boolean verifySigned(File keystore, Certificate agentCertificate) { try { KeyStore store = KeyStore.getInstance("JKS"); FileInputStream inputStream = new FileInputStream(keystore); store.load(inputStream, PASSWORD_AS_CHAR_ARRAY); IOUtils.closeQuietly(inputStream); KeyStore.PrivateKeyEntry intermediateEntry = (KeyStore.PrivateKeyEntry) store.getEntry("ca-intermediate", new KeyStore.PasswordProtection(PASSWORD_AS_CHAR_ARRAY)); Certificate intermediateCertificate = intermediateEntry.getCertificate(); agentCertificate.verify(intermediateCertificate.getPublicKey()); return true; } catch (Exception e) { return false; } }
@Override public void setKeyStoreEntry(KeyStore.PrivateKeyEntry entry) { this.key_pair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); }
public Registration createAgentCertificate(final File authorityKeystore, String agentHostname) { Date epoch = new Date(0); KeyPair agentKeyPair = generateKeyPair(); try { KeyStore store = loadOrCreateCAKeyStore(authorityKeystore); KeyStore.PrivateKeyEntry intermediateEntry = (KeyStore.PrivateKeyEntry) store.getEntry("ca-intermediate", new KeyStore.PasswordProtection(PASSWORD_AS_CHAR_ARRAY)); X509Certificate[] chain = new X509Certificate[3]; chain[2] = (X509Certificate) store.getCertificate("ca-cert"); chain[1] = (X509Certificate) intermediateEntry.getCertificate(); chain[0] = createAgentCertificate(agentKeyPair.getPublic(), intermediateEntry.getPrivateKey(), chain[1].getPublicKey(), agentHostname, epoch); return new Registration(agentKeyPair.getPrivate(), chain); } catch (Exception e) { throw bomb("Couldn't create agent certificate", e); } }
@Test public void testByEKUFailCA() throws Exception { final String content = "testByEKU"; KeyStore.PrivateKeyEntry entry = getPrivateKeyEntry(getKeyStore("PKCS12", "ticket/ca1test2.p12", "test2"), "1", "test2"); assertThrows(GeneralSecurityException.class, () -> new TicketDecoder( getKeyStore("JKS", "ticket/ca2.jks", "changeit"), "1.2.3.4" ).decode( new TicketEncoder(entry.getCertificate(), entry.getPrivateKey()).encode(content) ) ); }
@Test public void testByEKUFailEKU() throws Exception { final String content = "testByEKU"; KeyStore.PrivateKeyEntry entry = getPrivateKeyEntry(getKeyStore("PKCS12", "ticket/ca1test2.p12", "test2"), "1", "test2"); assertThrows(GeneralSecurityException.class, () -> new TicketDecoder( getKeyStore("JKS", "ticket/ca1.jks", "changeit"), "1.2.3.4.5" ).decode( new TicketEncoder(entry.getCertificate(), entry.getPrivateKey()).encode(content) ) ); }
@Test public void testByCertificateFailCertificate() throws Exception { final String content = "testByCertificate"; KeyStore.PrivateKeyEntry entry1 = getPrivateKeyEntry(getKeyStore("PKCS12", "ticket/ca1test1.p12", "test1"), "1", "test1"); KeyStore.PrivateKeyEntry entry2 = getPrivateKeyEntry(getKeyStore("PKCS12", "ticket/ca1test2.p12", "test2"), "1", "test2"); assertThrows(GeneralSecurityException.class, () -> new TicketDecoder( entry2.getCertificate() ).decode( new TicketEncoder(entry1.getCertificate(), entry1.getPrivateKey()).encode(content) ) ); }
@Test public void testByCertificateFailCA() throws Exception { final String content = "testByCertificate"; KeyStore.PrivateKeyEntry entry = getPrivateKeyEntry(getKeyStore("PKCS12", "ticket/ca1test1.p12", "test1"), "1", "test1"); assertThrows(GeneralSecurityException.class, () -> new TicketDecoder( getKeyStore("JKS", "ticket/ca2.jks", "changeit"), null, entry.getCertificate() ).decode( new TicketEncoder(entry.getCertificate(), entry.getPrivateKey()).encode(content) ) ); }
private X509Certificate certificateIn(KeyStore.PrivateKeyEntry certEntry) { if( certEntry == null ) { return null; } Certificate myCertificate = certEntry.getCertificate(); if( myCertificate instanceof X509Certificate ) { //if( "X.509".equals(myCertificate.getType()) ) { return (X509Certificate)myCertificate; } throw new IllegalArgumentException("Certificate is not X509: "+myCertificate.getType()); //PublicKey myPublicKey = pkEntry.getCertificate().getPublicKey(); //return new RsaCredential(myPrivateKey, myPublicKey); }
public static String encrypt(String alias, String plaintext) { try { PublicKey publicKey = getPrivateKeyEntry(alias).getCertificate().getPublicKey(); Cipher cipher = getCipher(); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return Base64.encodeToString(cipher.doFinal(plaintext.getBytes()), Base64.NO_WRAP); } catch (Exception e) { throw new RuntimeException(e); } }
Certificate certificate() throws Exception { final KeyStore.Entry entry = keyStoreEntry(PasswordUsage.READ); if (entry instanceof KeyStore.PrivateKeyEntry) { return ((KeyStore.PrivateKeyEntry) entry).getCertificate(); } else if (entry instanceof KeyStore.TrustedCertificateEntry) { return ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate(); } else { throw new NotaryException(message(NO_CERTIFICATE)); } }
/** * Return the engine certificate. * @return certificate key. */ public static Certificate getCertificate() { return getPrivateKeyEntry().getCertificate(); }
