Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
9fd026aa
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
9fd026aa
编写于
5月 25, 2015
作者:
V
vinnie
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8062552: Support keystore type detection for JKS and PKCS12 keystores
Reviewed-by: weijun
上级
12c1b68e
变更
11
隐藏空白更改
内联
并排
Showing
11 changed file
with
644 addition
and
8 deletion
+644
-8
src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
+43
-4
src/share/classes/sun/security/provider/JavaKeyStore.java
src/share/classes/sun/security/provider/JavaKeyStore.java
+10
-2
src/share/classes/sun/security/provider/KeyStoreDelegator.java
...hare/classes/sun/security/provider/KeyStoreDelegator.java
+279
-0
src/share/classes/sun/security/provider/SunEntries.java
src/share/classes/sun/security/provider/SunEntries.java
+3
-2
src/share/lib/security/java.security-aix
src/share/lib/security/java.security-aix
+9
-0
src/share/lib/security/java.security-linux
src/share/lib/security/java.security-linux
+9
-0
src/share/lib/security/java.security-macosx
src/share/lib/security/java.security-macosx
+9
-0
src/share/lib/security/java.security-solaris
src/share/lib/security/java.security-solaris
+9
-0
src/share/lib/security/java.security-windows
src/share/lib/security/java.security-windows
+9
-0
test/java/security/KeyStore/TestKeystoreCompat.java
test/java/security/KeyStore/TestKeystoreCompat.java
+235
-0
test/java/security/KeyStore/trusted.pem
test/java/security/KeyStore/trusted.pem
+29
-0
未找到文件。
src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java
浏览文件 @
9fd026aa
...
...
@@ -1057,6 +1057,39 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
}
}
/**
* Determines if the keystore {@code Entry} for the specified
* {@code alias} is an instance or subclass of the specified
* {@code entryClass}.
*
* @param alias the alias name
* @param entryClass the entry class
*
* @return true if the keystore {@code Entry} for the specified
* {@code alias} is an instance or subclass of the
* specified {@code entryClass}, false otherwise
*
* @since 1.5
*/
@Override
public
boolean
engineEntryInstanceOf
(
String
alias
,
Class
<?
extends
KeyStore
.
Entry
>
entryClass
)
{
if
(
entryClass
==
KeyStore
.
TrustedCertificateEntry
.
class
)
{
return
engineIsCertificateEntry
(
alias
);
}
Entry
entry
=
entries
.
get
(
alias
.
toLowerCase
(
Locale
.
ENGLISH
));
if
(
entryClass
==
KeyStore
.
PrivateKeyEntry
.
class
)
{
return
(
entry
!=
null
&&
entry
instanceof
PrivateKeyEntry
);
}
if
(
entryClass
==
KeyStore
.
SecretKeyEntry
.
class
)
{
return
(
entry
!=
null
&&
entry
instanceof
SecretKeyEntry
);
}
return
false
;
}
/**
* Returns the (alias) name of the first keystore entry whose certificate
* matches the given certificate.
...
...
@@ -1089,7 +1122,7 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
}
else
{
continue
;
}
if
(
certElem
.
equals
(
cert
))
{
if
(
certElem
!=
null
&&
certElem
.
equals
(
cert
))
{
return
alias
;
}
}
...
...
@@ -1932,7 +1965,12 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
safeContentsData
=
safeContents
.
getData
();
}
else
if
(
contentType
.
equals
((
Object
)
ContentInfo
.
ENCRYPTED_DATA_OID
))
{
if
(
password
==
null
)
{
continue
;
if
(
debug
!=
null
)
{
debug
.
println
(
"Warning: skipping PKCS#7 encryptedData"
+
" content-type - no password was supplied"
);
}
continue
;
}
if
(
debug
!=
null
)
{
...
...
