Mercurial > hg > release > icedtea-1.10

view netx/net/sourceforge/jnlp/tools/KeyTool.java @ 1842:31b0ba36a6b7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Completely restructure the building and inclusion of netx and plugin code. We were relying on the binary plugs process (and thus importing unneeded SNMP classes). We now use the same method as jaxws, jaxp, langtools and corba, and the binary plugs process is turned off (the default, we were turning it on by setting ALT_BINARY_PLUGS_PATH). 2009-05-27 Andrew John Hughes <ahughes@redhat.com> * overlays/openjdk/jdk/src/share/classes/javax/jnlp/BasicService.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/ClipboardService.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/DownloadService.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/DownloadServiceListener.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/ExtensionInstallerService.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/FileContents.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/FileOpenService.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/FileSaveService.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/JNLPRandomAccessFile.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/PersistenceService.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/PrintService.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/ServiceManager.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/ServiceManagerStub.java, * overlays/openjdk/jdk/src/share/classes/javax/jnlp/UnavailableServiceException.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/AppletDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/ApplicationDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/ComponentDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/DefaultLaunchHandler.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/ExtensionDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/IconDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/InformationDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/InstallerDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/JARDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/JNLPFile.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/JNLPSplashScreen.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/JREDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/LaunchException.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/LaunchHandler.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/Launcher.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/NetxPanel.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/Node.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/PackageDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/ParseException.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/Parser.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/PluginBridge.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/PropertyDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/ResourcesDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/SecurityDesc.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/Version.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/cache/CacheEntry.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/cache/CacheUtil.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/cache/DefaultDownloadIndicator.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/cache/DownloadIndicator.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/cache/Resource.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/cache/ResourceTracker.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/cache/UpdatePolicy.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/cache/package.html, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/event/ApplicationEvent.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/event/ApplicationListener.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/event/DownloadEvent.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/event/DownloadListener.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/event/package.html, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/package.html, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/resources/Manifest.mf, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/resources/Messages.properties, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/resources/about.jnlp, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/resources/default.jnlp, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/AppThreadGroup.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/AppletAudioClip.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/AppletEnvironment.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/AppletInstance.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/ApplicationInstance.