FileDocCategorySizeDatePackage
KeyHolder.javaAPI DocApache James 2.3.113644Fri Jan 12 12:56:26 GMT 2007org.apache.james.security

KeyHolder

public class KeyHolder extends Object

Loads a {@link java.security.KeyStore} in memory and keeps it ready for the cryptographic activity.

It has the role of being a simpler intermediate to the crypto libraries. Uses specifically the Legion of the Bouncy Castle libraries, particularly for the SMIME activity.

version
CVS $Revision: 494012 $ $Date: 2007-01-08 11:23:58 +0100 (Mo, 08 Jan 2007) $
since
2.2.1

Fields Summary
private PrivateKey
privateKey
Holds value of property privateKey.
private X509Certificate
certificate
Holds value of property certificate.
private CertStore
certStore
Holds value of property certStore.
Constructors Summary
private KeyHolder()
Creates a new instance of KeyHolder
public KeyHolder(String keyStoreFileName, String keyStorePassword, String keyAlias, String keyAliasPassword, String keyStoreType)
Creates a new instance of KeyHolder using {@link java.security.KeyStore} related parameters.

param
keyStoreFileName The (absolute) file name of the .keystore file to load the keystore from.
param
keyStorePassword The (optional) password used to check the integrity of the keystore. If given, it is used to check the integrity of the keystore data, otherwise, if null, the integrity of the keystore is not checked.
param
keyAlias The alias name of the key. If missing (is null) and if there is only one key in the keystore, will default to it.
param
keyAliasPassword The password of the alias for recovering the key. If missing (is null) will default to keyStorePassword. At least one of the passwords must be provided.
param
keyStoreType The type of keystore. If missing (is null) will default to the keystore type as specified in the Java security properties file, or the string "jks" (acronym for "Java keystore") if no such property exists.
throws
java.security.KeyStoreException Thrown when the keyAlias is specified and not found, or is not specified and either no alias is found or more than one is found.
see
java.security.KeyStore#getDefaultType
see
java.security.KeyStore#getInstance(String)
see
java.security.KeyStore#load
see
java.security.KeyStore#getKey
see
java.security.KeyStore#getCertificate

        
        try {
            InitJCE.init();
        } catch (InstantiationException e) {
            NoSuchProviderException ex = new NoSuchProviderException("Error during cryptography provider initialization. Has bcprov-jdkxx-yyy.jar been copied in the lib directory or installed in the system?");
            ex.initCause(e);
            throw ex;
        } catch (IllegalAccessException e) {
            NoSuchProviderException ex = new NoSuchProviderException("Error during cryptography provider initialization. Has bcprov-jdkxx-yyy.jar been copied in the lib directory or installed in the system?");
            ex.initCause(e);
            throw ex;
        } catch (ClassNotFoundException e) {
            NoSuchProviderException ex = new NoSuchProviderException("Error during cryptography provider initialization. Has bcprov-jdkxx-yyy.jar been copied in the lib directory or installed in the system?");
            ex.initCause(e);
            throw ex;
        }

        if (keyStoreType == null) {
            keyStoreType = KeyStore.getDefaultType();
        }
        
        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
        keyStore.load(new BufferedInputStream(new FileInputStream(keyStoreFileName)), keyStorePassword.toCharArray());
        
        Enumeration aliases = keyStore.aliases();
        if (keyAlias == null) {
            if(aliases.hasMoreElements()) {
                keyAlias = (String) aliases.nextElement();
            } else {
                throw new KeyStoreException("No alias was found in keystore.");
            }
            if (aliases.hasMoreElements()) {
                throw new KeyStoreException("No <keyAlias> was given and more than one alias was found in keystore.");
                
            }
        }
        
        if (keyAliasPassword == null) {
            keyAliasPassword = keyStorePassword;
        }
        
        this.privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyAliasPassword.toCharArray());
        if (this.privateKey == null) {
            throw new KeyStoreException("The \"" + keyAlias + "\" PrivateKey alias was not found in keystore.");
        }
        
        this.certificate = (X509Certificate) keyStore.getCertificate(keyAlias);
        if (this.certificate == null) {
            throw new KeyStoreException("The \"" + keyAlias + "\" X509Certificate alias was not found in keystore.");
        }
        java.security.cert.Certificate[] certificateChain = keyStore.getCertificateChain(keyAlias);
        ArrayList certList = new ArrayList();
        if (certificateChain == null) {
            certList.add(this.certificate);
        } else {
            for (int i = 0; i < certificateChain.length; i++) {
                certList.add(certificateChain[i]);
            }
        }
        
        // create a CertStore containing the certificates we want carried
        // in the signature
        this.certStore = CertStore.getInstance("Collection",
        new CollectionCertStoreParameters(certList), "BC");
Methods Summary
public org.bouncycastle.mail.smime.SMIMESignedGeneratorcreateGenerator()
Creates an SMIMESignedGenerator. Includes a signer private key and certificate, and a pool of certs and cerls (if any) to go with the signature.

return
The generated SMIMESignedGenerator.

