122 // please programtically add any providers you need and do not specify |
122 // please programtically add any providers you need and do not specify |
123 // them through the command line. |
123 // them through the command line. |
124 |
124 |
125 private Set<Pair <String, String>> providers = null; |
125 private Set<Pair <String, String>> providers = null; |
126 private String storetype = null; |
126 private String storetype = null; |
|
127 private boolean hasStoretypeOption = false; |
127 private String srcProviderName = null; |
128 private String srcProviderName = null; |
128 private String providerName = null; |
129 private String providerName = null; |
129 private String pathlist = null; |
130 private String pathlist = null; |
130 private char[] storePass = null; |
131 private char[] storePass = null; |
131 private char[] storePassNew = null; |
132 private char[] storePassNew = null; |
481 storePass = getPass(modifier, args[++i]); |
482 storePass = getPass(modifier, args[++i]); |
482 passwords.add(storePass); |
483 passwords.add(storePass); |
483 } else if (collator.compare(flags, "-storetype") == 0 || |
484 } else if (collator.compare(flags, "-storetype") == 0 || |
484 collator.compare(flags, "-deststoretype") == 0) { |
485 collator.compare(flags, "-deststoretype") == 0) { |
485 storetype = args[++i]; |
486 storetype = args[++i]; |
|
487 hasStoretypeOption = true; |
486 } else if (collator.compare(flags, "-srcstorepass") == 0) { |
488 } else if (collator.compare(flags, "-srcstorepass") == 0) { |
487 srcstorePass = getPass(modifier, args[++i]); |
489 srcstorePass = getPass(modifier, args[++i]); |
488 passwords.add(srcstorePass); |
490 passwords.add(srcstorePass); |
489 } else if (collator.compare(flags, "-srcstoretype") == 0) { |
491 } else if (collator.compare(flags, "-srcstoretype") == 0) { |
490 srcstoretype = args[++i]; |
492 srcstoretype = args[++i]; |
|
493 hasStoretypeOption = true; |
491 } else if (collator.compare(flags, "-srckeypass") == 0) { |
494 } else if (collator.compare(flags, "-srckeypass") == 0) { |
492 srckeyPass = getPass(modifier, args[++i]); |
495 srckeyPass = getPass(modifier, args[++i]); |
493 passwords.add(srckeyPass); |
496 passwords.add(srckeyPass); |
494 } else if (collator.compare(flags, "-srcprovidername") == 0) { |
497 } else if (collator.compare(flags, "-srcprovidername") == 0) { |
495 srcProviderName = args[++i]; |
498 srcProviderName = args[++i]; |
807 throw new Exception(rb.getString("Must.specify.alias")); |
810 throw new Exception(rb.getString("Must.specify.alias")); |
808 } |
811 } |
809 } |
812 } |
810 |
813 |
811 // Create new keystore |
814 // Create new keystore |
812 if (providerName == null) { |
815 // Probe for keystore type when filename is available |
813 keyStore = KeyStore.getInstance(storetype); |
816 if (ksfile != null && ksStream != null && providerName == null && |
|
817 hasStoretypeOption == false) { |
|
818 keyStore = KeyStore.getInstance(ksfile, storePass); |
814 } else { |
819 } else { |
815 keyStore = KeyStore.getInstance(storetype, providerName); |
820 if (providerName == null) { |
816 } |
821 keyStore = KeyStore.getInstance(storetype); |
817 |
822 } else { |
818 /* |
823 keyStore = KeyStore.getInstance(storetype, providerName); |
819 * Load the keystore data. |
824 } |
820 * |
825 |
821 * At this point, it's OK if no keystore password has been provided. |
826 /* |
822 * We want to make sure that we can load the keystore data, i.e., |
827 * Load the keystore data. |
823 * the keystore data has the right format. If we cannot load the |
828 * |
824 * keystore, why bother asking the user for his or her password? |
829 * At this point, it's OK if no keystore password has been provided. |
825 * Only if we were able to load the keystore, and no keystore |
830 * We want to make sure that we can load the keystore data, i.e., |
826 * password has been provided, will we prompt the user for the |
831 * the keystore data has the right format. If we cannot load the |
827 * keystore password to verify the keystore integrity. |
832 * keystore, why bother asking the user for his or her password? |
828 * This means that the keystore is loaded twice: first load operation |
833 * Only if we were able to load the keystore, and no keystore |
829 * checks the keystore format, second load operation verifies the |
834 * password has been provided, will we prompt the user for the |
830 * keystore integrity. |
835 * keystore password to verify the keystore integrity. |
831 * |
836 * This means that the keystore is loaded twice: first load operation |
832 * If the keystore password has already been provided (at the |
837 * checks the keystore format, second load operation verifies the |
833 * command line), however, the keystore is loaded only once, and the |
838 * keystore integrity. |
834 * keystore format and integrity are checked "at the same time". |
839 * |
835 * |
840 * If the keystore password has already been provided (at the |
836 * Null stream keystores are loaded later. |
841 * command line), however, the keystore is loaded only once, and the |
837 */ |
842 * keystore format and integrity are checked "at the same time". |
838 if (!nullStream) { |
843 * |
839 keyStore.load(ksStream, storePass); |
844 * Null stream keystores are loaded later. |
840 if (ksStream != null) { |
845 */ |
841 ksStream.close(); |
846 if (!nullStream) { |
|
847 keyStore.load(ksStream, storePass); |
|
848 if (ksStream != null) { |
|
849 ksStream.close(); |
|
850 } |
842 } |
851 } |
843 } |
852 } |
844 |
853 |
845 // All commands that create or modify the keystore require a keystore |
854 // All commands that create or modify the keystore require a keystore |
846 // password. |
855 // password. |
1879 */ |
1888 */ |
1880 KeyStore loadSourceKeyStore() throws Exception { |
1889 KeyStore loadSourceKeyStore() throws Exception { |
1881 boolean isPkcs11 = false; |
1890 boolean isPkcs11 = false; |
1882 |
1891 |
1883 InputStream is = null; |
1892 InputStream is = null; |
|
1893 File srcksfile = null; |
1884 |
1894 |
1885 if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) || |
1895 if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) || |
1886 KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { |
1896 KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { |
1887 if (!NONE.equals(srcksfname)) { |
1897 if (!NONE.equals(srcksfname)) { |
1888 System.err.println(MessageFormat.format(rb.getString |
1898 System.err.println(MessageFormat.format(rb.getString |
1906 } |
1916 } |
1907 } |
1917 } |
1908 |
1918 |
1909 KeyStore store; |
1919 KeyStore store; |
1910 try { |
1920 try { |
1911 if (srcProviderName == null) { |
1921 // Probe for keystore type when filename is available |
1912 store = KeyStore.getInstance(srcstoretype); |
1922 if (srcksfile != null && is != null && srcProviderName == null && |
|
1923 hasStoretypeOption == false) { |
|
1924 store = KeyStore.getInstance(srcksfile, srcstorePass); |
1913 } else { |
1925 } else { |
1914 store = KeyStore.getInstance(srcstoretype, srcProviderName); |
1926 if (srcProviderName == null) { |
|
1927 store = KeyStore.getInstance(srcstoretype); |
|
1928 } else { |
|
1929 store = KeyStore.getInstance(srcstoretype, srcProviderName); |
|
1930 } |
1915 } |
1931 } |
1916 |
1932 |
1917 if (srcstorePass == null |
1933 if (srcstorePass == null |
1918 && !srcprotectedPath |
1934 && !srcprotectedPath |
1919 && !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { |
1935 && !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) { |