示例#1
0
  /**
   * Assigns the given key to the given alias, protecting it with the given password.
   *
   * <p>If the given key is of type <code>java.security.PrivateKey</code>, it must be accompanied by
   * a certificate chain certifying the corresponding public key.
   *
   * <p>If the given alias already exists, the keystore information associated with it is overridden
   * by the given key (and possibly certificate chain).
   *
   * @param alias the alias name
   * @param key the key to be associated with the alias
   * @param password the password to protect the key
   * @param chain the certificate chain for the corresponding public key (only required if the given
   *     key is of type <code>java.security.PrivateKey</code>).
   * @exception KeyStoreException if the given key cannot be protected, or this operation fails for
   *     some other reason
   */
  public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
      throws KeyStoreException {
    permissionCheck();

    synchronized (entries) {
      try {
        KeyEntry entry = new KeyEntry();
        entry.date = new Date();

        if (key instanceof PrivateKey) {
          if ((key.getFormat().equals("PKCS#8")) || (key.getFormat().equals("PKCS8"))) {
            entry.protectedPrivKey = encryptPrivateKey(key.getEncoded(), password);
            entry.password = password.clone();
          } else {
            throw new KeyStoreException("Private key is not encoded as PKCS#8");
          }
        } else {
          throw new KeyStoreException("Key is not a PrivateKey");
        }

        // clone the chain
        if (chain != null) {
          if ((chain.length > 1) && !validateChain(chain)) {
            throw new KeyStoreException("Certificate chain does not validate");
          }

          entry.chain = chain.clone();
          entry.chainRefs = new long[entry.chain.length];
        }

        String lowerAlias = alias.toLowerCase();
        if (entries.get(lowerAlias) != null) {
          deletedEntries.put(lowerAlias, entries.get(lowerAlias));
        }

        entries.put(lowerAlias, entry);
        addedEntries.put(lowerAlias, entry);
      } catch (Exception nsae) {
        KeyStoreException ke = new KeyStoreException("Key protection algorithm not found: " + nsae);
        ke.initCause(nsae);
        throw ke;
      }
    }
  }
  protected KeySpec engineGetKeySpec(Key key, Class spec) throws InvalidKeySpecException {
    if (spec.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equals("PKCS#8")) {
      return new PKCS8EncodedKeySpec(key.getEncoded());
    } else if (spec.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equals("X.509")) {
      return new X509EncodedKeySpec(key.getEncoded());
    } else if (spec.isAssignableFrom(RSAPublicKeySpec.class) && key instanceof RSAPublicKey) {
      RSAPublicKey k = (RSAPublicKey) key;

      return new RSAPublicKeySpec(k.getModulus(), k.getPublicExponent());
    } else if (spec.isAssignableFrom(RSAPrivateKeySpec.class) && key instanceof RSAPrivateKey) {
      RSAPrivateKey k = (RSAPrivateKey) key;

      return new RSAPrivateKeySpec(k.getModulus(), k.getPrivateExponent());
    } else if (spec.isAssignableFrom(RSAPrivateCrtKeySpec.class)
        && key instanceof RSAPrivateCrtKey) {
      RSAPrivateCrtKey k = (RSAPrivateCrtKey) key;

      return new RSAPrivateCrtKeySpec(
          k.getModulus(),
          k.getPublicExponent(),
          k.getPrivateExponent(),
          k.getPrimeP(),
          k.getPrimeQ(),
          k.getPrimeExponentP(),
          k.getPrimeExponentQ(),
          k.getCrtCoefficient());
    } else if (spec.isAssignableFrom(DHPrivateKeySpec.class) && key instanceof DHPrivateKey) {
      DHPrivateKey k = (DHPrivateKey) key;

      return new DHPrivateKeySpec(k.getX(), k.getParams().getP(), k.getParams().getG());
    } else if (spec.isAssignableFrom(DHPublicKeySpec.class) && key instanceof DHPublicKey) {
      DHPublicKey k = (DHPublicKey) key;

      return new DHPublicKeySpec(k.getY(), k.getParams().getP(), k.getParams().getG());
    }

    throw new RuntimeException("not implemented yet " + key + " " + spec);
  }
示例#3
0
 /** Test that key1 (reference key) and key2 (key to be tested) are equivalent */
 private static void testKey(Key key1, Key key2) throws Exception {
   if (key2.getAlgorithm().equals("EC") == false) {
     throw new Exception("Algorithm not EC");
   }
   if (key1 instanceof PublicKey) {
     if (key2.getFormat().equals("X.509") == false) {
       throw new Exception("Format not X.509");
     }
   } else if (key1 instanceof PrivateKey) {
     if (key2.getFormat().equals("PKCS#8") == false) {
       throw new Exception("Format not PKCS#8");
     }
   }
   if (key1.equals(key2) == false) {
     System.out.println("key1: " + key1);
     System.out.println("key2: " + key2);
     System.out.println("enc1: " + toString(key1.getEncoded()));
     System.out.println("enc2: " + toString(key2.getEncoded()));
     throw new Exception("Keys not equal");
   }
   if (Arrays.equals(key1.getEncoded(), key2.getEncoded()) == false) {
     throw new Exception("Encodings not equal");
   }
 }