/*

 * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

package sun.security.pkcs12;

import java.io.*;

import java.security.AccessController;

import java.security.MessageDigest;

import java.security.NoSuchAlgorithmException;

import java.security.Key;

import java.security.KeyFactory;

import java.security.KeyStore;

import java.security.KeyStoreSpi;

import java.security.KeyStoreException;

import java.security.PKCS12Attribute;

import java.security.PrivateKey;

import java.security.PrivilegedAction;

import java.security.UnrecoverableEntryException;

import java.security.UnrecoverableKeyException;

import java.security.SecureRandom;

import java.security.Security;

import java.security.cert.Certificate;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.security.cert.CertificateException;

import java.security.spec.AlgorithmParameterSpec;

import java.security.spec.KeySpec;

import java.security.spec.PKCS8EncodedKeySpec;

import java.util.*;

import java.security.AlgorithmParameters;

import javax.crypto.spec.PBEParameterSpec;

import javax.crypto.spec.PBEKeySpec;

import javax.crypto.spec.SecretKeySpec;

import javax.crypto.SecretKeyFactory;

import javax.crypto.SecretKey;

import javax.crypto.Cipher;

import javax.crypto.Mac;

import javax.security.auth.DestroyFailedException;

import javax.security.auth.x500.X500Principal;

import sun.security.util.Debug;

import sun.security.util.DerInputStream;

import sun.security.util.DerOutputStream;

import sun.security.util.DerValue;

import sun.security.util.ObjectIdentifier;

import sun.security.pkcs.ContentInfo;

import sun.security.x509.AlgorithmId;

import sun.security.pkcs.EncryptedPrivateKeyInfo;

import sun.security.provider.JavaKeyStore.JKS;

import sun.security.util.KeyStoreDelegator;

/**

 * This class provides the keystore implementation referred to as "PKCS12".

 * Implements the PKCS#12 PFX protected using the Password privacy mode.

 * The contents are protected using Password integrity mode.

 *

 * Currently we support following PBE algorithms:

 *  - pbeWithSHAAnd3KeyTripleDESCBC to encrypt private keys

 *  - pbeWithSHAAnd40BitRC2CBC to encrypt certificates

 *

 * Supported encryption of various implementations :

 *

 * Software and mode.     Certificate encryption  Private key encryption

 * ---------------------------------------------------------------------

 * MSIE4 (domestic            40 bit RC2.            40 bit RC2

 * and xport versions)

 * PKCS#12 export.

 *

 * MSIE4, 5 (domestic         40 bit RC2,            40 bit RC2,

 * and export versions)       3 key triple DES       3 key triple DES

 * PKCS#12 import.

 *

 * MSIE5                      40 bit RC2             3 key triple DES,

 * PKCS#12 export.                                   with SHA1 (168 bits)

 *

 * Netscape Communicator      40 bit RC2             3 key triple DES,

 * (domestic and export                              with SHA1 (168 bits)

 * versions) PKCS#12 export

 *

 * Netscape Communicator      40 bit ciphers only    All.

 * (export version)

 * PKCS#12 import.

 *

 * Netscape Communicator      All.                   All.

 * (domestic or fortified

 * version) PKCS#12 import.

 *

 * OpenSSL PKCS#12 code.      All.                   All.

 * ---------------------------------------------------------------------

 *

 * NOTE: PKCS12 KeyStore supports PrivateKeyEntry and TrustedCertficateEntry.

 * PKCS#12 is mainly used to deliver private keys with their associated

 * certificate chain and aliases. In a PKCS12 keystore, entries are

 * identified by the alias, and a localKeyId is required to match the

 * private key with the certificate. Trusted certificate entries are identified

 * by the presence of an trustedKeyUsage attribute.

