Java Code Examples for java.security.KeyStore#SecretKeyEntry

The following examples show how to use java.security.KeyStore#SecretKeyEntry . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: Bytecoder   File: PKCS12KeyStore.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Determines if the keystore {@code Entry} for the specified
 * {@code alias} is an instance or subclass of the specified
 * {@code entryClass}.
 *
 * @param alias the alias name
 * @param entryClass the entry class
 *
 * @return true if the keystore {@code Entry} for the specified
 *          {@code alias} is an instance or subclass of the
 *          specified {@code entryClass}, false otherwise
 *
 * @since 1.5
 */
@Override
public boolean
    engineEntryInstanceOf(String alias,
                          Class<? extends KeyStore.Entry> entryClass)
{
    if (entryClass == KeyStore.TrustedCertificateEntry.class) {
        return engineIsCertificateEntry(alias);
    }

    Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
    if (entryClass == KeyStore.PrivateKeyEntry.class) {
        return (entry != null && entry instanceof PrivateKeyEntry);
    }
    if (entryClass == KeyStore.SecretKeyEntry.class) {
        return (entry != null && entry instanceof SecretKeyEntry);
    }
    return false;
}
 
Example 2
/**
 * Determines if the keystore {@code Entry} for the specified
 * {@code alias} is an instance or subclass of the specified
 * {@code entryClass}.
 *
 * @param alias the alias name
 * @param entryClass the entry class
 *
 * @return true if the keystore {@code Entry} for the specified
 *          {@code alias} is an instance or subclass of the
 *          specified {@code entryClass}, false otherwise
 *
 * @since 1.5
 */
@Override
public boolean
    engineEntryInstanceOf(String alias,
                          Class<? extends KeyStore.Entry> entryClass)
{
    if (entryClass == KeyStore.TrustedCertificateEntry.class) {
        return engineIsCertificateEntry(alias);
    }

    Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
    if (entryClass == KeyStore.PrivateKeyEntry.class) {
        return (entry != null && entry instanceof PrivateKeyEntry);
    }
    if (entryClass == KeyStore.SecretKeyEntry.class) {
        return (entry != null && entry instanceof SecretKeyEntry);
    }
    return false;
}
 
Example 3
Source Project: j2objc   File: KeyStoreSpi.java    License: Apache License 2.0 6 votes vote down vote up
/**
 * Determines if the keystore {@code Entry} for the specified
 * {@code alias} is an instance or subclass of the specified
 * {@code entryClass}.
 *
 * @param alias the alias name
 * @param entryClass the entry class
 *
 * @return true if the keystore {@code Entry} for the specified
 *          {@code alias} is an instance or subclass of the
 *          specified {@code entryClass}, false otherwise
 *
 * @since 1.5
 */
public boolean
    engineEntryInstanceOf(String alias,
                          Class<? extends KeyStore.Entry> entryClass)
{
    if (entryClass == KeyStore.TrustedCertificateEntry.class) {
        return engineIsCertificateEntry(alias);
    }
    if (entryClass == KeyStore.PrivateKeyEntry.class) {
        return engineIsKeyEntry(alias) &&
                    engineGetCertificate(alias) != null;
    }
    if (entryClass == KeyStore.SecretKeyEntry.class) {
        return engineIsKeyEntry(alias) &&
                    engineGetCertificate(alias) == null;
    }
    return false;
}
 
Example 4
Source Project: tutorials   File: JavaKeyStoreUnitTest.java    License: MIT License 6 votes vote down vote up
@Test
public void givenLoadedKeyStoreWithOneEntry_whenDeleteEntry_thenKeyStoreSizeIsZero() throws Exception {
    keyStore.createEmptyKeyStore();
    keyStore.loadKeyStore();

    KeyGenerator keygen = KeyGenerator.getInstance("HmacSHA256");
    SecretKey secretKey = keygen.generateKey();
    //ideally, password should be different for every key
    KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(KEYSTORE_PWD.toCharArray());
    KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(secretKey);
    keyStore.setEntry(MY_SECRET_ENTRY, secretKeyEntry, protParam);

    keyStore.deleteEntry(MY_SECRET_ENTRY);

    KeyStore result = this.keyStore.getKeyStore();
    Assert.assertTrue(result.size() == 0);
}
 
