List of usage examples for java.security KeyStore getEntry
public final Entry getEntry(String alias, ProtectionParameter protParam) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException
From source file:org.kuali.rice.ksb.security.admin.service.impl.JavaSecurityManagementServiceImpl.java
public List<KeyStoreEntryDataContainer> getListOfModuleKeyStoreEntries() { List<KeyStoreEntryDataContainer> keyStoreEntries = new ArrayList<KeyStoreEntryDataContainer>(); try {/*from w w w.java2 s. c o m*/ KeyStore moduleKeyStore = getModuleKeyStore(); // List the aliases for (Enumeration<String> enumer = moduleKeyStore.aliases(); enumer.hasMoreElements();) { String alias = (String) enumer.nextElement(); KeyStoreEntryDataContainer dataContainer = new KeyStoreEntryDataContainer(alias, moduleKeyStore.getCreationDate(alias)); KeyStore.PasswordProtection passwordProtection = null; if (moduleKeyStore.isKeyEntry(alias)) { passwordProtection = new KeyStore.PasswordProtection(getModuleKeyStorePassword().toCharArray()); } KeyStore.Entry entry = moduleKeyStore.getEntry(alias, passwordProtection); dataContainer.setType(entry.getClass()); keyStoreEntries.add(dataContainer); } } catch (KeyStoreException e) { e.printStackTrace(); throw new RuntimeException(e); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); throw new RuntimeException(e); } catch (UnrecoverableEntryException e) { e.printStackTrace(); throw new RuntimeException(e); } return keyStoreEntries; }
From source file:org.adeptnet.auth.saml.SAMLClient.java
private Signature getSignature() { try {//ww w .ja va2 s. c o m final char[] jksPassword = config.getKeystorePassword(); final String alias = config.getCertificateAlias(); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (final FileInputStream fileInputStream = new FileInputStream(config.getKeystore())) { keyStore.load(fileInputStream, jksPassword); } final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(jksPassword)); final PrivateKey privateKey = privateKeyEntry.getPrivateKey(); final X509Certificate certificate = (X509Certificate) privateKeyEntry.getCertificate(); final BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(certificate); credential.setPrivateKey(privateKey); final Signature signature = (Signature) org.opensaml.xml.Configuration.getBuilderFactory() .getBuilder(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME) .buildObject(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(credential); final SecurityConfiguration securityConfiguration = Configuration.getGlobalSecurityConfiguration(); final String keyInfoGeneratorProfile = null; SecurityHelper.prepareSignatureParams(signature, credential, securityConfiguration, keyInfoGeneratorProfile); return signature; } catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableEntryException | SecurityException ex) { Logger.getLogger(SAMLClient.class.getName()).log(Level.SEVERE, null, ex); return null; } }
From source file:org.sipfoundry.sipxconfig.cert.JavaKeyStore.java
/** * Compare entries from one keystore with another * * @return false if they differ/* ww w . j a v a 2 s. c o m*/ */ public boolean isEqual(InputStream bStream) { try { KeyStore b = KeyStore.getInstance(m_type); b.load(bStream, m_password); Set<String> bAliases = toSet(b.aliases()); Set<String> aAliases = toSet(m_store.aliases()); KeyStore.PasswordProtection keyPass = new KeyStore.PasswordProtection(m_password); if (!aAliases.equals(bAliases)) { return false; } for (String alias : aAliases) { // weird, when not using password, cert require null and keys // require the password given to the filestore. KeyStore.PasswordProtection password = keyPass; if (m_store.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) { password = null; } Entry aEntry = m_store.getEntry(alias, password); Entry bEntry = b.getEntry(alias, password); if (!isEqual(aEntry, bEntry)) { return false; } } return true; } catch (Exception e) { LOG.error("Could not read store", e); return false; } }
From source file:nl.afas.cordova.plugin.secureLocalStorage.SecureLocalStorage.java
private void generateKey(KeyStore keyStore) throws SecureLocalStorageException { try {/*from w w w.j ava 2s. c o m*/ _key = null; SecretKey key = KeyGenerator.getInstance("DES").generateKey(); ByteArrayOutputStream bos = new ByteArrayOutputStream(); try { ObjectOutputStream oos = new ObjectOutputStream(bos); try { oos.writeObject(key); } finally { oos.close(); } } finally { bos.close(); } // store key encrypted with keystore key pair KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore .getEntry(SECURELOCALSTORAGEALIAS, null); Cipher input = Cipher.getInstance("RSA/ECB/PKCS1Padding"); input.init(Cipher.ENCRYPT_MODE, privateKeyEntry.getCertificate().getPublicKey()); FileOutputStream fos = _cordova.getActivity().openFileOutput(SECURELOCALSTORAGEKEY, Context.MODE_PRIVATE); try { CipherOutputStream cipherOutputStream = new CipherOutputStream(fos, input); try { cipherOutputStream.write(bos.toByteArray()); } finally { cipherOutputStream.close(); } } finally { fos.close(); } } catch (Exception e) { Log.e("SecureStorage", "Read", e); throw new SecureLocalStorageException("Error generating key", e); } }
