org.openeuler.sun.security.pkcs12

类 PKCS12KeyStore

java.lang.Object

java.security.KeyStoreSpi

org.openeuler.sun.security.pkcs12.PKCS12KeyStore

public final class PKCS12KeyStore
extends KeyStoreSpi

This class provides the keystore implementation referred to as "PKCS12". Implements the PKCS#12 PFX protected using the Password privacy mode. The contents are protected using Password integrity mode. NOTE: In a PKCS12 keystore, entries are identified by the alias, and a localKeyId is required to match the private key with the certificate. Trusted certificate entries are identified by the presence of an trustedKeyUsage attribute.

作者:

Seema Malkani, Jeff Nisewanger, Jan Luehe

另请参阅:

KeyStoreSpi

嵌套类概要

嵌套类

限定符和类型	类和说明
private static class	PKCS12KeyStore.CertEntry
private static class	PKCS12KeyStore.Entry
private static class	PKCS12KeyStore.KeyEntry
private static class	PKCS12KeyStore.PrivateKeyEntry
private static interface	PKCS12KeyStore.RetryWithZero<T> Retries an action with password "\0" if "" fails.
private static class	PKCS12KeyStore.SecretKeyEntry

字段概要

字段

限定符和类型	字段和说明
private static int[]	AnyExtendedKeyUsage
private static sun.security.util.ObjectIdentifier[]	AnyUsage
private static int[]	certBag
private static sun.security.util.ObjectIdentifier	CertBag_OID
private ArrayList<PKCS12KeyStore.CertEntry>	certEntries
private int	certificateCount
private int	certPbeIterationCount
private String	certProtectionAlgorithm
private LinkedHashMap<X500Principal,X509Certificate>	certsMap
private static String[]	CORE_ATTRIBUTES
private int	counter
private static sun.security.util.Debug	debug
private static String	DEFAULT_CERT_PBE_ALGORITHM
private static int	DEFAULT_CERT_PBE_ITERATION_COUNT
private static String	DEFAULT_KEY_PBE_ALGORITHM
private static int	DEFAULT_KEY_PBE_ITERATION_COUNT
private static String	DEFAULT_MAC_ALGORITHM
private static int	DEFAULT_MAC_ITERATION_COUNT
private Map<String,PKCS12KeyStore.Entry>	entries Private keys and certificates are stored in a map.
private static int[]	gmpbes2
private static sun.security.util.ObjectIdentifier	gmpbes2_OID
private static int[]	keyBag
private ArrayList<PKCS12KeyStore.KeyEntry>	keyList
private static String	LEGACY_CERT_PBE_ALGORITHM
private static String	LEGACY_KEY_PBE_ALGORITHM
private static String	LEGACY_MAC_ALGORITHM
private static int	LEGACY_MAC_ITERATION_COUNT
private static int	LEGACY_PBE_ITERATION_COUNT
private String	macAlgorithm
private int	macIterationCount
private static int	MAX_ITERATION_COUNT
private static int[]	pbes2
private static sun.security.util.ObjectIdentifier	pbes2_OID
private static Set<sun.security.util.ObjectIdentifier>	PBES2_OID_LIST
private static long[][]	PKCS12_HEADER_MASKS
private static long[][]	PKCS12_HEADER_PATTERNS
private static sun.security.util.ObjectIdentifier	PKCS8ShroudedKeyBag_OID
private static int[]	pkcs9certType
private static sun.security.util.ObjectIdentifier	PKCS9CertType_OID
private static sun.security.util.ObjectIdentifier	PKCS9FriendlyName_OID
private static int[]	pkcs9KeyId
private static sun.security.util.ObjectIdentifier	PKCS9LocalKeyId_OID
private static int[]	pkcs9Name
private int	privateKeyCount
private SecureRandom	random
private static int	SALT_LEN
private static int[]	secretBag
private static sun.security.util.ObjectIdentifier	SecretBag_OID
private int	secretKeyCount
private static int[]	TrustedKeyUsage
private static sun.security.util.ObjectIdentifier	TrustedKeyUsage_OID
private static String	USE_LEGACY_PROP
static int	VERSION_3

