📄 jdkpkcs12keystore.java
字号:
PKCS12PBEParams cParams = new PKCS12PBEParams(cSalt, MIN_ITERATIONS); AlgorithmIdentifier cAlgId = new AlgorithmIdentifier(certAlgorithm, cParams.getDERObject()); Hashtable doneCerts = new Hashtable(); Enumeration cs = keys.keys(); while (cs.hasMoreElements()) { try { String name = (String)cs.nextElement(); Certificate cert = engineGetCertificate(name); boolean cAttrSet = false; CertBag cBag = new CertBag( x509Certificate, new DEROctetString(cert.getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); if (cert instanceof PKCS12BagAttributeCarrier) { PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; // // make sure we are using the local alias on store // DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(name)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(name)); } // // make sure we have a local key-id // if (bagAttrs.getBagAttribute(pkcs_9_at_localKeyId) == null) { bagAttrs.setBagAttribute(pkcs_9_at_localKeyId, createSubjectKeyId(cert.getPublicKey())); } Enumeration e = bagAttrs.getBagAttributeKeys(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(oid); fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); fName.add(new DERSequence(fSeq)); cAttrSet = true; } } if (!cAttrSet) { ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(pkcs_9_at_localKeyId); fSeq.add(new DERSet(createSubjectKeyId(cert.getPublicKey()))); fName.add(new DERSequence(fSeq)); fSeq = new ASN1EncodableVector(); fSeq.add(pkcs_9_at_friendlyName); fSeq.add(new DERSet(new DERBMPString(name))); fName.add(new DERSequence(fSeq)); } SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName)); certSeq.add(sBag); doneCerts.put(cert, cert); } catch (CertificateEncodingException e) { throw new IOException("Error encoding certificate: " + e.toString()); } } cs = certs.keys(); while (cs.hasMoreElements()) { try { String certId = (String)cs.nextElement(); Certificate cert = (Certificate)certs.get(certId); boolean cAttrSet = false; if (keys.get(certId) != null) { continue; } CertBag cBag = new CertBag( x509Certificate, new DEROctetString(cert.getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); if (cert instanceof PKCS12BagAttributeCarrier) { PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; // // make sure we are using the local alias on store // DERBMPString nm = (DERBMPString)bagAttrs.getBagAttribute(pkcs_9_at_friendlyName); if (nm == null || !nm.getString().equals(certId)) { bagAttrs.setBagAttribute(pkcs_9_at_friendlyName, new DERBMPString(certId)); } Enumeration e = bagAttrs.getBagAttributeKeys(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. // // If we find one, we'll prune it out. if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { continue; } ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(oid); fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); fName.add(new DERSequence(fSeq)); cAttrSet = true; } } if (!cAttrSet) { ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(pkcs_9_at_friendlyName); fSeq.add(new DERSet(new DERBMPString(certId))); fName.add(new DERSequence(fSeq)); } SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName)); certSeq.add(sBag); doneCerts.put(cert, cert); } catch (CertificateEncodingException e) { throw new IOException("Error encoding certificate: " + e.toString()); } } cs = chainCerts.keys(); while (cs.hasMoreElements()) { try { CertId certId = (CertId)cs.nextElement(); Certificate cert = (Certificate)chainCerts.get(certId); if (doneCerts.get(cert) != null) { continue; } CertBag cBag = new CertBag( x509Certificate, new DEROctetString(cert.getEncoded())); ASN1EncodableVector fName = new ASN1EncodableVector(); if (cert instanceof PKCS12BagAttributeCarrier) { PKCS12BagAttributeCarrier bagAttrs = (PKCS12BagAttributeCarrier)cert; Enumeration e = bagAttrs.getBagAttributeKeys(); while (e.hasMoreElements()) { DERObjectIdentifier oid = (DERObjectIdentifier)e.nextElement(); // a certificate not immediately linked to a key doesn't