View Javadoc
1 // Decompiled by Jad v1.5.8e2. Copyright 2001 Pavel Kouznetsov. 2 // Jad home page: http://kpdus.tripod.com/jad.html 3 // Decompiler options: packimports(3) 4 // Source File Name: KeyTool.java 5 6 package com.sun.xml.registry.client.browser.registration; 7 8 import java.io.BufferedReader; 9 import java.io.ByteArrayInputStream; 10 import java.io.File; 11 import java.io.FileInputStream; 12 import java.io.FileNotFoundException; 13 import java.io.FileOutputStream; 14 import java.io.IOException; 15 import java.io.InputStream; 16 import java.io.InputStreamReader; 17 import java.io.PrintStream; 18 import java.io.PushbackInputStream; 19 import java.math.BigInteger; 20 import java.security.Identity; 21 import java.security.KeyStore; 22 import java.security.MessageDigest; 23 import java.security.Principal; 24 import java.security.PrivateKey; 25 import java.security.Provider; 26 import java.security.Security; 27 import java.security.Signature; 28 import java.security.UnrecoverableKeyException; 29 import java.security.cert.Certificate; 30 import java.security.cert.CertificateException; 31 import java.security.cert.CertificateFactory; 32 import java.security.cert.X509Certificate; 33 import java.text.Collator; 34 import java.text.MessageFormat; 35 import java.util.Arrays; 36 import java.util.Collection; 37 import java.util.Date; 38 import java.util.Enumeration; 39 import java.util.Hashtable; 40 import java.util.ResourceBundle; 41 import java.util.Vector; 42 import sun.misc.BASE64Encoder; 43 import sun.security.pkcs.PKCS10; 44 import sun.security.provider.IdentityDatabase; 45 import sun.security.provider.SystemIdentity; 46 import sun.security.provider.SystemSigner; 47 import sun.security.util.DerOutputStream; 48 import sun.security.x509.AlgorithmId; 49 import sun.security.x509.CertAndKeyGen; 50 import sun.security.x509.CertificateSerialNumber; 51 import sun.security.x509.CertificateValidity; 52 import sun.security.x509.X500Name; 53 import sun.security.x509.X500Signer; 54 import sun.security.x509.X509CertImpl; 55 import sun.security.x509.X509CertInfo; 56 57 import javax.xml.registry.*; 58 import javax.xml.registry.infomodel.*; 59 60 public final class KeyTool 61 { 62 63 public KeyTool() 64 { 65 debug = false; 66 command = null; 67 sigAlgName = null; 68 keyAlgName = "DSA"; 69 verbose = false; 70 keysize = 1024; 71 rfc = false; 72 validity = 90; 73 alias = null; 74 dname = null; 75 keyAlias = "mykey"; 76 dest = null; 77 filename = null; 78 providers = null; 79 storetype = null; 80 storePass = null; 81 storePassNew = null; 82 keyPass = null; 83 keyPassNew = null; 84 oldPass = null; 85 newPass = null; 86 ksfname = null; 87 ksfile = null; 88 ksStream = null; 89 inStream = null; 90 keyStore = null; 91 kssave = false; 92 noprompt = false; 93 trustcacerts = false; 94 cf = null; 95 caks = null; 96 } 97 98 public static void main(String args[]) 99 { 100 try { 101 KeyTool keytool = new KeyTool(); 102 keytool.run(args, System.out); 103 } 104 catch (Exception e) { 105 System.err.println(e); 106 } 107 } 108 109 public void run(String as[], PrintStream printstream) throws Exception 110 { 111 parseArgs(as); 112 doCommands(printstream); 113 if(storePass != null) 114 { 115 Arrays.fill(storePass, ' '); 116 storePass = null; 117 } 118 if(storePassNew != null) 119 { 120 Arrays.fill(storePassNew, ' '); 121 storePassNew = null; 122 } 123 if(keyPass != null) 124 { 125 Arrays.fill(keyPass, ' '); 126 keyPass = null; 127 } 128 if(keyPassNew != null) 129 { 130 Arrays.fill(keyPassNew, ' '); 131 keyPassNew = null; 132 } 133 if(oldPass != null) 134 { 135 Arrays.fill(oldPass, ' '); 136 oldPass = null; 137 } 138 if(newPass != null) 139 { 140 Arrays.fill(newPass, ' '); 141 newPass = null; 142 } 143 /* 144 //break MISSING_BLOCK_LABEL_446; 145 Exception exception = new JAXRException("Unknown 1"); 146 System.out.println(rb.getString("keytool error: ") + exception); 147 if(debug) 148 exception.printStackTrace(); 149 System.exit(1); 150 */ 151 if(storePass != null) 152 { 153 Arrays.fill(storePass, ' '); 154 storePass = null; 155 } 156 if(storePassNew != null) 157 { 158 Arrays.fill(storePassNew, ' '); 159 storePassNew = null; 160 } 161 if(keyPass != null) 162 { 163 Arrays.fill(keyPass, ' '); 164 keyPass = null; 165 } 166 if(keyPassNew != null) 167 { 168 Arrays.fill(keyPassNew, ' '); 169 keyPassNew = null; 170 } 171 if(oldPass != null) 172 { 173 Arrays.fill(oldPass, ' '); 174 oldPass = null; 175 } 176 if(newPass != null) 177 { 178 Arrays.fill(newPass, ' '); 179 newPass = null; 180 } 181 //break MISSING_BLOCK_LABEL_446; 182 Exception exception1 = new JAXRException("Unknown 2"); 183 184 if(storePass != null) 185 { 186 Arrays.fill(storePass, ' '); 187 storePass = null; 188 } 189 if(storePassNew != null) 190 { 191 Arrays.fill(storePassNew, ' '); 192 storePassNew = null; 193 } 194 if(keyPass != null) 195 { 196 Arrays.fill(keyPass, ' '); 197 keyPass = null; 198 } 199 if(keyPassNew != null) 200 { 201 Arrays.fill(keyPassNew, ' '); 202 keyPassNew = null; 203 } 204 if(oldPass != null) 205 { 206 Arrays.fill(oldPass, ' '); 207 oldPass = null; 208 } 209 if(newPass != null) 210 { 211 Arrays.fill(newPass, ' '); 212 newPass = null; 213 } 214 215 } 216 217 void parseArgs(String as[]) 218 { 219 if(as.length == 0) 220 usage(); 221 int i = 0; 222 for(i = 0; i < as.length && as[i].startsWith("-"); i++) 223 { 224 String s = as[i]; 225 if(collator.compare(s, "-certreq") == 0) 226 command = "certreq"; 227 else 228 if(collator.compare(s, "-delete") == 0) 229 command = "delete"; 230 else 231 if(collator.compare(s, "-export") == 0) 232 command = "export"; 233 else 234 if(collator.compare(s, "-genkey") == 0) 235 { 236 command = "genkey"; 237 } else 238 { 239 if(collator.compare(s, "-help") == 0) 240 { 241 usage(); 242 return; 243 } 244 if(collator.compare(s, "-identitydb") == 0) 245 command = "identitydb"; 246 else 247 if(collator.compare(s, "-import") == 0) 248 command = "import"; 249 else 250 if(collator.compare(s, "-keyclone") == 0) 251 command = "keyclone"; 252 else 253 if(collator.compare(s, "-keypasswd") == 0) 254 command = "keypasswd"; 255 else 256 if(collator.compare(s, "-list") == 0) 257 command = "list"; 258 else 259 if(collator.compare(s, "-printcert") == 0) 260 command = "printcert"; 261 else 262 if(collator.compare(s, "-selfcert") == 0) 263 command = "selfcert"; 264 else 265 if(collator.compare(s, "-storepasswd") == 0) 266 command = "storepasswd"; 267 else 268 if(collator.compare(s, "-keystore") == 0) 269 { 270 if(++i == as.length) 271 usage(); 272 ksfname = as[i]; 273 } else 274 if(collator.compare(s, "-storepass") == 0) 275 { 276 if(++i == as.length) 277 usage(); 278 storePass = as[i].toCharArray(); 279 } else 280 if(collator.compare(s, "-storetype") == 0) 281 { 282 if(++i == as.length) 283 usage(); 284 storetype = as[i]; 285 } else 286 if(collator.compare(s, "-keypass") == 0) 287 { 288 if(++i == as.length) 289 usage(); 290 keyPass = as[i].toCharArray(); 291 } else 292 if(collator.compare(s, "-new") == 0) 293 { 294 if(++i == as.length) 295 usage(); 296 newPass = as[i].toCharArray(); 297 } else 298 if(collator.compare(s, "-alias") == 0) 299 { 300 if(++i == as.length) 301 usage(); 302 alias = as[i]; 303 } else 304 if(collator.compare(s, "-dest") == 0) 305 { 306 if(++i == as.length) 307 usage(); 308 dest = as[i]; 309 } else 310 if(collator.compare(s, "-dname") == 0) 311 { 312 if(++i == as.length) 313 usage(); 314 dname = as[i]; 315 } else 316 if(collator.compare(s, "-keysize") == 0) 317 { 318 if(++i == as.length) 319 usage(); 320 keysize = Integer.parseInt(as[i]); 321 } else 322 if(collator.compare(s, "-keyalg") == 0) 323 { 324 if(++i == as.length) 325 usage(); 326 keyAlgName = as[i]; 327 } else 