/** * @param keyStoreType the type of the keystore (jks, pkcs12, etc) * @param keyStorePath the file-system path of the keystore * @param certificateSelector the selector of signing certificate * @param keyStorePasswordProvider the provider of the keystore loading password * @param entryPasswordProvider the provider of entry passwords * @param returnFullChain indicates of the full certificate chain should be returned, if available * @throws KeyStoreException */ public FileSystemKeyStoreKeyingDataProvider( final String keyStoreType, final String keyStorePath, SigningCertSelector certificateSelector, KeyStorePasswordProvider keyStorePasswordProvider, KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain) throws KeyStoreException { super(new KeyStoreBuilderCreator() { @Override public Builder getBuilder(ProtectionParameter loadProtection) { return KeyStore.Builder.newInstance( keyStoreType, null, new File(keyStorePath), loadProtection); } }, certificateSelector, keyStorePasswordProvider, entryPasswordProvider, returnFullChain); }
public void test_getKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException { String alias = "BKS"; char[] pwd = new char[] { '1', '2', '3', '4', '5', '6' }; InputStream fis = KeyStore2Test.class .getResourceAsStream("builderimpl.ks"); KeyStore ks = KeyStore.getInstance(alias); ks.load(fis, pwd); Builder b = Builder.newInstance(ks, new PasswordProtection(pwd)); KeyStore firstKeyStore = b.getKeyStore(); ProtectionParameter firstProtParameter = b .getProtectionParameter(alias); assertSame(firstKeyStore, b.getKeyStore()); assertSame(firstProtParameter, b.getProtectionParameter(alias)); b = Builder.newInstance(alias, ks.getProvider(), new KeyStore.PasswordProtection(pwd)); firstKeyStore = b.getKeyStore(); firstProtParameter = b.getProtectionParameter(alias); assertNotSame(firstKeyStore, b.getKeyStore()); assertSame(firstProtParameter, b.getProtectionParameter(alias)); }
/** * Inject attributes to the value after the value update has been performed * using {@link #performDataUpdate(Builder)} * * @param builder * the builder to use for changing information */ public void injectAttributes ( final DataItemValue.Builder builder ) { builder.setAttribute ( this.attributeActive, Variant.valueOf ( this.active ) ); builder.setAttribute ( this.attributeState, Variant.valueOf ( this.state ) ); builder.setAttribute ( this.attributeUnsafe, Variant.valueOf ( this.unsafe ) ); // be sure we don't have a null value final Severity severity = this.severity == null ? Severity.ALARM : this.severity; switch ( severity ) { case INFORMATION: builder.setAttribute ( this.attributeInfo, Variant.valueOf ( this.alarm ) ); builder.setAttribute ( this.attributeInfoAckRequired, Variant.valueOf ( this.akn ) ); break; case WARNING: builder.setAttribute ( this.attributeWarning, Variant.valueOf ( this.alarm ) ); builder.setAttribute ( this.attributeWarningAckRequired, Variant.valueOf ( this.akn ) ); break; case ALARM: builder.setAttribute ( this.attributeAlarm, Variant.valueOf ( this.alarm ) ); builder.setAttribute ( this.attributeAlarmAckRequired, Variant.valueOf ( this.akn ) ); break; case ERROR: builder.setAttribute ( this.attributeError, Variant.valueOf ( this.alarm ) ); builder.setAttribute ( this.attributeErrorAckRequired, Variant.valueOf ( this.akn ) ); break; } }
@Test public void test_init_Builder_null() { // KeyStoreBuilderParameters' constructor didn't check for null until // Objects.requireNonNull was added assumeObjectsAvailable(); try { new KeyStoreBuilderParameters((Builder) null); fail(); } catch (NullPointerException expected) { } }
