public X509Certificate[] getCertificateChain(String alias) { X509Certificate[] certArray = keyManager.getCertificateChain(alias); if (Debug.verboseOn()) Debug.logVerbose( "getCertificateChain for alias [" + alias + "] got " + certArray.length + " results", module); return certArray; }
public PrivateKey getPrivateKey(String alias) { PrivateKey pk = keyManager.getPrivateKey(alias); if (Debug.verboseOn()) Debug.logVerbose( "getPrivateKey for alias [" + alias + "] got " + (pk == null ? "[Not Found!]" : "[alg:" + pk.getAlgorithm() + ";format:" + pk.getFormat() + "]"), module); // Debug.logInfo(new Exception(), "Location where getPrivateKey is called", module); return pk; }
// this is where the customization comes in public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) { for (String keyType : keyTypes) { String[] aliases = keyManager.getClientAliases(keyType, null); // ignoring the issuers if (aliases != null && aliases.length > 0) { for (String alias : aliases) { if (this.alias.equals(alias)) { if (Debug.verboseOn()) Debug.logVerbose( "chooseClientAlias for keyType [" + keyType + "] got alias " + this.alias, module); // Debug.logInfo(new Exception(), "Location where chooseClientAlias is called", module); return this.alias; } } } } return null; }
/** * Choose an alias to authenticate the client side of a secure socket, given the public key type * and the list of certificate issuer authorities recognized by the peer (if any). * * @param keyType The key algorithm type name(s), ordered with the most-preferred key type first * @param issuers The list of acceptable CA issuer subject names, or null if it does not matter * which issuers are used * @param socket The socket to be used for this connection. This parameter can be null, in which * case this method will return the most generic alias to use * @return The alias name for the desired key, or null if there are no matches */ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { return delegate.chooseClientAlias(keyType, issuers, socket); }
public PrivateKey getPrivateKey(String s) { return wrapped.getPrivateKey(s); }
/** * Processes ServerHelloDone: makes verification of the server messages; sends client messages, * computers masterSecret, sends ChangeCipherSpec */ @DSComment("Package priviledge") @DSBan(DSCat.DEFAULT_MODIFIER) @DSGenerator( tool_name = "Doppelganger", tool_version = "2.0", generated_on = "2013-12-30 13:01:10.434 -0500", hash_original_method = "2DDF37E22088D1FE8BC73EB3CA83F3A0", hash_generated_method = "D2F899ECF0C8F0AF7307958FBF03F0A2") void processServerHelloDone() { PrivateKey clientKey = null; if (serverCert != null) { if (session.cipherSuite.isAnonymous()) { unexpectedMessage(); return; } verifyServerCert(); } else { if (!session.cipherSuite.isAnonymous()) { unexpectedMessage(); return; } } // Client certificate if (certificateRequest != null) { X509Certificate[] certs = null; // obtain certificates from key manager String alias = null; String[] certTypes = certificateRequest.getTypesAsString(); X500Principal[] issuers = certificateRequest.certificate_authorities; X509KeyManager km = parameters.getKeyManager(); if (km instanceof X509ExtendedKeyManager) { X509ExtendedKeyManager ekm = (X509ExtendedKeyManager) km; if (this.socketOwner != null) { alias = ekm.chooseClientAlias(certTypes, issuers, this.socketOwner); } else { alias = ekm.chooseEngineClientAlias(certTypes, issuers, this.engineOwner); } if (alias != null) { certs = ekm.getCertificateChain(alias); } } else { alias = km.chooseClientAlias(certTypes, issuers, this.socketOwner); if (alias != null) { certs = km.getCertificateChain(alias); } } session.localCertificates = certs; clientCert = new CertificateMessage(certs); clientKey = km.getPrivateKey(alias); send(clientCert); } // Client key exchange if (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_RSA_EXPORT) { // RSA encrypted premaster secret message Cipher c; try { c = Cipher.getInstance("RSA/ECB/PKCS1Padding"); if (serverKeyExchange != null) { c.init(Cipher.ENCRYPT_MODE, serverKeyExchange.getRSAPublicKey()); } else { c.init(Cipher.ENCRYPT_MODE, serverCert.certs[0]); } } catch (Exception e) { fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e); return; } preMasterSecret = new byte[48]; parameters.getSecureRandom().nextBytes(preMasterSecret); System.arraycopy(clientHello.client_version, 0, preMasterSecret, 0, 2); try { clientKeyExchange = new ClientKeyExchange(c.doFinal(preMasterSecret), serverHello.server_version[1] == 1); } catch (Exception e) { fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e); return; } } else { try { KeyFactory kf = KeyFactory.getInstance("DH"); KeyAgreement agreement = KeyAgreement.getInstance("DH"); KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH"); PublicKey serverPublic; DHParameterSpec spec; if (serverKeyExchange != null) { serverPublic = kf.generatePublic( new DHPublicKeySpec( serverKeyExchange.par3, serverKeyExchange.par1, serverKeyExchange.par2)); spec = new DHParameterSpec(serverKeyExchange.par1, serverKeyExchange.par2); } else { serverPublic = serverCert.certs[0].getPublicKey(); spec = ((DHPublicKey) serverPublic).getParams(); } kpg.initialize(spec); KeyPair kp = kpg.generateKeyPair(); Key key = kp.getPublic(); if (clientCert != null && serverCert != null && (session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_RSA || session.cipherSuite.keyExchange == CipherSuite.KEY_EXCHANGE_DHE_DSS)) { PublicKey client_pk = clientCert.certs[0].getPublicKey(); PublicKey