构造器概要

构造器

构造器和说明
PKCS12KeyStore()

方法概要

限定符和类型	方法和说明
private byte[]	calculateMac(char[] passwd, byte[] data)
private static void	checkX509Certs(Certificate[] certs)
private byte[]	createEncryptedData(char[] password)
private byte[]	createSafeContent()
private static int	defaultCertPbeIterationCount()
private static String	defaultCertProtectionAlgorithm()
private static int	defaultKeyPbeIterationCount()
private static String	defaultKeyProtectionAlgorithm()
private static String	defaultMacAlgorithm()
private static int	defaultMacIterationCount()
private byte[]	encryptContent(byte[] data, char[] password)
private byte[]	encryptPrivateKey(byte[] data, KeyStore.PasswordProtection passwordProtection)
Enumeration<String>	engineAliases() Lists all the alias names of this keystore.
boolean	engineContainsAlias(String alias) Checks if the given alias exists in this keystore.
void	engineDeleteEntry(String alias) Deletes the entry identified by the given alias from this keystore.
boolean	engineEntryInstanceOf(String alias, Class<? extends KeyStore.Entry> entryClass) Determines if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass.
Certificate	engineGetCertificate(String alias) Returns the certificate associated with the given alias.
String	engineGetCertificateAlias(Certificate cert) Returns the (alias) name of the first keystore entry whose certificate matches the given certificate.
Certificate[]	engineGetCertificateChain(String alias) Returns the certificate chain associated with the given alias.
Date	engineGetCreationDate(String alias) Returns the creation date of the entry identified by the given alias.
KeyStore.Entry	engineGetEntry(String alias, KeyStore.ProtectionParameter protParam) Gets a KeyStore.Entry for the specified alias with the specified protection parameter.
Key	engineGetKey(String alias, char[] password) Returns the key associated with the given alias, using the given password to recover it.
boolean	engineIsCertificateEntry(String alias) Returns true if the entry identified by the given alias is a trusted certificate entry, and false otherwise.
boolean	engineIsKeyEntry(String alias) Returns true if the entry identified by the given alias is a key entry, and false otherwise.
void	engineLoad(InputStream stream, char[] password) Loads the keystore from the given input stream.
boolean	engineProbe(InputStream stream) Probe the first few bytes of the keystore data stream for a valid PKCS12 keystore encoding.
void	engineSetCertificateEntry(String alias, Certificate cert) Assigns the given certificate to the given alias.
void	engineSetEntry(String alias, KeyStore.Entry entry, KeyStore.ProtectionParameter protParam) Saves a KeyStore.Entry under the specified alias.
void	engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) Assigns the given key (that has already been protected) to the given alias.
void	engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) Assigns the given key to the given alias, protecting it with the given password.
int	engineSize() Retrieves the number of entries in this keystore.
void	engineStore(OutputStream stream, char[] password) Stores this keystore to the given output stream, and protects its integrity with the given password.
private X509Certificate	findMatchedCertificate(PKCS12KeyStore.PrivateKeyEntry entry) Locates a matched CertEntry from certEntries, and returns its cert.
private Set<KeyStore.Entry.Attribute>	getAttributes(PKCS12KeyStore.Entry entry)
private byte[]	getBagAttributes(String alias, byte[] keyId, sun.security.util.ObjectIdentifier[] trustedUsage, Set<KeyStore.Entry.Attribute> attributes)
private byte[]	getBagAttributes(String alias, byte[] keyId, Set<KeyStore.Entry.Attribute> attributes)
private AlgorithmParameters	getPBEAlgorithmParameters(String algorithm, int iterationCount)
private SecretKey	getPBEKey(char[] password)
private byte[]	getSalt()
private String	getUnfriendlyName()
static boolean	isPasswordless(File f) Returns if a pkcs12 file is password-less.
private void	loadSafeContents(sun.security.util.DerInputStream stream)
private static sun.security.util.ObjectIdentifier	mapPBEAlgorithmToOID(String algorithm)
private static String	mapPBEParamsToAlgorithm(sun.security.util.ObjectIdentifier algorithm, AlgorithmParameters algParams)
private AlgorithmParameters	parseAlgParameters(sun.security.util.ObjectIdentifier algorithm, sun.security.util.DerInputStream in)
private void	setCertEntry(String alias, Certificate cert, Set<KeyStore.Entry.Attribute> attributes)
private void	setKeyEntry(String alias, Key key, KeyStore.PasswordProtection passwordProtection, Certificate[] chain, Set<KeyStore.Entry.Attribute> attributes)
private static int	string2IC(String type, String value)
private static boolean	useLegacy()
private boolean	validateChain(Certificate[] certChain)

