下面列出了java.security.KeyStoreException#getMessage ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
public void setSymmetricKeyEntry(int userId, int uid, String alias, byte[] secretKey)
throws KeyStoreException {
Log.i(TAG, String.format(Locale.US, "Set %d/%d/%s: %d bytes of key material",
userId, uid, alias, secretKey.length));
try {
mKeyStore.setEntry(
getInternalAlias(userId, uid, alias),
new SecretKeyEntry(
new SecretKeySpec(secretKey, KeyProperties.KEY_ALGORITHM_AES)),
new KeyProtection.Builder(
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build());
} catch (KeyStoreException e) {
throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
}
}
/**
* Get the certificate chain for the CA certificate
*
* @param trustedKs
* @return
*/
private Certificate[] getCaCertChain(KeyStore trustedKs)
{
Certificate[] caCertChain = null;
String certAlias = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_CERT_ALIAS);
try
{
caCertChain = trustedKs.getCertificateChain(certAlias);
}
catch(KeyStoreException kse)
{
throw new AlfrescoRuntimeException(kse.getMessage());
}
return caCertChain;
}
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
try {
KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
Validate.notNull(store);
LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
store.load(param);
if (this.distributedKeyStores.containsKey(key)) {
LOG.info("Key [" + key + "] already in cache.");
}
this.distributedKeyStores.put(key, store);
return store;
} catch (IOException var5) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
} catch (KeyStoreException var6) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
} catch (NoSuchAlgorithmException var7) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
} catch (CertificateException var8) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
}
}
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
try {
KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
Validate.notNull(store);
LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
store.load(param);
if (this.distributedKeyStores.containsKey(key)) {
LOG.info("Key [" + key + "] already in cache.");
}
this.distributedKeyStores.put(key, store);
return store;
} catch (IOException var5) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
} catch (KeyStoreException var6) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
} catch (NoSuchAlgorithmException var7) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
} catch (CertificateException var8) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
}
}
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
try {
KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
Validate.notNull(store);
LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
store.load(param);
if (this.distributedKeyStores.containsKey(key)) {
LOG.info("Key [" + key + "] already in cache.");
}
this.distributedKeyStores.put(key, store);
return store;
} catch (IOException var5) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
} catch (KeyStoreException var6) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
} catch (NoSuchAlgorithmException var7) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
} catch (CertificateException var8) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
}
}
/**
* validates a specific alias inside of the keystore being passed in
*
* @param keyStore
* @param keyAlias
* @return the keyAlias if valid
* @throws CertificateException
*/
public String validate(KeyStore keyStore, String keyAlias) throws CertificateException
{
String result = null;
if (keyAlias != null)
{
try
{
validate(keyStore, keyStore.getCertificate(keyAlias));
}
catch (KeyStoreException kse)
{
LOG.debug(kse);
throw new CertificateException("Unable to validate certificate" +
" for alias [" + keyAlias + "]: " + kse.getMessage(), kse);
}
result = keyAlias;
}
return result;
}
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
try {
KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
Validate.notNull(store);
LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
store.load(param);
if (this.distributedKeyStores.containsKey(key)) {
LOG.info("Key [" + key + "] already in cache.");
}
this.distributedKeyStores.put(key, store);
return store;
} catch (IOException var5) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
} catch (KeyStoreException var6) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
} catch (NoSuchAlgorithmException var7) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
} catch (CertificateException var8) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
}
}
/**
* Sets the default trust manager based on the SunX509 trustManagement algorithm
*
* We use a non-verification Trust Manager
**/
private void setDefaultTrustManager()
{
String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
try
{
TrustManagerFactory tmf = TrustManagerFactory.getInstance( defaultAlgorithm );
tmf.init( ( KeyStore ) null );
trustManagers = tmf.getTrustManagers();
}
catch ( KeyStoreException kse )
{
LOG.error( I18n.err( I18n.ERR_04172_KEYSTORE_INIT_FAILURE ) );
throw new RuntimeException( kse.getMessage(), kse );
}
catch ( NoSuchAlgorithmException nsae )
{
LOG.error( I18n.err( I18n.ERR_04173_ALGORITHM_NOT_FOUND, defaultAlgorithm ) );
throw new RuntimeException( nsae.getMessage(), nsae );
}
}
public void deleteEntry(int userId, int uid, String alias) {
Log.i(TAG, String.format(Locale.US, "Del %d/%d/%s", userId, uid, alias));
try {
mKeyStore.deleteEntry(getInternalAlias(userId, uid, alias));
} catch (KeyStoreException e) {
throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
}
}
private void addCertificate(X509Certificate cert) throws TechnicalConnectorException {
