4111N/A * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 0N/A//=--------------------------------------------------------------------------= 0N/A//=--------------------------------------------------------------------------= 0N/A * Throws an arbitrary Java exception. 0N/A * The exception message is a Windows system error message. 0N/A * Maps the name of a hash algorithm to an algorithm identifier. 0N/A * Returns a certificate chain context given a certificate context and key 0N/A // Build a chain using CertGetCertificateChain 0N/A // and the certificate retrieved. 0N/A NULL,
// search no additional stores 0N/A // as indicated in the ChainPara 0N/A///////////////////////////////////////////////////////////////////////////// 0N/A * Class: sun_security_mscapi_PRNG 0N/A * Method: generateSeed 0N/A * Signature: (I[B)[B 0N/A // Acquire a CSP context. 0N/A * If length is negative then use the supplied seed to re-seed the 0N/A * generator and return null. 0N/A * If length is non-zero then generate a new seed according to the 0N/A * requested length and return the new seed. 0N/A * If length is zero then overwrite the supplied seed with a new 0N/A * seed of the same length and return the seed. 0N/A }
else {
// length == 0 0N/A result =
seed;
// seed will be updated when seedBytes gets released 0N/A //-------------------------------------------------------------------- 0N/A * Class: sun_security_mscapi_KeyStore 0N/A * Method: loadKeysOrCertificateChains 0N/A * Certificate in cert store has enhanced key usage extension 0N/A * property (or EKU property) that is not part of the certificate itself. To determine 0N/A * if the certificate should be returned, both the enhanced key usage in certificate 0N/A * extension block and the extension property stored along with the certificate in 0N/A * certificate store should be examined. Otherwise, we won't be able to determine 0N/A * the proper key usage from the Java side because the information is not stored as 0N/A * part of the encoded certificate. 0N/A // Open a system certificate store. 0N/A // Determine clazz and method ID to generate certificate 0N/A "generateCertificate",
0N/A // Determine method ID to generate certificate chain 0N/A "generateCertificateChain",
0N/A // Determine method ID to generate RSA certificate chain 0N/A "generateRSAKeyAndCertificateChain",
0N/A // Use CertEnumCertificatesInStore to get the certificates 0N/A // from the open store. pCertContext must be reset to 0N/A // NULL to retrieve the first certificate in the store. 0N/A // Check if private key available - client authentication certificate 0N/A // must have private key available. 0N/A // Private key is available 0N/A // Skip certificate if cannot find private key 0N/A // Set cipher mode to ECB 0N/A // If the private key is present in smart card, we may not be able to 0N/A // determine the key length by using the private key handle. However, 0N/A // determine the key length of the private key by using the public key 0N/A // in the certificate. 0N/A // Build certificate chain by using system certificate store. 0N/A // Add cert chain into collection for any key usage. 0N/A // Create ArrayList to store certs in each chain 0N/A // Retrieve the friendly name of the first certificate 0N/A // If the cert's name cannot be retrieved then 0N/A // pszNameString remains set to NULL. 0N/A // (An alias name will be generated automatically 0N/A // when storing this cert in the keystore.) 0N/A // Get length of friendly name 0N/A // Found friendly name 0N/A // Allocate and populate byte array 0N/A // Generate certificate from byte array and store into 0N/A // Generate certificate chain and store into cert chain 0N/A // Determine key type: RSA or DSA 0N/A // Generate RSA certificate chain and store into cert 0N/A * Class: sun_security_mscapi_Key 0N/A * Class: sun_security_mscapi_RSASignature 0N/A // Map hash algorithm 0N/A // Acquire a hash object handle. 