java.security.UnrecoverableEntryException Java Examples

The following examples show how to use java.security.UnrecoverableEntryException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MetadataStoreLoadTest.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
private void storeAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ksIn = Utils.loadKeyStore(KEYSTORE_PATH,
            Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore ksAttr = KeyStore
            .getInstance(Utils.KeyStoreType.pkcs12.name());
    ksAttr.load(null);
    Key key = ksIn.getKey(ALIAS, PASSWORD);
    Certificate cert = ksIn.getCertificate(ALIAS);
    Set<KeyStore.Entry.Attribute> attrs =
            new HashSet<>(Arrays.asList(ATTR_SET));
    KeyStore.Entry e = new KeyStore.PrivateKeyEntry((PrivateKey) key,
            new Certificate[]{cert}, attrs);
    ksAttr.setEntry(ALIAS, e, new KeyStore.PasswordProtection(
            KEY_PASSWORD));

    out.println("Attributes before store:");
    e.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Utils.saveKeyStore(ksAttr, WORKING_DIRECTORY + File.separator
            + KESTORE_NEW, PASSWORD);
}
 
Example #2
Source File: MetadataStoreLoadTest.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
private void checkAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ks = Utils.loadKeyStore(WORKING_DIRECTORY
            + File.separator
            + KESTORE_NEW, Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore.Entry keyStoreEntry = ks.getEntry(ALIAS,
            new KeyStore.PasswordProtection(KEY_PASSWORD));
    out.println("Attributes after store:");
    //print attribute values
    keyStoreEntry.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Arrays.stream(ATTR_SET).forEach((attr) -> {
        if (!keyStoreEntry.getAttributes().contains(attr)) {
            throw new RuntimeException("Entry doesn't contain attribute: ("
                    + attr.getName() + ", '" + attr.getValue() + "')");
        }
    });
}
 
Example #3
Source File: InternalLocker.java    From cashuwallet with MIT License 6 votes vote down vote up
private KeyPair getSecretKeyPair() {
    KeyStore keyStore = getKeyStore();
    if (keyStore == null) return createSecretKeyPair();
    KeyStore.Entry entry;
    try {
        entry = keyStore.getEntry(keyName, null);
    } catch (KeyStoreException|NoSuchAlgorithmException|UnrecoverableEntryException e) {
        entry = null;
    }
    KeyStore.PrivateKeyEntry secretEntry = entry instanceof KeyStore.PrivateKeyEntry ? (KeyStore.PrivateKeyEntry) entry : null;
    if (secretEntry == null) {
        if (entry != null) deleteSecretKeyPair();
        return createSecretKeyPair();
    }
    return new KeyPair(secretEntry.getCertificate().getPublicKey(), secretEntry.getPrivateKey());
}
 
Example #4
Source File: MetadataStoreLoadTest.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
private void storeAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ksIn = Utils.loadKeyStore(KEYSTORE_PATH,
            Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore ksAttr = KeyStore
            .getInstance(Utils.KeyStoreType.pkcs12.name());
    ksAttr.load(null);
    Key key = ksIn.getKey(ALIAS, PASSWORD);
    Certificate cert = ksIn.getCertificate(ALIAS);
    Set<KeyStore.Entry.Attribute> attrs =
            new HashSet<>(Arrays.asList(ATTR_SET));
    KeyStore.Entry e = new KeyStore.PrivateKeyEntry((PrivateKey) key,
            new Certificate[]{cert}, attrs);
    ksAttr.setEntry(ALIAS, e, new KeyStore.PasswordProtection(
            KEY_PASSWORD));

    out.println("Attributes before store:");
    e.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Utils.saveKeyStore(ksAttr, WORKING_DIRECTORY + File.separator
            + KESTORE_NEW, PASSWORD);
}
 
