| Methods Summary |
|---|
| public synchronized boolean | aliasExists(java.lang.String alias)See if the given alias exists
return _pwdStore.containsAlias(alias);
|
| public synchronized void | changePassword(char[] newMasterPassword)Changes the keystore password, including the encoding of the keys within it.
There are several error conditions that could occur:
- Problem extracting existing alias keys with new ones.
- Problem writing the keystore, including destroying it if an I/O problem occurs.
For these reasons, make a new KeyStore and write it, then swap it with the old
one.
final char[] oldMasterPassword = getMasterPassword();
//debug( "Changing master password from " + new String(oldMasterPassword) + " to " + new String(newMasterPassword) );
//debugState( "BEFORE changing master password" );
writeKeyStoreSafe(newMasterPassword);
//debugState( "AFTER changing master password" );
|
| private java.security.KeyStore | duplicateKeyStore(char[] newMasterPassword)Make a new in-memory KeyStore with all the keys secured with
the new master password.
final char[] oldMasterPassword = getMasterPassword();
final KeyStore oldStore = _pwdStore;
final KeyStore newKeyStore = KeyStore.getInstance("JCEKS", _pwdStore.getProvider() );
newKeyStore.load( null, newMasterPassword );
final Enumeration<String> aliasesEnum = oldStore.aliases();
while ( aliasesEnum.hasMoreElements() )
{
final String alias = aliasesEnum.nextElement();
if ( ! oldStore.isKeyEntry( alias ) )
{
throw new IllegalArgumentException( "Expecting keys only" );
}
final Key key = oldStore.getKey( alias, oldMasterPassword );
newKeyStore.setKeyEntry( alias, key, newMasterPassword, null);
}
return newKeyStore;
|
| public synchronized java.util.Enumeration | getAliases()Return the aliases from the keystore.
return _pwdStore.aliases();
|
| private static java.lang.String | getDefaultKeyFileName()
return System.getProperty(SystemPropertyConstants.INSTANCE_ROOT_PROPERTY) +
File.separator + "config" + File.separator + PASSWORD_ALIAS_KEYSTORE;
|
| private char[] | getMasterPassword()
return _masterPassword;
|
| public synchronized java.lang.String | getPasswordForAlias(java.lang.String alias)This methods returns password String for a given alias and SMP.
String passwordString = null;
final Key key = _pwdStore.getKey( alias, getMasterPassword() );
if ( key != null )
{
passwordString = new String( key.getEncoded() );
}
return passwordString;
|
| public synchronized javax.crypto.SecretKey | getPasswordSecretKeyForAlias(java.lang.String alias)This methods returns password SecretKey for a given alias and SMP.
return (SecretKey)_pwdStore.getKey(alias, getMasterPassword());
|
| private static java.security.KeyStore | loadKeyStore(java.io.File keyStoreFile, char[] masterPassword)Construct a PasswordAdapter with given Shared Master Password,
SMP.
final KeyStore keyStore = KeyStore.getInstance("JCEKS");
if ( keyStoreFile.exists() )
{
// don't buffer keystore; it's tiny anyway
final FileInputStream input = new FileInputStream( keyStoreFile );
try {
keyStore.load( input, masterPassword );
}
finally {
input.close();
}
}
else
{
keyStore.load( null, masterPassword );
}
return keyStore;
|
| public synchronized void | removeAlias(java.lang.String alias)Remove an alias from the keystore
_pwdStore.deleteEntry(alias);
writeStore();
|
| private void | setMasterPassword(char[] smp)
_masterPassword = smp;
|
| public synchronized void | setPasswordForAlias(java.lang.String alias, byte[] keyBytes)This methods set alias, secretKey into JCEKS keystore.
//debugState( "BEFORE setPasswordForAlias" );
final Key key = new SecretKeySpec(keyBytes, "AES");
_pwdStore.setKeyEntry( alias, key, getMasterPassword(), null);
writeStore();
//debugState( "AFTER setPasswordForAlias" );
|
| private synchronized void | writeKeyStoreSafe(char[] masterPassword)Writes the current KeyStore to disk in a manner that preserves its
on-disk representation from being destroyed if something goes wrong;
a temporary file is used.
final boolean keystoreExists = _keyFile.exists();
// if the KeyStore exists, update it in a manner that doesn't destroy
// the existing store if a failure occurs.
if ( keystoreExists )
{
final KeyStore oldStore = _pwdStore;
final KeyStore newKeyStore = duplicateKeyStore( masterPassword );
// 'newKeyStore' is now complete; rename the old KeyStore, the write the new one in its place
final File saveOld = new File( _keyFile.toString() + ".save" );
if ( ! _keyFile.renameTo( saveOld ) )
{
final String msg = "Can't rename " + _keyFile + " to " + saveOld;
throw new IOException( msg );
}
try
{
//debug( "Writing KeyStore to " + _keyFile + " using master password = " + new String(masterPassword) );
writeKeyStoreToFile( newKeyStore, _keyFile, masterPassword );
_pwdStore = newKeyStore;
_masterPassword = masterPassword;
//debug( "KeyStore written successfully" );
}
catch( final Throwable t )
{
try
{
saveOld.renameTo( _keyFile );
}
catch( final Throwable tt )
{
/* best effort failed */
throw new RuntimeException( "Could not write new KeyStore, and " +
"cannot restore KeyStore to original state", tt );
}
throw new RuntimeException( "Can't write new KeyStore", t );
}
try
{
//debug( "deleting old keystore " + saveOld );
saveOld.delete();
// //debug( "done deleting old keystore " saveOld );
}
catch( Throwable t )
{
throw new RuntimeException( "Can't remove old KeyStore \"" + _keyFile + "\"", t );
}
}
else
{
//debug( "Writing new KeyStore to " + _keyFile + " using master password = " + new String(masterPassword) );
writeKeyStoreToFile( _pwdStore, _keyFile, masterPassword );
}
//debugState( "AFTER changing master password" );
loadKeyStore( _keyFile, getMasterPassword() );
//debugState( "AFTER forcing reload from file" );
|
| private static void | writeKeyStoreToFile(java.security.KeyStore keyStore, java.io.File file, char[] masterPassword)Write the KeyStore to disk. Calling code should protect against
overwriting any original file.
final FileOutputStream out = new FileOutputStream(file);
try
{
keyStore.store( out, masterPassword);
}
finally
{
out.close();
}
|
| public void | writeStore()Writes the keystore to disk
writeKeyStoreSafe( getMasterPassword() );
|
