sun.security.tools.KeyStoreUtil Java Examples
The following examples show how to use
sun.security.tools.KeyStoreUtil.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: Main.java From hottub with GNU General Public License v2.0 | 5 votes |
|
/**
* Prints all keystore entries.
*/
private void doPrintEntries(PrintStream out)
throws Exception
{
if (storePass == null
&& !KeyStoreUtil.isWindowsKeyStore(storetype)) {
printWarning();
} else {
out.println();
}
out.println(rb.getString("Keystore.type.") + keyStore.getType());
out.println(rb.getString("Keystore.provider.") +
keyStore.getProvider().getName());
out.println();
MessageFormat form;
form = (keyStore.size() == 1) ?
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entry")) :
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entries"));
Object[] source = {new Integer(keyStore.size())};
out.println(form.format(source));
out.println();
for (Enumeration<String> e = keyStore.aliases();
e.hasMoreElements(); ) {
String alias = e.nextElement();
doPrintEntry(alias, out, false);
if (verbose || rfc) {
out.println(rb.getString("NEWLINE"));
out.println(rb.getString
("STAR"));
out.println(rb.getString
("STARNN"));
}
}
}
Example #2
| Source File: Main.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of certs starting from
* certToVerify until a self-signed cert is found, and fill the certs found
* into chain. Each cert in the chain signs the next one.
*
* This method is able to recover from an error, say, if certToVerify
* is signed by certA but certA has no issuer in certs and itself is not
* self-signed, the method can try another certB that also signs
* certToVerify and look for signer of certB, etc, etc.
*
* Each cert in chain comes with a label showing its origin. The label is
* used in the warning message when the cert is considered a risk.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
Vector<Pair<String,X509Certificate>> chain,
Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
Principal issuer = certToVerify.snd.getIssuerDN();
// Get the issuer's certificate(s)
Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
try {
certToVerify.snd.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example #3
| Source File: Main.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of certs starting from
* certToVerify until a self-signed cert is found, and fill the certs found
* into chain. Each cert in the chain signs the next one.
*
* This method is able to recover from an error, say, if certToVerify
* is signed by certA but certA has no issuer in certs and itself is not
* self-signed, the method can try another certB that also signs
* certToVerify and look for signer of certB, etc, etc.
*
* Each cert in chain comes with a label showing its origin. The label is
* used in the warning message when the cert is considered a risk.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
Vector<Pair<String,X509Certificate>> chain,
Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
Principal issuer = certToVerify.snd.getIssuerDN();
// Get the issuer's certificate(s)
Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
try {
certToVerify.snd.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example #4
| Source File: Main.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Prints all keystore entries.
*/
private void doPrintEntries(PrintStream out)
throws Exception
{
if (storePass == null
&& !KeyStoreUtil.isWindowsKeyStore(storetype)) {
printWarning();
} else {
out.println();
}
out.println(rb.getString("Keystore.type.") + keyStore.getType());
out.println(rb.getString("Keystore.provider.") +
keyStore.getProvider().getName());
out.println();
MessageFormat form;
form = (keyStore.size() == 1) ?
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entry")) :
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entries"));
Object[] source = {new Integer(keyStore.size())};
out.println(form.format(source));
out.println();
for (Enumeration<String> e = keyStore.aliases();
e.hasMoreElements(); ) {
String alias = e.nextElement();
doPrintEntry(alias, out, false);
if (verbose || rfc) {
out.println(rb.getString("NEWLINE"));
out.println(rb.getString
("STAR"));
out.println(rb.getString
("STARNN"));
}
}
}
Example #5
| Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Prints all keystore entries.
*/
private void doPrintEntries(PrintStream out)
throws Exception
{
if (storePass == null
&& !KeyStoreUtil.isWindowsKeyStore(storetype)) {
printWarning();
} else {
out.println();
}
out.println(rb.getString("Keystore.type.") + keyStore.getType());
out.println(rb.getString("Keystore.provider.") +
keyStore.getProvider().getName());
out.println();
MessageFormat form;
form = (keyStore.size() == 1) ?