        
        // create the generator for creating an smime/signed message
        SMIMESignedGenerator generator = new SMIMESignedGenerator();
        
        // add a signer to the generator - this specifies we are using SHA1
        // the encryption algorithm used is taken from the key
        generator.addSigner(this.privateKey, this.certificate, SMIMESignedGenerator.DIGEST_SHA1);
        
        // add our pool of certs and cerls (if any) to go with the signature
        generator.addCertificatesAndCRLs(this.certStore);
        
        return generator;
private static java.lang.StringextractAttribute(java.lang.String DistinguishedName, java.lang.String attributeName)

        
        int i = DistinguishedName.indexOf(attributeName);
        
        if (i < 0) {
            return null;
        }
        
        i += attributeName.length();
        int j = DistinguishedName.indexOf(",", i);
        
        if (j - 1 <= 0) {
            return null;
        }
        
        return DistinguishedName.substring(i, j).trim();
public javax.mail.internet.MimeMultipartgenerate(javax.mail.internet.MimeMessage message)
Generates a signed MimeMultipart from a MimeMessage.

param
message The message to sign.
return
The signed MimeMultipart.

        
        // create the generator for creating an smime/signed MimeMultipart
        SMIMESignedGenerator generator = createGenerator();
        
        // do it
        return generator.generate(message, "BC");
public javax.mail.internet.MimeMultipartgenerate(javax.mail.internet.MimeBodyPart content)
Generates a signed MimeMultipart from a MimeBodyPart.

param
content The content to sign.
return
The signed MimeMultipart.

        
        // create the generator for creating an smime/signed MimeMultipart
        SMIMESignedGenerator generator = createGenerator();
        
        // do it
        return generator.generate(content, "BC");
public java.security.cert.CertStoregetCertStore()
Getter for property certStore.

return
Value of property certStore.

        return this.certStore;
public java.security.cert.X509CertificategetCertificate()
Getter for property certificate.

return
Value of property certificate.

        return this.certificate;
public static java.lang.StringgetDefaultType()
Returns the default keystore type as specified in the Java security properties file, or the string "jks" (acronym for "Java keystore") if no such property exists.

return
The defaultType, issuing a KeyStore.getDefaultType().

        return KeyStore.getDefaultType();
public java.security.PrivateKeygetPrivateKey()
Getter for property privateKey.

return
Value of property privateKey.

        return this.privateKey;
public static java.lang.StringgetSignerAddress(java.security.cert.X509Certificate certificate)
Extracts the signer email address (EMAILADDRESS=) from an X509Certificate distinguished name.

param
certificate The certificate to extract the information from.
return
The requested information.
see
getSignerDistinguishedName(X509Certificate)

        
        return extractAttribute(certificate.getSubjectDN().toString(), "EMAILADDRESS=");
public java.lang.StringgetSignerAddress()
Getter for property signerAddress.

return
Value of property signerMailAddress.
see
getSignerAddress(X509Certificate)

        return getSignerAddress(getCertificate());
public static java.lang.StringgetSignerCN(java.security.cert.X509Certificate certificate)
Extracts the signer common name (CN=) from an X509Certificate distinguished name.

param
certificate The certificate to extract the information from.
return
The requested information.
see
getSignerDistinguishedName(X509Certificate)

        
        return extractAttribute(certificate.getSubjectDN().toString(), "CN=");
public java.lang.StringgetSignerCN()
Getter for property signerCN.

return
Value of property signerCN.
see
getSignerCN(X509Certificate)

        return getSignerCN(getCertificate());
public static java.lang.StringgetSignerDistinguishedName(java.security.cert.X509Certificate certificate)
Extracts the signer distinguished name (DN) from an X509Certificate.

param
certificate The certificate to extract the information from.
return
The requested information.

        
        return certificate.getSubjectDN().toString();
public java.lang.StringgetSignerDistinguishedName()
Getter for property signerDistinguishedName.

return
Value of property signerDistinguishedName.
see
getSignerDistinguishedName(X509Certificate)

        return getSignerDistinguishedName(getCertificate());