Java Code Examples for java.security.KeyStore#store()

The following examples show how to use java.security.KeyStore#store() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: EncryptionTestUtils.java    From mt-flume with Apache License 2.0 6 votes vote down vote up
public static void createKeyStore(File keyStoreFile,
    File keyStorePasswordFile, Map<String, File> keyAliasPassword)
        throws Exception {
  KeyStore ks = KeyStore.getInstance("jceks");
  ks.load(null);
  List<String> keysWithSeperatePasswords = Lists.newArrayList();
  for(String alias : keyAliasPassword.keySet()) {
    Key key = newKey();
    char[] password = null;
    File passwordFile = keyAliasPassword.get(alias);
    if(passwordFile == null) {
      password = Files.toString(keyStorePasswordFile, Charsets.UTF_8)
          .toCharArray();
    } else {
      keysWithSeperatePasswords.add(alias);
      password = Files.toString(passwordFile, Charsets.UTF_8).toCharArray();
    }
    ks.setKeyEntry(alias, key, password, null);
  }
  char[] keyStorePassword = Files.
      toString(keyStorePasswordFile, Charsets.UTF_8).toCharArray();
  FileOutputStream outputStream = new FileOutputStream(keyStoreFile);
  ks.store(outputStream, keyStorePassword);
  outputStream.close();
}
 
Example 2
Source File: SecurityTestUtils.java    From incubator-tuweni with Apache License 2.0 6 votes vote down vote up
static void configureJDKTrustStore(Path workDir, SelfSignedCertificate clientCert) throws Exception {
  KeyStore ks = KeyStore.getInstance("JKS");
  ks.load(null, null);

  KeyFactory kf = KeyFactory.getInstance("RSA");
  PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(readPemFile(new File(clientCert.privateKeyPath()).toPath()));
  PrivateKey clientPrivateKey = kf.generatePrivate(keysp);
  CertificateFactory cf = CertificateFactory.getInstance("X.509");
  Certificate certificate = cf
      .generateCertificate(
          new ByteArrayInputStream(Files.readAllBytes(new File(clientCert.certificatePath()).toPath())));
  ks.setCertificateEntry("clientCert", certificate);
  ks.setKeyEntry("client", clientPrivateKey, "changeit".toCharArray(), new Certificate[] {certificate});
  Path tempKeystore = Files.createTempFile(workDir, "keystore", ".jks");
  try (FileOutputStream output = new FileOutputStream(tempKeystore.toFile());) {
    ks.store(output, "changeit".toCharArray());
  }
  System.setProperty("javax.net.ssl.trustStore", tempKeystore.toString());
  System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
}
 
Example 3
Source File: KeyFactory.java    From ariADDna with Apache License 2.0 6 votes vote down vote up
public void storeCertToKeyStore(File certFile, File keyStoreFile) throws KeyStoreException {
    try {
        X509CertImpl cert = (X509CertImpl) certFactory.getCertByFile(certFile);
        String alias = certFactory.getCertSubjectName(cert);
        LOGGER.info("Certificate with filename {} has Subject name {}",
                certFile.getAbsolutePath(), alias);
        FileInputStream fis = new FileInputStream(keyStoreFile);
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_FORMAT);
        keyStore.load(fis, pass);
        LOGGER.info("KeyStore load successful");
        fis.close();

        keyStore.setCertificateEntry(alias, cert);
        FileOutputStream fos = new FileOutputStream(keyStoreFile);
        keyStore.store(fos, pass);
        LOGGER.info("Certificate with filename {} stored in keyStore with filename {}",
                certFile.getAbsolutePath(), keyStoreFile.getAbsolutePath());
        fos.close();

    } catch (Exception e) {
        LOGGER.error("Exception: ", e);
        throw new KeyStoreException("Caused by: ", e);
    }
}
 
Example 4
Source File: Actions.java    From xipki with Apache License 2.0 5 votes vote down vote up
@Override
protected Object execute0() throws Exception {
  File realKsFile = new File(IoUtil.expandFilepath(ksFile));
  KeyStore ks = KeyStore.getInstance(ksType);
  char[] password = readPasswordIfNotSet(ksPwd);