328 if(collator.compare(s, "-sigalg") == 0) 329 { 330 if(++i == as.length) 331 usage(); 332 sigAlgName = as[i]; 333 } else 334 if(collator.compare(s, "-validity") == 0) 335 { 336 if(++i == as.length) 337 usage(); 338 validity = Integer.parseInt(as[i]); 339 } else 340 if(collator.compare(s, "-file") == 0) 341 { 342 if(++i == as.length) 343 usage(); 344 filename = as[i]; 345 } else 346 if(collator.compare(s, "-provider") == 0) 347 { 348 if(++i == as.length) 349 usage(); 350 if(providers == null) 351 providers = new Vector(3); 352 providers.add(as[i]); 353 } else 354 if(collator.compare(s, "-v") == 0) 355 verbose = true; 356 else 357 if(collator.compare(s, "-debug") == 0) 358 debug = true; 359 else 360 if(collator.compare(s, "-rfc") == 0) 361 rfc = true; 362 else 363 if(collator.compare(s, "-noprompt") == 0) 364 noprompt = true; 365 else 366 if(collator.compare(s, "-trustcacerts") == 0) 367 { 368 trustcacerts = true; 369 } else 370 { 371 System.err.println(rb.getString("Illegal option: ") + s); 372 usage(); 373 } 374 } 375 } 376 377 if(i < as.length || command == null) 378 usage(); 379 } 380 381 void doCommands(PrintStream printstream) 382 throws Exception 383 { 384 if(validity <= 0) 385 throw new Exception(rb.getString("Validity must be greater than zero")); 386 if(providers != null) 387 { 388 ClassLoader classloader = ClassLoader.getSystemClassLoader(); 389 Object obj3; 390 for(Enumeration enumeration = providers.elements(); enumeration.hasMoreElements(); Security.addProvider((Provider)obj3)) 391 { 392 String s1 = (String)enumeration.nextElement(); 393 Class class1; 394 if(classloader != null) 395 class1 = classloader.loadClass(s1); 396 else 397 class1 = Class.forName(s1); 398 obj3 = class1.newInstance(); 399 if(!(obj3 instanceof Provider)) 400 { 401 MessageFormat messageformat3 = new MessageFormat(rb.getString("provName not a provider")); 402 Object aobj3[] = { 403 s1 404 }; 405 throw new Exception(messageformat3.format(((Object) (aobj3)))); 406 } 407 } 408 409 } 410 if(command.equals("list") && verbose && rfc) 411 { 412 System.err.println(rb.getString("Must not specify both -v and -rfc with 'list' command")); 413 usage(); 414 } 415 if(command.equals("genkey") && keyPass != null && keyPass.length < 6) 416 throw new Exception(rb.getString("Key password must be at least 6 characters")); 417 if(newPass != null && newPass.length < 6) 418 throw new Exception(rb.getString("New password must be at least 6 characters")); 419 if(!command.equals("printcert")) 420 { 421 if(ksfname == null) 422 ksfname = System.getProperty("user.home") + File.separator + ".keystore"; 423 try 424 { 425 ksfile = new File(ksfname); 426 if(ksfile.exists() && ksfile.length() == 0L) 427 throw new Exception(rb.getString("Keystore file exists, but is empty: ") + ksfname); 428 ksStream = new FileInputStream(ksfile); 429 } 430 catch(FileNotFoundException filenotfoundexception) 431 { 432 if(!command.equals("genkey") && !command.equals("identitydb") && !command.equals("import")) 433 throw new Exception(rb.getString("Keystore file does not exist: ") + ksfname); 434 } 435 } 436 if(command.equals("keyclone") && dest == null) 437 { 438 dest = getAlias("destination"); 439 if(dest.equals("")) 440 throw new Exception(rb.getString("Must specify destination alias")); 441 } 442 if(command.equals("delete") && alias == null) 443 { 444 alias = getAlias(null); 445 if(alias.equals("")) 446 throw new Exception(rb.getString("Must specify alias")); 447 } 448 if(storetype != null) 449 keyStore = KeyStore.getInstance(storetype); 450 else 451 keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 452 keyStore.load(ksStream, storePass); 453 if(ksStream != null) 454 ksStream.close(); 455 if(storePass != null) 456 { 457 if(ksStream == null && storePass.length < 6) 458 throw new Exception(rb.getString("Keystore password must be at least 6 characters")); 459 } else 460 { 461 if(command.equals("certreq") || command.equals("delete") || command.equals("genkey") || command.equals("import") || command.equals("keyclone") || command.equals("selfcert") || command.equals("storepasswd") || command.equals("keypasswd") || command.equals("identitydb")) 462 { 463 int i = 0; 464 do 465 { 466 System.err.print(rb.getString("Enter keystore password: ")); 467 System.err.flush(); 468 storePass = readPasswd(System.in); 469 if(ksStream == null && storePass.length < 6) 470 { 471 System.err.println(rb.getString("Keystore password is too short - must be at least 6 characters")); 472 storePass = null; 473 } 474 i++; 475 } while(storePass == null && i < 3); 476 if(storePass == null) 477 { 478 System.err.println(rb.getString("Too many failures - try later")); 479 return; 480 } 481 } else 482 if(!command.equals("printcert")) 483 { 484 System.err.print(rb.getString("Enter keystore password: ")); 485 System.err.flush(); 486 storePass = readPasswd(System.in); 487 } 488 if(ksStream != null) 489 { 490 ksStream = new FileInputStream(ksfile); 491 keyStore.load(ksStream, storePass); 492 ksStream.close(); 493 } 494 } 495 if(command.equals("printcert") || command.equals("import") || command.equals("identitydb")) 496 cf = CertificateFactory.getInstance("X509"); 497 if(trustcacerts) 498 caks = getCacertsKeyStore(); 499 if(command.equals("certreq")) 500 { 501 if(filename != null) 502 { 503 PrintStream printstream1 = new PrintStream(new FileOutputStream(filename)); 504 printstream = printstream1; 505 } 506 doCertReq(alias, sigAlgName, printstream); 507 if(verbose && filename != null) 508 { 509 MessageFormat messageformat = new MessageFormat(rb.getString("Certification request stored in file <filename>")); 510 Object aobj[] = { 511 filename 512 }; 513 System.err.println(messageformat.format(((Object) (aobj)))); 514 System.err.println(rb.getString("Submit this to your CA")); 515 } 516 } else 517 if(command.equals("delete")) 518 { 519 doDeleteEntry(alias); 520 kssave = true; 521 } else 522 if(command.equals("export")) 523 { 524 if(filename != null) 525 { 526 PrintStream printstream2 = new PrintStream(new FileOutputStream(filename)); 527 printstream = printstream2; 528 } 529 doExportCert(alias, printstream); 530 if(filename != null) 531 { 532 MessageFormat messageformat1 = new MessageFormat(rb.getString("Certificate stored in file <filename>")); 533 Object aobj1[] = { 534 filename 535 }; 536 System.err.println(messageformat1.format(((Object) (aobj1)))); 537 } 538 } else 539 if(command.equals("genkey")) 540 { 541 doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName); 542 kssave = true; 543 } else 544 if(command.equals("identitydb")) 545 { 546 Object obj = System.in; 547 if(filename != null) 548 obj = new FileInputStream(filename); 549 doImportIdentityDatabase(((InputStream) (obj))); 550 } else 551 if(command.equals("import")) 552 { 553 Object obj1 = System.in; 554 if(filename != null) 555 obj1 = new FileInputStream(filename); 556 String s = alias == null ? keyAlias : alias; 557 if(keyStore.isKeyEntry(s)) 558 { 559 kssave = installReply(s, ((InputStream) (obj1))); 560 if(kssave) 561 System.err.println(rb.getString("Certificate reply was installed in keystore")); 562 else 563 System.err.println(rb.getString("Certificate reply was not installed in keystore")); 564 } else 565 { 566 kssave = addTrustedCert(s, ((InputStream) (obj1))); 567 if(kssave) 568 System.err.println(rb.getString("Certificate was added to keystore")); 569 else 570 System.err.println(rb.getString("Certificate was not added to keystore")); 571 } 572 } else 573 if(command.equals("keyclone")) 574 { 575 keyPassNew = newPass; 576 doCloneKey(alias, dest); 577 kssave = true; 578 } else 579 if(command.equals("keypasswd")) 580 { 581 keyPassNew = newPass; 582 doChangeKeyPasswd(alias); 