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entry")) :
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entries"));
Object[] source = {new Integer(keyStore.size())};
out.println(form.format(source));
out.println();
for (Enumeration<String> e = keyStore.aliases();
e.hasMoreElements(); ) {
String alias = e.nextElement();
doPrintEntry(alias, out, false);
if (verbose || rfc) {
out.println(rb.getString("NEWLINE"));
out.println(rb.getString
("STAR"));
out.println(rb.getString
("STARNN"));
}
}
}
Example #6
| Source File: Main.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
boolean inplaceImportCheck() throws Exception {
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
return false;
}
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
if (srcksfile.getCanonicalFile()
.equals(new File(ksfname).getCanonicalFile())) {
return true;
} else {
// Informational, especially if destkeystore is not
// provided, which default to ~/.keystore.
System.err.println(String.format(rb.getString(
"importing.keystore.status"), srcksfname, ksfname));
return false;
}
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
Example #7
| Source File: Main.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
/**
* Prints all keystore entries.
*/
private void doPrintEntries(PrintStream out)
throws Exception
{
if (storePass == null
&& !KeyStoreUtil.isWindowsKeyStore(storetype)) {
printWarning();
} else {
out.println();
}
out.println(rb.getString("Keystore.type.") + keyStore.getType());
out.println(rb.getString("Keystore.provider.") +
keyStore.getProvider().getName());
out.println();
MessageFormat form;
form = (keyStore.size() == 1) ?
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entry")) :
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entries"));
Object[] source = {new Integer(keyStore.size())};
out.println(form.format(source));
out.println();
for (Enumeration<String> e = keyStore.aliases();
e.hasMoreElements(); ) {
String alias = e.nextElement();
doPrintEntry(alias, out, false);
if (verbose || rfc) {
out.println(rb.getString("NEWLINE"));
out.println(rb.getString
("STAR"));
out.println(rb.getString
("STARNN"));
}
}
}
Example #8
| Source File: Main.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
boolean inplaceImportCheck() throws Exception {
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
return false;
}
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
if (srcksfile.getCanonicalFile()
.equals(new File(ksfname).getCanonicalFile())) {
return true;
} else {
// Informational, especially if destkeystore is not
// provided, which default to ~/.keystore.
System.err.println(String.format(rb.getString(
"importing.keystore.status"), srcksfname, ksfname));
return false;
}
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
Example #9
| Source File: Main.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of certs starting from
* certToVerify until a self-signed cert is found, and fill the certs found
* into chain. Each cert in the chain signs the next one.
*
* This method is able to recover from an error, say, if certToVerify
* is signed by certA but certA has no issuer in certs and itself is not
* self-signed, the method can try another certB that also signs
* certToVerify and look for signer of certB, etc, etc.
*
* Each cert in chain comes with a label showing its origin. The label is
* used in the warning message when the cert is considered a risk.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
Vector<Pair<String,X509Certificate>> chain,
Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
Principal issuer = certToVerify.snd.getIssuerDN();
// Get the issuer's certificate(s)
Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
try {
certToVerify.snd.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example #10
| Source File: Main.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
boolean inplaceImportCheck() throws Exception {
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
return false;
}
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
if (srcksfile.getCanonicalFile()
.equals(new File(ksfname).getCanonicalFile())) {
return true;
} else {
// Informational, especially if destkeystore is not
// provided, which default to ~/.keystore.
System.err.println(String.format(rb.getString(
"importing.keystore.status"), srcksfname, ksfname));
return false;
}
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
Example #11
| Source File: Main.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of certs starting from
* certToVerify until a self-signed cert is found, and fill the certs found
* into chain. Each cert in the chain signs the next one.
*
* This method is able to recover from an error, say, if certToVerify
* is signed by certA but certA has no issuer in certs and itself is not
* self-signed, the method can try another certB that also signs
* certToVerify and look for signer of certB, etc, etc.
