List of usage examples for java.security KeyStore aliases
public final Enumeration<String> aliases() throws KeyStoreException
From source file:org.apache.taverna.security.credentialmanager.impl.CredentialManagerImplTest.java
/** * Test method for {@link org.apache.taverna.security.credentialmanager.impl.CredentialManagerImpl#exportKeyPair(java.lang.String, java.io.File, java.lang.String)}. * @throws CMException /*from ww w. j a va2 s. c o m*/ * @throws KeyStoreException * @throws NoSuchAlgorithmException * @throws UnrecoverableKeyException */ @Test public void testExportKeyPair() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException { String alias = credentialManager.addKeyPair(privateKey, privateKeyCertChain); File fileToExportTo = new File(credentialManagerDirectory, "test-export-key.p12"); credentialManager.exportKeyPair(alias, fileToExportTo.toPath(), privateKeyAndPKCS12KeystorePassword); assertTrue(fileToExportTo.exists()); // Load it back from the file we just saved KeyStore ks = credentialManager.loadPKCS12Keystore(fileToExportTo.toPath(), privateKeyAndPKCS12KeystorePassword); Enumeration<String> aliases = ks.aliases(); Key newPrivateKey = null; Certificate[] newPrivateKeyCerts = null; while (aliases.hasMoreElements()) { // The test-private-key-cert.p12 file contains only one private key // and corresponding certificate entry alias = aliases.nextElement(); if (ks.isKeyEntry(alias)) { // is it a (private) key entry? newPrivateKey = ks.getKey(alias, privateKeyAndPKCS12KeystorePassword.toCharArray()); newPrivateKeyCerts = ks.getCertificateChain(alias); break; } } assertNotNull(newPrivateKey); assertNotNull(newPrivateKeyCerts); //assertTrue(Arrays.equals(newPrivateKey.getEncoded(), privateKey.getEncoded())); assertTrue(newPrivateKey.equals(privateKey)); assertTrue(Arrays.equals(newPrivateKeyCerts, privateKeyCertChain)); }
From source file:org.tolven.config.model.CredentialManager.java
public void processTrustStore(TrustStoreDetail trustStoreDetail) { try {//from w ww.j av a2 s. c o m Set<X509Certificate> newTrustStoreCerts = new HashSet<X509Certificate>(); Set<X509Certificate> previousTrustStoreCerts = new HashSet<X509Certificate>(); Set<X509Certificate> resultingTrustStoreCerts = new HashSet<X509Certificate>(); for (TrustStoreCertificateDetail trustStoreCertificateDetail : trustStoreDetail.getCertificate()) { CertificateGroupDetail certGroup = getTolvenConfigWrapper() .getCredentialGroup(trustStoreCertificateDetail.getRefId()); if (certGroup == null) { throw new RuntimeException("The trusted group " + trustStoreCertificateDetail.getRefId() + " in truststore " + trustStoreDetail.getId() + " does not exist"); } X509Certificate trustStoreX509Certificate = getTolvenConfigWrapper().getX509Certificate(certGroup); newTrustStoreCerts.add(trustStoreX509Certificate); } File trustStoreFile = new File(trustStoreDetail.getSource()); if (TolvenConfigWrapper.TOLVEN_CREDENTIAL_FORMAT_PEM.equals(trustStoreDetail.getFormat())) { if (trustStoreFile.exists()) { previousTrustStoreCerts = getTolvenConfigWrapper().getX509Certificates(trustStoreFile); for (X509Certificate cert : previousTrustStoreCerts) { resultingTrustStoreCerts.add(cert); } } // And now for what Java calls a Set intersection resultingTrustStoreCerts.retainAll(newTrustStoreCerts); if (resultingTrustStoreCerts.size() != newTrustStoreCerts.size() || !resultingTrustStoreCerts.containsAll(newTrustStoreCerts)) { FileOutputStream out = null; try { out = new FileOutputStream(trustStoreFile); for (X509Certificate x509Certificate : newTrustStoreCerts) { out.write(convertToPEMBytes(x509Certificate)); } } finally { if (out != null) { out.close(); } } logger.info("Created truststore: " + trustStoreDetail.getId()); } } else if (TolvenConfigWrapper.TOLVEN_CREDENTIAL_FORMAT_JKS.equals(trustStoreDetail.getFormat()) || TolvenConfigWrapper.TOLVEN_CREDENTIAL_FORMAT_PKCS12.equals(trustStoreDetail.getFormat())) { char[] truststorepass = getPasswordHolder().getPassword(trustStoreDetail.getId()); if (trustStoreFile.exists()) { KeyStore trustStore = getTolvenConfigWrapper().getKeyStore(truststorepass, trustStoreFile, trustStoreDetail.getFormat()); Enumeration<String> enumeration = trustStore.aliases(); while (enumeration.hasMoreElements()) { String alias = enumeration.nextElement(); X509Certificate cert = (X509Certificate) trustStore.getCertificate(alias); previousTrustStoreCerts.add(cert); resultingTrustStoreCerts.add(cert); } } // And