public boolean engineEntryInstanceOf(final String alias, final Class<? extends KeyStore.Entry> entryClass) { try { return entryClass == PasswordEntry.class && delegate.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class) || delegate.entryInstanceOf(alias, entryClass); } catch (KeyStoreException e) { throw new IllegalStateException(e); } }
/** * The OpenSSL provider does not support the {@link KeyManagerFactory}, so we have to lookup the integration * certificate and key in order to provide it to OpenSSL. * <p> * TODO: SNI is currently not supported, we use only the first found private key. */ private static SslContextBuilder builderWithOpenSSLProvider(KeyStore ks, String keyPassword) throws GeneralSecurityException { for (String alias : Collections.list(ks.aliases())) { if (ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { PrivateKey key = (PrivateKey) ks.getKey(alias, keyPassword.toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); X509Certificate[] certChain = new X509Certificate[chain.length]; System.arraycopy(chain, 0, certChain, 0, chain.length); return SslContextBuilder.forServer(key, certChain); } } throw new KeyManagementException("the SSL key-store does not contain a private key"); }
if (trustStore.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) { Certificate certificate = trustStore.getCertificate(alias); if (!(certificate instanceof X509Certificate)) {
/** * Initialisation if a supplied key is defined in the properties. This supplied key must be in a keystore which * can be generated using the keystoreGenerator file in demos. The keystore must be on the classpath to find it. */ protected void readSecretKeyFromKeystore() throws Exception { // must not use default keystore type - as it does not support secret keys KeyStore store=KeyStore.getInstance(keystore_type != null? keystore_type : KeyStore.getDefaultType()); if(key_password == null && store_password != null) { key_password=store_password; log.debug("%s: key_password used is same as store_password", local_addr); } try (InputStream inputStream = getKeyStoreSource()) { store.load(inputStream, store_password.toCharArray()); } // loaded keystore - get the key if (!store.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) { throw new Exception("Key '" + alias + "' from keystore " + keystore_name + " is not a secret key"); } KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(key_password.toCharArray())); if (entry == null) { throw new Exception("Key '" + alias + "' not found in keystore " + keystore_name); } this.setKeyStoreEntry(entry); }
@Override public SingleSignOnSessionFactory get() { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; CredentialSource source = this.credentialSource.get(); try { if (!store.containsAlias(alias)) { throw UndertowLogger.ROOT_LOGGER.missingKeyStoreEntry(alias); } if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { throw UndertowLogger.ROOT_LOGGER.keyStoreEntryNotPrivate(alias); } PasswordCredential credential = source.getCredential(PasswordCredential.class); if (credential == null) { throw UndertowLogger.ROOT_LOGGER.missingCredential(source.toString()); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw UndertowLogger.ROOT_LOGGER.credentialNotClearPassword(credential.toString()); } KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); KeyPair keyPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); Optional<SSLContext> context = Optional.ofNullable(this.sslContext).map(dependency -> dependency.get()); return new DefaultSingleSignOnSessionFactory(this.manager.get(), keyPair, connection -> context.ifPresent(ctx -> connection.setSSLSocketFactory(ctx.getSocketFactory()))); } catch (GeneralSecurityException | IOException e) { throw new IllegalArgumentException(e); } } }
@Override public CipherAuthToken apply(String authValue) { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; try { if (!store.containsAlias(alias)) { throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias); } if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { throw JGroupsLogger.ROOT_LOGGER.unexpectedKeyStoreEntryType(alias, KeyStore.PrivateKeyEntry.class.getSimpleName()); } PasswordCredential credential = this.keyCredentialSource.get().getCredential(PasswordCredential.class); if (credential == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); KeyPair pair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); Cipher cipher = Cipher.getInstance(this.transformation); return new CipherAuthToken(cipher, pair, authValue.getBytes(StandardCharsets.UTF_8)); } catch (GeneralSecurityException | IOException e) { throw new IllegalArgumentException(e); } } }