从类继承的方法 java.security.KeyStoreSpi

engineLoad, engineStore

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

DEFAULT_CERT_PBE_ALGORITHM

private static String DEFAULT_CERT_PBE_ALGORITHM

DEFAULT_KEY_PBE_ALGORITHM

private static String DEFAULT_KEY_PBE_ALGORITHM

DEFAULT_MAC_ALGORITHM

private static String DEFAULT_MAC_ALGORITHM

DEFAULT_CERT_PBE_ITERATION_COUNT

private static int DEFAULT_CERT_PBE_ITERATION_COUNT

DEFAULT_KEY_PBE_ITERATION_COUNT

private static int DEFAULT_KEY_PBE_ITERATION_COUNT

DEFAULT_MAC_ITERATION_COUNT

private static int DEFAULT_MAC_ITERATION_COUNT

LEGACY_CERT_PBE_ALGORITHM

private static final String LEGACY_CERT_PBE_ALGORITHM

另请参阅:

常量字段值

LEGACY_KEY_PBE_ALGORITHM

private static final String LEGACY_KEY_PBE_ALGORITHM

另请参阅:

常量字段值

LEGACY_MAC_ALGORITHM

private static final String LEGACY_MAC_ALGORITHM

另请参阅:

常量字段值

LEGACY_PBE_ITERATION_COUNT

private static final int LEGACY_PBE_ITERATION_COUNT

另请参阅:

常量字段值

LEGACY_MAC_ITERATION_COUNT

private static final int LEGACY_MAC_ITERATION_COUNT

另请参阅:

常量字段值

USE_LEGACY_PROP

private static final String USE_LEGACY_PROP

另请参阅:

常量字段值

VERSION_3

public static final int VERSION_3

另请参阅:

常量字段值

MAX_ITERATION_COUNT

private static final int MAX_ITERATION_COUNT

另请参阅:

常量字段值

SALT_LEN

private static final int SALT_LEN

另请参阅:

