List of usage examples for java.security KeyStoreException getMessage
public String getMessage()
From source file:org.alfresco.extension.countersign.signature.RepositoryManagedSignatureProvider.java
/** * Get the Certificate Authority public key certificate * /*from w ww . j a v a 2 s . c o m*/ * @return */ private X509Certificate getCaCert(KeyStore trustedKs) { X509Certificate caCert = null; String certAlias = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_CERT_ALIAS); try { caCert = (X509Certificate) trustedKs.getCertificate(certAlias); } catch (KeyStoreException kse) { throw new AlfrescoRuntimeException(kse.getMessage()); } return caCert; }
From source file:org.alfresco.extension.countersign.signature.RepositoryManagedSignatureProvider.java
/** * Get the certificate chain for the CA certificate * /* w ww. j a va 2s . c om*/ * @param trustedKs * @return */ private Certificate[] getCaCertChain(KeyStore trustedKs) { Certificate[] caCertChain = null; String certAlias = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_CERT_ALIAS); try { caCertChain = trustedKs.getCertificateChain(certAlias); } catch (KeyStoreException kse) { throw new AlfrescoRuntimeException(kse.getMessage()); } return caCertChain; }
From source file:org.alfresco.extension.countersign.signature.RepositoryManagedSignatureProvider.java
/** * Get the Certificate Authority private key * /*from ww w . j av a 2 s . c o m*/ * @return */ private PrivateKey getCaKey(KeyStore trustedKs) { PrivateKey caKey = null; String keyAlias = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_KEY_ALIAS); String keyPassword = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_KEY_PASSWORD); try { caKey = (PrivateKey) trustedKs.getKey(keyAlias, keyPassword.toCharArray()); } catch (KeyStoreException kse) { throw new AlfrescoRuntimeException(kse.getMessage()); } catch (UnrecoverableKeyException uke) { throw new AlfrescoRuntimeException(uke.getMessage()); } catch (NoSuchAlgorithmException nsae) { throw new AlfrescoRuntimeException(nsae.getMessage()); } return caKey; }
From source file:org.alfresco.extension.countersign.signature.RepositoryManagedSignatureProvider.java
/** * Get the trusted keystore as configured in the extension properties. * //from www . j av a 2 s . co m * @return */ private KeyStore getTrustedKeyStore() { try { String keystorePassword = config .getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_KEYSTORE_PASSWORD); String keystorePath = config .getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_KEYSTORE_PATH); KeyStore keystore = KeyStore.getInstance("pkcs12"); FileInputStream keyStream = new FileInputStream(keystorePath); keystore.load(keyStream, keystorePassword.toCharArray()); // return the keystore return keystore; } catch (KeyStoreException kse) { throw new AlfrescoRuntimeException(kse.getMessage()); } catch (java.security.cert.CertificateException ce) { throw new AlfrescoRuntimeException(ce.getMessage()); } catch (NoSuchAlgorithmException nsaex) { throw new AlfrescoRuntimeException(nsaex.getMessage()); } catch (IOException ioex) { throw new AlfrescoRuntimeException(ioex.getMessage()); } }
From source file:org.alfresco.extension.countersign.signature.RepositoryManagedSignatureProvider.java
@Override public KeyStore getUserKeyStore(String storePassword) { try {/* ww w.j a v a 2 s .c om*/ NodeRef person = serviceRegistry.getPersonService().getPerson(user); if (person == null) { return null; } KeyStore keystore = KeyStore.getInstance("pkcs12"); // check to see if a keystore exists for this user NodeRef keystoreNode = counterSignService.getSignatureArtifact(person, CounterSignSignatureModel.ASSOC_SIGNERKEYSTORE); // if no keystore, create one, persist it and associate it with the user if (keystoreNode == null) { keystore = createUserKeyStore(person, storePassword); } else { // open the reader to the key and load it ContentReader keyReader = serviceRegistry.getContentService().getReader(keystoreNode, ContentModel.PROP_CONTENT); keystore.load(keyReader.getContentInputStream(), storePassword.toCharArray()); } // return the keystore return keystore; } catch (KeyStoreException kse) { throw new AlfrescoRuntimeException(kse.getMessage()); } catch (java.security.cert.CertificateException ce) { throw new AlfrescoRuntimeException(ce.getMessage()); } catch (NoSuchAlgorithmException nsaex) { throw new AlfrescoRuntimeException(nsaex.getMessage()); } catch (IOException ioex) { throw new AlfrescoRuntimeException(ioex.getMessage()); } catch (NoSuchProviderException nspex) { throw new AlfrescoRuntimeException(nspex.getMessage()); } }