Example #5
Source File: MetadataStoreLoadTest.java    From hottub with GNU General Public License v2.0 6 votes vote down vote up
private void storeAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ksIn = Utils.loadKeyStore(KEYSTORE_PATH,
            Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore ksAttr = KeyStore
            .getInstance(Utils.KeyStoreType.pkcs12.name());
    ksAttr.load(null);
    Key key = ksIn.getKey(ALIAS, PASSWORD);
    Certificate cert = ksIn.getCertificate(ALIAS);
    Set<KeyStore.Entry.Attribute> attrs =
            new HashSet<>(Arrays.asList(ATTR_SET));
    KeyStore.Entry e = new KeyStore.PrivateKeyEntry((PrivateKey) key,
            new Certificate[]{cert}, attrs);
    ksAttr.setEntry(ALIAS, e, new KeyStore.PasswordProtection(
            KEY_PASSWORD));

    out.println("Attributes before store:");
    e.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Utils.saveKeyStore(ksAttr, WORKING_DIRECTORY + File.separator
            + KESTORE_NEW, PASSWORD);
}
 
Example #6
Source File: AbstractSpreadSheetFlinkFileOutputFormat.java    From hadoopoffice with Apache License 2.0 6 votes vote down vote up
/**
 * Reads the keystore to obtain credentials
 * 
 * @throws IOException 
 * @throws OfficeWriterException
 * 
 */
private void readKeyStore() throws IOException, OfficeWriterException {
	if ((this.howc.getCryptKeystoreFile()!=null) && (!"".equals(this.howc.getCryptKeystoreFile()))) {
		LOG.info("Using keystore to obtain credentials instead of passwords");
		FlinkKeyStoreManager fksm = new FlinkKeyStoreManager();
		try {
			fksm.openKeyStore(new Path(this.howc.getCryptKeystoreFile()), this.howc.getCryptKeystoreType(), this.howc.getCryptKeystorePassword());
			String password="";
			if ((this.howc.getCryptKeystoreAlias()!=null) && (!"".equals(this.howc.getCryptKeystoreAlias()))) {
				password=fksm.getPassword(this.howc.getCryptKeystoreAlias(), this.howc.getCryptKeystorePassword());
			} else {
				password=fksm.getPassword(this.howc.getFileName(), this.howc.getCryptKeystorePassword());
			}
			this.howc.setPassword(password);
		} catch (NoSuchAlgorithmException | CertificateException | KeyStoreException | IllegalArgumentException | UnrecoverableEntryException | InvalidKeySpecException e) {
			LOG.error("Cannopt read keystore. Exception: ",e);
			throw new OfficeWriterException("Cannot read keystore to obtain credentials used to encrypt office documents "+e);
		}
		
	}
}
 
Example #7
Source File: MetadataStoreLoadTest.java    From dragonwell8_jdk with GNU General Public License v2.0 6 votes vote down vote up
private void checkAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ks = Utils.loadKeyStore(WORKING_DIRECTORY
            + File.separator
            + KESTORE_NEW, Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore.Entry keyStoreEntry = ks.getEntry(ALIAS,
            new KeyStore.PasswordProtection(KEY_PASSWORD));
    out.println("Attributes after store:");
    //print attribute values
    keyStoreEntry.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Arrays.stream(ATTR_SET).forEach((attr) -> {
        if (!keyStoreEntry.getAttributes().contains(attr)) {
            throw new RuntimeException("Entry doesn't contain attribute: ("
                    + attr.getName() + ", '" + attr.getValue() + "')");
        }
    });
}
 
Example #8
Source File: CryptoUtil.java    From Auth0.Android with MIT License 6 votes vote down vote up
/**
 * Helper method compatible with older Android versions to load the Private Key Entry from
 * the KeyStore using the {@link #KEY_ALIAS}.
 *
 * @param keyStore the KeyStore instance. Must be initialized (loaded).
 * @return the key entry stored in the KeyStore or null if not present.
 * @throws KeyStoreException           if the keystore was not initialized.
 * @throws NoSuchAlgorithmException    if device is not compatible with RSA algorithm. RSA is available since API 18.
 * @throws UnrecoverableEntryException if key cannot be recovered. Probably because it was invalidated by a Lock Screen change.
 */
private KeyStore.PrivateKeyEntry getKeyEntryCompat(KeyStore keyStore) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) {
        return (KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_ALIAS, null);
    }

    //Following code is for API 28+
    PrivateKey privateKey = (PrivateKey) keyStore.getKey(KEY_ALIAS, null);

    if (privateKey == null) {
        return (KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_ALIAS, null);
    }

    Certificate certificate = keyStore.getCertificate(KEY_ALIAS);
    if (certificate == null) {
        return null;
    }
    return new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate});
}
 
