下面列出了怎么用java.security.KeyStore.Builder的API类实例代码及写法,或者点击链接到github查看源代码。
private void init() throws KeyStoreException {
try {
Builder ksBuilder = Builder.newInstance("PKCS11", (Provider)null, new CallbackHandlerProtection(EidPinCallBackHandlerFactory.getHandler()));
this.keyStore = ksBuilder.getKeyStore();
} catch (TechnicalConnectorException var3) {
LOG.error("" + var3);
throw new KeyStoreException(var3);
}
}
private void init() throws KeyStoreException {
try {
Builder ksBuilder = Builder.newInstance("PKCS11", (Provider)null, new CallbackHandlerProtection(EidPinCallBackHandlerFactory.getHandler()));
this.keyStore = ksBuilder.getKeyStore();
} catch (TechnicalConnectorException var3) {
LOG.error("" + var3);
throw new KeyStoreException(var3);
}
}
private void init() throws KeyStoreException {
try {
Builder ksBuilder = Builder.newInstance("PKCS11", (Provider)null, new CallbackHandlerProtection(EidPinCallBackHandlerFactory.getHandler()));
this.keyStore = ksBuilder.getKeyStore();
} catch (TechnicalConnectorException var3) {
LOG.error("" + var3);
throw new KeyStoreException(var3);
}
}
private void init() throws KeyStoreException {
try {
Builder ksBuilder = Builder.newInstance("PKCS11", (Provider)null, new CallbackHandlerProtection(EidPinCallBackHandlerFactory.getHandler()));
this.keyStore = ksBuilder.getKeyStore();
} catch (TechnicalConnectorException var3) {
LOG.error("" + var3);
throw new KeyStoreException(var3);
}
}
private void init() throws KeyStoreException {
try {
Builder ksBuilder = Builder.newInstance("PKCS11", (Provider)null, new CallbackHandlerProtection(EidPinCallBackHandlerFactory.getHandler()));
this.keyStore = ksBuilder.getKeyStore();
} catch (TechnicalConnectorException var3) {
LOG.error("" + var3);
throw new KeyStoreException(var3);
}
}
/**
* Inject attributes to the value after the value update has been performed
* using {@link #performDataUpdate(Builder)}
*
* @param builder
* the builder to use for changing information
*/
public void injectAttributes ( final DataItemValue.Builder builder )
{
builder.setAttribute ( this.attributeActive, Variant.valueOf ( this.active ) );
builder.setAttribute ( this.attributeState, Variant.valueOf ( this.state ) );
builder.setAttribute ( this.attributeUnsafe, Variant.valueOf ( this.unsafe ) );
// be sure we don't have a null value
final Severity severity = this.severity == null ? Severity.ALARM : this.severity;
switch ( severity )
{
case INFORMATION:
builder.setAttribute ( this.attributeInfo, Variant.valueOf ( this.alarm ) );
builder.setAttribute ( this.attributeInfoAckRequired, Variant.valueOf ( this.akn ) );
break;
case WARNING:
builder.setAttribute ( this.attributeWarning, Variant.valueOf ( this.alarm ) );
builder.setAttribute ( this.attributeWarningAckRequired, Variant.valueOf ( this.akn ) );
break;
case ALARM:
builder.setAttribute ( this.attributeAlarm, Variant.valueOf ( this.alarm ) );
builder.setAttribute ( this.attributeAlarmAckRequired, Variant.valueOf ( this.akn ) );
break;
case ERROR:
builder.setAttribute ( this.attributeError, Variant.valueOf ( this.alarm ) );
builder.setAttribute ( this.attributeErrorAckRequired, Variant.valueOf ( this.akn ) );
break;
}
}
/**
*
* Faz a leitura do token em LINUX, precisa setar a lib (.SO) e a senha do token.