From source file:com.verisign.epp.codec.launch.EPPLaunchTst.java
/** * Loads the public key used to verify a digital signature signed with the * associated private key, loaded by/*ww w . ja v a2 s . c om*/ * {@link #loadPrivateKeyEntry(String, String, String)}. * * @param aKeyStoreName * Java Keystore containing the certificate * @param aPublicKeyAlias * Java Keystore alias of the <code>trustedCertEntry</code> * containing the public key * * @return Loaded <code>PublicKey</code> instance * * @throws Exception * Error loading the public key */ public static PublicKey loadPublicKey(String aKeyStoreName, String aPublicKeyAlias) throws Exception { // Load KeyStore KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream keyStoreFile = new FileInputStream(aKeyStoreName); keyStore.load(keyStoreFile, null); assert keyStore.isCertificateEntry(aPublicKeyAlias); KeyStore.TrustedCertificateEntry certEntry = (KeyStore.TrustedCertificateEntry) keyStore .getEntry(aPublicKeyAlias, null); return certEntry.getTrustedCertificate().getPublicKey(); }
From source file:com.verisign.epp.codec.launch.EPPLaunchTst.java
/** * Loads the private key used to digitally sign from a Java KeyStore with * the alias of the <code>PrivateKeyEntry</code> and the password to access * the Keystore and the key./*www. j ava 2 s . co m*/ * * @param aKeyStoreName * Java Keystore to load the key from * @param aKeyAliasName * Java Keystore alias of key * @param aPassword * Password to access Java Keystore and key * * @return Loaded <code>KeyStore.PrivateKeyEntry</code> that can be used to * get the private key and it's associated certificate chain. * * @throws Exception * Error loading private key */ private static KeyStore.PrivateKeyEntry loadPrivateKeyEntry(String aKeyStoreName, String aKeyAliasName, String aPassword) throws Exception { // Load KeyStore KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream keyStoreFile = new FileInputStream(aKeyStoreName); keyStore.load(keyStoreFile, aPassword.toCharArray()); // Get Private Key assert keyStore.isKeyEntry(aKeyAliasName); KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(aKeyAliasName, new KeyStore.PasswordProtection(aPassword.toCharArray())); return keyEntry; }
From source file:mitm.djigzo.web.pages.certificate.CertificateImportKey.java
private void importPfx() throws KeyStoreException, NoSuchProviderException, SecurityFactoryFactoryException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableEntryException, WebServiceCheckedException {/*from w w w .j a va 2 s .c o m*/ /* * To prevent timeouts on the SOAP connection we should upload the PFX file in batches if the PFX file * contains a large number of entries. The PFX file should therefore be opened. */ KeyStore allKeys = SecurityFactoryFactory.getSecurityFactory().createKeyStore("PKCS12"); if (password == null) { password = ""; } allKeys.load(file.getStream(), password.toCharArray()); KeyAndCertificateWorkflow.MissingKey missingKey = ignoreMissingKey ? KeyAndCertificateWorkflow.MissingKey.SKIP_CERTIFICATE : KeyAndCertificateWorkflow.MissingKey.ADD_CERTIFICATE; int imported = 0; KeyStore batchKeys = SecurityFactoryFactory.getSecurityFactory().createKeyStore("PKCS12"); batchKeys.load(null, password.toCharArray()); Enumeration<String> aliases = allKeys.aliases(); KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(password.toCharArray()); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (allKeys.isKeyEntry(alias)) { KeyStore.Entry entry = allKeys.getEntry(alias, passwordProtection); batchKeys.setEntry(alias, entry, passwordProtection); } else { Certificate certificate = allKeys.getCertificate(alias); batchKeys.setCertificateEntry(alias, certificate); } if (batchKeys.size() >= maxBatchSize) { imported += uploadKeyStore(batchKeys, missingKey, password); batchKeys = SecurityFactoryFactory.getSecurityFactory().createKeyStore("PKCS12"); batchKeys.load(null, password.toCharArray()); } } /* * Check if there are still some entries left to add (happens when the number * of entries is not a multiple of maxBatchSize) */ if (batchKeys.size() > 0) { imported += uploadKeyStore(batchKeys, missingKey, password); } this.importCount = imported; }
From source file:test.integ.be.fedict.hsm.jca.HSMProxySignatureTest.java