Example 5
private static String decrypt(String encryptedString) {
    String data = null;
    try {
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        final KeyStore.SecretKeyEntry keyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry("Empire", null);
        final SecretKey secretKey = keyEntry.getSecretKey();

        final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        byte[] bytes = Base64.decode(encryptedString, Base64.DEFAULT);
        byte[] iv = new byte[12];
        System.arraycopy(bytes, 0, iv, 0, 12);
        final GCMParameterSpec spec = new GCMParameterSpec(128, iv);
        cipher.init(Cipher.DECRYPT_MODE, secretKey, spec);
        data = new String(cipher.doFinal(bytes, 12, bytes.length-12));
    } catch (Exception e) {
        System.out.println(e);
    }
    return data;
}
 
Example 6
private void run(String keystoreType) throws Exception {
    char[] pw = "password".toCharArray();
    KeyStore ks = KeyStore.getInstance(keystoreType);
    ks.load(null, pw);

    KeyGenerator kg = KeyGenerator.getInstance("AES");
    kg.init(128);
    SecretKey key = kg.generateKey();

    KeyStore.SecretKeyEntry ske = new KeyStore.SecretKeyEntry(key);
    KeyStore.ProtectionParameter kspp = new KeyStore.PasswordProtection(pw);
    ks.setEntry(ALIAS, ske, kspp);

    File ksFile = File.createTempFile("test", ".test");
    try (FileOutputStream fos = new FileOutputStream(ksFile)) {
        ks.store(fos, pw);
        fos.flush();
    }

    // now see if we can get it back
    try (FileInputStream fis = new FileInputStream(ksFile)) {
        KeyStore ks2 = KeyStore.getInstance(keystoreType);
        ks2.load(fis, pw);
        KeyStore.Entry entry = ks2.getEntry(ALIAS, kspp);
        SecretKey keyIn = ((KeyStore.SecretKeyEntry)entry).getSecretKey();
        if (Arrays.equals(key.getEncoded(), keyIn.getEncoded())) {
            System.err.println("OK: worked just fine with " + keystoreType +
                               " keystore");
        } else {
            System.err.println("ERROR: keys are NOT equal after storing in "
                               + keystoreType + " keystore");
        }
    }
}
 
Example 7
Source Project: phoebus   File: SecureStore.java    License: Eclipse Public License 1.0 5 votes vote down vote up
/** Read an entry from the store
 *  @param tag Tag that identifies the entry
 *  @return Stored text or <code>null</code>
 *  @throws Exception on error
 */
public String get(final String tag) throws Exception
{
    final KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry) store.getEntry(tag, pp);
    if (entry == null)
        return null;

    final PBEKeySpec key = (PBEKeySpec) kf.getKeySpec(entry.getSecretKey(), PBEKeySpec.class);
    return new String(key.getPassword());
}
 
Example 8
Source Project: robozonky   File: KeyStoreHandler.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Retrieve a previously stored key.
 * 
 * @param alias The alias under which the key will be looked up.
 * @return Present if the alias is present in the key store.
 */
public Optional<char[]> get(final String alias) {
    try {
        var skEntry = (KeyStore.SecretKeyEntry) this.keyStore.getEntry(alias, this.protectionParameter);
        if (skEntry == null) {
            return Optional.empty();
        }
        var keySpec = (PBEKeySpec) this.keyFactory.getKeySpec(skEntry.getSecretKey(), PBEKeySpec.class);
        return Optional.of(keySpec.getPassword());
    } catch (Exception ex) {
        LOGGER.debug("Unrecoverable entry '{}'.", alias, ex);
        return Optional.empty();
    }
}
 
Example 9
Source Project: j2objc   File: KSSecretKeyEntryTest.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Test for
 * <code>SecretKeyEntry(SecretKey secretKey, Set<Attribute> attribute)</code>
 * constructor
 * Assertion: throws NullPointerException when attributes is null
 */
public void testSecretKeyEntry_nullAttributes() {
    SecretKey sk = new tmpSecretKey();
    try {
        new KeyStore.SecretKeyEntry(sk, null /* attributes */);
        fail("NullPointerException must be thrown when attributes is null");
    } catch(NullPointerException expected) {
    }
}
 