  Set<String> aliases = new HashSet<>(10);
  if (realKsFile.exists()) {
    InputStream inStream = Files.newInputStream(realKsFile.toPath());
    try {
      ks.load(inStream, password);
    } finally {
      inStream.close();
    }

    Enumeration<String> strs = ks.aliases();
    while (strs.hasMoreElements()) {
      aliases.add(strs.nextElement());
    }
  } else {
    ks.load(null);
  }

  for (String certFile : certFiles) {
    X509Cert cert = X509Util.parseCert(new File(certFile));
    String baseAlias = X509Util.getCommonName(cert.getSubject());
    String alias = baseAlias;
    int idx = 2;
    while (aliases.contains(alias)) {
      alias = baseAlias + "-" + (idx++);
    }
    ks.setCertificateEntry(alias, cert.toJceCert());
    aliases.add(alias);
  }

  ByteArrayOutputStream bout = new ByteArrayOutputStream(4096);
  ks.store(bout, password);
  saveVerbose("saved keystore to file", realKsFile, bout.toByteArray());
  return null;
}
 
Example 5
Source File: JumbleCertificateGenerator.java    From Jumble with GNU General Public License v3.0 5 votes vote down vote up
public static X509Certificate generateCertificate(OutputStream output) throws NoSuchAlgorithmException, OperatorCreationException, CertificateException, KeyStoreException, NoSuchProviderException, IOException {
	BouncyCastleProvider provider = new BouncyCastleProvider(); // Use SpongyCastle provider, supports creating X509 certs
	KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
	generator.initialize(2048, new SecureRandom());
	
	KeyPair keyPair = generator.generateKeyPair();
	
	SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
	ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider(provider).build(keyPair.getPrivate());
	
	Date startDate = new Date();
	Calendar calendar = Calendar.getInstance();
	calendar.setTime(startDate);
	calendar.add(Calendar.YEAR, YEARS_VALID);
    Date endDate = calendar.getTime();
	
	X509v3CertificateBuilder certBuilder = new X509v3CertificateBuilder(new X500Name(ISSUER),
			BigInteger.ONE, 
			startDate, endDate, new X500Name(ISSUER),
			publicKeyInfo);

	X509CertificateHolder certificateHolder = certBuilder.build(signer);
	
	X509Certificate certificate = new JcaX509CertificateConverter().setProvider(provider).getCertificate(certificateHolder);
	
	KeyStore keyStore = KeyStore.getInstance("PKCS12", provider);
	keyStore.load(null, null);
	keyStore.setKeyEntry("Jumble Key", keyPair.getPrivate(), null, new X509Certificate[] { certificate });
	
	keyStore.store(output, "".toCharArray());
	
	return certificate;
}
 
Example 6
Source File: Utils.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public static void saveKeyStore(KeyStore ks, String file, char[] passwd)
        throws IOException, KeyStoreException, NoSuchAlgorithmException,
        CertificateException {
    try (FileOutputStream fout = new FileOutputStream(file)) {
        ks.store(fout, passwd);
    }
}
 
Example 7
Source File: KeyStoreStorageImpl.java    From nexus-public with Eclipse Public License 1.0 5 votes vote down vote up
@Override
public void save(final KeyStore keyStore, final char[] password)
    throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException
{
  try (ByteArrayOutputStream out = new ByteArrayOutputStream(16 * 1024)) {
    keyStore.store(out, password);
    storage.save(keyStoreName, out);
  }
}
 
Example 8
Source File: KeyStoreTestUtil.java    From big-c with Apache License 2.0 5 votes vote down vote up
private static void saveKeyStore(KeyStore ks, String filename,
    String password)
    throws GeneralSecurityException, IOException {
  FileOutputStream out = new FileOutputStream(filename);
  try {
    ks.store(out, password.toCharArray());
  } finally {
    out.close();
  }
}
 
Example 9
Source File: Utils.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
public static void saveKeyStore(KeyStore ks, String file, char[] passwd)
        throws IOException, KeyStoreException, NoSuchAlgorithmException,
        CertificateException {
    try (FileOutputStream fout = new FileOutputStream(file)) {
        ks.store(fout, passwd);
    }
}
 
