0N/A/*
1879N/A * Copyright (c) 2004, 2006, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
0N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
1472N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
1472N/A *
1472N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
0N/A * or visit www.oracle.com if you need additional information or have any
0N/A * questions.
0N/A */
1879N/A
1879N/Apackage sun.security.util;
1879N/A
1879N/Aimport java.io.*;
1879N/Aimport java.net.*;
1879N/Aimport java.security.*;
0N/Aimport java.util.Arrays;
0N/A
0N/Aimport sun.net.www.ParseUtil;
0N/A
0N/A
0N/A/**
0N/A * A utility class for getting a KeyStore instance from policy information.
0N/A * In addition, a supporting getInputStream method.
0N/A *
0N/A */
0N/Apublic class PolicyUtil {
0N/A
0N/A // standard PKCS11 KeyStore type
0N/A private static final String P11KEYSTORE = "PKCS11";
0N/A
605N/A // reserved word
0N/A private static final String NONE = "NONE";
0N/A
0N/A /*
0N/A * Fast path reading from file urls in order to avoid calling
0N/A * FileURLConnection.connect() which can be quite slow the first time
0N/A * it is called. We really should clean up FileURLConnection so that
0N/A * this is not a problem but in the meantime this fix helps reduce
0N/A * start up time noticeably for the new launcher. -- DAC
0N/A */
0N/A public static InputStream getInputStream(URL url) throws IOException {
0N/A if ("file".equals(url.getProtocol())) {
0N/A String path = url.getFile().replace('/', File.separatorChar);
0N/A path = ParseUtil.decode(path);
0N/A return new FileInputStream(path);
0N/A } else {
0N/A return url.openStream();
0N/A }
0N/A }
0N/A
0N/A /**
0N/A * this is intended for use by policytool and the policy parser to
0N/A * instantiate a KeyStore from the information in the GUI/policy file
0N/A */
0N/A public static KeyStore getKeyStore
0N/A (URL policyUrl, // URL of policy file
0N/A String keyStoreName, // input: keyStore URL
0N/A String keyStoreType, // input: keyStore type
0N/A String keyStoreProvider, // input: keyStore provider
0N/A String storePassURL, // input: keyStore password
0N/A Debug debug)
0N/A throws KeyStoreException, MalformedURLException, IOException,
0N/A NoSuchProviderException, NoSuchAlgorithmException,
0N/A java.security.cert.CertificateException {
0N/A
0N/A if (keyStoreName == null) {
0N/A throw new IllegalArgumentException("null KeyStore name");
0N/A }
0N/A
0N/A char[] keyStorePassword = null;
0N/A try {
0N/A KeyStore ks;
0N/A if (keyStoreType == null) {
0N/A keyStoreType = KeyStore.getDefaultType();
0N/A }
0N/A
0N/A if (P11KEYSTORE.equalsIgnoreCase(keyStoreType) &&
0N/A !NONE.equals(keyStoreName)) {
0N/A throw new IllegalArgumentException
0N/A ("Invalid value (" +
0N/A keyStoreName +
0N/A ") for keystore URL. If the keystore type is \"" +
0N/A P11KEYSTORE +
0N/A "\", the keystore url must be \"" +
0N/A NONE +
0N/A "\"");
0N/A }
0N/A
0N/A if (keyStoreProvider != null) {
0N/A ks = KeyStore.getInstance(keyStoreType, keyStoreProvider);
0N/A } else {
0N/A ks = KeyStore.getInstance(keyStoreType);
0N/A }
0N/A
0N/A if (storePassURL != null) {
0N/A URL passURL;
0N/A try {
0N/A passURL = new URL(storePassURL);
0N/A // absolute URL
0N/A } catch (MalformedURLException e) {
0N/A // relative URL
0N/A if (policyUrl == null) {
0N/A throw e;
0N/A }
0N/A passURL = new URL(policyUrl, storePassURL);
0N/A }
0N/A
0N/A if (debug != null) {
0N/A debug.println("reading password"+passURL);
0N/A }
0N/A
0N/A InputStream in = null;
0N/A try {
0N/A in = passURL.openStream();
0N/A keyStorePassword = Password.readPassword(in);
0N/A } finally {
0N/A if (in != null) {
0N/A in.close();
0N/A }
0N/A }
0N/A }
0N/A
0N/A if (NONE.equals(keyStoreName)) {
0N/A ks.load(null, keyStorePassword);
0N/A return ks;
0N/A } else {
0N/A /*
0N/A * location of keystore is specified as absolute URL in policy
0N/A * file, or is relative to URL of policy file
0N/A */
0N/A URL keyStoreUrl = null;
0N/A try {
0N/A keyStoreUrl = new URL(keyStoreName);
0N/A // absolute URL
0N/A } catch (MalformedURLException e) {
0N/A // relative URL
0N/A if (policyUrl == null) {
0N/A throw e;
0N/A }
0N/A keyStoreUrl = new URL(policyUrl, keyStoreName);
0N/A }
0N/A
0N/A if (debug != null) {
0N/A debug.println("reading keystore"+keyStoreUrl);
0N/A }
0N/A
0N/A InputStream inStream = null;
0N/A try {
0N/A inStream =
0N/A new BufferedInputStream(getInputStream(keyStoreUrl));
0N/A ks.load(inStream, keyStorePassword);
0N/A } finally {
0N/A inStream.close();
0N/A }
0N/A return ks;
0N/A }
0N/A } finally {
0N/A if (keyStorePassword != null) {
0N/A Arrays.fill(keyStorePassword, ' ');
0N/A }
0N/A }
0N/A }
0N/A}
0N/A