*
* Each cert in chain comes with a label showing its origin. The label is
* used in the warning message when the cert is considered a risk.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
Vector<Pair<String,X509Certificate>> chain,
Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
Principal issuer = certToVerify.snd.getIssuerDN();
// Get the issuer's certificate(s)
Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
try {
certToVerify.snd.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example #12
| Source File: Main.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
boolean inplaceImportCheck() throws Exception {
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
return false;
}
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
if (srcksfile.getCanonicalFile()
.equals(new File(ksfname).getCanonicalFile())) {
return true;
} else {
// Informational, especially if destkeystore is not
// provided, which default to ~/.keystore.
System.err.println(String.format(rb.getString(
"importing.keystore.status"), srcksfname, ksfname));
return false;
}
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
Example #13
| Source File: Main.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
boolean inplaceImportCheck() throws Exception {
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
return false;
}
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
if (srcksfile.getCanonicalFile()
.equals(new File(ksfname).getCanonicalFile())) {
return true;
} else {
// Informational, especially if destkeystore is not
// provided, which default to ~/.keystore.
System.err.println(String.format(rb.getString(
"importing.keystore.status"), srcksfname, ksfname));
return false;
}
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
Example #14
| Source File: Main.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
/**
* Prints all keystore entries.
*/
private void doPrintEntries(PrintStream out)
throws Exception
{
if (storePass == null
&& !KeyStoreUtil.isWindowsKeyStore(storetype)) {
printWarning();
} else {
out.println();
}
out.println(rb.getString("Keystore.type.") + keyStore.getType());
out.println(rb.getString("Keystore.provider.") +
keyStore.getProvider().getName());
out.println();
MessageFormat form;
form = (keyStore.size() == 1) ?
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entry")) :
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entries"));
Object[] source = {new Integer(keyStore.size())};
out.println(form.format(source));
out.println();
for (Enumeration<String> e = keyStore.aliases();
e.hasMoreElements(); ) {
String alias = e.nextElement();
doPrintEntry(alias, out, false);
if (verbose || rfc) {
out.println(rb.getString("NEWLINE"));
out.println(rb.getString
("STAR"));
out.println(rb.getString
("STARNN"));
}
}
}
Example #15
| Source File: Main.java From Bytecoder with Apache License 2.0 | 5 votes |
|
boolean inplaceImportCheck() throws Exception {
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
return false;
}
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
if (srcksfile.getCanonicalFile()
.equals(new File(ksfname).getCanonicalFile())) {
return true;
} else {
// Informational, especially if destkeystore is not
// provided, which default to ~/.keystore.
System.err.println(String.format(rb.getString(
"importing.keystore.status"), srcksfname, ksfname));
return false;
}
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
Example #16
| Source File: Main.java From Bytecoder with Apache License 2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of certs starting from
* certToVerify until a self-signed cert is found, and fill the certs found
* into chain. Each cert in the chain signs the next one.
*
* This method is able to recover from an error, say, if certToVerify
* is signed by certA but certA has no issuer in certs and itself is not
* self-signed, the method can try another certB that also signs
* certToVerify and look for signer of certB, etc, etc.
*
* Each cert in chain comes with a label showing its origin. The label is
* used in the warning message when the cert is considered a risk.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
Vector<Pair<String,X509Certificate>> chain,
Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
Principal issuer = certToVerify.snd.getIssuerDN();
// Get the issuer's certificate(s)
Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
try {
certToVerify.snd.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example #17
| Source File: Main.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
/**
* Recursively tries to establish chain from pool of certs starting from
* certToVerify until a self-signed cert is found, and fill the certs found
* into chain. Each cert in the chain signs the next one.
*
* This method is able to recover from an error, say, if certToVerify
* is signed by certA but certA has no issuer in certs and itself is not
* self-signed, the method can try another certB that also signs
* certToVerify and look for signer of certB, etc, etc.