Example #9
Source File: MetadataStoreLoadTest.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
private void storeAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ksIn = Utils.loadKeyStore(KEYSTORE_PATH,
            Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore ksAttr = KeyStore
            .getInstance(Utils.KeyStoreType.pkcs12.name());
    ksAttr.load(null);
    Key key = ksIn.getKey(ALIAS, PASSWORD);
    Certificate cert = ksIn.getCertificate(ALIAS);
    Set<KeyStore.Entry.Attribute> attrs =
            new HashSet<>(Arrays.asList(ATTR_SET));
    KeyStore.Entry e = new KeyStore.PrivateKeyEntry((PrivateKey) key,
            new Certificate[]{cert}, attrs);
    ksAttr.setEntry(ALIAS, e, new KeyStore.PasswordProtection(
            KEY_PASSWORD));

    out.println("Attributes before store:");
    e.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Utils.saveKeyStore(ksAttr, WORKING_DIRECTORY + File.separator
            + KESTORE_NEW, PASSWORD);
}
 
Example #10
Source File: MetadataStoreLoadTest.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
private void checkAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ks = Utils.loadKeyStore(WORKING_DIRECTORY
            + File.separator
            + KESTORE_NEW, Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore.Entry keyStoreEntry = ks.getEntry(ALIAS,
            new KeyStore.PasswordProtection(KEY_PASSWORD));
    out.println("Attributes after store:");
    //print attribute values
    keyStoreEntry.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Arrays.stream(ATTR_SET).forEach((attr) -> {
        if (!keyStoreEntry.getAttributes().contains(attr)) {
            throw new RuntimeException("Entry doesn't contain attribute: ("
                    + attr.getName() + ", '" + attr.getValue() + "')");
        }
    });
}
 
Example #11
Source File: MetadataStoreLoadTest.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
private void storeAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ksIn = Utils.loadKeyStore(KEYSTORE_PATH,
            Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore ksAttr = KeyStore
            .getInstance(Utils.KeyStoreType.pkcs12.name());
    ksAttr.load(null);
    Key key = ksIn.getKey(ALIAS, PASSWORD);
    Certificate cert = ksIn.getCertificate(ALIAS);
    Set<KeyStore.Entry.Attribute> attrs =
            new HashSet<>(Arrays.asList(ATTR_SET));
    KeyStore.Entry e = new KeyStore.PrivateKeyEntry((PrivateKey) key,
            new Certificate[]{cert}, attrs);
    ksAttr.setEntry(ALIAS, e, new KeyStore.PasswordProtection(
            KEY_PASSWORD));

    out.println("Attributes before store:");
    e.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Utils.saveKeyStore(ksAttr, WORKING_DIRECTORY + File.separator
            + KESTORE_NEW, PASSWORD);
}
 
Example #12
Source File: MetadataStoreLoadTest.java    From jdk8u-jdk with GNU General Public License v2.0 6 votes vote down vote up
private void checkAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ks = Utils.loadKeyStore(WORKING_DIRECTORY
            + File.separator
            + KESTORE_NEW, Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore.Entry keyStoreEntry = ks.getEntry(ALIAS,
            new KeyStore.PasswordProtection(KEY_PASSWORD));
    out.println("Attributes after store:");
    //print attribute values
    keyStoreEntry.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Arrays.stream(ATTR_SET).forEach((attr) -> {
        if (!keyStoreEntry.getAttributes().contains(attr)) {
            throw new RuntimeException("Entry doesn't contain attribute: ("
                    + attr.getName() + ", '" + attr.getValue() + "')");
        }
    });
}
 