require // a localKeyID and will confuse some PKCS12 implementations. // // If we find one, we'll prune it out. if (oid.equals(PKCSObjectIdentifiers.pkcs_9_at_localKeyId)) { continue; } ASN1EncodableVector fSeq = new ASN1EncodableVector(); fSeq.add(oid); fSeq.add(new DERSet(bagAttrs.getBagAttribute(oid))); fName.add(new DERSequence(fSeq)); } } SafeBag sBag = new SafeBag(certBag, cBag.getDERObject(), new DERSet(fName)); certSeq.add(sBag); } catch (CertificateEncodingException e) { throw new IOException("Error encoding certificate: " + e.toString()); } } byte[] certSeqEncoded = new DERSequence(certSeq).getDEREncoded(); byte[] certBytes = cryptData(true, cAlgId, password, false, certSeqEncoded); EncryptedData cInfo = new EncryptedData(data, cAlgId, new BERConstructedOctetString(certBytes)); ContentInfo[] info = new ContentInfo[] { new ContentInfo(data, keyString), new ContentInfo(encryptedData, cInfo.getDERObject()) }; AuthenticatedSafe auth = new AuthenticatedSafe(info); ByteArrayOutputStream bOut = new ByteArrayOutputStream(); BEROutputStream berOut = new BEROutputStream(bOut); berOut.writeObject(auth); byte[] pkg = bOut.toByteArray(); ContentInfo mainInfo = new ContentInfo(data, new BERConstructedOctetString(pkg)); // // create the mac // byte[] mSalt = new byte[20]; int itCount = MIN_ITERATIONS; random.nextBytes(mSalt); byte[] data = ((ASN1OctetString)mainInfo.getContent()).getOctets(); MacData mData; try { byte[] res = calculatePbeMac(id_SHA1, mSalt, itCount, password, false, data); AlgorithmIdentifier algId = new AlgorithmIdentifier(id_SHA1, new DERNull()); DigestInfo dInfo = new DigestInfo(algId, res); mData = new MacData(dInfo, mSalt, itCount); } catch (Exception e) { throw new IOException("error constructing MAC: " + e.toString()); } // // output the Pfx // Pfx pfx = new Pfx(mainInfo, mData); berOut = new BEROutputStream(stream); berOut.writeObject(pfx); } private static byte[] calculatePbeMac( DERObjectIdentifier oid, byte[] salt, int itCount, char[] password, boolean wrongPkcs12Zero, byte[] data) throws Exception { SecretKeyFactory keyFact = SecretKeyFactory.getInstance(oid.getId(), bcProvider); PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); PBEKeySpec pbeSpec = new PBEKeySpec(password); JCEPBEKey key = (JCEPBEKey) keyFact.generateSecret(pbeSpec); key.setTryWrongPKCS12Zero(wrongPkcs12Zero); Mac mac = Mac.getInstance(oid.getId(), bcProvider); mac.init(key, defParams); mac.update(data); return mac.doFinal(); } public static class BCPKCS12KeyStore extends JDKPKCS12KeyStore { public BCPKCS12KeyStore() { super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC); } } public static class BCPKCS12KeyStore3DES extends JDKPKCS12KeyStore { public BCPKCS12KeyStore3DES() { super(bcProvider, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); } } public static class DefPKCS12KeyStore extends JDKPKCS12KeyStore { public DefPKCS12KeyStore() { super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbewithSHAAnd40BitRC2_CBC); } } public static class DefPKCS12KeyStore3DES extends JDKPKCS12KeyStore { public DefPKCS12KeyStore3DES() { super(null, pbeWithSHAAnd3_KeyTripleDES_CBC, pbeWithSHAAnd3_KeyTripleDES_CBC); } } private static class IgnoresCaseHashtable { private Hashtable orig = new Hashtable(); private Hashtable keys = new Hashtable(); public void put(String key, Object value) { String lower = Strings.toLowerCase(key); String k = (String)keys.get(lower); if (k != null) { orig.remove(k); } keys.put(lower, key); orig.put(key, value); } public Enumeration keys() { return orig.keys(); } public Object remove(String alias) { String k = (String)keys.remove(Strings.toLowerCase(alias)); if (k == null) { return null; } return orig.remove(k); } public Object get(String alias) { String k = (String)keys.get(Strings.toLowerCase(alias)); if (k == null) { return null; } return orig.get(k); } public Enumeration elements() { return orig.elements(); } }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -