/**
* Callback method from _scanKeychain. If an identity is found, this method will be called to
* create Java certificate and private key objects from the keychain data.
*/
private void createKeyEntry(
String alias,
long creationDate,
long secKeyRef,
long[] secCertificateRefs,
byte[][] rawCertData)
throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
KeyEntry ke = new KeyEntry();
// First, store off the private key information. This is the easy part.
ke.protectedPrivKey = null;
ke.keyRef = secKeyRef;
// Make a creation date.
if (creationDate != 0) ke.date = new Date(creationDate);
else ke.date = new Date();
// Next, create X.509 Certificate objects from the raw data. This is complicated
// because a certificate's public key may be too long for Java's default encryption strength.
List<CertKeychainItemPair> createdCerts = new ArrayList<>();
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (int i = 0; i < rawCertData.length; i++) {
try {
InputStream input = new ByteArrayInputStream(rawCertData[i]);
X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
input.close();
// We successfully created the certificate, so track it and its corresponding
// SecCertificateRef.
createdCerts.add(new CertKeychainItemPair(secCertificateRefs[i], cert));
} catch (CertificateException e) {
// The certificate will be skipped.
System.err.println("KeychainStore Ignored Exception: " + e);
}
}
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException ioe) {
ioe.printStackTrace(); // How would this happen?
}
// We have our certificates in the List, so now extract them into an array of
// Certificates and SecCertificateRefs.
CertKeychainItemPair[] objArray = createdCerts.toArray(new CertKeychainItemPair[0]);
Certificate[] certArray = new Certificate[objArray.length];
long[] certRefArray = new long[objArray.length];
for (int i = 0; i < objArray.length; i++) {
CertKeychainItemPair addedItem = objArray[i];
certArray[i] = addedItem.mCert;
certRefArray[i] = addedItem.mCertificateRef;
}
ke.chain = certArray;
ke.chainRefs = certRefArray;
// If we don't have already have an item with this item's alias
// create a new one for it.
int uniqueVal = 1;
String originalAlias = alias;
while (entries.containsKey(alias.toLowerCase())) {
alias = originalAlias + " " + uniqueVal;
uniqueVal++;
}
entries.put(alias.toLowerCase(), ke);
}
/**
* Stores this keystore to the given output stream, and protects its integrity with the given
* password.
*
* @param stream Ignored. the output stream to which this keystore is written.
* @param password the password to generate the keystore integrity check
* @exception IOException if there was an I/O problem with data
* @exception NoSuchAlgorithmException if the appropriate data integrity algorithm could not be
* found
* @exception CertificateException if any of the certificates included in the keystore data could
* not be stored
*/
public void engineStore(OutputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException {
permissionCheck();
// Delete items that do have a keychain item ref.
for (Enumeration<String> e = deletedEntries.keys(); e.hasMoreElements(); ) {
String alias = e.nextElement();
Object entry = deletedEntries.get(alias);
if (entry instanceof TrustedCertEntry) {
if (((TrustedCertEntry) entry).certRef != 0) {
_removeItemFromKeychain(((TrustedCertEntry) entry).certRef);
_releaseKeychainItemRef(((TrustedCertEntry) entry).certRef);
}
} else {
Certificate certElem;
KeyEntry keyEntry = (KeyEntry) entry;
if (keyEntry.chain != null) {
for (int i = 0; i < keyEntry.chain.length; i++) {
if (keyEntry.chainRefs[i] != 0) {
_removeItemFromKeychain(keyEntry.chainRefs[i]);
_releaseKeychainItemRef(keyEntry.chainRefs[i]);
}
}
if (keyEntry.keyRef != 0) {
_removeItemFromKeychain(keyEntry.keyRef);
_releaseKeychainItemRef(keyEntry.keyRef);
}
}
}
}
// Add all of the certs or keys in the added entries.
// No need to check for 0 refs, as they are in the added list.
for (Enumeration<String> e = addedEntries.keys(); e.hasMoreElements(); ) {
String alias = e.nextElement();
Object entry = addedEntries.get(alias);
if (entry instanceof TrustedCertEntry) {
TrustedCertEntry tce = (TrustedCertEntry) entry;
Certificate certElem;
certElem = tce.cert;
tce.certRef = addCertificateToKeychain(alias, certElem);
} else {
KeyEntry keyEntry = (KeyEntry) entry;
if (keyEntry.chain != null) {
for (int i = 0; i < keyEntry.chain.length; i++) {
keyEntry.chainRefs[i] = addCertificateToKeychain(alias, keyEntry.chain[i]);
}
keyEntry.keyRef =
_addItemToKeychain(alias, false, keyEntry.protectedPrivKey, keyEntry.password);
}
}
}
// Clear the added and deletedEntries hashtables here, now that we're done with the updates.
// For the deleted entries, we freed up the native references above.
deletedEntries.clear();
addedEntries.clear();
}