Example #13
Source File: AbstractSpreadSheetDocumentRecordWriter.java    From hadoopoffice with Apache License 2.0 6 votes vote down vote up
/**
 * Reads the keystore to obtain credentials
 * 
 * @param conf Configuration provided by the Hadoop environment
 * @throws IOException 
 * @throws OfficeWriterException
 * 
 */
private void readKeyStore(Configuration conf) throws IOException, OfficeWriterException {
	if ((this.howc.getCryptKeystoreFile()!=null) && (!"".equals(this.howc.getCryptKeystoreFile()))) {
		LOG.info("Using keystore to obtain credentials instead of passwords");
		HadoopKeyStoreManager hksm = new HadoopKeyStoreManager(conf);
		try {
			hksm.openKeyStore(new Path(this.howc.getCryptKeystoreFile()), this.howc.getCryptKeystoreType(), this.howc.getCryptKeystorePassword());
			String password="";
			if ((this.howc.getCryptKeystoreAlias()!=null) && (!"".equals(this.howc.getCryptKeystoreAlias()))) {
				password=hksm.getPassword(this.howc.getCryptKeystoreAlias(), this.howc.getCryptKeystorePassword());
			} else {
				password=hksm.getPassword(this.howc.getFileName(), this.howc.getCryptKeystorePassword());
			}
			this.howc.setPassword(password);
		} catch (NoSuchAlgorithmException | CertificateException | KeyStoreException | IllegalArgumentException | UnrecoverableEntryException | InvalidKeySpecException e) {
			LOG.error("Cannopt read keystore. Exception: ",e);
			throw new OfficeWriterException("Cannot read keystore to obtain credentials used to encrypt office documents "+e);
		}
		
	}
}
 
Example #14
Source File: AbstractSpreadSheetDocumentRecordWriter.java    From hadoopoffice with Apache License 2.0 6 votes vote down vote up
/**
 * Reads the keystore to obtain credentials
 * 
 * @param conf Configuration provided by the Hadoop environment
 * @throws IOException 
 * @throws OfficeWriterException
 * 
 */
private void readKeyStore(Configuration conf) throws IOException, OfficeWriterException {
	if ((this.howc.getCryptKeystoreFile()!=null) && (!"".equals(this.howc.getCryptKeystoreFile()))) {
		LOG.info("Using keystore to obtain credentials instead of passwords");
		HadoopKeyStoreManager hksm = new HadoopKeyStoreManager(conf);
		try {
			hksm.openKeyStore(new Path(this.howc.getCryptKeystoreFile()), this.howc.getCryptKeystoreType(), this.howc.getCryptKeystorePassword());
			String password="";
			if ((this.howc.getCryptKeystoreAlias()!=null) && (!"".equals(this.howc.getCryptKeystoreAlias()))) {
				password=hksm.getPassword(this.howc.getCryptKeystoreAlias(), this.howc.getCryptKeystorePassword());
			} else {
				password=hksm.getPassword(this.howc.getFileName(), this.howc.getCryptKeystorePassword());
			}
			this.howc.setPassword(password);
		} catch (NoSuchAlgorithmException | CertificateException | KeyStoreException | IllegalArgumentException | UnrecoverableEntryException | InvalidKeySpecException e) {
			LOG.error("Cannopt read keystore. Exception: ",e);
			throw new OfficeWriterException("Cannot read keystore to obtain credentials used to encrypt office documents "+e);
		}
		
	}
}
 
Example #15
Source File: MetadataStoreLoadTest.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
private void checkAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ks = Utils.loadKeyStore(WORKING_DIRECTORY
            + File.separator
            + KESTORE_NEW, Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore.Entry keyStoreEntry = ks.getEntry(ALIAS,
            new KeyStore.PasswordProtection(KEY_PASSWORD));
    out.println("Attributes after store:");
    //print attribute values
    keyStoreEntry.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Arrays.stream(ATTR_SET).forEach((attr) -> {
        if (!keyStoreEntry.getAttributes().contains(attr)) {
            throw new RuntimeException("Entry doesn't contain attribute: ("
                    + attr.getName() + ", '" + attr.getValue() + "')");
        }
    });
}
 
