List of usage examples for java.security KeyStore getCertificate
public final Certificate getCertificate(String alias) throws KeyStoreException
From source file:org.viafirma.nucleo.validacion.KeyStoreLoader.java
/** * Retora el listado de certificados almacenados dentro del keystore * indicado.//from w w w . j a va2 s . c o m * * @param ks * the keystore * @return list of certificates kept in the keystore */ @SuppressWarnings("unchecked") private static List<Certificate> getKeystoreCerts(KeyStore ks) { List<Certificate> list = new ArrayList<Certificate>(); StringBuffer certificadosIgnorados = new StringBuffer(); try { Enumeration aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); // FILTRA LOS CERTIFICADOS QUE NO QUEREMOS O NO SON NECESARIOS. if (!alias.contains(Nucleo.IDENTIFICADOR_CERTIFICADO_VIAFIRMA_KEYSTORE)) { certificadosIgnorados.append(alias + ","); } else { if (!(ks.isCertificateEntry(alias))) continue; Certificate c = ks.getCertificate(alias); if (c instanceof X509Certificate) { log.info("Detectado certificado de confianza: Alias=" + alias + ", DN=" + ((X509Certificate) c).getSubjectDN()); } list.add(c); } } log.debug("Certificados ignorados :" + certificadosIgnorados); return list; } catch (KeyStoreException e) { throw new RuntimeException("Keystore not loaded", e); } }
From source file:de.brendamour.jpasskit.signing.PKSigningUtil.java
public static PKSigningInformation loadSigningInformationFromPKCS12FileAndIntermediateCertificateFile( final String pkcs12KeyStoreFilePath, final String keyStorePassword, final String appleWWDRCAFilePath) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException { addBCProvider();//from www . j ava 2 s . c o m KeyStore pkcs12KeyStore = loadPKCS12File(pkcs12KeyStoreFilePath, keyStorePassword); Enumeration<String> aliases = pkcs12KeyStore.aliases(); PrivateKey signingPrivateKey = null; X509Certificate signingCert = null; while (aliases.hasMoreElements()) { String aliasName = aliases.nextElement(); Key key = pkcs12KeyStore.getKey(aliasName, keyStorePassword.toCharArray()); if (key instanceof PrivateKey) { signingPrivateKey = (PrivateKey) key; Object cert = pkcs12KeyStore.getCertificate(aliasName); if (cert instanceof X509Certificate) { signingCert = (X509Certificate) cert; break; } } } X509Certificate appleWWDRCACert = loadDERCertificate(appleWWDRCAFilePath); if (signingCert == null || signingPrivateKey == null || appleWWDRCACert == null) { throw new IOException("Couldn#t load all the neccessary certificates/keys"); } return new PKSigningInformation(signingCert, signingPrivateKey, appleWWDRCACert); }
From source file:de.brendamour.jpasskit.signing.PKSigningUtil.java
/** * Load all signing information necessary for pass generation using two input streams for the key store and the Apple WWDRCA certificate. * /*from w w w .j a v a 2s.c o m*/ * The caller is responsible for closing the stream after this method returns successfully or fails. * * @param pkcs12KeyStoreInputStream * <code>InputStream</code> of the key store * @param keyStorePassword * Password used to access the key store * @param appleWWDRCAFileInputStream * <code>InputStream</code> of the Apple WWDRCA certificate. * @return Signing informatino necessary to sign a pass. * @throws IOException * @throws NoSuchAlgorithmException * @throws CertificateException * @throws KeyStoreException * @throws NoSuchProviderException * @throws UnrecoverableKeyException */ public static PKSigningInformation loadSigningInformationFromPKCS12AndIntermediateCertificateStreams( final InputStream pkcs12KeyStoreInputStream, final String keyStorePassword, final InputStream appleWWDRCAFileInputStream) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, NoSuchProviderException, UnrecoverableKeyException { addBCProvider(); KeyStore pkcs12KeyStore = loadPKCS12File(pkcs12KeyStoreInputStream, keyStorePassword); Enumeration<String> aliases = pkcs12KeyStore.aliases(); PrivateKey signingPrivateKey = null; X509Certificate signingCert = null; while (aliases.hasMoreElements()) { String aliasName = aliases.nextElement(); Key key = pkcs12KeyStore.getKey(aliasName, keyStorePassword.toCharArray()); if (key instanceof PrivateKey) { signingPrivateKey = (PrivateKey) key; Object cert = pkcs12KeyStore.getCertificate(aliasName); if (cert instanceof X509Certificate) { signingCert = (X509Certificate) cert; break; } } } X509Certificate appleWWDRCACert = loadDERCertificate(appleWWDRCAFileInputStream); if (signingCert == null || signingPrivateKey == null || appleWWDRCACert == null) { throw new IOException("Couldn#t load all the neccessary certificates/keys"); } return new PKSigningInformation(signingCert, signingPrivateKey, appleWWDRCACert); }
From source file:com.wandrell.example.swss.test.util.factory.SecureSoapMessages.java
/** * Creates a SOAP message with a signature. * <p>/* www . j av a 2 s .co m*/ * A valid SOAP message is required, this will be the message to be signed. * * @param pathBase * path to the SOAP message to sign * @param privateKeyAlias * alias for the private key * @param privateKeyPass * password for the private key * @param certificateAlias * alias for the certificate * @param keystore * key store for the signing * @return a singed SOAP message * @throws Exception * if any error occurs during the message creation */ public static final SOAPMessage getSignedMessage(final String pathBase, final String privateKeyAlias, final String privateKeyPass, final String certificateAlias, final KeyStore keystore) throws Exception { Element root = null; String BaseURI = new ClassPathResource(pathBase).getURI().toString(); SOAPMessage soapMessage; Base64Converter base64 = new Base64Converter(); String token; Node binaryToken; X509Certificate cert; PrivateKey privateKey; XMLSignature sig; soapMessage = getMessageToSign(pathBase); // get the private key used to sign, from the keystore privateKey = (PrivateKey) keystore.getKey(privateKeyAlias, privateKeyPass.toCharArray()); cert = (X509Certificate) keystore.getCertificate(certificateAlias); // create basic structure of signature Document doc = toDocument(soapMessage); org.apache.xml.security.Init.init(); sig = getSignature(doc, BaseURI, cert, privateKey); // optional, but better root = doc.getDocumentElement(); root.normalize(); root.getElementsByTagName("wsse:Security").item(0).appendChild(sig.getElement()); token = base64.encode(cert.getEncoded()); binaryToken = root.getElementsByTagName("wsse:BinarySecurityToken").item(0); binaryToken.setTextContent(token); // write signature to file XMLUtils.outputDOMc14nWithComments(doc, System.out); return toMessage(doc); }
From source file:org.kse.crypto.x509.X509CertUtil.java
/** * Check whether or not a trusted certificate in the supplied KeyStore * matches the supplied X.509 certificate. * * @param cert// w w w . ja va 2s . com * The certificate * @param keyStore * The KeyStore * @return The alias of the matching certificate in the KeyStore or null if * there is no match * @throws CryptoException * If there is a problem establishing trust */ public static String matchCertificate(KeyStore keyStore, X509Certificate cert) throws CryptoException { try { for (Enumeration<String> aliases = keyStore.aliases(); aliases.hasMoreElements();) { String alias = aliases.nextElement(); if (keyStore.isCertificateEntry(alias)) { X509Certificate compCert = X509CertUtil.convertCertificate(keyStore.getCertificate(alias)); if (cert.equals(compCert)) { return alias; } } } return null; } catch (KeyStoreException ex) { throw new CryptoException(res.getString("NoMatchCertificate.exception.message"), ex); } }
From source file:com.ah.ui.actions.home.clientManagement.service.CertificateGenSV.java
public static X509Certificate ananysisP12(InputStream in, char[] keyStorePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(in, keyStorePassword); in.close();/*from www . j av a2 s . c o m*/ Enumeration<String> enums = keyStore.aliases(); if (enums.hasMoreElements()) { String keyAlis = enums.nextElement(); X509Certificate certificate = (X509Certificate) keyStore.getCertificate(keyAlis); return certificate; } return null; }
