external-software/github_OpenIdentityPlatform_OpenDJ.git

			@@ -28,6 +28,7 @@
			package org.opends.server.util;



			import java.security.KeyStoreException;
			import java.security.KeyStore;
			import java.security.PrivateKey;
			@@ -42,12 +43,14 @@
			import org.opends.messages.Message;
			import static org.opends.messages.UtilityMessages.*;



			/**
			* Provides a wrapper class that collects all of the JVM vendor
			* and JDK version specific code in a single place.
			*
			* Provides a wrapper class that collects all of the JVM vendor and JDK version
			* specific code in a single place.
			*/
			public final class Platform {
			public final class Platform
			{

			//Prefix that determines which security package to use.
			private static String pkgPrefix;
			@@ -58,7 +61,8 @@

			private static final PlatformIMPL IMPL;

			static {
			static
			{
			String vendor = System.getProperty("java.vendor");
			String ver = System.getProperty("java.version");

			@@ -88,10 +92,13 @@
			}
			}



			/**
			* Platform base class. Performs all of the certificate management functions.
			*/
			private abstract static class PlatformIMPL {
			private abstract static class PlatformIMPL
			{

			//Key size, key algorithm and signature algorithms used.
			private static final int KEY_SIZE = 1024;
			@@ -113,46 +120,65 @@
			//Constructors for each of the above classes.
			private static Constructor<?> certKeyGenCons, X500NameCons;

			static {
			static
			{
			String x509pkg = pkgPrefix + ".x509";
			String certAndKeyGen= x509pkg + ".CertAndKeyGen";
			String X500Name = x509pkg + ".X500Name";
			try {
			try
			{
			certKeyGenClass = Class.forName(certAndKeyGen);
			X500NameClass = Class.forName(X500Name);
			certKeyGenCons =
			certKeyGenClass.getConstructor(String.class, String.class);
			certKeyGenCons = certKeyGenClass.getConstructor(String.class,
			String.class);
			X500NameCons = X500NameClass.getConstructor(String.class);
			} catch (ClassNotFoundException e) {
			}
			catch (ClassNotFoundException e)
			{
			Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage());
			throw new ExceptionInInitializerError(msg.toString());
			} catch (SecurityException e) {
			}
			catch (SecurityException e)
			{
			Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage());
			throw new ExceptionInInitializerError(msg.toString());
			} catch (NoSuchMethodException e) {
			}
			catch (NoSuchMethodException e)
			{
			Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage());
			throw new ExceptionInInitializerError(msg.toString());
			}
			}


			protected PlatformIMPL() {}

			protected PlatformIMPL()
			{
			}



			/**
			* Delete the specified alias from the specified keystore.
			*
			* @param ks The keystore to delete the alias from.
			* @param ksPath The path to the keystore.
			* @param alias The alias to use in the request generation.
			* @param pwd The keystore password to use.
			*
			* @throws KeyStoreException If an error occurred deleting the alias.
			* @param ks
			* The keystore to delete the alias from.
			* @param ksPath
			* The path to the keystore.
			* @param alias
			* The alias to use in the request generation.
			* @param pwd
			* The keystore password to use.
			* @throws KeyStoreException
			* If an error occurred deleting the alias.
			*/
			public final void deleteAlias(KeyStore ks, String ksPath,
			String alias, char[] pwd) throws KeyStoreException {
			try {
			if(ks == null) {
			public final void deleteAlias(KeyStore ks, String ksPath, String alias,
			char[] pwd) throws KeyStoreException
			{
			try
			{
			if (ks == null)
			{
			Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get();
			throw new KeyStoreException(msg.toString());
			}
			@@ -160,48 +186,61 @@
			FileOutputStream fs = new FileOutputStream(ksPath);
			ks.store(fs, pwd);
			fs.close();
			} catch (Exception e) {
			Message msg =
			ERR_CERTMGR_DELETE_ALIAS.get(alias,e.getMessage());
			}
			catch (Exception e)
			{
			Message msg = ERR_CERTMGR_DELETE_ALIAS.get(alias, e.getMessage());
			throw new KeyStoreException(msg.toString());
			}
			}