Example #16
Source File: AbstractSpreadSheetDocumentRecordReader.java    From hadoopoffice with Apache License 2.0 6 votes vote down vote up
/**
 * Reads the keystore to obtain credentials
 * 
 * @param conf Configuration provided by the Hadoop environment
 * @throws IOException 
 * @throws FormatNotUnderstoodException
 * 
 */
private void readKeyStore(Configuration conf) throws IOException, FormatNotUnderstoodException {
	if ((this.hocr.getCryptKeystoreFile()!=null) && (!"".equals(this.hocr.getCryptKeystoreFile()))) {
		LOG.info("Using keystore to obtain credentials instead of passwords");
		HadoopKeyStoreManager hksm = new HadoopKeyStoreManager(conf);
		try {
			hksm.openKeyStore(new Path(this.hocr.getCryptKeystoreFile()), this.hocr.getCryptKeystoreType(), this.hocr.getCryptKeystorePassword());
			String pw="";
			if ((this.hocr.getCryptKeystoreAlias()!=null) && (!"".equals(this.hocr.getCryptKeystoreAlias()))) {
				pw=hksm.getPassword(this.hocr.getCryptKeystoreAlias(), this.hocr.getCryptKeystorePassword());
			} else {
				pw=hksm.getPassword(this.hocr.getFileName(), this.hocr.getCryptKeystorePassword());
			}
			this.hocr.setPassword(pw);
		} catch (NoSuchAlgorithmException | CertificateException | KeyStoreException | IllegalArgumentException | UnrecoverableEntryException | InvalidKeySpecException e) {
			LOG.error("Cannopt read keystore. Exception: ",e);
			throw new FormatNotUnderstoodException("Cannot read keystore to obtain credentials to access encrypted documents "+e);
		}
		
	}
}
 
Example #17
Source File: MetadataStoreLoadTest.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
private void checkAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ks = Utils.loadKeyStore(WORKING_DIRECTORY
            + File.separator
            + KESTORE_NEW, Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore.Entry keyStoreEntry = ks.getEntry(ALIAS,
            new KeyStore.PasswordProtection(KEY_PASSWORD));
    out.println("Attributes after store:");
    //print attribute values
    keyStoreEntry.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Arrays.stream(ATTR_SET).forEach((attr) -> {
        if (!keyStoreEntry.getAttributes().contains(attr)) {
            throw new RuntimeException("Entry doesn't contain attribute: ("
                    + attr.getName() + ", '" + attr.getValue() + "')");
        }
    });
}
 
Example #18
Source File: CipherStorageSharedPreferencesKeystore.java    From keystore-ultimate with Apache License 2.0 6 votes vote down vote up
@Nullable
private KeyStore.Entry getKeyStoreEntry(boolean shouldGenerateKey, String alias) {
    try {
        KeyStore keyStore = getKeyStoreAndLoad();

        KeyStore.Entry entry = keyStore.getEntry(alias, null);
        if (entry == null) {
            if (shouldGenerateKey) {
                generateKeyRsa(alias);
                entry = keyStore.getEntry(alias, null);
            }
        }
        return entry;
    } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
        throw new KeyStoreAccessException("Unable to access keystore", e);
    }
}
 
Example #19
Source File: TlsCertificateAuthorityTest.java    From localization_nifi with Apache License 2.0 6 votes vote down vote up
private void validateClient(Certificate caCertificate) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException,
        UnrecoverableEntryException, InvalidKeyException, NoSuchProviderException, SignatureException {
    clientConfig = objectMapper.readValue(new ByteArrayInputStream(clientConfigFileOutputStream.toByteArray()), TlsClientConfig.class);

    KeyStore clientKeyStore = KeyStoreUtils.getKeyStore(clientConfig.getKeyStoreType());
    clientKeyStore.load(new ByteArrayInputStream(clientKeyStoreOutputStream.toByteArray()), clientConfig.getKeyStorePassword().toCharArray());
    String keyPassword = clientConfig.getKeyPassword();
    KeyStore.Entry clientKeyStoreEntry = clientKeyStore.getEntry(TlsToolkitStandalone.NIFI_KEY,
            new KeyStore.PasswordProtection(keyPassword == null ? clientConfig.getKeyStorePassword().toCharArray() : keyPassword.toCharArray()));

    assertTrue(clientKeyStoreEntry instanceof KeyStore.PrivateKeyEntry);
    KeyStore.PrivateKeyEntry clientPrivateKeyEntry = (KeyStore.PrivateKeyEntry) clientKeyStoreEntry;
    Certificate[] certificateChain = clientPrivateKeyEntry.getCertificateChain();
    assertEquals(2, certificateChain.length);
    assertEquals(caCertificate, certificateChain[1]);
    certificateChain[0].verify(caCertificate.getPublicKey());
    assertPrivateAndPublicKeyMatch(clientPrivateKeyEntry.getPrivateKey(), certificateChain[0].getPublicKey());

