1 /*
2 * Copyright (c) 2004, 2006, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.util;
27
28 import java.io.*;
29 import java.net.*;
30 import java.security.*;
31 import java.util.Arrays;
32
33 import sun.net.www.ParseUtil;
34
35
36 /**
37 * A utility class for getting a KeyStore instance from policy information.
38 * In addition, a supporting getInputStream method.
39 *
40 */
41 public class PolicyUtil {
42
43 // standard PKCS11 KeyStore type
44 private static final String P11KEYSTORE = "PKCS11";
45
46 // reserved word
47 private static final String NONE = "NONE";
48
49 /*
50 * Fast path reading from file urls in order to avoid calling
51 * FileURLConnection.connect() which can be quite slow the first time
52 * it is called. We really should clean up FileURLConnection so that
53 * this is not a problem but in the meantime this fix helps reduce
54 * start up time noticeably for the new launcher. -- DAC
55 */
56 public static InputStream getInputStream(URL url) throws IOException {
57 if ("file".equals(url.getProtocol())) {
58 String path = url.getFile().replace('/', File.separatorChar);
59 path = ParseUtil.decode(path);
60 return new FileInputStream(path);
61 } else {
62 return url.openStream();
63 }
64 }
65
66 /**
67 * this is intended for use by the policy parser to
68 * instantiate a KeyStore from the information in the GUI/policy file
69 */
70 public static KeyStore getKeyStore
71 (URL policyUrl, // URL of policy file
72 String keyStoreName, // input: keyStore URL
73 String keyStoreType, // input: keyStore type
74 String keyStoreProvider, // input: keyStore provider
75 String storePassURL, // input: keyStore password
76 Debug debug)
77 throws KeyStoreException, MalformedURLException, IOException,
78 NoSuchProviderException, NoSuchAlgorithmException,
79 java.security.cert.CertificateException {
80
81 if (keyStoreName == null) {
82 throw new IllegalArgumentException("null KeyStore name");
83 }
84
85 char[] keyStorePassword = null;
86 try {
87 KeyStore ks;
88 if (keyStoreType == null) {
89 keyStoreType = KeyStore.getDefaultType();
90 }
91
92 if (P11KEYSTORE.equalsIgnoreCase(keyStoreType) &&
93 !NONE.equals(keyStoreName)) {
94 throw new IllegalArgumentException
95 ("Invalid value (" +
96 keyStoreName +
97 ") for keystore URL. If the keystore type is \"" +
98 P11KEYSTORE +
99 "\", the keystore url must be \"" +
100 NONE +
101 "\"");
102 }
103
104 if (keyStoreProvider != null) {
105 ks = KeyStore.getInstance(keyStoreType, keyStoreProvider);
106 } else {
107 ks = KeyStore.getInstance(keyStoreType);
108 }
109
110 if (storePassURL != null) {
111 URL passURL;
112 try {
113 passURL = new URL(storePassURL);
114 // absolute URL
115 } catch (MalformedURLException e) {
116 // relative URL
117 if (policyUrl == null) {
118 throw e;
119 }
120 passURL = new URL(policyUrl, storePassURL);
121 }
122
123 if (debug != null) {
124 debug.println("reading password"+passURL);
125 }
126
127 InputStream in = null;
128 try {
129 in = passURL.openStream();
130 keyStorePassword = Password.readPassword(in);
131 } finally {
132 if (in != null) {
133 in.close();
134 }
135 }
136 }
137
138 if (NONE.equals(keyStoreName)) {
139 ks.load(null, keyStorePassword);
140 return ks;
141 } else {
142 /*
143 * location of keystore is specified as absolute URL in policy
144 * file, or is relative to URL of policy file
145 */
146 URL keyStoreUrl = null;
147 try {
148 keyStoreUrl = new URL(keyStoreName);
149 // absolute URL
150 } catch (MalformedURLException e) {
151 // relative URL
152 if (policyUrl == null) {
153 throw e;
154 }
155 keyStoreUrl = new URL(policyUrl, keyStoreName);
156 }
157
158 if (debug != null) {
159 debug.println("reading keystore"+keyStoreUrl);
160 }
161
162 InputStream inStream = null;
163 try {
164 inStream =
165 new BufferedInputStream(getInputStream(keyStoreUrl));
166 ks.load(inStream, keyStorePassword);
167 } finally {
168 inStream.close();
169 }
170 return ks;
171 }
172 } finally {
173 if (keyStorePassword != null) {
174 Arrays.fill(keyStorePassword, ' ');
175 }
176 }
177 }
178 }