			/**
			* Add the certificate in the specified path to the specified keystore,
			* creating the keystore using the specified type and path if it the
			* keystore doesn't exist.
			*
			* @param ks The keystore to add the certificate to, may be null if it
			* @param ks
			* The keystore to add the certificate to, may be null if it
			* doesn't exist.
			* @param ksType The type to use if the keystore is created.
			* @param ksPath The path to the keystore if it is created.
			* @param alias The alias to store the certificate under.
			* @param pwd The password to use in saving the certificate.
			* @param certPath The path to the file containing the certificate.
			* @throws KeyStoreException If an error occurred adding the
			* certificate to the keystore.
			* @param ksType
			* The type to use if the keystore is created.
			* @param ksPath
			* The path to the keystore if it is created.
			* @param alias
			* The alias to store the certificate under.
			* @param pwd
			* The password to use in saving the certificate.
			* @param certPath
			* The path to the file containing the certificate.
			* @throws KeyStoreException
			* If an error occurred adding the certificate to the keystore.
			*/
			public final void addCertificate(KeyStore ks, String ksType,
			String ksPath, String alias, char[] pwd, String certPath)
			throws KeyStoreException {
			try {
			public final void addCertificate(KeyStore ks, String ksType, String ksPath,
			String alias, char[] pwd, String certPath) throws KeyStoreException
			{
			try
			{
			CertificateFactory cf = CertificateFactory.getInstance("X509");
			InputStream inStream = new FileInputStream(certPath);
			if(ks == null) {
			if (ks == null)
			{
			ks = KeyStore.getInstance(ksType);
			ks.load(null, pwd);
			}
			//Do not support certificate replies.
			if (ks.entryInstanceOf(alias ,KeyStore.PrivateKeyEntry.class)) {
			if (ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class))
			{
			Message msg = ERR_CERTMGR_CERT_REPLIES_INVALID.get(alias);
			throw new KeyStoreException(msg.toString());
			} else if(!ks.containsAlias(alias) \|\|
			ks.entryInstanceOf(alias,
			KeyStore.TrustedCertificateEntry.class))
			}
			else if (!ks.containsAlias(alias)
			\|\| ks
			.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class))
			trustedCert(alias, cf, ks, inStream);
			else {
			else
			{
			Message msg = ERR_CERTMGR_ALIAS_INVALID.get(alias);
			throw new KeyStoreException(msg.toString());
			}
			@@ -209,184 +248,237 @@
			ks.store(fileOutStream, pwd);
			fileOutStream.close();
			inStream.close();
			} catch (Exception e) {
			Message msg =
			ERR_CERTMGR_ADD_CERT.get(alias, e.getMessage());
			}
			catch (Exception e)
			{
			Message msg = ERR_CERTMGR_ADD_CERT.get(alias, e.getMessage());
			throw new KeyStoreException(msg.toString());
			}
			}



