/**
* Check if the provided passwords are correct for the specified identity.
*
* @param id The identity to be validated.
* @param store_password The passphrase used to unlock the keystore may be {@code null} for
* keystores with no passphrase.
* @param key_password The passphrase associated with the private key or {@code null} if the key
* has no passphrase.
* @return {@code true} if the passwords were valid for the given id otherwise {@code false}.
*/
boolean validPasswd(ID id, char[] store_password, char[] key_password) {
if (null == id) {
Logging.logCheckedFine(LOG, "null id");
return false;
}
Throwable failure;
try {
synchronized (keystore_manager) {
KeyStore store;
if (null != store_password) {
store = keystore_manager.loadKeyStore(store_password);
} else {
if (null != keystore_password) {
store = keystore_manager.loadKeyStore(keystore_password);
} else {
throw new UnrecoverableKeyException("KeyStore passphrase not initialized");
}
}
String alias = id.toString();
Key key = store.getKey(alias, key_password);
if (key == null) Logging.logCheckedFine(LOG, "Can't retrieve key for alias: ", alias);
return (null != key);
}
} catch (UnrecoverableKeyException failed) {
failure = failed;
} catch (NoSuchAlgorithmException failed) {
failure = failed;
} catch (KeyStoreException failed) {
failure = failed;
} catch (IOException failed) {
failure = failed;
}
Logging.logCheckedWarning(LOG, "Failure checking passphrase : \n", failure);
return false;
}
/**
* Returns the private key for the specified ID.
*
* @param id The ID of the requested private key.
* @param key_password The passphrase associated with the private key or {@code null} if the key
* has no passphrase.
* @return PrivateKey for the specified ID.
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
*/
public PrivateKey getKey(ID id, char[] key_password) throws KeyStoreException, IOException {
String alias = id.toString();
try {
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(keystore_password);
if (!store.containsAlias(alias) || !store.isKeyEntry(alias)) {
return null;
}
return (PrivateKey) store.getKey(alias, key_password);
}
} catch (NoSuchAlgorithmException failed) {
Logging.logCheckedSevere(LOG, "Something failed\n", failed);
KeyStoreException failure = new KeyStoreException("Something Failed");
failure.initCause(failed);
throw failure;
} catch (UnrecoverableKeyException failed) {
Logging.logCheckedSevere(LOG, "Key passphrase failure\n", failed);
KeyStoreException failure = new KeyStoreException("Key passphrase failure");
failure.initCause(failed);
throw failure;
}
}
/**
* Gets a copy of the KeyStore associated with this PSE instance. The returned KeyStore is a copy
* and not tied to the instance maintained by the PSE. Changing the returned keystore will not
* result in changes to the PSE.
*
* @param store_password The passphrase used to unlock the keystore may be {@code null} for
* keystores with no passphrase.
* @return The keystore.
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
* @since JXTA 2.4
*/
public KeyStore getKeyStore(char[] store_password) throws KeyStoreException, IOException {
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(store_password);
return store;
}
}
/**
* Returns <tt>true</tt> if the specified id is associated with a private key.
*
* @param id The ID of the requested private key.
* @param store_password The passphrase used to unlock the keystore may be {@code null} for
* keystores with no passphrase.
* @return <tt>true</tt> if a private key with the specified ID is present otherwise
* <tt>false</tt>
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
*/
public boolean isKey(ID id, char[] store_password) throws KeyStoreException, IOException {
String alias = id.toString();
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(store_password);
return store.containsAlias(alias) & store.isKeyEntry(alias);
}
}
/**
* Erases the specified id from the keystore.
*
* @param id The ID of the key or certificate to be deleted.
* @throws KeyStoreException When the wrong keystore password has been provided.
* @throws IOException For errors related to processing the keystore.
*/
public void erase(ID id) throws KeyStoreException, IOException {
String alias = id.toString();
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(keystore_password);
store.deleteEntry(alias);
keystore_manager.saveKeyStore(store, keystore_password);
}
}
/**
* Adds a trusted certificate with the specified id to the key store. The certificate replaces any
* existing certificate or private key stored at this ID.
*
* @param id The ID under which the certificate will be stored.
* @param cert Certificate for the specified ID.