@@ -1974,8 +2012,9 @@ public final class PKCS12KeyStore extends KeyStoreSpi {
password
=
new
char
[
1
];
continue
;
}
throw
new
IOException
(
"failed to decrypt safe contents entry: "
+
e
,
e
);
throw
new
IOException
(
"keystore password was incorrect"
,
new
UnrecoverableKeyException
(
"failed to decrypt safe contents entry: "
+
e
));
}
}
}
else
{
...
...
src/share/classes/sun/security/provider/JavaKeyStore.java
浏览文件 @
9fd026aa
/*
* Copyright (c) 1997, 201
1
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 201
5
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -31,9 +31,10 @@ import java.security.cert.Certificate;
import
java.security.cert.CertificateFactory
;
import
java.security.cert.CertificateException
;
import
java.util.*
;
import
sun.misc.IOUtils
;
import
sun.misc.IOUtils
;
import
sun.security.pkcs.EncryptedPrivateKeyInfo
;
import
sun.security.pkcs12.PKCS12KeyStore
;
/**
* This class provides the keystore implementation referred to as "JKS".
...
...
@@ -65,6 +66,13 @@ abstract class JavaKeyStore extends KeyStoreSpi {
}
}
// special JKS that supports JKS and PKCS12 file formats
public
static
final
class
DualFormatJKS
extends
KeyStoreDelegator
{
public
DualFormatJKS
()
{
super
(
"JKS"
,
JKS
.
class
,
"PKCS12"
,
PKCS12KeyStore
.
class
);
}
}
private
static
final
int
MAGIC
=
0xfeedfeed
;
private
static
final
int
VERSION_1
=
0x01
;
private
static
final
int
VERSION_2
=
0x02
;
...
...
src/share/classes/sun/security/provider/KeyStoreDelegator.java
0 → 100644
浏览文件 @
9fd026aa
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
sun.security.provider
;
import
java.io.*
;
import
java.security.*
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.cert.CertificateException
;
import
java.util.*
;
import
sun.security.util.Debug
;
/**
* This class delegates to a primary or secondary keystore implementation.
*
* @since 1.8
*/
class
KeyStoreDelegator
extends
KeyStoreSpi
{
private
static
final
String
KEYSTORE_TYPE_COMPAT
=
"keystore.type.compat"
;
private
static
final
Debug
debug
=
Debug
.
getInstance
(
"keystore"
);
private
final
String
primaryType
;
// the primary keystore's type
private
final
String
secondaryType
;
// the secondary keystore's type
private
final
Class
<?
extends
KeyStoreSpi
>
primaryKeyStore
;
// the primary keystore's class
private
final
Class
<?
extends
KeyStoreSpi
>
secondaryKeyStore
;
// the secondary keystore's class
private
String
type
;
// the delegate's type
private
KeyStoreSpi
keystore
;
// the delegate
private
boolean
compatModeEnabled
=
true
;
public
KeyStoreDelegator
(
String
primaryType
,
Class
<?
extends
KeyStoreSpi
>
primaryKeyStore
,
String
secondaryType
,
Class
<?
extends
KeyStoreSpi
>
secondaryKeyStore
)
{
// Check whether compatibility mode has been disabled
// (Use inner-class instead of lambda to avoid init/ClassLoader problem)
compatModeEnabled
=
"true"
.
equalsIgnoreCase
(
AccessController
.
doPrivileged
(
new
PrivilegedAction
<
String
>()
{
public
String
run
()
{
return
Security
.
getProperty
(
KEYSTORE_TYPE_COMPAT
);
}
}
));
if
(
compatModeEnabled
)
{
this
.
primaryType
=
primaryType
;
this
.
secondaryType
=
secondaryType
;
this
.
primaryKeyStore
=
primaryKeyStore
;
this
.
secondaryKeyStore
=
secondaryKeyStore
;
}
else
{
this
.
primaryType
=
primaryType
;
this
.
secondaryType
=
null
;
this
.
primaryKeyStore
=
primaryKeyStore
;
this
.