@Test public void testGetCertificateAuthnCertCredential() throws Exception { LOG.debug("sign"); // operate//from www.jav a 2 s . co m Security.addProvider(new BeIDProvider()); KeyStore beidKeyStore = KeyStore.getInstance("BeID"); beidKeyStore.load(null); X509Certificate authnCert = (X509Certificate) beidKeyStore.getCertificate("Authentication"); PrivateKey authnPrivateKey = (PrivateKey) beidKeyStore.getKey("Authentication", null); Security.addProvider(new HSMProxyProvider()); KeyStore hsmProxyKeyStore = KeyStore.getInstance("HSMProxy"); HSMProxyKeyStoreParameter keyStoreParameter = new HSMProxyKeyStoreParameter(authnPrivateKey, authnCert, // "https://www.e-contract.be/hsm-proxy-ws/dss", "http://localhost/hsm-proxy-ws/dss", new MyHSMProxyAudit()); hsmProxyKeyStore.load(keyStoreParameter); Enumeration<String> aliasesEnum = hsmProxyKeyStore.aliases(); assertNotNull(aliasesEnum); while (aliasesEnum.hasMoreElements()) { String alias = aliasesEnum.nextElement(); LOG.debug("alias: " + alias); X509Certificate certificate = (X509Certificate) hsmProxyKeyStore.getCertificate(alias); assertNotNull(certificate); LOG.debug("certificate: " + certificate); assertTrue(hsmProxyKeyStore.containsAlias(alias)); Certificate[] certificateChain = hsmProxyKeyStore.getCertificateChain(alias); assertNotNull(certificateChain); PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) hsmProxyKeyStore.getEntry(alias, null); assertNotNull(privateKeyEntry); } }
From source file:net.maritimecloud.identityregistry.utils.CertificateUtil.java
/** * Loads the MaritimeCloud certificate used for signing from the (jks) keystore * //from ww w. jav a 2 s . c om * @return a keyStore containing */ public PrivateKeyEntry getSigningCertEntry() { FileInputStream is; try { is = new FileInputStream(INTERMEDIATE_KEYSTORE_PATH); } catch (FileNotFoundException e) { throw new RuntimeException(e.getMessage(), e); } KeyStore keystore; try { keystore = KeyStore.getInstance(KEYSTORE_TYPE); keystore.load(is, KEYSTORE_PASSWORD.toCharArray()); KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection( KEYSTORE_PASSWORD.toCharArray()); PrivateKeyEntry signingCertEntry = (PrivateKeyEntry) keystore.getEntry(INTERMEDIATE_CERT_ALIAS, protParam); return signingCertEntry; } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException | UnrecoverableEntryException e) { throw new RuntimeException(e.getMessage(), e); } }
From source file:org.texai.x509.X509Utils.java
/** Copies the given keystore from the .uber format to the .jceks format. * * @param uberKeyStorePath the .uber keystore path * @param uberKeyStorePassword the .uber keystore password * @param jceksKeyStorePath the .jceks keystore path * @param jceksKeyStorePassword the .jceks keystore password * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the specified type * @throws IOException if there is an I/O or format problem with the keystore data, * if a password is required but not given, or if the given password was incorrect * @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore cannot be found * @throws CertificateException if any of the certificates in the keystore could not be loaded * @throws NoSuchProviderException if the cryptography provider cannot be found * @throws UnrecoverableEntryException if the keystore entry cannot be recovered with the provided password and alias */// w w w .j a va2s. c o m public static synchronized void copyKeyStoreUberToJceks(final String uberKeyStorePath, final char[] uberKeyStorePassword, final String jceksKeyStorePath, final char[] jceksKeyStorePassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, UnrecoverableEntryException { //Preconditions assert uberKeyStorePath != null : "uberKeyStorePath must not be null"; assert !uberKeyStorePath.isEmpty() : "uberKeyStorePath must not be empty"; assert uberKeyStorePath.endsWith(".uber") : "uber keystore file extension must be .uber"; assert uberKeyStorePassword != null : "uberKeyStorePassword must not be null"; assert jceksKeyStorePath != null : "jceksKeyStorePath must not be null"; assert !jceksKeyStorePath.isEmpty() : "jceksKeyStorePath must not be empty"; assert jceksKeyStorePath.endsWith(".jceks") : "jceks keystore file extension must be .jceks"; assert uberKeyStorePassword != null : "uberKeyStorePassword must not be null"; LOGGER.info("copying keystore contents of " + uberKeyStorePath + " to " + jceksKeyStorePath); final KeyStore uberKeyStore = findOrCreateUberKeyStore(uberKeyStorePath, uberKeyStorePassword); final KeyStore jceksKeyStore = findOrCreateJceksKeyStore(jceksKeyStorePath, jceksKeyStorePassword); final Enumeration<String> aliases_enumeration = uberKeyStore.aliases(); final PasswordProtection uberPasswordProtection = new PasswordProtection(uberKeyStorePassword); final PasswordProtection jceksPasswordProtection = new PasswordProtection(jceksKeyStorePassword); while (aliases_enumeration.hasMoreElements()) { final String alias = aliases_enumeration.nextElement(); final KeyStore.Entry entry = uberKeyStore.getEntry(alias, uberPasswordProtection); assert entry != null; jceksKeyStore.setEntry(alias, entry, jceksPasswordProtection); LOGGER.info(" copied entry: " + alias); } jceksKeyStore.store(new FileOutputStream(jceksKeyStorePath), jceksKeyStorePassword); }