常量字段值

CORE_ATTRIBUTES

private static final String[] CORE_ATTRIBUTES

debug

private static final sun.security.util.Debug debug

keyBag

private static final int[] keyBag

certBag

private static final int[] certBag

secretBag

private static final int[] secretBag

pkcs9Name

private static final int[] pkcs9Name

pkcs9KeyId

private static final int[] pkcs9KeyId

pkcs9certType

private static final int[] pkcs9certType

pbes2

private static final int[] pbes2

TrustedKeyUsage

private static final int[] TrustedKeyUsage

AnyExtendedKeyUsage

private static final int[] AnyExtendedKeyUsage

PKCS8ShroudedKeyBag_OID

private static final sun.security.util.ObjectIdentifier PKCS8ShroudedKeyBag_OID

CertBag_OID

private static final sun.security.util.ObjectIdentifier CertBag_OID

SecretBag_OID

private static final sun.security.util.ObjectIdentifier SecretBag_OID

PKCS9FriendlyName_OID

private static final sun.security.util.ObjectIdentifier PKCS9FriendlyName_OID

PKCS9LocalKeyId_OID

private static final sun.security.util.ObjectIdentifier PKCS9LocalKeyId_OID

PKCS9CertType_OID

private static final sun.security.util.ObjectIdentifier PKCS9CertType_OID

pbes2_OID

private static final sun.security.util.ObjectIdentifier pbes2_OID

TrustedKeyUsage_OID

private static final sun.security.util.ObjectIdentifier TrustedKeyUsage_OID

AnyUsage

private static final sun.security.util.ObjectIdentifier[] AnyUsage

gmpbes2

private static final int[] gmpbes2

gmpbes2_OID

private static final sun.security.util.ObjectIdentifier gmpbes2_OID

PBES2_OID_LIST

private static final Set<sun.security.util.ObjectIdentifier> PBES2_OID_LIST

counter

private int counter

privateKeyCount

private int privateKeyCount

secretKeyCount

private int secretKeyCount

certificateCount

private int certificateCount

certProtectionAlgorithm

private String certProtectionAlgorithm

certPbeIterationCount

private int certPbeIterationCount

macAlgorithm

private String macAlgorithm

macIterationCount

private int macIterationCount

random

private SecureRandom random

entries

private Map<String,PKCS12KeyStore.Entry> entries

Private keys and certificates are stored in a map. Map entries are keyed by alias names.

keyList

private ArrayList<PKCS12KeyStore.KeyEntry> keyList

certsMap

private LinkedHashMap<X500Principal,X509Certificate> certsMap

certEntries

private ArrayList<PKCS12KeyStore.CertEntry> certEntries

PKCS12_HEADER_PATTERNS

private static final long[][] PKCS12_HEADER_PATTERNS

PKCS12_HEADER_MASKS

private static final long[][] PKCS12_HEADER_MASKS

构造器详细资料

PKCS12KeyStore

public PKCS12KeyStore()

方法详细资料

engineGetKey

public Key engineGetKey(String alias,
                        char[] password)
                 throws NoSuchAlgorithmException,
                        UnrecoverableKeyException

Returns the key associated with the given alias, using the given password to recover it.

指定者:

engineGetKey 在类中 KeyStoreSpi

参数:

alias - the alias name

password - the password for recovering the key

返回:

the requested key, or null if the given alias does not exist or does not identify a key entry.

抛出:

NoSuchAlgorithmException - if the algorithm for recovering the key cannot be found

UnrecoverableKeyException - if the key cannot be recovered (e.g., the given password is wrong).

engineGetCertificateChain

public Certificate[] engineGetCertificateChain(String alias)

Returns the certificate chain associated with the given alias.

指定者:

engineGetCertificateChain 在类中 KeyStoreSpi

参数:

alias - the alias name

返回:

the certificate chain (ordered with the user's certificate first and the root certificate authority last), or null if the given alias does not exist or does not contain a certificate chain (i.e., the given alias identifies either a trusted certificate entry or a key entry without a certificate chain).

engineGetCertificate

public Certificate engineGetCertificate(String alias)

Returns the certificate associated with the given alias.

If the given alias name identifies a trusted certificate entry, the certificate associated with that entry is returned. If the given alias name identifies a key entry, the first element of the certificate chain of that entry is returned, or null if that entry does not have a certificate chain.

指定者:

engineGetCertificate 在类中 KeyStoreSpi

参数:

alias - the alias name

返回:

the certificate, or null if the given alias does not exist or does not contain a certificate.

engineGetCreationDate

public Date engineGetCreationDate(String alias)

Returns the creation date of the entry identified by the given alias.

指定者:

engineGetCreationDate 在类中 KeyStoreSpi

参数:

alias - the alias name

返回:

the creation date of this entry, or null if the given alias does not exist

engineSetKeyEntry

public void engineSetKeyEntry(String alias,
                              Key key,
                              char[] password,
                              Certificate[] chain)
                       throws KeyStoreException

Assigns the given key to the given alias, protecting it with the given password.

If the given key is of type java.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key.

If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).

指定者:

engineSetKeyEntry 在类中 KeyStoreSpi

参数:

alias - the alias name

key - the key to be associated with the alias

password - the password to protect the key

chain - the certificate chain for the corresponding public key (only required if the given key is of type java.security.PrivateKey).