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
*/
public void setTrustedCertificate(ID id, X509Certificate cert)
throws KeyStoreException, IOException {
String alias = id.toString();
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(keystore_password);
store.deleteEntry(alias);
store.setCertificateEntry(alias, cert);
keystore_manager.saveKeyStore(store, keystore_password);
}
}
/**
* Returns the trusted cert for the specified id.
*
* @param id The id of the Certificate to retrieve.
* @param store_password The passphrase used to unlock the keystore may be {@code null} for
* keystores with no passphrase.
* @return Certificate for the specified ID or null if the store does not contain the specified
* certificate.
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
*/
X509Certificate getTrustedCertificate(ID id, char[] store_password)
throws KeyStoreException, IOException {
String alias = id.toString();
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(store_password);
if (!store.containsAlias(alias)) {
return null;
}
return (X509Certificate) store.getCertificate(alias);
}
}
/**
* Adds a private key to the PSE using the specified ID. The key replaces any existing certificate
* or private key stored at this ID. The key is stored using the provided key passphrase.
*
* @param id The ID under which the certificate chain and private key will be stored.
* @param certchain The certificate chain matching the private key.
* @param key The private key to be stored in the kestore.
* @param key_password The passphrase associated with the private key or {@code null} if the key
* has no passphrase.
* @throws KeyStoreException When the wrong keystore key has been provided.
* @throws IOException For errors related to processing the keystore.
*/
public void setKey(ID id, Certificate[] certchain, PrivateKey key, char[] key_password)
throws KeyStoreException, IOException {
String alias = id.toString();
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(keystore_password);
// Remove any existing entry.
if (store.isKeyEntry(alias)) store.deleteEntry(alias);
store.setKeyEntry(alias, key, key_password, certchain);
keystore_manager.saveKeyStore(store, keystore_password);
}
}
/**
* Returns the ID of the provided certificate or null if the certificate is not found in the
* keystore.
*
* @param cert The certificate who's ID is desired.
* @return The ID of the certificate or <tt>null</tt> if no matching Certificate was found.
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
*/
public ID getTrustedCertificateID(X509Certificate cert) throws KeyStoreException, IOException {
String anAlias = null;
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(keystore_password);
anAlias = store.getCertificateAlias(cert);
}
// not found.
if (null == anAlias) {
return null;
}
try {
URI id = new URI(anAlias);
return IDFactory.fromURI(id);
} catch (URISyntaxException badID) {
return null;
}
}
/**
* Returns the trusted cert chain for the specified id.
*
* @param id The ID of the certificate who's certificate chain is desired.
* @return Certificate chain for the specified ID or null if the PSE does not contain the
* specified certificate.
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
*/
public X509Certificate[] getTrustedCertificateChain(ID id) throws KeyStoreException, IOException {
String alias = id.toString();
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(keystore_password);
if (!store.containsAlias(alias)) {
return null;
}
Certificate certs[] = store.getCertificateChain(alias);
if (null == certs) {
return null;
}
X509Certificate x509certs[] = new X509Certificate[certs.length];
System.arraycopy(certs, 0, x509certs, 0, certs.length);
return x509certs;
}
}
/**
* Returns the list of root certificates for which there is an associated local private key.
*
* @param store_password The passphrase used to unlock the keystore may be {@code null} for
* keystores with no passphrase.
* @return an array of the available keys. May be an empty array.
* @throws KeyStoreException When the wrong keystore has been provided.
* @throws IOException For errors related to processing the keystore.
*/
ID[] getKeysList(char[] store_password) throws KeyStoreException, IOException {
List<ID> keyedRootsList = new ArrayList<ID>();
synchronized (keystore_manager) {
KeyStore store = keystore_manager.loadKeyStore(store_password);
Enumeration<String> eachAlias = store.aliases();
while (eachAlias.hasMoreElements()) {
String anAlias = eachAlias.nextElement();
if (store.isKeyEntry(anAlias)) {
try {
URI id = new URI(anAlias);
keyedRootsList.add(IDFactory.fromURI(id));
} catch (URISyntaxException badID) { // ignored
}
}
}
return keyedRootsList.toArray(new ID[keyedRootsList.size()]);
}
}