*/
@SuppressWarnings("restriction")
private KeyStore getKeyStoreToken() {
try {
// ATENÇÃO ALTERAR CONFIGURAÇÃO ABAIXO CONFORME O TOKEN USADO
// Para TOKEN Branco a linha abaixo
String pkcs11LibraryPath = "/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so";
// Para TOKEN Azul a linha abaixo
//String pkcs11LibraryPath = "/usr/lib/libeToken.so";
StringBuilder buf = new StringBuilder();
buf.append("library = ").append(pkcs11LibraryPath).append("\nname = Provedor\n");
Provider p = new sun.security.pkcs11.SunPKCS11(new ByteArrayInputStream(buf.toString().getBytes()));
Security.addProvider(p);
// ATENÇÃO ALTERAR "SENHA" ABAIXO
Builder builder = KeyStore.Builder.newInstance("PKCS11", p, new KeyStore.PasswordProtection("senha".toCharArray()));
KeyStore ks;
ks = builder.getKeyStore();
return ks;
} catch (Exception e1) {
e1.printStackTrace();
return null;
} finally {
}
}
@SuppressWarnings("restriction")
private KeyStore getKeyStoreToken() {
try {
// ATENÇÃO ALTERAR CONFIGURAÇÃO ABAIXO CONFORME O TOKEN USADO
// Para TOKEN Branco a linha abaixo
// String pkcs11LibraryPath =
// "/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so";
// Para TOKEN Azul a linha abaixo
String pkcs11LibraryPath = "/usr/lib/libeToken.so";
StringBuilder buf = new StringBuilder();
buf.append("library = ").append(pkcs11LibraryPath).append("\nname = Provedor\n");
Provider p = new sun.security.pkcs11.SunPKCS11(new ByteArrayInputStream(buf.toString().getBytes()));
Security.addProvider(p);
// ATENÇÃO ALTERAR "SENHA" ABAIXO
Builder builder = KeyStore.Builder.newInstance("PKCS11", p, new KeyStore.PasswordProtection("senha".toCharArray()));
KeyStore ks;
ks = builder.getKeyStore();
return ks;
} catch (Exception e1) {
e1.printStackTrace();
return null;
}
}
/**
*
* Faz a leitura do token em LINUX, precisa setar a lib (.SO) e a senha do token.
*/
@SuppressWarnings("restriction")
private KeyStore getKeyStoreToken() {
try {
// ATENÇÃO ALTERAR CONFIGURAÇÃO ABAIXO CONFORME O TOKEN USADO
// Para TOKEN Branco a linha abaixo
// String pkcs11LibraryPath =
// "/usr/lib/watchdata/ICP/lib/libwdpkcs_icp.so";
// Para TOKEN Azul a linha abaixo
String pkcs11LibraryPath = "/usr/lib/libeToken.so";
StringBuilder buf = new StringBuilder();
buf.append("library = ").append(pkcs11LibraryPath).append("\nname = Provedor\n");
Provider p = new sun.security.pkcs11.SunPKCS11(new ByteArrayInputStream(buf.toString().getBytes()));
Security.addProvider(p);
// ATENÇÃO ALTERAR "SENHA" ABAIXO
Builder builder = KeyStore.Builder.newInstance("PKCS11", p, new KeyStore.PasswordProtection("senha".toCharArray()));
KeyStore ks;
ks = builder.getKeyStore();
return ks;
} catch (Exception e1) {
e1.printStackTrace();
return null;
} finally {
}
}
/**
* The provider name is used as a key to search for installed providers. If a
* provider exists with the same name, it will be used even if it relies on a
* different native library.
* @param nativeLibraryPath the path for the native library of the specific PKCS#11 provider
* @param providerName this string is concatenated with the prefix SunPKCS11- to produce this provider instance's name
* @param slotId the id of the slot that this provider instance is to be associated with (can be {@code null})
* @param certificateSelector the selector of signing certificate
* @param keyStorePasswordProvider the provider of the keystore loading password (can be {@code null})
* @param entryPasswordProvider the provider of entry passwords (may be {@code null})
* @param returnFullChain indicates if the full certificate chain should be returned, if available
* @throws KeyStoreException
*/
public PKCS11KeyStoreKeyingDataProvider(
final String nativeLibraryPath,
final String providerName,
final Integer slotId,
SigningCertSelector certificateSelector,
KeyStorePasswordProvider keyStorePasswordProvider,
KeyEntryPasswordProvider entryPasswordProvider,
boolean returnFullChain) throws KeyStoreException
{
super(new KeyStoreBuilderCreator()
{
@Override
public Builder getBuilder(ProtectionParameter loadProtection)
{
Provider p = getInstalledProvider(providerName);
if (p == null)
{
StringBuilder config = new StringBuilder("name = ").append(providerName);
config.append(System.getProperty("line.separator"));
config.append("library = ").append(nativeLibraryPath);