    KeyStore clientTrustStore = KeyStoreUtils.getTrustStore(KeystoreType.JKS.toString());
    clientTrustStore.load(new ByteArrayInputStream(clientTrustStoreOutputStream.toByteArray()), clientConfig.getTrustStorePassword().toCharArray());
    assertEquals(caCertificate, clientTrustStore.getCertificate(TlsToolkitStandalone.NIFI_CERT));
}
 
Example #20
Source File: TlsCertificateAuthorityTest.java    From localization_nifi with Apache License 2.0 6 votes vote down vote up
private Certificate validateServerKeyStore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException,
        InvalidKeyException, NoSuchProviderException, SignatureException {
    serverConfig = objectMapper.readValue(new ByteArrayInputStream(serverConfigFileOutputStream.toByteArray()), TlsConfig.class);

    KeyStore serverKeyStore = KeyStoreUtils.getKeyStore(serverConfig.getKeyStoreType());
    serverKeyStore.load(new ByteArrayInputStream(serverKeyStoreOutputStream.toByteArray()), serverConfig.getKeyStorePassword().toCharArray());
    String keyPassword = serverConfig.getKeyPassword();
    KeyStore.Entry serverKeyEntry = serverKeyStore.getEntry(TlsToolkitStandalone.NIFI_KEY,
            new KeyStore.PasswordProtection(keyPassword == null ? serverConfig.getKeyStorePassword().toCharArray() : keyPassword.toCharArray()));

    assertTrue(serverKeyEntry instanceof KeyStore.PrivateKeyEntry);
    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) serverKeyEntry;
    Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
    assertEquals(1, certificateChain.length);
    Certificate caCertificate = certificateChain[0];
    caCertificate.verify(caCertificate.getPublicKey());
    assertPrivateAndPublicKeyMatch(privateKeyEntry.getPrivateKey(), caCertificate.getPublicKey());
    return caCertificate;
}
 
Example #21
Source File: HadoopKeyStoreManagerTest.java    From hadoopoffice with Apache License 2.0 6 votes vote down vote up
@Test
public void createKeyStoreforPasswords() throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, InvalidKeySpecException, UnrecoverableEntryException {
 	Configuration conf = new Configuration(HadoopKeyStoreManagerTest.defaultConf);
   	String tmpDir=tmpPath.toString();	
   	Path outputFile= new Path(tmpDir,"keystore2.jceks");
   	HadoopKeyStoreManager hksm = new HadoopKeyStoreManager(conf);
   	// create new key store
   	hksm.openKeyStore(null, "JCEKS", "changeit");
   	hksm.setPassword("test.xlsx", "test2", "changeit");
   	hksm.store(outputFile, "changeit");
   	// open existing keystore
   	hksm.openKeyStore(outputFile, "JCEKS", "changeit");
   	String expectedPassword="test2";
   	String password=hksm.getPassword("test.xlsx", "changeit");
assertEquals(expectedPassword,password,"Password is correctly read from new keystore");
}
 
Example #22
Source File: CryptUtil.java    From PowerFileExplorer with GNU General Public License v3.0 6 votes vote down vote up
/**
 * Encrypts randomly generated AES key using RSA public key
 * @param secretKey
 * @return
 */
private byte[] encryptAESKey(byte[] secretKey) throws KeyStoreException,
        UnrecoverableEntryException, NoSuchAlgorithmException, IOException,
        CertificateException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {

    KeyStore keyStore = KeyStore.getInstance(KEY_STORE_ANDROID);
    keyStore.load(null);
    KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry)
            keyStore.getEntry(KEY_ALIAS_AMAZE, null);
    Cipher cipher = Cipher.getInstance(ALGO_RSA, "AndroidOpenSSL");
    cipher.init(Cipher.ENCRYPT_MODE, keyEntry.getCertificate().getPublicKey());