4127N/A // Failover to using the PROV_RSA_AES CSP 4127N/A // Get name of the key container 4127N/A // Acquire an alternative CSP handle 4127N/A // Acquire a hash object handle. 0N/A // Copy hash from Java to native buffer 0N/A // Set hash value in the hash object 0N/A // Determine key spec. 0N/A // Determine size of buffer 0N/A // Create new byte array 0N/A // Copy data from native buffer 0N/A * Class: sun_security_mscapi_RSASignature 0N/A * Method: verifySignedHash 0N/A // Map hash algorithm 0N/A // Acquire a hash object handle. 4127N/A // Failover to using the PROV_RSA_AES CSP 4127N/A // Get name of the key container 4127N/A // Acquire an alternative CSP handle 4127N/A // Acquire a hash object handle. 0N/A // Copy hash and signedHash from Java to native buffer 0N/A // Set hash value in the hash object 0N/A // For RSA, the hash encryption algorithm is normally the same as the 0N/A // public key algorithm, so AT_SIGNATURE is used. 0N/A // Verify the signature 0N/A * Class: sun_security_mscapi_RSAKeyPairGenerator 0N/A * Method: generateRSAKeyPair 0N/A // Acquire a CSP context (create a new key container). 4127N/A // Prefer a PROV_RSA_AES CSP, when available, due to its support 4127N/A // for SHA-2-based signatures. 4127N/A // Failover to using the default CSP (PROV_RSA_FULL) 0N/A // Generate an RSA keypair 0N/A // Get the method ID for the RSAKeyPair constructor 0N/A // Create a new RSA keypair 0N/A //-------------------------------------------------------------------- 0N/A * Class: sun_security_mscapi_Key 0N/A * Method: getContainerName 0N/A * Class: sun_security_mscapi_Key 0N/A * Method: getKeyType 0N/A * Class: sun_security_mscapi_KeyStore 0N/A * Method: storeCertificate 0N/A // Open a system certificate store. 0N/A // Copy encoding from Java to native buffer 0N/A // Create a certificate context from the encoded cert 0N/A // Set the certificate's friendly name 0N/A // Attach the certificate's private key (if supplied) 0N/A // Get the name of the key container 0N/A // Convert to a wide char string 0N/A // Set the name of the key container 0N/A // Get the name of the provider 0N/A // Convert to a wide char string 0N/A // Set the name of the provider 0N/A // Get and set the type of the provider 0N/A // Set no provider flags 0N/A // Set no provider parameters 0N/A // Get the key's algorithm ID 0N/A // Set the key spec (using the algorithm ID). 0N/A // Import encoded certificate 0N/A //-------------------------------------------------------------------- 0N/A * Class: sun_security_mscapi_KeyStore 0N/A * Method: removeCertificate 0N/A // Open a system certificate store. 0N/A // Copy encoding from Java to native buffer 0N/A // Create a certificate context from the encoded cert 0N/A // Find the certificate to be deleted 0N/A // Check that its friendly name matches the supplied alias 0N/A // Compare the certificate's friendly name with supplied alias name 0N/A // Only delete the certificate if the alias names matches 0N/A // pTBDCertContext is always freed by the 0N/A // CertDeleteCertificateFromStore method 0N/A //-------------------------------------------------------------------- 0N/A * Class: sun_security_mscapi_KeyStore 0N/A * Method: destroyKeyContainer 0N/A // Destroying the default key container is not permitted 0N/A // (because it may contain more one keypair). 0N/A // Acquire a CSP context (to the key container). 0N/A //-------------------------------------------------------------------- 0N/A * Class: sun_security_mscapi_RSACipher 0N/A * Method: findCertificateUsingAlias 0N/A // Open a system certificate store. 0N/A // Use CertEnumCertificatesInStore to get the certificates 0N/A // from the open store. pCertContext must be reset to 0N/A // NULL to retrieve the first certificate in the store. 0N/A continue;
// not found 0N/A continue;