Example 10
/**
 * Gets a <code>KeyStore.Entry</code> for the specified alias
 * with the specified protection parameter.
 *
 * @param alias get the <code>KeyStore.Entry</code> for this alias
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @return the <code>KeyStore.Entry</code> for the specified alias,
 *          or <code>null</code> if there is no such entry
 *
 * @exception KeyStoreException if the operation failed
 * @exception NoSuchAlgorithmException if the algorithm for recovering the
 *          entry cannot be found
 * @exception UnrecoverableEntryException if the specified
 *          <code>protParam</code> were insufficient or invalid
 * @exception UnrecoverableKeyException if the entry is a
 *          <code>PrivateKeyEntry</code> or <code>SecretKeyEntry</code>
 *          and the specified <code>protParam</code> does not contain
 *          the information needed to recover the key (e.g. wrong password)
 *
 * @since 1.5
 */
@Override
public KeyStore.Entry engineGetEntry(String alias,
                    KeyStore.ProtectionParameter protParam)
            throws KeyStoreException, NoSuchAlgorithmException,
            UnrecoverableEntryException {

    if (!engineContainsAlias(alias)) {
        return null;
    }

    Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
    if (protParam == null) {
        if (engineIsCertificateEntry(alias)) {
            if (entry instanceof CertEntry &&
                ((CertEntry) entry).trustedKeyUsage != null) {

                if (debug != null) {
                    debug.println("Retrieved a trusted certificate at " +
                        "alias '" + alias + "'");
                }

                return new KeyStore.TrustedCertificateEntry(
                    ((CertEntry)entry).cert, getAttributes(entry));
            }
        } else {
            throw new UnrecoverableKeyException
                    ("requested entry requires a password");
        }
    }

    if (protParam instanceof KeyStore.PasswordProtection) {
        if (engineIsCertificateEntry(alias)) {
            throw new UnsupportedOperationException
                ("trusted certificate entries are not password-protected");
        } else if (engineIsKeyEntry(alias)) {
            KeyStore.PasswordProtection pp =
                    (KeyStore.PasswordProtection)protParam;
            char[] password = pp.getPassword();

            Key key = engineGetKey(alias, password);
            if (key instanceof PrivateKey) {
                Certificate[] chain = engineGetCertificateChain(alias);

                return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain,
                    getAttributes(entry));

            } else if (key instanceof SecretKey) {

                return new KeyStore.SecretKeyEntry((SecretKey)key,
                    getAttributes(entry));
            }
        } else if (!engineIsKeyEntry(alias)) {
            throw new UnsupportedOperationException
                ("untrusted certificate entries are not " +
                    "password-protected");
        }
    }

    throw new UnsupportedOperationException();
}
 
Example 11
/**
 * Saves a <code>KeyStore.Entry</code> under the specified alias.
 * The specified protection parameter is used to protect the
 * <code>Entry</code>.
 *
 * <p> If an entry already exists for the specified alias,
 * it is overridden.
 *
 * @param alias save the <code>KeyStore.Entry</code> under this alias
 * @param entry the <code>Entry</code> to save
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @exception KeyStoreException if this operation fails
 *
 * @since 1.5
 */
@Override
public synchronized void engineSetEntry(String alias, KeyStore.Entry entry,
    KeyStore.ProtectionParameter protParam) throws KeyStoreException {

    // get password
    if (protParam != null &&
        !(protParam instanceof KeyStore.PasswordProtection)) {
        throw new KeyStoreException("unsupported protection parameter");
    }
    KeyStore.PasswordProtection pProtect = null;
    if (protParam != null) {
        pProtect = (KeyStore.PasswordProtection)protParam;
    }

    // set entry
    if (entry instanceof KeyStore.TrustedCertificateEntry) {
        if (protParam != null && pProtect.getPassword() != null) {
            // pre-1.5 style setCertificateEntry did not allow password
            throw new KeyStoreException
                ("trusted certificate entries are not password-protected");
        } else {
            KeyStore.TrustedCertificateEntry tce =
                    (KeyStore.TrustedCertificateEntry)entry;
            setCertEntry(alias, tce.getTrustedCertificate(),
                tce.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.PrivateKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create PrivateKeyEntry");
        } else {
            KeyStore.PrivateKeyEntry pke = (KeyStore.PrivateKeyEntry)entry;
            setKeyEntry(alias, pke.getPrivateKey(), pProtect,
                pke.getCertificateChain(), pke.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.SecretKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create SecretKeyEntry");
        } else {
            KeyStore.SecretKeyEntry ske = (KeyStore.SecretKeyEntry)entry;
            setKeyEntry(alias, ske.getSecretKey(), pProtect,
                (Certificate[])null, ske.getAttributes());

            return;
        }
    }

    throw new KeyStoreException
            ("unsupported entry type: " + entry.getClass().getName());
}
 
