/** {@inheritDoc} */
public void saveKeyStore(KeyStore store, char[] password) throws KeyStoreException, IOException {
if (LOG.isEnabledFor(Level.DEBUG)) {
LOG.debug("Writing " + store + " to " + keystore_location);
}
try {
OutputStream os = null;
if ("file".equalsIgnoreCase(keystore_location.getScheme())) {
os = new FileOutputStream(new File(keystore_location));
} else {
os = keystore_location.toURL().openConnection().getOutputStream();
}
store.store(os, password);
} catch (NoSuchAlgorithmException failed) {
KeyStoreException failure =
new KeyStoreException("NoSuchAlgorithmException during keystore processing");
failure.initCause(failed);
throw failure;
} catch (CertificateException failed) {
KeyStoreException failure =
new KeyStoreException("CertificateException during keystore processing");
failure.initCause(failed);
throw failure;
}
}
/** {@inheritDoc} */
public void createKeyStore(char[] store_password) throws KeyStoreException, IOException {
try {
KeyStore store;
if (null == keystore_provider) {
store = KeyStore.getInstance(keystore_type);
} else {
store = KeyStore.getInstance(keystore_type, keystore_provider);
}
store.load(null, store_password);
saveKeyStore(store, store_password);
} catch (NoSuchProviderException failed) {
KeyStoreException failure =
new KeyStoreException("NoSuchProviderException during keystore processing");
failure.initCause(failed);
throw failure;
} catch (NoSuchAlgorithmException failed) {
KeyStoreException failure =
new KeyStoreException("NoSuchAlgorithmException during keystore processing");
failure.initCause(failed);
throw failure;
} catch (CertificateException failed) {
KeyStoreException failure =
new KeyStoreException("CertificateException during keystore processing");
failure.initCause(failed);
throw failure;
}
}
/**
* Returns the private key for the specified ID.
*
* @param id The ID of the requested private key.
* @param key_password The passphrase associated with the private key or {@code null} if the key
* has no passphrase.
* @return PrivateKey for the specified ID.
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
*/
public PrivateKey getKey(ID id, char[] key_password) throws KeyStoreException, IOException {
String alias = id.toString();
try {
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(keystore_password);
if (!store.containsAlias(alias) || !store.isKeyEntry(alias)) {
return null;
}
return (PrivateKey) store.getKey(alias, key_password);
}
} catch (NoSuchAlgorithmException failed) {
Logging.logCheckedSevere(LOG, "Something failed\n", failed);
KeyStoreException failure = new KeyStoreException("Something Failed");
failure.initCause(failed);
throw failure;
} catch (UnrecoverableKeyException failed) {
Logging.logCheckedSevere(LOG, "Key passphrase failure\n", failed);
KeyStoreException failure = new KeyStoreException("Key passphrase failure");
failure.initCause(failed);
throw failure;
}
}
/** {@inheritDoc} */
public KeyStore loadKeyStore(char[] password) throws KeyStoreException, IOException {
if (LOG.isEnabledFor(Level.DEBUG)) {
LOG.debug(
"Loading ("
+ keystore_type
+ ","
+ keystore_provider
+ ") store from "
+ keystore_location);
}
try {
KeyStore store;
if (null == keystore_provider) {
store = KeyStore.getInstance(keystore_type);
} else {
store = KeyStore.getInstance(keystore_type, keystore_provider);
}
store.load(keystore_location.toURL().openStream(), password);
return store;
} catch (NoSuchAlgorithmException failed) {
KeyStoreException failure =
new KeyStoreException("NoSuchAlgorithmException during keystore processing");
failure.initCause(failed);
throw failure;
} catch (CertificateException failed) {
KeyStoreException failure =
new KeyStoreException("CertificateException during keystore processing");
failure.initCause(failed);
throw failure;
} catch (NoSuchProviderException failed) {
KeyStoreException failure =
new KeyStoreException("NoSuchProviderException during keystore processing");
failure.initCause(failed);
throw failure;
}
}
/**
* Assigns the given key to the given alias, protecting it with the given password.
*
* <p>If the given key is of type <code>java.security.PrivateKey</code>, it must be accompanied by
* a certificate chain certifying the corresponding public key.
*
* <p>If the given alias already exists, the keystore information associated with it is overridden
* by the given key (and possibly certificate chain).
*
* @param alias the alias name
* @param key the key to be associated with the alias
* @param password the password to protect the key
* @param chain the certificate chain for the corresponding public key (only required if the given
* key is of type <code>java.security.PrivateKey</code>).
* @exception KeyStoreException if the given key cannot be protected, or this operation fails for
* some other reason
*/
public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
throws KeyStoreException {
permissionCheck();
synchronized (entries) {
try {
KeyEntry entry = new KeyEntry();
entry.date = new Date();
if (key instanceof PrivateKey) {
if ((key.getFormat().equals("PKCS#8")) || (key.getFormat().equals("PKCS8"))) {
entry.protectedPrivKey = encryptPrivateKey(key.getEncoded(), password);
entry.password = password.clone();
} else {
throw new KeyStoreException("Private key is not encoded as PKCS#8");
}
} else {
throw new KeyStoreException("Key is not a PrivateKey");
}
// clone the chain
if (chain != null) {
if ((chain.length > 1) && !validateChain(chain)) {
throw new KeyStoreException("Certificate chain does not validate");
}
entry.chain = chain.clone();
entry.chainRefs = new long[entry.chain.length];
}
String lowerAlias = alias.toLowerCase();
if (entries.get(lowerAlias) != null) {
deletedEntries.put(lowerAlias, entries.get(lowerAlias));
}
entries.put(lowerAlias, entry);
addedEntries.put(lowerAlias, entry);
} catch (Exception nsae) {
KeyStoreException ke = new KeyStoreException("Key protection algorithm not found: " + nsae);
ke.initCause(nsae);
throw ke;
}
}
}
