1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
/*
* Copyright (c) 2011-2012 Isode Limited, London, England.
* All rights reserved.
*/
/*
* Copyright (c) 2010 Remko Tronçon.
* All rights reserved.
*/
package com.isode.stroke.tls;
import com.isode.stroke.base.ByteArray;
import com.isode.stroke.base.NotNull;
public class PKCS12Certificate extends CertificateWithKey {
public PKCS12Certificate() {
}
/**
* Construct a new object.
* @param filename the name of the P12 file, must not be null.
* @param password the password for the P12 file. Must not be null,
* but may be empty if no password is to be used.
*/
public PKCS12Certificate(String filename, char[] password) {
NotNull.exceptIfNull(filename,"filename");
NotNull.exceptIfNull(password,"password");
filename_ = filename;
password_ = new char[password.length];
System.arraycopy(password,0,password_,0,password.length);
data_ = new ByteArray();
data_.readFromFile(filename);
}
public boolean isNull() {
return data_.isEmpty();
}
public boolean isPrivateKeyExportable() {
/////Hopefully a PKCS12 is never missing a private key
return true;
}
/**
* This returns the name of the P12 file.
* @return the P12 filename, never null.
*/
public String getCertStoreName() {
return filename_;
}
public String getCertName() {
/* TODO */
return null;
}
public ByteArray getData() {
return data_;
}
public void setData(ByteArray data) {
data_ = data;
}
/**
* Returns a reference to the password in this object. If {@link #reset()}
* has been called, then the method will return an empty array.
* @return the password for this object.
*/
public char[] getPassword() {
return password_;
}
@Override
public String toString() {
return "PKCS12Certificate based on file " + filename_;
}
/**
* This method may be used once the PKCS12Certificate is no longer
* required, and will attempt to clear the memory containing the
* password in this object. After calling this method, you should
* not expect this object to be usable for subsequent authentication.
*
* <p>Note that this operation does <em>NOT</em> guarantee that all traces
* of the password will have been removed from memory.
*/
public void reset() {
if (password_ != null) {
for (int i=0; i<password_.length; i++) {
password_[i] = 'x';
}
}
password_ = new char[] {};
}
@Override
protected void finalize() {
reset();
}
private ByteArray data_;
private char[] password_;
private String filename_;
}
|