public void write(SecureItemTable tbl, char[] password) throws IOException {
OutputStream os = new FileOutputStream(file);
OutputStream xmlout;
if (password.length == 0) {
xmlout = os;
os = null;
} else {
PBEKeySpec keyspec = new PBEKeySpec(password);
Cipher c;
try {
SecretKeyFactory fac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key = fac.generateSecret(keyspec);
c = Cipher.getInstance("PBEWithMD5AndDES");
c.init(Cipher.ENCRYPT_MODE, key, pbeSpec);
} catch (java.security.GeneralSecurityException exc) {
os.close();
IOException ioe = new IOException("Security exception during write");
ioe.initCause(exc);
throw ioe;
}
CipherOutputStream out = new CipherOutputStream(os, c);
xmlout = out;
}
try {
TransformerFactory tf = TransformerFactory.newInstance();
Transformer t = tf.newTransformer();
DOMSource src = new DOMSource(tbl.getDocument());
StringWriter writer = new StringWriter();
StreamResult sr = new StreamResult(writer);
t.transform(src, sr);
OutputStreamWriter osw = new OutputStreamWriter(xmlout, StandardCharsets.UTF_8);
osw.write(writer.toString());
osw.close();
} catch (Exception exc) {
IOException ioe = new IOException("Unable to serialize XML");
ioe.initCause(exc);
throw ioe;
} finally {
xmlout.close();
if (os != null) os.close();
}
tbl.setDirty(false);
return;
}
/*
* Generate PBE key
*/
private SecretKey getPBEKey(char[] password) throws IOException {
SecretKey skey = null;
try {
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
skey = skFac.generateSecret(keySpec);
} catch (Exception e) {
IOException ioe = new IOException("getSecretKey failed: " + e.getMessage());
ioe.initCause(e);
throw ioe;
}
return skey;
}
/*
* Generate PBE Algorithm Parameters
*/
private AlgorithmParameters getAlgorithmParameters(String algorithm) throws IOException {
AlgorithmParameters algParams = null;
// create PBE parameters from salt and iteration count
PBEParameterSpec paramSpec = new PBEParameterSpec(getSalt(), iterationCount);
try {
algParams = AlgorithmParameters.getInstance(algorithm);
algParams.init(paramSpec);
} catch (Exception e) {
IOException ioe = new IOException("getAlgorithmParameters failed: " + e.getMessage());
ioe.initCause(e);
throw ioe;
}
return algParams;
}
/*
* parse Algorithm Parameters
*/
private AlgorithmParameters parseAlgParameters(DerInputStream in) throws IOException {
AlgorithmParameters algParams = null;
try {
DerValue params;
if (in.available() == 0) {
params = null;
} else {
params = in.getDerValue();
if (params.tag == DerValue.tag_Null) {
params = null;
}
}
if (params != null) {
algParams = AlgorithmParameters.getInstance("PBE");
algParams.init(params.toByteArray());
}
} catch (Exception e) {
IOException ioe = new IOException("parseAlgParameters failed: " + e.getMessage());
ioe.initCause(e);
throw ioe;
}
return algParams;
}
/**
* Callback method from _scanKeychain. If an identity is found, this method will be called to
* create Java certificate and private key objects from the keychain data.
*/
private void createKeyEntry(
String alias,
long creationDate,
long secKeyRef,
long[] secCertificateRefs,
byte[][] rawCertData)
throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
KeyEntry ke = new KeyEntry();
// First, store off the private key information. This is the easy part.
ke.protectedPrivKey = null;
ke.keyRef = secKeyRef;
// Make a creation date.
if (creationDate != 0) ke.date = new Date(creationDate);
else ke.date = new Date();
// Next, create X.509 Certificate objects from the raw data. This is complicated
// because a certificate's public key may be too long for Java's default encryption strength.
List<CertKeychainItemPair> createdCerts = new ArrayList<>();
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
for (int i = 0; i < rawCertData.length; i++) {
try {
InputStream input = new ByteArrayInputStream(rawCertData[i]);
X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
input.close();
// We successfully created the certificate, so track it and its corresponding
// SecCertificateRef.
createdCerts.add(new CertKeychainItemPair(secCertificateRefs[i], cert));
} catch (CertificateException e) {
// The certificate will be skipped.
System.err.println("KeychainStore Ignored Exception: " + e);
}
}
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException ioe) {
ioe.printStackTrace(); // How would this happen?
}
// We have our certificates in the List, so now extract them into an array of
// Certificates and SecCertificateRefs.
CertKeychainItemPair[] objArray = createdCerts.toArray(new CertKeychainItemPair[0]);
Certificate[] certArray = new Certificate[objArray.length];
long[] certRefArray = new long[objArray.length];
for (int i = 0; i < objArray.length; i++) {
CertKeychainItemPair addedItem = objArray[i];
certArray[i] = addedItem.mCert;
certRefArray[i] = addedItem.mCertificateRef;
}
ke.chain = certArray;
ke.chainRefs = certRefArray;
// If we don't have already have an item with this item's alias
// create a new one for it.
int uniqueVal = 1;
String originalAlias = alias;
while (entries.containsKey(alias.toLowerCase())) {
alias = originalAlias + " " + uniqueVal;
uniqueVal++;
}
entries.put(alias.toLowerCase(), ke);
}