예제 #1
0
  /**
   * Callback method from _scanKeychain. If a trusted certificate is found, this method will be
   * called.
   */
  private void createTrustedCertEntry(
      String alias, long keychainItemRef, long creationDate, byte[] derStream) {
    TrustedCertEntry tce = new TrustedCertEntry();

    try {
      CertificateFactory cf = CertificateFactory.getInstance("X.509");
      InputStream input = new ByteArrayInputStream(derStream);
      X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
      input.close();
      tce.cert = cert;
      tce.certRef = keychainItemRef;

      // Make a creation date.
      if (creationDate != 0) tce.date = new Date(creationDate);
      else tce.date = new Date();

      int uniqueVal = 1;
      String originalAlias = alias;

      while (entries.containsKey(alias.toLowerCase())) {
        alias = originalAlias + " " + uniqueVal;
        uniqueVal++;
      }

      entries.put(alias.toLowerCase(), tce);
    } catch (Exception e) {
      // The certificate will be skipped.
      System.err.println("KeychainStore Ignored Exception: " + e);
    }
  }
예제 #2
0
  /**
   * Assigns the given certificate to the given alias.
   *
   * <p>If the given alias already exists in this keystore and identifies a <i>trusted certificate
   * entry</i>, the certificate associated with it is overridden by the given certificate.
   *
   * @param alias the alias name
   * @param cert the certificate
   * @exception KeyStoreException if the given alias already exists and does not identify a
   *     <i>trusted certificate entry</i>, or this operation fails for some other reason.
   */
  public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException {
    permissionCheck();

    synchronized (entries) {
      Object entry = entries.get(alias.toLowerCase());
      if ((entry != null) && (entry instanceof KeyEntry)) {
        throw new KeyStoreException("Cannot overwrite key entry with certificate");
      }

      // This will be slow, but necessary.  Enumerate the values and then see if the cert matches
      // the one in the trusted cert entry.
      // Security framework doesn't support the same certificate twice in a keychain.
      Collection<Object> allValues = entries.values();

      for (Object value : allValues) {
        if (value instanceof TrustedCertEntry) {
          TrustedCertEntry tce = (TrustedCertEntry) value;
          if (tce.cert.equals(cert)) {
            throw new KeyStoreException(
                "Keychain does not support mulitple copies of same certificate.");
          }
        }
      }

      TrustedCertEntry trustedCertEntry = new TrustedCertEntry();
      trustedCertEntry.cert = cert;
      trustedCertEntry.date = new Date();
      String lowerAlias = alias.toLowerCase();
      if (entries.get(lowerAlias) != null) {
        deletedEntries.put(lowerAlias, entries.get(lowerAlias));
      }
      entries.put(lowerAlias, trustedCertEntry);
      addedEntries.put(lowerAlias, trustedCertEntry);
    }
  }