try {
String alias = cert.getSubjectX500Principal().getName("RFC2253");
this.store.setCertificateEntry(alias, cert);
} catch (KeyStoreException var3) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var3, new Object[]{var3.getMessage()});
}
}
/**
* validates a specific certificate inside of the keystore being passed in
*
* @param keyStore
* @param cert
* @throws CertificateException
*/
public void validate(KeyStore keyStore, Certificate cert) throws CertificateException
{
Certificate[] certChain = null;
if (cert != null && cert instanceof X509Certificate)
{
((X509Certificate)cert).checkValidity();
String certAlias = null;
try
{
if (keyStore == null)
{
throw new InvalidParameterException("Keystore cannot be null");
}
certAlias = keyStore.getCertificateAlias((X509Certificate)cert);
if (certAlias == null)
{
certAlias = "JETTY" + String.format("%016X",__aliasCount.incrementAndGet());
keyStore.setCertificateEntry(certAlias, cert);
}
certChain = keyStore.getCertificateChain(certAlias);
if (certChain == null || certChain.length == 0)
{
throw new IllegalStateException("Unable to retrieve certificate chain");
}
}
catch (KeyStoreException kse)
{
LOG.debug(kse);
throw new CertificateException("Unable to validate certificate" +
(certAlias == null ? "":" for alias [" +certAlias + "]") + ": " + kse.getMessage(), kse);
}
validate(certChain);
}
}
private void addCertificate(X509Certificate cert) throws TechnicalConnectorException {
try {
String alias = cert.getSubjectX500Principal().getName("RFC2253");
this.store.setCertificateEntry(alias, cert);
} catch (KeyStoreException var3) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var3, new Object[]{var3.getMessage()});
}
}
/**
* Get the trusted keystore as configured in the extension properties.
*
* @return
*/
private KeyStore getTrustedKeyStore()
{
try
{
String keystorePassword = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_KEYSTORE_PASSWORD);
String keystorePath = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_KEYSTORE_PATH);
KeyStore keystore = KeyStore.getInstance("pkcs12");
FileInputStream keyStream = new FileInputStream(keystorePath);
keystore.load(keyStream, keystorePassword.toCharArray());
// return the keystore
return keystore;
}
catch(KeyStoreException kse)
{
throw new AlfrescoRuntimeException(kse.getMessage());
}
catch (java.security.cert.CertificateException ce)
{
throw new AlfrescoRuntimeException(ce.getMessage());
}
catch(NoSuchAlgorithmException nsaex)
{
throw new AlfrescoRuntimeException(nsaex.getMessage());
}
catch (IOException ioex)
{
throw new AlfrescoRuntimeException(ioex.getMessage());
}
}
@Override
protected KeyWrapper loadKey(RealmModel realm, ComponentModel model) {
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(model.get(JavaKeystoreKeyProviderFactory.KEYSTORE_KEY)), model.get(JavaKeystoreKeyProviderFactory.KEYSTORE_PASSWORD_KEY).toCharArray());
PrivateKey privateKey = (PrivateKey) keyStore.getKey(model.get(JavaKeystoreKeyProviderFactory.KEY_ALIAS_KEY), model.get(JavaKeystoreKeyProviderFactory.KEY_PASSWORD_KEY).toCharArray());
PublicKey publicKey = KeyUtils.extractPublicKey(privateKey);
KeyPair keyPair = new KeyPair(publicKey, privateKey);
X509Certificate certificate = (X509Certificate) keyStore.getCertificate(model.get(JavaKeystoreKeyProviderFactory.KEY_ALIAS_KEY));
if (certificate == null) {
certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, realm.getName());
}
return createKeyWrapper(keyPair, certificate);
} catch (KeyStoreException kse) {
throw new RuntimeException("KeyStore error on server. " + kse.getMessage(), kse);
} catch (FileNotFoundException fnfe) {
throw new RuntimeException("File not found on server. " + fnfe.getMessage(), fnfe);
} catch (IOException ioe) {
throw new RuntimeException("IO error on server. " + ioe.getMessage(), ioe);
} catch (NoSuchAlgorithmException nsae) {
throw new RuntimeException("Algorithm not available on server. " + nsae.getMessage(), nsae);
} catch (CertificateException ce) {
throw new RuntimeException("Certificate error on server. " + ce.getMessage(), ce);
} catch (UnrecoverableKeyException uke) {
throw new RuntimeException("Keystore on server can not be recovered. " + uke.getMessage(), uke);
}
}
/**
* validates a specific certificate inside of the keystore being passed in
*
* @param keyStore
* @param cert
* @throws CertificateException
*/
public void validate(KeyStore keyStore, Certificate cert) throws CertificateException
{
Certificate[] certChain = null;
if (cert != null && cert instanceof X509Certificate)
{
((X509Certificate)cert).checkValidity();
String certAlias = null;
try
{
if (keyStore == null)
{
throw new InvalidParameterException("Keystore cannot be null");
}
certAlias = keyStore.getCertificateAlias((X509Certificate)cert);
if (certAlias == null)
{
certAlias = "JETTY" + String.format("%016X",__aliasCount.incrementAndGet());
keyStore.setCertificateEntry(certAlias, cert);
}
certChain = keyStore.getCertificateChain(certAlias);
if (certChain == null || certChain.length == 0)
{
throw new IllegalStateException("Unable to retrieve certificate chain");
}
}
catch (KeyStoreException kse)
{
LOG.debug(kse);
throw new CertificateException("Unable to validate certificate" +
(certAlias == null ? "":" for alias [" +certAlias + "]") + ": " + kse.getMessage(), kse);
}
validate(certChain);
}
}
@Override
public boolean isKeystoreContainAlias(String alias) throws PFSecurityException {
final KeyStore keyStore = loadKeyStore();
try {
return keyStore.containsAlias(alias);
} catch (KeyStoreException e) {
e.printStackTrace();
throw new PFSecurityException(
e.getMessage(),
PFSecurityUtilsErrorCodes.ERROR_KEY_STORE
);
}
}
/**
* Delete key from KeyStore.
