Java Code Examples for java.security.KeyStore#getCertificateChain()

The following examples show how to use java.security.KeyStore#getCertificateChain() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source Project: athenz   File: KeyStoreTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testCreateKeyStoreFromPems() throws Exception {
    String athenzPublicCertPem = Resources.toString(
            Resources.getResource("rsa_public_x510_w_intermediate.cert"), StandardCharsets.UTF_8);
    String athenzPrivateKeyPem = Resources.toString(
            Resources.getResource("unit_test_rsa_private.key"), StandardCharsets.UTF_8);
    KeyStore keyStore = Utils.createKeyStoreFromPems(athenzPublicCertPem, athenzPrivateKeyPem);
    assertNotNull(keyStore);
    String alias = null;
    for (Enumeration<?> e = keyStore.aliases(); e.hasMoreElements(); ) {
        alias = (String) e.nextElement();
        assertEquals(ALIAS_NAME, alias);
    }

    X509Certificate[] chain = (X509Certificate[]) keyStore.getCertificateChain(alias);
    assertNotNull(chain);
    assertTrue(chain.length == 2);
}
 
Example 2
Source Project: zeppelin   File: PEMImporterTest.java    License: Apache License 2.0 6 votes vote down vote up
@Test
public void testCertKeyAndChain() throws Exception {
    KeyStore truststore = PEMImporter.loadTrustStore(rootCACert);
    KeyStore keystore = PEMImporter.loadKeyStore(pemCert, pemkey, "");
    assertEquals(1, keystore.size());
    assertTrue(keystore.containsAlias("key"));
    assertEquals(1, keystore.getCertificateChain("key").length);
    assertEquals(1, truststore.size());
    Certificate[] certs = keystore.getCertificateChain("key");

    PublicKey publicKey = certs[0].getPublicKey();
    PrivateKey privateKey = (PrivateKey) keystore.getKey("key", "".toCharArray());
    assertTrue(verifyPubAndPrivKey(publicKey, privateKey));

    X509Certificate ca = (X509Certificate) truststore.getCertificate("cn=localhost");
    X509Certificate cert = (X509Certificate) keystore.getCertificate("key");
    assertTrue(verifyChain(cert, ca));
}
 
Example 3
private SigningCredential retrieveSigningCredential(String alias, KeyStore keyStore) {
   try {
      Certificate[] c = keyStore.getCertificateChain(alias);
      if (ArrayUtils.isEmpty(c)) {
         throw new IllegalArgumentException("The KeyStore doesn't contain the required key with alias [" + alias + "]");
      } else {
         X509Certificate[] certificateChain = (X509Certificate[])Arrays.copyOf(c, c.length, X509Certificate[].class);
         PrivateKey privateKey = (PrivateKey)keyStore.getKey(alias, (char[])null);
         return SigningCredential.create(privateKey, Iterables.newList(certificateChain));
      }
   } catch (KeyStoreException var6) {
      throw new IllegalArgumentException("Given keystore hasn't been initialized", var6);
   } catch (NoSuchAlgorithmException var7) {
      throw new IllegalStateException("There is a problem with the Security configuration... Check if all the required security providers are correctly registered", var7);
   } catch (UnrecoverableKeyException var8) {
      throw new IllegalStateException("The private key with alias [" + alias + "] could not be recovered from the given keystore", var8);
   }
}
 
Example 4
private ApkSigner.SignerConfig loadKeyStore(String keyStoreType, String keyStorePassword) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
  KeyStore keyStoreEntity = KeyStore.getInstance(keyStoreType == null ? KeyStore.getDefaultType() : keyStoreType);
  char[]   password       = getPassword(keyStorePassword);
  keyStoreEntity.load(null, password);

  Enumeration<String> aliases  = keyStoreEntity.aliases();
  String              keyAlias = null;

  while (aliases != null && aliases.hasMoreElements()) {
    String alias = aliases.nextElement();
    if (keyStoreEntity.isKeyEntry(alias)) {
      keyAlias = alias;
      break;
    }
  }

  if (keyAlias == null) {
    throw new IllegalArgumentException("Keystore has no key entries!");
  }

  PrivateKey    privateKey   = (PrivateKey) keyStoreEntity.getKey(keyAlias, password);
  Certificate[] certificates = keyStoreEntity.getCertificateChain(keyAlias);

  if (certificates == null || certificates.length == 0) {
    throw new IllegalArgumentException("Unable to load certificates!");
  }

  List<X509Certificate> results = new LinkedList<>();

  for (Certificate certificate : certificates) {
    results.add((X509Certificate)certificate);
  }


  return new ApkSigner.SignerConfig.Builder("Signal Signer", privateKey, results).build();
}
 