583 kssave = true; 584 } else 585 if(command.equals("list")) 586 { 587 if(alias != null) 588 doPrintEntry(alias, printstream, true); 589 else 590 doPrintEntries(printstream); 591 } else 592 if(command.equals("printcert")) 593 { 594 Object obj2 = System.in; 595 if(filename != null) 596 obj2 = new FileInputStream(filename); 597 doPrintCert(((InputStream) (obj2)), printstream); 598 } else 599 if(command.equals("selfcert")) 600 { 601 doSelfCert(alias, dname, sigAlgName); 602 kssave = true; 603 } else 604 if(command.equals("storepasswd")) 605 { 606 storePassNew = newPass; 607 if(storePassNew == null) 608 storePassNew = getNewPasswd("keystore password", storePass); 609 kssave = true; 610 } 611 if(kssave) 612 { 613 if(verbose) 614 { 615 MessageFormat messageformat2 = new MessageFormat(rb.getString("[Saving ksfname]")); 616 Object aobj2[] = { 617 ksfname 618 }; 619 System.err.println(messageformat2.format(((Object) (aobj2)))); 620 } 621 FileOutputStream fileoutputstream = new FileOutputStream(ksfname); 622 keyStore.store(fileoutputstream, storePassNew == null ? storePass : storePassNew); 623 fileoutputstream.close(); 624 } 625 } 626 627 private void doCertReq(String s, String s1, PrintStream printstream) 628 throws Exception 629 { 630 if(s == null) 631 s = keyAlias; 632 Object aobj[] = recoverPrivateKey(s, storePass, keyPass); 633 PrivateKey privatekey = (PrivateKey)aobj[0]; 634 if(keyPass == null) 635 keyPass = (char[])aobj[1]; 636 Certificate certificate = keyStore.getCertificate(s); 637 if(certificate == null) 638 { 639 MessageFormat messageformat = new MessageFormat(rb.getString("alias has no public key (certificate)")); 640 Object aobj1[] = { 641 s 642 }; 643 throw new Exception(messageformat.format(((Object) (aobj1)))); 644 } 645 PKCS10 pkcs10 = new PKCS10(certificate.getPublicKey()); 646 if(s1 == null) 647 { 648 String s2 = privatekey.getAlgorithm(); 649 if(s2.equalsIgnoreCase("DSA") || s2.equalsIgnoreCase("DSS")) 650 s1 = "SHA1WithDSA"; 651 else 652 if(s2.equalsIgnoreCase("RSA")) 653 s1 = "MD5WithRSA"; 654 else 655 throw new Exception(rb.getString("Cannot derive signature algorithm")); 656 } 657 Signature signature = Signature.getInstance(s1); 658 signature.initSign(privatekey); 659 X500Name x500name = new X500Name(((X509Certificate)certificate).getSubjectDN().toString()); 660 X500Signer x500signer = new X500Signer(signature, x500name); 661 pkcs10.encodeAndSign(x500signer); 662 pkcs10.print(printstream); 663 } 664 665 private void doDeleteEntry(String s) 666 throws Exception 667 { 668 if(!keyStore.containsAlias(s)) 669 { 670 MessageFormat messageformat = new MessageFormat(rb.getString("Alias <alias> does not exist")); 671 Object aobj[] = { 672 s 673 }; 674 throw new Exception(messageformat.format(((Object) (aobj)))); 675 } else 676 { 677 keyStore.deleteEntry(s); 678 return; 679 } 680 } 681 682 private void doExportCert(String s, PrintStream printstream) 683 throws Exception 684 { 685 if(storePass == null) 686 printWarning(); 687 if(s == null) 688 s = keyAlias; 689 if(!keyStore.containsAlias(s)) 690 { 691 MessageFormat messageformat = new MessageFormat(rb.getString("Alias <alias> does not exist")); 692 Object aobj[] = { 693 s 694 }; 695 throw new Exception(messageformat.format(((Object) (aobj)))); 696 } 697 X509Certificate x509certificate = (X509Certificate)keyStore.getCertificate(s); 698 if(x509certificate == null) 699 { 700 MessageFormat messageformat1 = new MessageFormat(rb.getString("Alias <alias> has no certificate")); 701 Object aobj1[] = { 702 s 703 }; 704 throw new Exception(messageformat1.format(((Object) (aobj1)))); 705 } else 706 { 707 dumpCert(x509certificate, printstream); 708 return; 709 } 710 } 711 712 private void doGenKeyPair(String s, String s1, String s2, int i, String s3) 713 throws Exception 714 { 715 if(s == null) 716 s = keyAlias; 717 if(keyStore.containsAlias(s)) 718 { 719 MessageFormat messageformat = new MessageFormat(rb.getString("Key pair not generated, alias <alias> already exists")); 720 Object aobj[] = { 721 s 722 }; 723 throw new Exception(messageformat.format(((Object) (aobj)))); 724 } 725 if(s3 == null) 726 if(s2.equalsIgnoreCase("DSA")) 727 s3 = "SHA1WithDSA"; 728 else 729 if(s2.equalsIgnoreCase("RSA")) 730 s3 = "MD5WithRSA"; 731 else 732 throw new Exception(rb.getString("Cannot derive signature algorithm")); 733 CertAndKeyGen certandkeygen = new CertAndKeyGen(s2, s3); 734 X500Name x500name; 735 if(s1 == null) 736 x500name = getX500Name(); 737 else 738 x500name = new X500Name(s1); 739 if(verbose) 740 { 741 MessageFormat messageformat1 = new MessageFormat(rb.getString("Generating keysize bit keyAlgName key pair and self-signed certificate (sigAlgName)\n\tfor: x500Name")); 742 Object aobj1[] = { 743 new Integer(i), s2, s3, x500name 744 }; 745 System.err.println(messageformat1.format(((Object) (aobj1)))); 746 } 747 certandkeygen.generate(i); 748 PrivateKey privatekey = certandkeygen.getPrivateKey(); 749 X509Certificate ax509certificate[] = new X509Certificate[1]; 750 ax509certificate[0] = certandkeygen.getSelfCertificate(x500name, validity * 24 * 60 * 60); 751 if(keyPass == null) 752 { 753 int j; 754 for(j = 0; j < 3 && keyPass == null; j++) 755 { 756 MessageFormat messageformat2 = new MessageFormat(rb.getString("Enter key password for <alias>")); 757 Object aobj2[] = { 758 s 759 }; 760 System.err.println(messageformat2.format(((Object) (aobj2)))); 761 System.err.print(rb.getString("\t(RETURN if same as keystore password): ")); 762 System.err.flush(); 763 keyPass = readPasswd(System.in); 764 if(keyPass == null) 765 keyPass = storePass; 766 else 767 if(keyPass.length < 6) 768 { 769 System.err.println(rb.getString("Key password is too short - must be at least 6 characters")); 770 keyPass = null; 771 } 772 } 773 774 if(j == 3) 775 throw new Exception(rb.getString("Too many failures - key not added to keystore")); 776 } 777 keyStore.setKeyEntry(s, privatekey, keyPass, ax509certificate); 778 } 779 780 private void doCloneKey(String s, String s1) 781 throws Exception 782 { 783 if(s == null) 784 s = keyAlias; 785 if(keyStore.containsAlias(s1)) 786 { 787 MessageFormat messageformat = new MessageFormat(rb.getString("Destination alias <dest> already exists")); 788 Object aobj1[] = { 789 s1 790 }; 791 throw new Exception(messageformat.format(((Object) (aobj1)))); 792 } 793 Object aobj[] = recoverPrivateKey(s, storePass, keyPass); 794 PrivateKey privatekey = (PrivateKey)aobj[0]; 795 if(keyPass == null) 796 keyPass = (char[])aobj[1]; 797 if(keyPassNew == null) 798 { 799 int i = 0; 800 do 801 { 802 keyPassNew = getKeyPasswd(s1, s, keyPass); 803 if(keyPassNew.length < 6) 804 { 805 System.err.println(rb.getString("Password is too short - must be at least 6 characters")); 806 keyPassNew = null; 807 } 808 i++; 809 } while(keyPassNew == null && i < 3); 810 if(keyPassNew == null) 811 throw new Exception(rb.getString("Too many failures. Key entry not cloned")); 812 } 813 keyStore.setKeyEntry(s1, privatekey, keyPassNew, keyStore.getCertificateChain(s)); 814 } 815 816 private void doChangeKeyPasswd(String s) 817 throws Exception 818 { 819 if(s == null) 820 s = keyAlias; 821 Object aobj[] = recoverPrivateKey(s, storePass, keyPass); 822 PrivateKey privatekey = (PrivateKey)aobj[0]; 823 if(keyPass == null) 824 keyPass = (char[])aobj[1]; 825 if(keyPassNew == null) 826 { 827 MessageFormat messageformat = new MessageFormat(rb.getString("key password for <alias>")); 828 Object aobj1[] = { 829 s 830 }; 831 keyPassNew = getNewPasswd(messageformat.format(((Object) (aobj1))), keyPass); 832 } 833 keyStore.setKeyEntry(s, privatekey, keyPassNew, keyStore.getCertificateChain(s)); 834 } 835 836 private void doImportIdentityDatabase(InputStream inputstream) 837 throws Exception 838 { 839 Certificate acertificate[] = null; 840 boolean flag = false; 841 IdentityDatabase identitydatabase = IdentityDatabase.fromStream(inputstream); 842 Enumeration enumeration = identitydatabase.identities(); 843 while(enumeration.hasMoreElements()) 844 { 845 Identity identity = (Identity)enumeration.nextElement(); 846 X509Certificate x509certificate = null; 847 if((!