*
* Each cert in chain comes with a label showing its origin. The label is
* used in the warning message when the cert is considered a risk.
*
* @param certToVerify the cert that needs to be verified.
* @param chain the chain that's being built.
* @param certs the pool of trusted certs
*
* @return true if successful, false otherwise.
*/
private boolean buildChain(Pair<String,X509Certificate> certToVerify,
Vector<Pair<String,X509Certificate>> chain,
Hashtable<Principal, Vector<Pair<String,X509Certificate>>> certs) {
if (KeyStoreUtil.isSelfSigned(certToVerify.snd)) {
// reached self-signed root cert;
// no verification needed because it's trusted.
chain.addElement(certToVerify);
return true;
}
Principal issuer = certToVerify.snd.getIssuerDN();
// Get the issuer's certificate(s)
Vector<Pair<String,X509Certificate>> vec = certs.get(issuer);
if (vec == null) {
return false;
}
// Try out each certificate in the vector, until we find one
// whose public key verifies the signature of the certificate
// in question.
for (Enumeration<Pair<String,X509Certificate>> issuerCerts = vec.elements();
issuerCerts.hasMoreElements(); ) {
Pair<String,X509Certificate> issuerCert = issuerCerts.nextElement();
PublicKey issuerPubKey = issuerCert.snd.getPublicKey();
try {
certToVerify.snd.verify(issuerPubKey);
} catch (Exception e) {
continue;
}
if (buildChain(issuerCert, chain, certs)) {
chain.addElement(certToVerify);
return true;
}
}
return false;
}
Example #18
| Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
/**
* Prints all keystore entries.
*/
private void doPrintEntries(PrintStream out)
throws Exception
{
if (storePass == null
&& !KeyStoreUtil.isWindowsKeyStore(storetype)) {
printWarning();
} else {
out.println();
}
out.println(rb.getString("Keystore.type.") + keyStore.getType());
out.println(rb.getString("Keystore.provider.") +
keyStore.getProvider().getName());
out.println();
MessageFormat form;
form = (keyStore.size() == 1) ?
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entry")) :
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entries"));
Object[] source = {new Integer(keyStore.size())};
out.println(form.format(source));
out.println();
for (Enumeration<String> e = keyStore.aliases();
e.hasMoreElements(); ) {
String alias = e.nextElement();
doPrintEntry(alias, out, false);
if (verbose || rfc) {
out.println(rb.getString("NEWLINE"));
out.println(rb.getString
("STAR"));
out.println(rb.getString
("STARNN"));
}
}
}
Example #19
| Source File: CacertsOption.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public static void main(String[] args) throws Exception {
run("-help -list");
if (!msg.contains("-cacerts")) {
throw new Exception("No cacerts in help:\n" + msg);
}
String cacerts = KeyStoreUtil.getCacerts();
run("-list -keystore " + cacerts);
if (!msg.contains("Warning:")) {
throw new Exception("No warning in output:\n" + msg);
}
run("-list -cacerts");
KeyStore ks = KeyStore.getInstance(new File(cacerts), (char[])null);
for (String alias: Collections.list(ks.aliases())) {
if (!msg.contains(alias)) {
throw new Exception(alias + " not found in\n" + msg);
}
}
try {
run("-list -cacerts -storetype jks");
throw new Exception("Should fail");
} catch (IllegalArgumentException iae) {
if (!msg.contains("cannot be used with")) {
throw new Exception("Bad error msg\n" + msg);
}
}
}
Example #20
| Source File: Main.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
/**
* Prints all keystore entries.
*/
private void doPrintEntries(PrintStream out)
throws Exception
{
if (storePass == null
&& !KeyStoreUtil.isWindowsKeyStore(storetype)) {
printWarning();
} else {
out.println();
}
out.println(rb.getString("Keystore.type.") + keyStore.getType());
out.println(rb.getString("Keystore.provider.") +
keyStore.getProvider().getName());
out.println();
MessageFormat form;
form = (keyStore.size() == 1) ?