Example 12
/**
 * Saves a <code>KeyStore.Entry</code> under the specified alias.
 * The specified protection parameter is used to protect the
 * <code>Entry</code>.
 *
 * <p> If an entry already exists for the specified alias,
 * it is overridden.
 *
 * @param alias save the <code>KeyStore.Entry</code> under this alias
 * @param entry the <code>Entry</code> to save
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @exception KeyStoreException if this operation fails
 *
 * @since 1.5
 */
@Override
public synchronized void engineSetEntry(String alias, KeyStore.Entry entry,
    KeyStore.ProtectionParameter protParam) throws KeyStoreException {

    // get password
    if (protParam != null &&
        !(protParam instanceof KeyStore.PasswordProtection)) {
        throw new KeyStoreException("unsupported protection parameter");
    }
    KeyStore.PasswordProtection pProtect = null;
    if (protParam != null) {
        pProtect = (KeyStore.PasswordProtection)protParam;
    }

    // set entry
    if (entry instanceof KeyStore.TrustedCertificateEntry) {
        if (protParam != null && pProtect.getPassword() != null) {
            // pre-1.5 style setCertificateEntry did not allow password
            throw new KeyStoreException
                ("trusted certificate entries are not password-protected");
        } else {
            KeyStore.TrustedCertificateEntry tce =
                    (KeyStore.TrustedCertificateEntry)entry;
            setCertEntry(alias, tce.getTrustedCertificate(),
                tce.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.PrivateKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create PrivateKeyEntry");
        } else {
            KeyStore.PrivateKeyEntry pke = (KeyStore.PrivateKeyEntry)entry;
            setKeyEntry(alias, pke.getPrivateKey(), pProtect,
                pke.getCertificateChain(), pke.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.SecretKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create SecretKeyEntry");
        } else {
            KeyStore.SecretKeyEntry ske = (KeyStore.SecretKeyEntry)entry;
            setKeyEntry(alias, ske.getSecretKey(), pProtect,
                (Certificate[])null, ske.getAttributes());

            return;
        }
    }

    throw new KeyStoreException
            ("unsupported entry type: " + entry.getClass().getName());
}
 
Example 13
/**
 * Saves a <code>KeyStore.Entry</code> under the specified alias.
 * The specified protection parameter is used to protect the
 * <code>Entry</code>.
 *
 * <p> If an entry already exists for the specified alias,
 * it is overridden.
 *
 * @param alias save the <code>KeyStore.Entry</code> under this alias
 * @param entry the <code>Entry</code> to save
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @exception KeyStoreException if this operation fails
 *
 * @since 1.5
 */
@Override
public synchronized void engineSetEntry(String alias, KeyStore.Entry entry,
    KeyStore.ProtectionParameter protParam) throws KeyStoreException {

    // get password
    if (protParam != null &&
        !(protParam instanceof KeyStore.PasswordProtection)) {
        throw new KeyStoreException("unsupported protection parameter");
    }
    KeyStore.PasswordProtection pProtect = null;
    if (protParam != null) {
        pProtect = (KeyStore.PasswordProtection)protParam;
    }

    // set entry
    if (entry instanceof KeyStore.TrustedCertificateEntry) {
        if (protParam != null && pProtect.getPassword() != null) {
            // pre-1.5 style setCertificateEntry did not allow password
            throw new KeyStoreException
                ("trusted certificate entries are not password-protected");
        } else {
            KeyStore.TrustedCertificateEntry tce =
                    (KeyStore.TrustedCertificateEntry)entry;
            setCertEntry(alias, tce.getTrustedCertificate(),
                tce.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.PrivateKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create PrivateKeyEntry");
        } else {
            KeyStore.PrivateKeyEntry pke = (KeyStore.PrivateKeyEntry)entry;
            setKeyEntry(alias, pke.getPrivateKey(), pProtect,
                pke.getCertificateChain(), pke.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.SecretKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create SecretKeyEntry");
        } else {
            KeyStore.SecretKeyEntry ske = (KeyStore.SecretKeyEntry)entry;
            setKeyEntry(alias, ske.getSecretKey(), pProtect,
                (Certificate[])null, ske.getAttributes());

            return;
        }
    }

    throw new KeyStoreException
            ("unsupported entry type: " + entry.getClass().getName());
}
 