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/Boot.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/Boot13.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPClassLoader.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPPolicy.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPRuntime.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/package.html, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/AccessWarningPane.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/AppletWarningPane.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/CertVerifier.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/CertWarningPane.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/CertsInfoPane.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/HttpsCertVerifier.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/MoreInfoPane.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/SecurityDialogUI.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/SecurityUtil.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/SecurityWarningDialog.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/SingleCertInfoPane.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/VariableX509TrustManager.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/viewer/CertificatePane.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/security/viewer/CertificateViewer.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/ServiceUtil.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XBasicService.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XClipboardService.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XDownloadService.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XExtensionInstallerService.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XFileContents.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XFileOpenService.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XFileSaveService.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XJNLPRandomAccessFile.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XPersistenceService.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XPrintService.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/XServiceManagerStub.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/services/package.html, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/tools/CharacterEncoder.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/tools/HexDumpEncoder.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/tools/JarRunner.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/tools/JarSigner.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/tools/JarSignerResources.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/tools/KeyStoreUtil.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/tools/KeyTool.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/util/PropertiesFile.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/util/Reflect.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/util/WeakList.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/nanoxml/XMLElement.java, * overlays/openjdk/jdk/src/share/classes/net/sourceforge/nanoxml/XMLParseException.java: Moved to... * Makefile.am: Remove use of ALT_BINARY_PLUGS_PATH (and thus turn off the binary plugs build), add a INITIAL_BOOTSTRAP_LINK_STAMP target which allows us to depend on $(ICEDTEA_BOOT_DIR) for both types of build, output to lib/tools.jar not jre/lib/tools.jar, add targets for building netx and liveconnect classes and make icedtea targets dependent on this. * netx/javax/jnlp/BasicService.java, * netx/javax/jnlp/ClipboardService.java, * netx/javax/jnlp/DownloadService.java, * netx/javax/jnlp/DownloadServiceListener.java, * netx/javax/jnlp/ExtensionInstallerService.java, * netx/javax/jnlp/FileContents.java, * netx/javax/jnlp/FileOpenService.java, * netx/javax/jnlp/FileSaveService.java, * netx/javax/jnlp/JNLPRandomAccessFile.java, * netx/javax/jnlp/PersistenceService.java, * netx/javax/jnlp/PrintService.java, * netx/javax/jnlp/ServiceManager.java, * netx/javax/jnlp/ServiceManagerStub.java, * netx/javax/jnlp/UnavailableServiceException.java, * netx/net/sourceforge/jnlp/AppletDesc.java, * netx/net/sourceforge/jnlp/ApplicationDesc.java, * netx/net/sourceforge/jnlp/ComponentDesc.java, * netx/net/sourceforge/jnlp/DefaultLaunchHandler.java, * netx/net/sourceforge/jnlp/ExtensionDesc.java, * netx/net/sourceforge/jnlp/IconDesc.java, * netx/net/sourceforge/jnlp/InformationDesc.java, * netx/net/sourceforge/jnlp/InstallerDesc.java, * netx/net/sourceforge/jnlp/JARDesc.java, * netx/net/sourceforge/jnlp/JNLPFile.java, * netx/net/sourceforge/jnlp/JNLPSplashScreen.java, * netx/net/sourceforge/jnlp/JREDesc.java, * netx/net/sourceforge/jnlp/LaunchException.java, * netx/net/sourceforge/jnlp/LaunchHandler.java, * netx/net/sourceforge/jnlp/Launcher.java, * netx/net/sourceforge/jnlp/NetxPanel