@Test public void test_init_Builder() { TestKeyStore testKeyStore = TestKeyStore.getClient(); Builder builder = Builder.newInstance( testKeyStore.keyStore, new PasswordProtection(testKeyStore.storePassword)); KeyStoreBuilderParameters ksbp = new KeyStoreBuilderParameters(builder); assertNotNull(ksbp); assertNotNull(ksbp.getParameters()); assertEquals(1, ksbp.getParameters().size()); assertSame(builder, ksbp.getParameters().get(0)); }
@Test public void test_init_List_null() { try { new KeyStoreBuilderParameters((List<Builder>) null); fail(); } catch (NullPointerException expected) { // Ignored. } }
@Test public void test_init_List() { TestKeyStore testKeyStore1 = TestKeyStore.getClient(); TestKeyStore testKeyStore2 = TestKeyStore.getServer(); Builder builder1 = Builder.newInstance( testKeyStore1.keyStore, new PasswordProtection(testKeyStore1.storePassword)); Builder builder2 = Builder.newInstance( testKeyStore2.keyStore, new PasswordProtection(testKeyStore2.storePassword)); List<Builder> list = Arrays.asList(builder1, builder2); KeyStoreBuilderParameters ksbp = new KeyStoreBuilderParameters(list); assertNotNull(ksbp); assertNotNull(ksbp.getParameters()); assertNotSame(list, ksbp.getParameters()); assertEquals(2, ksbp.getParameters().size()); assertSame(builder1, ksbp.getParameters().get(0)); assertSame(builder2, ksbp.getParameters().get(1)); // confirm result is not modifiable try { ksbp.getParameters().set(0, builder2); fail(); } catch (UnsupportedOperationException expected) { // Ignored. } // confirm result is a copy of original list.set(0, builder2); assertSame(builder1, ksbp.getParameters().get(0)); }
@Before public void setUp() throws Exception { // note the rare usage of DSA keys here in addition to RSA String[] keyAlgorithms = StandardNames.IS_RI ? new String[] { "RSA", "DSA", "EC", "EC_RSA" } : new String[] { "RSA", "DH_RSA", "DSA", "DH_DSA", "EC", "EC_RSA" }; testKeyStore = new TestKeyStore.Builder() .keyAlgorithms(keyAlgorithms) .aliasPrefix("rsa-dsa-ec-dh") .build(); }
/** * * Faz a leitura do token em LINUX, precisa setar a lib (.SO) e a senha do token. */ @SuppressWarnings("restriction") private KeyStore getKeyStoreToken() { try { // ATENÇÃO ALTERAR CONFIGURAÇÃO ABAIXO CONFORME O TOKEN USADO // Para TOKEN Branco a linha abaixo // String pkcs11LibraryPath = // "/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so"; // Para TOKEN Azul a linha abaixo String pkcs11LibraryPath = "/usr/lib/libeToken.so"; StringBuilder buf = new StringBuilder(); buf.append("library = ").append(pkcs11LibraryPath).append("\nname = Provedor\n"); Provider p = new sun.security.pkcs11.SunPKCS11(new ByteArrayInputStream(buf.toString().getBytes())); Security.addProvider(p); // ATENÇÃO ALTERAR "SENHA" ABAIXO Builder builder = KeyStore.Builder.newInstance("PKCS11", p, new KeyStore.PasswordProtection("senha".toCharArray())); KeyStore ks; ks = builder.getKeyStore(); return ks; } catch (Exception e1) { e1.printStackTrace(); return null; } finally { } }
@SuppressWarnings("restriction") private KeyStore getKeyStoreToken() { try { // ATENÇÃO ALTERAR CONFIGURAÇÃO ABAIXO CONFORME O TOKEN USADO // Para TOKEN Branco a linha abaixo // String pkcs11LibraryPath = // "/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so"; // Para TOKEN Azul a linha abaixo String pkcs11LibraryPath = "/usr/lib/libeToken.so"; StringBuilder buf = new StringBuilder(); buf.append("library = ").append(pkcs11LibraryPath).append("\nname = Provedor\n"); Provider p = new sun.security.pkcs11.SunPKCS11(new ByteArrayInputStream(buf.toString().getBytes())); Security.addProvider(p); // ATENÇÃO ALTERAR "SENHA" ABAIXO Builder builder = KeyStore.Builder.newInstance("PKCS11", p, new KeyStore.PasswordProtection("senha".toCharArray())); KeyStore ks; ks = builder.getKeyStore(); return ks; } catch (Exception e1) { e1.printStackTrace(); return null; } }