Example 10
Source File: AlfrescoKeyStoreImpl.java    From alfresco-core with GNU Lesser General Public License v3.0 5 votes vote down vote up
protected void createKey(String keyAlias)
{
    KeyInfoManager keyInfoManager = null;

    try
    {
        keyInfoManager = getKeyInfoManager(getKeyStoreParameters());
        Key key = getSecretKey(keyInfoManager.getKeyInformation(keyAlias));
        encryptionKeysRegistry.registerKey(keyAlias, key);
        keys.setKey(keyAlias, key);

        KeyStore ks = loadKeyStore(getKeyStoreParameters(), keyInfoManager);
        ks.setKeyEntry(keyAlias, key, keyInfoManager.getKeyInformation(keyAlias).getPassword().toCharArray(), null);
        OutputStream keyStoreOutStream = getKeyStoreOutStream();
        ks.store(keyStoreOutStream, keyInfoManager.getKeyStorePassword().toCharArray());
        // Workaround for MNT-15005
        keyStoreOutStream.close();

        logger.info("Created key: " + keyAlias + "\n in key store: \n" +
                "   Location: " + getKeyStoreParameters().getLocation() + "\n" +
                "   Provider: " + getKeyStoreParameters().getProvider() + "\n" +
                "   Type:     " + getKeyStoreParameters().getType());
    }
    catch(Throwable e)
    {
        throw new AlfrescoRuntimeException(
                "Failed to create key: " + keyAlias + "\n in key store: \n" +
                "   Location: " + getKeyStoreParameters().getLocation() + "\n" +
                "   Provider: " + getKeyStoreParameters().getProvider() + "\n" +
                "   Type:     " + getKeyStoreParameters().getType(),
                e);
    }
    finally
    {
        if(keyInfoManager != null)
        {
            keyInfoManager.clear();
        }
    }
}
 
Example 11
Source File: P12SecretKey.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
private void run(String keystoreType) throws Exception {
    char[] pw = "password".toCharArray();
    KeyStore ks = KeyStore.getInstance(keystoreType);
    ks.load(null, pw);

    KeyGenerator kg = KeyGenerator.getInstance("AES");
    kg.init(128);
    SecretKey key = kg.generateKey();

    KeyStore.SecretKeyEntry ske = new KeyStore.SecretKeyEntry(key);
    KeyStore.ProtectionParameter kspp = new KeyStore.PasswordProtection(pw);
    ks.setEntry(ALIAS, ske, kspp);

    File ksFile = File.createTempFile("test", ".test");
    try (FileOutputStream fos = new FileOutputStream(ksFile)) {
        ks.store(fos, pw);
        fos.flush();
    }

    // now see if we can get it back
    try (FileInputStream fis = new FileInputStream(ksFile)) {
        KeyStore ks2 = KeyStore.getInstance(keystoreType);
        ks2.load(fis, pw);
        KeyStore.Entry entry = ks2.getEntry(ALIAS, kspp);
        SecretKey keyIn = ((KeyStore.SecretKeyEntry)entry).getSecretKey();
        if (Arrays.equals(key.getEncoded(), keyIn.getEncoded())) {
            System.err.println("OK: worked just fine with " + keystoreType +
                               " keystore");
        } else {
            System.err.println("ERROR: keys are NOT equal after storing in "
                               + keystoreType + " keystore");
        }
    }
}
 
Example 12
Source File: SmallPrimeExponentP.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String argv[]) throws Exception {

        String osName = System.getProperty("os.name");
        if (!osName.startsWith("Windows")) {
            System.out.println("Not windows");
            return;
        }
        KeyStore ks = KeyStore.getInstance("Windows-MY");
        ks.load(null, null);
        CertAndKeyGen ckg = new CertAndKeyGen("RSA", "SHA1withRSA");
        ckg.setRandom(new SecureRandom());
        boolean see63 = false, see65 = false;
        while (!see63 || !see65) {
            ckg.generate(1024);
            RSAPrivateCrtKey k = (RSAPrivateCrtKey) ckg.getPrivateKey();
            int len = k.getPrimeExponentP().toByteArray().length;
            if (len == 63 || len == 65) {
                if (len == 63) {
                    if (see63) continue;
                    else see63 = true;
                }
                if (len == 65) {
                    if (see65) continue;
                    else see65 = true;
                }
                System.err.print(len);
                ks.setKeyEntry("anything", k, null, new X509Certificate[]{
                        ckg.getSelfCertificate(new X500Name("CN=Me"), 1000)
                });
            }
            System.err.print('.');
        }
        ks.store(null, null);
    }
 