Example 5
private void run(KeyStore inputKeyStore, KeyStore outputKeyStore,
        String inKeyPass, String outKeyPass) throws Exception {
    Enumeration<String> e = inputKeyStore.aliases();
    String alias;
    while (e.hasMoreElements()) {
        alias = e.nextElement();
        Certificate[] certs = inputKeyStore.getCertificateChain(alias);

        boolean isCertEntry = inputKeyStore.isCertificateEntry(alias);
        // Test KeyStore only contain key pair entries.
        if (isCertEntry == true) {
            throw new RuntimeException(
                    "inputKeystore should not be certEntry because test"
                            + " keystore only contain key pair entries"
                            + " for alias:" + alias);
        }

        boolean isKeyEntry = inputKeyStore.isKeyEntry(alias);
        Key key = null;
        if (isKeyEntry) {
            key = inputKeyStore.getKey(alias, inKeyPass.toCharArray());
        } else {
            throw new RuntimeException("Entry type unknown for alias:"
                    + alias);
        }
        outputKeyStore.setKeyEntry(alias, key, outKeyPass.toCharArray(),
                certs);
    }
}
 
Example 6
Source Project: ats-framework   File: FtpsClient.java    License: Apache License 2.0 5 votes vote down vote up
public DefaultTrustStrategy( KeyStore trustStore ) throws Exception {
    /** get all certificates from the trust store **/
    Enumeration<String> aliases = trustStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        if (trustStore.isCertificateEntry(alias)) {
            /** the alias points to a certificate **/
            certificates.add(trustStore.getCertificate(alias));
        } else {
            /** the alias does not point to a certificate, 
             * but this may mean that it points to a private-public key pair or a certificate chain 
             */
            Certificate certificate = trustStore.getCertificate(alias);
            if (certificate != null) {
                /**
                 * the certificate was extracted from a private-public key entry
                 * */
                certificates.add(certificate);
            } else {
                /**
                 * the alias points to a certificate chain
                 * */
                Certificate[] chain = trustStore.getCertificateChain(alias);
                for (Certificate cert : chain) {
                    certificates.add(cert);
                }
            }
        }
    }
}
 
Example 7
Source Project: RISE-V2G   File: SecurityUtils.java    License: MIT License 5 votes vote down vote up
/**
 * Searches a given keystore either for a contract certificate chain or OEM provisioning certificate
 * chain, determined by the alias (the alias is associated with the certificate chain and the private
 * key). 
 * However, it may be the case that more than once contract certificate is installed in the EV, 
 * in which case an OEM specific implementation would need to interact at this point with a HMI in
 * order to enable the user to select the certificate which is to be used for contract based charging.
 * 
 * @param evccKeyStore The keystore to check for the respective certificate chain
 * @param alias The alias associated with a key entry and certificate chain
 * @return The respective certificate chain if present, null otherwise
 */
public static CertificateChainType getCertificateChain(KeyStore evccKeyStore, String alias) {
	CertificateChainType certChain = new CertificateChainType();
	SubCertificatesType subCertificates = new SubCertificatesType();
	
	try {
		Certificate[] certChainArray = evccKeyStore.getCertificateChain(alias);
		
		if (certChainArray == null) {
			getLogger().info("No certificate chain found for alias '" + alias + "'");
			return null;
		}
		
		certChain.setCertificate(certChainArray[0].getEncoded());

		for (int i = 1; i < certChainArray.length; i++) {
			subCertificates.getCertificate().add(certChainArray[i].getEncoded());
		}
		
		certChain.setSubCertificates(subCertificates);
		
		return certChain;
	} catch (KeyStoreException | CertificateEncodingException e) {
		getLogger().error(e.getClass().getSimpleName() + " occurred while trying to get certificate chain", e);
		return null;
	}
}
 
Example 8
Source Project: netbeans   File: Utilities.java    License: Apache License 2.0 5 votes vote down vote up
public static Collection<Certificate> getCertificates (KeyStore keyStore) throws KeyStoreException {
    Set<Certificate> certs = new HashSet<> ();
    for (String alias: Collections.list (keyStore.aliases ())) {
        Certificate[] certificateChain = keyStore.getCertificateChain(alias);
        if (certificateChain != null) {
            certs.addAll(Arrays.asList(certificateChain));
        }
        certs.add(keyStore.getCertificate(alias));
    }
    return certs;
}
 
Example 9
Source Project: Bytecoder   File: SunX509KeyManagerImpl.java    License: Apache License 2.0 5 votes vote down vote up
SunX509KeyManagerImpl(KeyStore ks, char[] password)
        throws KeyStoreException,
        NoSuchAlgorithmException, UnrecoverableKeyException {

    credentialsMap = new HashMap<String,X509Credentials>();
    serverAliasCache = Collections.synchronizedMap(
                        new HashMap<String,String[]>());
    if (ks == null) {
        return;
    }

    for (Enumeration<String> aliases = ks.aliases();
                                    aliases.hasMoreElements(); ) {
        String alias = aliases.nextElement();
        if (!ks.isKeyEntry(alias)) {
            continue;
        }
        Key key = ks.getKey(alias, password);
        if (key instanceof PrivateKey == false) {
            continue;
        }
        Certificate[] certs = ks.getCertificateChain(alias);
        if ((certs == null) || (certs.length == 0) ||
                !(certs[0] instanceof X509Certificate)) {
            continue;
        }
        if (!(certs instanceof X509Certificate[])) {
            Certificate[] tmp = new X509Certificate[certs.length];
            System.arraycopy(certs, 0, tmp, 0, certs.length);
            certs = tmp;
        }