.java, * netx/net/sourceforge/jnlp/Node.java, * netx/net/sourceforge/jnlp/PackageDesc.java, * netx/net/sourceforge/jnlp/ParseException.java, * netx/net/sourceforge/jnlp/Parser.java, * netx/net/sourceforge/jnlp/PluginBridge.java, * netx/net/sourceforge/jnlp/PropertyDesc.java, * netx/net/sourceforge/jnlp/ResourcesDesc.java, * netx/net/sourceforge/jnlp/SecurityDesc.java, * netx/net/sourceforge/jnlp/Version.java, * netx/net/sourceforge/jnlp/cache/CacheEntry.java, * netx/net/sourceforge/jnlp/cache/CacheUtil.java, * netx/net/sourceforge/jnlp/cache/DefaultDownloadIndicator.java, * netx/net/sourceforge/jnlp/cache/DownloadIndicator.java, * netx/net/sourceforge/jnlp/cache/Resource.java, * netx/net/sourceforge/jnlp/cache/ResourceTracker.java, * netx/net/sourceforge/jnlp/cache/UpdatePolicy.java, * netx/net/sourceforge/jnlp/cache/package.html, * netx/net/sourceforge/jnlp/event/ApplicationEvent.java, * netx/net/sourceforge/jnlp/event/ApplicationListener.java, * netx/net/sourceforge/jnlp/event/DownloadEvent.java, * netx/net/sourceforge/jnlp/event/DownloadListener.java, * netx/net/sourceforge/jnlp/event/package.html, * netx/net/sourceforge/jnlp/package.html, * netx/net/sourceforge/jnlp/resources/Manifest.mf, * netx/net/sourceforge/jnlp/resources/Messages.properties, * netx/net/sourceforge/jnlp/resources/about.jnlp, * netx/net/sourceforge/jnlp/resources/default.jnlp, * netx/net/sourceforge/jnlp/runtime/AppThreadGroup.java, * netx/net/sourceforge/jnlp/runtime/AppletAudioClip.java, * netx/net/sourceforge/jnlp/runtime/AppletEnvironment.java, * netx/net/sourceforge/jnlp/runtime/AppletInstance.java, * netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java, * netx/net/sourceforge/jnlp/runtime/Boot.java, * netx/net/sourceforge/jnlp/runtime/Boot13.java, * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java, * netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java, * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java, * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java, * netx/net/sourceforge/jnlp/runtime/package.html, * netx/net/sourceforge/jnlp/security/AccessWarningPane.java, * netx/net/sourceforge/jnlp/security/AppletWarningPane.java, * netx/net/sourceforge/jnlp/security/CertVerifier.java, * netx/net/sourceforge/jnlp/security/CertWarningPane.java, * netx/net/sourceforge/jnlp/security/CertsInfoPane.java, * netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java, * netx/net/sourceforge/jnlp/security/MoreInfoPane.java, * netx/net/sourceforge/jnlp/security/SecurityDialogUI.java, * netx/net/sourceforge/jnlp/security/SecurityUtil.java, * netx/net/sourceforge/jnlp/security/SecurityWarningDialog.java, * netx/net/sourceforge/jnlp/security/SingleCertInfoPane.java, * netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java, * netx/net/sourceforge/jnlp/security/viewer/CertificatePane.java, * netx/net/sourceforge/jnlp/security/viewer/CertificateViewer.java, * netx/net/sourceforge/jnlp/services/ServiceUtil.java, * netx/net/sourceforge/jnlp/services/XBasicService.java, * netx/net/sourceforge/jnlp/services/XClipboardService.java, * netx/net/sourceforge/jnlp/services/XDownloadService.java, * netx/net/sourceforge/jnlp/services/XExtensionInstallerService.java, * netx/net/sourceforge/jnlp/services/XFileContents.java, * netx/net/sourceforge/jnlp/services/XFileOpenService.java, * netx/net/sourceforge/jnlp/services/XFileSaveService.java, * netx/net/sourceforge/jnlp/services/XJNLPRandomAccessFile.java, * netx/net/sourceforge/jnlp/services/XPersistenceService.java, * netx/net/sourceforge/jnlp/services/XPrintService.java, * netx/net/sourceforge/jnlp/services/XServiceManagerStub.java, * netx/net/sourceforge/jnlp/services/package.html, * netx/net/sourceforge/jnlp/tools/CharacterEncoder.java, * netx/net/sourceforge/jnlp/tools/HexDumpEncoder.java, * netx/net/sourceforge/jnlp/tools/JarRunner.java, * netx/net/sourceforge/jnlp/tools/JarSigner.java, * netx/net/sourceforge/jnlp/tools/JarSignerResources.java, * netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java, * netx/net/sourceforge/jnlp/tools/KeyTool.java, * netx/net/sourceforge/jnlp/util/PropertiesFile.java, * netx/net/sourceforge/jnlp/util/Reflect.java, * netx/net/sourceforge/jnlp/util/WeakList.java, * netx/net/sourceforge/nanoxml/XMLElement.java, * netx/net/sourceforge/nanoxml/XMLParseException.java: to here. * patches/ecj/icedtea.patch: Recreated. * patches/icedtea-ant.patch: Remove hack to jaxws which uses plugs directory (now undefined). * patches/icedtea-javac-debuginfo.patch: Recreated. * patches/icedtea-netx.patch: Include netx and netscape classes via the same import mechanism as jaxws, jaxp, corba and langtools (extracting a classes.zip).
author Andrew John Hughes <ahughes@redhat.com>
date Thu, 28 May 2009 10:18:19 +0100
parents overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/tools/KeyTool.java@242c0a9de43f
children
line wrap: on
line source