Example 13
Source File: CertificateTestUtil.java    From blackduck-alert with Apache License 2.0 5 votes vote down vote up
public void init(AlertProperties alertProperties) throws Exception {
    KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
    trustStore.load(null, null);
    trustStoreFile = new File(TRUSTSTORE_FILE_PATH);
    trustStoreFile.getParentFile().mkdirs();
    trustStoreFile.createNewFile();
    System.out.println(String.format("Trust store file path: %s", trustStoreFile.getAbsolutePath()));
    FileOutputStream outputStream = new FileOutputStream(trustStoreFile);
    trustStore.store(outputStream, TRUSTSTORE_PASSWORD.toCharArray());
    outputStream.close();
    alertProperties.getTrustStoreFile().ifPresent(file -> System.out.println(String.format("Alert Properties trust store file %s", file)));
}
 
Example 14
Source File: PKCS12SameKeyId.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Prepare a JKS keystore with many entries
        new File(JKSFILE).delete();
        for (int i=0; i<SIZE; i++) {
            System.err.print(".");
            String cmd = "-keystore " + JKSFILE
                    + " -storepass changeit -keypass changeit -keyalg rsa "
                    + "-genkeypair -alias p" + i + " -dname CN=" + i;
            sun.security.tools.keytool.Main.main(cmd.split(" "));
        }

        // Prepare EncryptedPrivateKeyInfo parameters, copied from various
        // places in PKCS12KeyStore.java
        AlgorithmParameters algParams =
                AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
        algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
        AlgorithmId algid = new AlgorithmId(
                new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);

        PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
        SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
        SecretKey skey = skFac.generateSecret(keySpec);

        Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
        cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);

        // Pre-calculated keys and certs and aliases
        byte[][] keys = new byte[SIZE][];
        Certificate[][] certChains = new Certificate[SIZE][];
        String[] aliases = new String[SIZE];

        // Reads from JKS keystore and pre-calculate
        KeyStore ks = KeyStore.getInstance("jks");
        try (FileInputStream fis = new FileInputStream(JKSFILE)) {
            ks.load(fis, PASSWORD);
        }
        for (int i=0; i<SIZE; i++) {
            aliases[i] = "p" + i;
            byte[] enckey = cipher.doFinal(
                    ks.getKey(aliases[i], PASSWORD).getEncoded());
            keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
            certChains[i] = ks.getCertificateChain(aliases[i]);
        }

        // Write into PKCS12 keystore. Use this overloaded version of
        // setKeyEntry() to be as fast as possible, so that they would
        // have same localKeyId.
        KeyStore p12 = KeyStore.getInstance("pkcs12");
        p12.load(null, PASSWORD);
        for (int i=0; i<SIZE; i++) {
            p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
        }
        try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
            p12.store(fos, PASSWORD);
        }

        // Check private keys still match certs
        p12 = KeyStore.getInstance("pkcs12");
        try (FileInputStream fis = new FileInputStream(P12FILE)) {
            p12.load(fis, PASSWORD);
        }
        for (int i=0; i<SIZE; i++) {
            String a = "p" + i;
            X509Certificate x = (X509Certificate)p12.getCertificate(a);
            X500Name name = (X500Name)x.getSubjectDN();
            if (!name.getCommonName().equals(""+i)) {
                throw new Exception(a + "'s cert is " + name);
            }
        }
    }
 
