|
Java example source code file (StorePasswords.java)
The StorePasswords.java Java example source code/* * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 8008296 * @summary Store and retrieve user passwords using PKCS#12 keystore */ import java.io.*; import java.security.*; import java.util.*; import javax.crypto.*; import javax.crypto.spec.*; /* * Store and retrieve passwords protected by a selection of PBE algorithms, * using a PKCS#12 keystore. */ public class StorePasswords { private static final String[] PBE_ALGORITHMS = new String[] { "default PBE algorithm", "PBEWithMD5AndDES", "PBEWithSHA1AndDESede", "PBEWithSHA1AndRC2_40", "PBEWithSHA1AndRC2_128", "PBEWithSHA1AndRC4_40", "PBEWithSHA1AndRC4_128", "PBEWithHmacSHA1AndAES_128", "PBEWithHmacSHA224AndAES_128", "PBEWithHmacSHA256AndAES_128", "PBEWithHmacSHA384AndAES_128", "PBEWithHmacSHA512AndAES_128", "PBEWithHmacSHA1AndAES_256", "PBEWithHmacSHA224AndAES_256", "PBEWithHmacSHA256AndAES_256", "PBEWithHmacSHA384AndAES_256", "PBEWithHmacSHA512AndAES_256" }; private static final String KEYSTORE = "mykeystore.p12"; private static final char[] KEYSTORE_PWD = "changeit".toCharArray(); private static final char[] ENTRY_PWD = "protectit".toCharArray(); private static final char[] USER_PWD = "hello1".toCharArray(); public static void main(String[] args) throws Exception { new File(KEYSTORE).delete(); int storeCount = store(); int recoverCount = recover(); if (recoverCount != storeCount) { throw new Exception("Stored " + storeCount + " user passwords, " + "recovered " + recoverCount + " user passwords"); } System.out.println("\nStored " + storeCount + " user passwords, " + "recovered " + recoverCount + " user passwords"); new File(KEYSTORE).delete(); } private static int store() throws Exception { int count = 0; // Load an empty PKCS#12 keystore KeyStore keystore = KeyStore.getInstance("PKCS12"); System.out.println("\nLoading PKCS#12 keystore..."); keystore.load(null, null); // Derive a PBE key from the password PBEKeySpec keySpec = new PBEKeySpec(USER_PWD); SecretKeyFactory factory = SecretKeyFactory.getInstance("PBE"); SecretKey key = factory.generateSecret(keySpec); PBEParameterSpec specWithEightByteSalt = new PBEParameterSpec("NaClNaCl".getBytes(), 1024); // Store the user password in a keystore entry (for each algorithm) for (String algorithm : PBE_ALGORITHMS) { try { System.out.println("Storing user password '" + new String(USER_PWD) + "' (protected by " + algorithm + ")"); if (algorithm.equals("default PBE algorithm")) { keystore.setKeyEntry( "this entry is protected by " + algorithm, key, ENTRY_PWD, null); } else { keystore.setEntry( "this entry is protected by " + algorithm, new KeyStore.SecretKeyEntry(key), new KeyStore.PasswordProtection(ENTRY_PWD, algorithm, null)); } count++; } catch (KeyStoreException e) { Throwable inner = e.getCause(); if (inner instanceof UnrecoverableKeyException) { Throwable inner2 = inner.getCause(); if (inner2 instanceof InvalidAlgorithmParameterException) { System.out.println("...re-trying due to: " + inner2.getMessage()); // Some PBE algorithms demand an 8-byte salt keystore.setEntry( "this entry is protected by " + algorithm, new KeyStore.SecretKeyEntry(key), new KeyStore.PasswordProtection(ENTRY_PWD, algorithm, specWithEightByteSalt)); count++; } else if (inner2 instanceof InvalidKeyException) { System.out.println("...skipping due to: " + inner2.getMessage()); // Unsupported crypto keysize continue; } } else { throw e; } } } // Store the PKCS#12 keystore System.out.println("Storing PKCS#12 keystore to: " + KEYSTORE); try (FileOutputStream out = new FileOutputStream(KEYSTORE)) { keystore.store(out, KEYSTORE_PWD); } return count; } private static int recover() throws Exception { int count = 0; // Load the PKCS#12 keystore KeyStore keystore = KeyStore.getInstance("PKCS12"); System.out.println("\nLoading PKCS#12 keystore from: " + KEYSTORE); try (FileInputStream in = new FileInputStream(KEYSTORE)) { keystore.load(in, KEYSTORE_PWD); } SecretKey key; SecretKeyFactory factory; PBEKeySpec keySpec; // Retrieve each user password from the keystore for (String algorithm : PBE_ALGORITHMS) { key = (SecretKey) keystore.getKey("this entry is protected by " + algorithm, ENTRY_PWD); if (key != null) { count++; factory = SecretKeyFactory.getInstance(key.getAlgorithm()); keySpec = (PBEKeySpec) factory.getKeySpec(key, PBEKeySpec.class); char[] pwd = keySpec.getPassword(); System.out.println("Recovered user password '" + new String(pwd) + "' (protected by " + algorithm + ")"); if (!Arrays.equals(USER_PWD, pwd)) { throw new Exception("Failed to recover the user password " + "protected by " + algorithm); } } } return count; } } Other Java examples (source code examples)Here is a short list of links related to this Java StorePasswords.java source code file: |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2024 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.