(identity instanceof SystemSigner) || !((SystemSigner)identity).isTrusted()) && (!(identity instanceof SystemIdentity) || !((SystemIdentity)identity).isTrusted())) 848 continue; 849 if(keyStore.containsAlias(identity.getName())) 850 { 851 MessageFormat messageformat = new MessageFormat(rb.getString("Keystore entry for <id.getName()> already exists")); 852 Object aobj[] = { 853 identity.getName() 854 }; 855 System.err.println(messageformat.format(((Object) (aobj)))); 856 continue; 857 } 858 java.security.Certificate acertificate1[] = identity.certificates(); 859 if(acertificate1 == null || acertificate1.length <= 0) 860 continue; 861 DerOutputStream deroutputstream = new DerOutputStream(); 862 acertificate1[0].encode(deroutputstream); 863 byte abyte0[] = deroutputstream.toByteArray(); 864 ByteArrayInputStream bytearrayinputstream = new ByteArrayInputStream(abyte0); 865 x509certificate = (X509Certificate)cf.generateCertificate(bytearrayinputstream); 866 bytearrayinputstream.close(); 867 if(isSelfSigned(x509certificate)) 868 { 869 java.security.PublicKey publickey = x509certificate.getPublicKey(); 870 try 871 { 872 x509certificate.verify(publickey); 873 } 874 catch(Exception exception) 875 { 876 continue; 877 } 878 } 879 if(identity instanceof SystemSigner) 880 { 881 MessageFormat messageformat1 = new MessageFormat(rb.getString("Creating keystore entry for <id.getName()> ...")); 882 Object aobj1[] = { 883 identity.getName() 884 }; 885 System.err.println(messageformat1.format(((Object) (aobj1)))); 886 if(acertificate == null) 887 acertificate = new Certificate[1]; 888 acertificate[0] = x509certificate; 889 PrivateKey privatekey = ((SystemSigner)identity).getPrivateKey(); 890 keyStore.setKeyEntry(identity.getName(), privatekey, storePass, acertificate); 891 } else 892 { 893 keyStore.setCertificateEntry(identity.getName(), x509certificate); 894 } 895 kssave = true; 896 } 897 if(!kssave) 898 System.err.println(rb.getString("No entries from identity database added")); 899 } 900 901 private void doPrintEntry(String s, PrintStream printstream, boolean flag) 902 throws Exception 903 { 904 if(storePass == null && flag) 905 printWarning(); 906 if(!keyStore.containsAlias(s)) 907 { 908 MessageFormat messageformat = new MessageFormat(rb.getString("Alias <alias> does not exist")); 909 Object aobj[] = { 910 s 911 }; 912 throw new Exception(messageformat.format(((Object) (aobj)))); 913 } 914 if(verbose || rfc || debug) 915 { 916 MessageFormat messageformat1 = new MessageFormat(rb.getString("Alias name: alias")); 917 Object aobj1[] = { 918 s 919 }; 920 printstream.println(messageformat1.format(((Object) (aobj1)))); 921 messageformat1 = new MessageFormat(rb.getString("Creation date: keyStore.getCreationDate(alias)")); 922 Object aobj3[] = { 923 keyStore.getCreationDate(s) 924 }; 925 printstream.println(messageformat1.format(((Object) (aobj3)))); 926 } else 927 { 928 MessageFormat messageformat2 = new MessageFormat(rb.getString("alias, keyStore.getCreationDate(alias), ")); 929 Object aobj2[] = { 930 s, keyStore.getCreationDate(s) 931 }; 932 printstream.print(messageformat2.format(((Object) (aobj2)))); 933 } 934 if(keyStore.isKeyEntry(s)) 935 { 936 if(verbose || rfc || debug) 937 printstream.println(rb.getString("Entry type: keyEntry")); 938 else 939 printstream.println(rb.getString("keyEntry,")); 940 Certificate acertificate[] = keyStore.getCertificateChain(s); 941 if(acertificate != null) 942 if(verbose || rfc || debug) 943 { 944 printstream.println(rb.getString("Certificate chain length: ") + acertificate.length); 945 for(int i = 0; i < acertificate.length; i++) 946 { 947 MessageFormat messageformat3 = new MessageFormat(rb.getString("Certificate[(i + 1)]:")); 948 Object aobj4[] = { 949 new Integer(i + 1) 950 }; 951 printstream.println(messageformat3.format(((Object) (aobj4)))); 952 if(verbose && (acertificate[i] instanceof X509Certificate)) 953 printX509Cert((X509Certificate)acertificate[i], printstream); 954 else 955 if(debug) 956 printstream.println(acertificate[i].toString()); 957 else 958 dumpCert(acertificate[i], printstream); 959 } 960 961 } else 962 { 963 printstream.println(rb.getString("Certificate fingerprint (MD5): ") + getCertFingerPrint("MD5", acertificate[0])); 964 } 965 } else 966 { 967 Certificate certificate = keyStore.getCertificate(s); 968 if(verbose && (certificate instanceof X509Certificate)) 969 { 970 printstream.println(rb.getString("Entry type: trustedCertEntry\n")); 971 printX509Cert((X509Certificate)certificate, printstream); 972 } else 973 if(rfc) 974 { 975 printstream.println(rb.getString("Entry type: trustedCertEntry\n")); 976 dumpCert(certificate, printstream); 977 } else 978 if(debug) 979 { 980 printstream.println(certificate.toString()); 981 } else 982 { 983 printstream.println(rb.getString("trustedCertEntry,")); 984 printstream.println(rb.getString("Certificate fingerprint (MD5): ") + getCertFingerPrint("MD5", certificate)); 985 } 986 } 987 } 988 989 private void doPrintEntries(PrintStream printstream) 990 throws Exception 991 { 992 if(storePass == null) 993 printWarning(); 994 else 995 printstream.println(); 996 printstream.println(rb.getString("Keystore type: ") + keyStore.getType()); 997 printstream.println(rb.getString("Keystore provider: ") + keyStore.getProvider().getName()); 998 printstream.println(); 999 MessageFormat messageformat = keyStore.size() != 1 ? new MessageFormat(rb.getString("Your keystore contains keyStore.size() entries")) : new MessageFormat(rb.getString("Your keystore contains keyStore.size() entry")); 1000 Object aobj[] = { 1001 new Integer(keyStore.size()) 1002 }; 1003 printstream.println(messageformat.format(((Object) (aobj)))); 1004 printstream.println(); 1005 for(Enumeration enumeration = keyStore.aliases(); enumeration.hasMoreElements();) 1006 { 1007 String s = (String)enumeration.nextElement(); 1008 doPrintEntry(s, printstream, false); 1009 if(verbose || rfc) 1010 { 1011 printstream.println(rb.getString("\n")); 1012 printstream.println(rb.getString("*******************************************")); 1013 printstream.println(rb.getString("*******************************************\n\n")); 1014 } 1015 } 1016 1017 } 1018 1019 private void doPrintCert(InputStream inputstream, PrintStream printstream) 1020 throws Exception 1021 { 1022 Collection collection = null; 1023 try 1024 { 1025 collection = cf.generateCertificates(inputstream); 1026 } 1027 catch(CertificateException certificateexception) 1028 { 1029 throw new Exception(rb.getString("Failed to parse input"), certificateexception); 1030 } 1031 if(collection.isEmpty()) 1032 throw new Exception(rb.getString("Empty input")); 1033 Certificate acertificate[] = (Certificate[])collection.toArray(new Certificate[collection.size()]); 1034 for(int i = 0; i < acertificate.length; i++) 1035 { 1036 X509Certificate x509certificate = null; 1037 try 1038 { 1039 x509certificate = (X509Certificate)acertificate[i]; 1040 } 1041 catch(ClassCastException classcastexception) 1042 { 1043 throw new Exception(rb.getString("Not X.509 certificate")); 1044 } 1045 if(acertificate.length > 1) 1046 { 1047 MessageFormat messageformat = new MessageFormat(rb.getString("Certificate[(i + 1)]:")); 1048 Object aobj[] = { 1049 new Integer(i + 1) 1050 }; 1051 printstream.println(messageformat.format(((Object) (aobj)))); 1052 } 1053 printX509Cert(x509certificate, printstream); 1054 if(i < acertificate.length - 1) 1055 printstream.println(); 1056 } 1057 1058 } 1059 1060 private void doSelfCert(String s, String s1, String s2) 1061 throws Exception 1062 { 1063 if(s == null) 1064 s = keyAlias; 1065 Object aobj[] = recoverPrivateKey(s, storePass, keyPass); 1066 PrivateKey privatekey = (PrivateKey)aobj[0]; 1067 if(keyPass == null) 1068 keyPass = (char[])aobj[1]; 1069 if(s2 == null) 1070 { 1071 String s3 = privatekey.getAlgorithm(); 1072 if(s3.equalsIgnoreCase("DSA") || s3.equalsIgnoreCase("DSS")) 1073 s2 = "SHA1WithDSA"; 1074 else 1075 if(s3.equalsIgnoreCase("RSA")) 1076 s2 = "MD5WithRSA"; 1077 else 1078 throw new Exception(rb.getString("Cannot derive signature algorithm")); 1079 } 1080 Certificate certificate = keyStore.getCertificate(s); 1081 if(certificate == null) 1082 { 1083 MessageFormat messageformat = new MessageFormat(rb.getString("alias has no public key")); 1084 Object aobj1[] = { 1085 s 1086 }; 1087 throw new Exception(messageformat.format(((Object) (aobj1)))); 1088 } 1089 if(!