Produced by Araxis Merge on 9/25/2018 2:13:27 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\tools\keytool | CertAndKeyGen.java | Mon Jan 22 14:46:54 2018 UTC |
2 | build 3.zip\build 3\MHLTH_YS_137_Source\JavaScript\resources\javaJDF-1.8.0\src\sun\security\tools\keytool | CertAndKeyGen.java | Wed Sep 12 17:55:11 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 2 | 654 |
Changed | 1 | 2 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /* | |
2 | * Copyrig ht (c) 199 6, 2012, O racle and/ or its aff iliates. A ll rights reserved. | |
3 | * DO NOT ALTER OR R EMOVE COPY RIGHT NOTI CES OR THI S FILE HEA DER. | |
4 | * | |
5 | * This co de is free software; you can r edistribut e it and/o r modify i t | |
6 | * under t he terms o f the GNU General Pu blic Licen se version 2 only, a s | |
7 | * publish ed by the Free Softw are Founda tion. Ora cle design ates this | |
8 | * particu lar file a s subject to the "Cl asspath" e xception a s provided | |
9 | * by Orac le in the LICENSE fi le that ac companied this code. | |
10 | * | |
11 | * This co de is dist ributed in the hope that it wi ll be usef ul, but WI THOUT | |
12 | * ANY WAR RANTY; wit hout even the implie d warranty of MERCHA NTABILITY or | |
13 | * FITNESS FOR A PAR TICULAR PU RPOSE. Se e the GNU General Pu blic Licen se | |
14 | * version 2 for mor e details (a copy is included in the LIC ENSE file that | |
15 | * accompa nied this code). | |
16 | * | |
17 | * You sho uld have r eceived a copy of th e GNU Gene ral Public License v ersion | |
18 | * 2 along with this work; if not, write to the Fr ee Softwar e Foundati on, | |
19 | * Inc., 5 1 Franklin St, Fifth Floor, Bo ston, MA 0 2110-1301 USA. | |
20 | * | |
21 | * Please contact Or acle, 500 Oracle Par kway, Redw ood Shores , CA 94065 USA | |
22 | * or visi t www.orac le.com if you need a dditional informatio n or have any | |
23 | * questio ns. | |
24 | */ | |
25 | ||
26 | package su n.security .tools.key tool; | |
27 | ||
28 | import jav a.io.IOExc eption; | |
29 | import jav a.security .cert.X509 Certificat e; | |
30 | import jav a.security .cert.Cert ificateExc eption; | |
31 | import jav a.security .cert.Cert ificateEnc odingExcep tion; | |
32 | import jav a.security .*; | |
33 | import jav a.util.Dat e; | |
34 | ||
35 | import sun .security. pkcs10.PKC S10; | |
36 | import sun .security. x509.*; | |
37 | ||
38 | ||
39 | /** | |
40 | * Generat e a pair o f keys, an d provide access to them. Thi s class is | |
41 | * provide d primaril y for ease of use. | |
42 | * | |
43 | * <P>This provides some simpl e certific ate manage ment funct ionality. | |
44 | * Specifi cally, it allows you to create self-sign ed X.509 c ertificate s | |
45 | * as well as PKCS 1 0 based ce rtificate signing re quests. | |
46 | * | |
47 | * <P>Keys for some public key signature algorithm s have alg orithm | |
48 | * paramet ers, such as DSS/DSA . Some si tes' Certi ficate Aut horities | |
49 | * adopt f ixed algor ithm param eters, whi ch speeds up some op erations | |
50 | * includi ng key gen eration an d signing. <em>At t his time, this inter face | |
51 | * does no t provide a way to p rovide suc h algorith m paramete rs, e.g. | |
52 | * by prov iding the CA certifi cate which includes those para meters.</e m> | |
53 | * | |
54 | * <P>Also , note tha t at this time only signature- capable ke ys may be | |
55 | * acquire d through this inter face. Dif fie-Hellma n keys, us ed for sec ure | |
56 | * key exc hange, may be suppor ted later. | |
57 | * | |
58 | * @author David Bro wnell | |
59 | * @author Hemma Pra fullchandr a | |
60 | * @see PK CS10 | |
61 | * @see X5 09CertImpl | |
62 | */ | |
63 | public fin al class C ertAndKeyG en { | |
64 | /** | |
65 | * Cre ates a Cer tAndKeyGen object fo r a partic ular key t ype | |
66 | * and signature algorithm . | |
67 | * | |