From source file:com.cws.esolutions.security.dao.certmgmt.impl.CertificateManagerImpl.java
/** * @see com.cws.esolutions.security.dao.certmgmt.interfaces.ICertificateManager#createCertificateRequest(List, String, int, int) *//*from w ww . j ava 2 s . co m*/ public synchronized File createCertificateRequest(final List<String> subjectData, final String storePassword, final int validityPeriod, final int keySize) throws CertificateManagementException { final String methodName = ICertificateManager.CNAME + "#createCertificateRequest(final List<String> subjectData, final String storePassword, final int validityPeriod, final int keySize) throws CertificateManagementException"; if (DEBUG) { DEBUGGER.debug(methodName); DEBUGGER.debug("Value: {}", subjectData); DEBUGGER.debug("Value: {}", validityPeriod); DEBUGGER.debug("Value: {}", keySize); } final File rootDirectory = certConfig.getRootDirectory(); final String signatureAlgorithm = certConfig.getSignatureAlgorithm(); final String certificateAlgorithm = certConfig.getCertificateAlgorithm(); final File privateKeyDirectory = FileUtils .getFile(certConfig.getPrivateKeyDirectory() + "/" + subjectData.get(0)); final File publicKeyDirectory = FileUtils .getFile(certConfig.getPublicKeyDirectory() + "/" + subjectData.get(0)); final File csrDirectory = FileUtils.getFile(certConfig.getCsrDirectory() + "/" + subjectData.get(0)); final File storeDirectory = FileUtils.getFile(certConfig.getStoreDirectory() + "/" + subjectData.get(0)); final X500Name x500Name = new X500Name("CN=" + subjectData.get(0) + ",OU=" + subjectData.get(1) + ",O=" + subjectData.get(2) + ",L=" + subjectData.get(3) + ",ST=" + subjectData.get(4) + ",C=" + subjectData.get(5) + ",E=" + subjectData.get(6)); if (DEBUG) { DEBUGGER.debug("rootDirectory: {}", rootDirectory); DEBUGGER.debug("signatureAlgorithm: {}", signatureAlgorithm); DEBUGGER.debug("certificateAlgorithm: {}", certificateAlgorithm); DEBUGGER.debug("privateKeyDirectory: {}", privateKeyDirectory); DEBUGGER.debug("publicKeyDirectory: {}", publicKeyDirectory); DEBUGGER.debug("csrDirectory: {}", csrDirectory); DEBUGGER.debug("storeDirectory: {}", storeDirectory); DEBUGGER.debug("x500Name: {}", x500Name); } File csrFile = null; JcaPEMWriter csrPemWriter = null; JcaPEMWriter publicKeyWriter = null; JcaPEMWriter privateKeyWriter = null; FileOutputStream csrFileStream = null; FileOutputStream keyStoreStream = null; FileOutputStream publicKeyFileStream = null; FileOutputStream privateKeyFileStream = null; OutputStreamWriter csrFileStreamWriter = null; OutputStreamWriter privateKeyStreamWriter = null; OutputStreamWriter publicKeyStreamWriter = null; try { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, storePassword.toCharArray()); if (DEBUG) { DEBUGGER.debug("KeyStore: {}", keyStore); } SecureRandom random = new SecureRandom(); KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(certificateAlgorithm); keyGenerator.initialize(keySize, random); if (DEBUG) { DEBUGGER.debug("KeyGenerator: {}", keyGenerator); } KeyPair keyPair = keyGenerator.generateKeyPair(); if (DEBUG) { DEBUGGER.debug("KeyPair: {}", keyPair); } if (keyPair != null) { final Signature sig = Signature.getInstance(signatureAlgorithm); final PrivateKey privateKey = keyPair.getPrivate(); final PublicKey publicKey = keyPair.getPublic(); if (DEBUG) { DEBUGGER.debug("Signature: {}", sig); DEBUGGER.debug("PrivateKey: {}", privateKey); DEBUGGER.debug("PublicKey: {}", publicKey); } sig.initSign(privateKey, random); ContentSigner signGen = new JcaContentSignerBuilder(signatureAlgorithm).build(privateKey); if (DEBUG) { DEBUGGER.debug("ContentSigner: {}", signGen); } Calendar expiry = Calendar.getInstance(); expiry.add(Calendar.DAY_OF_YEAR, validityPeriod); if (DEBUG) { DEBUGGER.debug("Calendar: {}", expiry); } CertificateFactory certFactory = CertificateFactory.getInstance(certConfig.getCertificateType()); if (DEBUG) { DEBUGGER.debug("CertificateFactory: {}", certFactory); } X509Certificate[] issuerCert = new X509Certificate[] { (X509Certificate) certFactory .generateCertificate(new FileInputStream(certConfig.getIntermediateCertificateFile())) }; if (DEBUG) { DEBUGGER.debug("X509Certificate[]: {}", (Object) issuerCert); } keyStore.setCertificateEntry(certConfig.getRootCertificateName(), certFactory.generateCertificate( new FileInputStream(FileUtils.getFile(certConfig.getRootCertificateFile())))); keyStore.setCertificateEntry(certConfig.getIntermediateCertificateName(), certFactory.generateCertificate(new FileInputStream( FileUtils.getFile(certConfig.getIntermediateCertificateFile())))); PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(x500Name, publicKey); if (DEBUG) { DEBUGGER.debug("PKCS10CertificationRequestBuilder: {}", builder); } PKCS10CertificationRequest csr = builder.build(signGen); if (DEBUG) { DEBUGGER.debug("PKCS10CertificationRequest: {}", csr); } // write private key File privateKeyFile = FileUtils.getFile(privateKeyDirectory + "/" + subjectData.get(0) + SecurityServiceConstants.PRIVATEKEY_FILE_EXT); if (DEBUG) { DEBUGGER.debug("privateKeyFile: {}", privateKeyFile); } if (!(privateKeyFile.createNewFile())) { throw new IOException("Failed to store private file"); } privateKeyFileStream = new FileOutputStream(privateKeyFile); privateKeyStreamWriter = new OutputStreamWriter(privateKeyFileStream); if (DEBUG) { DEBUGGER.debug("privateKeyFileStream: {}", privateKeyFileStream); DEBUGGER.debug("privateKeyStreamWriter: {}", privateKeyStreamWriter); } privateKeyWriter = new JcaPEMWriter(privateKeyStreamWriter); privateKeyWriter.writeObject(privateKey); privateKeyWriter.flush(); privateKeyStreamWriter.flush(); privateKeyFileStream.flush(); // write public key File publicKeyFile = FileUtils.getFile(publicKeyDirectory + "/" + subjectData.get(0) + SecurityServiceConstants.PUBLICKEY_FILE_EXT); if (DEBUG) { DEBUGGER.debug("publicKeyFile: {}", publicKeyFile); } if (!(publicKeyFile.createNewFile())) { throw new IOException("Failed to store public key file"); } publicKeyFileStream = new FileOutputStream(publicKeyFile); publicKeyStreamWriter = new OutputStreamWriter(publicKeyFileStream); if (DEBUG) { DEBUGGER.debug("publicKeyFileStream: {}", publicKeyFileStream); DEBUGGER.debug("publicKeyStreamWriter: {}", publicKeyStreamWriter); } publicKeyWriter = new JcaPEMWriter(publicKeyStreamWriter); publicKeyWriter.writeObject(publicKey); publicKeyWriter.flush(); publicKeyStreamWriter.flush(); publicKeyFileStream.flush(); // write csr csrFile = FileUtils .getFile(csrDirectory + "/" + subjectData.get(0) + SecurityServiceConstants.CSR_FILE_EXT); if (DEBUG) { DEBUGGER.debug("csrFile: {}", csrFile); } if (!(csrFile.createNewFile())) { throw new IOException("Failed to store CSR file"); } csrFileStream = new FileOutputStream(csrFile); csrFileStreamWriter = new OutputStreamWriter(csrFileStream); if (DEBUG) { DEBUGGER.debug("publicKeyFileStream: {}", publicKeyFileStream); DEBUGGER.debug("publicKeyStreamWriter: {}", publicKeyStreamWriter); } csrPemWriter = new JcaPEMWriter(csrFileStreamWriter); csrPemWriter.writeObject(csr); csrPemWriter.flush(); csrFileStreamWriter.flush(); csrFileStream.flush(); File keyStoreFile = FileUtils .getFile(storeDirectory + "/" + subjectData.get(0) + "." + KeyStore.getDefaultType()); if (DEBUG) { DEBUGGER.debug("keyStoreFile: {}", keyStoreFile); } keyStoreStream = FileUtils.openOutputStream(keyStoreFile); if (DEBUG) { DEBUGGER.debug("keyStoreStream: {}", keyStoreStream); } keyStore.setKeyEntry(subjectData.get(0), (Key) keyPair.getPrivate(), storePassword.toCharArray(), issuerCert); keyStore.store(keyStoreStream, storePassword.toCharArray()); keyStoreStream.flush(); if (DEBUG) { DEBUGGER.debug("KeyStore: {}", keyStore); } } else { throw new CertificateManagementException("Failed to generate keypair. Cannot continue."); } } catch (FileNotFoundException fnfx) { throw new CertificateManagementException(fnfx.getMessage(), fnfx); } catch (IOException iox) { throw new CertificateManagementException(iox.getMessage(), iox); } catch (NoSuchAlgorithmException nsax) { throw new CertificateManagementException(nsax.getMessage(), nsax); } catch (IllegalStateException isx) { throw