        X509Credentials cred = new X509Credentials((PrivateKey)key,
            (X509Certificate[])certs);
        credentialsMap.put(alias, cred);
        if (SSLLogger.isOn && SSLLogger.isOn("keymanager")) {
            SSLLogger.fine("found key for : " + alias, (Object[])certs);
        }
    }
}
 
Example 10
Source Project: micro-integrator   File: CryptoUtil.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Encrypt a given plain text
 *
 * @param plainTextBytes The plaintext bytes to be encrypted
 * @param cipherTransformation The transformation that need to encrypt. If it is null, RSA is used as default
 * @param returnSelfContainedCipherText Create self-contained cipher text if true, return simple encrypted
 *                                      ciphertext otherwise.
 * @return The cipher text bytes
 * @throws org.wso2.micro.core.util.CryptoException On error during encryption
 */
public byte[] encrypt(byte[] plainTextBytes, String cipherTransformation, boolean returnSelfContainedCipherText)
        throws org.wso2.micro.core.util.CryptoException {

    byte[] encryptedKey;
    org.wso2.micro.core.encryption.SymmetricEncryption encryption = org.wso2.micro.core.encryption.SymmetricEncryption
            .getInstance();

    try {
        if (Boolean.valueOf(encryption.getSymmetricKeyEncryptEnabled())) {
            encryptedKey = encryption.encryptWithSymmetricKey(plainTextBytes);
        } else {
            Cipher keyStoreCipher;
            KeyStore keyStore;
            Certificate[] certs;
            org.wso2.micro.core.util.KeyStoreManager keyMan = org.wso2.micro.core.util.KeyStoreManager.getInstance(
                    Constants.SUPER_TENANT_ID,
                    this.getServerConfigService());
            if (keyMan.getInternalKeyStore() != null) {
                keyStore = keyMan.getInternalKeyStore();
                certs = keyStore.getCertificateChain(internalKeyStoreAlias);
            } else {
                keyStore = keyMan.getPrimaryKeyStore();
                certs = keyStore.getCertificateChain(primaryKeyStoreAlias);
            }
            boolean isCipherTransformEnabled = false;

            if (cipherTransformation != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Cipher transformation for encryption : " + cipherTransformation);
                }
                keyStoreCipher = Cipher.getInstance(cipherTransformation, "BC");
                isCipherTransformEnabled = true;
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Default Cipher transformation for encryption : RSA");
                }
                keyStoreCipher = Cipher.getInstance("RSA", "BC");
            }

            keyStoreCipher.init(Cipher.ENCRYPT_MODE, certs[0].getPublicKey());
            if (isCipherTransformEnabled && plainTextBytes.length == 0) {
                encryptedKey = "".getBytes();
                if (log.isDebugEnabled()) {
                    log.debug("Empty value for plainTextBytes null will persist to DB");
                }
            } else {
                encryptedKey = keyStoreCipher.doFinal(plainTextBytes);
            }
            if (isCipherTransformEnabled && returnSelfContainedCipherText) {
                encryptedKey = createSelfContainedCiphertext(encryptedKey, cipherTransformation, certs[0]);
            }
        }
    } catch (Exception e) {
        throw new org.wso2.micro.core.util.CryptoException("Error during encryption", e);
    }
    return encryptedKey;
}
 
Example 11
private void test(Certificate certs[], String inKeyStorePath,
        String userAlias, String outStorePass, String outKeyPass)
        throws KeyStoreException, NoSuchProviderException, IOException,
        CertificateException, UnrecoverableKeyException,
        NoSuchAlgorithmException {
    // init output key store
    KeyStore outputKeyStore = KeyStore.getInstance("pkcs12", "SunJSSE");
    outputKeyStore.load(null, null);
    try (FileOutputStream fout = new FileOutputStream(OUT_KEYSTORE)) {
        // KeyStore have encoded by Base64.getMimeEncoder().encode(),need
        // decode first.
        byte[] input = Files.readAllBytes(Paths.get(CERT_PATH,
                inKeyStorePath));
        ByteArrayInputStream arrayIn = new ByteArrayInputStream(Base64
                .getMimeDecoder().decode(input));
        // input key store
        KeyStore inputKeyStore = KeyStore.getInstance(IN_KEYSTORE_TYPE,
                IN_KEYSTORE_PRV);
        inputKeyStore.load(arrayIn, IN_STORE_PASS.toCharArray());
        // add key/certificate to output key store
        Key key = inputKeyStore
                .getKey(userAlias, IN_KEY_PASS.toCharArray());
        out.println("Input Key Algorithm " + key.getAlgorithm());
        out.println("====Input Certs=====");
        if (certs == null) {
            certs = new Certificate[] { inputKeyStore
                    .getCertificate(userAlias) };
        }
        for (Certificate cert : certs) {
            out.println(((X509Certificate) cert).getSubjectDN());
        }
        outputKeyStore.setKeyEntry(userAlias, key,
                outKeyPass.toCharArray(), certs);
        Certificate retCerts[] = outputKeyStore
                .getCertificateChain(userAlias);
        out.println("====Output Certs=====");
        for (Certificate retCert : retCerts) {
            out.println(((X509Certificate) retCert).getSubjectDN());
        }
        out.println("====Output Key Algorithm=====");
        Key outKey = outputKeyStore.getKey(userAlias,
                outKeyPass.toCharArray());
        out.println(outKey.getAlgorithm());

