java.security.KeyStore.PasswordProtection Java Examples
The following examples show how to use
java.security.KeyStore.PasswordProtection.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AbstractKeyStoreTokenConnection.java From dss with GNU Lesser General Public License v2.1 | 6 votes |
|
private DSSPrivateKeyEntry getDSSPrivateKeyEntry(KeyStore keyStore, String alias, PasswordProtection passwordProtection) {
try {
if (keyStore.isKeyEntry(alias)) {
final Entry entry = keyStore.getEntry(alias, passwordProtection);
if (entry instanceof PrivateKeyEntry) {
PrivateKeyEntry pke = (PrivateKeyEntry) entry;
return new KSPrivateKeyEntry(alias, pke);
} else {
LOG.warn("Skipped entry (unsupported class : {})", entry.getClass().getSimpleName());
}
} else {
LOG.debug("No related/supported key found for alias '{}'", alias);
}
} catch (GeneralSecurityException e) {
throw new DSSException("Unable to retrieve key from keystore", e);
}
return null;
}
Example #2
| Source File: TestKeyStoreSpi.java From j2objc with Apache License 2.0 | 6 votes |
|
@Override
public void engineStore(LoadStoreParameter param) throws IOException,
NoSuchAlgorithmException, CertificateException {
if (param == null) {
throw new IOException();
}
ProtectionParameter pParam = param.getProtectionParameter();
if (pParam instanceof PasswordProtection) {
char[] password = ((PasswordProtection) pParam).getPassword();
if (password == null) {
throw new NoSuchAlgorithmException();
} else if (password.length == 0) {
throw new CertificateException();
}
return;
}
throw new UnsupportedOperationException();
}
Example #3
| Source File: TestKeyStoreSpi.java From j2objc with Apache License 2.0 | 6 votes |
|
@Override
public void engineLoad(LoadStoreParameter param) throws IOException,
NoSuchAlgorithmException, CertificateException {
if (param == null) {
engineLoad(null, null);
return;
}
ProtectionParameter pParam = param.getProtectionParameter();
if (pParam == null) {
throw new NoSuchAlgorithmException();
}
if (pParam instanceof PasswordProtection) {
char[] password = ((PasswordProtection) pParam).getPassword();
if (password == null) {
throw new NoSuchAlgorithmException();
} else {
return;
}
}
throw new CertificateException();
}
Example #4
| Source File: JksCertificateInformation.java From dss with GNU Lesser General Public License v2.1 | 6 votes |
|
public static void main(final String[] args) throws IOException {
try (InputStream is = new FileInputStream("src/main/resources/keystore.jks");
JKSSignatureToken jksSignatureToken = new JKSSignatureToken(is, new PasswordProtection("dss-password".toCharArray()))) {
DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss");
List<DSSPrivateKeyEntry> keys = jksSignatureToken.getKeys();
for (DSSPrivateKeyEntry key : keys) {
CertificateToken certificate = key.getCertificate();
System.out.println(dateFormat.format(certificate.getNotAfter()) + ": " + certificate.getSubject().getCanonical());
CertificateToken[] certificateChain = key.getCertificateChain();
for (CertificateToken x509Certificate : certificateChain) {
System.out.println("/t" + dateFormat.format(x509Certificate.getNotAfter()) + ": " + x509Certificate.getSubject().getCanonical());
}
}
System.out.println("DONE");
}
}
Example #5
| Source File: KeyStoreUtils.java From presto with Apache License 2.0 | 5 votes |
|
public static String readEntity(KeyStore keyStore, String entityAlias, String entityPassword)
throws GeneralSecurityException
{
SecretKeyEntry secretKeyEntry = (SecretKeyEntry) keyStore.getEntry(entityAlias, new PasswordProtection(entityPassword.toCharArray()));
