/** * Erases the specified id from the keystore. * * @param id The ID of the key or certificate to be deleted. * @throws KeyStoreException When the wrong keystore password has been provided. * @throws IOException For errors related to processing the keystore. */ public void erase(ID id) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); store.deleteEntry(alias); keystore_manager.saveKeyStore(store, keystore_password); } }
/** * Returns {@code true} if the PSE has been initialized (created). Some keystore formats may not * require initialization and may always return {@code true}. {@code false} may also be returned * if the keystore passphrase is incorrect. * * @return {@code true} if the PSE has been previously initialized otherwise {@code false}. */ public boolean isInitialized() { try { if (keystore_password != null) { return keystore_manager.isInitialized(keystore_password); } else { return keystore_manager.isInitialized(); } } catch (Exception ignored) { return false; } }
/** * Check if the provided passwords are correct for the specified identity. * * @param id The identity to be validated. * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @param key_password The passphrase associated with the private key or {@code null} if the key * has no passphrase. * @return {@code true} if the passwords were valid for the given id otherwise {@code false}. */ boolean validPasswd(ID id, char[] store_password, char[] key_password) { if (null == id) { Logging.logCheckedFine(LOG, "null id"); return false; } Throwable failure; try { synchronized (keystore_manager) { KeyStore store; if (null != store_password) { store = keystore_manager.loadKeyStore(store_password); } else { if (null != keystore_password) { store = keystore_manager.loadKeyStore(keystore_password); } else { throw new UnrecoverableKeyException("KeyStore passphrase not initialized"); } } String alias = id.toString(); Key key = store.getKey(alias, key_password); if (key == null) Logging.logCheckedFine(LOG, "Can't retrieve key for alias: ", alias); return (null != key); } } catch (UnrecoverableKeyException failed) { failure = failed; } catch (NoSuchAlgorithmException failed) { failure = failed; } catch (KeyStoreException failed) { failure = failed; } catch (IOException failed) { failure = failed; } Logging.logCheckedWarning(LOG, "Failure checking passphrase : \n", failure); return false; }
/** * Adds a trusted certificate with the specified id to the key store. The certificate replaces any * existing certificate or private key stored at this ID. * * @param id The ID under which the certificate will be stored. * @param cert Certificate for the specified ID. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public void setTrustedCertificate(ID id, X509Certificate cert) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); store.deleteEntry(alias); store.setCertificateEntry(alias, cert); keystore_manager.saveKeyStore(store, keystore_password); } }
/** * Adds a private key to the PSE using the specified ID. The key replaces any existing certificate * or private key stored at this ID. The key is stored using the provided key passphrase. * * @param id The ID under which the certificate chain and private key will be stored. * @param certchain The certificate chain matching the private key. * @param key The private key to be stored in the kestore. * @param key_password The passphrase associated with the private key or {@code null} if the key * has no passphrase. * @throws KeyStoreException When the wrong keystore key has been provided. * @throws IOException For errors related to processing the keystore. */ public void setKey(ID id, Certificate[] certchain, PrivateKey key, char[] key_password) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); // Remove any existing entry. if (store.isKeyEntry(alias)) store.deleteEntry(alias); store.setKeyEntry(alias, key, key_password, certchain); keystore_manager.saveKeyStore(store, keystore_password); } }
/** * Returns the private key for the specified ID. * * @param id The ID of the requested private key. * @param key_password The passphrase associated with the private key or {@code null} if the key * has no passphrase. * @return PrivateKey for the specified ID. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public PrivateKey getKey(ID id, char[] key_password) throws KeyStoreException, IOException { String alias = id.toString(); try { synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); if (!store.containsAlias(alias) || !store.isKeyEntry(alias)) { return null; } return (PrivateKey) store.getKey(alias, key_password); } } catch (NoSuchAlgorithmException failed) { Logging.logCheckedSevere(LOG, "Something failed\n", failed); KeyStoreException failure = new KeyStoreException("Something Failed"); failure.initCause(failed); throw failure; } catch (UnrecoverableKeyException failed) { Logging.logCheckedSevere(LOG, "Key passphrase failure\n", failed); KeyStoreException failure = new KeyStoreException("Key passphrase failure"); failure.initCause(failed); throw failure; } }
/** * Gets a copy of the KeyStore associated with this PSE instance. The returned KeyStore is a copy * and not tied to the instance maintained by the PSE. Changing the returned keystore will not * result in changes to the PSE. * * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @return The keystore. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. * @since JXTA 2.4 */ public KeyStore getKeyStore(char[] store_password) throws KeyStoreException, IOException { synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(store_password); return store; } }
/** * Returns <tt>true</tt> if the specified id is associated with a private key. * * @param id The ID of the requested private key. * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @return <tt>true</tt> if a private key with the specified ID is present otherwise * <tt>false</tt> * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public boolean isKey(ID id, char[] store_password) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(store_password); return store.containsAlias(alias) & store.isKeyEntry(alias); } }