secondaryKeyStore
=
null
;
if
(
debug
!=
null
)
{
debug
.
println
(
"WARNING: compatibility mode disabled for "
+
primaryType
+
" and "
+
secondaryType
+
" keystore types"
);
}
}
}
@Override
public
Key
engineGetKey
(
String
alias
,
char
[]
password
)
throws
NoSuchAlgorithmException
,
UnrecoverableKeyException
{
return
keystore
.
engineGetKey
(
alias
,
password
);
}
@Override
public
Certificate
[]
engineGetCertificateChain
(
String
alias
)
{
return
keystore
.
engineGetCertificateChain
(
alias
);
}
@Override
public
Certificate
engineGetCertificate
(
String
alias
)
{
return
keystore
.
engineGetCertificate
(
alias
);
}
@Override
public
Date
engineGetCreationDate
(
String
alias
)
{
return
keystore
.
engineGetCreationDate
(
alias
);
}
@Override
public
void
engineSetKeyEntry
(
String
alias
,
Key
key
,
char
[]
password
,
Certificate
[]
chain
)
throws
KeyStoreException
{
keystore
.
engineSetKeyEntry
(
alias
,
key
,
password
,
chain
);
}
@Override
public
void
engineSetKeyEntry
(
String
alias
,
byte
[]
key
,
Certificate
[]
chain
)
throws
KeyStoreException
{
keystore
.
engineSetKeyEntry
(
alias
,
key
,
chain
);
}
@Override
public
void
engineSetCertificateEntry
(
String
alias
,
Certificate
cert
)
throws
KeyStoreException
{
keystore
.
engineSetCertificateEntry
(
alias
,
cert
);
}
@Override
public
void
engineDeleteEntry
(
String
alias
)
throws
KeyStoreException
{
keystore
.
engineDeleteEntry
(
alias
);
}
@Override
public
Enumeration
<
String
>
engineAliases
()
{
return
keystore
.
engineAliases
();
}
@Override
public
boolean
engineContainsAlias
(
String
alias
)
{
return
keystore
.
engineContainsAlias
(
alias
);
}
@Override
public
int
engineSize
()
{
return
keystore
.
engineSize
();
}
@Override
public
boolean
engineIsKeyEntry
(
String
alias
)
{
return
keystore
.
engineIsKeyEntry
(
alias
);
}
@Override
public
boolean
engineIsCertificateEntry
(
String
alias
)
{
return
keystore
.
engineIsCertificateEntry
(
alias
);
}
@Override
public
String
engineGetCertificateAlias
(
Certificate
cert
)
{
return
keystore
.
engineGetCertificateAlias
(
cert
);
}
@Override
public
KeyStore
.
Entry
engineGetEntry
(
String
alias
,
KeyStore
.
ProtectionParameter
protParam
)
throws
KeyStoreException
,
NoSuchAlgorithmException
,
UnrecoverableEntryException
{
return
keystore
.
engineGetEntry
(
alias
,
protParam
);
}
@Override
public
void
engineSetEntry
(
String
alias
,
KeyStore
.
Entry
entry
,
KeyStore
.
ProtectionParameter
protParam
)
throws
KeyStoreException
{
keystore
.
engineSetEntry
(
alias
,
entry
,
protParam
);
}
@Override
public
boolean
engineEntryInstanceOf
(
String
alias
,
Class
<?
extends
KeyStore
.
