Mercurial > hg > release > icedtea-web-1.2
changeset 73:a5fbac599561
Remove unused class net.sourceforge.jnlp.tools.KeyTool
2010-12-08 Omair Majid <omajid@redhat.com>
* netx/net/sourceforge/jnlp/tools/KeyTool.java: Remove unused class.
| author | Omair Majid <omajid@redhat.com> |
|---|---|
| date | Wed, 08 Dec 2010 08:45:51 -0500 |
| parents | 72471ae86379 |
| children | 754244b0d2c1 |
| files | ChangeLog netx/net/sourceforge/jnlp/tools/KeyTool.java |
| diffstat | 2 files changed, 4 insertions(+), 433 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Dec 07 15:50:16 2010 -0500 +++ b/ChangeLog Wed Dec 08 08:45:51 2010 -0500 @@ -1,3 +1,7 @@ +2010-12-08 Omair Majid <omajid@redhat.com> + + * netx/net/sourceforge/jnlp/tools/KeyTool.java: Remove unused class. + 2010-12-07 Andrew Su <asu@redhat.com> * MiddleClickListener.java: Added copyright header. Corrected typo in
--- a/netx/net/sourceforge/jnlp/tools/KeyTool.java Tue Dec 07 15:50:16 2010 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,433 +0,0 @@ -/* - * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Sun designates this - * particular file as subject to the "Classpath" exception as provided - * by Sun in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, - * CA 95054 USA or visit www.sun.com if you need additional information or - * have any questions. - */ - -package net.sourceforge.jnlp.tools; - -import java.io.BufferedInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.PrintStream; -import java.security.KeyStore; -import java.security.MessageDigest; -import java.security.PublicKey; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.security.Principal; -import java.util.Enumeration; -import java.util.Random; -import java.util.Hashtable; -import java.util.Vector; - -import net.sourceforge.jnlp.security.SecurityUtil; - -/** - * This tool manages the user's trusted certificates - * - * @author Jan Luehe - * @author Joshua Sumali - */ -public class KeyTool { - - // The user's keystore. - private KeyStore usercerts = null; - // JDK cacerts - private KeyStore cacerts = null; - // System ca-bundle.crt - private KeyStore systemcerts = null; - - private String fullCertPath = SecurityUtil.getTrustedCertsFilename(); - - private FileOutputStream fos = null; - - /** - * Whether we trust the system cacerts file. - */ - private boolean trustcacerts = true; - - private final char[] password = "changeit".toCharArray(); - - /** - * Whether we prompt for user input. - */ - private boolean noprompt = true; - - public KeyTool() throws Exception { - - // Initialize all the keystores. - usercerts = SecurityUtil.getUserKeyStore(); - cacerts = SecurityUtil.getCacertsKeyStore(); - systemcerts = SecurityUtil.getSystemCertStore(); - } - - /** - * Adds a trusted certificate to the user's keystore. - * @return true if the add was successful, false otherwise. - */ - public boolean importCert(File file) throws Exception { - - BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file)); - CertificateFactory cf = CertificateFactory.getInstance("X509"); - X509Certificate cert = null; - - if (bis.available() >= 1) { - try { - cert = (X509Certificate) cf.generateCertificate(bis); - } catch (ClassCastException cce) { - throw new Exception("Input file is not an X509 Certificate"); - } catch (CertificateException ce) { - throw new Exception("Input file is not an X509 Certificate"); - } - } - - return importCert((Certificate) cert); - } - - /** - * Adds a trusted certificate to the user's keystore. - * @return true if the add was successful, false otherwise. - */ - public boolean importCert(Certificate cert) throws Exception { - - String alias = usercerts.getCertificateAlias(cert); - - if (alias != null) { //cert already exists - return true; - } else { - String newAlias = getRandomAlias(); - //check to make sure this alias doesn't exist - while (usercerts.getCertificate(newAlias) != null) - newAlias = getRandomAlias(); - return addTrustedCert(newAlias, cert); - } - } - - /** - * Generates a random alias for storing a trusted Certificate. - */ - private String getRandomAlias() { - Random r = new Random(); - String token = Long.toString(Math.abs(r.nextLong()), 36); - return "trustedCert-" + token; - } - - /** - * Prints all keystore entries. - */ - private void doPrintEntries(PrintStream out) throws Exception { - - out.println("KeyStore type: " + usercerts.getType()); - out.println("KeyStore provider: " + usercerts.getProvider().toString()); - out.println(); - - for (Enumeration<String> e = usercerts.aliases(); e.hasMoreElements();) { - String alias = e.nextElement(); - doPrintEntry(alias, out, false); - } - } - - /** - * Prints a single keystore entry. - */ - private void doPrintEntry(String alias, PrintStream out, - boolean printWarning) throws Exception { - - if (usercerts.containsAlias(alias) == false) { - throw new Exception("Alias does not exist"); - } - - if (usercerts.entryInstanceOf(alias, - KeyStore.TrustedCertificateEntry.class)) { - Certificate cert = usercerts.getCertificate(alias); - - out.println("Alias: " + alias); - out.println("Date Created: " + usercerts.getCreationDate(alias)); - out.println("Subject: " + SecurityUtil.getCN(((X509Certificate) usercerts - .getCertificate(alias)).getSubjectX500Principal().getName())); - out.println("Certificate fingerprint (MD5): " - + getCertFingerPrint("MD5", cert)); - out.println(); - } - } - - /** - * Gets the requested finger print of the certificate. - */ - private String getCertFingerPrint(String mdAlg, Certificate cert) - throws Exception { - byte[] encCertInfo = cert.getEncoded(); - MessageDigest md = MessageDigest.getInstance(mdAlg); - byte[] digest = md.digest(encCertInfo); - return toHexString(digest); - } - - /** - * Converts a byte to hex digit and writes to the supplied buffer - */ - private void byte2hex(byte b, StringBuffer buf) { - char[] hexChars = { '0', '1', '2', '3', '4', '5', '6', '7', '8', - '9', 'A', 'B', 'C', 'D', 'E', 'F' }; - int high = ((b & 0xf0) >> 4); - int low = (b & 0x0f); - buf.append(hexChars[high]); - buf.append(hexChars[low]); - } - - /** - * Converts a byte array to hex string - */ - private String toHexString(byte[] block) { - StringBuffer buf = new StringBuffer(); - int len = block.length; - for (int i = 0; i < len; i++) { - byte2hex(block[i], buf); - if (i < len - 1) { - buf.append(":"); - } - } - return buf.toString(); - } - - /** - * Adds a certificate to the keystore, and writes new keystore to disk. - */ - private boolean addTrustedCert(String alias, Certificate cert) - throws Exception { - - if (isSelfSigned((X509Certificate) cert)) { - //will throw exception if this fails - cert.verify(cert.getPublicKey()); - } - - if (noprompt) { - usercerts.setCertificateEntry(alias, cert); - fos = new FileOutputStream(fullCertPath); - usercerts.store(fos, password); - fos.close(); - return true; - } - - return false; - } - - /** - * Returns true if the given certificate is trusted, false otherwise. - */ - public boolean isTrusted(Certificate cert) throws Exception { - if (cert != null) { - if (usercerts.getCertificateAlias(cert) != null) { - return true; // found in own keystore - } - return false; - } else { - return false; - } - } - - /** - * Returns true if the certificate is self-signed, false otherwise. - */ - private boolean isSelfSigned(X509Certificate cert) { - return cert.getSubjectDN().equals(cert.getIssuerDN()); - } - - /** - * Checks if a given certificate is part of the user's cacerts - * keystore. - * @param c the certificate to check - * @returns true if the certificate is in the user's cacerts and - * false otherwise - */ - public boolean checkCacertsForCertificate(Certificate c) throws Exception { - if (c != null) { - - String alias = null; - - //first try jdk cacerts. - if (cacerts != null) { - alias = cacerts.getCertificateAlias(c); - - //if we can't find it here, try the system certs. - if (alias == null && systemcerts != null) - alias = systemcerts.getCertificateAlias(c); - } - //otherwise try the system certs if you can't use the jdk certs. - else if (systemcerts != null) - alias = systemcerts.getCertificateAlias(c); - - return (alias != null); - } else - return false; - } - - /** - * Establishes a certificate chain (using trusted certificates in the - * keystore), starting with the user certificate - * and ending at a self-signed certificate found in the keystore. - * - * @param userCert the user certificate of the alias - * @param certToVerify the single certificate provided in the reply - */ - public boolean establishCertChain(Certificate userCert, - Certificate certToVerify) - throws Exception { - if (userCert != null) { - // Make