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBE");
PBEKeySpec keySpec = (PBEKeySpec) factory.getKeySpec(secretKeyEntry.getSecretKey(), PBEKeySpec.class);
return new String(keySpec.getPassword());
}
Example #6
| Source File: Pkcs12SignatureTokenTest.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void testPkcs12() throws IOException {
try (Pkcs12SignatureToken signatureToken = new Pkcs12SignatureToken("src/test/resources/user_a_rsa.p12",
new PasswordProtection("password".toCharArray()))) {
assertNotNull(signatureToken);
List<DSSPrivateKeyEntry> keys = signatureToken.getKeys();
assertFalse(keys.isEmpty());
KSPrivateKeyEntry dssPrivateKeyEntry = (KSPrivateKeyEntry) keys.get(0);
assertNotNull(dssPrivateKeyEntry);
assertNotNull(dssPrivateKeyEntry.getAlias());
DSSPrivateKeyEntry entry = signatureToken.getKey(dssPrivateKeyEntry.getAlias(),
new PasswordProtection("password".toCharArray()));
assertNotNull(entry);
assertNotNull(entry.getCertificate());
assertNotNull(entry.getCertificateChain());
assertNotNull(entry.getEncryptionAlgorithm());
ToBeSigned toBeSigned = new ToBeSigned("Hello world".getBytes("UTF-8"));
SignatureValue signValue = signatureToken.sign(toBeSigned, DigestAlgorithm.SHA256, entry);
assertNotNull(signValue);
assertNotNull(signValue.getAlgorithm());
assertNotNull(signValue.getValue());
}
}
Example #7
| Source File: KeyStoreCertificateSource.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
private void initKeystore(final InputStream ksStream, final String ksType, final String ksPassword) {
try (InputStream is = ksStream) {
keyStore = KeyStore.getInstance(ksType);
final char[] password = (ksPassword == null) ? null : ksPassword.toCharArray();
keyStore.load(is, password);
passwordProtection = new PasswordProtection(password);
} catch (GeneralSecurityException | IOException e) {
throw new DSSException("Unable to initialize the keystore", e);
}
}
Example #8
| Source File: CertificateHandler.java From development with Apache License 2.0 | 5 votes |
|
private void loadPrivateKeyEntry() throws GeneralSecurityException {
rootPrivateKeyEntry = (PrivateKeyEntry) rootCaKeystore.getEntry(
rootCaAlias,
new PasswordProtection(rootCaPassword.toCharArray()));
if (rootPrivateKeyEntry == null) {
throw new RuntimeException(
"Could not read private key entry from rootca keystore with alias "
+ rootCaAlias);
}
}
Example #9
| Source File: SignTask.java From development with Apache License 2.0 | 5 votes |
|
private PrivateKeyEntry loadCAKeyEntry() throws IOException,
GeneralSecurityException {
final KeyStore keystore = loadKeyStore();
final Entry entry = keystore.getEntry(this.alias,
new PasswordProtection(this.password.toCharArray()));
return (PrivateKeyEntry) entry;
}
Example #10
| Source File: Pkcs12SignatureTokenTest.java From dss with GNU Lesser General Public License v2.1 | 5 votes |
|
@Test
public void wrongPassword() throws IOException {
PasswordProtection passwordProtection = new PasswordProtection("wrong password".toCharArray());
Exception exception = assertThrows(DSSException.class,
() -> new Pkcs12SignatureToken("src/test/resources/user_a_rsa.p12", passwordProtection));
assertEquals("Unable to instantiate KeyStoreSignatureTokenConnection", exception.getMessage());
}
Example #11
| Source File: CloudSqlInstance.java From cloud-sql-jdbc-socket-factory with Apache License 2.0 | 5 votes |
|
/**
* Creates a new SSLContext based on the provided parameters. This SSLContext will be used to
* provide new SSLSockets that are authorized to connect to a Cloud SQL instance.