        if (!key.equals(outKey)) {
            throw new RuntimeException("key don't match");
        }
        if (!Arrays.equals(certs, retCerts)) {
            throw new RuntimeException("certs don't match");
        }
        // save output
        outputKeyStore.store(fout, outStorePass.toCharArray());
        // test output
        testKeyStore(outputKeyStore, outKeyPass.toCharArray());
    }
}
 
Example 12
private void test(Certificate certs[], String inKeyStorePath,
        String userAlias, String outStorePass, String outKeyPass)
        throws KeyStoreException, NoSuchProviderException, IOException,
        CertificateException, UnrecoverableKeyException,
        NoSuchAlgorithmException {
    // init output key store
    KeyStore outputKeyStore = KeyStore.getInstance("pkcs12", "SunJSSE");
    outputKeyStore.load(null, null);
    try (FileOutputStream fout = new FileOutputStream(OUT_KEYSTORE)) {
        // KeyStore have encoded by Base64.getMimeEncoder().encode(),need
        // decode first.
        byte[] input = Files.readAllBytes(Paths.get(CERT_PATH,
                inKeyStorePath));
        ByteArrayInputStream arrayIn = new ByteArrayInputStream(Base64
                .getMimeDecoder().decode(input));
        // input key store
        KeyStore inputKeyStore = KeyStore.getInstance(IN_KEYSTORE_TYPE,
                IN_KEYSTORE_PRV);
        inputKeyStore.load(arrayIn, IN_STORE_PASS.toCharArray());
        // add key/certificate to output key store
        Key key = inputKeyStore
                .getKey(userAlias, IN_KEY_PASS.toCharArray());
        out.println("Input Key Algorithm " + key.getAlgorithm());
        out.println("====Input Certs=====");
        if (certs == null) {
            certs = new Certificate[] { inputKeyStore
                    .getCertificate(userAlias) };
        }
        for (Certificate cert : certs) {
            out.println(((X509Certificate) cert).getSubjectDN());
        }
        outputKeyStore.setKeyEntry(userAlias, key,
                outKeyPass.toCharArray(), certs);
        Certificate retCerts[] = outputKeyStore
                .getCertificateChain(userAlias);
        out.println("====Output Certs=====");
        for (Certificate retCert : retCerts) {
            out.println(((X509Certificate) retCert).getSubjectDN());
        }
        out.println("====Output Key Algorithm=====");
        Key outKey = outputKeyStore.getKey(userAlias,
                outKeyPass.toCharArray());
        out.println(outKey.getAlgorithm());

        if (!key.equals(outKey)) {
            throw new RuntimeException("key don't match");
        }
        if (!Arrays.equals(certs, retCerts)) {
            throw new RuntimeException("certs don't match");
        }
        // save output
        outputKeyStore.store(fout, outStorePass.toCharArray());
        // test output
        testKeyStore(outputKeyStore, outKeyPass.toCharArray());
    }
}
 
Example 13
private void testKeyStore(KeyStore inputKeyStore, char[] keypass)
        throws KeyStoreException, UnrecoverableKeyException,
        NoSuchAlgorithmException {
    out.println("========== Key Store ==========");
    out.println("getProvider : " + inputKeyStore.getProvider());
    out.println("getType : " + inputKeyStore.getType());
    out.println("getDefaultType : " + KeyStore.getDefaultType());