 *

 * @author Seema Malkani

 * @author Jeff Nisewanger

 * @author Jan Luehe

 *

 * @see KeyProtector

 * @see java.security.KeyStoreSpi

 * @see KeyTool

 *

 *

 */

public final class PKCS12KeyStore extends KeyStoreSpi {

    // special PKCS12 keystore that supports PKCS12 and JKS file formats

    public static final class DualFormatPKCS12 extends KeyStoreDelegator {

        public DualFormatPKCS12() {

            super("PKCS12", PKCS12KeyStore.class, "JKS", JKS.class);

        }

    }

    public static final int VERSION_3 = 3;

    private static final String[] KEY_PROTECTION_ALGORITHM = {

        "keystore.pkcs12.keyProtectionAlgorithm",

        "keystore.PKCS12.keyProtectionAlgorithm"

    };

    // friendlyName, localKeyId, trustedKeyUsage

    private static final String[] CORE_ATTRIBUTES = {

        "1.2.840.113549.1.9.20",

        "1.2.840.113549.1.9.21",

        "2.16.840.1.113894.746875.1.1"

    };

    private static final Debug debug = Debug.getInstance("pkcs12");

                                        {1, 2, 840, 113549, 1, 12, 1, 6};

                                        {1, 2, 840, 113549, 1, 12, 1, 3};

    // TODO: temporary Oracle OID

    /*

     * { joint-iso-itu-t(2) country(16) us(840) organization(1) oracle(113894)

     *   jdk(746875) crypto(1) id-at-trustedKeyUsage(1) }

     */

                                        {2, 16, 840, 1, 113894, 746875, 1, 1};

    private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;

    private static ObjectIdentifier CertBag_OID;

    private static ObjectIdentifier SecretBag_OID;

    private static ObjectIdentifier PKCS9FriendlyName_OID;

    private static ObjectIdentifier PKCS9LocalKeyId_OID;

    private static ObjectIdentifier PKCS9CertType_OID;

    private static ObjectIdentifier pbeWithSHAAnd40BitRC2CBC_OID;

    private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;

    private static ObjectIdentifier pbes2_OID;

    private static ObjectIdentifier TrustedKeyUsage_OID;

    private static ObjectIdentifier[] AnyUsage;

    private int counter = 0;

    private static final int iterationCount = 1024;

    private static final int SALT_LEN = 20;

    // private key count

    // Note: This is a workaround to allow null localKeyID attribute

    // in pkcs12 with one private key entry and associated cert-chain

    private int privateKeyCount = 0;

    // secret key count

    private int secretKeyCount = 0;

    // certificate count

    private int certificateCount = 0;

    // the source of randomness

    private SecureRandom random;

    static {

        try {

            PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);

            CertBag_OID = new ObjectIdentifier(certBag);

            SecretBag_OID = new ObjectIdentifier(secretBag);

            PKCS9FriendlyName_OID = new ObjectIdentifier(pkcs9Name);

            PKCS9LocalKeyId_OID = new ObjectIdentifier(pkcs9KeyId);

            PKCS9CertType_OID = new ObjectIdentifier(pkcs9certType);

            pbeWithSHAAnd40BitRC2CBC_OID =

                        new ObjectIdentifier(pbeWithSHAAnd40BitRC2CBC);

            pbeWithSHAAnd3KeyTripleDESCBC_OID =

                        new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);

            pbes2_OID = new ObjectIdentifier(pbes2);

            TrustedKeyUsage_OID = new ObjectIdentifier(TrustedKeyUsage);

            AnyUsage = new ObjectIdentifier[]{

                new ObjectIdentifier(AnyExtendedKeyUsage)};

        } catch (IOException ioe) {

            // should not happen

        }

    }

    // A keystore entry and associated attributes

    private static class Entry {

        Date date; // the creation date of this entry

        String alias;

        byte[] keyId;

        Set<KeyStore.Entry.Attribute> attributes;

    }

    // A key entry

    private static class KeyEntry extends Entry {

    }

    // A private key entry and its supporting certificate chain

    private static class PrivateKeyEntry extends KeyEntry {

        byte[] protectedPrivKey;

    };

    // A secret key

    private static class SecretKeyEntry extends KeyEntry {

        byte[] protectedSecretKey;

    };

    // A certificate entry

    private static class CertEntry extends Entry {

        final X509Certificate cert;