server_pk = serverCert.certs[0].getPublicKey(); if (client_pk instanceof DHKey && server_pk instanceof DHKey) { if (((DHKey) client_pk) .getParams() .getG() .equals(((DHKey) server_pk).getParams().getG()) && ((DHKey) client_pk) .getParams() .getP() .equals(((DHKey) server_pk).getParams().getG())) { // client cert message DH public key parameters // matched those specified by the // server in its certificate, clientKeyExchange = new ClientKeyExchange(); // empty } } } else { clientKeyExchange = new ClientKeyExchange(((DHPublicKey) key).getY()); } key = kp.getPrivate(); agreement.init(key); agreement.doPhase(serverPublic, true); preMasterSecret = agreement.generateSecret(); } catch (Exception e) { fatalAlert(AlertProtocol.INTERNAL_ERROR, "Unexpected exception", e); return; } } if (clientKeyExchange != null) { send(clientKeyExchange); } computerMasterSecret(); // send certificate verify for all certificates except those containing // fixed DH parameters if (clientCert != null && !clientKeyExchange.isEmpty()) { // Certificate verify String authType = clientKey.getAlgorithm(); DigitalSignature ds = new DigitalSignature(authType); ds.init(clientKey); if ("RSA".equals(authType)) { ds.setMD5(io_stream.getDigestMD5()); ds.setSHA(io_stream.getDigestSHA()); } else if ("DSA".equals(authType)) { ds.setSHA(io_stream.getDigestSHA()); // The Signature should be empty in case of anonymous signature algorithm: // } else if ("DH".equals(authType)) { } certificateVerify = new CertificateVerify(ds.sign()); send(certificateVerify); } sendChangeCipherSpec(); }
public String[] getServerAliases(String s, Principal[] principals) { return wrapped.getServerAliases(s, principals); }
public X509Certificate[] getCertificateChain(String s) { return wrapped.getCertificateChain(s); }
/** * Returns the key associated with the given alias. * * @param alias The alias name * @return The requested key, or null if the alias can't be found */ public PrivateKey getPrivateKey(String alias) { return delegate.getPrivateKey(alias); }
public String[] getServerAliases(String keyType, Principal[] issuers) { System.out.println("Calling from X509KeyManager"); return km.getServerAliases(keyType, issuers); }
/** @see javax.net.ssl.X509KeyManager#getCertificateChain(java.lang.String) */ public X509Certificate[] getCertificateChain(String alias) { return _keyManager.getCertificateChain(alias); }
// these just pass through the keyManager public String chooseServerAlias(String keyType, Socket socket, Principal... issuers) { return keyManager.chooseServerAlias(keyType, issuers, socket); }
/** * @see javax.net.ssl.X509KeyManager#chooseServerAlias(java.lang.String, * java.security.Principal[], java.net.Socket) */ public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { return _keyAlias == null ? _keyManager.chooseServerAlias(keyType, issuers, socket) : _keyAlias; }
/** * @see javax.net.ssl.X509KeyManager#getClientAliases(java.lang.String, java.security.Principal[]) */ public String[] getClientAliases(String keyType, Principal[] issuers) { return _keyManager.getClientAliases(keyType, issuers); }
public PrivateKey getPrivateKey(String alias) { System.out.println("Calling from X509KeyManager"); return km.getPrivateKey(alias); }
public X509Certificate[] getCertificateChain(String alias) { System.out.println("Calling from X509KeyManager"); return km.getCertificateChain(alias); }
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { System.out.println("Calling from X509KeyManager"); return km.chooseServerAlias(keyType, issuers, socket); }
/** * Returns the certificate chain associated with the given alias. * * @param alias The alias name * @return Certificate chain (ordered with the user's certificate first and the root certificate * authority last), or null if the alias can't be found */ public X509Certificate[] getCertificateChain(String alias) { return delegate.getCertificateChain(alias); }
public String[] getServerAliases(String arg0, Principal[] arg1) { return pkixKeyManager.getServerAliases(arg0, arg1); }
/** * Get the matching aliases for authenticating the server side of a secure socket, given the * public key type and the list of certificate issuer authorities recognized by the peer (if any). * * @param keyType The key algorithm type name * @param issuers The list of acceptable CA issuer subject names, or null if it does not matter * which issuers are used * @return Array of the matching alias names, or null if there were no matches */ public String[] getServerAliases(String keyType, Principal[] issuers) { return delegate.getServerAliases(keyType, issuers); }
public X509Certificate[] getCertificateChain(String arg0) { return pkixKeyManager.getCertificateChain(arg0); }
/** @see javax.net.ssl.X509KeyManager#getPrivateKey(java.lang.String) */ public PrivateKey getPrivateKey(String alias) { return _keyManager.getPrivateKey(alias); }
public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) { return pkixKeyManager.chooseServerAlias(arg0, arg1, arg2); }
public String[] getClientAliases(String s, Principal[] principals) { return wrapped.getClientAliases(s, principals); }
public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) { return wrapped.chooseClientAlias(strings, principals, socket); }
public String[] getServerAliases(String keyType, Principal[] issuers) { return keyManager.getServerAliases(keyType, issuers); }
public PrivateKey getPrivateKey(String arg0) { return pkixKeyManager.getPrivateKey(arg0); }