File Doc Category Size Date Package
WebPublicKeyStore.java API Doc phoneME MR2 API (J2ME) 10912 Wed May 02 18:00:26 BST 2007 com.sun.midp.publickeystore

WebPublicKeyStore

java.lang.Object
- PublicKeyStore

public class WebPublicKeyStore extends PublicKeyStore implements CertStore

A public keystore that can used with SSL. To work with SSL this class implements the SSL {@link CertStore} interface.

Fields Summary
private static SecurityToken
classSecurityToken
This class has a different security domain than the MIDlet suite
private static WebPublicKeyStore
trustedKeyStore
keystore this package uses for verifying descriptors
private static Vector
sharedKeyList
keystore this package uses for verifying descriptors
Constructors Summary
public WebPublicKeyStore(InputStream in, Vector sharedKeyList)
Constructs an extendable keystore from a serialized keystore created by {@link PublicKeyStoreBuilder}.
param
in stream to read a keystore serialized by {@link PublicKeyStoreBuilder#serialize(OutputStream)} from
param
sharedKeyList shared key list
exception
IOException if the key storage was corrupted
super(in, sharedKeyList);
public WebPublicKeyStore()
Constructs an keystore to initialize the class security token.

public WebPublicKeyStore(InputStream in)
Constructs an extendable keystore from a serialized keystore created by {@link PublicKeyStoreBuilder}.
param
in stream to read a keystore serialized by {@link PublicKeyStoreBuilder#serialize(OutputStream)} from
exception
IOException if the key storage was corrupted
super(in);
Methods Summary
public static X509Certificate createCertificate(PublicKeyInfo keyInfo)
Creates an {@link X509Certificate} using the given public key information.
param
keyInfo key information
return
X509 certificate
if (keyInfo == null) { return null; } try { X509Certificate cert; cert = new X509Certificate((byte)0, // fixed at version 1 (raw 0) new byte[0], keyInfo.getOwner(), keyInfo.getOwner(), // issuer same as subject keyInfo.getNotBefore(), keyInfo.getNotAfter(), keyInfo.getModulus(), keyInfo.getExponent(), null, // we don't use finger prints 0); return cert; } catch (Exception e) { return null; }
public static void disableCertAuthority(java.lang.String name)
Disable a certificate authority in the trusted keystore.
param
name name of the authority.
setCertAuthorityEnabledField(name, false);
public static void enableCertAuthority(java.lang.String name)
Enable a certificate authority in the trusted keystore.
param
name name of the authority.
setCertAuthorityEnabledField(name, true);
public X509Certificate[] getCertificates(java.lang.String subjectName)
Returns the certificate(s) corresponding to a subject name string.
param
subjectName subject name of the certificate in printable form.
return
corresponding certificates or null (if not found)
Vector keys; X509Certificate[] certs; keys = findKeys(subjectName); if (keys == null) { return null; } certs = new X509Certificate[keys.size()]; for (int i = 0; i < keys.size(); i++) { certs[i] = createCertificate((PublicKeyInfo)keys.elementAt(i)); } return certs;
public static com.sun.midp.publickeystore.WebPublicKeyStore getTrustedKeyStore()
Provides the keystore of resident public keys for security domain owners and other CA's. Loads the public key store if it has not already been loaded.
return
keystore of domain owner and CA keys
see
#setTrustedKeyStore
if (trustedKeyStore == null) { loadCertificateAuthorities(); } return trustedKeyStore;
public static void loadCertificateAuthorities()
Load the certificate authorities for the MIDP from storage into the SSL keystore.
RandomAccessStream storage; InputStream tks; WebPublicKeyStore ks; if (trustedKeyStore != null) { return; } try { storage = new RandomAccessStream(classSecurityToken); storage.connect(File.getStorageRoot(Constants.INTERNAL_STORAGE_ID) + "_main.ks", Connector.READ); tks = storage.openInputStream(); } catch (Exception e) { if (Logging.TRACE_ENABLED) { Logging.trace(e, "Could not open the trusted key store, " + "cannot authenticate HTTPS servers"); } return; } try { sharedKeyList = new Vector(); ks = new WebPublicKeyStore(tks, sharedKeyList); } catch (Exception e) { if (Logging.TRACE_ENABLED) { Logging.trace(e, "Corrupt key store file, cannot" + "authenticate HTTPS servers"); } return; } finally { try { storage.disconnect(); } catch (Exception e) { if (Logging.REPORT_LEVEL <= Logging.WARNING) { Logging.report(Logging.WARNING, LogChannels.LC_SECURITY, "Exception during diconnect"); } } } WebPublicKeyStore.setTrustedKeyStore(ks);
private static void saveKeyList()
Saves the shared key list to main key store.
PublicKeyStoreBuilderBase keystore; RandomAccessStream storage; OutputStream outputStream; if (trustedKeyStore == null) { return; } keystore = new PublicKeyStoreBuilderBase(sharedKeyList); try { storage = new RandomAccessStream(classSecurityToken); storage.connect(File.getStorageRoot(Constants.INTERNAL_STORAGE_ID) + "_main.ks", RandomAccessStream.READ_WRITE_TRUNCATE); outputStream = storage.openOutputStream(); } catch (Exception e) { if (Logging.TRACE_ENABLED) { Logging.trace(e, "Could not open the trusted key store, " + "cannot authenticate HTTPS servers"); } return; } try { keystore.serialize(outputStream); } catch (Exception e) { if (Logging.TRACE_ENABLED) { Logging.trace(e, "Corrupt key store file, cannot" + "authenticate HTTPS servers"); } return; } finally { try { storage.disconnect(); } catch (Exception e) { if (Logging.REPORT_LEVEL <= Logging.WARNING) { Logging.report(Logging.WARNING, LogChannels.LC_SECURITY, "Exception during diconnect"); } } }
private static void setCertAuthorityEnabledField(java.lang.String name, boolean enabled)
Disable a certificate authority in the trusted keystore.
param
name name of the authority.
param
enabled value of enable field
Vector keys; PublicKeyInfo keyInfo; MIDletSuite midletSuite = MIDletStateHandler.getMidletStateHandler().getMIDletSuite(); if (midletSuite == null) { throw new IllegalStateException("This method can't be called before " + "a suite is started."); } midletSuite.checkIfPermissionAllowed(Permissions.AMS); keys = trustedKeyStore.findKeys(name); if (keys == null || keys.size() <= 0) { return; } for (int i = 0; i < keys.size(); i++) { keyInfo = (PublicKeyInfo)keys.elementAt(i); keyInfo.enabled = enabled; } saveKeyList();
private static void setTrustedKeyStore(com.sun.midp.publickeystore.WebPublicKeyStore keyStore)
Establish the given keystore as the system trusted keystore. This is a one-shot method, it will only set the trusted keystore it there is no keystore set. For security purposes only read-only PublicKeyStores should be set.
param
keyStore keystore to be the system trusted keystore
see
#getTrustedKeyStore
if (trustedKeyStore != null) { return; } trustedKeyStore = keyStore;