    int idx = 0;
    Enumeration<String> e = inputKeyStore.aliases();
    String alias;
    while (e.hasMoreElements()) {
        alias = e.nextElement();
        if (!inputKeyStore.containsAlias(alias)) {
            throw new RuntimeException("Alias not found");
        }
        out.println("Alias " + idx + " : " + alias);
        out.println("getCreationDate : "
                + inputKeyStore.getCreationDate(alias));
        X509Certificate cert = (X509Certificate) inputKeyStore
                .getCertificate(alias);
        out.println("getCertificate : " + cert.getSubjectDN());
        String retAlias = inputKeyStore.getCertificateAlias(cert);
        if (!retAlias.equals(alias)) {
            throw new RuntimeException("Alias mismatch, actually "
                    + retAlias + ", expected " + alias);
        }
        out.println("getCertificateAlias : " + retAlias);
        Certificate[] certs = inputKeyStore.getCertificateChain(alias);
        int i = 0;
        for (Certificate certification : certs) {
            out.println("getCertificateChain " + i
                    + ((X509Certificate) certification).getSubjectDN());
            i++;
        }
        if (inputKeyStore.isCertificateEntry(alias)) {
            throw new RuntimeException(
                    "inputKeystore should not be certEntry because this"
                            + " keystore only contain key pair entries.");
        }
        if (!inputKeyStore.isKeyEntry(alias)) {
            throw new RuntimeException("Entry type unknown.");
        }
        idx++;
    }
    int size = inputKeyStore.size();
    if (idx != size) {
        throw new RuntimeException("Size not match, actually " + idx
                + ", expected " + size);
    }
}
 
Example 14
private void testKeyStore(KeyStore inputKeyStore, char[] keypass)
        throws KeyStoreException, UnrecoverableKeyException,
        NoSuchAlgorithmException {
    out.println("========== Key Store ==========");
    out.println("getProvider : " + inputKeyStore.getProvider());
    out.println("getType : " + inputKeyStore.getType());
    out.println("getDefaultType : " + KeyStore.getDefaultType());

    int idx = 0;
    Enumeration<String> e = inputKeyStore.aliases();
    String alias;
    while (e.hasMoreElements()) {
        alias = e.nextElement();
        if (!inputKeyStore.containsAlias(alias)) {
            throw new RuntimeException("Alias not found");
        }
        out.println("Alias " + idx + " : " + alias);
        out.println("getCreationDate : "
                + inputKeyStore.getCreationDate(alias));
        X509Certificate cert = (X509Certificate) inputKeyStore
                .getCertificate(alias);
        out.println("getCertificate : " + cert.getSubjectDN());
        String retAlias = inputKeyStore.getCertificateAlias(cert);
        if (!retAlias.equals(alias)) {
            throw new RuntimeException("Alias mismatch, actually "
                    + retAlias + ", expected " + alias);
        }
        out.println("getCertificateAlias : " + retAlias);
        Certificate[] certs = inputKeyStore.getCertificateChain(alias);
        int i = 0;
        for (Certificate certification : certs) {
            out.println("getCertificateChain " + i
                    + ((X509Certificate) certification).getSubjectDN());
            i++;
        }
        if (inputKeyStore.isCertificateEntry(alias)) {
            throw new RuntimeException(
                    "inputKeystore should not be certEntry because this"
                            + " keystore only contain key pair entries.");
        }
        if (!inputKeyStore.isKeyEntry(alias)) {
            throw new RuntimeException("Entry type unknown.");
        }
        idx++;
    }
    int size = inputKeyStore.size();
    if (idx != size) {
        throw new RuntimeException("Size not match, actually " + idx
                + ", expected " + size);
    }
}
 
Example 15
private static void test(Provider p, PrivateKeyEntry entry) throws Exception {
    PrivateKey key = entry.getPrivateKey();
    X509Certificate[] chain = (X509Certificate[])entry.getCertificateChain();
    PublicKey publicKey = chain[0].getPublicKey();
    System.out.println(toString(key));
    sign(p, key, publicKey);

    KeyStore ks = KeyStore.getInstance("PKCS11", p);
    ks.load(null, null);
    if (ks.size() != 0) {
        throw new Exception("KeyStore not empty");
    }
    List<String> aliases;

    // test 1: add entry
    ks.setKeyEntry(ALIAS1, key, null, chain);
    aliases = aliases(ks);
    if (aliases.size() != 1) {
        throw new Exception("size not 1: " + aliases);
    }
    if (aliases.get(0).equals(ALIAS1) == false) {
        throw new Exception("alias mismatch: " + aliases);
    }

    PrivateKey key2 = (PrivateKey)ks.getKey(ALIAS1, null);
    System.out.println(toString(key2));
    X509Certificate[] chain2 =
            (X509Certificate[]) ks.getCertificateChain(ALIAS1);
    if (Arrays.equals(chain, chain2) == false) {
        throw new Exception("chain mismatch");
    }
    sign(p, key2, publicKey);

    ks.deleteEntry(ALIAS1);
    if (ks.size() != 0) {
        throw new Exception("KeyStore not empty");
    }

    // test 2: translate to session object, then add entry
    KeyFactory kf = KeyFactory.getInstance(key.getAlgorithm(), p);
    PrivateKey key3 = (PrivateKey)kf.translateKey(key);
    System.out.println(toString(key3));
    sign(p, key3, publicKey);

    ks.setKeyEntry(ALIAS2, key3, null, chain);
    aliases = aliases(ks);
    if (aliases.size() != 1) {
        throw new Exception("size not 1");
    }
    if (aliases.get(0).equals(ALIAS2) == false) {
        throw new Exception("alias mismatch: " + aliases);
    }