/** * The provider name is used as a key to search for installed providers. If a * provider exists with the same name, it will be used even if it relies on a * different native library. * @param nativeLibraryPath the path for the native library of the specific PKCS#11 provider * @param providerName this string is concatenated with the prefix SunPKCS11- to produce this provider instance's name * @param slotId the id of the slot that this provider instance is to be associated with (can be {@code null}) * @param certificateSelector the selector of signing certificate * @param keyStorePasswordProvider the provider of the keystore loading password (can be {@code null}) * @param entryPasswordProvider the provider of entry passwords (may be {@code null}) * @param returnFullChain indicates of the full certificate chain should be returned, if available * @throws KeyStoreException */ public PKCS11KeyStoreKeyingDataProvider( final String nativeLibraryPath, final String providerName, final Integer slotId, SigningCertSelector certificateSelector, KeyStorePasswordProvider keyStorePasswordProvider, KeyEntryPasswordProvider entryPasswordProvider, boolean returnFullChain) throws KeyStoreException { super(new KeyStoreBuilderCreator() { @Override public Builder getBuilder(ProtectionParameter loadProtection) { Provider p = getInstalledProvider(providerName); if (p == null) { StringBuilder config = new StringBuilder("name = ").append(providerName); config.append(System.getProperty("line.separator")); config.append("library = ").append(nativeLibraryPath); if(slotId != null) { config.append(System.getProperty("line.separator")); config.append("slot = ").append(slotId); } ByteArrayInputStream configStream = new ByteArrayInputStream(config.toString().getBytes()); p = createPkcs11Provider(configStream); Security.addProvider(p); } return KeyStore.Builder.newInstance("PKCS11", p, loadProtection); } }, certificateSelector, keyStorePasswordProvider, entryPasswordProvider, returnFullChain); }
public final void testKeyStoreBuilderParametersBuilder() { try { new KeyStoreBuilderParameters((KeyStore.Builder) null); } catch (NullPointerException e) { // javadoc says this should throw NPE, but it doesn't fail("no NPE expected"); } }
private Builder loadKeyStore(final CertificateConfigEntry entry) throws KeyStoreException { final File f = new File(entry.getKeyStore()); final KeyStoreType kt = entry.getKeyStoreType(); if ("PKCS11".equals(kt.getName())) { String config = "name=" + f.getName() + "\nlibrary=" + f.getAbsoluteFile(); try { Class<?> pkcs11c = Class.forName("sun.security.pkcs11.SunPKCS11"); Constructor<?> c = pkcs11c.getConstructor(InputStream.class); Provider p = (Provider) c.newInstance(new ByteArrayInputStream(config .getBytes())); Security.insertProviderAt(p, 0); } catch (Exception e) { logger.error("Tried to access the PKCS11 provider on an " + "unsupported platform or the load failed", e); } } KeyStore.Builder ksBuilder = KeyStore.Builder.newInstance(kt.getName(), null, f, new KeyStore.CallbackHandlerProtection(new CallbackHandler() { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (Callback cb : callbacks) { if (!(cb instanceof PasswordCallback)) throw new UnsupportedCallbackException(cb); PasswordCallback pwcb = (PasswordCallback) cb; if (entry.isSavePassword()) { pwcb.setPassword(entry.getKeyStorePassword() .toCharArray()); return; } else { // AuthenticationWindow aw = // new AuthenticationWindow( // f.getName(), // null, // kt.getName(), // false, // null // ); // aw.setAllowSavePassword(false); // aw.setVisible(true); // if (!aw.isCanceled()) // pwcb.setPassword(aw.getPassword()); // else // throw new IOException("User cancel"); } } } })); return ksBuilder; }
/** * @param loadProtection the protection that should be used to load the keystore (may be null) * @return the builder */ Builder getBuilder(ProtectionParameter loadProtection);
