/** {@inheritDoc} */
  public void saveKeyStore(KeyStore store, char[] password) throws KeyStoreException, IOException {

    if (LOG.isEnabledFor(Level.DEBUG)) {
      LOG.debug("Writing " + store + " to " + keystore_location);
    }

    try {
      OutputStream os = null;

      if ("file".equalsIgnoreCase(keystore_location.getScheme())) {
        os = new FileOutputStream(new File(keystore_location));
      } else {
        os = keystore_location.toURL().openConnection().getOutputStream();
      }
      store.store(os, password);
    } catch (NoSuchAlgorithmException failed) {
      KeyStoreException failure =
          new KeyStoreException("NoSuchAlgorithmException during keystore processing");
      failure.initCause(failed);
      throw failure;
    } catch (CertificateException failed) {
      KeyStoreException failure =
          new KeyStoreException("CertificateException during keystore processing");
      failure.initCause(failed);
      throw failure;
    }
  }
  /** {@inheritDoc} */
  public void createKeyStore(char[] store_password) throws KeyStoreException, IOException {
    try {
      KeyStore store;
      if (null == keystore_provider) {
        store = KeyStore.getInstance(keystore_type);
      } else {
        store = KeyStore.getInstance(keystore_type, keystore_provider);
      }

      store.load(null, store_password);

      saveKeyStore(store, store_password);
    } catch (NoSuchProviderException failed) {
      KeyStoreException failure =
          new KeyStoreException("NoSuchProviderException during keystore processing");
      failure.initCause(failed);
      throw failure;
    } catch (NoSuchAlgorithmException failed) {
      KeyStoreException failure =
          new KeyStoreException("NoSuchAlgorithmException during keystore processing");
      failure.initCause(failed);
      throw failure;
    } catch (CertificateException failed) {
      KeyStoreException failure =
          new KeyStoreException("CertificateException during keystore processing");
      failure.initCause(failed);
      throw failure;
    }
  }
Beispiel #3
0
  /**
   * Returns the private key for the specified ID.
   *
   * @param id The ID of the requested private key.
   * @param key_password The passphrase associated with the private key or {@code null} if the key
   *     has no passphrase.
   * @return PrivateKey for the specified ID.
   * @throws KeyStoreException When the wrong keystore has been provided.
   * @throws IOException For errors related to processing the keystore.
   */
  public PrivateKey getKey(ID id, char[] key_password) throws KeyStoreException, IOException {

    String alias = id.toString();

    try {
      synchronized (keystore_manager) {
        KeyStore store = keystore_manager.loadKeyStore(keystore_password);

        if (!store.containsAlias(alias) || !store.isKeyEntry(alias)) {
          return null;
        }

        return (PrivateKey) store.getKey(alias, key_password);
      }

    } catch (NoSuchAlgorithmException failed) {

      Logging.logCheckedSevere(LOG, "Something failed\n", failed);

      KeyStoreException failure = new KeyStoreException("Something Failed");

      failure.initCause(failed);
      throw failure;

    } catch (UnrecoverableKeyException failed) {

      Logging.logCheckedSevere(LOG, "Key passphrase failure\n", failed);

      KeyStoreException failure = new KeyStoreException("Key passphrase failure");
      failure.initCause(failed);
      throw failure;
    }
  }
  /** {@inheritDoc} */
  public KeyStore loadKeyStore(char[] password) throws KeyStoreException, IOException {

    if (LOG.isEnabledFor(Level.DEBUG)) {
      LOG.debug(
          "Loading ("
              + keystore_type
              + ","
              + keystore_provider
              + ") store from "
              + keystore_location);
    }

    try {
      KeyStore store;
      if (null == keystore_provider) {
        store = KeyStore.getInstance(keystore_type);
      } else {
        store = KeyStore.getInstance(keystore_type, keystore_provider);
      }

      store.load(keystore_location.toURL().openStream(), password);

      return store;
    } catch (NoSuchAlgorithmException failed) {
      KeyStoreException failure =
          new KeyStoreException("NoSuchAlgorithmException during keystore processing");
      failure.initCause(failed);
      throw failure;
    } catch (CertificateException failed) {
      KeyStoreException failure =
          new KeyStoreException("CertificateException during keystore processing");
      failure.initCause(failed);
      throw failure;
    } catch (NoSuchProviderException failed) {
      KeyStoreException failure =
          new KeyStoreException("NoSuchProviderException during keystore processing");
      failure.initCause(failed);
      throw failure;
    }
  }
Beispiel #5
0
  /**
   * Assigns the given key to the given alias, protecting it with the given password.
   *
   * <p>If the given key is of type <code>java.security.PrivateKey</code>, it must be accompanied by
   * a certificate chain certifying the corresponding public key.
   *
   * <p>If the given alias already exists, the keystore information associated with it is overridden
   * by the given key (and possibly certificate chain).
   *
   * @param alias the alias name
   * @param key the key to be associated with the alias
   * @param password the password to protect the key
   * @param chain the certificate chain for the corresponding public key (only required if the given
   *     key is of type <code>java.security.PrivateKey</code>).
   * @exception KeyStoreException if the given key cannot be protected, or this operation fails for
   *     some other reason
   */
  public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
      throws KeyStoreException {
    permissionCheck();

    synchronized (entries) {
      try {
        KeyEntry entry = new KeyEntry();
        entry.date = new Date();

        if (key instanceof PrivateKey) {
          if ((key.getFormat().equals("PKCS#8")) || (key.getFormat().equals("PKCS8"))) {
            entry.protectedPrivKey = encryptPrivateKey(key.getEncoded(), password);
            entry.password = password.clone();
          } else {
            throw new KeyStoreException("Private key is not encoded as PKCS#8");
          }
        } else {
          throw new KeyStoreException("Key is not a PrivateKey");
        }

        // clone the chain
        if (chain != null) {
          if ((chain.length > 1) && !validateChain(chain)) {
            throw new KeyStoreException("Certificate chain does not validate");
          }

          entry.chain = chain.clone();
          entry.chainRefs = new long[entry.chain.length];
        }

        String lowerAlias = alias.toLowerCase();
        if (entries.get(lowerAlias) != null) {
          deletedEntries.put(lowerAlias, entries.get(lowerAlias));
        }

        entries.put(lowerAlias, entry);
        addedEntries.put(lowerAlias, entry);
      } catch (Exception nsae) {
        KeyStoreException ke = new KeyStoreException("Key protection algorithm not found: " + nsae);
        ke.initCause(nsae);
        throw ke;
      }
    }
  }