Entry
>
entryClass
)
{
return
keystore
.
engineEntryInstanceOf
(
alias
,
entryClass
);
}
@Override
public
void
engineStore
(
OutputStream
stream
,
char
[]
password
)
throws
IOException
,
NoSuchAlgorithmException
,
CertificateException
{
if
(
debug
!=
null
)
{
debug
.
println
(
"Storing keystore in "
+
type
+
" format"
);
}
keystore
.
engineStore
(
stream
,
password
);
}
@Override
public
void
engineLoad
(
InputStream
stream
,
char
[]
password
)
throws
IOException
,
NoSuchAlgorithmException
,
CertificateException
{
// A new keystore is always created in the primary keystore format
if
(
stream
==
null
||
!
compatModeEnabled
)
{
try
{
keystore
=
primaryKeyStore
.
newInstance
();
}
catch
(
InstantiationException
|
IllegalAccessException
e
)
{
// can safely ignore
}
type
=
primaryType
;
if
(
debug
!=
null
&&
stream
==
null
)
{
debug
.
println
(
"Creating a new keystore in "
+
type
+
" format"
);
}
keystore
.
engineLoad
(
stream
,
password
);
}
else
{
// First try the primary keystore then try the secondary keystore
try
(
InputStream
bufferedStream
=
new
BufferedInputStream
(
stream
))
{
bufferedStream
.
mark
(
Integer
.
MAX_VALUE
);
try
{
keystore
=
primaryKeyStore
.
newInstance
();
type
=
primaryType
;
keystore
.
engineLoad
(
bufferedStream
,
password
);
}
catch
(
Exception
e
)
{
// incorrect password
if
(
e
instanceof
IOException
&&
e
.
getCause
()
instanceof
UnrecoverableKeyException
)
{
throw
(
IOException
)
e
;
}
try
{
keystore
=
secondaryKeyStore
.
newInstance
();
type
=
secondaryType
;
bufferedStream
.
reset
();
keystore
.
engineLoad
(
bufferedStream
,
password
);
if
(
debug
!=
null
)
{
debug
.
println
(
"WARNING: switching from "
+
primaryType
+
" to "
+
secondaryType
+
" keystore file format has altered the "
+
"keystore security level"
);
}
}
catch
(
InstantiationException
|
IllegalAccessException
e2
)
{
// can safely ignore
}
catch
(
IOException
|
NoSuchAlgorithmException
|
CertificateException
e3
)
{
// incorrect password
if
(
e3
instanceof
IOException
&&
e3
.
getCause
()
instanceof
UnrecoverableKeyException
)
{
throw
(
IOException
)
e3
;
}
// rethrow the outer exception
if
(
e
instanceof
IOException
)
{
throw
(
IOException
)
e
;
}
else
if
(
e
instanceof
CertificateException
)
{
throw
(
CertificateException
)
e
;
}
else
if
(
e
instanceof
NoSuchAlgorithmException
)
{
throw
(
NoSuchAlgorithmException
)
e
;
}
}
}
}
if
(
debug
!=
null
)
{
debug
.
println
(
"Loaded a keystore in "
+
type
+
" format"
);
}
}
}
}
src/share/classes/sun/security/provider/SunEntries.java
浏览文件 @
9fd026aa
/*
* Copyright (c) 1996, 201
3
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
5
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -228,7 +228,8 @@ final class SunEntries {
/*
* KeyStore
*/
map
.
put
(
"KeyStore.JKS"
,
"sun.security.provider.JavaKeyStore$JKS"
);
map
.
put
(
"KeyStore.JKS"
,
"sun.security.provider.JavaKeyStore$DualFormatJKS"
);
map
.
put
(
"KeyStore.CaseExactJKS"
,
"sun.security.provider.JavaKeyStore$CaseExactJKS"
);
map
.
put
(
"KeyStore.DKS"
,
"sun.security.provider.DomainKeyStore$DKS"
);
...
...
src/share/lib/security/java.security-aix
浏览文件 @
9fd026aa
...
...
@@ -170,6 +170,15 @@ policy.ignoreIdentityScope=false
#
keystore.type=jks
#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading
# keystore files in either JKS or PKCS12 format. When set to 'false'
# it supports loading only JKS keystore files.
#
keystore.type.compat=true
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
...
...
src/share/lib/security/java.security-linux
浏览文件 @
9fd026aa
...
...
