List of usage examples for java.security KeyStore getCertificate
public final Certificate getCertificate(String alias) throws KeyStoreException
From source file:com.vmware.identity.samlservice.SamlServiceTest.java
@BeforeClass public static void setUp() throws Exception { SharedUtils.bootstrap(false); // use real data String tenantName = ServerConfig.getTenant(0); String rpName = ServerConfig.getRelyingParty(tenantName, 0); String issuerUrl = ServerConfig.getRelyingPartyUrl(rpName); String acsName = ServerConfig.getAssertionConsumerService(rpName, 0); acsUrl = ServerConfig.getServiceEndpoint(acsName); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream is = new FileInputStream(SamlServiceTest.class.getResource("/sts-store.jks").getFile()); char[] stsKeystorePassword = "ca$hc0w".toCharArray(); ks.load(is, stsKeystorePassword);//from w w w .j a v a 2 s.co m String stsAlias = "stskey"; Certificate certificate = ks.getCertificate(stsAlias); Key key = ks.getKey(stsAlias, stsKeystorePassword); List<X509Certificate> certificates = new ArrayList<X509Certificate>(); certificates.add((X509Certificate) certificate); CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); CertPath certPath = certFactory.generateCertPath(certificates); privateKey = (PrivateKey) key; x509Certificate = (X509Certificate) certificate; SamlServiceFactory factory = new DefaultSamlServiceFactory(); service = factory.createSamlService(privateKey, SignatureAlgorithm.RSA_SHA256, SignatureAlgorithm.RSA_SHA256, issuerUrl, certPath); }
From source file:eidassaml.starterkit.Utils.java
/** * /* ww w . ja v a 2s .com*/ * @param stream * @param password * @param alias * @return * @throws KeyStoreException * @throws NoSuchAlgorithmException * @throws CertificateException * @throws IOException * @throws UnrecoverableKeyException * @throws NoSuchProviderException */ public static X509KeyPair ReadPKCS12(InputStream stream, char[] password, String alias) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException, NoSuchProviderException { KeyStore p12 = KeyStore.getInstance("pkcs12", "BC"); p12.load(stream, password); Enumeration<String> e = p12.aliases(); PrivateKey key = null; X509Certificate cert = null; StringBuffer aliasBuf = new StringBuffer(); while (e.hasMoreElements()) { String currentalias = (String) e.nextElement(); aliasBuf.append(currentalias); aliasBuf.append(" ||| "); cert = (X509Certificate) p12.getCertificate(currentalias); key = (PrivateKey) p12.getKey(currentalias, password); if (Utils.IsNullOrEmpty(alias) && key != null) { //take the first one break; } else if (currentalias.equals(alias) && key != null) { break; } } if (key != null) { return new X509KeyPair(key, cert); } else { StringBuffer errbuf = new StringBuffer(); errbuf.append("keystore does not contains alias " + alias + ". Try alias " + aliasBuf.toString()); throw new KeyStoreException(errbuf.toString()); } }
From source file:org.roda.common.certification.ODFSignatureUtils.java
public static Path runDigitalSignatureSign(Path input, String ks, String alias, String password, String fileFormat) throws Exception { Security.addProvider(new BouncyCastleProvider()); Path output = Files.createTempFile("odfsigned", "." + fileFormat); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream storeStream = new FileInputStream(ks); keystore.load(storeStream, password.toCharArray()); X509Certificate certificate = (X509Certificate) keystore.getCertificate(keystore.aliases().nextElement()); Key key = keystore.getKey(alias, password.toCharArray()); IOUtils.closeQuietly(storeStream);//ww w. ja v a 2s . co m ByteArrayInputStream bais = createSignature(input.toString(), certificate, key); File file = output.toFile(); if (file != null) { byte[] buffer = new byte[2048]; int length = 0; FileOutputStream fos = new FileOutputStream(file); while ((length = bais.read(buffer)) >= 0) { fos.write(buffer, 0, length); } IOUtils.closeQuietly(fos); } return output; }
From source file:org.wso2.carbon.hostobjects.sso.internal.util.Util.java
/** * This method validates the signature of the SAML Response. * @param resp SAML Response//from w ww. j a v a2 s .co m * @return true, if signature is valid. */ public static boolean validateSignature(Response resp, String keyStoreName, String keyStorePassword, String alias, int tenantId, String tenantDomain) { boolean isSigValid = false; try { KeyStore keyStore = null; java.security.cert.X509Certificate cert = null; if (tenantId != MultitenantConstants.SUPER_TENANT_ID) { // get an instance of the corresponding Key Store Manager instance KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); keyStore = keyStoreManager.getKeyStore(generateKSNameFromDomainName(tenantDomain)); cert = (java.security.cert.X509Certificate) keyStore.getCertificate(tenantDomain); } else { keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(new File(keyStoreName)), keyStorePassword.toCharArray()); cert = (java.security.cert.X509Certificate) keyStore.getCertificate(alias); } if (log.isDebugEnabled()) { log.debug("Validating against " + cert.getSubjectDN().getName()); } X509CredentialImpl credentialImpl = new X509CredentialImpl(cert); SignatureValidator signatureValidator = new SignatureValidator(credentialImpl); signatureValidator.validate(resp.getSignature()); isSigValid = true; return isSigValid; } catch (Exception e) { if (log.isDebugEnabled()) { log.debug("Signature verification is failed for " + tenantDomain); } return isSigValid; } }