        ObjectIdentifier[] trustedKeyUsage;

        CertEntry(X509Certificate cert, byte[] keyId, String alias) {

            this(cert, keyId, alias, null, null);

        }

        CertEntry(X509Certificate cert, byte[] keyId, String alias,

                ObjectIdentifier[] trustedKeyUsage,

                Set<? extends KeyStore.Entry.Attribute> attributes) {

            this.date = new Date();

            this.cert = cert;

            this.keyId = keyId;

            this.alias = alias;

            this.trustedKeyUsage = trustedKeyUsage;

            this.attributes = new HashSet<>();

            if (attributes != null) {

                this.attributes.addAll(attributes);

            }

        }

    }

    /**

     * Private keys and certificates are stored in a map.

     * Map entries are keyed by alias names.

     */

    private Map<String, Entry> entries =

        Collections.synchronizedMap(new LinkedHashMap<String, Entry>());

    private ArrayList<KeyEntry> keyList = new ArrayList<KeyEntry>();

    private LinkedHashMap<X500Principal, X509Certificate> certsMap =

            new LinkedHashMap<X500Principal, X509Certificate>();

    private ArrayList<CertEntry> certEntries = new ArrayList<CertEntry>();

    /**

     * Returns the key associated with the given alias, using the given

     * password to recover it.

     *

     * @param alias the alias name

     * @param password the password for recovering the key

     *

     * @return the requested key, or null if the given alias does not exist

     * or does not identify a <i>key entry</i>.

     *

     * @exception NoSuchAlgorithmException if the algorithm for recovering the

     * key cannot be found

     * @exception UnrecoverableKeyException if the key cannot be recovered

     * (e.g., the given password is wrong).

     */

    public Key engineGetKey(String alias, char[] password)

        throws NoSuchAlgorithmException, UnrecoverableKeyException

    {

        Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));

        Key key = null;

        if (entry == null || (!(entry instanceof KeyEntry))) {

            return null;

        }

        // get the encoded private key or secret key

        byte[] encrBytes = null;

        if (entry instanceof PrivateKeyEntry) {

            encrBytes = ((PrivateKeyEntry) entry).protectedPrivKey;

        } else if (entry instanceof SecretKeyEntry) {

            encrBytes = ((SecretKeyEntry) entry).protectedSecretKey;

        } else {

            throw new UnrecoverableKeyException("Error locating key");

        }

        byte[] encryptedKey;

        AlgorithmParameters algParams;

        ObjectIdentifier algOid;

        try {

            // get the encrypted private key

            EncryptedPrivateKeyInfo encrInfo =

                        new EncryptedPrivateKeyInfo(encrBytes);

            encryptedKey = encrInfo.getEncryptedData();

            // parse Algorithm parameters

            DerValue val = new DerValue(encrInfo.getAlgorithm().encode());

            DerInputStream in = val.toDerInputStream();

            algOid = in.getOID();

            algParams = parseAlgParameters(algOid, in);

        } catch (IOException ioe) {

            UnrecoverableKeyException uke =

                new UnrecoverableKeyException("Private key not stored as "

                                 + "PKCS#8 EncryptedPrivateKeyInfo: " + ioe);

            uke.initCause(ioe);

            throw uke;

        }

        try {

            byte[] keyInfo;

            while (true) {

                try {

                    // Use JCE

                    SecretKey skey = getPBEKey(password);

                    Cipher cipher = Cipher.getInstance(

                        mapPBEParamsToAlgorithm(algOid, algParams));

                    cipher.init(Cipher.DECRYPT_MODE, skey, algParams);

                    keyInfo = cipher.doFinal(encryptedKey);

                    break;

                } catch (Exception e) {

                    if (password.length == 0) {

                        // Retry using an empty password

                        // without a NULL terminator.

                        password = new char[1];

                        continue;

                    }

                    throw e;

                }

            }

            /*

             * Parse the key algorithm and then use a JCA key factory

             * to re-create the key.

             */

            DerValue val = new DerValue(keyInfo);

            DerInputStream in = val.toDerInputStream();

            int i = in.getInteger();

            DerValue[] value = in.getSequence(2);

            AlgorithmId algId = new AlgorithmId(value[0].getOID());

            String keyAlgo = algId.getName();

            // decode private key

            if (entry instanceof PrivateKeyEntry) {

                KeyFactory kfac = KeyFactory.getInstance(keyAlgo);

                PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(keyInfo);

                key = kfac.generatePrivate(kspec);

                if (debug != null) {

                    debug.println("Retrieved a protected private key (" +

                        key.getClass().getName() + ") at alias '" + alias +

                        "'");

                }

            // decode secret key

            } else {

                SecretKeyFactory sKeyFactory =

                    SecretKeyFactory.getInstance(keyAlgo);

                byte[] keyBytes = in.getOctetString();

                SecretKeySpec secretKeySpec =

                    new SecretKeySpec(keyBytes, keyAlgo);

                // Special handling required for PBE: needs a PBEKeySpec

                if (keyAlgo.startsWith("PBE")) {

                    KeySpec pbeKeySpec =

                        sKeyFactory.getKeySpec(secretKeySpec, PBEKeySpec.class);

                    key = sKeyFactory.generateSecret(pbeKeySpec);

                } else {

                    key = sKeyFactory.generateSecret(secretKeySpec);

                }

                if (debug != null) {

                    debug.println("Retrieved a protected secret key (" +

                        key.getClass().getName() + ") at alias '" + alias +

                        "'");

                }

            }

        } catch (Exception e) {

            UnrecoverableKeyException uke =

                new UnrecoverableKeyException("Get Key failed: " +

                                        e.getMessage());

            uke.initCause(e);

            throw uke;

        }

        return key;

    }

    /**

     * Returns the certificate chain associated with the given alias.

     *

     * @param alias the alias name

     *

     * @return the certificate chain (ordered with the user's certificate first

     * and the root certificate authority last), or null if the given alias

     * does not exist or does not contain a certificate chain (i.e., the given

     * alias identifies either a <i>trusted certificate entry</i> or a

     * <i>key entry</i> without a certificate chain).

     */

    public Certificate[] engineGetCertificateChain(String alias) {

        Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));

        if (entry != null && entry instanceof PrivateKeyEntry) {

            if (((PrivateKeyEntry) entry).chain == null) {

                return null;

            } else {

                if (debug != null) {

                    debug.println("Retrieved a " +

                        ((PrivateKeyEntry) entry).chain.length +

                        "-certificate chain at alias '" + alias + "'");

                }

                return ((PrivateKeyEntry) entry).chain.clone();

            }

        } else {

            return null;

        }

    }

    /**

     * Returns the certificate associated with the given alias.

     *

     * <p>If the given alias name identifies a

     * <i>trusted certificate entry</i>, the certificate associated with that

     * entry is returned. If the given alias name identifies a

     * <i>key entry</i>, the first element of the certificate chain of that

     * entry is returned, or null if that entry does not have a certificate

     * chain.

     *

     * @param alias the alias name

     *

     * @return the certificate, or null if the given alias does not exist or

     * does not contain a certificate.

     */

    public Certificate engineGetCertificate(String alias) {

        Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));

        if (entry == null) {

            return null;

        }

        if (entry instanceof CertEntry &&

            ((CertEntry) entry).trustedKeyUsage != null) {

            if (debug != null) {

                if (Arrays.equals(AnyUsage,

                    ((CertEntry) entry).trustedKeyUsage)) {

                    debug.println("Retrieved a certificate at alias '" + alias +

                        "' (trusted for any purpose)");

                } else {

                    debug.println("Retrieved a certificate at alias '" + alias +

                        "' (trusted for limited purposes)");

                }

            }

            return ((CertEntry) entry).cert;

        } else if (entry instanceof PrivateKeyEntry) {

            if (((PrivateKeyEntry) entry).chain == null) {

                return null;

            } else {

                if (debug != null) {

                    debug.println("Retrieved a certificate at alias '" + alias +

                        "'");

                }

                return ((PrivateKeyEntry) entry).chain[0];

            }