now for what Java calls a Set intersection resultingTrustStoreCerts.retainAll(newTrustStoreCerts); if (resultingTrustStoreCerts.size() != newTrustStoreCerts.size() || !resultingTrustStoreCerts.containsAll(newTrustStoreCerts)) { KeyStore trustStore = KeyStore.getInstance(trustStoreDetail.getFormat()); trustStore.load(null, truststorepass); for (X509Certificate newCert : newTrustStoreCerts) { String alias = newCert.getSubjectDN().getName(); trustStore.setCertificateEntry(alias, newCert); } trustStoreFile.getParentFile().mkdirs(); write(trustStore, trustStoreFile, truststorepass); logger.info("Created truststore: " + trustStoreDetail.getId()); } } else { throw new RuntimeException("Unrecognized keystore format: " + trustStoreDetail.getFormat()); } } catch (Exception ex) { throw new RuntimeException("Failed to process truststore: " + trustStoreDetail.getId(), ex); } }
From source file:org.apache.juddi.v3.client.cryptor.DigSigUtil.java
private X509Certificate FindCertByDN(X500Principal name) throws Exception { KeyStore ks = GetTrustStore(); if (ks == null) { return null; }//from w w w .j a va2s .c om Enumeration<String> aliases = ks.aliases(); while (aliases.hasMoreElements()) { String nextElement = aliases.nextElement(); Certificate certificate = ks.getCertificate(nextElement); X509Certificate x = (X509Certificate) certificate; if (x.getSubjectX500Principal().equals(name)) { return x; } } return null; }
From source file:org.apache.juddi.v3.client.cryptor.DigSigUtil.java
private X509Certificate FindCertByIssuer(String X509IssuerName, String X509SerialNumber) throws Exception { KeyStore ks = GetTrustStore(); if (ks == null) { return null; }//from w ww .j ava2 s . com Enumeration<String> aliases = ks.aliases(); while (aliases.hasMoreElements()) { String nextElement = aliases.nextElement(); Certificate certificate = ks.getCertificate(nextElement); X509Certificate x = (X509Certificate) certificate; if (x.getIssuerDN().getName().equals(X509IssuerName) && x.getSerialNumber().toString().equalsIgnoreCase(X509SerialNumber)) { return x; } } return null; }
From source file:nl.clockwork.mule.ebms.cxf.XMLSecSignatureInInterceptor.java
private boolean verify(KeyStore keyStore, Document document, List<EbMSDataSource> dataSources) throws XMLSignatureException, XMLSecurityException, CertificateExpiredException, CertificateNotYetValidException, KeyStoreException { NodeList nodeList = document.getElementsByTagNameNS(org.apache.xml.security.utils.Constants.SignatureSpecNS, org.apache.xml.security.utils.Constants._TAG_SIGNATURE); if (nodeList.getLength() > 0) { XMLSignature signature = new XMLSignature((Element) nodeList.item(0), org.apache.xml.security.utils.Constants.SignatureSpecNS); EbMSDataSourceResolver resolver = new EbMSDataSourceResolver(dataSources); signature.addResourceResolver(resolver); X509Certificate certificate = signature.getKeyInfo().getX509Certificate(); if (certificate != null) { certificate.checkValidity(); Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { try { Certificate c = keyStore.getCertificate(aliases.nextElement()); certificate.verify(c.getPublicKey()); return signature.checkSignatureValue(certificate); } catch (KeyStoreException e) { throw e; } catch (Exception e) { }/*from ww w. j a v a2s . co m*/ } } else { PublicKey publicKey = signature.getKeyInfo().getPublicKey(); if (publicKey != null) return signature.checkSignatureValue(publicKey); } return false; } return true; }
From source file:net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImplTest.java
/** * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#loadPKCS12Keystore(java.io.File, java.lang.String)}. * @throws CMException //from w w w . j ava 2s . co m * @throws KeyStoreException * @throws NoSuchAlgorithmException * @throws UnrecoverableKeyException */ @Test public void testLoadPKCS12Keystore() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException { KeyStore pkcs12Keystore = credentialManager.loadPKCS12Keystore(new File(privateKeyFileURL.getPath()), privateKeyAndPKCS12KeystorePassword); Key privateKey2 = null; Certificate[] privateKeyCertChain2 = null; Enumeration<String> aliases = pkcs12Keystore.aliases(); while (aliases.hasMoreElements()) { // The test-private-key-cert.p12 file contains only one private key // and corresponding certificate entry String alias = aliases.nextElement(); if (pkcs12Keystore.isKeyEntry(alias)) { // is it a (private) key entry? privateKey2 = pkcs12Keystore.getKey(alias, privateKeyAndPKCS12KeystorePassword.toCharArray()); privateKeyCertChain2 = pkcs12Keystore.getCertificateChain(alias); break; } } assertNotNull(privateKey2); assertNotNull(privateKeyCertChain2); }
