/* * Copyright (c) 2005, 2020, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package sun.security.tools; import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStreamReader; import java.io.StreamTokenizer; import java.io.StringReader; import java.net.URL; import java.security.KeyStore; import java.security.Provider; import java.security.Security; import java.security.cert.X509Certificate; import java.text.Collator; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.Locale; import java.util.Properties; import java.util.ResourceBundle; import java.util.ServiceLoader; import sun.security.util.PropertyExpander; /** *
This class provides several utilities to KeyStore
.
*
* @since 1.6.0
*/
public class KeyStoreUtil {
private KeyStoreUtil() {
// this class is not meant to be instantiated
}
/**
* Returns true if the certificate is self-signed, false otherwise.
*/
public static boolean isSelfSigned(X509Certificate cert) {
return signedBy(cert, cert);
}
public static boolean signedBy(X509Certificate end, X509Certificate ca) {
if (!ca.getSubjectX500Principal().equals(end.getIssuerX500Principal())) {
return false;
}
try {
end.verify(ca.getPublicKey());
return true;
} catch (Exception e) {
return false;
}
}
/**
* Returns true if KeyStore has a password. This is true except for
* MSCAPI KeyStores
*/
public static boolean isWindowsKeyStore(String storetype) {
return storetype != null
&& (storetype.equalsIgnoreCase("Windows-MY")
|| storetype.equalsIgnoreCase("Windows-ROOT"));
}
/**
* Returns standard-looking names for storetype
*/
public static String niceStoreTypeName(String storetype) {
if (storetype.equalsIgnoreCase("Windows-MY")) {
return "Windows-MY";
} else if(storetype.equalsIgnoreCase("Windows-ROOT")) {
return "Windows-ROOT";
} else {
return storetype.toUpperCase(Locale.ENGLISH);
}
}
/**
* Returns the file name of the keystore with the configured CA certificates.
*/
public static String getCacerts() {
String sep = File.separator;
return System.getProperty("java.home") + sep
+ "lib" + sep + "security" + sep
+ "cacerts";
}
/**
* Returns the keystore with the configured CA certificates.
*/
public static KeyStore getCacertsKeyStore() throws Exception {
File file = new File(getCacerts());
if (!file.exists()) {
return null;
}
return KeyStore.getInstance(file, (char[])null);
}
public static char[] getPassWithModifier(String modifier, String arg,
ResourceBundle rb,
Collator collator) {
if (modifier == null) {
return arg.toCharArray();
} else if (collator.compare(modifier, "env") == 0) {
String value = System.getenv(arg);
if (value == null) {
System.err.println(rb.getString(
"Cannot.find.environment.variable.") + arg);
return null;
} else {
return value.toCharArray();
}
} else if (collator.compare(modifier, "file") == 0) {
try {
URL url = null;
try {
url = new URL(arg);
} catch (java.net.MalformedURLException mue) {
File f = new File(arg);
if (f.exists()) {
url = f.toURI().toURL();
} else {
System.err.println(rb.getString(
"Cannot.find.file.") + arg);
return null;
}
}
try (BufferedReader br =
new BufferedReader(new InputStreamReader(
url.openStream()))) {
String value = br.readLine();
if (value == null) {
return new char[0];
}
return value.toCharArray();
}
} catch (IOException ioe) {
System.err.println(ioe);
return null;
}
} else {
System.err.println(rb.getString("Unknown.password.type.") +
modifier);
return null;
}
}
/**
* Parses a option line likes
* -genkaypair -dname "CN=Me"
* and add the results into a list
* @param list the list to fill into
* @param s the line
*/
private static void parseArgsLine(List