private static SSLContext sslContext(String keystoreFile, String password) throws GeneralSecurityException, IOException { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream in = new FileInputStream(keystoreFile)) { keystore.load(in, password.toCharArray()); } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, password.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keystore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init( keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext; } }
static List<CertificateEntries> create(KeyStore keystore) throws GeneralSecurityException { Enumeration<String> aliases = keystore.aliases(); List<CertificateEntries> entries = new ArrayList<>(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); Certificate cert = keystore.getCertificate(alias); if (cert instanceof X509Certificate) entries.add(new CertificateEntries((X509Certificate) cert)); } return entries; }
InputStream is = new FileInputStream("cacert.crt"); // You could get a resource as a stream instead. CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate caCert = (X509Certificate)cf.generateCertificate(is); TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null); // You don't need the KeyStore instance to come from a file. ks.setCertificateEntry("caCert", caCert); tmf.init(ks); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, tmf.getTrustManagers(), null);
private KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException { try { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream in = null; // By convention, 'null' creates an empty key store. keyStore.load(in, password); return keyStore; } catch (IOException e) { throw new AssertionError(e); } }
/** * Generates a new {@link KeyStore}. * * @param certChain a X.509 certificate chain * @param key a PKCS#8 private key * @param keyPasswordChars the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @return generated {@link KeyStore}. */ static KeyStore buildKeyStore(X509Certificate[] certChain, PrivateKey key, char[] keyPasswordChars) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setKeyEntry(ALIAS, key, keyPasswordChars, certChain); return ks; }
protected org.apache.http.conn.ssl.SSLSocketFactory createAdditionalCertsSSLSocketFactory() { try { final KeyStore ks = KeyStore.getInstance("BKS"); // the bks file we generated above final InputStream in = context.getResources().openRawResource( R.raw.mystore); try { // don't forget to put the password used above in strings.xml/mystore_password ks.load(in, context.getString( R.string.mystore_password ).toCharArray()); } finally { in.close(); } return new AdditionalKeyStoresSSLSocketFactory(ks); } catch( Exception e ) { throw new RuntimeException(e); } }
private void populateMap() { try { final KeyStore keyStore = KeyStore.getInstance("JKS"); final char[] passPhrase = this.pubKeyPass != null ? this.pubKeyPass.toCharArray() : null; final FileInputStream keyStoreFile = new FileInputStream(this.pubKeyFilePath); try { keyStore.load(keyStoreFile, passPhrase); } finally { keyStoreFile.close(); } for (Enumeration e = keyStore.aliases(); e.hasMoreElements();) { final Object alias = e.nextElement(); final Certificate cert = keyStore.getCertificate((String) alias); if (cert instanceof X509Certificate) { this.aliasCertificateMap.put(alias, cert); } } } catch (Exception e) { throw new AuthenticationFailedException( "Exception while getting public keys: " + e.getMessage(), e); } }
private SSLSocketFactory getSocketFactory() throws GeneralSecurityException, IOException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); KeyStore keyStore = KeyStore.getInstance("PKCS12"); InputStream keyInput = new FileInputStream(pathToPkcs12File); keyStore.load(keyInput, password.toCharArray()); keyInput.close(); keyManagerFactory.init(keyStore, password.toCharArray()); SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom()); return context.getSocketFactory(); }
private static KeyManager[] initKeyManagers(String keystore, char[] keystorePassword, char[] keyManagerPassword) throws Exception { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(keystore), keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore, keyManagerPassword); return keyManagerFactory.getKeyManagers(); }
InputStream in = new FileInputStream( file ); KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() ); ks.load( in, passphrase ); in.close(); SSLContext context = SSLContext.getInstance( "TLS" ); TrustManagerFactory tmf = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm() ); tmf.init( ks ); X509TrustManager defaultTrustManager = ( X509TrustManager ) tmf.getTrustManagers()[0]; SavingTrustManager tm = new SavingTrustManager( defaultTrustManager ); context.init( null, new TrustManager[] { tm }, null ); SSLSocketFactory factory = context.getSocketFactory(); ks.setCertificateEntry( host, cert ); ks.store( out, passphrase ); out.close();
