/*
 * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/**
 * @see AccessKeyStore.sh
 */

import java.security.Provider;
import java.security.*;
import java.security.cert.*;
import java.security.cert.Certificate;
import java.security.interfaces.RSAKey;
import java.util.Enumeration;

public class AccessKeyStore {

    public static void main(String[] args) throws Exception {

        // Check if the provider is available
        try {
            Class.forName("sun.security.mscapi.SunMSCAPI");

        } catch (Exception e) {
            System.out.println(
                "The SunMSCAPI provider is not available on this platform: " +
                e);
            return;
        }

        // Check that a security manager has been installed
        if (System.getSecurityManager() == null) {
            throw new Exception("A security manager has not been installed");
        }

        Provider p = Security.getProvider("SunMSCAPI");

        System.out.println("SunMSCAPI provider classname is " +
            p.getClass().getName());

        KeyStore keyStore = KeyStore.getInstance("Windows-MY", p);

        /*
         * If a SecurityManager exists then this will trigger a
         * SecurityException if the following permission has not
         * been granted:
         *
         *     SecurityPermission("authProvider.SunMSCAPI")
         */
        try {

            keyStore.load(null, null);

            if (args.length > 0 && "-deny".equals(args[0])) {
                throw new Exception(
                    "Expected KeyStore.load to throw a SecurityException");
            }

        } catch (SecurityException se) {

            if (args.length > 0 && "-deny".equals(args[0])) {
                System.out.println("Caught the expected exception: " + se);
                return;
            } else {
                throw se;
            }
        }

        int i = 0;
        for (Enumeration e = keyStore.aliases(); e.hasMoreElements(); ) {
            String alias = (String) e.nextElement();
            displayEntry(keyStore, alias, i++);
        }
    }

    private static void displayEntry(KeyStore keyStore, String alias,
        int index) throws KeyStoreException, NoSuchAlgorithmException  {

        if (keyStore.isKeyEntry(alias)) {
            System.out.println("[" + index + "]\n    " + alias +
                " [key-entry]\n");

            try {

                Key key = keyStore.getKey(alias, null);

                if (key instanceof RSAKey) {
                    System.out.println("    Key type: " + key.getAlgorithm() +
                        " (" + ((RSAKey)key).getModulus().bitLength() +
                        " bit)\n");
                } else {
                    System.out.println("    Key type: " + key.getAlgorithm() +
                        "\n");
                }

            } catch (UnrecoverableKeyException e) {
                System.out.println("    Key type: Unknown\n");
            }

            Certificate[] chain = keyStore.getCertificateChain(alias);
            if (chain != null) {
                System.out.println("    Certificate chain: ");
                for (int i = 0; i < chain.length; i ++) {
                    System.out.println("        ["+ (i + 1) + "]");
                    displayCert(chain[i], "            ");
                }
            }

        } else {
            System.out.println("[" + index + "]\n    " + alias +
                " [trusted-cert-entry]\n");
            Certificate[] chain = keyStore.getCertificateChain(alias);
            if (chain != null) {
                System.out.println("    Certificate chain: ");
                for (int i = 0; i < chain.length; i ++) {
                    System.out.println("        ["+ (i + 1) + "]");
                    displayCert(chain[i], "            ");
                }
            }
        }
        System.out.println("-------------------------------------------------");
    }

    private static void displayCert(Certificate cert, String tab) {
        if (cert instanceof X509Certificate) {
            X509Certificate x = (X509Certificate) cert;
            System.out.println(
                tab + "Owner: " + x.getSubjectDN().toString() + "\n" +
                tab + "Issuer: " + x.getIssuerDN().toString() + "\n" +
                tab + "Serial number: " + x.getSerialNumber().toString(16) +
                "\n"+
                tab + "Valid from: " + x.getNotBefore().toString() + "\n" +
                tab + "     until: " + x.getNotAfter().toString());
        } else {
            System.out.println(tab + "[unknown certificate format]");
        }
        System.out.println();
    }
}