Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/make/src/classes/build/tools/generatecacerts/GenerateCacerts.java
32287 views
/*1* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package build.tools.generatecacerts;2627import java.io.DataOutputStream;28import java.io.FileOutputStream;29import java.io.IOException;30import java.io.InputStream;31import java.io.OutputStream;32import java.io.UnsupportedEncodingException;33import java.nio.file.DirectoryStream;34import java.nio.file.Files;35import java.nio.file.Path;36import java.nio.file.Paths;37import java.security.DigestOutputStream;38import java.security.MessageDigest;39import java.security.NoSuchAlgorithmException;40import java.security.cert.CertificateException;41import java.security.cert.CertificateFactory;42import java.security.cert.X509Certificate;43import java.util.Arrays;44import java.util.SortedSet;45import java.util.TreeSet;4647/**48* Generate cacerts49* args[0]: Full path string to the directory that contains CA certs50* args[1]: Full path string to the generated cacerts51*/52public class GenerateCacerts {53public static void main(String[] args) throws Exception {54try (FileOutputStream fos = new FileOutputStream(args[1])) {55store(args[0], fos, "changeit".toCharArray());56}57}5859// The following code is copied from JavaKeyStore.java.6061private static final int MAGIC = 0xfeedfeed;62private static final int VERSION_2 = 0x02;6364// This method is a simplified version of JavaKeyStore::engineStore.65// A new "dir" argument is added. All cert names in "dir" is collected into66// a sorted array. Each cert is stored with a creation date set to its67// notBefore value. Thus the output is determined as long as the certs68// are the same.69public static void store(String dir, OutputStream stream, char[] password)70throws IOException, NoSuchAlgorithmException, CertificateException71{72byte[] encoded; // the certificate encoding73CertificateFactory cf = CertificateFactory.getInstance("X509");7475MessageDigest md = getPreKeyedHash(password);76DataOutputStream dos77= new DataOutputStream(new DigestOutputStream(stream, md));7879dos.writeInt(MAGIC);80// always write the latest version81dos.writeInt(VERSION_2);8283// All file names in dir sorted.84// README is excluded. Name starting with "." excluded.85SortedSet<String> entries = new TreeSet<String>();86try (DirectoryStream<Path> ds = Files.newDirectoryStream(Paths.get(dir))) {87for (Path p : ds) {88String fName = p.getFileName().toString();89if (!fName.equals("README") && !fName.startsWith(".")) {90entries.add(fName);91}92}93}9495dos.writeInt(entries.size());9697for (String entry : entries) {9899String alias = entry + " [jdk]";100X509Certificate cert;101try (InputStream fis = Files.newInputStream(Paths.get(dir, entry))) {102cert = (X509Certificate) cf.generateCertificate(fis);103}104105dos.writeInt(2);106107// Write the alias108dos.writeUTF(alias);109110// Write the (entry creation) date, which is notBefore of the cert111dos.writeLong(cert.getNotBefore().getTime());112113// Write the trusted certificate114encoded = cert.getEncoded();115dos.writeUTF(cert.getType());116dos.writeInt(encoded.length);117dos.write(encoded);118}119120/*121* Write the keyed hash which is used to detect tampering with122* the keystore (such as deleting or modifying key or123* certificate entries).124*/125byte[] digest = md.digest();126127dos.write(digest);128dos.flush();129}130131private static MessageDigest getPreKeyedHash(char[] password)132throws NoSuchAlgorithmException, UnsupportedEncodingException133{134135MessageDigest md = MessageDigest.getInstance("SHA");136byte[] passwdBytes = convertToBytes(password);137md.update(passwdBytes);138Arrays.fill(passwdBytes, (byte) 0x00);139md.update("Mighty Aphrodite".getBytes("UTF8"));140return md;141}142143private static byte[] convertToBytes(char[] password) {144int i, j;145byte[] passwdBytes = new byte[password.length * 2];146for (i=0, j=0; i<password.length; i++) {147passwdBytes[j++] = (byte)(password[i] >> 8);148passwdBytes[j++] = (byte)password[i];149}150return passwdBytes;151}152}153154155