libcore/x-net/src/main/java/org/apache/harmony/xnet/provider/jsse/KeyManagerImpl.java - platform/dalvik - Git at Google

 /*
  *  Licensed to the Apache Software Foundation (ASF) under one or more
  *  contributor license agreements.  See the NOTICE file distributed with
  *  this work for additional information regarding copyright ownership.
  *  The ASF licenses this file to You under the Apache License, Version 2.0
  *  (the "License"); you may not use this file except in compliance with
  *  the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */

 /**
  * @author Boris Kuznetsov
  * @version $Revision$
  */
 package org.apache.harmony.xnet.provider.jsse;

 import java.net.Socket;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.security.PrivateKey;
 import java.security.UnrecoverableEntryException;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;

 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.X509ExtendedKeyManager;
 import javax.security.auth.x500.X500Principal;

 /**
  * KeyManager implementation.
  * This implementation uses hashed key store information.
  * It works faster than retrieving all of the data from the key store.
  * Any key store changes, that happen after key manager was created, have no effect.
  * The implementation does not use peer information (host, port)
  * that may be obtained from socket or engine.
  *
  * @see javax.net.ssl.KeyManager
  *
  */
 public class KeyManagerImpl extends X509ExtendedKeyManager {

     // hashed key store information
     private final Hashtable hash = new Hashtable();

     /**
      * Creates Key manager
      *
      * @param keyStore
      * @param pwd
      */
     public KeyManagerImpl(KeyStore keyStore, char[] pwd) {
         String alias;
         KeyStore.PrivateKeyEntry entry;
         Enumeration aliases;
         try {
             aliases = keyStore.aliases();
         } catch (KeyStoreException e) {
             return;
         }
         for (; aliases.hasMoreElements();) {
             alias = (String) aliases.nextElement();
             try {
                 if (keyStore.entryInstanceOf(alias,
                         KeyStore.PrivateKeyEntry.class)) {
                     entry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias,
                             new KeyStore.PasswordProtection(pwd));
                     hash.put(alias, entry);
                 }
             } catch (KeyStoreException e) {
                 continue;
             } catch (UnrecoverableEntryException e) {
                 continue;
             } catch (NoSuchAlgorithmException e) {
                 continue;
             }
         }

     }

     /**
      * @see javax.net.ssl.X509ExtendedKeyManager#chooseClientAlias(String[]
      *      keyType, Principal[] issuers, Socket socket)
      */
     public String chooseClientAlias(String[] keyType, Principal[] issuers,
             Socket socket) {
         String[] al = chooseAlias(keyType, issuers);
         if (al != null) {
             return al[0];
         } else {
             return null;
         }
     }

     /**
      * @see javax.net.ssl.X509ExtendedKeyManager#chooseServerAlias(String
      *      keyType, Principal[] issuers, Socket socket)
      */
     public String chooseServerAlias(String keyType, Principal[] issuers,
             Socket socket) {
         String[] al = chooseAlias(new String[] { keyType }, issuers);
         if (al != null) {
             return al[0];
         } else {
             return null;
         }
     }

     /**
      * @see javax.net.ssl.X509ExtendedKeyManager#getCertificateChain(String
      *      alias)
      */
     public X509Certificate[] getCertificateChain(String alias) {
         // BEGIN android-changed
         if (alias == null) {
             return null;
         }
         // END android-changed
         if (hash.containsKey(alias)) {
             Certificate[] certs = ((KeyStore.PrivateKeyEntry) hash.get(alias))
                     .getCertificateChain();
             if (certs[0] instanceof X509Certificate) {
                 X509Certificate[] xcerts = new X509Certificate[certs.length];
                 for (int i = 0; i < certs.length; i++) {
                     xcerts[i] = (X509Certificate) certs[i];
                 }
                 return xcerts;
             }
         }
         return null;

     }

     /**
      * @see javax.net.ssl.X509ExtendedKeyManager#getClientAliases(String
      *      keyType, Principal[] issuers)
      */
     public String[] getClientAliases(String keyType, Principal[] issuers) {
         return chooseAlias(new String[] { keyType }, issuers);
     }

     /**
      * @see javax.net.ssl.X509ExtendedKeyManager#getServerAliases(String
      *      keyType, Principal[] issuers)
      */
     public String[] getServerAliases(String keyType, Principal[] issuers) {
         return chooseAlias(new String[] { keyType }, issuers);
     }

     /**
      * @see javax.net.ssl.X509ExtendedKeyManager#getPrivateKey(String alias)
      */
     public PrivateKey getPrivateKey(String alias) {
         // BEGIN android-changed
         if (alias == null) {
             return null;
         }
         // END android-changed
         if (hash.containsKey(alias)) {
             return ((KeyStore.PrivateKeyEntry) hash.get(alias)).getPrivateKey();
         }
         return null;
     }