@@ -170,6 +170,15 @@ policy.ignoreIdentityScope=false
#
keystore.type=jks
#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading
# keystore files in either JKS or PKCS12 format. When set to 'false'
# it supports loading only JKS keystore files.
#
keystore.type.compat=true
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
...
...
src/share/lib/security/java.security-macosx
浏览文件 @
9fd026aa
...
...
@@ -171,6 +171,15 @@ policy.ignoreIdentityScope=false
#
keystore.type=jks
#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading
# keystore files in either JKS or PKCS12 format. When set to 'false'
# it supports loading only JKS keystore files.
#
keystore.type.compat=true
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
...
...
src/share/lib/security/java.security-solaris
浏览文件 @
9fd026aa
...
...
@@ -172,6 +172,15 @@ policy.ignoreIdentityScope=false
#
keystore.type=jks
#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading
# keystore files in either JKS or PKCS12 format. When set to 'false'
# it supports loading only JKS keystore files.
#
keystore.type.compat=true
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
...
...
src/share/lib/security/java.security-windows
浏览文件 @
9fd026aa
...
...
@@ -171,6 +171,15 @@ policy.ignoreIdentityScope=false
#
keystore.type=jks
#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading
# keystore files in either JKS or PKCS12 format. When set to 'false'
# it supports loading only JKS keystore files.
#
keystore.type.compat=true
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
...
...
test/java/security/KeyStore/TestKeystoreCompat.java
0 → 100644
浏览文件 @
9fd026aa
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8062552
* @run main/othervm TestKeystoreCompat
* @summary test compatibility mode for JKS and PKCS12 keystores
*/
import
java.io.*
;
import
java.security.*
;
import
java.security.KeyStore.*
;
import
java.security.cert.*
;
import
javax.crypto.*
;
import
javax.security.auth.callback.*
;
public
class
TestKeystoreCompat
{
private
static
final
char
[]
PASSWORD
=
"changeit"
.
toCharArray
();
private
static
final
String
DIR
=
System
.
getProperty
(
"test.src"
,
"."
);
// This is an arbitrary X.509 certificate
private
static
final
String
CERT_FILE
=
"trusted.pem"
;
public
static
final
void
main
(
String
[]
args
)
throws
Exception
{
// Testing empty keystores
init
(
"empty.jks"
,
"JKS"
);
init
(
"empty.jceks"
,
"JCEKS"
);
init
(
"empty.p12"
,
"PKCS12"
);
load
(
"empty.jks"
,
"JKS"
);
load
(
"empty.jceks"
,
"JCEKS"
);
load
(
"empty.p12"
,
"PKCS12"
);
load
(
"empty.p12"
,
"JKS"
);
// test compatibility mode
load
(
"empty.jks"
,
"PKCS12"
,
true
);
// test without compatibility mode
load
(
"empty.jks"
,
"JKS"
,
false
);
// test without compatibility mode
load
(
"empty.p12"
,
"JKS"
,
true
);
// test without compatibility mode
load
(
"empty.p12"
,
"PKCS12"
,
false
);
// test without compatibility mode
build
(
"empty.jks"
,
"JKS"
,
true
);
build
(
"empty.jks"
,
"JKS"
,
false