68 | * @pa ram keyTyp e type of key, e.g. "RSA", "DS A" | |
69 | * @pa ram sigAlg name of t he signatu re algorit hm, e.g. " MD5WithRSA ", | |
70 | * "MD2 WithRSA", "SHAwithDS A". | |
71 | * @ex ception No SuchAlgori thmExcepti on on unre cognized a lgorithms. | |
72 | */ | |
73 | public CertAndKe yGen (Stri ng keyType , String s igAlg) | |
74 | throws NoSuchAlg orithmExce ption | |
75 | { | |
76 | ke yGen = Key PairGenera tor.getIns tance(keyT ype); | |
77 | th is.sigAlg = sigAlg; | |
78 | } | |
79 | ||
80 | /** | |
81 | * Cre ates a Cer tAndKeyGen object fo r a partic ular key t ype, | |
82 | * sig nature alg orithm, an d provider . | |
83 | * | |
84 | * @pa ram keyTyp e type of key, e.g. "RSA", "DS A" | |
85 | * @pa ram sigAlg name of t he signatu re algorit hm, e.g. " MD5WithRSA ", | |
86 | * "MD2 WithRSA", "SHAwithDS A". | |
87 | * @pa ram provid erName nam e of the p rovider | |
88 | * @ex ception No SuchAlgori thmExcepti on on unre cognized a lgorithms. | |
89 | * @ex ception No SuchProvid erExceptio n on unrec ognized pr oviders. | |
90 | */ | |
91 | public CertAndKe yGen (Stri ng keyType , String s igAlg, Str ing provid erName) | |
92 | throws NoSuchAlg orithmExce ption, NoS uchProvide rException | |
93 | { | |
94 | if (provider Name == nu ll) { | |
95 | keyGen = KeyPairGe nerator.ge tInstance( keyType); | |
96 | } else { | |
97 | try { | |
98 | keyG en = KeyPa irGenerato r.getInsta nce(keyTyp e, provide rName); | |
99 | } catch (Exception e) { | |
100 | // t ry first a vailable p rovider in stead | |
101 | keyG en = KeyPa irGenerato r.getInsta nce(keyTyp e); | |
102 | } | |
103 | } | |
104 | th is.sigAlg = sigAlg; | |
105 | } | |
106 | ||
107 | /** | |
108 | * Set s the sour ce of rand om numbers used when generatin g keys. | |
109 | * If you do not provide o ne, a syst em default facility is used. | |
110 | * You may wish to provide your own source of random num bers | |
111 | * to get a repr oducible s equence of keys and signatures , or | |
112 | * bec ause you m ay be able to take a dvantage o f strong s ources | |
113 | * of randomness /entropy i n your env ironment. | |
114 | */ | |
115 | public void setRan dom (Secur eRandom ge nerator) | |
116 | { | |
117 | pr ng = gener ator; | |
118 | } | |
119 | ||
120 | // wan t "public void gener ate (X509C ertificate )" ... inh erit DSA/D -H param | |
121 | ||
122 | /** | |
123 | * Gen erates a r andom publ ic/private key pair, with a gi ven key | |
124 | * siz e. Differ ent algori thms provi de differe nt degrees of securi ty | |
125 | * for the same key size, because of the "work factor" i nvolved in | |
126 | * bru te force a ttacks. A s computer s become f aster, it becomes | |
127 | * eas ier to per form such attacks. Small keys are to be avoided. | |
128 | * | |
129 | * <P> Note that not all va lues of "k eyBits" ar e valid fo r all | |
130 | * alg orithms, a nd not all public ke y algorith ms are cur rently | |
131 | * sup ported for use in X. 509 certif icates. I f the algo rithm | |
132 | * you specified does not produce X. 509 compat ible keys, an | |
133 | * inv alid key e xception i s thrown. | |
134 | * | |
135 | * @pa ram keyBit s the numb er of bits in the ke ys. | |
136 | * @ex ception In validKeyEx ception if the envir onment doe s not | |
137 | * pr ovide X.50 9 public k eys for th is signatu re algorit hm. | |
138 | */ | |
139 | public void gene rate (int keyBits) | |
140 | throws InvalidKe yException | |
141 | { | |
142 | Ke yPair pair ; | |
143 | ||
144 | tr y { | |
145 | if (prng == null) { | |
146 | prng = new Sec ureRandom( ); | |
147 | } | |
148 | keyGen.i nitialize( keyBits, p rng); | |
149 | pair = k eyGen.gene rateKeyPai r(); | |
150 | ||
151 | } catch (Exc eption e) { | |
152 | throw ne w IllegalA rgumentExc eption(e.g etMessage( )); | |
153 | } | |
154 | ||
155 | pu blicKey = pair.getPu blic(); | |