private String getSignatureAlgorithm() throws Exception { InputStream is = null; try { is = new BufferedInputStream(new FileInputStream(config.mSignatureFile)); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(is, config.mStorePass.toCharArray()); Key key = keyStore.getKey(config.mStoreAlias, config.mKeyPass.toCharArray()); String keyAlgorithm = key.getAlgorithm(); String signatureAlgorithm; if (keyAlgorithm.equalsIgnoreCase("DSA")) { signatureAlgorithm = "SHA1withDSA"; } else if (keyAlgorithm.equalsIgnoreCase("RSA")) { signatureAlgorithm = "SHA1withRSA"; } else if (keyAlgorithm.equalsIgnoreCase("EC")) { signatureAlgorithm = "SHA1withECDSA"; } else { throw new RuntimeException("private key is not a DSA or " + "RSA key"); } return signatureAlgorithm; } finally { StreamUtil.closeQuietly(is); } }
KeyStore ks = KeyStore.getInstance("JKS"); InputStream ksIs = new FileInputStream("..."); try { ks.load(ksIs, "password".toCharArray()); } finally { if (ksIs != null) { ksIs.close(); } } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory .getDefaultAlgorithm()); kmf.init(ks, "keypassword".toCharArray());
InputStream in = new FileInputStream( file ); KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() ); ks.load( in, passphrase ); in.close(); ks.setCertificateEntry( hostname, cert ); LOG.debug( "Added certificate to keystore 'jssecacerts' using alias '" + hostname + "'" ); ks.store( out, passphrase ); out.close();
protected void load(URI uri) throws IOException { String path = uri.getPath(); if (path == null || path.isEmpty()) { throw new RuntimeException("KeyProvider parameters should specify a path"); } InputStream is = new FileInputStream(new File(path)); try { store.load(is, password); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (CertificateException e) { throw new RuntimeException(e); } finally { is.close(); } }
KeyStore ks = KeyStore.getInstance("JKS"); // get user password and file input stream char[] password = ("mykspassword")).toCharArray(); ClassLoader cl = this.getClass().getClassLoader(); InputStream stream = cl.getResourceAsStream("myjks.jks"); ks.load(stream, password); stream.close(); SSLContext sc = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); kmf.init(ks, password); tmf.init(ks); sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(),null); return sc.getSocketFactory();
KeyStore agentTruststore() throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { KeyStore trustStore = null; List<X509Certificate> certificates = new CertificateFileParser().certificates(rootCertFile); for (X509Certificate certificate : certificates) { if (trustStore == null) { trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); trustStore.load(null, null); } trustStore.setCertificateEntry(certificate.getSubjectX500Principal().getName(), certificate); } return trustStore; }
private TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { if (Objects.isNull(trustStorePath)) { return new TrustManager[0]; } String trustStoreType = "jks"; KeyStore keyStore = KeyStore.getInstance(trustStoreType); FileInputStream fileInputStream = new FileInputStream(trustStorePath); char[] password = "password".toCharArray(); keyStore.load(fileInputStream, password); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keyStore); return tmf.getTrustManagers(); }
private KeyManager[] getKeyManagers(SSLConfig sslConfig) throws Exception { FileInputStream keyStoreStream = null; KeyManagerFactory keyManagerFactory = null; try { if (StringUtils.isNotBlank(sslConfig.getKeystore())) { KeyStore clientKeys = KeyStore.getInstance(sslConfig.getKeystoreType()); keyStoreStream = new FileInputStream(sslConfig.getKeystore()); clientKeys.load(keyStoreStream, sslConfig.getKeystorePassword().toCharArray()); keyManagerFactory = KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeys, sslConfig.getKeystorePassword().toCharArray()); } } finally { if (keyStoreStream != null) { keyStoreStream.close(); } } return keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null; }
/** * Update a keystore with a CA certificate * * @param pTrustStore the keystore to update * @param pCaCert CA cert as PEM used for the trust store */ public static void updateWithCaPem(KeyStore pTrustStore, File pCaCert) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { InputStream is = new FileInputStream(pCaCert); try { CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(is); String alias = cert.getSubjectX500Principal().getName(); pTrustStore.setCertificateEntry(alias, cert); } finally { is.close(); } }
@Override public KeyStore loadKeyStore() throws IOException, GeneralSecurityException { KeyStore ks = KeyStore.getInstance(JKS_KEY_STORE_TYPE); InputStream inputStream = null; try { inputStream = new FileInputStream(new File(keyStorePath)); ks.load(inputStream, passwordStringToCharArray(keyStorePassword)); return ks; } finally { forceClose(inputStream); } }