List of usage examples for java.security KeyStore isCertificateEntry
public final boolean isCertificateEntry(String alias) throws KeyStoreException
From source file:org.ejbca.core.protocol.ocsp.OCSPUnidClient.java
/** * @param ksfilename String Filename of PKCS#12 keystore used to authenticate TLS client authentication, or null if TLS is not used * @param pwd String password for the key store,or null if no keystore is used * @param ocspurl String url to the OCSP server, or null if we should try to use the AIA extension from the cert; e.g. http://127.0.0.1:8080/ejbca/publicweb/status/ocsp (or https for TLS) * @return the client to use/*from w ww . j av a 2 s . c o m*/ * @throws Exception */ public static OCSPUnidClient getOCSPUnidClient(String ksfilename, String pwd, String ocspurl, boolean doSignRequst, boolean getfnr) throws Exception { if (doSignRequst && ksfilename == null) { throw new Exception("You got to give the path name for a keystore to use when using signing."); } final KeyStore ks; if (ksfilename != null) { ks = KeyStore.getInstance("PKCS12", "BC"); ks.load(new FileInputStream(ksfilename), pwd.toCharArray()); Enumeration<String> en = ks.aliases(); String alias = null; // If this alias is a trusted certificate entry, we don't want to fetch that, we want the key entry while ((alias == null || ks.isCertificateEntry(alias)) && en.hasMoreElements()) { alias = en.nextElement(); } final Certificate[] certs = KeyTools.getCertChain(ks, alias); if (certs == null) { throw new IOException("Can not find a certificate entry in PKCS12 keystore for alias " + alias); } final PrivateKey privateKey = doSignRequst ? (PrivateKey) ks.getKey(alias, null) : null; return new OCSPUnidClient(ks, pwd, ocspurl, certs, privateKey, getfnr); } else { return new OCSPUnidClient(null, null, ocspurl, null, null, getfnr); } }
From source file:org.globus.gsi.util.CertificateLoadUtil.java
public static Collection<X509Certificate> getTrustedCertificates(KeyStore keyStore, X509CertSelector selector) throws KeyStoreException { Vector<X509Certificate> certificates = new Vector<X509Certificate>(); Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (keyStore.isCertificateEntry(alias)) { // If a specific impl of keystore requires refresh, this would be a // good place to add it. Certificate certificate = keyStore.getCertificate(alias); if (certificate instanceof X509Certificate) { X509Certificate x509Cert = (X509Certificate) certificate; if (selector == null) { certificates.add(x509Cert); } else if (selector.match(certificate)) { certificates.add(x509Cert); }//from ww w . j av a2s . c om } } } return certificates; }
From source file:org.kse.crypto.x509.X509CertUtil.java
private static List<X509Certificate> extractCertificates(KeyStore keyStore) throws CryptoException { try {//from ww w . j av a 2s.co m List<X509Certificate> certs = new ArrayList<X509Certificate>(); for (Enumeration<String> aliases = keyStore.aliases(); aliases.hasMoreElements();) { String alias = aliases.nextElement(); if (keyStore.isCertificateEntry(alias)) { certs.add(X509CertUtil.convertCertificate(keyStore.getCertificate(alias))); } } return certs; } catch (KeyStoreException ex) { throw new CryptoException(res.getString("NoExtractCertificates.exception.message"), ex); } }
From source file:org.kse.crypto.x509.X509CertUtil.java
/** * Check whether or not a trusted certificate in the supplied KeyStore * matches the supplied X.509 certificate. * * @param cert//from www . j a va 2 s . c o m * The certificate * @param keyStore * The KeyStore * @return The alias of the matching certificate in the KeyStore or null if * there is no match * @throws CryptoException * If there is a problem establishing trust */ public static String matchCertificate(KeyStore keyStore, X509Certificate cert) throws CryptoException { try { for (Enumeration<String> aliases = keyStore.aliases(); aliases.hasMoreElements();) { String alias = aliases.nextElement(); if (keyStore.isCertificateEntry(alias)) { X509Certificate compCert = X509CertUtil.convertCertificate(keyStore.getCertificate(alias)); if (cert.equals(compCert)) { return alias; } } } return null; } catch (KeyStoreException ex) { throw new CryptoException(res.getString("NoMatchCertificate.exception.message"), ex); } }