     /**
      * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineClientAlias(String[]
      *      keyType, Principal[] issuers, SSLEngine engine)
      */
     public String chooseEngineClientAlias(String[] keyType,
             Principal[] issuers, SSLEngine engine) {
         String[] al = chooseAlias(keyType, issuers);
         if (al != null) {
             return al[0];
         } else {
             return null;
         }
     }

     /**
      * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineServerAlias(String
      *      keyType, Principal[] issuers, SSLEngine engine)
      */
     public String chooseEngineServerAlias(String keyType, Principal[] issuers,
             SSLEngine engine) {
         String[] al = chooseAlias(new String[] { keyType }, issuers);
         if (al != null) {
             return al[0];
         } else {
             return null;
         }
     }

     private String[] chooseAlias(String[] keyType, Principal[] issuers) {
         String alias;
         KeyStore.PrivateKeyEntry entry;

         if (keyType == null || keyType.length == 0) {
             return null;
         }
         Vector found = new Vector();
         int count = 0;
         for (Enumeration aliases = hash.keys(); aliases.hasMoreElements();) {
             alias = (String) aliases.nextElement();
             entry = (KeyStore.PrivateKeyEntry) hash.get(alias);
             Certificate[] certs = entry.getCertificateChain();
             String alg = certs[0].getPublicKey().getAlgorithm();
             for (int i = 0; i < keyType.length; i++) {
                 if (alg.equals(keyType[i])) {
                     if (issuers != null && issuers.length != 0) {
                         // check that certificate was issued by specified issuer
                         loop: for (int ii = 0; ii < certs.length; ii++) {
                             if (certs[ii] instanceof X509Certificate) {
                                 X500Principal issuer = ((X509Certificate) certs[ii])
                                         .getIssuerX500Principal();
                                 for (int iii = 0; iii < issuers.length; iii++) {
                                     if (issuer.equals(issuers[iii])) {
                                         found.add(alias);
                                         count++;
                                         break loop;
                                     }
                                 }
                             }

                         }
                     } else {
                         found.add(alias);
                         count++;
                     }
                 }
             }
         }
         if (count > 0) {
             String[] result = new String[count];
             found.toArray(result);
             return result;
         } else {
             return null;
         }
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	/**
	* @author Boris Kuznetsov
	* @version $Revision$
	*/
	package org.apache.harmony.xnet.provider.jsse;

	import java.net.Socket;
	import java.security.KeyStore;
	import java.security.KeyStoreException;
	import java.security.NoSuchAlgorithmException;
	import java.security.Principal;
	import java.security.PrivateKey;
	import java.security.UnrecoverableEntryException;
	import java.security.cert.Certificate;
	import java.security.cert.X509Certificate;
	import java.util.Enumeration;
	import java.util.Hashtable;
	import java.util.Vector;

	import javax.net.ssl.SSLEngine;
	import javax.net.ssl.X509ExtendedKeyManager;
	import javax.security.auth.x500.X500Principal;

	/**
	* KeyManager implementation.
	* This implementation uses hashed key store information.
	* It works faster than retrieving all of the data from the key store.
	* Any key store changes, that happen after key manager was created, have no effect.
	* The implementation does not use peer information (host, port)
	* that may be obtained from socket or engine.
	*
	* @see javax.net.ssl.KeyManager
	*
	*/
	public class KeyManagerImpl extends X509ExtendedKeyManager {

	// hashed key store information
	private final Hashtable hash = new Hashtable();

	/**
	* Creates Key manager
	*
	* @param keyStore
	* @param pwd
	*/
	public KeyManagerImpl(KeyStore keyStore, char[] pwd) {
	String alias;
	KeyStore.PrivateKeyEntry entry;
	Enumeration aliases;
	try {
	aliases = keyStore.aliases();
	} catch (KeyStoreException e) {
	return;
	}
	for (; aliases.hasMoreElements();) {
	alias = (String) aliases.nextElement();
	try {
	if (keyStore.entryInstanceOf(alias,
	KeyStore.PrivateKeyEntry.class)) {
	entry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias,
	new KeyStore.PasswordProtection(pwd));
	hash.put(alias, entry);
	}
	} catch (KeyStoreException e) {
	continue;
	} catch (UnrecoverableEntryException e) {
	continue;
	} catch (NoSuchAlgorithmException e) {
	continue;
	}
	}