From source file:org.roda.core.plugins.plugins.characterization.ODFSignatureUtils.java
public static Path runDigitalSignatureSign(Path input, String ks, String alias, String password, String fileFormat) throws IOException, GeneralSecurityException, DocumentException { Security.addProvider(new BouncyCastleProvider()); Path output = Files.createTempFile("odfsigned", "." + fileFormat); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream storeStream = new FileInputStream(ks)) { keystore.load(storeStream, password.toCharArray()); X509Certificate certificate = (X509Certificate) keystore .getCertificate(keystore.aliases().nextElement()); Key key = keystore.getKey(alias, password.toCharArray()); try (ByteArrayInputStream bais = createSignature(input.toString(), certificate, key)) { File file = output.toFile(); if (file != null && bais != null) { byte[] buffer = new byte[2048]; int length = 0; try (FileOutputStream fos = new FileOutputStream(file)) { while ((length = bais.read(buffer)) >= 0) { fos.write(buffer, 0, length); }/* w w w .j a v a 2 s.com*/ } } } } return output; }
From source file:net.sf.jsignpdf.utils.KeyStoreUtils.java
/** * Copies certificates from one keystore to another (both keystore has to be * initialized.//from w w w . ja va2 s . c o m * * @param fromKeyStore * @param toKeyStore * @return */ public static boolean copyCertificates(KeyStore fromKeyStore, KeyStore toKeyStore) { if (fromKeyStore == null || toKeyStore == null) { return false; } try { for (String alias : getCertAliases(fromKeyStore)) { toKeyStore.setCertificateEntry(alias, fromKeyStore.getCertificate(alias)); } return true; } catch (KeyStoreException e) { e.printStackTrace(); } return false; }
From source file:net.firejack.platform.web.security.x509.KeyUtils.java
public static KeyPair load(File keyStoreFile) { if (keyStoreFile != null) { try {/*w w w . j a v a 2 s .c om*/ KeyStore ks = KeyStore.getInstance("JKS", "SUN"); if (keyStoreFile.exists()) { FileInputStream stream = new FileInputStream(keyStoreFile); ks.load(stream, SECRET); IOUtils.closeQuietly(stream); PrivateKey privateKey = (PrivateKey) ks.getKey(ALIAS, SECRET); if (privateKey == null) return null; PublicKey publicKey = ks.getCertificate(ALIAS).getPublicKey(); return new KeyPair(publicKey, privateKey); } } catch (Throwable th) { logger.error("Failed to initialize key store"); throw new OpenFlameRuntimeException(th.getMessage(), th); } } else { throw new IllegalArgumentException("Key Store file should not be null."); } return null; }
From source file:org.globus.gsi.util.CertificateLoadUtil.java
public static Collection<X509Certificate> getTrustedCertificates(KeyStore keyStore, X509CertSelector selector) throws KeyStoreException { Vector<X509Certificate> certificates = new Vector<X509Certificate>(); Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (keyStore.isCertificateEntry(alias)) { // If a specific impl of keystore requires refresh, this would be a // good place to add it. Certificate certificate = keyStore.getCertificate(alias); if (certificate instanceof X509Certificate) { X509Certificate x509Cert = (X509Certificate) certificate; if (selector == null) { certificates.add(x509Cert); } else if (selector.match(certificate)) { certificates.add(x509Cert); }/*from w w w .ja va 2 s . co m*/ } } } return certificates; }
From source file:net.firejack.platform.web.security.x509.KeyUtils.java
public static KeyPair generate(File keystore) { if (keystore == null) { throw new IllegalArgumentException("Key Store file should not be null."); }//from ww w . ja v a2 s. c om try { KeyStore ks = KeyStore.getInstance("JKS", "SUN"); if (keystore.exists()) { FileInputStream stream = new FileInputStream(keystore); ks.load(stream, SECRET); IOUtils.closeQuietly(stream); } else { ks.load(null, SECRET); } if (ks.containsAlias(ALIAS)) { PrivateKey privateKey = (PrivateKey) ks.getKey(ALIAS, SECRET); PublicKey publicKey = ks.getCertificate(ALIAS).getPublicKey(); return new KeyPair(publicKey, privateKey); } else { KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); generator.initialize(KEYSIZE, new SecureRandom()); return generator.generateKeyPair(); } } catch (Throwable th) { logger.error("Failed to initialize key store"); throw new OpenFlameRuntimeException(th.getMessage(), th); } }
From source file:org.signserver.server.cryptotokens.CryptoTokenHelper.java
/** * Checks that the supplied certificate has a public key matching the * exiting one in the keystore./*w ww .java2s. com*/ * @param keyStore to get the current public key from * @param alias of the entry to check * @param newCertificate to compare with the current one * @throws KeyStoreException if the keystore has not been initialized * @throws CryptoTokenOfflineException in case the keys does not match */ public static void ensureNewPublicKeyMatchesOld(KeyStore keyStore, String alias, Certificate newCertificate) throws KeyStoreException, CryptoTokenOfflineException { Certificate oldCert = keyStore.getCertificate(alias); if (!oldCert.getPublicKey().equals(newCertificate.getPublicKey())) { throw new CryptoTokenOfflineException("New certificate public key does not match current one"); } }