/*
 * Copyright 1997-2006 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Sun designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Sun in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
 * CA 95054 USA or visit www.sun.com if you need additional information or
 * have any questions.
 */

package net.sourceforge.jnlp.tools;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Random;
import java.util.Hashtable;
import java.util.Vector;

import net.sourceforge.jnlp.security.SecurityUtil;

import sun.misc.BASE64Encoder;
import sun.security.provider.X509Factory;

/**
 * This tool manages the user's trusted certificates
 *
 * @author Jan Luehe
 * @author Joshua Sumali
 */
public class KeyTool {

	// The user's keystore.
	private KeyStore usercerts = null;
	// JDK cacerts
	private KeyStore cacerts = null;
	// System ca-bundle.crt
	private KeyStore systemcerts = null;
	
	private String fullCertPath = SecurityUtil.getTrustedCertsFilename();

	private FileOutputStream fos = null;

	/**
	 * Whether we trust the system cacerts file.
	 */
	private boolean trustcacerts = true;
	
	/**
	 * Whether we print certificates in rfc, base64 encoding.
	 */
	private boolean rfc = true;
	
	private final char[] password = "changeit".toCharArray();

	/**
	 * Whether we prompt for user input.
	 */
	private boolean noprompt = true;
	
	public KeyTool() throws Exception {

		// Initialize all the keystores.
		usercerts = SecurityUtil.getUserKeyStore();
		cacerts = SecurityUtil.getCacertsKeyStore(); 
		systemcerts = SecurityUtil.getSystemCertStore();
	}

	/**
	 * Adds a trusted certificate to the user's keystore.
	 * @return true if the add was successful, false otherwise.
	 */
	public boolean importCert(File file) throws Exception {
	
		BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file));
		CertificateFactory cf = CertificateFactory.getInstance("X509");
		X509Certificate cert = null;
		
		if (bis.available() >= 1) {
			try {
			cert = (X509Certificate)cf.generateCertificate(bis);
			} catch (ClassCastException cce) {
				throw new Exception("Input file is not an X509 Certificate");
			} catch (CertificateException ce) {
				throw new Exception("Input file is not an X509 Certificate");
			}
		}
	
		return importCert((Certificate)cert);
	}
	
	/**
	 * Adds a trusted certificate to the user's keystore.
	 * @return true if the add was successful, false otherwise.
	 */
	public boolean importCert(Certificate cert) throws Exception {

		String alias = usercerts.getCertificateAlias(cert);

		if (alias != null) { //cert already exists
			return true;
		} else {
			String newAlias = getRandomAlias();
			//check to make sure this alias doesn't exist
			while (usercerts.getCertificate(newAlias) != null)
				newAlias = getRandomAlias();
			return addTrustedCert(newAlias, cert);
		}
	}

	/**
	 * Generates a random alias for storing a trusted Certificate.
	 */
	private String getRandomAlias() {
		Random r = new Random();
		String token = Long.toString(Math.abs(r.nextLong()), 36);
		return "trustedCert-" + token;
	}
	
	/**
     * Prints all keystore entries.
     */
	private void doPrintEntries(PrintStream out) throws Exception {

		out.println("KeyStore type: " + usercerts.getType());
		out.println("KeyStore provider: " + usercerts.getProvider().toString());
		out.println();
		
		for (Enumeration<String> e = usercerts.aliases(); e.hasMoreElements();) {
			String alias = e.nextElement();
			doPrintEntry(alias, out, false);
		}
	}
	
    /**
     * Prints a single keystore entry.
     */
	private void doPrintEntry(String alias, PrintStream out,
			boolean printWarning) throws Exception {

		if (usercerts.containsAlias(alias) == false) {
			throw new Exception("Alias does not exist");
		}

		if (usercerts.entryInstanceOf(alias, 
				KeyStore.TrustedCertificateEntry.class)) {
			Certificate cert = usercerts.getCertificate(alias);

			out.println("Alias: " + alias);
			out.println("Date Created: " + usercerts.getCreationDate(alias));
			out.println("Subject: " + getCN(((X509Certificate)usercerts
				.getCertificate(alias)).getSubjectX500Principal().getName()));
			out.println("Certificate fingerprint (MD5): "
					+ getCertFingerPrint("MD5", cert));
			out.println();
		}
	}

	/**
	 * Extracts the CN field from a Certificate principal string.
	 */
	private String getCN(String principal) {
		int start = principal.indexOf("CN=");
		int end = principal.indexOf(",", start);

		if (end == -1) {
			end = principal.length();
		}

		if (start >= 0)
			return principal.substring(start+3, end);
		else
			return principal;
    }

    /**
     * Gets the requested finger print of the certificate.
     */
	private String getCertFingerPrint(String mdAlg, Certificate cert)
		throws Exception {
		byte[] encCertInfo = cert.getEncoded();
		MessageDigest md = MessageDigest.getInstance(mdAlg);
		byte[] digest = md.digest(encCertInfo);
		return toHexString(digest);
	}

