List of usage examples for java.security KeyStore aliases
public final Enumeration<String> aliases() throws KeyStoreException
From source file:test.integ.be.fedict.commons.eid.client.JCATest.java
@Test public void testAutoFindCard() throws Exception { Security.addProvider(new BeIDProvider()); final KeyStore keyStore = KeyStore.getInstance("BeID"); BeIDKeyStoreParameter beIDKeyStoreParameter = new BeIDKeyStoreParameter(); beIDKeyStoreParameter.setLocale(new Locale("fr")); keyStore.load(beIDKeyStoreParameter); final Enumeration<String> aliases = keyStore.aliases(); assertNotNull(aliases);//from ww w .j av a 2 s .c o m while (aliases.hasMoreElements()) { final String alias = aliases.nextElement(); LOG.debug("alias: " + alias); } final X509Certificate authnCertificate = (X509Certificate) keyStore.getCertificate("Authentication"); assertNotNull(authnCertificate); }
From source file:org.demoiselle.signer.policy.impl.cades.pkcs7.impl.CAdESSignerTest.java
private String getAlias(KeyStore ks) { Certificate[] certificates = null; String alias = ""; Enumeration<String> e; try {/* w ww .ja v a 2s . c om*/ e = ks.aliases(); while (e.hasMoreElements()) { alias = e.nextElement(); System.out.println("alias..............: " + alias); System.out.println("iskeyEntry" + ks.isKeyEntry(alias)); System.out.println("containsAlias" + ks.containsAlias(alias)); certificates = ks.getCertificateChain(alias); } } catch (Exception ex) { ex.printStackTrace(); } return alias; }
From source file:edu.byu.wso2.apim.extensions.JWTDecoder.java
private String getAliasForX509CertThumb(KeyStore keyStore, byte[] thumb, MessageContext synapseContext) { SynapseLog synLog = getLog(synapseContext); Certificate cert = null;//from w w w .ja v a 2 s. c o m MessageDigest sha = null; try { sha = MessageDigest.getInstance("SHA-1"); } catch (NoSuchAlgorithmException e) { handleSigVerificationException(e, synapseContext); } try { for (Enumeration<String> e = keyStore.aliases(); e.hasMoreElements();) { String alias = e.nextElement(); Certificate[] certs = keyStore.getCertificateChain(alias); if (certs == null || certs.length == 0) { // no cert chain, so lets check if getCertificate gives us a result. cert = keyStore.getCertificate(alias); if (cert == null) { return null; } } else { cert = certs[0]; } if (!(cert instanceof X509Certificate)) { continue; } sha.reset(); try { sha.update(cert.getEncoded()); } catch (CertificateEncodingException e1) { //throw new Exception("Error encoding certificate"); } byte[] data = sha.digest(); if (new String(thumb).equals(hexify(data))) { if (synLog.isTraceOrDebugEnabled()) { synLog.traceOrDebug("Found matching alias: " + alias); } return alias; } } } catch (KeyStoreException e) { if (log.isErrorEnabled()) { log.error("Error getting alias from keystore", e); } } return null; }
From source file:org.ejbca.core.model.ca.catoken.BaseCAToken.java
/** * @param keyStore/*from w w w.ja va 2 s . co m*/ * @param alias * @return * @throws Exception */ protected PublicKey readPublicKey(KeyStore keyStore, String alias) throws Exception { Certificate cert = keyStore.getCertificate(alias); PublicKey pubk = null; if (cert != null) { pubk = cert.getPublicKey(); } else { log.error(intres.getLocalizedMessage("catoken.nopublic", alias)); if (log.isDebugEnabled()) { Enumeration en = keyStore.aliases(); while (en.hasMoreElements()) { log.debug("Existing alias: " + (String) en.nextElement()); } } } return pubk; }
From source file:it.cnr.icar.eric.server.security.authentication.AuthenticationServiceImpl.java
private void loadPublicKeyToCertMap() throws RegistryException { try {/*w w w . j av a 2 s . c om*/ KeyStore store = getKeyStore(); for (Enumeration<String> e = store.aliases(); e.hasMoreElements();) { String alias = e.nextElement(); X509Certificate cert = (X509Certificate) store.getCertificate(alias); PublicKey publicKey = cert.getPublicKey(); publicKeyToCertMap.put(publicKey, cert); } } catch (KeyStoreException e) { throw new RegistryException(e); } }