156 | pr ivateKey = pair.getP rivate(); | |
157 | ||
158 | // publicKey 's format must be X. 509 otherw ise | |
159 | // the whole CertGen p art of thi s class is broken. | |
160 | if (!"X.509" .equalsIgn oreCase(pu blicKey.ge tFormat()) ) { | |
161 | throw ne w IllegalA rgumentExc eption("pu blicKey's is not X.5 09, but " | |
162 | + publicKe y.getForma t()); | |
163 | } | |
164 | } | |
165 | ||
166 | ||
167 | /** | |
168 | * Ret urns the p ublic key of the gen erated key pair if i t is of ty pe | |
169 | * <co de>X509Key </code>, o r null if the public key is of a differe nt type. | |
170 | * | |
171 | * XXX Note: Thi s behaviou r is neede d for back wards comp atibility. | |
172 | * Wha t this met hod really should re turn is th e public k ey of the | |
173 | * gen erated key pair, reg ardless of whether o r not it i s an insta nce of | |
174 | * <co de>X509Key </code>. A ccordingly , the retu rn type of this meth od | |
175 | * sho uld be <co de>PublicK ey</code>. | |
176 | */ | |
177 | public X509Key g etPublicKe y() | |
178 | { | |
179 | if (!(public Key instan ceof X509K ey)) { | |
180 | return n ull; | |
181 | } | |
182 | re turn (X509 Key)public Key; | |
183 | } | |
184 | ||
185 | /** | |
186 | * Alw ays return s the publ ic key of the genera ted key pa ir. Used | |
187 | * by KeyTool on ly. | |
188 | * | |
189 | * The publicKey is not ne cessarily to be an i nstance of | |
190 | * X50 9Key in so me JCA/JCE providers , for exam ple SunPKC S11. | |
191 | */ | |
192 | public PublicKey getPublic KeyAnyway( ) { | |
193 | re turn publi cKey; | |
194 | } | |
195 | ||
196 | /** | |
197 | * Ret urns the p rivate key of the ge nerated ke y pair. | |
198 | * | |
199 | * <P> <STRONG><e m>Be extre mely caref ul when ha ndling pri vate keys. | |
200 | * When pri vate keys are not ke pt PW , they los e their ab ility | |
201 | * to securely a uthenticat e specific entities ... that i s a huge | |
202 | * sec urity risk !</em></ST RONG> | |
203 | */ | |
204 | public PrivateKe y getPriva teKey () | |
205 | { | |
206 | re turn priva teKey; | |
207 | } | |
208 | ||
209 | /** | |
210 | * Ret urns a sel f-signed X .509v3 cer tificate f or the pub lic key. | |
211 | * The certifica te is imme diately va lid. No ex tensions. | |
212 | * | |
213 | * <P> Such certi ficates no rmally are used to i dentify a "Certifica te | |
214 | * Aut hority" (C A). Accor dingly, th ey will no t always b e accepted by | |
215 | * oth er parties . However , such cer tificates are also u seful when | |
216 | * you are boots trapping y our securi ty infrast ructure, o r deployin g | |
217 | * sys tem protot ypes. | |
218 | * | |
219 | * @pa ram myname X.500 nam e of the s ubject (wh o is also the issuer ) | |
220 | * @pa ram firstD ate the is sue time o f the cert ificate | |
221 | * @pa ram validi ty how lon g the cert ificate sh ould be va lid, in se conds | |
222 | * @ex ception Ce rtificateE xception o n certific ate handli ng errors. | |
223 | * @ex ception In validKeyEx ception on key handl ing errors . | |
224 | * @ex ception Si gnatureExc eption on signature handling e rrors. | |
225 | * @ex ception No SuchAlgori thmExcepti on on unre cognized a lgorithms. | |
226 | * @ex ception No SuchProvid erExceptio n on unrec ognized pr oviders. | |
227 | */ | |
228 | public X509Certi ficate get SelfCertif icate ( | |
229 | X500Name myname, D ate firstD ate, long validity) | |
230 | throws Certifica teExceptio n, Invalid KeyExcepti on, Signat ureExcepti on, | |
231 | No SuchAlgori thmExcepti on, NoSuch ProviderEx ception | |
232 | { | |
233 | re turn getSe lfCertific ate(myname , firstDat e, validit y, null); | |
234 | } | |
235 | ||
236 | // Lik e above, p lus a Cert ificateExt ensions ar gument, wh ich can be null. | |
237 | public X509Certi ficate get SelfCertif icate (X50 0Name myna me, Date f irstDate, | |
238 | long val idity, Cer tificateEx tensions e xt) | |