private KeyInfo getKeyInfo(KeyStore.PrivateKeyEntry privateKeyEntry) { // Get the certificate from the private key. X509Certificate cert = (X509Certificate) privateKeyEntry.getCertificate(); // Create the KeyInfo containing the X509Data. KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance(); // KeyInfoFactory keyInfoFactory = fac.getKeyInfoFactory(); List x509Content = new ArrayList(); x509Content.add(cert.getSubjectX500Principal().getName()); x509Content.add(cert); X509Data x509Data = keyInfoFactory.newX509Data(x509Content); return keyInfoFactory.newKeyInfo(Collections.singletonList(x509Data)); }
private X509Certificate certificateIn(KeyStore.PrivateKeyEntry certEntry) { if (certEntry == null) { return null; } Certificate myCertificate = certEntry.getCertificate(); if (myCertificate instanceof X509Certificate) { //if( "X.509".equals(myCertificate.getType()) ) { return (X509Certificate) myCertificate; } throw new IllegalArgumentException("Certificate is not X509: " + myCertificate.getType()); //PublicKey myPublicKey = pkEntry.getCertificate().getPublicKey(); //return new RsaCredential(myPrivateKey, myPublicKey); }
/** * Returns the debug {@link Certificate} to use to sign applications for debug purpose. * @return the certificate or <code>null</code> if its creation failed. */ @SuppressWarnings("unused") // the thrown Exceptions are not actually thrown public Certificate getCertificate() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, UnrecoverableEntryException { if (mEntry != null) { return mEntry.getCertificate(); } return null; }
RSAPublicKey publicKey = (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey();
final KeyStore.PrivateKeyEntry privateKeyEntry = P12Util.getFirstPrivateKeyEntryFromP12InputStream(p12InputStream, p12Password); final Certificate certificate = privateKeyEntry.getCertificate();
KeyPair keyPair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey()); Certificate[] certificateChain = privateKeyEntry.getCertificateChain(); if (certificateChain.length != 1) {
@Override public CertificateAndKey load() { try { KeyStore.Entry entry; try { entry = keyStore.getEntry(privateKeyAlias, new KeyStore.PasswordProtection(keyStorePassword.toCharArray())); } catch (UnrecoverableEntryException e) { throw new CertificateSourceException("Unable to load private key with alias " + privateKeyAlias + " from KeyStore. Verify the KeyStore password is correct.", e); } if (entry == null) { throw new CertificateSourceException("Unable to find entry in keystore with alias: " + privateKeyAlias); } if (!(entry instanceof KeyStore.PrivateKeyEntry)) { throw new CertificateSourceException("Entry in KeyStore with alias " + privateKeyAlias + " did not contain a private key entry"); } KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry; PrivateKey privateKey = privateKeyEntry.getPrivateKey(); if (!(privateKeyEntry.getCertificate() instanceof X509Certificate)) { throw new CertificateSourceException("Certificate for private key in KeyStore was not an X509Certificate. Private key alias: " + privateKeyAlias + ". Certificate type: " + (privateKeyEntry.getCertificate() != null ? privateKeyEntry.getCertificate().getClass().getName() : null)); } X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate(); return new CertificateAndKey(x509Certificate, privateKey); } catch (KeyStoreException | NoSuchAlgorithmException e) { throw new CertificateSourceException("Error accessing keyStore", e); } }
@Override public SingleSignOnSessionFactory get() { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; CredentialSource source = this.credentialSource.get(); try { if (!store.containsAlias(alias)) { throw UndertowLogger.ROOT_LOGGER.missingKeyStoreEntry(alias); } if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { throw UndertowLogger.ROOT_LOGGER.keyStoreEntryNotPrivate(alias); } PasswordCredential credential = source.getCredential(PasswordCredential.class); if (credential == null) { throw UndertowLogger.ROOT_LOGGER.missingCredential(source.toString()); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw UndertowLogger.ROOT_LOGGER.credentialNotClearPassword(credential.toString()); } KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); KeyPair keyPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); Optional<SSLContext> context = Optional.ofNullable(this.sslContext).map(dependency -> dependency.get()); return new DefaultSingleSignOnSessionFactory(this.manager.get(), keyPair, connection -> context.ifPresent(ctx -> connection.setSSLSocketFactory(ctx.getSocketFactory()))); } catch (GeneralSecurityException | IOException e) { throw new IllegalArgumentException(e); } } }
@Override public CipherAuthToken apply(String authValue) { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; try { if (!store.containsAlias(alias)) { throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias); } if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { throw JGroupsLogger.ROOT_LOGGER.unexpectedKeyStoreEntryType(alias, KeyStore.PrivateKeyEntry.class.getSimpleName()); } PasswordCredential credential = this.keyCredentialSource.get().getCredential(PasswordCredential.class); if (credential == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); KeyPair pair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); Cipher cipher = Cipher.getInstance(this.transformation); return new CipherAuthToken(cipher, pair, authValue.getBytes(StandardCharsets.UTF_8)); } catch (GeneralSecurityException | IOException e) { throw new IllegalArgumentException(e); } } }