抛出:

KeyStoreException - if the given key cannot be protected, or this operation fails for some other reason

setKeyEntry

private void setKeyEntry(String alias,
                         Key key,
                         KeyStore.PasswordProtection passwordProtection,
                         Certificate[] chain,
                         Set<KeyStore.Entry.Attribute> attributes)
                  throws KeyStoreException

抛出:

KeyStoreException

engineSetKeyEntry

public void engineSetKeyEntry(String alias,
                              byte[] key,
                              Certificate[] chain)
                       throws KeyStoreException

Assigns the given key (that has already been protected) to the given alias.

If the protected key is of type java.security.PrivateKey, it must be accompanied by a certificate chain certifying the corresponding public key. If the underlying keystore implementation is of type jks, key must be encoded as an EncryptedPrivateKeyInfo as defined in the PKCS #8 standard.

If the given alias already exists, the keystore information associated with it is overridden by the given key (and possibly certificate chain).

指定者:

engineSetKeyEntry 在类中 KeyStoreSpi

参数:

alias - the alias name

key - the key (in protected format) to be associated with the alias

chain - the certificate chain for the corresponding public key (only useful if the protected key is of type java.security.PrivateKey).

抛出:

KeyStoreException - if this operation fails.

getSalt

private byte[] getSalt()

getPBEAlgorithmParameters

private AlgorithmParameters getPBEAlgorithmParameters(String algorithm,
                                                      int iterationCount)
                                               throws IOException

抛出:

IOException

parseAlgParameters

private AlgorithmParameters parseAlgParameters(sun.security.util.ObjectIdentifier algorithm,
                                               sun.security.util.DerInputStream in)
                                        throws IOException

抛出:

IOException

getPBEKey

private SecretKey getPBEKey(char[] password)
                     throws IOException

抛出:

IOException

encryptPrivateKey

private byte[] encryptPrivateKey(byte[] data,
                                 KeyStore.PasswordProtection passwordProtection)
                          throws IOException,
                                 NoSuchAlgorithmException,
                                 UnrecoverableKeyException

抛出:

IOException

NoSuchAlgorithmException

UnrecoverableKeyException

mapPBEAlgorithmToOID

private static sun.security.util.ObjectIdentifier mapPBEAlgorithmToOID(String algorithm)
                                                                throws NoSuchAlgorithmException

抛出:

NoSuchAlgorithmException

mapPBEParamsToAlgorithm

private static String mapPBEParamsToAlgorithm(sun.security.util.ObjectIdentifier algorithm,
                                              AlgorithmParameters algParams)
                                       throws NoSuchAlgorithmException

抛出:

NoSuchAlgorithmException

engineSetCertificateEntry

public void engineSetCertificateEntry(String alias,
                                      Certificate cert)
                               throws KeyStoreException

Assigns the given certificate to the given alias.

If the given alias already exists in this keystore and identifies a trusted certificate entry, the certificate associated with it is overridden by the given certificate.

指定者:

engineSetCertificateEntry 在类中 KeyStoreSpi

参数:

alias - the alias name

cert - the certificate

抛出:

KeyStoreException - if the given alias already exists and does not identify a trusted certificate entry, or this operation fails for some other reason.

setCertEntry

private void setCertEntry(String alias,
                          Certificate cert,
                          Set<KeyStore.Entry.Attribute> attributes)
                   throws KeyStoreException

抛出:

KeyStoreException

engineDeleteEntry

public void engineDeleteEntry(String alias)
                       throws KeyStoreException

Deletes the entry identified by the given alias from this keystore.

指定者:

engineDeleteEntry 在类中 KeyStoreSpi

参数:

alias - the alias name

抛出:

KeyStoreException - if the entry cannot be removed.

engineAliases

public Enumeration<String> engineAliases()

Lists all the alias names of this keystore.

指定者:

engineAliases 在类中 KeyStoreSpi

返回:

enumeration of the alias names

engineContainsAlias

public boolean engineContainsAlias(String alias)

Checks if the given alias exists in this keystore.

