示例#1
0
  public void write(SecureItemTable tbl, char[] password) throws IOException {
    OutputStream os = new FileOutputStream(file);
    OutputStream xmlout;

    if (password.length == 0) {
      xmlout = os;
      os = null;
    } else {
      PBEKeySpec keyspec = new PBEKeySpec(password);
      Cipher c;
      try {
        SecretKeyFactory fac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
        SecretKey key = fac.generateSecret(keyspec);

        c = Cipher.getInstance("PBEWithMD5AndDES");
        c.init(Cipher.ENCRYPT_MODE, key, pbeSpec);
      } catch (java.security.GeneralSecurityException exc) {
        os.close();
        IOException ioe = new IOException("Security exception during write");
        ioe.initCause(exc);
        throw ioe;
      }

      CipherOutputStream out = new CipherOutputStream(os, c);
      xmlout = out;
    }

    try {
      TransformerFactory tf = TransformerFactory.newInstance();
      Transformer t = tf.newTransformer();

      DOMSource src = new DOMSource(tbl.getDocument());
      StringWriter writer = new StringWriter();
      StreamResult sr = new StreamResult(writer);
      t.transform(src, sr);

      OutputStreamWriter osw = new OutputStreamWriter(xmlout, StandardCharsets.UTF_8);
      osw.write(writer.toString());
      osw.close();
    } catch (Exception exc) {
      IOException ioe = new IOException("Unable to serialize XML");
      ioe.initCause(exc);
      throw ioe;
    } finally {
      xmlout.close();
      if (os != null) os.close();
    }

    tbl.setDirty(false);
    return;
  }
示例#2
0
  /*
   * Generate PBE key
   */
  private SecretKey getPBEKey(char[] password) throws IOException {
    SecretKey skey = null;

    try {
      PBEKeySpec keySpec = new PBEKeySpec(password);
      SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
      skey = skFac.generateSecret(keySpec);
    } catch (Exception e) {
      IOException ioe = new IOException("getSecretKey failed: " + e.getMessage());
      ioe.initCause(e);
      throw ioe;
    }
    return skey;
  }
示例#3
0
  /*
   * Generate PBE Algorithm Parameters
   */
  private AlgorithmParameters getAlgorithmParameters(String algorithm) throws IOException {
    AlgorithmParameters algParams = null;

    // create PBE parameters from salt and iteration count
    PBEParameterSpec paramSpec = new PBEParameterSpec(getSalt(), iterationCount);
    try {
      algParams = AlgorithmParameters.getInstance(algorithm);
      algParams.init(paramSpec);
    } catch (Exception e) {
      IOException ioe = new IOException("getAlgorithmParameters failed: " + e.getMessage());
      ioe.initCause(e);
      throw ioe;
    }
    return algParams;
  }
示例#4
0
 /*
  * parse Algorithm Parameters
  */
 private AlgorithmParameters parseAlgParameters(DerInputStream in) throws IOException {
   AlgorithmParameters algParams = null;
   try {
     DerValue params;
     if (in.available() == 0) {
       params = null;
     } else {
       params = in.getDerValue();
       if (params.tag == DerValue.tag_Null) {
         params = null;
       }
     }
     if (params != null) {
       algParams = AlgorithmParameters.getInstance("PBE");
       algParams.init(params.toByteArray());
     }
   } catch (Exception e) {
     IOException ioe = new IOException("parseAlgParameters failed: " + e.getMessage());
     ioe.initCause(e);
     throw ioe;
   }
   return algParams;
 }
示例#5
0
  /**
   * Callback method from _scanKeychain. If an identity is found, this method will be called to
   * create Java certificate and private key objects from the keychain data.
   */
  private void createKeyEntry(
      String alias,
      long creationDate,
      long secKeyRef,
      long[] secCertificateRefs,
      byte[][] rawCertData)
      throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
    KeyEntry ke = new KeyEntry();

    // First, store off the private key information.  This is the easy part.
    ke.protectedPrivKey = null;
    ke.keyRef = secKeyRef;

    // Make a creation date.
    if (creationDate != 0) ke.date = new Date(creationDate);
    else ke.date = new Date();

    // Next, create X.509 Certificate objects from the raw data.  This is complicated
    // because a certificate's public key may be too long for Java's default encryption strength.
    List<CertKeychainItemPair> createdCerts = new ArrayList<>();

    try {
      CertificateFactory cf = CertificateFactory.getInstance("X.509");

      for (int i = 0; i < rawCertData.length; i++) {
        try {
          InputStream input = new ByteArrayInputStream(rawCertData[i]);
          X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
          input.close();

          // We successfully created the certificate, so track it and its corresponding
          // SecCertificateRef.
          createdCerts.add(new CertKeychainItemPair(secCertificateRefs[i], cert));
        } catch (CertificateException e) {
          // The certificate will be skipped.
          System.err.println("KeychainStore Ignored Exception: " + e);
        }
      }
    } catch (CertificateException e) {
      e.printStackTrace();
    } catch (IOException ioe) {
      ioe.printStackTrace(); // How would this happen?
    }

    // We have our certificates in the List, so now extract them into an array of
    // Certificates and SecCertificateRefs.
    CertKeychainItemPair[] objArray = createdCerts.toArray(new CertKeychainItemPair[0]);
    Certificate[] certArray = new Certificate[objArray.length];
    long[] certRefArray = new long[objArray.length];

    for (int i = 0; i < objArray.length; i++) {
      CertKeychainItemPair addedItem = objArray[i];
      certArray[i] = addedItem.mCert;
      certRefArray[i] = addedItem.mCertificateRef;
    }

    ke.chain = certArray;
    ke.chainRefs = certRefArray;

    // If we don't have already have an item with this item's alias
    // create a new one for it.
    int uniqueVal = 1;
    String originalAlias = alias;

    while (entries.containsKey(alias.toLowerCase())) {
      alias = originalAlias + " " + uniqueVal;
      uniqueVal++;
    }

    entries.put(alias.toLowerCase(), ke);
  }