From source file:org.lockss.protocol.BlockingStreamComm.java
private void logKeyStore(KeyStore ks, char[] privateKeyPassWord) { log.debug3("start of key store"); try {/*from w w w . j a v a2 s .c om*/ for (Enumeration en = ks.aliases(); en.hasMoreElements();) { String alias = (String) en.nextElement(); log.debug3("Next alias " + alias); if (ks.isCertificateEntry(alias)) { log.debug3("About to Certificate"); java.security.cert.Certificate cert = ks.getCertificate(alias); if (cert == null) { log.debug3(alias + " null cert chain"); } else { log.debug3("Cert for " + alias + " is " + cert.toString()); } } else if (ks.isKeyEntry(alias)) { log.debug3("About to getKey"); Key privateKey = ks.getKey(alias, privateKeyPassWord); log.debug3(alias + " key " + privateKey.getAlgorithm() + "/" + privateKey.getFormat()); } else { log.debug3(alias + " neither key nor cert"); } } log.debug3("end of key store"); } catch (Exception ex) { log.error("logKeyStore() threw " + ex); } }
From source file:org.lockss.util.TestKeyStoreUtil.java
void assertPrivateKs(File file, String pass, String alias) throws Exception { KeyStore ks = loadKeyStore("jceks", file, alias); List aliases = ListUtil.fromIterator(new EnumerationIterator(ks.aliases())); assertEquals(2, aliases.size());/* w w w.j av a 2 s . co m*/ Certificate cert = ks.getCertificate(alias + ".crt"); assertNotNull(cert); assertEquals("X.509", cert.getType()); assertTrue(ks.isKeyEntry(alias + ".key")); assertTrue(ks.isCertificateEntry(alias + ".crt")); Key key = ks.getKey(alias + ".key", pass.toCharArray()); assertNotNull(key); assertEquals("RSA", key.getAlgorithm()); }
From source file:org.opendaylight.aaa.cert.impl.ODLKeyTool.java
public boolean addCertificate(final String keyStoreName, final String keyStorePwd, final String certificate, final String alias) { try {//from w ww.j a v a 2 s . c om final X509Certificate newCert = getCertificate(certificate); final KeyStore keyStore = KeyStore.getInstance("JKS"); final FileInputStream fInputStream = new FileInputStream(workingDir + keyStoreName); keyStore.load(fInputStream, keyStorePwd.toCharArray()); if (keyStore.isCertificateEntry(alias)) { keyStore.deleteEntry(alias); } keyStore.setCertificateEntry(alias, newCert); keyStore.store(new FileOutputStream(workingDir + keyStoreName), keyStorePwd.toCharArray()); LOG.info("Certificate {} Added to keyStore {}", alias, keyStoreName); return true; } catch (CertificateException | KeyStoreException | NoSuchAlgorithmException | IOException e) { LOG.error("failed to add certificate", e); return false; } }
From source file:org.opendaylight.aaa.cert.impl.ODLMdsalKeyTool.java
public KeyStore addCertificate(final KeyStore keyStore, final String certificate, final String alias, final boolean deleteOld) { try {/* w w w . j a va 2 s . com*/ final X509Certificate newCert = getCertificate(certificate); if (keyStore.isCertificateEntry(alias) && deleteOld) { keyStore.deleteEntry(alias); } if (newCert != null) { keyStore.setCertificateEntry(alias, newCert); } else { LOG.warn("{} Not a valid certificate {}", alias, certificate); return null; } return keyStore; } catch (final KeyStoreException e) { LOG.error("failed to add certificate", e); return null; } }
From source file:org.viafirma.nucleo.validacion.KeyStoreLoader.java
