1 /* |
1 /* |
2 * Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
32 import java.io.IOException; |
32 import java.io.IOException; |
33 import java.io.ByteArrayInputStream; |
33 import java.io.ByteArrayInputStream; |
34 import java.io.UnsupportedEncodingException; |
34 import java.io.UnsupportedEncodingException; |
35 |
35 |
36 import java.util.Arrays; |
36 import java.util.Arrays; |
37 import java.util.Collection; |
|
38 import java.util.Collections; |
37 import java.util.Collections; |
39 import java.util.Date; |
38 import java.util.Date; |
40 import java.util.Enumeration; |
39 import java.util.Enumeration; |
41 import java.util.Iterator; |
|
42 import java.util.List; |
|
43 import java.util.ArrayList; |
40 import java.util.ArrayList; |
44 import java.util.HashSet; |
41 import java.util.HashSet; |
45 import java.util.HashMap; |
42 import java.util.HashMap; |
46 import java.util.Set; |
43 import java.util.Set; |
47 |
44 |
48 import java.security.*; |
45 import java.security.*; |
49 import java.security.KeyStore.*; |
46 import java.security.KeyStore.*; |
50 |
47 |
51 import java.security.cert.CertPath; |
|
52 import java.security.cert.Certificate; |
48 import java.security.cert.Certificate; |
53 import java.security.cert.X509Certificate; |
49 import java.security.cert.X509Certificate; |
54 import java.security.cert.CertificateFactory; |
50 import java.security.cert.CertificateFactory; |
55 import java.security.cert.CertificateException; |
51 import java.security.cert.CertificateException; |
56 |
52 |
58 import java.security.spec.*; |
54 import java.security.spec.*; |
59 |
55 |
60 import javax.crypto.SecretKey; |
56 import javax.crypto.SecretKey; |
61 import javax.crypto.interfaces.*; |
57 import javax.crypto.interfaces.*; |
62 |
58 |
63 import javax.security.auth.Subject; |
|
64 import javax.security.auth.x500.X500Principal; |
59 import javax.security.auth.x500.X500Principal; |
65 import javax.security.auth.login.LoginException; |
60 import javax.security.auth.login.LoginException; |
66 import javax.security.auth.callback.Callback; |
61 import javax.security.auth.callback.Callback; |
67 import javax.security.auth.callback.PasswordCallback; |
62 import javax.security.auth.callback.PasswordCallback; |
68 import javax.security.auth.callback.CallbackHandler; |
63 import javax.security.auth.callback.CallbackHandler; |
69 import javax.security.auth.callback.UnsupportedCallbackException; |
64 import javax.security.auth.callback.UnsupportedCallbackException; |
70 |
65 |
71 import sun.security.util.Debug; |
66 import sun.security.util.Debug; |
72 import sun.security.x509.SerialNumber; |
|
73 import sun.security.util.DerValue; |
67 import sun.security.util.DerValue; |
74 |
68 |
75 import sun.security.ec.ECParameters; |
69 import sun.security.ec.ECParameters; |
76 |
70 |
77 import sun.security.pkcs11.Secmod.*; |
71 import sun.security.pkcs11.Secmod.*; |
233 |
227 |
234 private char[] password; |
228 private char[] password; |
235 |
229 |
236 private PasswordCallbackHandler(char[] password) { |
230 private PasswordCallbackHandler(char[] password) { |
237 if (password != null) { |
231 if (password != null) { |
238 this.password = (char[])password.clone(); |
232 this.password = password.clone(); |
239 } |
233 } |
240 } |
234 } |
241 |
235 |
242 public void handle(Callback[] callbacks) |
236 public void handle(Callback[] callbacks) |
243 throws IOException, UnsupportedCallbackException { |
237 throws IOException, UnsupportedCallbackException { |
456 if (key instanceof PrivateKey) { |
448 if (key instanceof PrivateKey) { |
457 entry = new KeyStore.PrivateKeyEntry((PrivateKey)key, chain); |
449 entry = new KeyStore.PrivateKeyEntry((PrivateKey)key, chain); |
458 } else if (key instanceof SecretKey) { |
450 } else if (key instanceof SecretKey) { |
459 entry = new KeyStore.SecretKeyEntry((SecretKey)key); |
451 entry = new KeyStore.SecretKeyEntry((SecretKey)key); |
460 } |
452 } |
461 } catch (NullPointerException npe) { |
453 } catch (NullPointerException | IllegalArgumentException e) { |
462 throw new KeyStoreException(npe); |
454 throw new KeyStoreException(e); |
463 } catch (IllegalArgumentException iae) { |
|
464 throw new KeyStoreException(iae); |
|
465 } |
455 } |
466 engineSetEntry(alias, entry, new KeyStore.PasswordProtection(password)); |
456 engineSetEntry(alias, entry, new KeyStore.PasswordProtection(password)); |
467 } |