			/**
			* Generate a self-signed certificate using the specified alias, dn
			* string and validity period. If the keystore does not exist, create it
			* using the specified type and path.
			* Generate a self-signed certificate using the specified alias, dn string
			* and validity period. If the keystore does not exist, create it using the
			* specified type and path.
			*
			* @param ks The keystore to save the certificate in. May be null if it
			* does not exist.
			* @param ksType The keystore type to use if the keystore is created.
			* @param ksPath The path to the keystore if the keystore is created.
			* @param alias The alias to store the certificate under.
			* @param pwd The password to us in saving the certificate.
			* @param dn The dn string used as the certificate subject.
			* @param validity The validity of the certificate in days.
			* @param ks
			* The keystore to save the certificate in. May be null if it does
			* not exist.
			* @param ksType
			* The keystore type to use if the keystore is created.
			* @param ksPath
			* The path to the keystore if the keystore is created.
			* @param alias
			* The alias to store the certificate under.
			* @param pwd
			* The password to us in saving the certificate.
			* @param dn
			* The dn string used as the certificate subject.
			* @param validity
			* The validity of the certificate in days.
			* @return The keystore that the self-signed certificate was stored in.
			*
			* @throws KeyStoreException If the self-signed certificate cannot be
			* generated.
			* @throws KeyStoreException
			* If the self-signed certificate cannot be generated.
			*/
			public final
			KeyStore generateSelfSignedCertificate(KeyStore ks, String ksType,
			String ksPath, String alias, char[] pwd, String dn, int validity)
			throws KeyStoreException {
			try {
			if(ks == null) {
			public final KeyStore generateSelfSignedCertificate(KeyStore ks,
			String ksType, String ksPath, String alias, char[] pwd, String dn,
			int validity) throws KeyStoreException
			{
			try
			{
			if (ks == null)
			{
			ks = KeyStore.getInstance(ksType);
			ks.load(null, pwd);
			} else if(ks.containsAlias(alias)) {
			}
			else if (ks.containsAlias(alias))
			{
			Message msg = ERR_CERTMGR_ALIAS_ALREADY_EXISTS.get(alias);
			throw new KeyStoreException(msg.toString());
			}
			Object keypair =
			certKeyGenCons.newInstance(KEY_ALGORITHM, SIG_ALGORITHM);
			Object keypair = certKeyGenCons.newInstance(KEY_ALGORITHM,
			SIG_ALGORITHM);
			Object subject = X500NameCons.newInstance(dn);
			Method certAndKeyGenGenerate =
			certKeyGenClass.getMethod(GENERATE_METHOD, int.class);
			Method certAndKeyGenGenerate = certKeyGenClass.getMethod(
			GENERATE_METHOD, int.class);
			certAndKeyGenGenerate.invoke(keypair, KEY_SIZE);
			Method certAndKeyGetPrivateKey =
			certKeyGenClass.getMethod(GET_PRIVATE_KEY_METHOD);
			PrivateKey privatevKey =
			(PrivateKey) certAndKeyGetPrivateKey.invoke(keypair);
			Method certAndKeyGetPrivateKey = certKeyGenClass
			.getMethod(GET_PRIVATE_KEY_METHOD);
			PrivateKey privatevKey = (PrivateKey) certAndKeyGetPrivateKey
			.invoke(keypair);
			Certificate[] certificateChain = new Certificate[1];
			Method getSelfCertificate =
			certKeyGenClass.getMethod(GET_SELFSIGNED_CERT_METHOD,
			X500NameClass,long.class);
			Method getSelfCertificate = certKeyGenClass.getMethod(
			GET_SELFSIGNED_CERT_METHOD, X500NameClass, long.class);
			int days = validity * SEC_IN_DAY;
			certificateChain[0] =
			(Certificate) getSelfCertificate.invoke(keypair, subject, days);
			certificateChain[0] = (Certificate) getSelfCertificate.invoke(keypair,
			subject, days);
			ks.setKeyEntry(alias, privatevKey, pwd, certificateChain);
			FileOutputStream fileOutStream = new FileOutputStream(ksPath);
			ks.store(fileOutStream, pwd);
			fileOutStream.close();
			} catch (Exception e) {
			Message msg =
			ERR_CERTMGR_GEN_SELF_SIGNED_CERT.get(alias, e.getMessage());
			}
			catch (Exception e)
			{
			Message msg = ERR_CERTMGR_GEN_SELF_SIGNED_CERT.get(alias, e
			.getMessage());
			throw new KeyStoreException(msg.toString());
			}
			return ks;
			}



			/**
			* Generate a x509 certificate from the input stream. Verification is
			* done only if it is self-signed.
			* Generate a x509 certificate from the input stream. Verification is done
			* only if it is self-signed.
			*
			* @param alias The alias to save the certificate under.
			* @param cf The x509 certificate factory.
			* @param ks The keystore to add the certificate in.
			* @param in The input stream to read the certificate from.
			* @throws KeyStoreException If the alias exists already in the
			* keystore, if the self-signed certificate didn't verify, or
			* the certificate could not be stored.
			* @param alias
			* The alias to save the certificate under.
			* @param cf
			* The x509 certificate factory.
			* @param ks
			* The keystore to add the certificate in.
			* @param in
			* The input stream to read the certificate from.
			* @throws KeyStoreException
			* If the alias exists already in the keystore, if the self-signed
			* certificate didn't verify, or the certificate could not be
			* stored.
			*/
			private void trustedCert(String alias, CertificateFactory cf,
			KeyStore ks, InputStream in) throws KeyStoreException {
			try {
			if (ks.containsAlias(alias)) {
			private void trustedCert(String alias, CertificateFactory cf, KeyStore ks,
			InputStream in) throws KeyStoreException
			{
			try
			{
			if (ks.containsAlias(alias))
			{
			Message msg = ERR_CERTMGR_ALIAS_ALREADY_EXISTS.get(alias);
			throw new KeyStoreException(msg.toString());
			}
			X509Certificate cert = (X509Certificate) cf.generateCertificate(in);
			if (isSelfSigned(cert))
			cert.verify(cert.getPublicKey());
			if (isSelfSigned(cert)) cert.verify(cert.getPublicKey());
			ks.setCertificateEntry(alias, cert);
			} catch (Exception e) {
			Message msg =
			ERR_CERTMGR_TRUSTED_CERT.get(alias,e.getMessage());
			}
			catch (Exception e)
			{
			Message msg = ERR_CERTMGR_TRUSTED_CERT.get(alias, e.getMessage());
			throw new KeyStoreException(msg.toString());
			}
			}