239 | throws Certifica teExceptio n, Invalid KeyExcepti on, Signat ureExcepti on, | |
240 | No SuchAlgori thmExcepti on, NoSuch ProviderEx ception | |
241 | { | |
242 | X5 09CertImpl cert; | |
243 | Da te lastDa te; | |
244 | ||
245 | tr y { | |
246 | lastDate = new Dat e (); | |
247 | lastDate .setTime ( firstDate. getTime () + validit y * 1000); | |
248 | ||
249 | Certific ateValidit y interval = | |
250 | new C ertificate Validity(f irstDate,l astDate); | |
251 | ||
252 | X509Cert Info info = new X509 CertInfo() ; | |
253 | // Add a ll mandato ry attribu tes | |
254 | info.set (X509CertI nfo.VERSIO N, | |
255 | new Certi ficateVers ion(Certif icateVersi on.V3)); | |
256 | info.set (X509CertI nfo.SERIAL _NUMBER, n ew Certifi cateSerial Number( | |
257 | new java.u til.Random ().nextInt () & 0x7ff fffff)); | |
258 | Algorith mId algID = Algorith mId.get(si gAlg); | |
259 | info.set (X509CertI nfo.ALGORI THM_ID, | |
260 | new Certi ficateAlgo rithmId(al gID)); | |
261 | info.set (X509CertI nfo.SUBJEC T, myname) ; | |
262 | info.set (X509CertI nfo.KEY, n ew Certifi cateX509Ke y(publicKe y)); | |
263 | info.set (X509CertI nfo.VALIDI TY, interv al); | |
264 | info.set (X509CertI nfo.ISSUER , myname); | |
265 | if (ext != null) i nfo.set(X5 09CertInfo .EXTENSION S, ext); | |
266 | ||
267 | cert = n ew X509Cer tImpl(info ); | |
268 | cert.sig n(privateK ey, this.s igAlg); | |
269 | ||
270 | return ( X509Certif icate)cert ; | |
271 | ||
272 | } catch (IOE xception e ) { | |
273 | throw n ew Certifi cateEncodi ngExceptio n("getSelf Cert: " + | |
274 | e.getMes sage()); | |
275 | } | |
276 | } | |
277 | ||
278 | // Kee p the old method | |
279 | public X509Certi ficate get SelfCertif icate (X50 0Name myna me, long v alidity) | |
280 | throws Certifica teExceptio n, Invalid KeyExcepti on, Signat ureExcepti on, | |
281 | No SuchAlgori thmExcepti on, NoSuch ProviderEx ception | |
282 | { | |
283 | re turn getSe lfCertific ate(myname , new Date (), validi ty); | |
284 | } | |
285 | ||
286 | /** | |
287 | * Ret urns a PKC S #10 cert ificate re quest. Th e caller u ses either | |
288 | * <co de>PKCS10. print</cod e> or <cod e>PKCS10.t oByteArray </code> | |
289 | * ope rations on the resul t, to get the reques t in an ap propriate | |
290 | * tra nsmission format. | |
291 | * | |
292 | * <P> PKCS #10 c ertificate requests are sent, along with some proo f | |
293 | * of identity, to Certifi cate Autho rities (CA s) which t hen issue | |
294 | * X.5 09 public key certif icates. | |
295 | * | |
296 | * @pa ram myname X.500 nam e of the s ubject | |
297 | * @ex ception In validKeyEx ception on key handl ing errors . | |
298 | * @ex ception Si gnatureExc eption on signature handling e rrors. | |
299 | */ | |
300 | public PKCS10 ge tCertReque st (X500Na me myname) | |
301 | throws InvalidKe yException , Signatur eException | |
302 | { | |
303 | PK CS10 req = new PKCS 10 (public Key); | |
304 | ||
305 | tr y { | |
306 | Signatur e signatur e = Signat ure.getIns tance(sigA lg); | |
307 | signatur e.initSign (privateK ey); | |
308 | req.enco deAndSign( myname, si gnature); | |
309 | ||
310 | } catch (Cer tificateEx ception e) { | |
311 | throw ne w Signatur eException (sigAlg + " Certifi cateExcept ion"); | |
312 | ||
313 | } catch (IOE xception e ) { | |
314 | throw ne w Signatur eException (sigAlg + " IOExcep tion"); | |
315 | ||
316 | } catch (NoS uchAlgorit hmExceptio n e) { | |
317 | // "can' t happen" | |
318 | throw ne w Signatur eException (sigAlg + " unavail able?"); | |
319 | } | |
320 | re turn req; | |
321 | } | |
322 | ||
323 | privat e SecureRa ndom prng; | |
324 | privat e String sigAlg; | |
325 | privat e KeyPairG enerator keyGen; | |
326 | privat e PublicKe y publicKe y; | |
327 | privat e PrivateK ey privateK ey; | |
328 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.