/** * Check if the provided passwords are correct for the specified identity. * * @param id The identity to be validated. * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @param key_password The passphrase associated with the private key or {@code null} if the key * has no passphrase. * @return {@code true} if the passwords were valid for the given id otherwise {@code false}. */ boolean validPasswd(ID id, char[] store_password, char[] key_password) { if (null == id) { Logging.logCheckedFine(LOG, "null id"); return false; } Throwable failure; try { synchronized (keystore_manager) { KeyStore store; if (null != store_password) { store = keystore_manager.loadKeyStore(store_password); } else { if (null != keystore_password) { store = keystore_manager.loadKeyStore(keystore_password); } else { throw new UnrecoverableKeyException("KeyStore passphrase not initialized"); } } String alias = id.toString(); Key key = store.getKey(alias, key_password); if (key == null) Logging.logCheckedFine(LOG, "Can't retrieve key for alias: ", alias); return (null != key); } } catch (UnrecoverableKeyException failed) { failure = failed; } catch (NoSuchAlgorithmException failed) { failure = failed; } catch (KeyStoreException failed) { failure = failed; } catch (IOException failed) { failure = failed; } Logging.logCheckedWarning(LOG, "Failure checking passphrase : \n", failure); return false; }
/** * Returns the private key for the specified ID. * * @param id The ID of the requested private key. * @param key_password The passphrase associated with the private key or {@code null} if the key * has no passphrase. * @return PrivateKey for the specified ID. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public PrivateKey getKey(ID id, char[] key_password) throws KeyStoreException, IOException { String alias = id.toString(); try { synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); if (!store.containsAlias(alias) || !store.isKeyEntry(alias)) { return null; } return (PrivateKey) store.getKey(alias, key_password); } } catch (NoSuchAlgorithmException failed) { Logging.logCheckedSevere(LOG, "Something failed\n", failed); KeyStoreException failure = new KeyStoreException("Something Failed"); failure.initCause(failed); throw failure; } catch (UnrecoverableKeyException failed) { Logging.logCheckedSevere(LOG, "Key passphrase failure\n", failed); KeyStoreException failure = new KeyStoreException("Key passphrase failure"); failure.initCause(failed); throw failure; } }
/** * Gets a copy of the KeyStore associated with this PSE instance. The returned KeyStore is a copy * and not tied to the instance maintained by the PSE. Changing the returned keystore will not * result in changes to the PSE. * * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @return The keystore. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. * @since JXTA 2.4 */ public KeyStore getKeyStore(char[] store_password) throws KeyStoreException, IOException { synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(store_password); return store; } }
/** * Returns <tt>true</tt> if the specified id is associated with a private key. * * @param id The ID of the requested private key. * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @return <tt>true</tt> if a private key with the specified ID is present otherwise * <tt>false</tt> * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public boolean isKey(ID id, char[] store_password) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(store_password); return store.containsAlias(alias) & store.isKeyEntry(alias); } }
/** * Erases the specified id from the keystore. * * @param id The ID of the key or certificate to be deleted. * @throws KeyStoreException When the wrong keystore password has been provided. * @throws IOException For errors related to processing the keystore. */ public void erase(ID id) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); store.deleteEntry(alias); keystore_manager.saveKeyStore(store, keystore_password); } }
/** * Adds a trusted certificate with the specified id to the key store. The certificate replaces any * existing certificate or private key stored at this ID. * * @param id The ID under which the certificate will be stored. * @param cert Certificate for the specified ID. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public void setTrustedCertificate(ID id, X509Certificate cert) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); store.deleteEntry(alias); store.setCertificateEntry(alias, cert); keystore_manager.saveKeyStore(store, keystore_password); } }
/** * Returns the trusted cert for the specified id. * * @param id The id of the Certificate to retrieve. * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @return Certificate for the specified ID or null if the store does not contain the specified * certificate. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ X509Certificate getTrustedCertificate(ID id, char[] store_password) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(store_password); if (!store.containsAlias(alias)) { return null; } return (X509Certificate) store.getCertificate(alias); } }
/** * Adds a private key to the PSE using the specified ID. The key replaces any existing certificate * or private key stored at this ID. The key is stored using the provided key passphrase. * * @param id The ID under which the certificate chain and private key will be stored. * @param certchain The certificate chain matching the private key. * @param key The private key to be stored in the kestore. * @param key_password The passphrase associated with the private key or {@code null} if the key * has no passphrase. * @throws KeyStoreException When the wrong keystore key has been provided. * @throws IOException For errors related to processing the keystore. */ public void setKey(ID id, Certificate[] certchain, PrivateKey key, char[] key_password) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); // Remove any existing entry. if (store.isKeyEntry(alias)) store.deleteEntry(alias); store.setKeyEntry(alias, key, key_password, certchain); keystore_manager.saveKeyStore(store, keystore_password); } }
/** * Returns the ID of the provided certificate or null if the certificate is not found in the * keystore. * * @param cert The certificate who's ID is desired. * @return The ID of the certificate or <tt>null</tt> if no matching Certificate was found. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public ID getTrustedCertificateID(X509Certificate cert) throws KeyStoreException, IOException { String anAlias = null; synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); anAlias = store.getCertificateAlias(cert); } // not found. if (null == anAlias) { return null; } try { URI id = new URI(anAlias); return IDFactory.fromURI(id); } catch (URISyntaxException badID) { return null; } }
/** * Returns the trusted cert chain for the specified id. * * @param id The ID of the certificate who's certificate chain is desired. * @return Certificate chain for the specified ID or null if the PSE does not contain the * specified certificate. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public X509Certificate[] getTrustedCertificateChain(ID id) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); if (!store.containsAlias(alias)) { return null; } Certificate certs[] = store.getCertificateChain(alias); if (null == certs) { return null; } X509Certificate x509certs[] = new X509Certificate[certs.length]; System.arraycopy(certs, 0, x509certs, 0, certs.length); return x509certs; } }
/** * Returns the list of root certificates for which there is an associated local private key. * * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @return an array of the available keys. May be an empty array. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ ID[] getKeysList(char[] store_password) throws KeyStoreException, IOException { List<ID> keyedRootsList = new ArrayList<ID>(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(store_password); Enumeration<String> eachAlias = store.aliases(); while (eachAlias.hasMoreElements()) { String anAlias = eachAlias.nextElement(); if (store.isKeyEntry(anAlias)) { try { URI id = new URI(anAlias); keyedRootsList.add(IDFactory.fromURI(id)); } catch (URISyntaxException badID) { // ignored } } } return keyedRootsList.toArray(new ID[keyedRootsList.size()]); } }