Пример #1
0
  /**
   * Saves a <code>KeyStore.Entry</code> under the specified alias. The specified protection
   * parameter is used to protect the <code>Entry</code>.
   *
   * <p>If an entry already exists for the specified alias, it is overridden.
   *
   * @param alias save the <code>KeyStore.Entry</code> under this alias
   * @param entry the <code>Entry</code> to save
   * @param protParam the <code>ProtectionParameter</code> used to protect the <code>Entry</code>,
   *     which may be <code>null</code>
   * @exception KeyStoreException if this operation fails
   * @since 1.5
   */
  public void engineSetEntry(
      String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam)
      throws KeyStoreException {

    // get password
    if (protParam != null && !(protParam instanceof KeyStore.PasswordProtection)) {
      throw new KeyStoreException("unsupported protection parameter");
    }
    KeyStore.PasswordProtection pProtect = null;
    if (protParam != null) {
      pProtect = (KeyStore.PasswordProtection) protParam;
    }

    // set entry
    if (entry instanceof KeyStore.TrustedCertificateEntry) {
      if (protParam != null && pProtect.getPassword() != null) {
        // pre-1.5 style setCertificateEntry did not allow password
        throw new KeyStoreException("trusted certificate entries are not password-protected");
      } else {
        KeyStore.TrustedCertificateEntry tce = (KeyStore.TrustedCertificateEntry) entry;
        engineSetCertificateEntry(alias, tce.getTrustedCertificate());
        return;
      }
    } else if (entry instanceof KeyStore.PrivateKeyEntry) {
      if (pProtect == null || pProtect.getPassword() == null) {
        // pre-1.5 style setKeyEntry required password
        throw new KeyStoreException("non-null password required to create PrivateKeyEntry");
      } else {
        engineSetKeyEntry(
            alias,
            ((KeyStore.PrivateKeyEntry) entry).getPrivateKey(),
            pProtect.getPassword(),
            ((KeyStore.PrivateKeyEntry) entry).getCertificateChain());
        return;
      }
    } else if (entry instanceof KeyStore.SecretKeyEntry) {
      if (pProtect == null || pProtect.getPassword() == null) {
        // pre-1.5 style setKeyEntry required password
        throw new KeyStoreException("non-null password required to create SecretKeyEntry");
      } else {
        engineSetKeyEntry(
            alias,
            ((KeyStore.SecretKeyEntry) entry).getSecretKey(),
            pProtect.getPassword(),
            (Certificate[]) null);
        return;
      }
    }

    throw new KeyStoreException("unsupported entry type: " + entry.getClass().getName());
  }
Пример #2
0
  /**
   * Gets a <code>KeyStore.Entry</code> for the specified alias with the specified protection
   * parameter.
   *
   * @param alias get the <code>KeyStore.Entry</code> for this alias
   * @param protParam the <code>ProtectionParameter</code> used to protect the <code>Entry</code>,
   *     which may be <code>null</code>
   * @return the <code>KeyStore.Entry</code> for the specified alias, or <code>null</code> if there
   *     is no such entry
   * @exception KeyStoreException if the operation failed
   * @exception NoSuchAlgorithmException if the algorithm for recovering the entry cannot be found
   * @exception UnrecoverableEntryException if the specified <code>protParam</code> were
   *     insufficient or invalid
   * @exception UnrecoverableKeyException if the entry is a <code>PrivateKeyEntry</code> or <code>
   *     SecretKeyEntry</code> and the specified <code>protParam</code> does not contain the
   *     information needed to recover the key (e.g. wrong password)
   * @since 1.5
   */
  public KeyStore.Entry engineGetEntry(String alias, KeyStore.ProtectionParameter protParam)
      throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {

    if (!engineContainsAlias(alias)) {
      return null;
    }

    if (protParam == null) {
      if (engineIsCertificateEntry(alias)) {
        return new KeyStore.TrustedCertificateEntry(engineGetCertificate(alias));
      } else {
        throw new UnrecoverableKeyException("requested entry requires a password");
      }
    }

    if (protParam instanceof KeyStore.PasswordProtection) {
      if (engineIsCertificateEntry(alias)) {
        throw new UnsupportedOperationException(
            "trusted certificate entries are not password-protected");
      } else if (engineIsKeyEntry(alias)) {
        KeyStore.PasswordProtection pp = (KeyStore.PasswordProtection) protParam;
        char[] password = pp.getPassword();

        Key key = engineGetKey(alias, password);
        if (key instanceof PrivateKey) {
          Certificate[] chain = engineGetCertificateChain(alias);
          return new KeyStore.PrivateKeyEntry((PrivateKey) key, chain);
        } else if (key instanceof SecretKey) {
          return new KeyStore.SecretKeyEntry((SecretKey) key);
        }
      }
    }

    throw new UnsupportedOperationException();
  }