Example 14
/**
 * Saves a <code>KeyStore.Entry</code> under the specified alias.
 * The specified protection parameter is used to protect the
 * <code>Entry</code>.
 *
 * <p> If an entry already exists for the specified alias,
 * it is overridden.
 *
 * @param alias save the <code>KeyStore.Entry</code> under this alias
 * @param entry the <code>Entry</code> to save
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @exception KeyStoreException if this operation fails
 *
 * @since 1.5
 */
@Override
public synchronized void engineSetEntry(String alias, KeyStore.Entry entry,
    KeyStore.ProtectionParameter protParam) throws KeyStoreException {

    // get password
    if (protParam != null &&
        !(protParam instanceof KeyStore.PasswordProtection)) {
        throw new KeyStoreException("unsupported protection parameter");
    }
    KeyStore.PasswordProtection pProtect = null;
    if (protParam != null) {
        pProtect = (KeyStore.PasswordProtection)protParam;
    }

    // set entry
    if (entry instanceof KeyStore.TrustedCertificateEntry) {
        if (protParam != null && pProtect.getPassword() != null) {
            // pre-1.5 style setCertificateEntry did not allow password
            throw new KeyStoreException
                ("trusted certificate entries are not password-protected");
        } else {
            KeyStore.TrustedCertificateEntry tce =
                    (KeyStore.TrustedCertificateEntry)entry;
            setCertEntry(alias, tce.getTrustedCertificate(),
                tce.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.PrivateKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create PrivateKeyEntry");
        } else {
            KeyStore.PrivateKeyEntry pke = (KeyStore.PrivateKeyEntry)entry;
            setKeyEntry(alias, pke.getPrivateKey(), pProtect,
                pke.getCertificateChain(), pke.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.SecretKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create SecretKeyEntry");
        } else {
            KeyStore.SecretKeyEntry ske = (KeyStore.SecretKeyEntry)entry;
            setKeyEntry(alias, ske.getSecretKey(), pProtect,
                (Certificate[])null, ske.getAttributes());

            return;
        }
    }

    throw new KeyStoreException
            ("unsupported entry type: " + entry.getClass().getName());
}
 
Example 15
Source Project: Bytecoder   File: PKCS12KeyStore.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Gets a <code>KeyStore.Entry</code> for the specified alias
 * with the specified protection parameter.
 *
 * @param alias get the <code>KeyStore.Entry</code> for this alias
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @return the <code>KeyStore.Entry</code> for the specified alias,
 *          or <code>null</code> if there is no such entry
 *
 * @exception KeyStoreException if the operation failed
 * @exception NoSuchAlgorithmException if the algorithm for recovering the
 *          entry cannot be found
 * @exception UnrecoverableEntryException if the specified
 *          <code>protParam</code> were insufficient or invalid
 * @exception UnrecoverableKeyException if the entry is a
 *          <code>PrivateKeyEntry</code> or <code>SecretKeyEntry</code>
 *          and the specified <code>protParam</code> does not contain
 *          the information needed to recover the key (e.g. wrong password)
 *
 * @since 1.5
 */
@Override
public KeyStore.Entry engineGetEntry(String alias,
                    KeyStore.ProtectionParameter protParam)
            throws KeyStoreException, NoSuchAlgorithmException,
            UnrecoverableEntryException {

    if (!engineContainsAlias(alias)) {
        return null;
    }

    Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
    if (protParam == null) {
        if (engineIsCertificateEntry(alias)) {
            if (entry instanceof CertEntry &&
                ((CertEntry) entry).trustedKeyUsage != null) {

                if (debug != null) {
                    debug.println("Retrieved a trusted certificate at " +
                        "alias '" + alias + "'");
                }

                return new KeyStore.TrustedCertificateEntry(
                    ((CertEntry)entry).cert, getAttributes(entry));
            }
        } else {
            throw new UnrecoverableKeyException
                    ("requested entry requires a password");
        }
    }

    if (protParam instanceof KeyStore.PasswordProtection) {
        if (engineIsCertificateEntry(alias)) {
            throw new UnsupportedOperationException
                ("trusted certificate entries are not password-protected");
        } else if (engineIsKeyEntry(alias)) {
            KeyStore.PasswordProtection pp =
                    (KeyStore.PasswordProtection)protParam;
            char[] password = pp.getPassword();

