mirror of
https://github.com/openjdk/jdk.git
synced 2026-01-30 04:58:25 +00:00
330 lines
11 KiB
Java
330 lines
11 KiB
Java
/*
|
|
* Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation. Oracle designates this
|
|
* particular file as subject to the "Classpath" exception as provided
|
|
* by Oracle in the LICENSE file that accompanied this code.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
package sun.security.tools;
|
|
|
|
|
|
import java.io.BufferedReader;
|
|
import java.io.File;
|
|
import java.io.FileInputStream;
|
|
import java.io.IOException;
|
|
import java.io.InputStreamReader;
|
|
|
|
import java.io.StreamTokenizer;
|
|
import java.io.StringReader;
|
|
import java.net.URL;
|
|
|
|
import java.security.KeyStore;
|
|
|
|
import java.security.Provider;
|
|
import java.security.Security;
|
|
import java.security.cert.X509Certificate;
|
|
import java.text.Collator;
|
|
|
|
import java.util.ArrayList;
|
|
import java.util.Arrays;
|
|
import java.util.List;
|
|
import java.util.Locale;
|
|
import java.util.Properties;
|
|
import java.util.ServiceLoader;
|
|
|
|
import sun.security.util.PropertyExpander;
|
|
|
|
/**
|
|
* <p> This class provides several utilities to <code>KeyStore</code>.
|
|
*
|
|
* @since 1.6.0
|
|
*/
|
|
public class KeyStoreUtil {
|
|
|
|
private KeyStoreUtil() {
|
|
// this class is not meant to be instantiated
|
|
}
|
|
|
|
private static final Collator collator = Collator.getInstance();
|
|
static {
|
|
// this is for case insensitive string comparisons
|
|
collator.setStrength(Collator.PRIMARY);
|
|
};
|
|
|
|
/**
|
|
* Returns true if the certificate is self-signed, false otherwise.
|
|
*/
|
|
public static boolean isSelfSigned(X509Certificate cert) {
|
|
return signedBy(cert, cert);
|
|
}
|
|
|
|
public static boolean signedBy(X509Certificate end, X509Certificate ca) {
|
|
if (!ca.getSubjectX500Principal().equals(end.getIssuerX500Principal())) {
|
|
return false;
|
|
}
|
|
try {
|
|
end.verify(ca.getPublicKey());
|
|
return true;
|
|
} catch (Exception e) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns true if KeyStore has a password. This is true except for
|
|
* MSCAPI KeyStores
|
|
*/
|
|
public static boolean isWindowsKeyStore(String storetype) {
|
|
return storetype != null
|
|
&& (storetype.equalsIgnoreCase("Windows-MY")
|
|
|| storetype.equalsIgnoreCase("Windows-ROOT"));
|
|
}
|
|
|
|
/**
|
|
* Returns standard-looking names for storetype
|
|
*/
|
|
public static String niceStoreTypeName(String storetype) {
|
|
if (storetype.equalsIgnoreCase("Windows-MY")) {
|
|
return "Windows-MY";
|
|
} else if(storetype.equalsIgnoreCase("Windows-ROOT")) {
|
|
return "Windows-ROOT";
|
|
} else {
|
|
return storetype.toUpperCase(Locale.ENGLISH);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the file name of the keystore with the configured CA certificates.
|
|
*/
|
|
public static String getCacerts() {
|
|
String sep = File.separator;
|
|
return System.getProperty("java.home") + sep
|
|
+ "lib" + sep + "security" + sep
|
|
+ "cacerts";
|
|
}
|
|
|
|
/**
|
|
* Returns the keystore with the configured CA certificates.
|
|
*/
|
|
public static KeyStore getCacertsKeyStore() throws Exception {
|
|
File file = new File(getCacerts());
|
|
if (!file.exists()) {
|
|
return null;
|
|
}
|
|
return KeyStore.getInstance(file, (char[])null);
|
|
}
|
|
|
|
public static char[] getPassWithModifier(String modifier, String arg,
|
|
java.util.ResourceBundle rb) {
|
|
if (modifier == null) {
|
|
return arg.toCharArray();
|
|
} else if (collator.compare(modifier, "env") == 0) {
|
|
String value = System.getenv(arg);
|
|
if (value == null) {
|
|
System.err.println(rb.getString(
|
|
"Cannot.find.environment.variable.") + arg);
|
|
return null;
|
|
} else {
|
|
return value.toCharArray();
|
|
}
|
|
} else if (collator.compare(modifier, "file") == 0) {
|
|
try {
|
|
URL url = null;
|
|
try {
|
|
url = new URL(arg);
|
|
} catch (java.net.MalformedURLException mue) {
|
|
File f = new File(arg);
|
|
if (f.exists()) {
|
|
url = f.toURI().toURL();
|
|
} else {
|
|
System.err.println(rb.getString(
|
|
"Cannot.find.file.") + arg);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
try (BufferedReader br =
|
|
new BufferedReader(new InputStreamReader(
|
|
url.openStream()))) {
|
|
String value = br.readLine();
|
|
|
|
if (value == null) {
|
|
return new char[0];
|
|
}
|
|
|
|
return value.toCharArray();
|
|
}
|
|
} catch (IOException ioe) {
|
|
System.err.println(ioe);
|
|
return null;
|
|
}
|
|
} else {
|
|
System.err.println(rb.getString("Unknown.password.type.") +
|
|
modifier);
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Parses a option line likes
|
|
* -genkaypair -dname "CN=Me"
|
|
* and add the results into a list
|
|
* @param list the list to fill into
|
|
* @param s the line
|
|
*/
|
|
private static void parseArgsLine(List<String> list, String s)
|
|
throws IOException, PropertyExpander.ExpandException {
|
|
StreamTokenizer st = new StreamTokenizer(new StringReader(s));
|
|
|
|
st.resetSyntax();
|
|
st.whitespaceChars(0x00, 0x20);
|
|
st.wordChars(0x21, 0xFF);
|
|
// Everything is a word char except for quotation and apostrophe
|
|
st.quoteChar('"');
|
|
st.quoteChar('\'');
|
|
|
|
while (true) {
|
|
if (st.nextToken() == StreamTokenizer.TT_EOF) {
|
|
break;
|
|
}
|
|
list.add(PropertyExpander.expand(st.sval));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Prepends matched options from a pre-configured options file.