(certificate instanceof X509Certificate)) 1090 { 1091 MessageFormat messageformat1 = new MessageFormat(rb.getString("alias has no X.509 certificate")); 1092 Object aobj2[] = { 1093 s 1094 }; 1095 throw new Exception(messageformat1.format(((Object) (aobj2)))); 1096 } 1097 byte abyte0[] = certificate.getEncoded(); 1098 X509CertImpl x509certimpl = new X509CertImpl(abyte0); 1099 X509CertInfo x509certinfo = (X509CertInfo)x509certimpl.get("x509.info"); 1100 Date date = new Date(); 1101 Date date1 = new Date(); 1102 date1.setTime(date1.getTime() + (long)validity * 1000L * 24L * 60L * 60L); 1103 CertificateValidity certificatevalidity = new CertificateValidity(date, date1); 1104 x509certinfo.set("validity", certificatevalidity); 1105 x509certinfo.set("serialNumber", new CertificateSerialNumber((int)(date.getTime() / 1000L))); 1106 X500Name x500name; 1107 if(s1 == null) 1108 { 1109 x500name = (X500Name)x509certinfo.get("subject.dname"); 1110 } else 1111 { 1112 x500name = new X500Name(s1); 1113 x509certinfo.set("subject.dname", x500name); 1114 } 1115 x509certinfo.set("issuer.dname", x500name); 1116 X509CertImpl x509certimpl1 = new X509CertImpl(x509certinfo); 1117 x509certimpl1.sign(privatekey, s2); 1118 AlgorithmId algorithmid = (AlgorithmId)x509certimpl1.get("x509.algorithm"); 1119 x509certinfo.set("algorithmID.algorithm", algorithmid); 1120 x509certimpl1 = new X509CertImpl(x509certinfo); 1121 x509certimpl1.sign(privatekey, s2); 1122 keyStore.setKeyEntry(s, privatekey, keyPass == null ? storePass : keyPass, new Certificate[] { 1123 x509certimpl1 1124 }); 1125 if(verbose) 1126 { 1127 System.err.println(rb.getString("New certificate (self-signed):")); 1128 System.err.print(x509certimpl1.toString()); 1129 System.err.println(); 1130 } 1131 } 1132 1133 private boolean installReply(String s, InputStream inputstream) 1134 throws Exception 1135 { 1136 if(s == null) 1137 s = keyAlias; 1138 Object aobj[] = recoverPrivateKey(s, storePass, keyPass); 1139 PrivateKey privatekey = (PrivateKey)aobj[0]; 1140 if(keyPass == null) 1141 keyPass = (char[])aobj[1]; 1142 Certificate certificate = keyStore.getCertificate(s); 1143 if(certificate == null) 1144 { 1145 MessageFormat messageformat = new MessageFormat(rb.getString("alias has no public key (certificate)")); 1146 Object aobj1[] = { 1147 s 1148 }; 1149 throw new Exception(messageformat.format(((Object) (aobj1)))); 1150 } 1151 Collection collection = cf.generateCertificates(inputstream); 1152 if(collection.isEmpty()) 1153 throw new Exception(rb.getString("Reply has no certificates")); 1154 Certificate acertificate[] = (Certificate[])collection.toArray(new Certificate[collection.size()]); 1155 Certificate acertificate1[]; 1156 if(acertificate.length == 1) 1157 acertificate1 = establishCertChain(certificate, acertificate[0]); 1158 else 1159 acertificate1 = validateReply(s, certificate, acertificate); 1160 if(acertificate1 != null) 1161 { 1162 keyStore.setKeyEntry(s, privatekey, keyPass == null ? storePass : keyPass, acertificate1); 1163 return true; 1164 } else 1165 { 1166 return false; 1167 } 1168 } 1169 1170 private boolean addTrustedCert(String s, InputStream inputstream) 1171 throws Exception 1172 { 1173 X509Certificate x509certificate; 1174 if(s == null) 1175 throw new Exception(rb.getString("Must specify alias")); 1176 if(keyStore.containsAlias(s)) 1177 { 1178 MessageFormat messageformat = new MessageFormat(rb.getString("Certificate not imported, alias <alias> already exists")); 1179 Object aobj[] = { 1180 s 1181 }; 1182 throw new Exception(messageformat.format(((Object) (aobj)))); 1183 } 1184 x509certificate = null; 1185 try 1186 { 1187 x509certificate = (X509Certificate)cf.generateCertificate(inputstream); 1188 } 1189 catch(ClassCastException classcastexception) 1190 { 1191 throw new Exception(rb.getString("Input not an X.509 certificate")); 1192 } 1193 catch(CertificateException certificateexception) 1194 { 1195 throw new Exception(rb.getString("Input not an X.509 certificate")); 1196 } 1197 boolean flag = false; 1198 if(isSelfSigned(x509certificate)) 1199 { 1200 x509certificate.verify(x509certificate.getPublicKey()); 1201 flag = true; 1202 } 1203 if(noprompt) 1204 { 1205 keyStore.setCertificateEntry(s, x509certificate); 1206 return true; 1207 } 1208 String s1 = null; 1209 String s3 = keyStore.getCertificateAlias(x509certificate); 1210 if(s3 != null) 1211 { 1212 MessageFormat messageformat1 = new MessageFormat(rb.getString("Certificate already exists in keystore under alias <trustalias>")); 1213 Object aobj1[] = { 1214 s3 1215 }; 1216 System.err.println(messageformat1.format(((Object) (aobj1)))); 1217 s1 = getYesNoReply(rb.getString("Do you still want to add it? [no]: ")); 1218 } else 1219 if(flag) 1220 { 1221 if(trustcacerts && caks != null && (s3 = caks.getCertificateAlias(x509certificate)) != null) 1222 { 1223 MessageFormat messageformat2 = new MessageFormat(rb.getString("Certificate already exists in system-wide CA keystore under alias <trustalias>")); 1224 Object aobj2[] = { 1225 s3 1226 }; 1227 System.err.println(messageformat2.format(((Object) (aobj2)))); 1228 s1 = getYesNoReply(rb.getString("Do you still want to add it to your own keystore? [no]: ")); 1229 } 1230 if(s3 == null) 1231 { 1232 printX509Cert(x509certificate, System.out); 1233 s1 = getYesNoReply(rb.getString("Trust this certificate? [no]: ")); 1234 } 1235 } 1236 if(s1 != null) 1237 if(s1.equals("YES")) 1238 { 1239 keyStore.setCertificateEntry(s, x509certificate); 1240 return true; 1241 } else 1242 { 1243 return false; 1244 } 1245 Certificate acertificate[] = establishCertChain(null, x509certificate); 1246 //if(acertificate == null) 1247 //break MISSING_BLOCK_LABEL_469; 1248 keyStore.setCertificateEntry(s, x509certificate); 1249 return true; 1250 //Exception exception = new JAXRException("Unknown 3"); 1251 1252 /* 1253 printX509Cert(x509certificate, System.out); 1254 String s2 = getYesNoReply(rb.getString("Trust this certificate? [no]: ")); 1255 if(s2.equals("YES")) 1256 { 1257 keyStore.setCertificateEntry(s, x509certificate); 1258 return true; 1259 } else 1260 { 1261 return false; 1262 } 1263 //return false; 1264 */ 1265 } 1266 1267 private char[] getNewPasswd(String s, char ac[]) 1268 throws Exception 1269 { 1270 Object obj = null; 1271 char ac2[] = null; 1272 for(int i = 0; i < 3; i++) 1273 { 1274 MessageFormat messageformat = new MessageFormat(rb.getString("New prompt: ")); 1275 Object aobj[] = { 1276 s 1277 }; 1278 System.err.print(messageformat.format(((Object) (aobj)))); 1279 char ac1[] = readPasswd(System.in); 1280 if(ac1.length < 6) 1281 System.err.println(rb.getString("Password is too short - must be at least 6 characters")); 1282 else 1283 if(Arrays.equals(ac1, ac)) 1284 { 1285 System.err.println(rb.getString("Passwords must differ")); 1286 } else 1287 { 1288 MessageFormat messageformat1 = new MessageFormat(rb.getString("Re-enter new prompt: ")); 1289 Object aobj1[] = { 1290 s 1291 }; 1292 System.err.print(messageformat1.format(((Object) (aobj1)))); 1293 ac2 = readPasswd(System.in); 1294 if(!Arrays.equals(ac1, ac2)) 1295 { 1296 System.err.println(rb.getString("They don't match; try again")); 1297 } else 1298 { 1299 Arrays.fill(ac2, ' '); 1300 return ac1; 1301 } 1302 } 1303 if(ac1 != null) 1304 { 1305 Arrays.fill(ac1, ' '); 1306 ac1 = null; 1307 } 1308 if(ac2 != null) 1309 { 1310 Arrays.fill(ac2, ' '); 1311 ac2 = null; 1312 } 1313 } 1314 1315 throw new Exception(rb.getString("Too many failures - try later")); 1316 } 1317 1318 private String getAlias(String s) 1319 throws Exception 1320 { 1321 if(s != null) 1322 { 1323 MessageFormat messageformat = new MessageFormat(rb.getString("Enter prompt alias name: ")); 1324 Object aobj[] = { 1325 s 1326 }; 1327 System.err.print(messageformat.format(((Object) (aobj)))); 1328 } else 1329 { 1330 System.err.print(rb.getString("Enter alias name: ")); 1331 } 1332 return (new BufferedReader(new InputStreamReader(System.in))).readLine(); 1333 } 1334 1335 private char[] getKeyPasswd(String s, String s1, char ac[]) 1336 throws Exception 1337 { 1338 int i = 0; 1339 char ac1[] = null; 1340 do 1341 { 1342 if(ac != null) 1343 { 1344 MessageFormat messageformat = new MessageFormat(rb.getString("Enter key password for <alias>")); 1345 Object aobj[] = { 1346 s 1347 }; 1348 System.err.println(messageformat.format(((Object) (aobj)))); 1349 messageformat = new MessageFormat(rb.getString("\t(RETURN if same as for <otherAlias>)")); 1350 Object aobj2[] = { 1351 s1 1352 }; 1353 System.err.print(messageformat.format(((Object) (aobj2)))); 1354 } else 1355 { 1356 MessageFormat messageformat1 = new MessageFormat(rb.getString("Enter key password for <alias>")); 1357 Object aobj1[] = { 1358 s 1359 }; 1360 System.err.print(messageformat1.format(((Object) (aobj1)))); 1361 } 1362 System.err.flush(); 1363 ac1 = readPasswd(System.in); 1364 if(ac1 == null) 1365 ac1 = ac; 1366 i++; 1367 } while(ac1 == null && i < 3); 1368 if(ac1 == null) 1369 throw new Exception(rb.getString("Too many failures - try later")); 1370 else 1371 return ac1; 1372 } 1373 1374 private char[] readPasswd(InputStream inputstream) 1375 throws IOException 1376 { 1377 char ac[]; 1378 char ac1[] = ac = new char[128]; 1379 int i = ac1.length; 1380 int j = 0; 1381 int k; 1382 label0: 1383 do 1384 switch(k = inputstream.read()) 1385 { 1386 case -1: 1387 case 10: // '\n' 1388 break label0; 1389 1390 case 13: // '\r' 1391 int l = inputstream.read(); 1392 if(l == 10 || l == -1) 1393 break label0; 1394 if(!(inputstream instanceof PushbackInputStream)) 1395 inputstream = new PushbackInputStream(inputstream); 1396 ((PushbackInputStream)inputstream).unread(l); 1397 // fall through 1398 1399 default: 1400 if(--i < 0) 1401 { 1402 ac1 = new char[j + 128]; 1403 i = ac1.length - j - 1; 1404 System.arraycopy(ac, 0, ac1, 0, j); 1405 Arrays.fill(ac, ' '); 1406 ac = ac1; 1407 } 1408 ac1[j++] = (char)k; 1409 break; 1410 } 1411 while(true); 1412 if(j == 0) 1413 { 1414 return null; 1415 } else 1416 { 1417 char ac2[] = new char[j]; 1418 System.arraycopy(ac1, 0, ac2, 0, j); 1419 Arrays.fill(ac1, ' '); 1420 return ac2; 1421 } 1422 } 1423 1424 private void printX509Cert(X509Certificate x509certificate, PrintStream printstream) 1425 throws Exception 1426 { 1427 MessageFormat messageformat = new MessageFormat(rb.getString("*PATTERN* printX509Cert")); 1428 Object aobj[] = { 1429 x509certificate.getSubjectDN().toString(), x509certificate.getIssuerDN().toString(), x509certificate.getSerialNumber().toString(16), x509certificate.getNotBefore().toString(), x509certificate.getNotAfter().toString(), getCertFingerPrint("MD5", x509certificate), getCertFingerPrint("SHA1", x509certificate) 1430 }; 1431 printstream.println(messageformat.format(((Object) (aobj)))); 1432 } 1433 1434 private boolean isSelfSigned(X509Certificate x509certificate) 1435 { 1436 return x509certificate.getSubjectDN().equals(x509certificate.getIssuerDN()); 1437 } 1438 1439 private boolean isTrusted(Certificate certificate) 1440 throws Exception 1441 { 1442 if(keyStore.getCertificateAlias(certificate) != null) 1443 return true; 1444 return trustcacerts && caks != null && caks.getCertificateAlias(certificate) != null; 1445 } 1446 1447 private X500Name getX500Name() 1448 throws IOException 1449 { 1450 BufferedReader bufferedreader = new BufferedReader(new InputStreamReader(System.in)); 1451 String s = "Unknown"; 1452 String s1 = "Unknown"; 1453 String s2 = "Unknown"; 1454 String s3 = "Unknown"; 1455 String s4 = "Unknown"; 1456 String s5 = "Unknown"; 1457 String s6 = null; 1458 X500Name x500name; 1459 do 1460 { 1461 s = inputString(bufferedreader, rb.getString("What is your first and last name?"), s); 1462 s1 = inputString(bufferedreader, rb.getString("What is the name of your organizational unit?"), s1); 1463 s2 = inputString(bufferedreader, rb.getString("What is the name of your organization?"), s2); 1464 s3 = inputString(bufferedreader, rb.getString("What is the name of your City or Locality?"), s3); 1465 s4 = inputString(bufferedreader, rb.getString("What is the name of your State or Province?"), s4); 1466 s5 = inputString(bufferedreader, rb.getString("What is the two-letter country code for this unit?"), s5); 1467 x500name = new X500Name(s, s1, s2, s3, s4, s5); 1468 MessageFormat messageformat = new MessageFormat(rb.getString("Is <name> correct?")); 1469 Object aobj[] = { 1470 x500name 1471 }; 1472 s6 = inputString(bufferedreader, messageformat.format(((Object) (aobj))), rb.getString("no")); 1473 } while(collator.compare(s6, rb.getString("yes")) != 0 && collator.compare(s6, rb.getString("y")) != 0); 1474 System.err.println(); 1475 return x500name; 1476 } 1477 1478 private String inputString(BufferedReader bufferedreader, String s, String s1) 1479 throws IOException 1480 { 1481 System.err.println(s); 1482 MessageFormat messageformat = new MessageFormat(rb.getString(" [defaultValue]: ")); 1483 Object aobj[] = { 1484 s1 1485 }; 1486 System.err.print(messageformat.format(((Object) (aobj)))); 1487 System.err.flush(); 1488 String s2 = bufferedreader.readLine(); 1489 if(s2 == null || collator.compare(s2, "") == 0) 1490 s2 = s1; 1491 return s2; 1492 } 1493 1494 private void dumpCert(Certificate certificate, PrintStream printstream) 1495 throws IOException, CertificateException 1496 { 1497 if(rfc) 1498 { 1499 BASE64Encoder base64encoder = new BASE64Encoder(); 1500 printstream.println("-----BEGIN CERTIFICATE-----"); 1501 base64encoder.encodeBuffer(certificate.getEncoded(), printstream); 1502 printstream.println("-----END CERTIFICATE-----"); 1503 } else 1504 { 1505 printstream.write(certificate.getEncoded()); 1506 } 1507 } 1508 1509 private void byte2hex(byte byte0, StringBuffer stringbuffer) 1510 { 1511 char ac[] = { 1512 '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 1513 'A', 'B', 'C', 'D', 'E', 'F' 1514 }; 1515 int i = (byte0 & 0xf0) >> 4; 1516 int j = byte0 & 0xf; 1517 stringbuffer.append(ac[i]); 1518 stringbuffer.append(ac[j]); 1519 } 1520 1521 private String toHexString(byte abyte0[]) 1522 { 1523 StringBuffer stringbuffer = new StringBuffer(); 1524 int i = abyte0.length; 1525 for(int j = 0; j < i; j++) 1526 { 1527 byte2hex(abyte0[j], stringbuffer); 1528 if(j < i - 1) 1529 stringbuffer.append(":"); 1530 } 1531 1532 return stringbuffer.toString(); 1533 } 1534 1535 private Object[] recoverPrivateKey(String s, char ac[], char ac1[]) 1536 throws Exception 1537 { 1538 java.security.Key key = null; 1539 if(!keyStore.containsAlias(s)) 1540 { 1541 MessageFormat messageformat = new MessageFormat(rb.getString("Alias <alias> does not exist")); 1542 Object aobj[] = { 1543 s 1544 }; 1545 throw new Exception(messageformat.format(((Object) (aobj)))); 1546 } 1547 if(!keyStore.isKeyEntry(s)) 1548 { 1549 MessageFormat messageformat1 = new MessageFormat(rb.getString("Alias <alias> has no (private) key")); 1550 Object aobj1[] = { 1551 s 1552 }; 1553 throw new Exception(messageformat1.format(((Object) (aobj1)))); 1554 } 1555 if(ac1 == null) 1556 try 1557 { 1558 key = keyStore.getKey(s, ac); 1559 ac1 = ac; 1560 } 1561 catch(UnrecoverableKeyException unrecoverablekeyexception) 1562 { 1563 ac1 = getKeyPasswd(s, null, null); 1564 key = keyStore.getKey(s, ac1); 1565 } 1566 else 1567 key = keyStore.getKey(s, ac1); 1568 if(!