            Key key = engineGetKey(alias, password);
            if (key instanceof PrivateKey) {
                Certificate[] chain = engineGetCertificateChain(alias);

                return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain,
                    getAttributes(entry));

            } else if (key instanceof SecretKey) {

                return new KeyStore.SecretKeyEntry((SecretKey)key,
                    getAttributes(entry));
            }
        } else if (!engineIsKeyEntry(alias)) {
            throw new UnsupportedOperationException
                ("untrusted certificate entries are not " +
                    "password-protected");
        }
    }

    throw new UnsupportedOperationException();
}
 
Example 16
/**
 * Gets a <code>KeyStore.Entry</code> for the specified alias
 * with the specified protection parameter.
 *
 * @param alias get the <code>KeyStore.Entry</code> for this alias
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @return the <code>KeyStore.Entry</code> for the specified alias,
 *          or <code>null</code> if there is no such entry
 *
 * @exception KeyStoreException if the operation failed
 * @exception NoSuchAlgorithmException if the algorithm for recovering the
 *          entry cannot be found
 * @exception UnrecoverableEntryException if the specified
 *          <code>protParam</code> were insufficient or invalid
 * @exception UnrecoverableKeyException if the entry is a
 *          <code>PrivateKeyEntry</code> or <code>SecretKeyEntry</code>
 *          and the specified <code>protParam</code> does not contain
 *          the information needed to recover the key (e.g. wrong password)
 *
 * @since 1.5
 */
@Override
public KeyStore.Entry engineGetEntry(String alias,
                    KeyStore.ProtectionParameter protParam)
            throws KeyStoreException, NoSuchAlgorithmException,
            UnrecoverableEntryException {

    if (!engineContainsAlias(alias)) {
        return null;
    }

    Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
    if (protParam == null) {
        if (engineIsCertificateEntry(alias)) {
            if (entry instanceof CertEntry &&
                ((CertEntry) entry).trustedKeyUsage != null) {

                if (debug != null) {
                    debug.println("Retrieved a trusted certificate at " +
                        "alias '" + alias + "'");
                }

                return new KeyStore.TrustedCertificateEntry(
                    ((CertEntry)entry).cert, getAttributes(entry));
            }
        } else {
            throw new UnrecoverableKeyException
                    ("requested entry requires a password");
        }
    }

    if (protParam instanceof KeyStore.PasswordProtection) {
        if (engineIsCertificateEntry(alias)) {
            throw new UnsupportedOperationException
                ("trusted certificate entries are not password-protected");
        } else if (engineIsKeyEntry(alias)) {
            KeyStore.PasswordProtection pp =
                    (KeyStore.PasswordProtection)protParam;
            char[] password = pp.getPassword();

            Key key = engineGetKey(alias, password);
            if (key instanceof PrivateKey) {
                Certificate[] chain = engineGetCertificateChain(alias);

                return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain,
                    getAttributes(entry));

            } else if (key instanceof SecretKey) {

                return new KeyStore.SecretKeyEntry((SecretKey)key,
                    getAttributes(entry));
            }
        } else if (!engineIsKeyEntry(alias)) {
            throw new UnsupportedOperationException
                ("untrusted certificate entries are not " +
                    "password-protected");
        }
    }

    throw new UnsupportedOperationException();
}
 
Example 17
Source Project: opensoc-streaming   File: AuthToken.java    License: Apache License 2.0 4 votes vote down vote up
public static void main( String[] args ) throws Exception
{
	
   	Options options = new Options();
   	
   	options.addOption( "keystoreFile", true, "Keystore File" );
   	options.addOption( "keystorePassword", true, "Keystore Password" );
   	options.addOption( "authTokenAlias", true, "");
   	
   	CommandLineParser parser = new GnuParser();
   	CommandLine cmd = parser.parse( options, args);
	
	
	try
	{
		KeyStore ks = KeyStore.getInstance("JCEKS");

		String keystorePassword = cmd.getOptionValue("keystorePassword");
		String keystoreFile = cmd.getOptionValue("keystoreFile");
		String authTokenAlias = cmd.getOptionValue("authTokenAlias");

		ks.load(null, keystorePassword.toCharArray());

		
		// generate a key and store it in the keystore...
		KeyGenerator keyGen = KeyGenerator.getInstance("AES");
		SecretKey key = keyGen.generateKey();
		
		KeyStore.ProtectionParameter protParam =
		        new KeyStore.PasswordProtection(keystorePassword.toCharArray());
		