    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
    CipherOutputStream outputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
    outputStream.write(secretKey);
    outputStream.close();

    return byteArrayOutputStream.toByteArray();
}
 
Example #23
Source File: CryptUtil.java    From PowerFileExplorer with GNU General Public License v3.0 6 votes vote down vote up
/**
 * Decodes encrypted AES key from preference and decrypts using RSA private key
 * @return
 * @throws CertificateException
 * @throws NoSuchPaddingException
 * @throws InvalidKeyException
 * @throws NoSuchAlgorithmException
 * @throws KeyStoreException
 * @throws NoSuchProviderException
 * @throws UnrecoverableEntryException
 * @throws IOException
 * @throws InvalidAlgorithmParameterException
 * @throws BadPaddingException
 * @throws IllegalBlockSizeException
 */
@RequiresApi(api = Build.VERSION_CODES.JELLY_BEAN_MR2)
private Key getSecretKey() throws CertificateException, NoSuchPaddingException, InvalidKeyException,
        NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException,
        IOException, InvalidAlgorithmParameterException, BadPaddingException, IllegalBlockSizeException {

    SharedPreferences preferences = PreferenceManager.getDefaultSharedPreferences(context);
    String encodedString = preferences.getString(PREFERENCE_KEY, null);
    if (encodedString != null) {

        return new SecretKeySpec(decryptAESKey(Base64.decode(encodedString, Base64.DEFAULT)), "AES");
    } else {
        generateKeyPair(context);
        setKeyPreference();
        return getSecretKey();
    }
}
 
Example #24
Source File: Cryptography.java    From zap-android with MIT License 6 votes vote down vote up
private byte[] rsaDecryptKey(byte[] encrypted) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException {

        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_NAME);
        keyStore.load(null);

        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_ENCRYPTION, null);
        Cipher output = Cipher.getInstance(RSA_MODE, CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_RSA);
        output.init(Cipher.DECRYPT_MODE, privateKeyEntry.getPrivateKey());
        CipherInputStream cipherInputStream = new CipherInputStream(
                new ByteArrayInputStream(encrypted), output);
        ArrayList<Byte> values = new ArrayList<>();
        int nextByte;
        while ((nextByte = cipherInputStream.read()) != -1) {
            values.add((byte) nextByte);
        }

        byte[] decryptedKeyAsBytes = new byte[values.size()];
        for (int i = 0; i < decryptedKeyAsBytes.length; i++) {
            decryptedKeyAsBytes[i] = values.get(i);
        }
        return decryptedKeyAsBytes;
    }
 
Example #25
Source File: Cryptography.java    From zap-android with MIT License 6 votes vote down vote up
private byte[] rsaEncryptKey(byte[] secret) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException, NoSuchProviderException, NoSuchPaddingException, UnrecoverableEntryException, InvalidKeyException {

        KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE_NAME);
        keyStore.load(null);

        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(KEY_ENCRYPTION, null);
        Cipher inputCipher = Cipher.getInstance(RSA_MODE, CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_RSA);
        inputCipher.init(Cipher.ENCRYPT_MODE, privateKeyEntry.getCertificate().getPublicKey());

        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
        CipherOutputStream cipherOutputStream = new CipherOutputStream(outputStream, inputCipher);
        cipherOutputStream.write(secret);
        cipherOutputStream.close();

        byte[] encryptedKeyAsByteArray = outputStream.toByteArray();
        return encryptedKeyAsByteArray;
    }
 
Example #26
Source File: Cryptography.java    From zap-android with MIT License 6 votes vote down vote up
@RequiresApi(api = Build.VERSION_CODES.JELLY_BEAN_MR2)
private void generateKeysForAPILessThanM(String keyAlias) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, CertificateException, UnrecoverableEntryException, NoSuchPaddingException, KeyStoreException, InvalidKeyException, IOException {
    // Generate a key pair for encryption
    Calendar start = Calendar.getInstance();
    Calendar end = Calendar.getInstance();
    end.add(Calendar.YEAR, 30);
    KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(mContext)
            .setAlias(keyAlias)
            .setSubject(new X500Principal("CN=" + keyAlias))
            .setSerialNumber(BigInteger.TEN)
            .setStartDate(start.getTime())
            .setEndDate(end.getTime())
            .build();
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM_NAME, ANDROID_KEY_STORE_NAME);
    kpg.initialize(spec);
    kpg.generateKeyPair();