			/**
			* Check that the issuer and subject DNs match.
			*
			* @param cert The certificate to examine.
			* @param cert
			* The certificate to examine.
			* @return {@code true} if the certificate is self-signed.
			*/
			private boolean isSelfSigned(X509Certificate cert) {
			private boolean isSelfSigned(X509Certificate cert)
			{
			return cert.getSubjectDN().equals(cert.getIssuerDN());
			}



			/**
			* Normalize the data in the specified buffer.
			*
			* @param buffer The buffer to normalize.
			* @param buffer
			* The buffer to normalize.
			*/
			public abstract void normalize(StringBuilder buffer);
			}



			//Prevent instantiation.
			private Platform() {}
			private Platform()
			{
			}



			/**
			* Add the certificate in the specified path to the provided keystore;
			* creating the keystore with the provided type and path if it doesn't
			* creating the keystore with the provided type and path if it doesn't exist.
			*
			* @param ks
			* The keystore to add the certificate to, may be null if it doesn't
			* exist.
			*
			* @param ks The keystore to add the certificate to, may be null if it
			* doesn't exist.
			* @param ksType The type to use if the keystore is created.
			* @param ksPath The path to the keystore if it is created.
			* @param alias The alias to store the certificate under.
			* @param pwd The password to use in saving the certificate.
			* @param certPath The path to the file containing the certificate.
			*
			* @throws KeyStoreException If an error occurred adding the
			* certificate to the keystore.
			* @param ksType
			* The type to use if the keystore is created.
			* @param ksPath
			* The path to the keystore if it is created.
			* @param alias
			* The alias to store the certificate under.
			* @param pwd
			* The password to use in saving the certificate.
			* @param certPath
			* The path to the file containing the certificate.
			* @throws KeyStoreException
			* If an error occurred adding the certificate to the keystore.
			*/
			public static void addCertificate(KeyStore ks, String ksType, String ksPath,
			String alias, char[] pwd, String certPath) throws KeyStoreException {
			String alias, char[] pwd, String certPath) throws KeyStoreException
			{
			IMPL.addCertificate(ks,ksType, ksPath, alias, pwd, certPath);
			}



			/**
			* Delete the specified alias from the provided keystore.
			*
			* @param ks The keystore to delete the alias from.
			* @param ksPath The path to the keystore.
			* @param alias The alias to use in the request generation.
			* @param pwd The keystore password to use.
			*
			* @throws KeyStoreException If an error occurred deleting the alias.
			* @param ks
			* The keystore to delete the alias from.
			* @param ksPath
			* The path to the keystore.
			* @param alias
			* The alias to use in the request generation.
			* @param pwd
			* The keystore password to use.
			* @throws KeyStoreException
			* If an error occurred deleting the alias.
			*/
			public static void deleteAlias(KeyStore ks, String ksPath, String alias,
			char[] pwd) throws KeyStoreException {
			char[] pwd) throws KeyStoreException
			{
			IMPL.deleteAlias(ks, ksPath, alias, pwd);
			}



			/**
			* Generate a self-signed certificate using the specified alias, dn
			* string and validity period. If the keystore does not exist, it will be
			* created using the specified keystore type and path.
			* Generate a self-signed certificate using the specified alias, dn string and
			* validity period. If the keystore does not exist, it will be created using
			* the specified keystore type and path.
			*
			* @param ks The keystore to save the certificate in. May be null if it
			* does not exist.
			* @param ksType The keystore type to use if the keystore is created.
			* @param ksPath The path to the keystore if the keystore is created.
			* @param alias The alias to store the certificate under.
			* @param pwd The password to us in saving the certificate.
			* @param dn The dn string used as the certificate subject.
			* @param validity The validity of the certificate in days.
			*
			* @throws KeyStoreException If the self-signed certificate cannot be
			* generated.
			* @param ks
			* The keystore to save the certificate in. May be null if it does
			* not exist.
			* @param ksType
			* The keystore type to use if the keystore is created.
			* @param ksPath
			* The path to the keystore if the keystore is created.
			* @param alias
			* The alias to store the certificate under.
			* @param pwd
			* The password to us in saving the certificate.
			* @param dn
			* The dn string used as the certificate subject.
			* @param validity
			* The validity of the certificate in days.
			* @throws KeyStoreException
			* If the self-signed certificate cannot be generated.
			*/
			public static void generateSelfSignedCertificate(KeyStore ks, String ksType,
			String ksPath, String alias, char[] pwd, String dn, int validity)
			throws KeyStoreException {
			throws KeyStoreException
			{
			IMPL.generateSelfSignedCertificate(ks, ksType, ksPath, alias, pwd, dn,
			validity);
			}
			@@ -396,23 +488,27 @@
			/**
			* Sun 5 JDK platform class.
			*/
			private static class Sun5PlatformIMPL extends PlatformIMPL {
			private static class Sun5PlatformIMPL extends PlatformIMPL
			{
			//normalize method.
			private static final Method NORMALIZE;
			//Normalized form method.
			private static final Object FORM_NFKC;