@Override public void onDestroy() { storeConfig(); cleanupSocket(); if (keyStoreManager != null) { keyStoreManager.store(); } super.onDestroy(); }
/** * Initializes the PSE environment. * * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public void initialize() throws KeyStoreException, IOException { Logging.logCheckedInfo(LOG, "Initializing new PSE keystore..."); synchronized (keystore_manager) { try { if (keystore_manager.isInitialized(keystore_password)) return; keystore_manager.createKeyStore(keystore_password); } catch (KeyStoreException failed) { Logging.logCheckedSevere(LOG, "Failure accessing or creating keystore.\n", failed); keystore_manager.eraseKeyStore(); throw failed; } } }
/** * Returns the trusted cert for the specified id. * * @param id The id of the Certificate to retrieve. * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @return Certificate for the specified ID or null if the store does not contain the specified * certificate. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ X509Certificate getTrustedCertificate(ID id, char[] store_password) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(store_password); if (!store.containsAlias(alias)) { return null; } return (X509Certificate) store.getCertificate(alias); } }
/** * Returns the ID of the provided certificate or null if the certificate is not found in the * keystore. * * @param cert The certificate who's ID is desired. * @return The ID of the certificate or <tt>null</tt> if no matching Certificate was found. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public ID getTrustedCertificateID(X509Certificate cert) throws KeyStoreException, IOException { String anAlias = null; synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); anAlias = store.getCertificateAlias(cert); } // not found. if (null == anAlias) { return null; } try { URI id = new URI(anAlias); return IDFactory.fromURI(id); } catch (URISyntaxException badID) { return null; } }
/** * Returns the trusted cert chain for the specified id. * * @param id The ID of the certificate who's certificate chain is desired. * @return Certificate chain for the specified ID or null if the PSE does not contain the * specified certificate. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ public X509Certificate[] getTrustedCertificateChain(ID id) throws KeyStoreException, IOException { String alias = id.toString(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(keystore_password); if (!store.containsAlias(alias)) { return null; } Certificate certs[] = store.getCertificateChain(alias); if (null == certs) { return null; } X509Certificate x509certs[] = new X509Certificate[certs.length]; System.arraycopy(certs, 0, x509certs, 0, certs.length); return x509certs; } }
/** * Returns the list of root certificates for which there is an associated local private key. * * @param store_password The passphrase used to unlock the keystore may be {@code null} for * keystores with no passphrase. * @return an array of the available keys. May be an empty array. * @throws KeyStoreException When the wrong keystore has been provided. * @throws IOException For errors related to processing the keystore. */ ID[] getKeysList(char[] store_password) throws KeyStoreException, IOException { List<ID> keyedRootsList = new ArrayList<ID>(); synchronized (keystore_manager) { KeyStore store = keystore_manager.loadKeyStore(store_password); Enumeration<String> eachAlias = store.aliases(); while (eachAlias.hasMoreElements()) { String anAlias = eachAlias.nextElement(); if (store.isKeyEntry(anAlias)) { try { URI id = new URI(anAlias); keyedRootsList.add(IDFactory.fromURI(id)); } catch (URISyntaxException badID) { // ignored } } } return keyedRootsList.toArray(new ID[keyedRootsList.size()]); } }
/** * Removes an existing PSE enviroment. * * @throws IOException If the PSE cannot be successfully deleted. */ public void erase() throws IOException { synchronized (keystore_manager) { keystore_manager.eraseKeyStore(); } }
private void enableEncryption(boolean tls) throws Exception { SSLContext context = this.config.getCustomSSLContext(); KeyStore ks = null; KeyManager[] kms = null; PasswordCallback pcb = null; if (config.getCallbackHandler() == null) { ks = null; } else if (context == null) { // System.out.println("Keystore type: "+configuration.getKeystoreType()); if (config.getKeystoreType().equals("NONE")) { ks = null; pcb = null; } else if (config.getKeystoreType().equals("PKCS11")) { try { Constructor c = Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class); String pkcs11Config = "name = SmartCard\nlibrary = " + config.getPKCS11Library(); ByteArrayInputStream config = new ByteArrayInputStream(pkcs11Config.getBytes()); Provider p = (Provider) c.newInstance(config); Security.addProvider(p); ks = KeyStore.getInstance("PKCS11", p); pcb = new PasswordCallback("PKCS11 Password: "******"Apple")) { ks = KeyStore.getInstance("KeychainStore", "Apple"); ks.load(null, null); // pcb = new PasswordCallback("Apple Keychain",false); // pcb.setPassword(null); } else { ks = KeyStore.getInstance(config.getKeystoreType()); try { pcb = new PasswordCallback("Keystore Password: "******"SunX509"); try { if (pcb == null) { kmf.init(ks, null); } else { kmf.init(ks, pcb.getPassword()); pcb.clearPassword(); } kms = kmf.getKeyManagers(); } catch (NullPointerException npe) { kms = null; } } // Verify certificate presented by the server if (context == null) { context = SSLContext.getInstance("TLS"); boolean chainCheck = config.isVerifyChainEnabled(); boolean domainCheck = config.isNotMatchingDomainCheckEnabled(); boolean allowSelfSigned = config.isSelfSignedCertificateEnabled(); if (config.isExpiredCertificatesCheckEnabled() != chainCheck || config.isVerifyRootCAEnabled() != chainCheck) throw new IllegalStateException(); context.init( kms, new TrustManager[] { new XMPPTrustManager( KeyStoreManager.getOrCreateKeyStore(config), getServiceName(), config.getCertificateListener(), chainCheck, domainCheck, allowSelfSigned) }, SECURE_RANDOM); } Socket plain = socket; // Secure the plain connection socket = context .getSocketFactory() .createSocket(plain, plain.getInetAddress().getHostAddress(), plain.getPort(), true); // socket.setSoTimeout(0); // socket.setKeepAlive(true); }