(key instanceof PrivateKey)) 1569 throw new Exception(rb.getString("Recovered key is not a private key")); 1570 else 1571 return (new Object[] { 1572 (PrivateKey)key, ac1 1573 }); 1574 } 1575 1576 private String getCertFingerPrint(String s, Certificate certificate) 1577 throws Exception 1578 { 1579 byte abyte0[] = certificate.getEncoded(); 1580 MessageDigest messagedigest = MessageDigest.getInstance(s); 1581 byte abyte1[] = messagedigest.digest(abyte0); 1582 return toHexString(abyte1); 1583 } 1584 1585 private void printWarning() 1586 { 1587 System.err.println(); 1588 System.err.println(rb.getString("***************** WARNING WARNING WARNING *****************")); 1589 System.err.println(rb.getString("* The integrity of the information stored in your keystore *")); 1590 System.err.println(rb.getString("* has NOT been verified! In order to verify its integrity, *")); 1591 System.err.println(rb.getString("* you must provide your keystore password. *")); 1592 System.err.println(rb.getString("***************** WARNING WARNING WARNING *****************")); 1593 System.err.println(); 1594 } 1595 1596 private Certificate[] validateReply(String s, Certificate certificate, Certificate acertificate[]) 1597 throws Exception 1598 { 1599 java.security.PublicKey publickey = certificate.getPublicKey(); 1600 int i; 1601 for(i = 0; i < acertificate.length; i++) 1602 if(publickey.equals(acertificate[i].getPublicKey())) 1603 break; 1604 1605 if(i == acertificate.length) 1606 { 1607 MessageFormat messageformat = new MessageFormat(rb.getString("Certificate reply does not contain public key for <alias>")); 1608 Object aobj[] = { 1609 s 1610 }; 1611 throw new Exception(messageformat.format(((Object) (aobj)))); 1612 } 1613 Certificate certificate1 = acertificate[0]; 1614 acertificate[0] = acertificate[i]; 1615 acertificate[i] = certificate1; 1616 Principal principal = ((X509Certificate)acertificate[0]).getIssuerDN(); 1617 for(int j = 1; j < acertificate.length - 1; j++) 1618 { 1619 int l; 1620 for(l = j; l < acertificate.length; l++) 1621 { 1622 Principal principal1 = ((X509Certificate)acertificate[l]).getSubjectDN(); 1623 if(!principal1.equals(principal)) 1624 continue; 1625 Certificate certificate2 = acertificate[j]; 1626 acertificate[j] = acertificate[l]; 1627 acertificate[l] = certificate2; 1628 principal = ((X509Certificate)acertificate[j]).getIssuerDN(); 1629 break; 1630 } 1631 1632 if(l == acertificate.length) 1633 throw new Exception(rb.getString("Incomplete certificate chain in reply")); 1634 } 1635 1636 for(int k = 0; k < acertificate.length - 1; k++) 1637 { 1638 java.security.PublicKey publickey1 = acertificate[k + 1].getPublicKey(); 1639 try 1640 { 1641 acertificate[k].verify(publickey1); 1642 } 1643 catch(Exception exception) 1644 { 1645 throw new Exception(rb.getString("Certificate chain in reply does not verify: ") + exception.getMessage()); 1646 } 1647 } 1648 1649 if(noprompt) 1650 return acertificate; 1651 Certificate certificate3 = acertificate[acertificate.length - 1]; 1652 if(!isTrusted(certificate3)) 1653 { 1654 boolean flag = false; 1655 Certificate certificate4 = null; 1656 if(trustcacerts && caks != null) 1657 { 1658 Enumeration enumeration = caks.aliases(); 1659 while(enumeration.hasMoreElements()) 1660 { 1661 String s2 = (String)enumeration.nextElement(); 1662 certificate4 = caks.getCertificate(s2); 1663 if(certificate4 == null) 1664 continue; 1665 try 1666 { 1667 certificate3.verify(certificate4.getPublicKey()); 1668 flag = true; 1669 break; 1670 } 1671 catch(Exception exception1) { } 1672 } 1673 } 1674 if(!flag) 1675 { 1676 System.err.println(); 1677 System.err.println(rb.getString("Top-level certificate in reply:\n")); 1678 printX509Cert((X509Certificate)certificate3, System.out); 1679 System.err.println(); 1680 System.err.print(rb.getString("... is not trusted. ")); 1681 String s1 = getYesNoReply(rb.getString("Install reply anyway? [no]: ")); 1682 if(s1.equals("NO")) 1683 return null; 1684 } else 1685 if(!isSelfSigned((X509Certificate)certificate3)) 1686 { 1687 Certificate acertificate1[] = new Certificate[acertificate.length + 1]; 1688 System.arraycopy(acertificate, 0, acertificate1, 0, acertificate.length); 1689 acertificate1[acertificate1.length - 1] = certificate4; 1690 acertificate = acertificate1; 1691 } 1692 } 1693 return acertificate; 1694 } 1695 1696 private Certificate[] establishCertChain(Certificate certificate, Certificate certificate1) 1697 throws Exception 1698 { 1699 if(certificate != null) 1700 { 1701 java.security.PublicKey publickey = certificate.getPublicKey(); 1702 java.security.PublicKey publickey1 = certificate1.getPublicKey(); 1703 if(!publickey.equals(publickey1)) 1704 throw new Exception(rb.getString("Public keys in reply and keystore don't match")); 1705 if(certificate1.equals(certificate)) 1706 throw new Exception(rb.getString("Certificate reply and certificate in keystore are identical")); 1707 } 1708 Hashtable hashtable = null; 1709 if(keyStore.size() > 0) 1710 { 1711 hashtable = new Hashtable(11); 1712 keystorecerts2Hashtable(keyStore, hashtable); 1713 } 1714 if(trustcacerts && caks != null && caks.size() > 0) 1715 { 1716 if(hashtable == null) 1717 hashtable = new Hashtable(11); 1718 keystorecerts2Hashtable(caks, hashtable); 1719 } 1720 Vector vector = new Vector(2); 1721 if(buildChain((X509Certificate)certificate1, vector, hashtable)) 1722 { 1723 Certificate acertificate[] = new Certificate[vector.size()]; 1724 int i = 0; 1725 for(int j = vector.size() - 1; j >= 0; j--) 1726 { 1727 acertificate[i] = (Certificate)vector.elementAt(j); 1728 i++; 1729 } 1730 1731 return acertificate; 1732 } else 1733 { 1734 throw new Exception(rb.getString("Failed to establish chain from reply")); 1735 } 1736 } 1737 1738 private boolean buildChain(X509Certificate x509certificate, Vector vector, Hashtable hashtable) 1739 { 1740 Principal principal = x509certificate.getSubjectDN(); 1741 Principal principal1 = x509certificate.getIssuerDN(); 1742 if(principal.equals(principal1)) 1743 { 1744 vector.addElement(x509certificate); 1745 return true; 1746 } 1747 Vector vector1 = (Vector)hashtable.get(principal1); 1748 if(vector1 == null) 1749 return false; 1750 Enumeration enumeration = vector1.elements(); 1751 while(enumeration.hasMoreElements()) 1752 { 1753 X509Certificate x509certificate1 = (X509Certificate)enumeration.nextElement(); 1754 java.security.PublicKey publickey = x509certificate1.getPublicKey(); 1755 try 1756 { 1757 x509certificate.verify(publickey); 1758 } 1759 catch(Exception exception) 1760 { 1761 continue; 1762 } 1763 if(buildChain(x509certificate1, vector, hashtable)) 1764 { 1765 vector.addElement(x509certificate); 1766 return true; 1767 } 1768 } 1769 return false; 