    PrivateKey key4 = (PrivateKey)ks.getKey(ALIAS2, null);
    System.out.println(toString(key4));
    X509Certificate[] chain4 = (X509Certificate[])
            ks.getCertificateChain(ALIAS2);
    if (Arrays.equals(chain, chain4) == false) {
        throw new Exception("chain mismatch");
    }
    sign(p, key4, publicKey);

    // test 3: change alias
    ks.setKeyEntry(ALIAS3, key3, null, chain);
    aliases = aliases(ks);
    if (aliases.size() != 1) {
        throw new Exception("size not 1");
    }
    if (aliases.get(0).equals(ALIAS3) == false) {
        throw new Exception("alias mismatch: " + aliases);
    }

    PrivateKey key5 = (PrivateKey)ks.getKey(ALIAS3, null);
    System.out.println(toString(key5));
    X509Certificate[] chain5 = (X509Certificate[])
            ks.getCertificateChain(ALIAS3);
    if (Arrays.equals(chain, chain5) == false) {
        throw new Exception("chain mismatch");
    }
    sign(p, key5, publicKey);

    ks.deleteEntry(ALIAS3);
    if (ks.size() != 0) {
        throw new Exception("KeyStore not empty");
    }

    System.out.println("OK");
}
 
Example 16
@Override
public void setTrustStore( String truststoreFile, String truststorePassword ) {

    try {
        KeyStore trustStore = SslUtils.loadKeystore(truststoreFile, truststorePassword);
        List<Certificate> certificates = new ArrayList<Certificate>();
        /** get all certificates from the trust store **/
        Enumeration<String> aliases = trustStore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            if (trustStore.isCertificateEntry(alias)) {
                /** the alias points to a certificate **/
                certificates.add(trustStore.getCertificate(alias));
            } else {
                /** the alias does not point to a certificate, 
                 * but this may mean that it points to a private-public key pair or certificate chain 
                 */
                Certificate certificate = trustStore.getCertificate(alias);
                if (certificate != null) {
                    /**
                     * the certificate was extracted from a private-public key entry
                     * */
                    certificates.add(certificate);
                } else {
                    /**
                     * the alias points to a certificate chain
                     * */
                    Certificate[] chain = trustStore.getCertificateChain(alias);
                    for (Certificate cert : chain) {
                        certificates.add(cert);
                    }
                }
            }
        }

        trustedServerCertificates = new X509Certificate[certificates.size()];
        certificates.toArray(trustedServerCertificates);
    } catch (Exception e) {
        throw new HttpException("Unable to load all certificates from the trust store", e);
    }

}
 
Example 17
private static void init() throws Exception {

        // first write policy files

        PolicyParser pp = new PolicyParser();
        pp.read(new StringReader(POLICY_NO_STORE));
        pp.write(new FileWriter(NO_STORE_FILE, false));

        pp = new PolicyParser();
        pp.read(new StringReader(POLICY_URL));
        pp.write(new FileWriter(URL_FILE, false));

        pp = new PolicyParser();
        pp.read(new StringReader(POLICY_URL_T));
        pp.write(new FileWriter(URL_T_FILE, false));

        pp = new PolicyParser();
        pp.read(new StringReader(POLICY_URL_T_P));
        pp.write(new FileWriter(URL_T_P_FILE, false));

        pp = new PolicyParser();
        pp.read(new StringReader(POLICY_URL_PWD));
        pp.write(new FileWriter(URL_PWD_FILE, false));

        pp = new PolicyParser();
        pp.read(new StringReader(POLICY_URL_T_P_PWD));
        pp.write(new FileWriter(URL_T_P_PWD_FILE, false));

        pp = new PolicyParser();
        pp.read(new StringReader(POLICY_BADPASS));
        pp.write(new FileWriter(BADPASS_FILE, false));

        // next load keystore data to build PD's

        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(new FileInputStream
                        (System.getProperty("test.src", ".") +
                        File.separatorChar +
                        "TokenStore.keystore"),
                storePassword);

        NO_STORE_DOMAIN = new ProtectionDomain
                        (new CodeSource(new URL("file:/foo"),
                            (java.security.cert.Certificate[]) null),
                        null,  // perms
                        null,  // class loader
                        null);  // principals