// not found 0N/A // Compare the certificate's friendly name with supplied alias name 0N/A * Class: sun_security_mscapi_RSACipher 0N/A * Method: getKeyFromCert 0N/A // Locate the key container for the certificate's private key 0N/A // Get a handle to the private key 0N/A }
else {
// use public key 0N/A // Acquire a CSP context. 0N/A // If CSP context hasn't been created, create one. 0N/A // Import the certificate's public key into the key container 0N/A //-------------------------------------------------------------------- 0N/A return hKey;
// TODO - when finished with this key, call 0N/A // CryptDestroyKey(hKey) 0N/A * Class: sun_security_mscapi_KeyStore 0N/A * Method: getKeyLength 0N/A // Get key length (in bits) 0N/A //TODO - may need to use KP_BLOCKLEN instead? 0N/A // no cleanup required 0N/A * Class: sun_security_mscapi_RSACipher 0N/A * Method: encryptDecrypt 0N/A * Signature: ([BIJZ)[B 0N/A // Copy data from Java buffer to native buffer 0N/A // convert from little-endian 0N/A // convert to little-endian 0N/A // Create new byte array 0N/A // Copy data from native buffer to Java buffer 0N/A * Class: sun_security_mscapi_RSAPublicKey 0N/A * Method: getPublicKeyBlob 0N/A // Determine the size of the blob 0N/A // Generate key blob 0N/A // Create new byte array 0N/A // Copy data from native buffer to Java buffer 0N/A * Class: sun_security_mscapi_RSAPublicKey 0N/A * Method: getExponent 0N/A // convert from little-endian while copying from blob 0N/A for (
int i = 0, j =
len -
1; i <
len; i++, j--) {
0N/A * Class: sun_security_mscapi_RSAPublicKey 0N/A * Method: getModulus 0N/A // convert from little-endian while copying from blob 0N/A for (
int i = 0, j =
len -
1; i <
len; i++, j--) {
0N/A * Convert an array in big-endian byte order into little-endian byte order. 0N/A // Copy bytes from the end of the source array to the beginning of the 0N/A // destination array (until the destination array is full). 0N/A // This ensures that the sign byte from the source array will be excluded. 0N/A * The Microsoft Base Cryptographic Provider supports public-key BLOBs 0N/A * that have the following format: 0N/A * PUBLICKEYSTRUC publickeystruc; 0N/A * RSAPUBKEY rsapubkey; 0N/A * BYTE modulus[rsapubkey.bitlen/8]; 0N/A * and private-key BLOBs that have the following format: 0N/A * PUBLICKEYSTRUC publickeystruc; 0N/A * RSAPUBKEY rsapubkey; 0N/A * BYTE modulus[rsapubkey.bitlen/8]; 0N/A * BYTE prime1[rsapubkey.bitlen/16]; 0N/A * BYTE prime2[rsapubkey.bitlen/16]; 0N/A * BYTE exponent1[rsapubkey.bitlen/16]; 0N/A * BYTE exponent2[rsapubkey.bitlen/16]; 0N/A * BYTE coefficient[rsapubkey.bitlen/16]; 0N/A * BYTE privateExponent[rsapubkey.bitlen/8]; 0N/A * This method generates such BLOBs from the key elements supplied. 0N/A // Determine whether to generate a public-key or a private-key BLOB 0N/A // The length argument must be the smaller of jPublicExponentLength 0N/A // and sizeof(pRsaPubKey->pubkey) 0N/A * Class: sun_security_mscapi_KeyStore 0N/A * Method: generatePrivateKeyBlob 0N/A * Signature: (I[B[B[B[B[B[B[B[B)[B 0N/A * Class: sun_security_mscapi_RSASignature 0N/A * Method: generatePublicKeyBlob 0N/A * Signature: (I[B[B)[B 0N/A * Class: sun_security_mscapi_KeyStore 0N/A * Method: storePrivateKey 0N/A // Acquire a CSP context (create a new key container). 0N/A // Import the private key 0N/A // Get the method ID for the RSAPrivateKey constructor 0N/A // Create a new RSA private key 0N/A //-------------------------------------------------------------------- 0N/A * Class: sun_security_mscapi_RSASignature 0N/A * Method: importPublicKey 0N/A // Acquire a CSP context (create a new key container). 4127N/A // Prefer a PROV_RSA_AES CSP, when available, due to its support 4127N/A // for SHA-2-based signatures. 4127N/A // Failover to using the default CSP (PROV_RSA_FULL) 0N/A // Import the public key 0N/A // Get the method ID for the RSAPublicKey constructor 0N/A // Create a new RSA public key 0N/A //--------------------------------------------------------------------