*/
private SSLContext createSslContext(
KeyPair keyPair, Metadata metadata, Certificate ephemeralCertificate) {
try {
KeyStore authKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
authKeyStore.load(null, null);
KeyStore.PrivateKeyEntry privateKey =
new PrivateKeyEntry(keyPair.getPrivate(), new Certificate[] {ephemeralCertificate});
authKeyStore.setEntry("ephemeral", privateKey, new PasswordProtection(new char[0]));
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(authKeyStore, new char[0]);
KeyStore trustedKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustedKeyStore.load(null, null);
trustedKeyStore.setCertificateEntry("instance", metadata.getInstanceCaCertificate());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X.509");
tmf.init(trustedKeyStore);
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
return sslContext;
} catch (GeneralSecurityException | IOException ex) {
throw new RuntimeException(
String.format(
"[%s] Unable to create a SSLContext for the Cloud SQL instance.", connectionName),
ex);
}
}
Example #12
| Source File: ECKeyStore.java From balzac with Apache License 2.0 | 5 votes |
|
public void changePassword(char[] password) throws KeyStoreException {
try {
for (String alias : Collections.list(ks.aliases())) {
Entry entry = ks.getEntry(alias, new PasswordProtection(this.password)); // read
ks.setEntry(alias, entry, new PasswordProtection(password)); // override
}
// update the password
Arrays.fill(this.password, '0');
this.password = Arrays.copyOf(password, password.length);
} catch (NoSuchAlgorithmException | UnrecoverableEntryException e) {
throw new KeyStoreException(e);
}
}
Example #13
| Source File: ECKeyStore.java From balzac with Apache License 2.0 | 5 votes |
|
public String addKey(PrivateKey key) throws KeyStoreException {
String keyID = getUniqueID(key);
SecretKey secretKey = new SecretKeySpec(key.getBytes(), "EC");
SecretKeyEntry kEntry = new SecretKeyEntry(secretKey);
ks.setEntry(keyID, kEntry, new PasswordProtection(password));
netwotkTypeMap.put(keyID, key.getNetworkType());
return keyID;
}
Example #14
| Source File: Flag.java From bundletool with Apache License 2.0 | 5 votes |
|
private static Password createFromFlagValue(String flagValue) {
if (flagValue.startsWith("pass:")) {
return new Password(
() -> new PasswordProtection(flagValue.substring("pass:".length()).toCharArray()));
} else if (flagValue.startsWith("file:")) {
Path passwordFile = Paths.get(flagValue.substring("file:".length()));
checkFileExistsAndReadable(passwordFile);
return new Password(
() -> new PasswordProtection(readPasswordFromFile(passwordFile).toCharArray()));
}
throw new FlagParseException("Passwords must be prefixed with \"pass:\" or \"file:\".");
}
Example #15
| Source File: PKCS11SignatureTokenApp.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
|
public static void main(String[] args) {
String PIN = "PINCODE";
// -Djava.security.debug = sunpkcs11
// 32b
// Pkcs11SignatureToken token = new Pkcs11SignatureToken("C:\\Windows\\SysWOW64\\onepin-opensc-pkcs11.dll");
// 64b
// Pkcs11SignatureToken token = new Pkcs11SignatureToken("C:\\Windows\\System32\\beidpkcs11.dll");
// Pkcs11SignatureToken token = new Pkcs11SignatureToken("C:\\Windows\\System32\\beidpkcs11.dll",
// (PasswordInputCallback) null, 3)
// Pkcs11SignatureToken token = new Pkcs11SignatureToken("C:\\Windows\\System32\\onepin-opensc-pkcs11.dll",
// new PasswordProtection(PIN.toCharArray()), 1)
String alias = null;
try (Pkcs11SignatureToken token = new Pkcs11SignatureToken("C:\\Program Files\\Gemalto\\Classic Client\\BIN\\gclib.dll",
new PasswordProtection(PIN.toCharArray()), 2)) {
List<DSSPrivateKeyEntry> keys = token.getKeys();
for (DSSPrivateKeyEntry entry : keys) {
System.out.println(entry.getCertificate().getCertificate());
}
alias = ((KSPrivateKeyEntry) keys.get(0)).getAlias();
// ToBeSigned toBeSigned = new ToBeSigned("Hello world".getBytes());
// SignatureValue signatureValue = token.sign(toBeSigned, DigestAlgorithm.SHA256, dssPrivateKeyEntry);
// System.out.println("Signature value : " +
// DatatypeConverter.printBase64Binary(signatureValue.getValue()));
}