		
		KeyStore.SecretKeyEntry skEntry =
		        new KeyStore.SecretKeyEntry(key);
		
		ks.setEntry(authTokenAlias, skEntry, protParam);
		
		java.io.FileOutputStream fos = null;
	    try {
	        
	    	fos = new java.io.FileOutputStream(keystoreFile);
	        ks.store(fos, keystorePassword.toCharArray());
	    } 
	    finally {
	        
	    	if (fos != null) {
	            fos.close();
	        }
	    }
		
	    
	    System.out.println( "done" );
	    
	}
	catch( Exception e )
	{
		e.printStackTrace();
	}
}
 
Example 18
/**
 * Gets a <code>KeyStore.Entry</code> for the specified alias
 * with the specified protection parameter.
 *
 * @param alias get the <code>KeyStore.Entry</code> for this alias
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @return the <code>KeyStore.Entry</code> for the specified alias,
 *          or <code>null</code> if there is no such entry
 *
 * @exception KeyStoreException if the operation failed
 * @exception NoSuchAlgorithmException if the algorithm for recovering the
 *          entry cannot be found
 * @exception UnrecoverableEntryException if the specified
 *          <code>protParam</code> were insufficient or invalid
 * @exception UnrecoverableKeyException if the entry is a
 *          <code>PrivateKeyEntry</code> or <code>SecretKeyEntry</code>
 *          and the specified <code>protParam</code> does not contain
 *          the information needed to recover the key (e.g. wrong password)
 *
 * @since 1.5
 */
@Override
public KeyStore.Entry engineGetEntry(String alias,
                    KeyStore.ProtectionParameter protParam)
            throws KeyStoreException, NoSuchAlgorithmException,
            UnrecoverableEntryException {

    if (!engineContainsAlias(alias)) {
        return null;
    }

    Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
    if (protParam == null) {
        if (engineIsCertificateEntry(alias)) {
            if (entry instanceof CertEntry &&
                ((CertEntry) entry).trustedKeyUsage != null) {

                if (debug != null) {
                    debug.println("Retrieved a trusted certificate at " +
                        "alias '" + alias + "'");
                }

                return new KeyStore.TrustedCertificateEntry(
                    ((CertEntry)entry).cert, getAttributes(entry));
            }
        } else {
            throw new UnrecoverableKeyException
                    ("requested entry requires a password");
        }
    }

    if (protParam instanceof KeyStore.PasswordProtection) {
        if (engineIsCertificateEntry(alias)) {
            throw new UnsupportedOperationException
                ("trusted certificate entries are not password-protected");
        } else if (engineIsKeyEntry(alias)) {
            KeyStore.PasswordProtection pp =
                    (KeyStore.PasswordProtection)protParam;
            char[] password = pp.getPassword();

            Key key = engineGetKey(alias, password);
            if (key instanceof PrivateKey) {
                Certificate[] chain = engineGetCertificateChain(alias);

                return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain,
                    getAttributes(entry));

            } else if (key instanceof SecretKey) {

                return new KeyStore.SecretKeyEntry((SecretKey)key,
                    getAttributes(entry));
            }
        } else if (!engineIsKeyEntry(alias)) {
            throw new UnsupportedOperationException
                ("untrusted certificate entries are not " +
                    "password-protected");
        }
    }

    throw new UnsupportedOperationException();
}
 
Example 19
/**
 * Gets a <code>KeyStore.Entry</code> for the specified alias
 * with the specified protection parameter.
 *
 * @param alias get the <code>KeyStore.Entry</code> for this alias
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @return the <code>KeyStore.Entry</code> for the specified alias,
 *          or <code>null</code> if there is no such entry
 *
 * @exception KeyStoreException if the operation failed
 * @exception NoSuchAlgorithmException if the algorithm for recovering the
 *          entry cannot be found
 * @exception UnrecoverableEntryException if the specified
 *          <code>protParam</code> were insufficient or invalid
 * @exception UnrecoverableKeyException if the entry is a
 *          <code>PrivateKeyEntry</code> or <code>SecretKeyEntry</code>
 *          and the specified <code>protParam</code> does not contain
 *          the information needed to recover the key (e.g. wrong password)
 *
 * @since 1.5
 */
@Override
public KeyStore.Entry engineGetEntry(String alias,
                    KeyStore.ProtectionParameter protParam)
            throws KeyStoreException, NoSuchAlgorithmException,
            UnrecoverableEntryException {