1770 } 1771 1772 private String getYesNoReply(String s) 1773 throws IOException 1774 { 1775 String s1 = null; 1776 do 1777 { 1778 System.err.print(s); 1779 System.err.flush(); 1780 s1 = (new BufferedReader(new InputStreamReader(System.in))).readLine(); 1781 if(collator.compare(s1, "") == 0 || collator.compare(s1, rb.getString("n")) == 0 || collator.compare(s1, rb.getString("no")) == 0) 1782 s1 = "NO"; 1783 else 1784 if(collator.compare(s1, rb.getString("y")) == 0 || collator.compare(s1, rb.getString("yes")) == 0) 1785 { 1786 s1 = "YES"; 1787 } else 1788 { 1789 System.err.println(rb.getString("Wrong answer, try again")); 1790 s1 = null; 1791 } 1792 } while(s1 == null); 1793 return s1; 1794 } 1795 1796 private KeyStore getCacertsKeyStore() 1797 throws Exception 1798 { 1799 String s = File.separator; 1800 File file = new File(System.getProperty("java.home") + s + "lib" + s + "security" + s + "cacerts"); 1801 if(!file.exists()) 1802 { 1803 return null; 1804 } else 1805 { 1806 FileInputStream fileinputstream = new FileInputStream(file); 1807 KeyStore keystore = KeyStore.getInstance("jks"); 1808 keystore.load(fileinputstream, null); 1809 fileinputstream.close(); 1810 return keystore; 1811 } 1812 } 1813 1814 private void keystorecerts2Hashtable(KeyStore keystore, Hashtable hashtable) 1815 throws Exception 1816 { 1817 for(Enumeration enumeration = keystore.aliases(); enumeration.hasMoreElements();) 1818 { 1819 String s = (String)enumeration.nextElement(); 1820 Certificate certificate = keystore.getCertificate(s); 1821 if(certificate != null) 1822 { 1823 Principal principal = ((X509Certificate)certificate).getSubjectDN(); 1824 Vector vector = (Vector)hashtable.get(principal); 1825 if(vector == null) 1826 { 1827 vector = new Vector(); 1828 vector.addElement(certificate); 1829 } else 1830 if(!vector.contains(certificate)) 1831 vector.addElement(certificate); 1832 hashtable.put(principal, vector); 1833 } 1834 } 1835 1836 } 1837 1838 private void usage() 1839 { 1840 System.err.println(rb.getString("keytool usage:\n")); 1841 System.err.println(rb.getString("-certreq [-v] [-alias <alias>] [-sigalg <sigalg>]")); 1842 System.err.println(rb.getString("\t [-file <csr_file>] [-keypass <keypass>]")); 1843 System.err.println(rb.getString("\t [-keystore <keystore>] [-storepass <storepass>]")); 1844 System.err.println(rb.getString("\t [-storetype <storetype>] [-provider <provider_class_name>] ...")); 1845 System.err.println(); 1846 System.err.println(rb.getString("-delete [-v] -alias <alias>")); 1847 System.err.println(rb.getString("\t [-keystore <keystore>] [-storepass <storepass>]")); 1848 System.err.println(rb.getString("\t [-storetype <storetype>] [-provider <provider_class_name>] ...")); 1849 System.err.println(); 1850 System.err.println(rb.getString("-export [-v] [-rfc] [-alias <alias>] [-file <cert_file>]")); 1851 System.err.println(rb.getString("\t [-keystore <keystore>] [-storepass <storepass>]")); 1852 System.err.println(rb.getString("\t [-storetype <storetype>] [-provider <provider_class_name>] ...")); 1853 System.err.println(); 1854 System.err.println(rb.getString("-genkey [-v] [-alias <alias>] [-keyalg <keyalg>]")); 1855 System.err.println(rb.getString("\t [-keysize <keysize>] [-sigalg <sigalg>]")); 1856 System.err.println(rb.getString("\t [-dname <dname>] [-validity <valDays>]")); 1857 System.err.println(rb.getString("\t [-keypass <keypass>] [-keystore <keystore>]")); 1858 System.err.println(rb.getString("\t [-storepass <storepass>] [-storetype <storetype>]")); 1859 System.err.println(rb.getString("\t [-provider <provider_class_name>] ...")); 1860 System.err.println(); 1861 System.err.println(rb.getString("-help")); 1862 System.err.println(); 1863 System.err.println(rb.getString("-identitydb [-v] [-file <idb_file>] [-keystore <keystore>]")); 1864 System.err.println(rb.getString("\t [-storepass <storepass>] [-storetype <storetype>]")); 1865 System.out.println(rb.getString("\t [-provider <provider_class_name>] ...")); 1866 System.err.println(); 1867 System.err.println(rb.getString("-import [-v] [-noprompt] [-trustcacerts] [-alias <alias>]")); 1868 System.err.println(rb.getString("\t [-file <cert_file>] [-keypass <keypass>]")); 1869 System.err.println(rb.getString("\t [-keystore <keystore>] [-storepass <storepass>]")); 1870 System.err.println(rb.getString("\t [-storetype <storetype>] [-provider <provider_class_name>] ...")); 1871 System.err.println(); 1872 System.err.println(rb.getString("-keyclone [-v] [-alias <alias>] -dest <dest_alias>")); 1873 System.err.println(rb.getString("\t [-keypass <keypass>] [-new <new_keypass>]")); 1874 System.err.println(rb.getString("\t [-keystore <keystore>] [-storepass <storepass>]")); 1875 System.err.println(rb.getString("\t [-storetype <storetype>] [-provider <provider_class_name>] ...")); 1876 System.err.println(); 1877 System.err.println(rb.getString("-keypasswd [-v] [-alias <alias>]")); 1878 System.err.println(rb.getString("\t [-keypass <old_keypass>] [-new <new_keypass>]")); 1879 System.err.println(rb.getString("\t [-keystore <keystore>] [-storepass <storepass>]")); 1880 System.err.println(rb.getString("\t [-storetype <storetype>] [-provider <provider_class_name>] ...")); 1881 System.err.println(); 1882 System.err.println(rb.getString("-list [-v | -rfc] [-alias <alias>]")); 1883 System.err.println(rb.getString("\t [-keystore <keystore>] [-storepass <storepass>]")); 1884 System.err.println(rb.getString("\t [-storetype <storetype>] [-provider <provider_class_name>] ...")); 1885 System.err.println(); 1886 System.err.println(rb.getString("-printcert [-v] [-file <cert_file>]")); 1887 System.err.println(); 1888 System.err.println(rb.getString("-selfcert [-v] [-alias <alias>] [-sigalg <sigalg>]")); 1889 System.err.println(rb.getString("\t [-dname <dname>] [-validity <valDays>]")); 1890 System.err.println(rb.getString("\t [-keypass <keypass>] [-keystore <keystore>]")); 1891 System.err.println(rb.getString("\t [-storepass <storepass>] [-storetype <storetype>]")); 1892 System.err.println(rb.getString("\t [-provider <provider_class_name>] ...")); 1893 System.err.println(); 1894 System.err.println(rb.getString("-storepasswd [-v] [-new <new_storepass>]")); 1895 System.err.println(rb.getString("\t [-keystore <keystore>] [-storepass <storepass>]")); 1896 System.err.println(rb.getString("\t [-storetype <storetype>] [-provider <provider_class_name>] ...")); 1897 System.err.println(); 1898 System.exit(1); 1899 } 1900 1901 private boolean debug; 1902 private String command; 1903 private String sigAlgName; 1904 private String keyAlgName; 1905 private boolean verbose; 1906 private int keysize; 1907 private boolean rfc; 1908 private int validity; 1909 private String alias; 1910 private String dname; 1911 private String keyAlias; 1912 private String dest; 1913 private String filename; 1914 private Vector providers; 1915 private String storetype; 1916 private char storePass[]; 1917 private char storePassNew[]; 1918 private char keyPass[]; 1919 private char keyPassNew[]; 1920 private char oldPass[]; 1921 private char newPass[]; 1922 private String ksfname; 1923 private File ksfile; 1924 private InputStream ksStream; 1925 private InputStream inStream; 1926 private KeyStore keyStore; 1927 private boolean kssave; 1928 private boolean noprompt; 1929 private boolean trustcacerts; 1930 private CertificateFactory cf; 1931 private KeyStore caks; 1932 private static final ResourceBundle rb = ResourceBundle.getBundle("sun.security.util.Resources"); 1933 private static final Collator collator; 1934 1935 static 1936 { 1937 collator = Collator.getInstance(); 1938 collator.setStrength(0); 1939 } 1940 }

This page was automatically generated by Maven