From source file:org.globus.gsi.provider.TestPEMFileBasedKeyStore.java
@Test public void testCreationDate() throws Exception { KeyStore store = KeyStore.getInstance("PEMFilebasedKeyStore", "Globus"); // Parameters in properties file Properties properties = new Properties(); properties.setProperty(PEMKeyStore.DEFAULT_DIRECTORY_KEY, "file:" + this.defaultTrustedDirectory.getTempDirectoryName()); properties.setProperty(PEMKeyStore.DIRECTORY_LIST_KEY, "file:" + this.trustedDirectory.getTempDirectoryName() + "/*.0"); InputStream ins = null;// w ww .j a va 2 s . c om try { ins = getProperties(properties); store.load(ins, null); } finally { if (ins != null) { ins.close(); } } Enumeration<String> aliases = store.aliases(); if (aliases.hasMoreElements()) { String alias = aliases.nextElement(); assertNotNull(store.getCreationDate(alias)); } assertNull(store.getCreationDate("FakeAlias")); }
From source file:org.apache.taverna.security.credentialmanager.impl.CredentialManagerImplTest.java
/** * Test method for {@link net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl#loadPKCS12Keystore(java.io.File, java.lang.String)}. * @throws CMException /*from w ww . j a va2s .c o m*/ * @throws KeyStoreException * @throws NoSuchAlgorithmException * @throws UnrecoverableKeyException */ @Test public void testLoadPKCS12Keystore() throws CMException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException { KeyStore pkcs12Keystore = credentialManager.loadPKCS12Keystore( new File(privateKeyFileURL.getPath()).toPath(), privateKeyAndPKCS12KeystorePassword); Key privateKey2 = null; Certificate[] privateKeyCertChain2 = null; Enumeration<String> aliases = pkcs12Keystore.aliases(); while (aliases.hasMoreElements()) { // The test-private-key-cert.p12 file contains only one private key // and corresponding certificate entry String alias = aliases.nextElement(); if (pkcs12Keystore.isKeyEntry(alias)) { // is it a (private) key entry? privateKey2 = pkcs12Keystore.getKey(alias, privateKeyAndPKCS12KeystorePassword.toCharArray()); privateKeyCertChain2 = pkcs12Keystore.getCertificateChain(alias); break; } } assertNotNull(privateKey2); assertNotNull(privateKeyCertChain2); }
From source file:org.globus.security.provider.TestPEMFileBasedKeyStore.java
@Test public void testCreationDate() throws Exception { KeyStore store = KeyStore.getInstance("PEMFilebasedKeyStore", "Globus"); // Parameters in properties file Properties properties = new Properties(); properties.setProperty(PEMKeyStore.DEFAULT_DIRECTORY_KEY, "file:" + this.defaultTrustedDirectory.getTempDirectoryName() + "/*.0"); properties.setProperty(PEMKeyStore.DIRECTORY_LIST_KEY, "file:" + this.trustedDirectory.getTempDirectoryName() + "/*.0"); InputStream ins = null;//from ww w. ja va2 s . co m try { ins = getProperties(properties); store.load(ins, null); } finally { if (ins != null) { ins.close(); } } Enumeration<String> aliases = store.aliases(); if (aliases.hasMoreElements()) { String alias = aliases.nextElement(); assertNotNull(store.getCreationDate(alias)); } assertNull(store.getCreationDate("FakeAlias")); }
From source file:info.guardianproject.onionkit.trust.StrongTrustManager.java
private X509Certificate findCertIssuerInStore(X509Certificate x509cert, KeyStore kStore) throws CertificateException { X509Certificate x509issuer = null; debug("searching store for issuer: " + x509cert.getIssuerDN()); // check in our local root CA Store Enumeration<String> enumAliases; try {//from w w w . j a v a 2 s. co m enumAliases = kStore.aliases(); X509Certificate x509search = null; while (enumAliases.hasMoreElements()) { x509search = (X509Certificate) kStore.getCertificate(enumAliases.nextElement()); if (checkSubjectMatchesIssuer(x509search.getSubjectX500Principal(), x509cert.getIssuerX500Principal())) { x509issuer = x509search; debug("found issuer for current cert in chain in ROOT CA store: " + x509issuer.getSubjectDN()); break; } } } catch (KeyStoreException e) { String errMsg = mContext.getString(R.string.error_problem_access_local_root_ca_store); debug(errMsg); throw new CertificateException(errMsg); } return x509issuer; }