	}

	/**
	* @see javax.net.ssl.X509ExtendedKeyManager#chooseClientAlias(String[]
	* keyType, Principal[] issuers, Socket socket)
	*/
	public String chooseClientAlias(String[] keyType, Principal[] issuers,
	Socket socket) {
	String[] al = chooseAlias(keyType, issuers);
	if (al != null) {
	return al[0];
	} else {
	return null;
	}
	}

	/**
	* @see javax.net.ssl.X509ExtendedKeyManager#chooseServerAlias(String
	* keyType, Principal[] issuers, Socket socket)
	*/
	public String chooseServerAlias(String keyType, Principal[] issuers,
	Socket socket) {
	String[] al = chooseAlias(new String[] { keyType }, issuers);
	if (al != null) {
	return al[0];
	} else {
	return null;
	}
	}

	/**
	* @see javax.net.ssl.X509ExtendedKeyManager#getCertificateChain(String
	* alias)
	*/
	public X509Certificate[] getCertificateChain(String alias) {
	// BEGIN android-changed
	if (alias == null) {
	return null;
	}
	// END android-changed
	if (hash.containsKey(alias)) {
	Certificate[] certs = ((KeyStore.PrivateKeyEntry) hash.get(alias))
	.getCertificateChain();
	if (certs[0] instanceof X509Certificate) {
	X509Certificate[] xcerts = new X509Certificate[certs.length];
	for (int i = 0; i < certs.length; i++) {
	xcerts[i] = (X509Certificate) certs[i];
	}
	return xcerts;
	}
	}
	return null;

	}

	/**
	* @see javax.net.ssl.X509ExtendedKeyManager#getClientAliases(String
	* keyType, Principal[] issuers)
	*/
	public String[] getClientAliases(String keyType, Principal[] issuers) {
	return chooseAlias(new String[] { keyType }, issuers);
	}

	/**
	* @see javax.net.ssl.X509ExtendedKeyManager#getServerAliases(String
	* keyType, Principal[] issuers)
	*/
	public String[] getServerAliases(String keyType, Principal[] issuers) {
	return chooseAlias(new String[] { keyType }, issuers);
	}

	/**
	* @see javax.net.ssl.X509ExtendedKeyManager#getPrivateKey(String alias)
	*/
	public PrivateKey getPrivateKey(String alias) {
	// BEGIN android-changed
	if (alias == null) {
	return null;
	}
	// END android-changed
	if (hash.containsKey(alias)) {
	return ((KeyStore.PrivateKeyEntry) hash.get(alias)).getPrivateKey();
	}
	return null;
	}

	/**
	* @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineClientAlias(String[]
	* keyType, Principal[] issuers, SSLEngine engine)
	*/
	public String chooseEngineClientAlias(String[] keyType,
	Principal[] issuers, SSLEngine engine) {
	String[] al = chooseAlias(keyType, issuers);
	if (al != null) {
	return al[0];
	} else {
	return null;
	}
	}

	/**
	* @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineServerAlias(String
	* keyType, Principal[] issuers, SSLEngine engine)
	*/
	public String chooseEngineServerAlias(String keyType, Principal[] issuers,
	SSLEngine engine) {
	String[] al = chooseAlias(new String[] { keyType }, issuers);
	if (al != null) {
	return al[0];
	} else {
	return null;
	}
	}

	private String[] chooseAlias(String[] keyType, Principal[] issuers) {
	String alias;
	KeyStore.PrivateKeyEntry entry;

	if (keyType == null \|\| keyType.length == 0) {
	return null;
	}
	Vector found = new Vector();
	int count = 0;
	for (Enumeration aliases = hash.keys(); aliases.hasMoreElements();) {
	alias = (String) aliases.nextElement();
	entry = (KeyStore.PrivateKeyEntry) hash.get(alias);
	Certificate[] certs = entry.getCertificateChain();
	String alg = certs[0].getPublicKey().getAlgorithm();
	for (int i = 0; i < keyType.length; i++) {
	if (alg.equals(keyType[i])) {
	if (issuers != null && issuers.length != 0) {
	// check that certificate was issued by specified issuer
	loop: for (int ii = 0; ii < certs.length; ii++) {
	if (certs[ii] instanceof X509Certificate) {
	X500Principal issuer = ((X509Certificate) certs[ii])
	.getIssuerX500Principal();
	for (int iii = 0; iii < issuers.length; iii++) {
	if (issuer.equals(issuers[iii])) {
	found.add(alias);
	count++;
	break loop;
	}
	}
	}

	}
	} else {
	found.add(alias);
	count++;
	}
	}
	}
	}
	if (count > 0) {
	String[] result = new String[count];
	found.toArray(result);
	return result;
	} else {
	return null;
	}
	}

	}