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entry")) :
new MessageFormat(rb.getString
("Your.keystore.contains.keyStore.size.entries"));
Object[] source = {new Integer(keyStore.size())};
out.println(form.format(source));
out.println();
for (Enumeration<String> e = keyStore.aliases();
e.hasMoreElements(); ) {
String alias = e.nextElement();
doPrintEntry(alias, out, false);
if (verbose || rfc) {
out.println(rb.getString("NEWLINE"));
out.println(rb.getString
("STAR"));
out.println(rb.getString
("STARNN"));
}
}
}
Example #21
| Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
static char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
if (output != null) return output;
usage();
return null; // Useless, usage() already exit
}
Example #22
| Source File: Main.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
static char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
if (output != null) return output;
usage();
return null; // Useless, usage() already exit
}
Example #23
| Source File: Main.java From hottub with GNU General Public License v2.0 | 4 votes |
|
private char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
if (output != null) return output;
tinyHelp();
return null; // Useless, tinyHelp() already exits.
}
Example #24
| Source File: Main.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
private char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
if (output != null) return output;
tinyHelp();
return null; // Useless, tinyHelp() already exits.
}
Example #25
| Source File: Main.java From hottub with GNU General Public License v2.0 | 4 votes |
|
/**
* Load the srckeystore from a stream, used in -importkeystore
* @returns the src KeyStore
*/
KeyStore loadSourceKeyStore() throws Exception {
boolean isPkcs11 = false;
InputStream is = null;
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
if (!NONE.equals(srcksfname)) {
System.err.println(MessageFormat.format(rb.getString
(".keystore.must.be.NONE.if.storetype.is.{0}"), srcstoretype));
System.err.println();
tinyHelp();
}
isPkcs11 = true;
} else {
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
is = new FileInputStream(srcksfile);
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
KeyStore store;
try {
if (srcProviderName == null) {
store = KeyStore.getInstance(srcstoretype);
} else {
store = KeyStore.getInstance(srcstoretype, srcProviderName);
}
if (srcstorePass == null
&& !srcprotectedPath
&& !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
System.err.print(rb.getString("Enter.source.keystore.password."));
System.err.flush();
srcstorePass = Password.readPassword(System.in);
passwords.add(srcstorePass);
}
// always let keypass be storepass when using pkcs12
if (P12KEYSTORE.equalsIgnoreCase(srcstoretype)) {
if (srckeyPass != null && srcstorePass != null &&
!Arrays.equals(srcstorePass, srckeyPass)) {
MessageFormat form = new MessageFormat(rb.getString(
"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value."));
Object[] source = {"-srckeypass"};
System.err.println(form.format(source));
srckeyPass = srcstorePass;
}
}
store.load(is, srcstorePass); // "is" already null in PKCS11
} finally {
if (is != null) {
is.close();
}
}
if (srcstorePass == null
&& !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
// anti refactoring, copied from printWarning(),
// but change 2 lines
System.err.println();
System.err.println(rb.getString
(".WARNING.WARNING.WARNING."));
System.err.println(rb.getString
(".The.integrity.of.the.information.stored.in.the.srckeystore."));
System.err.println(rb.getString
(".WARNING.WARNING.WARNING."));
System.err.println();
}
return store;
}
Example #26
| Source File: Main.java From hottub with GNU General Public License v2.0 | 4 votes |
|
/**
* Recovers entry associated with given alias.
*
* @return an array of objects, where the 1st element in the array is the
* recovered entry, and the 2nd element is the password used to
* recover it (null if no password).