From source file:org.wso2.carbon.security.keystore.KeyStoreAdmin.java
public String[] getStoreEntries(String keyStoreName) throws SecurityConfigException { String[] names;/* w w w. j av a 2 s . c o m*/ try { if (keyStoreName == null) { throw new Exception("keystore name cannot be null"); } KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); KeyStore ks = keyMan.getKeyStore(keyStoreName); Enumeration<String> enm = ks.aliases(); List<String> lst = new ArrayList<>(); while (enm.hasMoreElements()) { lst.add(enm.nextElement()); } names = lst.toArray(new String[lst.size()]); } catch (SecurityConfigException e) { throw e; } catch (Exception e) { String msg = "Error when getting store entries"; log.error(msg, e); throw new SecurityConfigException(msg); } return names; }
From source file:org.texai.x509.X509Utils.java
/** Logs the aliases contained in the given keystore. /*from w w w. j av a 2 s . c o m*/ @param keyStore the given keystore */ public static void logAliases(final KeyStore keyStore) { Enumeration<String> aliases; try { aliases = keyStore.aliases(); } catch (KeyStoreException ex) { throw new TexaiException(ex); } LOGGER.info("aliases..."); while (aliases.hasMoreElements()) { LOGGER.info(" " + aliases.nextElement()); } }
From source file:it.cnr.icar.eric.common.security.KeystoreMover.java
public void move(String sourceKeystoreType, String sourceKeystorePath, String sourceKeystorePassword, String sourceAlias, String sourceKeyPassword, String destinationKeystoreType, String destinationKeystorePath, String destinationKeystorePassword, String destinationAlias, String destinationKeyPassword) throws Exception { char[] sourceKeystorePasswordArr = null; if (sourceKeystorePassword != null) { sourceKeystorePasswordArr = sourceKeystorePassword.toCharArray(); }//from w ww . j a v a 2 s. co m char[] sourceKeyPasswordArr = sourceKeystorePasswordArr; if (sourceKeyPassword != null) { sourceKeyPasswordArr = sourceKeyPassword.toCharArray(); } char[] destinationKeystorePasswordArr = null; if (destinationKeystorePassword != null) { destinationKeystorePasswordArr = destinationKeystorePassword.toCharArray(); } char[] destinationKeyPasswordArr = destinationKeystorePasswordArr; if (destinationKeyPassword != null) { destinationKeyPasswordArr = destinationKeyPassword.toCharArray(); } FileInputStream in; // -------- Load source keystore to memory --------- in = new FileInputStream(sourceKeystorePath); KeyStore ksin = KeyStore.getInstance(sourceKeystoreType); ksin.load(in, sourceKeystorePasswordArr); in.close(); // -------- Load destination keystore initial contents to memory --------- KeyStore ksout = KeyStore.getInstance(destinationKeystoreType); try { in = new FileInputStream(destinationKeystorePath); ksout.load(in, destinationKeystorePasswordArr); } catch (java.io.FileNotFoundException e) { ksout.load(null, destinationKeystorePasswordArr); } finally { in.close(); } Enumeration<String> en = ksin.aliases(); while (en.hasMoreElements()) { String alias = en.nextElement(); if ((sourceAlias == null) || (sourceAlias.equalsIgnoreCase(alias))) { if (ksout.containsAlias(alias)) { log.info(CommonResourceBundle.getInstance().getString( "message.destinationKeystorePathAlreadyContains", new Object[] { destinationKeystorePath, alias })); continue; } //Use existing alias if no destinationAlias specified if (destinationAlias == null) { destinationAlias = alias; } if (ksin.isCertificateEntry(alias)) { log.debug(CommonResourceBundle.getInstance().getString("message.importingCertificate", new Object[] { alias })); ksout.setCertificateEntry(destinationAlias, ksin.getCertificate(alias)); } if (ksin.isKeyEntry(alias)) { log.debug(CommonResourceBundle.getInstance().getString("message.importingKey", new Object[] { alias })); Certificate[] certChain = ksin.getCertificateChain(alias); ksout.setKeyEntry(destinationAlias, ksin.getKey(alias, sourceKeyPasswordArr), destinationKeyPasswordArr, certChain); } } } //--------- Overwrite the destination keystore with new keys/certs which is a merge of source and original destination keystores-------------- FileOutputStream out = new FileOutputStream(destinationKeystorePath); ksout.store(out, destinationKeystorePasswordArr); out.close(); log.debug(CommonResourceBundle.getInstance().getString("message.keystoreCopySuccessful")); }