指定者:

engineContainsAlias 在类中 KeyStoreSpi

参数:

alias - the alias name

返回:

true if the alias exists, false otherwise

engineSize

public int engineSize()

Retrieves the number of entries in this keystore.

指定者:

engineSize 在类中 KeyStoreSpi

返回:

the number of entries in this keystore

engineIsKeyEntry

public boolean engineIsKeyEntry(String alias)

Returns true if the entry identified by the given alias is a key entry, and false otherwise.

指定者:

engineIsKeyEntry 在类中 KeyStoreSpi

返回:

true if the entry identified by the given alias is a key entry, false otherwise.

engineIsCertificateEntry

public boolean engineIsCertificateEntry(String alias)

Returns true if the entry identified by the given alias is a trusted certificate entry, and false otherwise.

指定者:

engineIsCertificateEntry 在类中 KeyStoreSpi

返回:

true if the entry identified by the given alias is a trusted certificate entry, false otherwise.

engineEntryInstanceOf

public boolean engineEntryInstanceOf(String alias,
                                     Class<? extends KeyStore.Entry> entryClass)

Determines if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass.

覆盖:

engineEntryInstanceOf 在类中 KeyStoreSpi

参数:

alias - the alias name

entryClass - the entry class

返回:

true if the keystore Entry for the specified alias is an instance or subclass of the specified entryClass, false otherwise

从以下版本开始:

1.5

engineGetCertificateAlias

public String engineGetCertificateAlias(Certificate cert)

Returns the (alias) name of the first keystore entry whose certificate matches the given certificate.

This method attempts to match the given certificate with each keystore entry. If the entry being considered is a trusted certificate entry, the given certificate is compared to that entry's certificate. If the entry being considered is a key entry, the given certificate is compared to the first element of that entry's certificate chain (if a chain exists).

指定者:

engineGetCertificateAlias 在类中 KeyStoreSpi

参数:

cert - the certificate to match with.

返回:

the (alias) name of the first entry with matching certificate, or null if no such entry exists in this keystore.

engineStore

public void engineStore(OutputStream stream,
                        char[] password)
                 throws IOException,
                        NoSuchAlgorithmException,
                        CertificateException

Stores this keystore to the given output stream, and protects its integrity with the given password.

指定者:

engineStore 在类中 KeyStoreSpi

参数:

stream - the output stream to which this keystore is written.

password - the password to generate the keystore integrity check

抛出:

IOException - if there was an I/O problem with data

NoSuchAlgorithmException - if the appropriate data integrity algorithm could not be found

CertificateException - if any of the certificates included in the keystore data could not be stored

engineGetEntry

public KeyStore.Entry engineGetEntry(String alias,
                                     KeyStore.ProtectionParameter protParam)
                              throws KeyStoreException,
                                     NoSuchAlgorithmException,
                                     UnrecoverableEntryException

Gets a KeyStore.Entry for the specified alias with the specified protection parameter.

覆盖:

engineGetEntry 在类中 KeyStoreSpi

参数:

alias - get the KeyStore.Entry for this alias

protParam - the ProtectionParameter used to protect the Entry, which may be null

返回:

the KeyStore.Entry for the specified alias, or null if there is no such entry

抛出:

KeyStoreException - if the operation failed

NoSuchAlgorithmException - if the algorithm for recovering the entry cannot be found

UnrecoverableEntryException - if the specified protParam were insufficient or invalid

UnrecoverableKeyException - if the entry is a PrivateKeyEntry or SecretKeyEntry and the specified protParam does not contain the information needed to recover the key (e.g. wrong password)

从以下版本开始:

1.5

engineSetEntry

public void engineSetEntry(String alias,
                           KeyStore.Entry entry,
                           KeyStore.ProtectionParameter protParam)
                    throws KeyStoreException

Saves a KeyStore.Entry under the specified alias. The specified protection parameter is used to protect the Entry.

If an entry already exists for the specified alias, it is overridden.

