meerkat
/
meerkat-java
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support for keystores that don't use the keystore.builder's callbacks (looking at you, Java 8 PKCS12\!)

signature-implementation
Tal Moran 2015-11-12 23:05:43 +02:00
parent baba4df3a9
commit 32258361a3
1 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
meerkat-common/src/main/java/meerkat/crypto/concrete/ECDSASignature.java
View File

@ -230,7 +230,34 @@ public class ECDSASignature extends GlobalCryptoSetup implements DigitalSignatur
try { try {
Certificate cert = keyStore.getCertificate(alias); Certificate cert = keyStore.getCertificate(alias);
logger.trace("keystore entry {}, has cert type {}", alias, cert.getClass()); logger.trace("keystore entry {}, has cert type {}", alias, cert.getClass());
Key key = keyStore.getKey(alias, null); Key key;
try {
key = keyStore.getKey(alias, null);
} catch (UnrecoverableKeyException e) {
// This might be a keystore that doesn't support callback handlers
// (e.g., Java 8 PKCS12)
// Manually extract password using callback handler
char[] password = null;
KeyStore.ProtectionParameter prot = keyStoreBuilder.getProtectionParameter(alias);
if (prot instanceof KeyStore.PasswordProtection) {
password = ((KeyStore.PasswordProtection) prot).getPassword();
} else if (prot instanceof KeyStore.CallbackHandlerProtection) {
PasswordCallback callback = new PasswordCallback("Password for " + alias + "?", false);
Callback[] callbacks = { callback };
try {
((KeyStore.CallbackHandlerProtection) prot).getCallbackHandler().handle(callbacks);
password = callback.getPassword();
} catch (UnsupportedCallbackException e1) {
logger.error("PasswordCallback fallback not supported!", e1);
throw new UnrecoverableKeyException("Couldn't use password callback to get key");
}
} else {
logger.error("Unrecognized protection handler for keystore: {}", prot.getClass());
throw new UnrecoverableKeyException("Unrecognized protection handler for keystore");
}
key = keyStore.getKey(alias, password);
}
logger.trace("keystore entry {}, has key type {}", alias, key.getClass()); logger.trace("keystore entry {}, has key type {}", alias, key.getClass());
if (key instanceof PrivateKey) { if (key instanceof PrivateKey) {
loadedSigningKeyId = computeCertificateFingerprint(cert); loadedSigningKeyId = computeCertificateFingerprint(cert);