    if (!engineContainsAlias(alias)) {
        return null;
    }

    Entry entry = entries.get(alias.toLowerCase(Locale.ENGLISH));
    if (protParam == null) {
        if (engineIsCertificateEntry(alias)) {
            if (entry instanceof CertEntry &&
                ((CertEntry) entry).trustedKeyUsage != null) {

                if (debug != null) {
                    debug.println("Retrieved a trusted certificate at " +
                        "alias '" + alias + "'");
                }

                return new KeyStore.TrustedCertificateEntry(
                    ((CertEntry)entry).cert, getAttributes(entry));
            }
        } else {
            throw new UnrecoverableKeyException
                    ("requested entry requires a password");
        }
    }

    if (protParam instanceof KeyStore.PasswordProtection) {
        if (engineIsCertificateEntry(alias)) {
            throw new UnsupportedOperationException
                ("trusted certificate entries are not password-protected");
        } else if (engineIsKeyEntry(alias)) {
            KeyStore.PasswordProtection pp =
                    (KeyStore.PasswordProtection)protParam;
            char[] password = pp.getPassword();

            Key key = engineGetKey(alias, password);
            if (key instanceof PrivateKey) {
                Certificate[] chain = engineGetCertificateChain(alias);

                return new KeyStore.PrivateKeyEntry((PrivateKey)key, chain,
                    getAttributes(entry));

            } else if (key instanceof SecretKey) {

                return new KeyStore.SecretKeyEntry((SecretKey)key,
                    getAttributes(entry));
            }
        } else if (!engineIsKeyEntry(alias)) {
            throw new UnsupportedOperationException
                ("untrusted certificate entries are not " +
                    "password-protected");
        }
    }

    throw new UnsupportedOperationException();
}
 
Example 20
/**
 * Saves a <code>KeyStore.Entry</code> under the specified alias.
 * The specified protection parameter is used to protect the
 * <code>Entry</code>.
 *
 * <p> If an entry already exists for the specified alias,
 * it is overridden.
 *
 * @param alias save the <code>KeyStore.Entry</code> under this alias
 * @param entry the <code>Entry</code> to save
 * @param protParam the <code>ProtectionParameter</code>
 *          used to protect the <code>Entry</code>,
 *          which may be <code>null</code>
 *
 * @exception KeyStoreException if this operation fails
 *
 * @since 1.5
 */
@Override
public synchronized void engineSetEntry(String alias, KeyStore.Entry entry,
    KeyStore.ProtectionParameter protParam) throws KeyStoreException {

    // get password
    if (protParam != null &&
        !(protParam instanceof KeyStore.PasswordProtection)) {
        throw new KeyStoreException("unsupported protection parameter");
    }
    KeyStore.PasswordProtection pProtect = null;
    if (protParam != null) {
        pProtect = (KeyStore.PasswordProtection)protParam;
    }

    // set entry
    if (entry instanceof KeyStore.TrustedCertificateEntry) {
        if (protParam != null && pProtect.getPassword() != null) {
            // pre-1.5 style setCertificateEntry did not allow password
            throw new KeyStoreException
                ("trusted certificate entries are not password-protected");
        } else {
            KeyStore.TrustedCertificateEntry tce =
                    (KeyStore.TrustedCertificateEntry)entry;
            setCertEntry(alias, tce.getTrustedCertificate(),
                tce.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.PrivateKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create PrivateKeyEntry");
        } else {
            KeyStore.PrivateKeyEntry pke = (KeyStore.PrivateKeyEntry)entry;
            setKeyEntry(alias, pke.getPrivateKey(), pProtect,
                pke.getCertificateChain(), pke.getAttributes());

            return;
        }
    } else if (entry instanceof KeyStore.SecretKeyEntry) {
        if (pProtect == null || pProtect.getPassword() == null) {
            // pre-1.5 style setKeyEntry required password
            throw new KeyStoreException
                ("non-null password required to create SecretKeyEntry");
        } else {
            KeyStore.SecretKeyEntry ske = (KeyStore.SecretKeyEntry)entry;
            setKeyEntry(alias, ske.getSecretKey(), pProtect,
                (Certificate[])null, ske.getAttributes());

            return;
        }
    }

    throw new KeyStoreException
            ("unsupported entry type: " + entry.getClass().getName());
}