*/
private Pair<Entry,char[]> recoverEntry(KeyStore ks,
String alias,
char[] pstore,
char[] pkey) throws Exception {
if (ks.containsAlias(alias) == false) {
MessageFormat form = new MessageFormat
(rb.getString("Alias.alias.does.not.exist"));
Object[] source = {alias};
throw new Exception(form.format(source));
}
PasswordProtection pp = null;
Entry entry;
try {
// First attempt to access entry without key password
// (PKCS11 entry or trusted certificate entry, for example)
entry = ks.getEntry(alias, pp);
pkey = null;
} catch (UnrecoverableEntryException une) {
if(P11KEYSTORE.equalsIgnoreCase(ks.getType()) ||
KeyStoreUtil.isWindowsKeyStore(ks.getType())) {
// should not happen, but a possibility
throw une;
}
// entry is protected
if (pkey != null) {
// try provided key password
pp = new PasswordProtection(pkey);
entry = ks.getEntry(alias, pp);
} else {
// try store pass
try {
pp = new PasswordProtection(pstore);
entry = ks.getEntry(alias, pp);
pkey = pstore;
} catch (UnrecoverableEntryException une2) {
if (P12KEYSTORE.equalsIgnoreCase(ks.getType())) {
// P12 keystore currently does not support separate
// store and entry passwords
throw une2;
} else {
// prompt for entry password
pkey = getKeyPasswd(alias, null, null);
pp = new PasswordProtection(pkey);
entry = ks.getEntry(alias, pp);
}
}
}
}
return Pair.of(entry, pkey);
}
Example #27
| Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
/**
* Load the srckeystore from a stream, used in -importkeystore
* @returns the src KeyStore
*/
KeyStore loadSourceKeyStore() throws Exception {
boolean isPkcs11 = false;
InputStream is = null;
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
if (!NONE.equals(srcksfname)) {
System.err.println(MessageFormat.format(rb.getString
(".keystore.must.be.NONE.if.storetype.is.{0}"), srcstoretype));
System.err.println();
tinyHelp();
}
isPkcs11 = true;
} else {
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
is = new FileInputStream(srcksfile);
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
KeyStore store;
try {
if (srcProviderName == null) {
store = KeyStore.getInstance(srcstoretype);
} else {
store = KeyStore.getInstance(srcstoretype, srcProviderName);
}
if (srcstorePass == null
&& !srcprotectedPath
&& !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
System.err.print(rb.getString("Enter.source.keystore.password."));
System.err.flush();
srcstorePass = Password.readPassword(System.in);
passwords.add(srcstorePass);
}
// always let keypass be storepass when using pkcs12
if (P12KEYSTORE.equalsIgnoreCase(srcstoretype)) {
if (srckeyPass != null && srcstorePass != null &&
!Arrays.equals(srcstorePass, srckeyPass)) {
MessageFormat form = new MessageFormat(rb.getString(
"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value."));
Object[] source = {"-srckeypass"};
System.err.println(form.format(source));
srckeyPass = srcstorePass;
}
}
store.load(is, srcstorePass); // "is" already null in PKCS11
} finally {
if (is != null) {
is.close();
}
}
if (srcstorePass == null
&& !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
// anti refactoring, copied from printWarning(),
// but change 2 lines
System.err.println();
System.err.println(rb.getString
(".WARNING.WARNING.WARNING."));
System.err.println(rb.getString
(".The.integrity.of.the.information.stored.in.the.srckeystore."));
System.err.println(rb.getString
(".WARNING.WARNING.WARNING."));
System.err.println();
}
return store;
}
Example #28
| Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
/**
* Recovers entry associated with given alias.
*
* @return an array of objects, where the 1st element in the array is the
* recovered entry, and the 2nd element is the password used to
* recover it (null if no password).