    saveEncryptedKey();
}
 
Example #27
Source File: Cryptography.java    From zap-android with MIT License 6 votes vote down vote up
@SuppressLint("ApplySharedPref")
private void saveEncryptedKey() throws CertificateException, NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException, KeyStoreException, NoSuchProviderException, UnrecoverableEntryException, IOException {
    SharedPreferences pref = mContext.getSharedPreferences(SHARED_PREFERENCE_NAME, Context.MODE_PRIVATE);
    String encryptedKeyBase64encoded = pref.getString(ENCRYPTED_KEY_NAME, null);
    if (encryptedKeyBase64encoded == null) {
        byte[] key = new byte[16];
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.nextBytes(key);
        byte[] encryptedKey = rsaEncryptKey(key);
        encryptedKeyBase64encoded = Base64.encodeToString(encryptedKey, Base64.DEFAULT);
        SharedPreferences.Editor edit = pref.edit();
        edit.putString(ENCRYPTED_KEY_NAME, encryptedKeyBase64encoded);
        boolean successfullyWroteKey = edit.commit();
        if (successfullyWroteKey) {
            Log.d(LOG_TAG, "Saved keys successfully");
        } else {
            Log.e(LOG_TAG, "Saved keys unsuccessfully");
            throw new IOException("Could not save keys");
        }
    }

}
 
Example #28
Source File: MetadataStoreLoadTest.java    From jdk8u_jdk with GNU General Public License v2.0 6 votes vote down vote up
private void checkAttrs() throws UnrecoverableEntryException,
        GeneralSecurityException, NoSuchAlgorithmException,
        KeyStoreException, IOException {
    KeyStore ks = Utils.loadKeyStore(WORKING_DIRECTORY
            + File.separator
            + KESTORE_NEW, Utils.KeyStoreType.pkcs12, PASSWORD);
    KeyStore.Entry keyStoreEntry = ks.getEntry(ALIAS,
            new KeyStore.PasswordProtection(KEY_PASSWORD));
    out.println("Attributes after store:");
    //print attribute values
    keyStoreEntry.getAttributes().stream().forEach((attr) -> {
        out.println(attr.getName() + ", '" + attr.getValue() + "'");
    });
    Arrays.stream(ATTR_SET).forEach((attr) -> {
        if (!keyStoreEntry.getAttributes().contains(attr)) {
            throw new RuntimeException("Entry doesn't contain attribute: ("
                    + attr.getName() + ", '" + attr.getValue() + "')");
        }
    });
}
 
Example #29
Source File: TestKeyStore.java    From java-11-examples with Apache License 2.0 5 votes vote down vote up
@Test
public void testLeyStoreLoadKeyPair()
        throws UnrecoverableEntryException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
    InputStream resourceAsStream = this.getClass().getResourceAsStream("/test-server-keystore.jks");
    KeyPair keyPair = Utils.loadKeyPair(resourceAsStream, "secret", "serverkey", "secret");
    Assert.assertNotNull(keyPair);
}
 
Example #30
Source File: Cryptography.java    From zap-android with MIT License 5 votes vote down vote up
@RequiresApi(api = Build.VERSION_CODES.JELLY_BEAN_MR2)
public String decryptData(String encryptedData) throws NoSuchPaddingException, NoSuchAlgorithmException, UnrecoverableEntryException, CertificateException, KeyStoreException, IOException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchProviderException, BadPaddingException, IllegalBlockSizeException {

    initKeys();

    if (encryptedData == null) {
        throw new IllegalArgumentException("Data to be decrypted must be non null");
    }

    byte[] encryptedDecodedData = Base64.decode(encryptedData, Base64.DEFAULT);

    Cipher c;
    try {
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
            c = Cipher.getInstance(AES_MODE_M_OR_GREATER);
            c.init(Cipher.DECRYPT_MODE, getSecretKeyAPIMorGreater(), new GCMParameterSpec(128, FIXED_IV));
        } else {
            c = Cipher.getInstance(AES_MODE_LESS_THAN_M, CIPHER_PROVIDER_NAME_ENCRYPTION_DECRYPTION_AES);
            c.init(Cipher.DECRYPT_MODE, getSecretKeyAPILessThanM());
        }
    } catch (InvalidKeyException | IOException e) {
        // Since the keys can become bad (perhaps because of lock screen change)
        // drop keys in this case.
        removeKeys();
        throw e;
    }

    byte[] decodedBytes = c.doFinal(encryptedDecodedData);
    return new String(decodedBytes, CHARSET_NAME);

}