try (Pkcs11SignatureToken token = new Pkcs11SignatureToken("C:\\Program Files\\Gemalto\\Classic Client\\BIN\\gclib.dll",
new PasswordProtection(PIN.toCharArray()), 2)) {
DSSPrivateKeyEntry key = token.getKey(alias, new PasswordProtection(PIN.toCharArray()));
ToBeSigned toBeSigned = new ToBeSigned("Hello world".getBytes());
SignatureValue signatureValue = token.sign(toBeSigned, DigestAlgorithm.SHA256, key);
System.out.println("Signature value : " + Base64.getEncoder().encodeToString(signatureValue.getValue()));
}
}
Example #16
| Source File: KeyStoreSignatureTokenConnection.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
|
@Override
PasswordProtection getKeyProtectionParameter() {
return password;
}
Example #17
| Source File: KeyStoreSignatureTokenConnection.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
|
public KeyStoreSignatureTokenConnection(File ksFile, String ksType, PasswordProtection ksPassword) throws IOException {
this(new FileInputStream(ksFile), ksType, ksPassword);
}
Example #18
| Source File: KeyStoreSignatureTokenConnection.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
|
public KeyStoreSignatureTokenConnection(String filepath, String ksType, PasswordProtection ksPassword) throws IOException {
this(new File(filepath), ksType, ksPassword);
}
Example #19
| Source File: KeyStoreSignatureTokenConnection.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
|
public KeyStoreSignatureTokenConnection(byte[] ksBytes, String ksType, PasswordProtection ksPassword) {
this(new ByteArrayInputStream(ksBytes), ksType, ksPassword);
}
Example #20
| Source File: ServerTestUtil.java From ghidra with Apache License 2.0 | 4 votes |
|
/**
* Generate self-signed test-CA key/certificate and a test user key/certificate
*/
private static void generatePkiCerts() throws Exception {
String caPath = getTestPkiCACertsPath(); // CA certs keystore is .jks file
File caFile = new File(caPath);
if (caFile.exists() && !caFile.delete()) {
throw new RuntimeException("Failed to generate new test-CA key file: " + caPath);
}
String userKeystorePath = getTestPkiUserKeystorePath(); // user keystore is .p12 file
File userKeystoreFile = new File(userKeystorePath);
if (userKeystoreFile.exists() && !userKeystoreFile.delete()) {
throw new RuntimeException(
"Failed to generate new test-user key file: " + userKeystorePath);
}
String serverKeystorePath = getTestPkiServerKeystorePath(); // server keystore is .p12 file
File serverKeystoreFile = new File(serverKeystorePath);
if (serverKeystoreFile.exists() && !serverKeystoreFile.delete()) {
throw new RuntimeException(
"Failed to generate new test-server key file: " + serverKeystorePath);
}
// Generate CA certificate and keystore
Msg.info(ServerTestUtil.class, "Generating self-signed CA cert: " + caPath);
CertificateExtensions caCertExtensions = new CertificateExtensions();
BasicConstraintsExtension caBasicConstraints = new BasicConstraintsExtension(true, true, 1);
caCertExtensions.set(PKIXExtensions.BasicConstraints_Id.toString(), caBasicConstraints);
KeyUsageExtension caKeyUsage = new KeyUsageExtension();
caKeyUsage.set(KeyUsageExtension.KEY_CERTSIGN, true);
caCertExtensions.set(PKIXExtensions.KeyUsage_Id.toString(), caKeyUsage);
KeyStore caKeystore = ApplicationKeyManagerUtils.createKeyStore(null, "PKCS12",
ApplicationKeyManagerFactory.DEFAULT_PASSWORD.toCharArray(), "test-CA",
caCertExtensions, TEST_PKI_CA_DN, null, 2);
ApplicationKeyManagerUtils.exportX509Certificates(caKeystore, caFile);
PasswordProtection caPass =
new PasswordProtection(ApplicationKeyManagerFactory.DEFAULT_PASSWORD.toCharArray());
PrivateKeyEntry caPrivateKeyEntry =
(PrivateKeyEntry) caKeystore.getEntry("test-CA", caPass);
// Generate User/Client certificate and keystore
Msg.info(ServerTestUtil.class, "Generating test user key/cert (signed by test-CA, pwd: " +
TEST_PKI_USER_PASSPHRASE + "): " + userKeystorePath);
ApplicationKeyManagerUtils.createKeyStore(userKeystoreFile, "PKCS12",
TEST_PKI_USER_PASSPHRASE.toCharArray(), "test-sig", null, TEST_PKI_USER_DN,
caPrivateKeyEntry, 2);
// Generate Server certificate and keystore
Msg.info(ServerTestUtil.class, "Generating test server key/cert (signed by test-CA, pwd: " +