覆盖:

engineSetEntry 在类中 KeyStoreSpi

参数:

alias - save the KeyStore.Entry under this alias

entry - the Entry to save

protParam - the ProtectionParameter used to protect the Entry, which may be null

抛出:

KeyStoreException - if this operation fails

从以下版本开始:

1.5

getAttributes

private Set<KeyStore.Entry.Attribute> getAttributes(PKCS12KeyStore.Entry entry)

calculateMac

private byte[] calculateMac(char[] passwd,
                            byte[] data)
                     throws IOException

抛出:

IOException

validateChain

private boolean validateChain(Certificate[] certChain)

checkX509Certs

private static void checkX509Certs(Certificate[] certs)
                            throws KeyStoreException

抛出:

KeyStoreException

getBagAttributes

private byte[] getBagAttributes(String alias,
                                byte[] keyId,
                                Set<KeyStore.Entry.Attribute> attributes)
                         throws IOException

抛出:

IOException

getBagAttributes

private byte[] getBagAttributes(String alias,
                                byte[] keyId,
                                sun.security.util.ObjectIdentifier[] trustedUsage,
                                Set<KeyStore.Entry.Attribute> attributes)
                         throws IOException

抛出:

IOException

createEncryptedData

private byte[] createEncryptedData(char[] password)
                            throws CertificateException,
                                   IOException

抛出:

CertificateException

IOException

createSafeContent

private byte[] createSafeContent()
                          throws CertificateException,
                                 IOException

抛出:

CertificateException

IOException

encryptContent

private byte[] encryptContent(byte[] data,
                              char[] password)
                       throws IOException

抛出:

IOException

engineLoad

public void engineLoad(InputStream stream,
                       char[] password)
                throws IOException,
                       NoSuchAlgorithmException,
                       CertificateException

Loads the keystore from the given input stream.

If a password is given, it is used to check the integrity of the keystore data. Otherwise, the integrity of the keystore is not checked.

指定者:

engineLoad 在类中 KeyStoreSpi

参数:

stream - the input stream from which the keystore is loaded

password - the (optional) password used to check the integrity of the keystore.

抛出:

IOException - if there is an I/O or format problem with the keystore data

NoSuchAlgorithmException - if the algorithm used to check the integrity of the keystore cannot be found

CertificateException - if any of the certificates in the keystore could not be loaded

isPasswordless

public static boolean isPasswordless(File f)
                              throws IOException

Returns if a pkcs12 file is password-less. This means no cert is encrypted and there is no Mac. Please note that the private key can be encrypted. This is a simplified version of engineLoad(java.io.InputStream, char[]) that only looks at the ContentInfo types.

参数:

f - the pkcs12 file

返回:

if it's password-less

抛出:

IOException

findMatchedCertificate

private X509Certificate findMatchedCertificate(PKCS12KeyStore.PrivateKeyEntry entry)

Locates a matched CertEntry from certEntries, and returns its cert.

参数:

entry - the KeyEntry to match

返回:

a certificate, null if not found

loadSafeContents

private void loadSafeContents(sun.security.util.DerInputStream stream)
                       throws IOException,
                              NoSuchAlgorithmException,
                              CertificateException

抛出:

IOException

NoSuchAlgorithmException

CertificateException

getUnfriendlyName

private String getUnfriendlyName()

engineProbe

public boolean engineProbe(InputStream stream)
                    throws IOException

Probe the first few bytes of the keystore data stream for a valid PKCS12 keystore encoding.

抛出:

IOException

useLegacy

private static boolean useLegacy()

defaultCertProtectionAlgorithm

private static String defaultCertProtectionAlgorithm()

defaultCertPbeIterationCount

private static int defaultCertPbeIterationCount()

defaultKeyProtectionAlgorithm

private static String defaultKeyProtectionAlgorithm()

defaultKeyPbeIterationCount

private static int defaultKeyPbeIterationCount()

defaultMacAlgorithm

private static String defaultMacAlgorithm()

defaultMacIterationCount

private static int defaultMacIterationCount()

string2IC

private static int string2IC(String type,
                             String value)