    /**
     * Converts a byte to hex digit and writes to the supplied buffer
     */
    private void byte2hex(byte b, StringBuffer buf) {
        char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8',
                            '9', 'A', 'B', 'C', 'D', 'E', 'F' };
        int high = ((b & 0xf0) >> 4);
        int low = (b & 0x0f);
        buf.append(hexChars[high]);
        buf.append(hexChars[low]);
    }

    /**
     * Converts a byte array to hex string
     */
    private String toHexString(byte[] block) {
        StringBuffer buf = new StringBuffer();
        int len = block.length;
        for (int i = 0; i < len; i++) {
             byte2hex(block[i], buf);
             if (i < len-1) {
                 buf.append(":");
             }
        }
        return buf.toString();
    }

	/**
	 * Adds a certificate to the keystore, and writes new keystore to disk.
	 */
    private boolean addTrustedCert(String alias, Certificate cert)
    	throws Exception {
    	
    	if (isSelfSigned((X509Certificate)cert)) {
			//will throw exception if this fails
    		cert.verify(cert.getPublicKey());
		}
    
    	if (noprompt) {
    		usercerts.setCertificateEntry(alias, cert);
			fos = new FileOutputStream(fullCertPath);
			usercerts.store(fos, password);
			fos.close();
    		return true;
    	}
    	
    	return false;
    }    
    
    /**
     * Returns true if the given certificate is trusted, false otherwise.
     */
    public boolean isTrusted(Certificate cert) throws Exception {
    	if (cert != null) {
    		if (usercerts.getCertificateAlias(cert) != null) {
    			return true; // found in own keystore
    		}
    		return false;
    	} else {
    		return false;
    	}
    }
    
    /**
     * Returns true if the certificate is self-signed, false otherwise.
     */
    private boolean isSelfSigned(X509Certificate cert) {
        return cert.getSubjectDN().equals(cert.getIssuerDN());
    }

    /**
     * Checks if a given certificate is part of the user's cacerts
     * keystore.
     * @param c the certificate to check
     * @returns true if the certificate is in the user's cacerts and
     * false otherwise
     */
    public boolean checkCacertsForCertificate(Certificate c) throws Exception {
    	if (c != null) {

			String alias = null;

			//first try jdk cacerts.
			if (cacerts != null) {
    			alias = cacerts.getCertificateAlias(c);

				//if we can't find it here, try the system certs.
				if (alias == null && systemcerts != null)
					alias = systemcerts.getCertificateAlias(c);
			} 
			//otherwise try the system certs if you can't use the jdk certs.
			else if (systemcerts != null)
				alias = systemcerts.getCertificateAlias(c);

    		return (alias != null);
    	} else 
    		return false;
    }
    
    /**
     * Establishes a certificate chain (using trusted certificates in the
     * keystore), starting with the user certificate
     * and ending at a self-signed certificate found in the keystore.
     *
     * @param userCert the user certificate of the alias
     * @param certToVerify the single certificate provided in the reply
     */
    public boolean establishCertChain(Certificate userCert,
                                             Certificate certToVerify)
        throws Exception
    {
        if (userCert != null) {
            // Make sure that the public key of the certificate reply matches
            // the original public key in the keystore
            PublicKey origPubKey = userCert.getPublicKey();
            PublicKey replyPubKey = certToVerify.getPublicKey();
            if (!origPubKey.equals(replyPubKey)) {
            	// TODO: something went wrong -- throw exception
                throw new Exception(
                	"Public keys in reply and keystore don't match");
            }

            // If the two certs are identical, we're done: no need to import
            // anything
            if (certToVerify.equals(userCert)) {
                throw new Exception(
                	"Certificate reply and certificate in keystore are identical");
            }
        }

        // Build a hash table of all certificates in the keystore.
        // Use the subject distinguished name as the key into the hash table.
        // All certificates associated with the same subject distinguished
        // name are stored in the same hash table entry as a vector.
        Hashtable<Principal, Vector<Certificate>> certs = null;
        if (usercerts.size() > 0) {
            certs = new Hashtable<Principal, Vector<Certificate>>(11);
            keystorecerts2Hashtable(usercerts, certs);
        }
        if (trustcacerts) { //if we're trusting the cacerts
        	KeyStore caks = SecurityUtil.getCacertsKeyStore();
            if (caks!=null && caks.size()>0) {
                if (certs == null) {
                    certs = new Hashtable<Principal, Vector<Certificate>>(11);
                }
                keystorecerts2Hashtable(caks, certs);
            }
        }