			static {
			static
			{
			Method normalize = null;
			Object formNFKC = null;
			try {
			try
			{
			Class<?> normalizer = Class.forName("sun.text.Normalizer");
			formNFKC = normalizer.getField("DECOMP_COMPAT").get(null);
			Class<?> normalizerForm = Class.forName("sun.text.Normalizer$Mode");
			normalize = normalizer.getMethod("normalize", String.class,
			normalizerForm, Integer.TYPE);
			}
			catch (Exception ex) {
			catch (Exception ex)
			{
			// Do not use Normalizer. The values are already set to null.
			}
			NORMALIZE = normalize;
			@@ -420,40 +516,50 @@
			}



			@Override
			public void normalize(StringBuilder buffer) {
			try {
			String normal =
			(String) NORMALIZE.invoke(null, buffer.toString(), FORM_NFKC,0);
			public void normalize(StringBuilder buffer)
			{
			try
			{
			String normal = (String) NORMALIZE.invoke(null, buffer.toString(),
			FORM_NFKC, 0);
			buffer.replace(0,buffer.length(),normal);
			}
			catch(Exception ex) {
			catch (Exception ex)
			{
			//Don't do anything. buffer should be used.
			}
			}
			}



			/**
			* Default platform class.
			*/
			private static class DefaultPlatformIMPL extends PlatformIMPL {
			private static class DefaultPlatformIMPL extends PlatformIMPL
			{
			//normalize method.
			private static final Method NORMALIZE;
			//Normalized form method.
			private static final Object FORM_NFKC;

			static {
			static
			{

			Method normalize = null;
			Object formNFKC = null;
			try {
			try
			{
			Class<?> normalizer = Class.forName("java.text.Normalizer");
			Class<?> normalizerForm = Class.forName("java.text.Normalizer$Form");
			normalize = normalizer.getMethod("normalize", CharSequence.class,
			normalizerForm);
			formNFKC = normalizerForm.getField("NFKD").get(null);
			}
			catch (Exception ex) {
			catch (Exception ex)
			{
			// Do not use Normalizer. The values are already set to null.
			}
			NORMALIZE = normalize;
			@@ -461,49 +567,64 @@
			}



			@Override
			public void normalize(StringBuilder buffer) {
			try {
			public void normalize(StringBuilder buffer)
			{
			try
			{
			String normal = (String) NORMALIZE.invoke(null, buffer, FORM_NFKC);
			buffer.replace(0,buffer.length(),normal);
			}
			catch(Exception ex) {
			catch (Exception ex)
			{
			//Don't do anything. buffer should be used.
			}
			}
			}



			/**
			* IBM JDK 5 platform class.
			*/
			private static class IBM5PlatformIMPL extends PlatformIMPL {
			private static class IBM5PlatformIMPL extends PlatformIMPL
			{

			@Override
			public void normalize(StringBuilder buffer) {
			public void normalize(StringBuilder buffer)
			{
			//No implementation.
			}
			}



			/**
			* Normalize the specified buffer.
			*
			* @param buffer The buffer to normalize.
			* @param buffer
			* The buffer to normalize.
			*/
			public static void normalize(StringBuilder buffer) {
			public static void normalize(StringBuilder buffer)
			{
			IMPL.normalize(buffer);
			}



			/**
			* Test if a platform java vendor property starts with the specified
			* vendor string.
			* Test if a platform java vendor property starts with the specified vendor
			* string.
			*
			* @param vendor The vendor to check for.
			* @param vendor
			* The vendor to check for.
			* @return {@code true} if the java vendor starts with the specified vendor
			* string.
			*/
			public static boolean isVendor(String vendor) {
			public static boolean isVendor(String vendor)
			{
			String javaVendor = System.getProperty("java.vendor");
			return javaVendor.startsWith(vendor);
			}
			}