com.unbound.provider.UBEntry Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of unbound-java-provider Show documentation
This is a collection of JAVA libraries that implement Unbound cryptographic classes for JAVA provider, PKCS11 wrapper, cryptoki, and advapi
There is a newer version: 42761
Show newest version
package com.unbound.provider;

import com.unbound.client.*;

import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;

public final class UBEntry
{
  static final int CERT = 1;
  static final int SECRET_KEY = 2;
  static final int PRV_KEY = 3;
  static final int PUB_KEY = 4;

  protected final BaseObject object;
  protected final CertObject userCert;
  protected final ArrayList caChain;

  UBEntry(PublicKeyObject key)
  {
    this.object = key;
    this.caChain = null;
    this.userCert = null;
  }

  UBEntry(PrivateKeyObject key, CertObject userCert, ArrayList caChain)
  {
    this.object = key;
    this.userCert = userCert;
    this.caChain = caChain;
  }

  UBEntry(PrivateKeyObject key)
  {
    this.object = key;
    this.userCert = null;
    this.caChain = null;
  }

  UBEntry(PrivateKeyObject key, CertObject userCert)
  {
    this.object = key;
    this.userCert = userCert;
    this.caChain = locateCaChain(userCert);
  }

  UBEntry(SecretKeyObject key)
  {
    this.object = key;
    this.userCert = null;
    this.caChain = null;
  }

  UBEntry(CertObject cert)
  {
    this.object = cert;
    this.userCert = null;
    this.caChain = null;
  }

  int getType()
  {
    ObjectType type = object.getType();
    if (type.isSecretKey()) return SECRET_KEY;
    if (type.isPrivateKey()) return PRV_KEY;
    if (type.isPublicKey()) return PUB_KEY;
    return CERT;
  }

  String getName() { return object.getName(); }

  Key getKey()
  {
    int type = getType();
    switch (type)
    {
      case PRV_KEY:
        {
          boolean rsa = object.getType() == ObjectType.RSAPrv;
          return rsa ? new UBRSAPrivateKey((RSAPrivateKeyObject)object) : new UBECPrivateKey((ECPrivateKeyObject) object);
        }

      case PUB_KEY:    return new UBRSAPublicKey((RSAPublicKeyObject)object);
      case SECRET_KEY: return new UBSecretKey((SecretKeyObject)object);
    }
    return null;

  }

  java.security.KeyStore.Entry getKeyStoreEntry()
  {
    Key key = getKey();
    int type = getType();
    switch (type)
    {
      case PRV_KEY:
        {
          if (userCert==null) return new UBKeyStoreEntry((PrivateKey)key);
          return new KeyStore.PrivateKeyEntry((PrivateKey)key, getChain());
        }

      case PUB_KEY:    return new UBKeyStoreEntry((PublicKey)key);
      case SECRET_KEY: return new KeyStore.SecretKeyEntry((SecretKey)key);
      case CERT:       return new KeyStore.TrustedCertificateEntry(((CertObject)object).getCert());
    }
    throw new ProviderException("Unknown entry type");
  }

  void delete()
  {
    object.getPartition().deleteObject(object);
    if (userCert!=null) userCert.getPartition().deleteObject(userCert);
  }

  void changeName(String newName)
  {
    object.getPartition().changeObjectName(object, newName);
    if (userCert!=null) userCert.getPartition().changeObjectName(userCert, newName);
  }

  Certificate[] getChain()
  {
    if (userCert==null) return null;

    int caChainSize = caChain ==null ? 0 : caChain.size();
    Certificate[] array = new Certificate[1+caChainSize];
    array[0] = userCert.getCert();

    if (caChainSize>0)
    {
      int n = 1;
      for (X509Certificate cert : caChain) array[n++] = cert;
    }
    return array;
  }

  Certificate getCertificate()
  {
    if (userCert!=null) return userCert.getCert();
    if (object.getType()==ObjectType.Certificate) return ((CertObject)object).getCert();
    return null;
  }

  static ArrayList locateCaChain(CertObject userCert)
  {
    if (userCert==null) return null;

    Partition partition = userCert.getPartition();
    ArrayList caChain = null;
    CertObject next = userCert;
    X500Principal subject = userCert.getCert().getSubjectX500Principal();
    LocateParams subjParams = new LocateParams();

    for (;;)
    {
      X500Principal issuer = next.getCert().getIssuerX500Principal();
      if (subject.equals(issuer)) break;

      subject = issuer;
      subjParams.subject = subject;
      next = (CertObject) partition.locate(ObjectType.Certificate, subjParams);
      if (next==null) break;

      if (caChain==null) caChain = new ArrayList();
      caChain.add(next.getCert());
    }

    return caChain;
  }

  static ArrayList getCaChain(X509Certificate userCert, ArrayList list)
  {
    ArrayList caChain = null;
    X509Certificate next = userCert;
    X500Principal subject = userCert.getSubjectX500Principal();

    for (;;)
    {
      X500Principal issuer = next.getIssuerX500Principal();
      if (subject.equals(issuer)) break;

      subject = issuer;
      X509Certificate current = next;
      next = null;
      for (BaseObject object : list)
      {
        if (object==null) continue;
        X509Certificate cert = ((CertObject)object).getCert();
        if (cert==current) continue;
        if (cert.getSubjectX500Principal().equals(issuer)) { next = cert; break; }
      }
      if (next==null) break;

      if (caChain==null) caChain = new ArrayList();
      caChain.add(next);
    }

    return caChain;
  }


  static UBEntry locate(Partition partition, String name)
  {
    LocateParams params = new LocateParams();
    params.name = name;

    BaseObject object = partition.locate(ObjectType.RSAPrv, params);
    if (object==null) object = partition.locate(ObjectType.ECPrv, params);

    if (object!=null)
    {
      ArrayList caChain = null;

      LocateParams prvKeyUidParams = new LocateParams();
      prvKeyUidParams.privateKeyUid = object.getUid();
      CertObject userCert = (CertObject) partition.locate(ObjectType.Certificate, prvKeyUidParams);

      if (userCert==null)
      {
        if (!UBCryptoProvider.allowedPrivateKeyWithoutCertificate) return null;
      }

      return new UBEntry((PrivateKeyObject) object, userCert);
    }

    object = partition.locate(ObjectType.Certificate, params);
    if (object!=null) return new UBEntry((CertObject)object);

    object = partition.locate(ObjectType.GenericSecret, params);
    if (object!=null) return new UBEntry((SecretKeyObject) object);

    object = partition.locate(ObjectType.AES, params);
    if (object!=null) return new UBEntry((SecretKeyObject) object);

    if (UBCryptoProvider.allowedPublicKey)
    {
      object = partition.locate(ObjectType.RSAPub, params);
      if (object!=null) return new UBEntry((RSAPublicKeyObject) object);
    }

    return null;
  }

  static UBEntry locateCertEntryByValue(Partition partition, Certificate certificate)
  {
    LocateParams params = new LocateParams();
    params.x509 = (X509Certificate)certificate;
    CertObject cert = (CertObject) partition.locate(ObjectType.Certificate, params);
    if (certificate==null) return null;

    long keyUid = Client.getCertKeyUid(params.x509);
    LocateParams locateKey = new LocateParams();
    locateKey.uid = keyUid;

    BaseObject object = partition.locate(ObjectType.RSAPrv, params);
    if (object==null) object = partition.locate(ObjectType.ECPrv, params);

    if (object==null) return new UBEntry(cert);
    return new UBEntry((PrivateKeyObject)object, cert);
  }
}