/** * Used during setup to get the certification from the keystore and encrypt the auth_value with * the private key */ public void setCertificate() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnrecoverableEntryException { KeyStore store = KeyStore.getInstance(this.keystore_type); InputStream inputStream=Thread.currentThread().getContextClassLoader().getResourceAsStream(this.keystore_path); if(inputStream == null) inputStream=new FileInputStream(this.keystore_path); store.load(inputStream, this.keystore_password); this.cipher = Cipher.getInstance(this.cipher_type); this.certificate = (X509Certificate) store.getCertificate(this.cert_alias); log.debug("certificate = " + this.certificate.toString()); this.cipher.init(Cipher.ENCRYPT_MODE, this.certificate); this.encryptedToken = this.cipher.doFinal(this.auth_value.getBytes()); KeyStore.PrivateKeyEntry privateKey = (KeyStore.PrivateKeyEntry) store.getEntry( this.cert_alias, new KeyStore.PasswordProtection(this.cert_password)); this.certPrivateKey = privateKey.getPrivateKey(); this.valueSet=true; } }
boolean verifySigned(File keystore, Certificate agentCertificate) { try { KeyStore store = KeyStore.getInstance("JKS"); FileInputStream inputStream = new FileInputStream(keystore); store.load(inputStream, PASSWORD_AS_CHAR_ARRAY); IOUtils.closeQuietly(inputStream); KeyStore.PrivateKeyEntry intermediateEntry = (KeyStore.PrivateKeyEntry) store.getEntry("ca-intermediate", new KeyStore.PasswordProtection(PASSWORD_AS_CHAR_ARRAY)); Certificate intermediateCertificate = intermediateEntry.getCertificate(); agentCertificate.verify(intermediateCertificate.getPublicKey()); return true; } catch (Exception e) { return false; } }
KeyStore oldKS = KeyStore.getInstance(KEYSTORETYPE); try (InputStream fin = getResource().in()) { oldKS.load(fin, oldPassword); KeyStore newKS = KeyStore.getInstance(KEYSTORETYPE); newKS.load(null, newPassword); KeyStore.PasswordProtection protectionparam = new KeyStore.PasswordProtection(newPassword); Enumeration<String> enumeration = oldKS.aliases(); if (key instanceof PrivateKey) entry = new KeyStore.PrivateKeyEntry( (PrivateKey) key, oldKS.getCertificateChain(alias)); if (key instanceof PublicKey)
private PrivateKey loadPrivateKey(InputStream input) throws Exception { // Load keystore KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(input, storePass.toCharArray()); // Retrieve private key PrivateKeyEntry entry = (PrivateKeyEntry)keystore.getEntry(keyAlias, new PasswordProtection(keyPass.toCharArray())); return entry.getPrivateKey(); }
@BeforeAll public static void initialize() throws Exception { host = System.getProperty("ssh-host"); if (host == null) { log.warn("WARNING: using internal daemon"); keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair(); host = "localhost"; user = "root"; password = "password"; sshd = new SSHD(); sshd.setUser(user, password, keyPair.getPublic()); sshd.start(); port = sshd.getPort(); } else { port = Integer.parseInt(System.getProperty("ssh-test-port", "22")); user = System.getProperty("ssh-test-user", "root"); password = System.getProperty("ssh-test-password", "password"); String p12 = System.getProperty("ssh-test-p12"); String p12_password = System.getProperty("ssh-test-p12-password", "password"); try (FileInputStream fis = new FileInputStream(p12)) { KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(fis, p12_password.toCharArray()); KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("1", new KeyStore.PasswordProtection(p12_password.toCharArray())); keyPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); } } largeTestFileSize = Long.parseLong(System.getProperty("ssh-test-large-file-size", "50000000")); largeTestHardTimeout = Long.parseLong(System.getProperty("ssh-test-long-hard-timeout", "0")); }
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); int nBefore = keyStore.size(); KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(alias, null); RSAPrivateKey privateKey = (RSAPrivateKey) privateKeyEntry.getPrivateKey(); RSAPublicKey publicKey = (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey(); new CipherInputStream(new FileInputStream(encryptedDataFilePath), outCipher); byte [] roundTrippedBytes = new byte[1000]; // TODO: dynamically resize as we get more data
try { fis = new FileInputStream(fileName); KeyStore keyStore = KeyStore.getInstance("jceks"); keyStore.load(fis, storepass.toCharArray()); fis.close(); ProtectionParameter param = new KeyStore.PasswordProtection(keypass.toCharArray()); KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, param); PrivateKey myPrivateKey = pkEntry.getPrivateKey(); System.out.println("获取的私钥是:" + myPrivateKey.toString()); keyStore.setEntry(alias, skEntry, new KeyStore.PasswordProtection("decryp pwd".toCharArray())); os.close(); if (fis != null) fis.close(); } catch (IOException e) { e.printStackTrace();