new CertificateManagementException(isx.getMessage(), isx); } catch (InvalidKeyException ikx) { throw new CertificateManagementException(ikx.getMessage(), ikx); } catch (OperatorCreationException ocx) { throw new CertificateManagementException(ocx.getMessage(), ocx); } catch (KeyStoreException ksx) { throw new CertificateManagementException(ksx.getMessage(), ksx); } catch (CertificateException cx) { throw new CertificateManagementException(cx.getMessage(), cx); } finally { if (csrFileStreamWriter != null) { IOUtils.closeQuietly(csrFileStreamWriter); } if (csrFileStream != null) { IOUtils.closeQuietly(csrFileStream); } if (csrPemWriter != null) { IOUtils.closeQuietly(csrPemWriter); } if (publicKeyFileStream != null) { IOUtils.closeQuietly(publicKeyFileStream); } if (publicKeyStreamWriter != null) { IOUtils.closeQuietly(publicKeyStreamWriter); } if (publicKeyWriter != null) { IOUtils.closeQuietly(publicKeyWriter); } if (privateKeyFileStream != null) { IOUtils.closeQuietly(privateKeyFileStream); } if (privateKeyStreamWriter != null) { IOUtils.closeQuietly(privateKeyStreamWriter); } if (privateKeyWriter != null) { IOUtils.closeQuietly(privateKeyWriter); } if (keyStoreStream != null) { IOUtils.closeQuietly(keyStoreStream); } } return csrFile; }
From source file:com.vmware.identity.idm.server.clientcert.IdmCertificatePathValidator.java
/** * Create and init PKIXBuilderParameters for CertPathBuilder. * * @param endCert/* w ww .j a v a 2 s . co m*/ * the target user certificate to use for building certificate * path * @return * @throws CertificatePathBuildingException */ private PKIXBuilderParameters CreatePKIXBuilderParameters(X509Certificate endCert) throws CertificatePathBuildingException { X509CertSelector targetConstraints = new X509CertSelector(); targetConstraints.setCertificate(endCert); PKIXBuilderParameters params; try { params = new PKIXBuilderParameters(trustStore, targetConstraints); // Do not validate the certificate at cert path building stage. // This would result in unknown failures. params.setRevocationEnabled(false); } catch (KeyStoreException e) { throw new CertificatePathBuildingException( "Error creating PKIXBuilderParameters: Please check trust store" + e.getMessage(), e); } catch (InvalidAlgorithmParameterException e) { throw new CertificatePathBuildingException("Error creating PKIXBuilderParameters:" + e.getMessage(), e); } catch (Throwable e) { // have this block in case a new type of error was thrown throw new CertificatePathBuildingException("Error creating PKIXBuilderParameters:" + e.getMessage(), e); } Collection<Object> certCollection = new ArrayList<Object>(); // add trusted CAs to the collection addCertificateCandidates(endCert, certCollection); if (!certCollection.isEmpty()) { try { CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(certCollection)); params.addCertStore(certStore); } catch (InvalidAlgorithmParameterException e) { throw new CertificatePathBuildingException( "Error creating CertStore for PKIXBuilderParameters:" + e.getMessage(), e); } catch (NoSuchAlgorithmException e) { throw new CertificatePathBuildingException( "Error creating CertStore for PKIXBuilderParameters:" + e.getMessage(), e); } } else { logger.debug("Revocation check: CRL list empty"); } return params; }
From source file:com.vmware.identity.idm.server.clientcert.IdmCertificatePathValidator.java
/** * Create parameters for CertPathValidator using PKIX algorithm. * * The parameter object was defined with given trustStore and CRL collection * @param trustStore2/* w ww .ja va2 s . c o m*/ * @return non-null PKIXParameters * @throws CertificateRevocationCheckException */ private PKIXParameters createPKIXParameters(Collection<Object> crlCollection) throws CertificateRevocationCheckException { PKIXParameters params = null; try { Validate.notNull(trustStore, "TrustStore can not be null."); params = new PKIXParameters(trustStore); if (this.certPolicy.revocationCheckEnabled()) { params.setRevocationEnabled(true); } else { params.setRevocationEnabled(false); } } catch (KeyStoreException e) { throw new CertificateRevocationCheckException( "Error creating validator parameters: Please check trust store" + e.getMessage(), e); } catch (InvalidAlgorithmParameterException