457 } |
468 |
458 |
469 /** |
459 /** |
564 // secret key entry |
554 // secret key entry |
565 return destroySkey(alias); |
555 return destroySkey(alias); |
566 } else { |
556 } else { |
567 throw new KeyStoreException("unexpected entry type"); |
557 throw new KeyStoreException("unexpected entry type"); |
568 } |
558 } |
569 } catch (PKCS11Exception pe) { |
559 } catch (PKCS11Exception | CertificateException e) { |
570 throw new KeyStoreException(pe); |
560 throw new KeyStoreException(e); |
571 } catch (CertificateException ce) { |
|
572 throw new KeyStoreException(ce); |
|
573 } |
561 } |
574 } |
562 } |
575 return false; |
563 return false; |
576 } |
564 } |
577 |
565 |
768 writeDisabled = true; |
756 writeDisabled = true; |
769 } |
757 } |
770 if (debug != null) { |
758 if (debug != null) { |
771 dumpTokenMap(); |
759 dumpTokenMap(); |
772 } |
760 } |
773 } catch (LoginException le) { |
761 } catch (LoginException | KeyStoreException | PKCS11Exception e) { |
774 IOException ioe = new IOException("load failed"); |
762 throw new IOException("load failed", e); |
775 ioe.initCause(le); |
|
776 throw ioe; |
|
777 } catch (KeyStoreException kse) { |
|
778 IOException ioe = new IOException("load failed"); |
|
779 ioe.initCause(kse); |
|
780 throw ioe; |
|
781 } catch (PKCS11Exception pe) { |
|
782 IOException ioe = new IOException("load failed"); |
|
783 ioe.initCause(pe); |
|
784 throw ioe; |
|
785 } |
763 } |
786 } |
764 } |
787 |
765 |
788 /** |
766 /** |
789 * Loads the keystore using the given |
767 * Loads the keystore using the given |
858 writeDisabled = true; |
836 writeDisabled = true; |
859 } |
837 } |
860 if (debug != null) { |
838 if (debug != null) { |
861 dumpTokenMap(); |
839 dumpTokenMap(); |
862 } |
840 } |
863 } catch (LoginException e) { |
841 } catch (LoginException | KeyStoreException | PKCS11Exception e) { |
864 throw new IOException("load failed", e); |
|
865 } catch (KeyStoreException e) { |
|
866 throw new IOException("load failed", e); |
|
867 } catch (PKCS11Exception e) { |
|
868 throw new IOException("load failed", e); |
842 throw new IOException("load failed", e); |
869 } |
843 } |
870 } |
844 } |
871 |
845 |
872 private void login(CallbackHandler handler) throws LoginException { |
846 private void login(CallbackHandler handler) throws LoginException { |
1052 } |
1026 } |
1053 try { |
1027 try { |
1054 storeCert(alias, xcert); |
1028 storeCert(alias, xcert); |
1055 module.setTrust(token, xcert); |
1029 module.setTrust(token, xcert); |
1056 mapLabels(); |
1030 mapLabels(); |
1057 } catch (PKCS11Exception e) { |
1031 } catch (PKCS11Exception | CertificateException e) { |
1058 throw new KeyStoreException(e); |
|
1059 } catch (CertificateException e) { |
|
1060 throw new KeyStoreException(e); |
1032 throw new KeyStoreException(e); |
1061 } |
1033 } |
1062 |
1034 |
1063 } else { |
1035 } else { |
1064 |
1036 |
1116 // caller adding new entry |
1088 // caller adding new entry |
1117 engineDeleteEntry(alias); |
1089 engineDeleteEntry(alias); |
1118 storePkey(alias, (KeyStore.PrivateKeyEntry)entry); |
1090 storePkey(alias, (KeyStore.PrivateKeyEntry)entry); |
1119 } |
1091 } |
1120 |
1092 |
1121 } catch (PKCS11Exception pe) { |
1093 } catch (PKCS11Exception | CertificateException pe) { |
1122 throw new KeyStoreException(pe); |
1094 throw new KeyStoreException(pe); |
1123 } catch (CertificateException ce) { |
|
1124 throw new KeyStoreException(ce); |
|
1125 } |
1095 } |
1126 |
1096 |
1127 } else if (entry instanceof KeyStore.SecretKeyEntry) { |
1097 } else if (entry instanceof KeyStore.SecretKeyEntry) { |
1128 |
1098 |
1129 KeyStore.SecretKeyEntry ske = (KeyStore.SecretKeyEntry)entry; |
1099 KeyStore.SecretKeyEntry ske = (KeyStore.SecretKeyEntry)entry; |
2660 } |
2628 } |
2661 |
2629 |
2662 private void dumpTokenMap() { |
2630 private void dumpTokenMap() { |
2663 Set<String> aliases = aliasMap.keySet(); |
2631 Set<String> aliases = aliasMap.keySet(); |
2664 System.out.println("Token Alias Map:"); |
2632 System.out.println("Token Alias Map:"); |
2665 if (aliases.size() == 0) { |
2633 if (aliases.isEmpty()) { |
2666 System.out.println(" [empty]"); |
2634 System.out.println(" [empty]"); |
2667 } else { |
2635 } else { |
2668 for (String s : aliases) { |
2636 for (String s : aliases) { |
2669 System.out.println(" " + s + aliasMap.get(s)); |
2637 System.out.println(" " + s + aliasMap.get(s)); |
2670 } |
2638 } |