public String decrypte (String encCardNo) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableEntryException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{ FileInputStream is = new FileInputStream("C:/Users/admin/Desktop/keystore/ksjksformat.jks"); String keystpassw = "9801461740"; String alias = "ksjksformat"; KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(is,keystpassw.toCharArray() ); Key key = ks.getKey(alias, keystpassw.toCharArray()); Certificate cert = ks.getCertificate(alias); PublicKey publicKey = cert.getPublicKey(); new KeyPair(publicKey, (PrivateKey) (key)); KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(keystpassw.toCharArray()); KeyStore.PrivateKeyEntry pkentry = (PrivateKeyEntry) ks.getEntry(alias, protParam); PrivateKey myPrivateKey =pkentry.getPrivateKey(); Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, myPrivateKey); byte[] decoded = Base64.decodeBase64(encCardNo); byte[] cipherData = cipher.doFinal(decoded); return new String(cipherData); }`
KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(file), jksPassword.toCharArray()); Enumeration<String> es = keyStore.aliases(); String alias = ""; while (es.hasMoreElements()) { KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(jksPassword.toCharArray())); PrivateKey myPrivateKey = pkEntry.getPrivateKey();
public void createKeyStore(String keyStorePwd, String keyStoreFile, PrivateKey privateKey, X509Certificate certificate) throws Exception { char[] pwd = keyStorePwd.toCharArray(); KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(null, pwd); KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(pwd); Certificate[] certChain = new Certificate[]{ certificate }; KeyStore.PrivateKeyEntry pkEntry = new KeyStore.PrivateKeyEntry(privateKey, certChain); ks.setEntry("keypair", pkEntry, protParam); FileOutputStream fos = new FileOutputStream(keyStoreFile); ks.store(fos, pwd); fos.close(); }
if (!caKeyPair.getPublic().equals(certificate.getPublicKey())) { throw new IOException("Expected " + nifiKey + " to correspond to CA certificate at " + nifiCert); TlsCertificateAuthorityManager tlsCertificateAuthorityManager = new TlsCertificateAuthorityManager(standaloneConfig); KeyStore.PrivateKeyEntry privateKeyEntry = tlsCertificateAuthorityManager.getOrGenerateCertificateAuthority(); certificate = (X509Certificate) privateKeyEntry.getCertificateChain()[0]; caKeyPair = new KeyPair(certificate.getPublicKey(), privateKeyEntry.getPrivateKey()); Extensions sanDnsExtensions = TlsHelper.createDomainAlternativeNamesExtensions(tlsClientConfig.getDomainAlternativeNames(), tlsClientConfig.calcDefaultDn(hostname)); tlsClientManager.addPrivateKeyToKeyStore(keyPair, NIFI_KEY, CertificateUtils.generateIssuedCertificate(tlsClientConfig.calcDefaultDn(hostname), keyPair.getPublic(), sanDnsExtensions, certificate, caKeyPair, signingAlgorithm, days), certificate); tlsClientManager.setCertificateEntry(NIFI_CERT, certificate); tlsClientManager.addClientConfigurationWriter(new NifiPropertiesTlsClientConfigWriter(niFiPropertiesWriterFactory, new File(hostDir, "nifi.properties"), X509Certificate clientCert = CertificateUtils.generateIssuedCertificate(reorderedDn, keyPair.getPublic(), null, certificate, caKeyPair, signingAlgorithm, days); KeyStore keyStore = KeyStoreUtils.getKeyStore(KeystoreType.PKCS12.toString()); keyStore.load(null, null); keyStore.setKeyEntry(NIFI_KEY, keyPair.getPrivate(), null, new Certificate[]{clientCert, certificate}); String password = TlsHelper.writeKeyStore(keyStore, outputStreamFactory, clientCertFile, clientPasswords.get(i), standaloneConfig.isClientPasswordsGenerated());
/** * Create a wrapper using the public/private key pair with the given alias. * If no pair with that alias exists, it will be generated. */ @SuppressLint("GetInstance") public SecretKeyWrapper(Context context, String alias) throws GeneralSecurityException, IOException { mCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); final KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); keyStore.load(null); if (!keyStore.containsAlias(alias)) { generateKeyPair(context, alias); } // Even if we just generated the key, always read it back to ensure we // can read it successfully. final KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) keyStore.getEntry( alias, null); mPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); }
private boolean verifySignedJAXBObject(Object obj) { try { DOMResult domResult = new DOMResult(); JAXB.marshal(obj, domResult); Document doc = ((Document) domResult.getNode()); Element docElement = doc.getDocumentElement(); KeyStore ks = KeyStore.getInstance(SIGNATURE_KEYSTORE_TYPE); URL url = Thread.currentThread().getContextClassLoader().getResource(SIGNATURE_KEYSTORE); ks.load(url.openStream(), SIGNATURE_KEYSTORE_PASSWORD.toCharArray()); KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry(SIGNATURE_KEYSTORE_ALIAS, new KeyStore.PasswordProtection(SIGNATURE_KEYSTORE_PASSWORD.toCharArray())); PrivateKey privateKey = keyEntry.getPrivateKey(); Certificate origCert = keyEntry.getCertificate(); PublicKey validatingKey = origCert.getPublicKey(); return TckSigningUtil.verifySignature(docElement, validatingKey); } catch (Exception e) { throw new RuntimeException(e); } }