);
build
(
"empty.jceks"
,
"JCEKS"
,
true
);
build
(
"empty.jceks"
,
"JCEKS"
,
false
);
build
(
"empty.p12"
,
"PKCS12"
,
true
);
build
(
"empty.p12"
,
"PKCS12"
,
false
);
// Testing keystores containing an X.509 certificate
X509Certificate
cert
=
loadCertificate
(
CERT_FILE
);
init
(
"onecert.jks"
,
"JKS"
,
cert
);
init
(
"onecert.jceks"
,
"JCEKS"
,
cert
);
init
(
"onecert.p12"
,
"PKCS12"
,
cert
);
load
(
"onecert.jks"
,
"JKS"
);
load
(
"onecert.jceks"
,
"JCEKS"
);
load
(
"onecert.p12"
,
"PKCS12"
);
load
(
"onecert.p12"
,
"JKS"
);
// test compatibility mode
load
(
"onecert.jks"
,
"PKCS12"
,
true
);
// test without compatibility mode
load
(
"onecert.jks"
,
"JKS"
,
false
);
// test without compatibility mode
load
(
"onecert.p12"
,
"JKS"
,
true
);
// test without compatibility mode
load
(
"onecert.p12"
,
"PKCS12"
,
false
);
// test without compatibility mode
build
(
"onecert.jks"
,
"JKS"
,
true
);
build
(
"onecert.jks"
,
"JKS"
,
false
);
build
(
"onecert.jceks"
,
"JCEKS"
,
true
);
build
(
"onecert.jceks"
,
"JCEKS"
,
false
);
build
(
"onecert.p12"
,
"PKCS12"
,
true
);
build
(
"onecert.p12"
,
"PKCS12"
,
false
);
// Testing keystores containing a secret key
SecretKey
key
=
generateSecretKey
(
"AES"
,
128
);
init
(
"onekey.jceks"
,
"JCEKS"
,
key
);
init
(
"onekey.p12"
,
"PKCS12"
,
key
);
load
(
"onekey.jceks"
,
"JCEKS"
);
load
(
"onekey.p12"
,
"PKCS12"
);
load
(
"onekey.p12"
,
"JKS"
);
// test compatibility mode
load
(
"onekey.p12"
,
"JKS"
,
true
);
// test without compatibility mode
load
(
"onekey.p12"
,
"PKCS12"
,
false
);
// test without compatibility mode
build
(
"onekey.jceks"
,
"JCEKS"
,
true
);
build
(
"onekey.jceks"
,
"JCEKS"
,
false
);
build
(
"onekey.p12"
,
"PKCS12"
,
true
);
build
(
"onekey.p12"
,
"PKCS12"
,
false
);
System
.
out
.
println
(
"OK."
);
}
// Instantiate an empty keystore using the supplied keystore type
private
static
void
init
(
String
file
,
String
type
)
throws
Exception
{
KeyStore
ks
=
KeyStore
.
getInstance
(
type
);
ks
.
load
(
null
,
null
);
try
(
OutputStream
stream
=
new
FileOutputStream
(
file
))
{
ks
.
store
(
stream
,
PASSWORD
);
}
System
.
out
.
println
(
"Created a "
+
type
+
" keystore named '"
+
file
+
"'"
);
}
// Instantiate a keystore using the supplied keystore type & create an entry
private
static
void
init
(
String
file
,
String
type
,
X509Certificate
cert
)
throws
Exception
{
KeyStore
ks
=
KeyStore
.
getInstance
(
type
);
ks
.
load
(
null
,
null
);
ks
.
setEntry
(
"mycert"
,
new
KeyStore
.
TrustedCertificateEntry
(
cert
),
null
);
try
(
OutputStream
stream
=
new
FileOutputStream
(
file
))
{
ks
.
store
(
stream
,
PASSWORD
);
}
System
.
out
.
println
(
"Created a "
+
type
+
" keystore named '"
+
file
+
"'"
);
}
// Instantiate a keystore using the supplied keystore type & create an entry
private
static
void
init
(
String
file
,
String
type
,
SecretKey
key
)
throws
Exception
{
KeyStore
ks
=
KeyStore
.
getInstance
(
type
);
ks
.
load
(
null
,
null
);
ks
.
setEntry
(
"mykey"
,
new
KeyStore
.