sure that the public key of the certificate reply matches - // the original public key in the keystore - PublicKey origPubKey = userCert.getPublicKey(); - PublicKey replyPubKey = certToVerify.getPublicKey(); - if (!origPubKey.equals(replyPubKey)) { - // TODO: something went wrong -- throw exception - throw new Exception( - "Public keys in reply and keystore don't match"); - } - - // If the two certs are identical, we're done: no need to import - // anything - if (certToVerify.equals(userCert)) { - throw new Exception( - "Certificate reply and certificate in keystore are identical"); - } - } - - // Build a hash table of all certificates in the keystore. - // Use the subject distinguished name as the key into the hash table. - // All certificates associated with the same subject distinguished - // name are stored in the same hash table entry as a vector. - Hashtable<Principal, Vector<Certificate>> certs = null; - if (usercerts.size() > 0) { - certs = new Hashtable<Principal, Vector<Certificate>>(11); - keystorecerts2Hashtable(usercerts, certs); - } - if (trustcacerts) { //if we're trusting the cacerts - KeyStore caks = SecurityUtil.getCacertsKeyStore(); - if (caks != null && caks.size() > 0) { - if (certs == null) { - certs = new Hashtable<Principal, Vector<Certificate>>(11); - } - keystorecerts2Hashtable(caks, certs); - } - } - - // start building chain - Vector<Certificate> chain = new Vector<Certificate>(2); - if (buildChain((X509Certificate) certToVerify, chain, certs)) { - Certificate[] newChain = new Certificate[chain.size()]; - // buildChain() returns chain with self-signed root-cert first and - // user-cert last, so we need to invert the chain before we store - // it - int j = 0; - for (int i = chain.size() - 1; i >= 0; i--) { - newChain[j] = chain.elementAt(i); - j++; - } - //return newChain; - return newChain != null; - } else { - throw new Exception("Failed to establish chain from reply"); - } - } - - /** - * Stores the (leaf) certificates of a keystore in a hashtable. - * All certs belonging to the same CA are stored in a vector that - * in turn is stored in the hashtable, keyed by the CA's subject DN - */ - private void keystorecerts2Hashtable(KeyStore ks, - Hashtable<Principal, Vector<Certificate>> hash) - throws Exception { - - for (Enumeration<String> aliases = ks.aliases(); aliases.hasMoreElements();) { - String alias = aliases.nextElement(); - Certificate cert = ks.getCertificate(alias); - if (cert != null) { - Principal subjectDN = ((X509Certificate) cert).getSubjectDN(); - Vector<Certificate> vec = hash.get(subjectDN); - if (vec == null) { - vec = new Vector<Certificate>(); - vec.addElement(cert); - } else { - if (!vec.contains(cert)) { - vec.addElement(cert); - } - } - hash.put(subjectDN, vec); - } - } - } - - /** - * Recursively tries to establish chain from pool of trusted certs. - * - * @param certToVerify the cert that needs to be verified. - * @param chain the chain that's being built. - * @param certs the pool of trusted certs - * - * @return true if successful, false otherwise. - */ - private boolean buildChain(X509Certificate certToVerify, - Vector<Certificate> chain, - Hashtable<Principal, Vector<Certificate>> certs) { - Principal subject = certToVerify.getSubjectDN(); - Principal issuer = certToVerify.getIssuerDN(); - if (subject.equals(issuer)) { - // reached self-signed root cert; - // no verification needed because it's trusted. - chain.addElement(certToVerify); - return true; - } - - // Get the issuer's certificate(s) - Vector<Certificate> vec = certs.get(issuer); - if (vec == null) { - return false; - } - - // Try out each certificate in the vector, until we find one - // whose public key verifies the signature of the certificate - // in question. - for (Enumeration<Certificate> issuerCerts = vec.elements(); issuerCerts.hasMoreElements();) { - X509Certificate issuerCert = (X509Certificate) issuerCerts.nextElement(); - PublicKey issuerPubKey = issuerCert.getPublicKey(); - try { - certToVerify.verify(issuerPubKey); - } catch (Exception e) { - continue; - } - if (buildChain(issuerCert, chain, certs)) { - chain.addElement(certToVerify); - return true; - } - } - return false; - } - - public static void main(String[] args) throws Exception { - KeyTool kt = new KeyTool(); - kt.doPrintEntries(System.out); - } -}