protected KeyStore generateKeyStore(Certificate cert, PrivateKey privateKey, String alias, String keyStorePassword) throws GeneralSecurityException, IOException { KeyStore ks = KeyStore.getInstance(getModuleKeyStoreType()); ks.load(null, keyStorePassword.toCharArray()); // set client private key on keyStore file ks.setEntry(alias, new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{cert}), new KeyStore.PasswordProtection(keyStorePassword.toCharArray())); return ks; }
public Registration createAgentCertificate(final File authorityKeystore, String agentHostname) { Date epoch = new Date(0); KeyPair agentKeyPair = generateKeyPair(); try { KeyStore store = loadOrCreateCAKeyStore(authorityKeystore); KeyStore.PrivateKeyEntry intermediateEntry = (KeyStore.PrivateKeyEntry) store.getEntry("ca-intermediate", new KeyStore.PasswordProtection(PASSWORD_AS_CHAR_ARRAY)); X509Certificate[] chain = new X509Certificate[3]; chain[2] = (X509Certificate) store.getCertificate("ca-cert"); chain[1] = (X509Certificate) intermediateEntry.getCertificate(); chain[0] = createAgentCertificate(agentKeyPair.getPublic(), intermediateEntry.getPrivateKey(), chain[1].getPublicKey(), agentHostname, epoch); return new Registration(agentKeyPair.getPrivate(), chain); } catch (Exception e) { throw bomb("Couldn't create agent certificate", e); } }
} else if (credentialClass == KeyPairCredential.class) { final KeyPair keyPair = credential.castAndApply(KeyPairCredential.class, KeyPairCredential::getKeyPair); final PublicKey publicKey = keyPair.getPublic(); final PrivateKey privateKey = keyPair.getPrivate(); final KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm()); encoder.startSequence(); for (X509Certificate x509Certificate : x509Certificates) { encoder.writeEncoded(x509Certificate.getEncoded()); @SuppressWarnings("ConstantConditions") X509CertificateChainPrivateCredential cred = (X509CertificateChainPrivateCredential) credential; entry = new KeyStore.PrivateKeyEntry(cred.getPrivateKey(), cred.getCertificateChain()); } else if (credentialClass == BearerTokenCredential.class) { entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(credential.castAndApply(BearerTokenCredential.class, c -> c.getToken().getBytes(StandardCharsets.UTF_8)), DATA_OID)); keyStore.setEntry(ksAlias, entry, convertParameter(protectionParameter)); final TopEntry topEntry = cache.computeIfAbsent(toLowercase(credentialAlias), TopEntry::new); final MidEntry midEntry = topEntry.getMap().computeIfAbsent(credentialClass, c -> new MidEntry(topEntry, c)); keyStore.deleteEntry(oldAlias);
ks = KeyStore.getInstance("AndroidKeyStore"); ks.load(null); KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry)ks.getEntry("Keys", null); publicKey = (RSAPublicKey) keyEntry.getCertificate().getPublicKey();
@Override public SingleSignOnSessionFactory get() { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; CredentialSource source = this.credentialSource.get(); try { if (!store.containsAlias(alias)) { throw UndertowLogger.ROOT_LOGGER.missingKeyStoreEntry(alias); } if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { throw UndertowLogger.ROOT_LOGGER.keyStoreEntryNotPrivate(alias); } PasswordCredential credential = source.getCredential(PasswordCredential.class); if (credential == null) { throw UndertowLogger.ROOT_LOGGER.missingCredential(source.toString()); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw UndertowLogger.ROOT_LOGGER.credentialNotClearPassword(credential.toString()); } KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); KeyPair keyPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); Optional<SSLContext> context = Optional.ofNullable(this.sslContext).map(dependency -> dependency.get()); return new DefaultSingleSignOnSessionFactory(this.manager.get(), keyPair, connection -> context.ifPresent(ctx -> connection.setSSLSocketFactory(ctx.getSocketFactory()))); } catch (GeneralSecurityException | IOException e) { throw new IllegalArgumentException(e); } } }
@Override public void setKeyStoreEntry(KeyStore.PrivateKeyEntry entry) { this.key_pair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); }
@Override public void installDefaultSslCert(String host) { synchronized (BouncyCastleSecurityService.class) { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); try { KeyStore keyStore = getKeyStore(getKeyStorePassword()); KeyStore.ProtectionParameter param = new KeyStore.PasswordProtection( getKeyStorePassword().toCharArray()); String alias = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_CERT_ALIAS, SecurityConstants.ALIAS_SYM_PRIVATE_KEY); Entry entry = keyStore.getEntry(alias, param); if (entry == null) { KeyPair pair = generateRSAKeyPair(); X509Certificate cert = generateV1Certificate(host, pair); X509Certificate[] serverChain = new X509Certificate[] { cert }; keyStore.setEntry(alias, new KeyStore.PrivateKeyEntry(pair.getPrivate(), serverChain), param); saveKeyStore(keyStore, getKeyStorePassword()); } } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new RuntimeException(e); } } }