        Certificate[] chain = (Certificate[])
                        ks.getCertificateChain("POLICY_URL");
        URL_DOMAIN = new ProtectionDomain
                        (new CodeSource(new URL("file:/foo"), chain),
                        null,  // perms
                        null,  // class loader
                        null);  // principals

        chain = (Certificate[])
                        ks.getCertificateChain("POLICY_URL_T");
        URL_T_DOMAIN = new ProtectionDomain
                        (new CodeSource(new URL("file:/foo"), chain),
                        null,  // perms
                        null,  // class loader
                        null);  // principals

        chain = (Certificate[])
                        ks.getCertificateChain("POLICY_URL_T_P");
        URL_T_P_DOMAIN = new ProtectionDomain
                        (new CodeSource(new URL("file:/foo"), chain),
                        null,  // perms
                        null,  // class loader
                        null);  // principals
    }
 
Example 18
private void readTest(String inKeyStore) throws Exception {

        KeyStore inputKeyStore;

        // Initialize KeyStore
        String dir = System.getProperty("test.src", ".");
        String keystorePath = dir + File.separator + "certs" + File.separator
                + "readP12";
        inputKeyStore = KeyStore
                .getInstance(IN_KETYSTORE_TYPE, IN_KEYSTORE_PRV);
        // KeyStore have encoded by Base64.getMimeEncoder().encode(),need decode
        // first.
        byte[] input = Files.readAllBytes(Paths.get(keystorePath, inKeyStore));
        ByteArrayInputStream arrayIn = new ByteArrayInputStream(Base64
                .getMimeDecoder().decode(input));
        inputKeyStore.load(arrayIn, IN_STORE_PASS.toCharArray());
        out.println("Initialize KeyStore : " + inKeyStore + " success");

        out.println("getProvider : " + inputKeyStore.getProvider());
        out.println("getType : " + inputKeyStore.getType());
        out.println("getDefaultType : " + KeyStore.getDefaultType());

        int idx = 0;
        Enumeration<String> e = inputKeyStore.aliases();
        String alias;
        while (e.hasMoreElements()) {
            alias = e.nextElement();
            out.println("Alias " + idx + " : " + alias);
            if (inputKeyStore.containsAlias(alias) == false) {
                throw new RuntimeException("Alias not found");
            }

            out.println("getCreationDate : "
                    + inputKeyStore.getCreationDate(alias));

            X509Certificate cert = (X509Certificate) inputKeyStore
                    .getCertificate(alias);
            out.println("getCertificate : " + cert.getSubjectDN());
            String retAlias = inputKeyStore.getCertificateAlias(cert);
            if (!retAlias.equals(alias)) {
                throw new RuntimeException("Alias mismatch");
            }
            out.println("getCertificateAlias : " + retAlias);

            Certificate[] certs = inputKeyStore.getCertificateChain(alias);
            for (int i = 0; i < certs.length; i++) {
                out.println("getCertificateChain " + i + " : "
                        + ((X509Certificate) certs[i]).getSubjectDN());
            }

            boolean isCertEntry = inputKeyStore.isCertificateEntry(alias);
            // test KeyStore only contain key pair entries.
            if (isCertEntry == true) {
                throw new RuntimeException(
                        "inputKeystore should not be certEntry because test keystore only contain key pair entries.");
            }

            boolean isKeyEntry = inputKeyStore.isKeyEntry(alias);
            if (isKeyEntry) {
                Key key = inputKeyStore.getKey(alias,
                        IN_STORE_PASS.toCharArray());
                out.println("Key : " + key.toString());
            } else {
                throw new RuntimeException("Entry type unknown\n");
            }
            idx++;
        }

        int size = inputKeyStore.size();
        if (idx != size) {
            throw new RuntimeException("Size not match");
        }

    }
 
Example 19
public static void main(String[] args) throws Exception {

        // Prepare a JKS keystore with many entries
        new File(JKSFILE).delete();
        for (int i=0; i<SIZE; i++) {
            System.err.print(".");
            String cmd = "-keystore " + JKSFILE
                    + " -storepass changeit -keypass changeit -keyalg rsa "
                    + "-genkeypair -alias p" + i + " -dname CN=" + i;
            sun.security.tools.keytool.Main.main(cmd.split(" "));
        }

        // Prepare EncryptedPrivateKeyInfo parameters, copied from various
        // places in PKCS12KeyStore.java
        AlgorithmParameters algParams =
                AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
        algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
        AlgorithmId algid = new AlgorithmId(
                new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);

        PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
        SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
        SecretKey skey = skFac.generateSecret(keySpec);

        Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
        cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);

        // Pre-calculated keys and certs and aliases
        byte[][] keys = new byte[SIZE][];
        Certificate[][] certChains = new Certificate[SIZE][];
        String[] aliases = new String[SIZE];

        // Reads from JKS keystore and pre-calculate
        KeyStore ks = KeyStore.getInstance("jks");
        try (FileInputStream fis = new FileInputStream(JKSFILE)) {
            ks.load(fis, PASSWORD);
        }
        for (int i=0; i<SIZE; i++) {
            aliases[i] = "p" + i;
            byte[] enckey = cipher.doFinal(
                    ks.getKey(aliases[i], PASSWORD).getEncoded());
            keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
            certChains[i] = ks.getCertificateChain(aliases[i]);
        }