        // start building chain
        Vector<Certificate> chain = new Vector<Certificate>(2);
        if (buildChain((X509Certificate)certToVerify, chain, certs)) {
            Certificate[] newChain = new Certificate[chain.size()];
            // buildChain() returns chain with self-signed root-cert first and
            // user-cert last, so we need to invert the chain before we store
            // it
            int j=0;
            for (int i=chain.size()-1; i>=0; i--) {
                newChain[j] = chain.elementAt(i);
                j++;
            }
            //return newChain;
            return newChain != null;
        } else {
            throw new Exception("Failed to establish chain from reply");
        }
    }
    
    /**
     * Stores the (leaf) certificates of a keystore in a hashtable.
     * All certs belonging to the same CA are stored in a vector that
     * in turn is stored in the hashtable, keyed by the CA's subject DN
     */
    private void keystorecerts2Hashtable(KeyStore ks,
                Hashtable<Principal, Vector<Certificate>> hash)
        throws Exception {

        for (Enumeration<String> aliases = ks.aliases();
                                        aliases.hasMoreElements(); ) {
            String alias = aliases.nextElement();
            Certificate cert = ks.getCertificate(alias);
            if (cert != null) {
                Principal subjectDN = ((X509Certificate)cert).getSubjectDN();
                Vector<Certificate> vec = hash.get(subjectDN);
                if (vec == null) {
                    vec = new Vector<Certificate>();
                    vec.addElement(cert);
                } else {
                    if (!vec.contains(cert)) {
                        vec.addElement(cert);
                    }
                }
                hash.put(subjectDN, vec);
            }
        }
    }
    
    /**
     * Recursively tries to establish chain from pool of trusted certs.
     *
     * @param certToVerify the cert that needs to be verified.
     * @param chain the chain that's being built.
     * @param certs the pool of trusted certs
     *
     * @return true if successful, false otherwise.
     */
    private boolean buildChain(X509Certificate certToVerify,
                        Vector<Certificate> chain,
                        Hashtable<Principal, Vector<Certificate>> certs) {
        Principal subject = certToVerify.getSubjectDN();
        Principal issuer = certToVerify.getIssuerDN();
        if (subject.equals(issuer)) {
            // reached self-signed root cert;
            // no verification needed because it's trusted.
            chain.addElement(certToVerify);
            return true;
        }

        // Get the issuer's certificate(s)
        Vector<Certificate> vec = certs.get(issuer);
        if (vec == null) {
            return false;
        }

        // Try out each certificate in the vector, until we find one
        // whose public key verifies the signature of the certificate
        // in question.
        for (Enumeration<Certificate> issuerCerts = vec.elements();
             issuerCerts.hasMoreElements(); ) {
            X509Certificate issuerCert
                = (X509Certificate)issuerCerts.nextElement();
            PublicKey issuerPubKey = issuerCert.getPublicKey();
            try {
                certToVerify.verify(issuerPubKey);
            } catch (Exception e) {
                continue;
            }
            if (buildChain(issuerCert, chain, certs)) {
                chain.addElement(certToVerify);
                return true;
            }
        }
        return false;
    }

    public static void dumpCert(Certificate cert, PrintStream out)
    	throws IOException, CertificateException {
    	
    	boolean printRfc = true;
        if (printRfc) {
            BASE64Encoder encoder = new BASE64Encoder();
            out.println(X509Factory.BEGIN_CERT);
            encoder.encodeBuffer(cert.getEncoded(), out);
            out.println(X509Factory.END_CERT);
        } else {
            out.write(cert.getEncoded()); // binary
        }
    }
    
	public static void main(String[] args) throws Exception {
		KeyTool kt = new KeyTool();
		kt.doPrintEntries(System.out);
	}
}