TEST_PKI_SERVER_PASSPHRASE + "): " + serverKeystorePath);
ApplicationKeyManagerUtils.createKeyStore(serverKeystoreFile, "PKCS12",
TEST_PKI_SERVER_PASSPHRASE.toCharArray(), "test-sig", null, TEST_PKI_SERVER_DN,
caPrivateKeyEntry, 2);
}
Example #21
| Source File: MSCAPISignatureToken.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
|
@Override
PasswordProtection getKeyProtectionParameter() {
return new PasswordProtection("nimp".toCharArray());
}
Example #22
| Source File: Password.java From bundletool with Apache License 2.0 | 4 votes |
|
public Password(Supplier<PasswordProtection> passwordSupplier) {
this.passwordSupplier = passwordSupplier;
}
Example #23
| Source File: Password.java From bundletool with Apache License 2.0 | 4 votes |
|
@VisibleForTesting
public static Password createForTest(String password) {
return new Password(() -> new PasswordProtection(password.toCharArray()));
}
Example #24
| Source File: Password.java From bundletool with Apache License 2.0 | 4 votes |
|
/** Special note: It's the responsibility of the caller to destroy the password once used. */
public final PasswordProtection getValue() {
return passwordSupplier.get();
}
Example #25
| Source File: CopyKeyTask.java From development with Apache License 2.0 | 4 votes |
|
private ProtectionParameter createProtection(final EntryDescriptor descr) {
return new PasswordProtection(descr.getPassword().toCharArray());
}
Example #26
| Source File: PKIFactoryAccess.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
|
protected AbstractKeyStoreTokenConnection getToken() {
return new KeyStoreSignatureTokenConnection(getKeystoreContent(getSigningAlias() + ".p12"), KEYSTORE_TYPE,
new PasswordProtection(PKI_FACTORY_KEYSTORE_PASSWORD.toCharArray()));
}
Example #27
| Source File: PKCS12Snippet.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
|
public static void main(String[] args) throws IOException {
// tag::demo[]
try (Pkcs12SignatureToken token = new Pkcs12SignatureToken("src/main/resources/user_a_rsa.p12", new PasswordProtection("password".toCharArray()))) {
List<DSSPrivateKeyEntry> keys = token.getKeys();
for (DSSPrivateKeyEntry entry : keys) {
System.out.println(entry.getCertificate().getCertificate());
}
ToBeSigned toBeSigned = new ToBeSigned("Hello world".getBytes());
SignatureValue signatureValue = token.sign(toBeSigned, DigestAlgorithm.SHA256, keys.get(0));
System.out.println("Signature value : " + Utils.toBase64(signatureValue.getValue()));
}
// end::demo[]
}
Example #28
| Source File: Pkcs11SignatureToken.java From dss with GNU Lesser General Public License v2.1 | 4 votes |
|
@Override
PasswordProtection getKeyProtectionParameter() {
return null;
}
Example #29
| Source File: KeyStoreSignatureTokenConnection.java From dss with GNU Lesser General Public License v2.1 | 3 votes |
|
/**
* Construct a KeyStoreSignatureTokenConnection object.
* Please note that the keystore password will also be used to retrieve the private key.
* For each keystore entry (identifiable by alias) the same private key password will be used.
*
* If you want to specify a separate private key password use the {@link #getKey(String, PasswordProtection)}
* method.
*
* @param ksStream
* the inputstream which contains the keystore
* @param ksType
* the keystore type
* @param password
* the keystore password
*/
public KeyStoreSignatureTokenConnection(InputStream ksStream, String ksType, PasswordProtection password) {
try (InputStream is = ksStream) {
this.keyStore = KeyStore.getInstance(ksType);
this.password = password;
this.keyStore.load(is, password.getPassword());
} catch (Exception e) {
throw new DSSException("Unable to instantiate KeyStoreSignatureTokenConnection", e);
}
}
Example #30
| Source File: JKSSignatureToken.java From dss with GNU Lesser General Public License v2.1 | 2 votes |
|
/**
* Creates a SignatureTokenConnection with the provided binaries to Java KeyStore and password.
*
* @param ksBytes
* the binaries
* @param password
* the keystore password
*/
public JKSSignatureToken(byte[] ksBytes, PasswordProtection password) {
super(ksBytes, KS_TYPE, password);
}