From source file:com.googlecode.onevre.utils.ServerClassLoader.java
private boolean verifyCertificate(X509Certificate cert) { try {/*from ww w .j a v a 2s .com*/ String keypass = ""; String keystorename = System.getProperty("deployment.user.security.trusted.certs"); if (keystorename == null) { throw new IOException("No trusted certs keystore"); } KeyStore keystore = KeyStore.getInstance("JKS", "SUN"); File file = new File(keystorename); if (!file.exists()) { keystore.load(null, keypass.toCharArray()); } else { keystore.load(new FileInputStream(keystorename), keypass.toCharArray()); } boolean isInStore = false; Enumeration<String> aliases = keystore.aliases(); while (aliases.hasMoreElements() && !isInStore) { String alias = aliases.nextElement(); Certificate certificate = keystore.getCertificate(alias); if (certificate != null) { if (certificate.equals(cert)) { isInStore = true; } } } if (!isInStore) { int result = JOptionPane.showConfirmDialog(null, "Do you want to trust the bridge implementation " + "signed by\n" + cert.getSubjectX500Principal().getName(), "Trust source?", JOptionPane.YES_NO_OPTION); if (result == JOptionPane.YES_OPTION) { keystore.setEntry("deploymentusercert-" + System.currentTimeMillis(), new KeyStore.TrustedCertificateEntry(cert), null); FileOutputStream output = new FileOutputStream(keystorename); keystore.store(output, keypass.toCharArray()); output.close(); return true; } return false; } return true; } catch (Throwable t) { t.printStackTrace(); } return false; }
From source file:org.codice.ddf.security.certificate.keystore.editor.KeystoreEditor.java
private synchronized void addToStore(String alias, String keyPassword, String storePassword, String data, String type, String fileName, String path, String storepass, KeyStore store) throws KeystoreEditorException { OutputStream fos = null;/* w ww .ja va 2 s . c o m*/ try (InputStream inputStream = new ByteArrayInputStream(Base64.getDecoder().decode(data))) { if (StringUtils.isBlank(alias)) { throw new IllegalArgumentException("Alias cannot be null."); } Path storeFile = Paths.get(path); //check the two most common key/cert stores first (pkcs12 and jks) if (PKCS12_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".p12")) { //priv key + cert chain KeyStore pkcs12Store = KeyStore.getInstance("PKCS12"); pkcs12Store.load(inputStream, storePassword.toCharArray()); Certificate[] chain = pkcs12Store.getCertificateChain(alias); Key key = pkcs12Store.getKey(alias, keyPassword.toCharArray()); if (key != null) { store.setKeyEntry(alias, key, keyPassword.toCharArray(), chain); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } else if (JKS_TYPE.equals(type) || StringUtils.endsWithIgnoreCase(fileName, ".jks")) { //java keystore file KeyStore jks = KeyStore.getInstance("jks"); jks.load(inputStream, storePassword.toCharArray()); Enumeration<String> aliases = jks.aliases(); //we are going to store all entries from the jks regardless of the passed in alias while (aliases.hasMoreElements()) { String jksAlias = aliases.nextElement(); if (jks.isKeyEntry(jksAlias)) { Key key = jks.getKey(jksAlias, keyPassword.toCharArray()); Certificate[] certificateChain = jks.getCertificateChain(jksAlias); store.setKeyEntry(jksAlias, key, keyPassword.toCharArray(), certificateChain); } else { Certificate certificate = jks.getCertificate(jksAlias); store.setCertificateEntry(jksAlias, certificate); } } fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //need to parse der separately from pem, der has the same mime type but is binary hence checking both } else if (DER_TYPE.equals(type) && StringUtils.endsWithIgnoreCase(fileName, ".der")) { ASN1InputStream asn1InputStream = new ASN1InputStream(inputStream); ASN1Primitive asn1Primitive = asn1InputStream.readObject(); X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(asn1Primitive.getEncoded()); CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate).getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); //if it isn't one of the stores we support, it might be a key or cert by itself } else if (isPemParsable(type, fileName)) { //This is the catch all case for PEM, P7B, etc. with common file extensions if the mime type isn't read correctly in the browser Reader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8)); PEMParser pemParser = new PEMParser(reader); Object object; boolean setEntry = false; while ((object = pemParser.readObject()) != null) { if (object instanceof PEMEncryptedKeyPair || object instanceof PEMKeyPair) { PEMKeyPair pemKeyPair; if (object instanceof PEMEncryptedKeyPair) { PEMEncryptedKeyPair pemEncryptedKeyPairKeyPair = (PEMEncryptedKeyPair) object; JcePEMDecryptorProviderBuilder jcePEMDecryptorProviderBuilder = new JcePEMDecryptorProviderBuilder(); pemKeyPair = pemEncryptedKeyPairKeyPair.decryptKeyPair( jcePEMDecryptorProviderBuilder.build(keyPassword.toCharArray())); } else { pemKeyPair = (PEMKeyPair) object; } KeyPair keyPair = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemKeyPair); PrivateKey privateKey = keyPair.getPrivate(); Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } store.setKeyEntry(alias, privateKey, keyPassword.toCharArray(), chain); setEntry = true; } else if (object instanceof X509CertificateHolder) { X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) object; CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC"); Certificate certificate = certificateFactory .generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())); X500Name x500name = new JcaX509CertificateHolder((X509Certificate) certificate) .getSubject(); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; String cnStr = IETFUtils.valueToString(cn.getFirst().getValue()); if (!store.isCertificateEntry(cnStr) && !store.isKeyEntry(cnStr)) { store.setCertificateEntry(cnStr, certificate); } store.setCertificateEntry(alias, certificate); setEntry = true; } else if (object instanceof ContentInfo) { ContentInfo contentInfo = (ContentInfo) object; if (contentInfo.getContentType().equals(CMSObjectIdentifiers.envelopedData)) { CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(contentInfo); OriginatorInfo originatorInfo = cmsEnvelopedData.getOriginatorInfo().toASN1Structure(); ASN1Set certificates = originatorInfo.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } else if (contentInfo.getContentType().equals(CMSObjectIdentifiers.signedData)) { SignedData signedData = SignedData.getInstance(contentInfo.getContent()); ASN1Set certificates = signedData.getCertificates(); setEntry = importASN1CertificatesToStore(store, setEntry, certificates); } } else if (object instanceof PKCS8EncryptedPrivateKeyInfo) { PKCS8EncryptedPrivateKeyInfo pkcs8EncryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) object; Certificate[] chain = store.getCertificateChain(alias); if (chain == null) { chain = buildCertChain(alias, store); } try { store.setKeyEntry(alias, pkcs8EncryptedPrivateKeyInfo.getEncoded(), chain); setEntry = true; } catch (KeyStoreException keyEx) { try { PKCS8Key pkcs8Key = new PKCS8Key(pkcs8EncryptedPrivateKeyInfo.getEncoded(), keyPassword.toCharArray()); store.setKeyEntry(alias, pkcs8Key.getPrivateKey(), keyPassword.toCharArray(), chain); setEntry = true; } catch (GeneralSecurityException e) { LOGGER.error( "Unable to add PKCS8 key to keystore with secondary method. Throwing original exception.", e); throw keyEx; } } } } if (setEntry) { fos = Files.newOutputStream(storeFile); store.store(fos, storepass.toCharArray()); } } } catch (Exception e) { LOGGER.error("Unable to add entry {} to store", alias, e); throw new KeystoreEditorException("Unable to add entry " + alias + " to store", e); } finally { if (fos != null) { try { fos.close(); } catch (IOException ignore) { } } } init(); }