本文整理汇总了Java中sun.security.tools.KeyStoreUtil类的典型用法代码示例。如果您正苦于以下问题:Java KeyStoreUtil类的具体用法?Java KeyStoreUtil怎么用?Java KeyStoreUtil使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
KeyStoreUtil类属于sun.security.tools包,在下文中一共展示了KeyStoreUtil类的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: doPrintEntries
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
/**
* Prints all keystore entries.
*/
private void doPrintEntries(PrintStream out)
throws Exception
{
if (storePass == null
&& !KeyStoreUtil.isWindowsKeyStore(storetype)) {
printWarning();
} else {
out.println();
}
out.println(rb.getString("Keystore.type.") + keyStore.getType());
out.println(rb.getString("Keystore.provider.") +
keyStore.getProvider().getName());
out.println();
MessageFormat form;
form = (keyStore.size() == 1) ?
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entry")) :
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entries"));
Object[] source = {new Integer(keyStore.size())};
out.println(form.format(source));
out.println();
for (Enumeration<String> e = keyStore.aliases();
e.hasMoreElements(); ) {
String alias = e.nextElement();
doPrintEntry(alias, out, false);
if (verbose || rfc) {
out.println(rb.getString("NEWLINE"));
out.println(rb.getString
("STAR"));
out.println(rb.getString
("STARNN"));
}
}
}
示例2: buildChain
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
/**
* Recursively tries to establish chain from pool of certs starting from
* certToVerify until a self-signed cert is found, and fill the certs found
* into chain. Each cert in the chain signs the next one.
*
* This method is able to recover from an error, say, if certToVerify
* is signed by certA but certA has no issuer in certs and itself is not
* self-signed, the method can try another certB that also signs
* certToVerify and look for signer of certB, etc, etc.
*
* Each cert in chain comes with a label showing its origin. The label is
* used in the warning message when the cert is considered a risk.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
Vector<Pair<String,X509Certificate>> chain,
Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
Principal issuer = certToVerify.snd.getIssuerDN();
// Get the issuer's certificate(s)
Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
try {
certToVerify.snd.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
示例3: main
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
public static void main(String[] args) throws Exception {
run("-help -list");
if (!msg.contains("-cacerts")) {
throw new Exception("No cacerts in help:\n" + msg);
}
String cacerts = KeyStoreUtil.getCacerts();
run("-list -keystore " + cacerts);
if (!msg.contains("Warning:")) {
throw new Exception("No warning in output:\n" + msg);
}
run("-list -cacerts");
KeyStore ks = KeyStore.getInstance(new File(cacerts), (char[])null);
for (String alias: Collections.list(ks.aliases())) {
if (!msg.contains(alias)) {
throw new Exception(alias + " not found in\n" + msg);
}
}
try {
run("-list -cacerts -storetype jks");
throw new Exception("Should fail");
} catch (IllegalArgumentException iae) {
if (!msg.contains("cannot be used with")) {
throw new Exception("Bad error msg\n" + msg);
}
}
}
示例4: buildChain
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
/**
* Recursively tries to establish chain from pool of trusted certs.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(X509Certificate certToVerify,
Vector<Certificate> chain,
Hashtable<Principal, Vector<Certificate>> certs) {
Principal issuer = certToVerify.getIssuerDN();
if (KeyStoreUtil.isSelfSigned(certToVerify)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
// Get the issuer's certificate(s)
Vector<Certificate> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Certificate> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
X509Certificate issuerCert
= (X509Certificate)issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.getPublicKey();
try {
certToVerify.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
示例5: inplaceImportCheck
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
boolean inplaceImportCheck() throws Exception {
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
return false;
}
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
if (srcksfile.getCanonicalFile()
.equals(new File(ksfname).getCanonicalFile())) {
return true;
} else {
// Informational, especially if destkeystore is not
// provided, which default to ~/.keystore.
System.err.println(String.format(rb.getString(
"importing.keystore.status"), srcksfname, ksfname));
return false;
}
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
示例6: getPass
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
static char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
if (output != null) return output;
usage();
return null; // Useless, usage() already exit
}
示例7: recoverEntry
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
/**
* Recovers entry associated with given alias.
*
* @return an array of objects, where the 1st element in the array is the
* recovered entry, and the 2nd element is the password used to
* recover it (null if no password).
*/
private Pair<Entry,char[]> recoverEntry(KeyStore ks,
String alias,
char[] pstore,
char[] pkey) throws Exception {
if (ks.containsAlias(alias) == false) {
MessageFormat form = new MessageFormat
(rb.getString("Alias.alias.does.not.exist"));
Object[] source = {alias};
throw new Exception(form.format(source));
}
PasswordProtection pp = null;
Entry entry;
try {
// First attempt to access entry without key password
// (PKCS11 entry or trusted certificate entry, for example)
entry = ks.getEntry(alias, pp);
pkey = null;
} catch (UnrecoverableEntryException une) {
if(P11KEYSTORE.equalsIgnoreCase(ks.getType()) ||
KeyStoreUtil.isWindowsKeyStore(ks.getType())) {
// should not happen, but a possibility
throw une;
}
// entry is protected
if (pkey != null) {
// try provided key password
pp = new PasswordProtection(pkey);
entry = ks.getEntry(alias, pp);
} else {
// try store pass
try {
pp = new PasswordProtection(pstore);
entry = ks.getEntry(alias, pp);
pkey = pstore;
} catch (UnrecoverableEntryException une2) {
if (P12KEYSTORE.equalsIgnoreCase(ks.getType())) {
// P12 keystore currently does not support separate
// store and entry passwords
throw une2;
} else {
// prompt for entry password
pkey = getKeyPasswd(alias, null, null);
pp = new PasswordProtection(pkey);
entry = ks.getEntry(alias, pp);
}
}
}
}
return Pair.of(entry, pkey);
}
示例8: getPass
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
private char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
if (output != null) return output;
tinyHelp();
return null; // Useless, tinyHelp() already exits.