|
|
*
|
|
* @param tool the name of the tool, can be "keytool" or "jarsigner"
|
|
* @param file the pre-configured options file
|
|
* @param c1 the name of the command, with the "-" prefix,
|
|
* must not be null
|
|
* @param c2 the alternative command name, with the "-" prefix,
|
|
* null if none. For example, "genkey" is alt name for
|
|
* "genkeypair". A command can only have one alt name now.
|
|
* @param args existing arguments
|
|
* @return arguments combined
|
|
* @throws IOException if there is a file I/O or format error
|
|
* @throws PropertyExpander.ExpandException
|
|
* if there is a property expansion error
|
|
*/
|
|
public static String[] expandArgs(String tool, String file,
|
|
String c1, String c2, String[] args)
|
|
throws IOException, PropertyExpander.ExpandException {
|
|
|
|
List<String> result = new ArrayList<>();
|
|
Properties p = new Properties();
|
|
p.load(new FileInputStream(file));
|
|
|
|
String s = p.getProperty(tool + ".all");
|
|
if (s != null) {
|
|
parseArgsLine(result, s);
|
|
}
|
|
|
|
// Cannot provide both -genkey and -genkeypair
|
|
String s1 = p.getProperty(tool + "." + c1.substring(1));
|
|
String s2 = null;
|
|
if (c2 != null) {
|
|
s2 = p.getProperty(tool + "." + c2.substring(1));
|
|
}
|
|
if (s1 != null && s2 != null) {
|
|
throw new IOException("Cannot have both " + c1 + " and "
|
|
+ c2 + " as pre-configured options");
|
|
}
|
|
if (s1 == null) {
|
|
s1 = s2;
|
|
}
|
|
if (s1 != null) {
|
|
parseArgsLine(result, s1);
|
|
}
|
|
|
|
if (result.isEmpty()) {
|
|
return args;
|
|
} else {
|
|
result.addAll(Arrays.asList(args));
|
|
return result.toArray(new String[result.size()]);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Loads a security provider as a service.
|
|
*
|
|
* @param provName the name
|
|
* @param arg optional arg
|
|
* @throws IllegalArgumentException if no provider matches the name
|
|
*/
|
|
public static void loadProviderByName(String provName, String arg) {
|
|
Provider loaded = Security.getProvider(provName);
|
|
if (loaded != null) {
|
|
if (arg != null) {
|
|
loaded = loaded.configure(arg);
|
|
Security.addProvider(loaded);
|
|
}
|
|
return;
|
|
}
|
|
for (Provider p : ServiceLoader.load(Provider.class,
|
|
ClassLoader.getSystemClassLoader())) {
|
|
if (p.getName().equals(provName)) {
|
|
if (arg != null) {
|
|
p = p.configure(arg);
|
|
}
|
|
Security.addProvider(p);
|
|
return;
|
|
}
|
|
}
|
|
throw new IllegalArgumentException("No provider found");
|
|
}
|
|
|
|
/**
|
|
* Loads a security provider by a fully-qualified class name.
|
|
*
|
|
* @param provClass the class name
|
|
* @param arg optional arg
|
|
* @param cl optional class loader
|
|
* @throws IllegalArgumentException if no provider matches the class name
|
|
* @throws ClassCastException if the class has not extended Provider
|
|
*/
|
|
public static void loadProviderByClass(
|
|
String provClass, String arg, ClassLoader cl) {
|
|
|
|
// For compatibility, SunPKCS11 and OracleUcrypto can still be
|
|
// loadable with -providerClass.
|
|
if (provClass.equals("sun.security.pkcs11.SunPKCS11")) {
|
|
loadProviderByName("SunPKCS11", arg);
|
|
return;
|
|
} else if (provClass.equals("com.oracle.security.crypto.UcryptoProvider")) {
|
|
loadProviderByName("OracleUcrypto", arg);
|
|
return;
|
|
}
|
|
|
|
Provider prov;
|
|
try {
|
|
Class<?> clazz = Class.forName(provClass, false, cl);
|
|
prov = (Provider) clazz.getConstructor().newInstance();
|
|
} catch (ReflectiveOperationException e) {
|
|
throw new IllegalArgumentException(e);
|
|
}
|
|
if (arg != null) {
|
|
prov = prov.configure(arg);
|
|
}
|
|
Security.addProvider(prov);
|
|
}
|
|
}
|