Example 15
Source File: KeyStoresTestCase.java    From wildfly-core with GNU Lesser General Public License v2.1 4 votes vote down vote up
private static void createTemporaryKeyStoreFile(KeyStore keyStore, File outputFile) throws Exception {
    try (FileOutputStream fos = new FileOutputStream(outputFile)){
        keyStore.store(fos, KEYSTORE_PASSWORD);
    }
}
 
Example 16
Source File: KeyAlgorithmName.java    From testarea-itext5 with GNU Affero General Public License v3.0 4 votes vote down vote up
/**
 * <a href="http://stackoverflow.com/questions/33788331/why-does-key-getalgorithm-return-a-different-result-after-saving-and-reloading-t">
 * Why does Key.getAlgorithm return a different result after saving and reloading the KeyStore
 * </a>
 * <p>
 * Just as the OP claims, the first output is "ECDSA", the second "EC".
 * </p>
 */
@Test
public void testNameChangeAfterReload() throws GeneralSecurityException, IOException
{
    String PROVIDER = "BC";
    String KEY_ALGORITHM = "ECDSA";
    String SIGNATURE_ALGORITHM = "SHA1WITHECDSA";
    String ALIAS = "TestAlias";
    char [] PASSWORD = "password".toCharArray();
    String KEYSTORE = "c:/temp/keystore.p12";

    Security.addProvider(new BouncyCastleProvider());

    // Generate the key
    Calendar calNow = Calendar.getInstance();
    Calendar calLater = Calendar.getInstance();
    calLater.set(Calendar.YEAR, calLater.get(Calendar.YEAR) + 25);
    Date startDate = new Date(calNow.getTimeInMillis());
    Date expiryDate = new Date(calLater.getTimeInMillis());

    ECGenParameterSpec ecSpec = new ECGenParameterSpec("secp192r1");
    KeyPairGenerator g = KeyPairGenerator.getInstance(KEY_ALGORITHM, PROVIDER);
    g.initialize(ecSpec, new SecureRandom());
    KeyPair keyPair = g.generateKeyPair();

    X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
    X500Principal dnName = new X500Principal("CN=Test");
    certGen.setSerialNumber(new BigInteger(8, new SecureRandom()));
    certGen.setIssuerDN(dnName);
    certGen.setNotBefore(startDate);
    certGen.setNotAfter(expiryDate);
    certGen.setSubjectDN(dnName); // note: same as issuer
    certGen.setPublicKey(keyPair.getPublic());
    certGen.setSignatureAlgorithm(SIGNATURE_ALGORITHM);
    X509Certificate cert = certGen.generate(keyPair.getPrivate(), PROVIDER);

    // Save the keystore
    KeyStore exportStore = KeyStore.getInstance("PKCS12", PROVIDER);
    exportStore.load(null, null);
    exportStore.setKeyEntry(ALIAS, keyPair.getPrivate(), PASSWORD, new Certificate[] { cert });
    FileOutputStream out = new FileOutputStream(KEYSTORE);
    exportStore.store(out, PASSWORD);
    out.flush();
    out.close();

    // print the info from the keystore 
    Key keyA = exportStore.getKey(ALIAS, PASSWORD);
    System.out.println(keyA.getAlgorithm());

    // Reload the keystore
    FileInputStream in = new FileInputStream(KEYSTORE);
    exportStore.load(in, PASSWORD);
    in.close();

    // print the info from the reloaded keystore 
    Key keyB = exportStore.getKey(ALIAS, PASSWORD);
    System.out.println(keyB.getAlgorithm());
}
 
Example 17
Source File: PKCS12SameKeyId.java    From dragonwell8_jdk with GNU General Public License v2.0 4 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Prepare a JKS keystore with many entries
        new File(JKSFILE).delete();
        for (int i=0; i<SIZE; i++) {
            System.err.print(".");
            String cmd = "-keystore " + JKSFILE
                    + " -storepass changeit -keypass changeit -keyalg rsa "
                    + "-genkeypair -alias p" + i + " -dname CN=" + i;
            sun.security.tools.keytool.Main.main(cmd.split(" "));
        }

        // Prepare EncryptedPrivateKeyInfo parameters, copied from various
        // places in PKCS12KeyStore.java
        AlgorithmParameters algParams =
                AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
        algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
        AlgorithmId algid = new AlgorithmId(
                new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);

        PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
        SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
        SecretKey skey = skFac.generateSecret(keySpec);

        Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
        cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);

        // Pre-calculated keys and certs and aliases
        byte[][] keys = new byte[SIZE][];
        Certificate[][] certChains = new Certificate[SIZE][];
        String[] aliases = new String[SIZE];

        // Reads from JKS keystore and pre-calculate
        KeyStore ks = KeyStore.getInstance("jks");
        try (FileInputStream fis = new FileInputStream(JKSFILE)) {
            ks.load(fis, PASSWORD);
        }
        for (int i=0; i<SIZE; i++) {
            aliases[i] = "p" + i;
            byte[] enckey = cipher.doFinal(
                    ks.getKey(aliases[i], PASSWORD).getEncoded());
            keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
            certChains[i] = ks.getCertificateChain(aliases[i]);
        }

        // Write into PKCS12 keystore. Use this overloaded version of
        // setKeyEntry() to be as fast as possible, so that they would
        // have same localKeyId.
        KeyStore p12 = KeyStore.getInstance("pkcs12");
        p12.load(null, PASSWORD);
        for (int i=0; i<SIZE; i++) {
            p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
        }
        try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
            p12.store(fos, PASSWORD);
        }

        // Check private keys still match certs
        p12 = KeyStore.getInstance("pkcs12");
        try (FileInputStream fis = new FileInputStream(P12FILE)) {
            p12.load(fis, PASSWORD);
        }
        for (int i=0; i<SIZE; i++) {
            String a = "p" + i;
            X509Certificate x = (X509Certificate)p12.getCertificate(a);
            X500Name name = (X500Name)x.getSubjectDN();
            if (!name.getCommonName().equals(""+i)) {
                throw new Exception(a + "'s cert is " + name);
            }
        }
    }
 
Example 18
Source File: TestKeyStoreEntry.java    From jdk8u-jdk with GNU General Public License v2.0 4 votes vote down vote up
public void runTest(Provider p) throws Exception {
    try (FileOutputStream fos = new FileOutputStream("jceks");
            FileInputStream fis = new FileInputStream("jceks");) {

        KeyStore ks = KeyStore.getInstance("jceks", p);
        // create an empty key store
        ks.load(null, null);

        // store the secret keys
        String aliasHead = new String("secretKey");
        for (int j = 0; j < NUM_ALGOS; j++) {
            ks.setKeyEntry(aliasHead + j, sks[j], PASSWDK, null);
        }

        // write the key store out to a file
        ks.store(fos, PASSWDF);
        // wipe clean the existing key store
        for (int k = 0; k < NUM_ALGOS; k++) {
            ks.deleteEntry(aliasHead + k);
        }
        if (ks.size() != 0) {
            throw new RuntimeException("ERROR: re-initialization failed");
        }

        // reload the key store with the file
        ks.load(fis, PASSWDF);

        // check the integrity/validaty of the key store
        Key temp = null;
        String alias = null;
        if (ks.size() != NUM_ALGOS) {
            throw new RuntimeException("ERROR: wrong number of key"
                    + " entries");
        }

        for (int m = 0; m < ks.size(); m++) {
            alias = aliasHead + m;
            temp = ks.getKey(alias, PASSWDK);
            // compare the keys
            if (!temp.equals(sks[m])) {
                throw new RuntimeException("ERROR: key comparison (" + m
                        + ") failed");
            }
            // check the type of key
            if (ks.isCertificateEntry(alias) || !ks.isKeyEntry(alias)) {
                throw new RuntimeException("ERROR: type identification ("
                        + m + ") failed");
            }
        }
    }
}
 
Example 19
Source File: MainActivity.java    From deskcon-android with GNU General Public License v3.0 4 votes vote down vote up
@Override
protected Void doInBackground(Void... arg0) {			
	Log.d("Cert Gen: ", "begin to generate");
	
       try {        	
   		// gen the RSA keypair
   		KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
   		keyPairGenerator.initialize(2048, new SecureRandom());
   		KeyPair KPair = keyPairGenerator.generateKeyPair();