SecretKeyEntry
(
key
),
new
PasswordProtection
(
PASSWORD
));
try
(
OutputStream
stream
=
new
FileOutputStream
(
file
))
{
ks
.
store
(
stream
,
PASSWORD
);
}
System
.
out
.
println
(
"Created a "
+
type
+
" keystore named '"
+
file
+
"'"
);
}
// Instantiate a keystore by probing the supplied file for the keystore type
private
static
void
build
(
String
file
,
String
type
,
boolean
usePassword
)
throws
Exception
{
Builder
builder
;
if
(
usePassword
)
{
builder
=
Builder
.
newInstance
(
type
,
null
,
new
File
(
file
),
new
PasswordProtection
(
PASSWORD
));
}
else
{
builder
=
Builder
.
newInstance
(
type
,
null
,
new
File
(
file
),
new
CallbackHandlerProtection
(
new
DummyHandler
()));
}
KeyStore
ks
=
builder
.
getKeyStore
();
if
(!
type
.
equalsIgnoreCase
(
ks
.
getType
()))
{
throw
new
Exception
(
"ERROR: expected a "
+
type
+
" keystore, "
+
"got a "
+
ks
.
getType
()
+
" keystore instead"
);
}
else
{
System
.
out
.
println
(
"Built a "
+
type
+
" keystore named '"
+
file
+
"'"
);
}
}
// Load the keystore entries
private
static
void
load
(
String
file
,
String
type
)
throws
Exception
{
KeyStore
ks
=
KeyStore
.
getInstance
(
type
);
try
(
InputStream
stream
=
new
FileInputStream
(
file
))
{
ks
.
load
(
stream
,
PASSWORD
);
}
if
(!
type
.
equalsIgnoreCase
(
ks
.
getType
()))
{
throw
new
Exception
(
"ERROR: expected a "
+
type
+
" keystore, "
+
"got a "
+
ks
.
getType
()
+
" keystore instead"
);
}
else
{
System
.
out
.
println
(
"Loaded a "
+
type
+
" keystore named '"
+
file
+
"'"
);
}
}
// Load the keystore entries (with compatibility mode disabled)
private
static
void
load
(
String
file
,
String
type
,
boolean
expectFailure
)
throws
Exception
{
Security
.
setProperty
(
"keystore.type.compat"
,
"false"
);
try
{
load
(
file
,
type
);
if
(
expectFailure
)
{
throw
new
Exception
(
"ERROR: expected load to fail but it didn't"
);
}
}
catch
(
IOException
e
)
{
if
(
expectFailure
)
{
System
.
out
.
println
(
"Failed to load a "
+
type
+
" keystore named '"
+
file
+
"' (as expected)"
);
}
else
{
throw
e
;
}
}
finally
{
Security
.
setProperty
(
"keystore.type.compat"
,
"true"
);
}
}
// Read an X.509 certificate from the supplied file
private
static
X509Certificate
loadCertificate
(
String
certFile
)
throws
Exception
{
X509Certificate
cert
=
null
;
try
(
FileInputStream
certStream
=
new
FileInputStream
(
DIR
+
"/"
+
certFile
))
{
CertificateFactory
factory
=
CertificateFactory
.
getInstance
(
"X.509"
);
return
(
X509Certificate
)
factory
.
generateCertificate
(
certStream
);
}
}
// Generate a secret key using the supplied algorithm name and key size
private
static
SecretKey
generateSecretKey
(
String
algorithm
,
int
size
)
throws
NoSuchAlgorithmException
{
KeyGenerator
generator
=
KeyGenerator
.
getInstance
(
algorithm
);
generator
.
init
(
size
);
return
generator
.
generateKey
();
}
private
static
class
DummyHandler
implements
CallbackHandler
{
public
void
handle
(
Callback
[]
callbacks
)
throws
IOException
,
UnsupportedCallbackException
{
System
.
out
.
println
(
"** Callbackhandler invoked"
);
for
(
int
i
=
0
;
i
<
callbacks
.
length
;
i
++)
{
Callback
cb
=
callbacks
[
i
];
if
(
cb
instanceof
PasswordCallback
)
{
PasswordCallback
pcb
=
(
PasswordCallback
)
cb
;
pcb
.