        // Write into PKCS12 keystore. Use this overloaded version of
        // setKeyEntry() to be as fast as possible, so that they would
        // have same localKeyId.
        KeyStore p12 = KeyStore.getInstance("pkcs12");
        p12.load(null, PASSWORD);
        for (int i=0; i<SIZE; i++) {
            p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
        }
        try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
            p12.store(fos, PASSWORD);
        }

        // Check private keys still match certs
        p12 = KeyStore.getInstance("pkcs12");
        try (FileInputStream fis = new FileInputStream(P12FILE)) {
            p12.load(fis, PASSWORD);
        }
        for (int i=0; i<SIZE; i++) {
            String a = "p" + i;
            X509Certificate x = (X509Certificate)p12.getCertificate(a);
            X500Name name = (X500Name)x.getSubjectDN();
            if (!name.getCommonName().equals(""+i)) {
                throw new Exception(a + "'s cert is " + name);
            }
        }
    }
 
Example 20
Source Project: james-project   File: SMIMEKeyHolder.java    License: Apache License 2.0 4 votes vote down vote up
/**
 * Creates a new instance of <CODE>KeyHolder</CODE> using {@link java.security.KeyStore} related parameters.
 * @param keyStoreFileName The (absolute) file name of the .keystore file to load the keystore from.
 * @param keyStorePassword The (optional) password used to check the integrity of the keystore.
 *      If given, it is used to check the integrity of the keystore data,
 *      otherwise, if null, the integrity of the keystore is not checked.
 * @param keyAlias The alias name of the key.
 *      If missing (is null) and if there is only one key in the keystore, will default to it.
 * @param keyAliasPassword The password of the alias for recovering the key.
 *      If missing (is null) will default to <I>keyStorePassword</I>. At least one of the passwords must be provided.
 * @param keyStoreType The type of keystore.
 *      If missing (is null) will default to the keystore type as specified in the Java security properties file,
 *      or the string "jks" (acronym for "Java keystore") if no such property exists.
 * @throws java.security.KeyStoreException Thrown when the <I>keyAlias</I> is specified and not found,
 *      or is not specified and either no alias is found or more than one is found.
 * @see java.security.KeyStore#getDefaultType
 * @see java.security.KeyStore#getInstance(String)
 * @see java.security.KeyStore#load
 * @see java.security.KeyStore#getKey
 * @see java.security.KeyStore#getCertificate
 */
public SMIMEKeyHolder(String keyStoreFileName, String keyStorePassword, String keyAlias, String keyAliasPassword, String keyStoreType)
throws KeyStoreException, IOException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
CertificateException, UnrecoverableKeyException, NoSuchProviderException {
    
    try {
        InitJCE.init();
    } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
        NoSuchProviderException ex = new NoSuchProviderException("Error during cryptography provider initialization. Has bcprov-jdkxx-yyy.jar been copied in the lib directory or installed in the system?");
        ex.initCause(e);
        throw ex;
    }

    if (keyStoreType == null) {
        keyStoreType = KeyStore.getDefaultType();
    }
    
    KeyStore keyStore = KeyStore.getInstance(keyStoreType);
    keyStore.load(new BufferedInputStream(new FileInputStream(keyStoreFileName)), keyStorePassword.toCharArray());
    
    Enumeration<String> aliases = keyStore.aliases();
    if (keyAlias == null) {
        if (aliases.hasMoreElements()) {
            keyAlias = aliases.nextElement();
        } else {
            throw new KeyStoreException("No alias was found in keystore.");
        }
        if (aliases.hasMoreElements()) {
            throw new KeyStoreException("No <keyAlias> was given and more than one alias was found in keystore.");
            
        }
    }
    
    if (keyAliasPassword == null) {
        keyAliasPassword = keyStorePassword;
    }
    
    this.privateKey = (PrivateKey) keyStore.getKey(keyAlias, keyAliasPassword.toCharArray());
    if (this.privateKey == null) {
        throw new KeyStoreException("The \"" + keyAlias + "\" PrivateKey alias was not found in keystore.");
    }
    
    this.certificate = (X509Certificate) keyStore.getCertificate(keyAlias);
    if (this.certificate == null) {
        throw new KeyStoreException("The \"" + keyAlias + "\" X509Certificate alias was not found in keystore.");
    }
    java.security.cert.Certificate[] certificateChain = keyStore.getCertificateChain(keyAlias);
    ArrayList<java.security.cert.Certificate> certList = new ArrayList<>();
    if (certificateChain == null) {
        certList.add(this.certificate);
    } else {
        Collections.addAll(certList, certificateChain);
    }
    
    // create a CertStore containing the certificates we want carried
    // in the signature
    this.certStore = CertStore.getInstance("Collection",
    new CollectionCertStoreParameters(certList), "BC");

    jcaCertStore = new JcaCertStore(certList);

}