/** * Retora el listado de certificados almacenados dentro del keystore * indicado.// w w w .j a va 2s.c o m * * @param ks * the keystore * @return list of certificates kept in the keystore */ @SuppressWarnings("unchecked") private static List<Certificate> getKeystoreCerts(KeyStore ks) { List<Certificate> list = new ArrayList<Certificate>(); StringBuffer certificadosIgnorados = new StringBuffer(); try { Enumeration aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); // FILTRA LOS CERTIFICADOS QUE NO QUEREMOS O NO SON NECESARIOS. if (!alias.contains(Nucleo.IDENTIFICADOR_CERTIFICADO_VIAFIRMA_KEYSTORE)) { certificadosIgnorados.append(alias + ","); } else { if (!(ks.isCertificateEntry(alias))) continue; Certificate c = ks.getCertificate(alias); if (c instanceof X509Certificate) { log.info("Detectado certificado de confianza: Alias=" + alias + ", DN=" + ((X509Certificate) c).getSubjectDN()); } list.add(c); } } log.debug("Certificados ignorados :" + certificadosIgnorados); return list; } catch (KeyStoreException e) { throw new RuntimeException("Keystore not loaded", e); } }
From source file:org.wso2.carbon.security.keystore.KeyStoreAdmin.java
/** * This method will list 1. Certificate aliases 2. Private key alise 3. Private key value to a * given keystore.//from w ww . j ava2 s. c o m * * @param keyStoreName The name of the keystore * @return Instance of KeyStoreData * @throws SecurityConfigException will be thrown */ public KeyStoreData getKeystoreInfo(String keyStoreName) throws SecurityConfigException { try { if (keyStoreName == null) { throw new Exception("keystore name cannot be null"); } KeyStore keyStore; String keyStoreType; String privateKeyPassowrd = null; if (KeyStoreUtil.isPrimaryStore(keyStoreName)) { KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); keyStore = keyMan.getPrimaryKeyStore(); ServerConfiguration serverConfig = ServerConfiguration.getInstance(); keyStoreType = serverConfig .getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIMARY_KEYSTORE_TYPE); privateKeyPassowrd = serverConfig .getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD); } else { String path = SecurityConstants.KEY_STORES + "/" + keyStoreName; if (!registry.resourceExists(path)) { throw new SecurityConfigException("Key Store not found"); } Resource resource = registry.get(path); KeyStoreManager manager = KeyStoreManager.getInstance(tenantId); keyStore = manager.getKeyStore(keyStoreName); keyStoreType = resource.getProperty(SecurityConstants.PROP_TYPE); String encpass = resource.getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS); if (encpass != null) { CryptoUtil util = CryptoUtil.getDefaultCryptoUtil(); privateKeyPassowrd = new String(util.base64DecodeAndDecrypt(encpass)); } } // Fill the information about the certificates Enumeration<String> aliases = keyStore.aliases(); List<org.wso2.carbon.security.keystore.service.CertData> certDataList = new ArrayList<>(); Format formatter = new SimpleDateFormat("dd/MM/yyyy"); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (keyStore.isCertificateEntry(alias)) { X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias); certDataList.add(fillCertData(cert, alias, formatter)); } } // Create a cert array CertData[] certs = certDataList.toArray(new CertData[certDataList.size()]); // Create a KeyStoreData bean, set the name and fill in the cert information KeyStoreData keyStoreData = new KeyStoreData(); keyStoreData.setKeyStoreName(keyStoreName); keyStoreData.setCerts(certs); keyStoreData.setKeyStoreType(keyStoreType); aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); // There be only one entry in WSAS related keystores if (keyStore.isKeyEntry(alias)) { X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias); keyStoreData.setKey(fillCertData(cert, alias, formatter)); PrivateKey key = (PrivateKey) keyStore.getKey(alias, privateKeyPassowrd.toCharArray()); String pemKey; pemKey = "-----BEGIN PRIVATE KEY-----\n"; pemKey += Base64.encode(key.getEncoded()); pemKey += "\n-----END PRIVATE KEY-----"; keyStoreData.setKeyValue(pemKey); break; } } return keyStoreData; } catch (Exception e) { String msg = "Error has encounted while loading the keystore to the given keystore name " + keyStoreName; log.error(msg, e); throw new SecurityConfigException(msg); } }