String(Hex.encode(localId.getOctets())); if (alias == null) { keys.put(name, privKey); } else { localIds.put(alias, name); } } else { System.out.println("extra in encryptedData " + b.getBagId()); System.out.println(ASN1Dump.dumpAsString(b)); } } } else { System.out.println("extra " + c[i].getContentType().getId()); System.out.println("extra " + ASN1Dump.dumpAsString(c[i].getContent())); } } } certs = new IgnoresCaseHashtable(); chainCerts = new Hashtable(); keyCerts = new Hashtable(); for (int i = 0; i != chain.size(); i++) { SafeBag b = (SafeBag)chain.elementAt(i); CertBag cb = new CertBag((ASN1Sequence)b.getBagValue()); if (!cb.getCertId().equals(x509Certificate)) { throw new RuntimeException("Unsupported certificate type: " + cb.getCertId()); } Certificate cert; try { ByteArrayInputStream cIn = new ByteArrayInputStream( ((ASN1OctetString)cb.getCertValue()).getOctets()); cert = certFact.generateCertificate(cIn); } catch (Exception e) { throw new RuntimeException(e.toString()); } // // set the attributes // ASN1OctetString localId = null; String alias = null; if (b.getBagAttributes() != null) { Enumeration e = b.getBagAttributes().getObjects(); while (e.hasMoreElements()) { ASN1Sequence sq = (ASN1Sequence)e.nextElement(); DERObjectIdentifier oid = (DERObjectIdentifier)sq.getObjectAt(0); DERObject attr = (DERObject)((ASN1Set)sq.getObjectAt(1)).getObjectAt(0); PKCS12BagAttributeCarrier bagAttr = null; if (cert instanceof PKCS12BagAttributeCarrier) { bagAttr = (PKCS12BagAttributeCarrier)cert; bagAttr.setBagAttribute(oid, attr); } if (oid.equals(pkcs_9_at_friendlyName)) { alias = ((DERBMPString)attr).getString(); } else if (oid.equals(pkcs_9_at_localKeyId)) { localId = (ASN1OctetString)attr; } } } chainCerts.put(new CertId(cert.getPublicKey()), cert); if (unmarkedKey) { if (keyCerts.isEmpty()) { String name = new String(Hex.encode(createSubjectKeyId(cert.getPublicKey()).getKeyIdentifier())); keyCerts.put(name, cert); keys.put(name, keys.remove("unmarked")); } } else { // // the local key id needs to override the friendly name // if (localId != null) { String name = new String(Hex.encode(localId.getOctets())); keyCerts.put(name, cert); } if (alias != null) { certs.put(alias, cert); } } } } public void engineStore(OutputStream stream, char[] password) throws IOException { if (password == null) { throw new NullPointerException("No password supplied for PKCS#12 KeyStore."); } // // handle the key // ASN1EncodableVector keyS = new ASN1EncodableVector(); Enumeration ks = keys.keys(); while (ks.hasMoreElements()) { byte[] kSalt = new byte[SALT_SIZE]; random.nextBytes(kSalt); String name = (String)ks.nextElement(); PrivateKey privKey = (PrivateKey)keys.get(name); PKCS12PBEParams kParams = new PKCS12PBEParams(kSalt, MIN_ITERATIONS); byte[] kBytes = wrapKey(keyAlgorithm.getId(), privKey, kParams, password); AlgorithmIdentifier kAlgId = new AlgorithmIdentifier(keyAlgorithm, kParams.getDERObject()); org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo kInfo = new org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo(kAlgId, kBytes); boolean attrSet = false; ASN1EncodableVector kName = new ASN1EncodableVector(); if (privKey instanceof PKCS12BagAttributeCarrier) { PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)privKey; // // make sure we are using the local alias on store // DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(name)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); } // // make sure we have a local key-id // if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) { Certificate ct = engineGetCertificate(name); bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(ct.getPublicKey())); } Enumeration e = bagAttrs.getBagAttributeKeys(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); ASN1EncodableVector kSeq = new ASN1EncodableVector(); kSeq.add(oid); kSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); attrSet = true; kName.add(new DERSequence(kSeq)); } } if (!attrSet) { // // set a default friendly name (from the key id) and local id // ASN1EncodableVector kSeq = new ASN1EncodableVector(); Certificate ct = engineGetCertificate(name); kSeq.add(pkcs_9_at_localKeyId); kSeq.add(new DERSet(createSubjectKeyId(ct.getPublicKey()))); kName.add(new DERSequence(kSeq)); kSeq = new ASN1EncodableVector(); kSeq.add(pkcs_9_at_friendlyName); kSeq.add(new DERSet(new DERBMPString(name))); kName.add(new DERSequence(kSeq)); } SafeBag kBag = new SafeBag(pkcs8ShroudedKeyBag, kInfo.getDERObject(), new DERSet(kName)); keyS.add(kBag); } byte[] keySEncoded = new DERSequence(keyS).getDEREncoded(); BERConstructedOctetString keyString = new BERConstructedOctetString(keySEncoded); // // certificate processing // byte[] cSalt = new byte[SALT_SIZE]; random.nextBytes(cSalt); ASN1EncodableVector certSeq = new ASN1EncodableVector();⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -