| /* KeyStore.java --- Key Store Class |
| Copyright (C) 1999 Free Software Foundation, Inc. |
| |
| This file is part of GNU Classpath. |
| |
| GNU Classpath is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License as published by |
| the Free Software Foundation; either version 2, or (at your option) |
| any later version. |
| |
| GNU Classpath is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| General Public License for more details. |
| |
| You should have received a copy of the GNU General Public License |
| along with GNU Classpath; see the file COPYING. If not, write to the |
| Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA |
| 02111-1307 USA. |
| |
| Linking this library statically or dynamically with other modules is |
| making a combined work based on this library. Thus, the terms and |
| conditions of the GNU General Public License cover the whole |
| combination. |
| |
| As a special exception, the copyright holders of this library give you |
| permission to link this library with independent modules to produce an |
| executable, regardless of the license terms of these independent |
| modules, and to copy and distribute the resulting executable under |
| terms of your choice, provided that you also meet, for each linked |
| independent module, the terms and conditions of the license of that |
| module. An independent module is a module which is not derived from |
| or based on this library. If you modify this library, you may extend |
| this exception to your version of the library, but you are not |
| obligated to do so. If you do not wish to do so, delete this |
| exception statement from your version. */ |
| |
| package java.security; |
| import java.io.InputStream; |
| import java.io.IOException; |
| import java.io.OutputStream; |
| import java.security.cert.CertificateException; |
| import java.util.Date; |
| import java.util.Enumeration; |
| |
| /** |
| Keystore represents an in-memory collection of keys and |
| certificates. There are two types of entries: |
| |
| * Key Entry |
| |
| This type of keystore entry store sensitive crytographic key |
| information in a protected format.Typically this is a secret |
| key or a private key with a certificate chain. |
| |
| |
| * Trusted Ceritificate Entry |
| |
| This type of keystore entry contains a single public key |
| certificate belonging to annother entity. It is called trusted |
| because the keystore owner trusts that the certificates |
| belongs to the subject (owner) of the certificate. |
| |
| The keystore contains an "alias" string for each entry. |
| |
| The structure and persistentence of the key store is not |
| specified. Any method could be used to protect sensitive |
| (private or secret) keys. Smart cards or integrated |
| cryptographic engines could be used or the keystore could |
| be simply stored in a file. |
| */ |
| public class KeyStore |
| { |
| private KeyStoreSpi keyStoreSpi; |
| private Provider provider; |
| private String type; |
| |
| /** |
| Creates an instance of KeyStore |
| |
| @param keyStoreSpi A KeyStore engine to use |
| @param provider A provider to use |
| @param type The type of KeyStore |
| */ |
| protected KeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type) |
| { |
| this.keyStoreSpi = keyStoreSpi; |
| this.provider = provider; |
| this.type = type; |
| } |
| |
| /** |
| Gets an instance of the KeyStore class representing |
| the specified keystore. If the type is not |
| found then, it throws CertificateException. |
| |
| @param type the type of certificate to choose |
| |
| @return a KeyStore repesenting the desired type |
| |
| @throws KeyStoreException if the type of keystore is not implemented by providers |
| */ |
| public static KeyStore getInstance(String type) throws KeyStoreException |
| { |
| Provider[] p = Security.getProviders(); |
| |
| for (int i = 0; i < p.length; i++) |
| { |
| String classname = p[i].getProperty("KeyStore." + type); |
| if (classname != null) |
| return getInstance(classname, type, p[i]); |
| } |
| |
| throw new KeyStoreException(type); |
| } |
| |
| /** |
| Gets an instance of the KeyStore class representing |
| the specified key store from the specified provider. |
| If the type is not found then, it throws CertificateException. |
| If the provider is not found, then it throws |
| NoSuchProviderException. |
| |
| @param type the type of certificate to choose |
| |
| @return a KeyStore repesenting the desired type |
| |
| @throws KeyStoreException if the type of keystore is not implemented by providers |
| @throws NoSuchProviderException if the provider is not found |
| */ |
| public static KeyStore getInstance(String type, String provider) |
| throws KeyStoreException, NoSuchProviderException |
| { |
| Provider p = Security.getProvider(provider); |
| if (p == null) |
| throw new NoSuchProviderException(); |
| |
| return getInstance(p.getProperty("KeyStore." + type), type, p); |
| } |
| |
| private static KeyStore getInstance(String classname, |
| String type, |
| Provider provider) |
| throws KeyStoreException |
| { |
| try |
| { |
| return new KeyStore((KeyStoreSpi) Class.forName(classname). |
| newInstance(), provider, type); |
| } |
| catch (ClassNotFoundException cnfe) |
| { |
| throw new KeyStoreException("Class not found"); |
| } |
| catch (InstantiationException ie) |
| { |
| throw new KeyStoreException("Class instantiation failed"); |
| } |
| catch (IllegalAccessException iae) |
| { |
| throw new KeyStoreException("Illegal Access"); |
| } |
| } |
| |
| |
| /** |
| Gets the provider that the class is from. |
| |
| @return the provider of this class |
| */ |
| public final Provider getProvider() |
| { |
| return provider; |
| } |
| |
| /** |
| Returns the type of the KeyStore supported |
| |
| @return A string with the type of KeyStore |
| */ |
| public final String getType() |
| { |
| return type; |
| } |
| |
| /** |
| Returns the key associated with given alias using the |
| supplied password. |
| |
| @param alias an alias for the key to get |
| @param password password to access key with |
| |
| @return the requested key, or null otherwise |
| |
| @throws NoSuchAlgorithmException if there is no algorithm |
| for recovering the key |
| @throws UnrecoverableKeyException key cannot be reocovered |
| (wrong password). |
| */ |
| public final Key getKey(String alias, char[]password) |
| throws KeyStoreException, NoSuchAlgorithmException, |
| UnrecoverableKeyException |
| { |
| return keyStoreSpi.engineGetKey(alias, password); |
| } |
| |
| /** |
| Gets a Certificate chain for the specified alias. |
| |
| @param alias the alias name |
| |
| @return a chain of Certificates ( ordered from the user's |
| certificate to the Certificate Authority's ) or |
| null if the alias does not exist or there is no |
| certificate chain for the alias ( the alias refers |
| to a trusted certificate entry or there is no entry). |
| */ |
| public final java.security.cert. |
| Certificate[] getCertificateChain(String alias) throws KeyStoreException |
| { |
| return keyStoreSpi.engineGetCertificateChain(alias); |
| } |
| |
| /** |
| Gets a Certificate for the specified alias. |
| |
| If there is a trusted certificate entry then that is returned. |
| it there is a key entry with a certificate chain then the |
| first certificate is return or else null. |
| |
| @param alias the alias name |
| |
| @return a Certificate or null if the alias does not exist |
| or there is no certificate for the alias |
| */ |
| public final java.security.cert.Certificate getCertificate(String alias) |
| throws KeyStoreException |
| { |
| return keyStoreSpi.engineGetCertificate(alias); |
| } |
| |
| /** |
| Gets entry creation date for the specified alias. |
| |
| @param alias the alias name |
| |
| @returns the entry creation date or null |
| */ |
| public final Date getCreationDate(String alias) throws KeyStoreException |
| { |
| return keyStoreSpi.engineGetCreationDate(alias); |
| } |
| |
| /** |
| Assign the key to the alias in the keystore, protecting it |
| with the given password. It will overwrite an existing |
| entry and if the key is a PrivateKey, also add the |
| certificate chain representing the corresponding public key. |
| |
| @param alias the alias name |
| @param key the key to add |
| @password the password to protect with |
| @param chain the certificate chain for the corresponding |
| public key |
| |
| @throws KeyStoreException if it fails |
| */ |
| public final void setKeyEntry(String alias, Key key, char[]password, |
| java.security.cert. |
| Certificate[]chain) throws KeyStoreException |
| { |
| keyStoreSpi.engineSetKeyEntry(alias, key, password, chain); |
| } |
| |
| /** |
| Assign the key to the alias in the keystore. It will overwrite |
| an existing entry and if the key is a PrivateKey, also |
| add the certificate chain representing the corresponding |
| public key. |
| |
| @param alias the alias name |
| @param key the key to add |
| @param chain the certificate chain for the corresponding |
| public key |
| |
| @throws KeyStoreException if it fails |
| */ |
| public final void setKeyEntry(String alias, byte[]key, |
| java.security.cert. |
| Certificate[]chain) throws KeyStoreException |
| { |
| keyStoreSpi.engineSetKeyEntry(alias, key, chain); |
| } |
| |
| /** |
| Assign the certificate to the alias in the keystore. It |
| will overwrite an existing entry. |
| |
| @param alias the alias name |
| @param cert the certificate to add |
| |
| @throws KeyStoreException if it fails |
| */ |
| public final void setCertificateEntry(String alias, |
| java.security.cert. |
| Certificate cert) throws |
| KeyStoreException |
| { |
| keyStoreSpi.engineSetCertificateEntry(alias, cert); |
| } |
| |
| /** |
| Deletes the entry for the specified entry. |
| |
| @param alias the alias name |
| |
| @throws KeyStoreException if it fails |
| */ |
| public final void deleteEntry(String alias) throws KeyStoreException |
| { |
| keyStoreSpi.engineDeleteEntry(alias); |
| } |
| |
| /** |
| Generates a list of all the aliases in the keystore. |
| |
| @return an Enumeration of the aliases |
| */ |
| public final Enumeration aliases() throws KeyStoreException |
| { |
| return keyStoreSpi.engineAliases(); |
| } |
| |
| /** |
| Determines if the keystore contains the specified alias. |
| |
| @param alias the alias name |
| |
| @return true if it contains the alias, false otherwise |
| */ |
| public final boolean containsAlias(String alias) throws KeyStoreException |
| { |
| return keyStoreSpi.engineContainsAlias(alias); |
| } |
| |
| /** |
| Returns the number of entries in the keystore. |
| |
| @returns the number of keystore entries. |
| */ |
| public final int size() throws KeyStoreException |
| { |
| return keyStoreSpi.engineSize(); |
| } |
| |
| /** |
| Determines if the keystore contains a key entry for |
| the specified alias. |
| |
| @param alias the alias name |
| |
| @return true if it is a key entry, false otherwise |
| */ |
| public final boolean isKeyEntry(String alias) throws KeyStoreException |
| { |
| return keyStoreSpi.engineIsKeyEntry(alias); |
| } |
| |
| |
| /** |
| Determines if the keystore contains a certificate entry for |
| the specified alias. |
| |
| @param alias the alias name |
| |
| @return true if it is a certificate entry, false otherwise |
| */ |
| public final boolean isCertificateEntry(String alias) |
| throws KeyStoreException |
| { |
| return keyStoreSpi.engineIsCertificateEntry(alias); |
| } |
| |
| /** |
| Determines if the keystore contains the specified certificate |
| entry and returns the alias. |
| |
| It checks every entry and for a key entry checks only the |
| first certificate in the chain. |
| |
| @param cert Certificate to look for |
| |
| @return alias of first matching certificate, null if it |
| does not exist. |
| */ |
| public final String getCertificateAlias(java.security.cert.Certificate cert) |
| throws KeyStoreException |
| { |
| return keyStoreSpi.engineGetCertificateAlias(cert); |
| } |
| |
| /** |
| Stores the keystore in the specified output stream and it |
| uses the specified key it keep it secure. |
| |
| @param stream the output stream to save the keystore to |
| @param password the password to protect the keystore integrity with |
| |
| @throws IOException if an I/O error occurs. |
| @throws NoSuchAlgorithmException the data integrity algorithm |
| used cannot be found. |
| @throws CertificateException if any certificates could not be |
| stored in the output stream. |
| */ |
| public final void store(OutputStream stream, char[]password) |
| throws KeyStoreException, IOException, NoSuchAlgorithmException, |
| CertificateException |
| { |
| keyStoreSpi.engineStore(stream, password); |
| } |
| |
| /** |
| Loads the keystore from the specified input stream and it |
| uses the specified password to check for integrity if supplied. |
| |
| @param stream the input stream to load the keystore from |
| @param password the password to check the keystore integrity with |
| |
| @throws IOException if an I/O error occurs. |
| @throws NoSuchAlgorithmException the data integrity algorithm |
| used cannot be found. |
| @throws CertificateException if any certificates could not be |
| stored in the output stream. |
| */ |
| public final void load(InputStream stream, char[]password) |
| throws IOException, NoSuchAlgorithmException, CertificateException |
| { |
| keyStoreSpi.engineLoad(stream, password); |
| } |
| |
| /** |
| Returns the default KeyStore type. This method looks up the |
| type in <JAVA_HOME>/lib/security/java.security with the |
| property "keystore.type" or if that fails then "jks" . |
| */ |
| public static final String getDefaultType() |
| { |
| String tmp; |
| //Security reads every property in java.security so it |
| //will return this property if it exists. |
| tmp = Security.getProperty("keystore.type"); |
| |
| if (tmp == null) |
| tmp = "jks"; |
| |
| return tmp; |
| } |
| } |