*/
private Pair<Entry,char[]> recoverEntry(KeyStore ks,
String alias,
char[] pstore,
char[] pkey) throws Exception {
if (ks.containsAlias(alias) == false) {
MessageFormat form = new MessageFormat
(rb.getString("Alias.alias.does.not.exist"));
Object[] source = {alias};
throw new Exception(form.format(source));
}
PasswordProtection pp = null;
Entry entry;
try {
// First attempt to access entry without key password
// (PKCS11 entry or trusted certificate entry, for example)
entry = ks.getEntry(alias, pp);
pkey = null;
} catch (UnrecoverableEntryException une) {
if(P11KEYSTORE.equalsIgnoreCase(ks.getType()) ||
KeyStoreUtil.isWindowsKeyStore(ks.getType())) {
// should not happen, but a possibility
throw une;
}
// entry is protected
if (pkey != null) {
// try provided key password
pp = new PasswordProtection(pkey);
entry = ks.getEntry(alias, pp);
} else {
// try store pass
try {
pp = new PasswordProtection(pstore);
entry = ks.getEntry(alias, pp);
pkey = pstore;
} catch (UnrecoverableEntryException une2) {
if (P12KEYSTORE.equalsIgnoreCase(ks.getType())) {
// P12 keystore currently does not support separate
// store and entry passwords
throw une2;
} else {
// prompt for entry password
pkey = getKeyPasswd(alias, null, null);
pp = new PasswordProtection(pkey);
entry = ks.getEntry(alias, pp);
}
}
}
}
return Pair.of(entry, pkey);
}
Example #29
| Source File: Main.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
/**
* Load the srckeystore from a stream, used in -importkeystore
* @returns the src KeyStore
*/
KeyStore loadSourceKeyStore() throws Exception {
boolean isPkcs11 = false;
InputStream is = null;
if (P11KEYSTORE.equalsIgnoreCase(srcstoretype) ||
KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
if (!NONE.equals(srcksfname)) {
System.err.println(MessageFormat.format(rb.getString
(".keystore.must.be.NONE.if.storetype.is.{0}"), srcstoretype));
System.err.println();
tinyHelp();
}
isPkcs11 = true;
} else {
if (srcksfname != null) {
File srcksfile = new File(srcksfname);
if (srcksfile.exists() && srcksfile.length() == 0) {
throw new Exception(rb.getString
("Source.keystore.file.exists.but.is.empty.") +
srcksfname);
}
is = new FileInputStream(srcksfile);
} else {
throw new Exception(rb.getString
("Please.specify.srckeystore"));
}
}
KeyStore store;
try {
if (srcProviderName == null) {
store = KeyStore.getInstance(srcstoretype);
} else {
store = KeyStore.getInstance(srcstoretype, srcProviderName);
}
if (srcstorePass == null
&& !srcprotectedPath
&& !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
System.err.print(rb.getString("Enter.source.keystore.password."));
System.err.flush();
srcstorePass = Password.readPassword(System.in);
passwords.add(srcstorePass);
}
// always let keypass be storepass when using pkcs12
if (P12KEYSTORE.equalsIgnoreCase(srcstoretype)) {
if (srckeyPass != null && srcstorePass != null &&
!Arrays.equals(srcstorePass, srckeyPass)) {
MessageFormat form = new MessageFormat(rb.getString(
"Warning.Different.store.and.key.passwords.not.supported.for.PKCS12.KeyStores.Ignoring.user.specified.command.value."));
Object[] source = {"-srckeypass"};
System.err.println(form.format(source));
srckeyPass = srcstorePass;
}
}
store.load(is, srcstorePass); // "is" already null in PKCS11
} finally {
if (is != null) {
is.close();
}
}
if (srcstorePass == null
&& !KeyStoreUtil.isWindowsKeyStore(srcstoretype)) {
// anti refactoring, copied from printWarning(),
// but change 2 lines
System.err.println();
System.err.println(rb.getString
(".WARNING.WARNING.WARNING."));
System.err.println(rb.getString
(".The.integrity.of.the.information.stored.in.the.srckeystore."));
System.err.println(rb.getString
(".WARNING.WARNING.WARNING."));
System.err.println();
}
return store;
}
Example #30
| Source File: Main.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
|
private char[] getPass(String modifier, String arg) {
char[] output = KeyStoreUtil.getPassWithModifier(modifier, arg, rb);
if (output != null) return output;
tinyHelp();
return null; // Useless, tinyHelp() already exits.
}
