1 /*
2 * Copyright (c) 2011, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
85 /**
86 * Private keys and certificates are stored in a hashtable.
87 * Hash entries are keyed by alias names.
88 */
89 private Hashtable entries = new Hashtable();
90
91 /**
92 * Algorithm identifiers and corresponding OIDs for the contents of the PKCS12 bag we get from the Keychain.
93 */
94 private static final int keyBag[] = {1, 2, 840, 113549, 1, 12, 10, 1, 2};
95 private static final int pbeWithSHAAnd3KeyTripleDESCBC[] = {1, 2, 840, 113549, 1, 12, 1, 3};
96 private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;
97 private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;
98
99 /**
100 * Constnats used in PBE decryption.
101 */
102 private static final int iterationCount = 1024;
103 private static final int SALT_LEN = 20;
104
105 static {
106 AccessController.doPrivileged(
107 new PrivilegedAction<Void>() {
108 public Void run() {
109 System.loadLibrary("osx");
110 return null;
111 }
112 });
113 try {
114 PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
115 pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
116 } catch (IOException ioe) {
117 // should not happen
118 }
119 }
120
121 private static void permissionCheck() {
122 SecurityManager sec = System.getSecurityManager();
123
124 if (sec != null) {
754 }
755 } else {
756 KeyEntry keyEntry = (KeyEntry)entry;
757
758 if (keyEntry.chain != null) {
759 for (int i = 0; i < keyEntry.chain.length; i++) {
760 if (keyEntry.chainRefs[i] != 0) {
761 _releaseKeychainItemRef(keyEntry.chainRefs[i]);
762 }
763 }
764
765 if (keyEntry.keyRef != 0) {
766 _releaseKeychainItemRef(keyEntry.keyRef);
767 }
768 }
769 }
770 }
771
772 entries.clear();
773 _scanKeychain();
774 }
775 }
776
777 private native void _scanKeychain();
778
779 /**
780 * Callback method from _scanKeychain. If a trusted certificate is found, this method will be called.
781 */
782 private void createTrustedCertEntry(String alias, long keychainItemRef, long creationDate, byte[] derStream) {
783 TrustedCertEntry tce = new TrustedCertEntry();
784
785 try {
786 CertificateFactory cf = CertificateFactory.getInstance("X.509");
787 InputStream input = new ByteArrayInputStream(derStream);
788 X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
789 input.close();
790 tce.cert = cert;
791 tce.certRef = keychainItemRef;
792
793 // Make a creation date.
|
1 /*
2 * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
85 /**
86 * Private keys and certificates are stored in a hashtable.
87 * Hash entries are keyed by alias names.
88 */
89 private Hashtable entries = new Hashtable();
90
91 /**
92 * Algorithm identifiers and corresponding OIDs for the contents of the PKCS12 bag we get from the Keychain.
93 */
94 private static final int keyBag[] = {1, 2, 840, 113549, 1, 12, 10, 1, 2};
95 private static final int pbeWithSHAAnd3KeyTripleDESCBC[] = {1, 2, 840, 113549, 1, 12, 1, 3};
96 private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;
97 private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;
98
99 /**
100 * Constnats used in PBE decryption.
101 */
102 private static final int iterationCount = 1024;
103 private static final int SALT_LEN = 20;
104
105 private static final Debug debug = Debug.getInstance("keystore");
106
107 static {
108 AccessController.doPrivileged(
109 new PrivilegedAction<Void>() {
110 public Void run() {
111 System.loadLibrary("osx");
112 return null;
113 }
114 });
115 try {
116 PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
117 pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
118 } catch (IOException ioe) {
119 // should not happen
120 }
121 }
122
123 private static void permissionCheck() {
124 SecurityManager sec = System.getSecurityManager();
125
126 if (sec != null) {
756 }
757 } else {
758 KeyEntry keyEntry = (KeyEntry)entry;
759
760 if (keyEntry.chain != null) {
761 for (int i = 0; i < keyEntry.chain.length; i++) {
762 if (keyEntry.chainRefs[i] != 0) {
763 _releaseKeychainItemRef(keyEntry.chainRefs[i]);
764 }
765 }
766
767 if (keyEntry.keyRef != 0) {
768 _releaseKeychainItemRef(keyEntry.keyRef);
769 }
770 }
771 }
772 }
773
774 entries.clear();
775 _scanKeychain();
776 if (debug != null) {
777 debug.println("KeychainStore load entry count: " +
778 entries.size());
779 }
780 }
781 }
782
783 private native void _scanKeychain();
784
785 /**
786 * Callback method from _scanKeychain. If a trusted certificate is found, this method will be called.
787 */
788 private void createTrustedCertEntry(String alias, long keychainItemRef, long creationDate, byte[] derStream) {
789 TrustedCertEntry tce = new TrustedCertEntry();
790
791 try {
792 CertificateFactory cf = CertificateFactory.getInstance("X.509");
793 InputStream input = new ByteArrayInputStream(derStream);
794 X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
795 input.close();
796 tce.cert = cert;
797 tce.certRef = keychainItemRef;
798
799 // Make a creation date.
|