import javax.crypto.SecretKeyFactory; //导入方法依赖的package包/类
/**
* Gets the secret password stored in keystore under given alias.
* @param alias
* @param entryPassword entry password to access the secret password stored in keystore
* @return the secret password or null if secret password does not exists in keystore
* @throws KeyStoreProviderException
*/
public String getPassword(String alias, String entryPassword) throws KeyStoreProviderException {
try {
LOG.info(String.format("Getting password with alias %s from keystore ...", alias));
SecretKeyFactory factory = SecretKeyFactory.getInstance(SECRET_KEY_PASSWORD_ALGORITHM);
Optional ske = Optional.fromNullable((KeyStore.SecretKeyEntry) this.keystore.getEntry(alias, new KeyStore.PasswordProtection(entryPassword.toCharArray())));
if(!ske.isPresent()) {
return null;
}
PBEKeySpec keySpec = (PBEKeySpec)factory.getKeySpec(ske.get().getSecretKey(),PBEKeySpec.class);
char[] password = keySpec.getPassword();
if(ArrayUtils.isEmpty(password)) {
throw new KeyStoreProviderException("Recovered password is blank.");
}
return new String(password);
} catch (NoSuchAlgorithmException nsae) {
throw new KeyStoreProviderException("Algorithm used to create PBE secret cannot be found.", nsae);
} catch (UnrecoverableEntryException uee) {
throw new KeyStoreProviderException("Invalid entry password to recover secret.", uee);
} catch (KeyStoreException kse) {
throw new KeyStoreProviderException("Failed to get PBE secret to keystore.", kse);
} catch (InvalidKeySpecException ikse) {
throw new KeyStoreProviderException("Failed to get key spec from PBE secret.", ikse);
} catch (Exception e) {
throw new KeyStoreProviderException("Failed to get PBE secret.", e);
}
}