setPassword
(
PASSWORD
);
break
;
}
}
}
}
}
test/java/security/KeyStore/trusted.pem
0 → 100644
浏览文件 @
9fd026aa
-----BEGIN CERTIFICATE-----
MIIF5DCCBMygAwIBAgIQGVCD3zqdD1ZMZZ/zLAPnQzANBgkqhkiG9w0BAQUFADCBvDELMAkGA1UE
BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
ZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
L3JwYSAoYykxMDE2MDQGA1UEAxMtVmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZl
ciBDQSAtIEczMB4XDTEyMDcxMDAwMDAwMFoXDTEzMDczMTIzNTk1OVowgbgxCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRcwFQYDVQQHFA5SZWR3b29kIFNob3JlczEbMBkGA1UEChQS
T3JhY2xlIENvcnBvcmF0aW9uMRIwEAYDVQQLFAlHbG9iYWwgSVQxMzAxBgNVBAsUKlRlcm1zIG9m
IHVzZSBhdCB3d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEVMBMGA1UEAxQMKi5vcmFjbGUuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/dOCGrWzPj62q0ZkF59Oj9Fli4wHAuX
U4/S0yBXF8j6K7TKWFTQkGZt3+08KUhmLm1CE1DbbyRJT292YNXYXunNaKdABob8kaBO/NESUOEJ
0SZh7fd0xCSJAAPiwOMrM5jLeb/dEpU6nP74Afrhu5ffvKdcvTRGguj9H2oVsisTK8Z1HsiiwcJG
JXcrjvdCZoPU4FHvK03XZPAqPHKNSaJOrux6kRIWYjQMlmL+qDOb0nNHa6gBdi+VqqJHJHeAM677
dcUd0jn2m2OWtUnrM3MJZQof7/z27RTdX5J8np0ChkUgm63biDgRZO7uZP0DARQ0I6lZMlrarT8/
sct3twIDAQABo4IB4jCCAd4wFwYDVR0RBBAwDoIMKi5vcmFjbGUuY29tMAkGA1UdEwQCMAAwCwYD
VR0PBAQDAgWgMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6
Ly93d3cudmVyaXNpZ24uY29tL3JwYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwbgYI
KwYBBQUHAQwEYjBgoV6gXDBaMFgwVhYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUS2u5KJYGDLvQ
UjibKaxLB4shBRgwJhYkaHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nbzEuZ2lmMHIGCCsG
AQUFBwEBBGYwZDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMDwGCCsGAQUF
BzAChjBodHRwOi8vc3ZyaW50bC1nMy1haWEudmVyaXNpZ24uY29tL1NWUkludGxHMy5jZXIwQQYD
VR0fBDowODA2oDSgMoYwaHR0cDovL3N2cmludGwtZzMtY3JsLnZlcmlzaWduLmNvbS9TVlJJbnRs
RzMuY3JsMB8GA1UdIwQYMBaAFNebfNgioBX33a1fzimbWMO8RgC1MA0GCSqGSIb3DQEBBQUAA4IB
AQAITRBlEo+qXLwCL53Db2BGnhDgnSomjne8aCmU7Yt4Kp91tzJdhNuaC/wwDuzD2dPJqzemae3s
wKiOXrmDQZDj9NNTdkrXHnCvDR4TpOynWe3zBa0bwKnV2cIRKcv482yV53u0kALyFZbagYPwOOz3
YJA/2SqdcDn9Ztc/ABQ1SkyXyA5j4LJdf2g7BtYrFxjy0RG6We2iM781WSB/9MCNKyHgiwd3KpLf
urdSKLzy1elNAyt1P3UHwBIIvZ6sJIr/eeELc54Lxt6PtQCXx8qwxYTYXWPXbLgKBHdebgrmAbPK
TfD69wysvjk6vwSHjmvaqB4R4WRcgkuT+1gxx+ve
-----END CERTIFICATE-----
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录