From source file:com.bernardomg.example.swss.test.util.factory.SecureSoapMessages.java
/** * Creates a SOAP message with a signature. * <p>/* w w w . j av a2 s .co m*/ * A valid SOAP message is required, this will be the message to be signed. * * @param pathBase * path to the SOAP message to sign * @param privateKeyAlias * alias for the private key * @param privateKeyPass * password for the private key * @param certificateAlias * alias for the certificate * @param keystore * key store for the signing * @return a singed SOAP message * @throws Exception * if any error occurs during the message creation */ public static final SOAPMessage getSignedMessage(final String pathBase, final String privateKeyAlias, final String privateKeyPass, final String certificateAlias, final KeyStore keystore) throws Exception { Element root = null; final String BaseURI = new ClassPathResource(pathBase).getURI().toString(); SOAPMessage soapMessage; final Base64Converter base64 = new Base64Converter(); String token; Node binaryToken; X509Certificate cert; PrivateKey privateKey; XMLSignature sig; soapMessage = getMessageToSign(pathBase); // get the private key used to sign, from the keystore privateKey = (PrivateKey) keystore.getKey(privateKeyAlias, privateKeyPass.toCharArray()); cert = (X509Certificate) keystore.getCertificate(certificateAlias); // create basic structure of signature final Document doc = toDocument(soapMessage); org.apache.xml.security.Init.init(); sig = getSignature(doc, BaseURI, cert, privateKey); // optional, but better root = doc.getDocumentElement(); root.normalize(); root.getElementsByTagName("wsse:Security").item(0).appendChild(sig.getElement()); token = base64.encode(cert.getEncoded()); binaryToken = root.getElementsByTagName("wsse:BinarySecurityToken").item(0); binaryToken.setTextContent(token); // write signature to file XMLUtils.outputDOMc14nWithComments(doc, System.out); return toMessage(doc); }
From source file:org.kse.crypto.x509.X509CertUtil.java
private static List<X509Certificate> extractCertificates(KeyStore keyStore) throws CryptoException { try {/* ww w .j a va 2 s. c om*/ List<X509Certificate> certs = new ArrayList<X509Certificate>(); for (Enumeration<String> aliases = keyStore.aliases(); aliases.hasMoreElements();) { String alias = aliases.nextElement(); if (keyStore.isCertificateEntry(alias)) { certs.add(X509CertUtil.convertCertificate(keyStore.getCertificate(alias))); } } return certs; } catch (KeyStoreException ex) { throw new CryptoException(res.getString("NoExtractCertificates.exception.message"), ex); } }
From source file:org.chaston.oakfunds.xsrf.XsrfSigner.java
private Certificate loadPublicKey() throws IOException, GeneralSecurityException { InputStream keyStream = getClass().getClassLoader().getResourceAsStream("META-INF/secrets/xsrf.p12"); KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(keyStream, "ofxsrf".toCharArray()); return ks.getCertificate("xsrf"); }
From source file:test.integ.be.agiv.security.BeIDTest.java
@Test public void testReadAuthnCert() throws Exception { Security.addProvider(new BeIDProvider()); KeyStore keyStore = KeyStore.getInstance("BeID"); keyStore.load(null);/* w ww . j ava 2 s . c om*/ Certificate certificate = keyStore.getCertificate("Authentication"); LOG.debug("certificate: " + certificate); Certificate caCert = keyStore.getCertificate("CA"); LOG.debug("CA cert: " + caCert); Certificate rootCert = keyStore.getCertificate("Root"); LOG.debug("root cert: " + rootCert); File tmpFile = File.createTempFile("beid-authn-", ".der"); FileUtils.writeByteArrayToFile(tmpFile, certificate.getEncoded()); LOG.debug("cert file: " + tmpFile.getAbsolutePath()); File caTmpFile = File.createTempFile("gov-ca-", ".der"); FileUtils.writeByteArrayToFile(caTmpFile, caCert.getEncoded()); LOG.debug("ca cert file: " + caTmpFile.getAbsolutePath()); File rootTmpFile = File.createTempFile("root-ca-", ".der"); FileUtils.writeByteArrayToFile(rootTmpFile, rootCert.getEncoded()); LOG.debug("root cert file: " + rootTmpFile.getAbsolutePath()); }