}
示例9: signerInfo
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
/**
* Returns a string of singer info, with a newline at the end
*/
private String signerInfo(CodeSigner signer, String tab) {
if (cacheForSignerInfo.containsKey(signer)) {
return cacheForSignerInfo.get(signer);
}
StringBuilder sb = new StringBuilder();
List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
// display the signature timestamp, if present
Date timestamp;
Timestamp ts = signer.getTimestamp();
if (ts != null) {
sb.append(printTimestamp(tab, ts));
sb.append('\n');
timestamp = ts.getTimestamp();
} else {
timestamp = null;
noTimestamp = true;
}
// display the certificate(sb). The first one is end-entity cert and
// its KeyUsage should be checked.
boolean first = true;
for (Certificate c : certs) {
sb.append(printCert(tab, c, true, timestamp, first));
sb.append('\n');
first = false;
}
try {
validateCertChain(certs);
} catch (Exception e) {
chainNotValidated = true;
chainNotValidatedReason = e;
sb.append(tab).append(rb.getString(".CertPath.not.validated."))
.append(e.getLocalizedMessage()).append("]\n"); // TODO
}
if (certs.size() == 1
&& KeyStoreUtil.isSelfSigned((X509Certificate)certs.get(0))) {
signerSelfSigned = true;
}
String result = sb.toString();
cacheForSignerInfo.put(signer, result);
return result;
}
示例10: signerInfo
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
/**
* Returns a string of singer info, with a newline at the end
*/
private String signerInfo(CodeSigner signer, String tab) {
if (cacheForSignerInfo.containsKey(signer)) {
return cacheForSignerInfo.get(signer);
}
StringBuilder sb = new StringBuilder();
List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
// display the signature timestamp, if present
Date timestamp;
Timestamp ts = signer.getTimestamp();
if (ts != null) {
sb.append(printTimestamp(tab, ts));
sb.append('\n');
timestamp = ts.getTimestamp();
} else {
timestamp = null;
noTimestamp = true;
}
// display the certificate(sb). The first one is end-entity cert and
// its KeyUsage should be checked.
boolean first = true;
for (Certificate c : certs) {
sb.append(printCert(tab, c, true, timestamp, first));
sb.append('\n');
first = false;
}
try {
validateCertChain(certs);
} catch (Exception e) {
if (debug) {
e.printStackTrace();
}
if (e.getCause() != null &&
(e.getCause() instanceof CertificateExpiredException ||
e.getCause() instanceof CertificateNotYetValidException)) {
// No more warning, we alreay have hasExpiredCert or notYetValidCert
} else {
chainNotValidated = true;
chainNotValidatedReason = e;
sb.append(tab).append(rb.getString(".CertPath.not.validated."))
.append(e.getLocalizedMessage()).append("]\n"); // TODO
}
}
if (certs.size() == 1
&& KeyStoreUtil.isSelfSigned((X509Certificate)certs.get(0))) {
signerSelfSigned = true;
}
String result = sb.toString();
cacheForSignerInfo.put(signer, result);
return result;
}
示例11: loadSourceKeyStore
import sun.security.tools.KeyStoreUtil; //导入依赖的package包/类
/**
* Load the srckeystore from a stream, used in -importkeystore
* @returns the src KeyStore
*/
KeyStore loadSourceKeyStore() throws Exception {
InputStream is = null;
File srcksfile = null;
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
if (!NONE.equals(srcksfname)) {
System.err.println(MessageFormat.format(rb.getString
(".keystore.must.be.NONE.if.storetype.is.{0}"), srcstoretype));
System.err.println();
tinyHelp();
}
} else {
srcksfile = new File(srcksfname);
is = new FileInputStream(srcksfile);
}
KeyStore store;
try {
if (srcProviderName == null) {
store = KeyStore.getInstance(srcstoretype);
} else {
store = KeyStore.getInstance(srcstoretype, srcProviderName);
}
if (srcstorePass == null
&& !srcprotectedPath
&& !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
System.err.print(rb.getString("Enter.source.keystore.password."));
System.err.flush();
srcstorePass = Password.readPassword(System.in);
passwords.add(srcstorePass);
}
// always let keypass be storepass when using pkcs12
if (P12KEYSTORE.equalsIgnoreCase(srcstoretype)) {
if (srckeyPass != null && srcstorePass != null &&
!Arrays.equals(srcstorePass, srckeyPass)) {
MessageFormat form = new MessageFormat(rb.getString(
"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value."));
Object[] source = {"-srckeypass"};
System.err.println(form.format(source));
srckeyPass = srcstorePass;
}
}
store.load(is, srcstorePass); // "is" already null in PKCS11
} finally {
if (is != null) {
is.close();
}
}
if (srcstorePass == null
&& !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
// anti refactoring, copied from printNoIntegrityWarning(),
// but change 2 lines
System.err.println();
System.err.println(rb.getString
(".WARNING.WARNING.WARNING."));
System.err.println(rb.getString
(".The.integrity.of.the.information.stored.in.the.srckeystore."));
System.err.println(rb.getString
(".WARNING.WARNING.WARNING."));
System.err.println();
}
return store;
}