* @param alias KeyStore alias.
* @throws PFSecurityException throw Exception if something went wrong.
*/
@Override
public void deleteKey(String alias) throws PFSecurityException {
final KeyStore keyStore = loadKeyStore();
try {
keyStore.deleteEntry(alias);
} catch (KeyStoreException e) {
e.printStackTrace();
throw new PFSecurityException(
"Can not delete key: " + e.getMessage(),
PFSecurityUtilsErrorCodes.ERROR_DELETE_KEY
);
}
}
static void deleteKeyPair(@NonNull Context context) throws SecureStorageException {
// Delete Key from Keystore
if (keyPairExists()) {
try {
getKeyStoreInstance().deleteEntry(KEY_ALIAS);
} catch (KeyStoreException e) {
throw new SecureStorageException(e.getMessage(), e, KEYSTORE_EXCEPTION);
}
} else if (BuildConfig.DEBUG) {
Log.e(KeystoreTool.class.getName(),
context.getString(R.string.message_keypair_does_not_exist));
}
}
/**
* Test for <code>KeyStoreException(String, Throwable)</code> constructor
* Assertion: constructs KeyStoreException when <code>cause</code> is not
* null <code>msg</code> is null
*/
public void testKeyStoreException08() {
KeyStoreException tE = new KeyStoreException(null, tCause);
if (tE.getMessage() != null) {
String toS = tCause.toString();
String getM = tE.getMessage();
assertTrue("getMessage() must should ".concat(toS), (getM
.indexOf(toS) != -1));
}
assertNotNull("getCause() must not return null", tE.getCause());
assertEquals("getCause() must return ".concat(tCause.toString()), tE
.getCause(), tCause);
}
@Override
protected void executeImpl(Action ruleAction, NodeRef actionedUponNodeRef)
{
NodeService nodeService = serviceRegistry.getNodeService();
ContentService contentService = serviceRegistry.getContentService();
byte[] sigBytes;
if (nodeService.exists(actionedUponNodeRef) == false)
{
return;
}
String location = (String)ruleAction.getParameterValue(PARAM_LOCATION);
String geolocation = (String)ruleAction.getParameterValue(PARAM_GEOLOCATION);
String reason = (String)ruleAction.getParameterValue(PARAM_REASON);
String keyPassword = (String)ruleAction.getParameterValue(PARAM_KEY_PASSWORD);
// get a hash of the document
InputStream contentStream = contentService.
getReader(actionedUponNodeRef, ContentModel.PROP_CONTENT).getContentInputStream();
try
{
// get the user's private key
String user = AuthenticationUtil.getRunAsUser();
SignatureProvider signatureProvider = signatureProviderFactory.getSignatureProvider(user);
KeyStore keystore = signatureProvider.getUserKeyStore(keyPassword);
PrivateKey key = (PrivateKey)keystore.getKey(alias, keyPassword.toCharArray());
// compute the document hash
byte[] hash = signatureProvider.computeHash(contentStream);
// sign the hash
sigBytes = signatureProvider.signHash(hash, keyPassword);
// create a "signature" node and associate it with the signed doc
NodeRef sig = addSignatureNodeAssociation(actionedUponNodeRef, location, reason,
"none", new java.util.Date(), geolocation, -1, "none");
// save the signature
ContentWriter writer = contentService.getWriter(sig, ContentModel.PROP_CONTENT, true);
writer.putContent(new ByteArrayInputStream(sigBytes));
// also save the expected hash in the signature
nodeService.setProperty(sig, CounterSignSignatureModel.PROP_DOCHASH, new String(hash));
}
catch(UnrecoverableKeyException uke)
{
throw new AlfrescoRuntimeException(uke.getMessage());
}
catch (KeyStoreException kse)
{
throw new AlfrescoRuntimeException(kse.getMessage());
}
catch (NoSuchAlgorithmException nsae)
{
throw new AlfrescoRuntimeException(nsae.getMessage());
}
catch (Exception e)
{
throw new AlfrescoRuntimeException(e.getMessage());
}
}