e) { throw new CertificateRevocationCheckException("Error creating validator parameters:" + e.getMessage(), e); } catch (Throwable e) { //have this block in case a new type of error was thrown throw new CertificateRevocationCheckException("Error creating validator parameters:" + e.getMessage(), e); } if (!crlCollection.isEmpty()) { try { CertStore crlStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(crlCollection)); params.addCertStore(crlStore); } catch (InvalidAlgorithmParameterException e) { throw new CertificateRevocationCheckException( "Error adding CRLs to validating parameters:" + e.getMessage(), e); } catch (NoSuchAlgorithmException e) { throw new CertificateRevocationCheckException( "Error adding CRLs to validating parameters:" + e.getMessage(), e); } } else { logger.debug("Revocation check: CRL list empty"); } // setup certificate policy white list String[] oidWhiteList = this.certPolicy.getOIDs(); if (oidWhiteList != null && oidWhiteList.length > 0) { Set<String> oidSet = new HashSet<String>(); for (String oid : oidWhiteList) { oidSet.add(oid); } params.setInitialPolicies(oidSet); params.setExplicitPolicyRequired(true); } return params; }
From source file:org.signserver.server.cryptotokens.PKCS11CryptoToken.java
@Override public void generateKey(String keyAlgorithm, String keySpec, String alias, char[] authCode) throws TokenOutOfSpaceException, CryptoTokenOfflineException, IllegalArgumentException { if (keySpec == null) { throw new IllegalArgumentException("Missing keyspec parameter"); }//from ww w . j a v a 2 s . c om if (alias == null) { throw new IllegalArgumentException("Missing alias parameter"); } if (LOG.isDebugEnabled()) { LOG.debug("keyAlgorithm: " + keyAlgorithm + ", keySpec: " + keySpec + ", alias: " + alias); } // Keyspec for DSA is prefixed with "dsa" if (keyAlgorithm != null && keyAlgorithm.equalsIgnoreCase("DSA") && !keySpec.contains("dsa")) { keySpec = "dsa" + keySpec; } // Check key generation limit, if configured if (keygenerationLimit != null && keygenerationLimit > -1) { final int current; try { current = delegate.getActivatedKeyStore().size(); if (current >= keygenerationLimit) { throw new TokenOutOfSpaceException("Key generation limit exceeded: " + current); } } catch (KeyStoreException ex) { LOG.error("Checking key generation limit failed", ex); throw new TokenOutOfSpaceException( "Current number of key entries could not be obtained: " + ex.getMessage(), ex); } } try { delegate.generateKeyPair(keySpec, alias); } catch (InvalidAlgorithmParameterException ex) { LOG.error(ex, ex); throw new CryptoTokenOfflineException(ex); } catch (org.cesecore.keys.token.CryptoTokenOfflineException ex) { LOG.error(ex, ex); throw new CryptoTokenOfflineException(ex); } }
From source file:org.signserver.server.cryptotokens.KeystoreCryptoToken.java
@Override public void activate(String authenticationcode) throws CryptoTokenAuthenticationFailureException, CryptoTokenOfflineException { if (LOG.isDebugEnabled()) { LOG.debug("Keystore type is " + keystoretype + " and path is " + keystorepath); }//from w ww. ja v a 2 s. co m try { readFromKeystore(authenticationcode); } catch (KeyStoreException e1) { LOG.error("Error :", e1); throw new CryptoTokenAuthenticationFailureException("KeyStoreException " + e1.getMessage()); } catch (FileNotFoundException e) { LOG.error("Error :", e); throw new CryptoTokenAuthenticationFailureException("Keystore file not found : " + e.getMessage()); } catch (NoSuchProviderException e1) { LOG.error("Error :", e1); throw new CryptoTokenAuthenticationFailureException("NoSuchProviderException " + e1.getMessage()); } catch (NoSuchAlgorithmException e) { LOG.error("Error :", e); throw new CryptoTokenAuthenticationFailureException("NoSuchAlgorithmException " + e.getMessage()); } catch (CertificateException e) { LOG.error("Error :", e); throw new CryptoTokenAuthenticationFailureException("CertificateException " + e.getMessage()); } catch (IOException e) { LOG.error("Error :", e); throw new CryptoTokenAuthenticationFailureException("IOException " + e.getMessage()); } catch (UnrecoverableKeyException e) { LOG.error("Error :", e); throw new CryptoTokenAuthenticationFailureException("UnrecoverableKeyException " + e.getMessage()); } }