   		// generate Certificate
   		X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
   		
   		BigInteger serial = BigInteger.valueOf(new SecureRandom().nextInt());
   		String devicename = sharedPrefs.getString("device_name", "Device");
   		String deviceuuid = sharedPrefs.getString("uuid", "000000001111111");	    		

   		v3CertGen.setSerialNumber(serial.abs());
           v3CertGen.setIssuerDN(new X509Principal("CN=" + deviceuuid+"/" +devicename + ", OU=None, O=None L=None, C=None"));
           v3CertGen.setNotBefore(new Date(System.currentTimeMillis() - 1000L * 60 * 60 * 24 * 30));
           v3CertGen.setNotAfter(new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 365*10)));
           v3CertGen.setSubjectDN(new X509Principal("CN=" + deviceuuid+"/" +devicename + ", OU=None, O=None L=None, C=None"));

           v3CertGen.setPublicKey(KPair.getPublic());
           v3CertGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
           
           X509Certificate PKCertificate = v3CertGen.generate(KPair.getPrivate());	            
           
           // create keystore		
           InputStream keyStoreStream = getResources().openRawResource(R.raw.defaultkeystore);
   		
   		KeyStore MyKeyStore = KeyStore.getInstance("BKS");
   		MyKeyStore.load(keyStoreStream, "android".toCharArray());

   		Certificate[] certchain = new Certificate[1];
   		certchain[0] = PKCertificate;
   		
   		PrivateKey privkey = KPair.getPrivate();
   		MyKeyStore.setKeyEntry("mykeypair",privkey, "passwd".toCharArray(), certchain);
   		
   		// write new Keystore
   		OutputStream output = openFileOutput("devicekeystore.bks", Context.MODE_PRIVATE);

           MyKeyStore.store(output, "android".toCharArray());
           output.close();
           
       } catch (Exception e) {
         e.printStackTrace();
       }
       
	return null;
}
 
Example 20
Source File: SharedVaultResponseMapper.java    From vault-crd with Apache License 2.0 4 votes vote down vote up
VaultSecret mapJks(VaultResponseData data, VaultJKSConfiguration jksConfiguration, VaultType type) throws SecretNotAccessibleException {

        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12");
            keyStore.load(null, getPassword(jksConfiguration).toCharArray());

            Certificate[] publicKeyList = getPublicKey(data.getCertificate());

            keyStore.setKeyEntry(
                    getAlias(jksConfiguration),
                    getPrivateKey(data.getPrivate_key()),
                    getPassword(jksConfiguration).toCharArray(),
                    publicKeyList);

            if (jksConfiguration != null && !StringUtils.isEmpty(jksConfiguration.getCaAlias())) {
                keyStore.setCertificateEntry(
                    jksConfiguration.getCaAlias(),
                    getPublicKey(data.getIssuing_ca())[0]
                );
            }

            ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
            keyStore.store(outputStream, getPassword(jksConfiguration).toCharArray());

            String b64KeyStore = Base64.getEncoder().encodeToString(outputStream.toByteArray());

            HashMap<String, String> secretData = new HashMap<String, String>() {{
                put(getKey(jksConfiguration), b64KeyStore);
            }};

            String compare;
            if (type.equals(VaultType.CERTJKS)) {
                String base64Cert = Base64.getEncoder().encodeToString(data.getCertificate().getBytes());
                String base64Key = Base64.getEncoder().encodeToString(data.getPrivate_key().getBytes());
                compare = Sha256.generateSha256(base64Cert, base64Key);
            } else {
                // VaultType.PKIJKS
                X509Certificate compareCert = getCertificateWithShortestLivetime(publicKeyList);
                SimpleDateFormat dateFormat = new SimpleDateFormat(Constants.DATE_FORMAT);
                TimeZone tz = TimeZone.getTimeZone("UTC");
                dateFormat.setTimeZone(tz);
                compare = dateFormat.format(compareCert.getNotAfter());
            }
            return new VaultSecret(secretData, compare);


        } catch (IOException | GeneralSecurityException e) {
            throw new SecretNotAccessibleException("Couldn't generate keystore", e);
        }

    }