if(slotId != null)
{
config.append(System.getProperty("line.separator"));
config.append("slot = ").append(slotId);
}
ByteArrayInputStream configStream = new ByteArrayInputStream(config.toString().getBytes());
p = createPkcs11Provider(configStream);
Security.addProvider(p);
}
return KeyStore.Builder.newInstance("PKCS11", p, loadProtection);
}
}, certificateSelector, keyStorePasswordProvider, entryPasswordProvider, returnFullChain);
}
/**
*
* @param keyStoreType the type of the keystore (jks, pkcs12, etc)
* @param keyStorePath the file-system path of the keystore
* @param certificateSelector the selector of signing certificate
* @param keyStorePasswordProvider the provider of the keystore loading password
* @param entryPasswordProvider the provider of entry passwords
* @param returnFullChain indicates of the full certificate chain should be returned, if available
* @param provider provider for parsing this store type, if it is passed <i>null</i> will be used default provider
* @throws KeyStoreException
*/
public FileSystemKeyStoreKeyingDataProvider(
final String keyStoreType,
final String keyStorePath,
SigningCertSelector certificateSelector,
KeyStorePasswordProvider keyStorePasswordProvider,
KeyEntryPasswordProvider entryPasswordProvider,
boolean returnFullChain,
final Provider provider) throws KeyStoreException
{
super(new KeyStoreBuilderCreator()
{
@Override
public Builder getBuilder(ProtectionParameter loadProtection)
{
return KeyStore.Builder.newInstance(
keyStoreType,
provider,
new File(keyStorePath),
loadProtection);
}
},
certificateSelector,
keyStorePasswordProvider,
entryPasswordProvider,
returnFullChain);
}
X509KeyManagerImpl(Builder builder) {
this(Collections.singletonList(builder));
}
X509KeyManagerImpl(List<Builder> builders) {
this.builders = builders;
uidCounter = new AtomicLong();
entryCacheMap = Collections.synchronizedMap
(new SizedMap<String,Reference<PrivateKeyEntry>>());
}
X509KeyManagerImpl(Builder builder) {
this(Collections.singletonList(builder));
}
X509KeyManagerImpl(List<Builder> builders) {
this.builders = builders;
uidCounter = new AtomicLong();
entryCacheMap = Collections.synchronizedMap
(new SizedMap<String,Reference<PrivateKeyEntry>>());
}
private Builder loadKeyStore(final CertificateConfigEntry entry)
throws KeyStoreException
{
final File f = new File(entry.getKeyStore());
final KeyStoreType kt = entry.getKeyStoreType();
if ("PKCS11".equals(kt.getName()))
{
String config =
"name=" + f.getName() + "\nlibrary=" + f.getAbsoluteFile();
try
{
Class<?> pkcs11c =
Class.forName("sun.security.pkcs11.SunPKCS11");
Constructor<?> c = pkcs11c.getConstructor(InputStream.class);
Provider p =
(Provider) c.newInstance(new ByteArrayInputStream(config
.getBytes()));
Security.insertProviderAt(p, 0);
}
catch (Exception e)
{
logger.error("Tried to access the PKCS11 provider on an "
+ "unsupported platform or the load failed", e);
}
}
KeyStore.Builder ksBuilder =
KeyStore.Builder.newInstance(kt.getName(), null, f,
new KeyStore.CallbackHandlerProtection(new CallbackHandler()
{
public void handle(Callback[] callbacks)
throws IOException,
UnsupportedCallbackException
{
for (Callback cb : callbacks)
{
if (!(cb instanceof PasswordCallback))
throw new UnsupportedCallbackException(cb);
PasswordCallback pwcb = (PasswordCallback) cb;
if (entry.isSavePassword())
{
pwcb.setPassword(entry.getKeyStorePassword()
.toCharArray());
return;
}
else
{
AuthenticationWindowService
authenticationWindowService =
CertificateVerificationActivator
.getAuthenticationWindowService();
if(authenticationWindowService == null)
{
logger.error(
"No AuthenticationWindowService " +
"implementation");
throw new IOException("User cancel");
}
AuthenticationWindowService.AuthenticationWindow
aw = authenticationWindowService.create(
f.getName(),
null,
kt.getName(),
false,
false,
null, null, null, null,
null, null, null);
aw.setAllowSavePassword(false);
aw.setVisible(true);
if (!aw.isCanceled())
pwcb.setPassword(aw.getPassword());
else
throw new IOException("User cancel");
}
}
}
}));
return ksBuilder;
}
/**
* @param loadProtection the protection that should be used to load the keystore (may be null)
* @return the builder
*/
Builder getBuilder(ProtectionParameter loadProtection);