@Override public void accept(P protocol) { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; try { if (!store.containsAlias(alias)) { throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias); } PasswordCredential credential = this.credentialSource.get().getCredential(PasswordCredential.class); if (credential == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } if (!store.entryInstanceOf(alias, this.entryClass)) { throw JGroupsLogger.ROOT_LOGGER.unexpectedKeyStoreEntryType(alias, this.entryClass.getSimpleName()); } KeyStore.Entry entry = store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); protocol.setKeyStoreEntry(this.entryClass.cast(entry)); } catch (KeyStoreException | IOException | NoSuchAlgorithmException | UnrecoverableEntryException e) { throw new IllegalArgumentException(e); } } }
public boolean engineEntryInstanceOf(final String alias, final Class<? extends KeyStore.Entry> entryClass) { try { return entryClass == PasswordEntry.class && delegate.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class) || delegate.entryInstanceOf(alias, entryClass); } catch (KeyStoreException e) { throw new IllegalStateException(e); } }
public boolean engineEntryInstanceOf(final String alias, final Class<? extends KeyStore.Entry> entryClass) { try { return entryClass == PasswordEntry.class && delegate.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class) || delegate.entryInstanceOf(alias, entryClass); } catch (KeyStoreException e) { throw new IllegalStateException(e); } }
public boolean engineEntryInstanceOf(final String alias, final Class<? extends KeyStore.Entry> entryClass) { try { return entryClass == PasswordEntry.class && delegate.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class) || delegate.entryInstanceOf(alias, entryClass); } catch (KeyStoreException e) { throw new IllegalStateException(e); } }
private String getEntryType(KeyStore keyStore, String alias) throws KeyStoreException { if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { return KeyStore.PrivateKeyEntry.class.getSimpleName(); } else if (keyStore.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) { return KeyStore.SecretKeyEntry.class.getSimpleName(); } else if (keyStore.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) { return KeyStore.TrustedCertificateEntry.class.getSimpleName(); } else if (keyStore.entryInstanceOf(alias, PasswordEntry.class)) { return PasswordEntry.class.getSimpleName(); } else { return "Other"; } } }
private boolean containsPrivateKey(final java.security.KeyStore keyStore) throws KeyStoreException { final Enumeration<String> aliasesEnum = keyStore.aliases(); boolean foundPrivateKey = false; while (aliasesEnum.hasMoreElements()) { String alias = aliasesEnum.nextElement(); if (keyStore.entryInstanceOf(alias, java.security.KeyStore.PrivateKeyEntry.class)) { foundPrivateKey = true; break; } } return foundPrivateKey; }
public QpidBestFitX509KeyManager(String defaultAlias, URL keyStoreUrl, String keyStoreType, String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException { KeyStore ks = SSLUtil.getInitializedKeyStore(keyStoreUrl,keyStorePassword,keyStoreType); KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName); kmf.init(ks, keyStorePassword.toCharArray()); List<String> aliases = new ArrayList<>(); for(String alias : Collections.list(ks.aliases())) { if(ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { aliases.add(alias); } } _aliases = Collections.unmodifiableList(aliases); _delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0]; _defaultAlias = defaultAlias; }
/** * Creates Key manager. * * @param keyStore keyStore (must have been initialized) * @param pwd keyStore password * @throws KeyStoreException if keyStore hasn't been initialized. */ public MariaDbX509KeyManager(KeyStore keyStore, char[] pwd) throws KeyStoreException { super(); Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { try { privateKeyHash.put(alias, (KeyStore.PrivateKeyEntry) keyStore .getEntry(alias, new KeyStore.PasswordProtection(pwd))); } catch (UnrecoverableEntryException | NoSuchAlgorithmException unrecoverableEntryEx) { //password invalid | algorithm error } } } }
/** * Creates Key manager. * * @param keyStore keyStore (must have been initialized) * @param pwd keyStore password * @throws KeyStoreException if keyStore hasn't been initialized. */ public MariaDbX509KeyManager(KeyStore keyStore, char[] pwd) throws KeyStoreException { super(); Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { try { privateKeyHash.put(alias, (KeyStore.PrivateKeyEntry) keyStore .getEntry(alias, new KeyStore.PasswordProtection(pwd))); } catch (UnrecoverableEntryException | NoSuchAlgorithmException unrecoverableEntryEx) { //password invalid | algorithm error } } } }
ProvX509KeyManagerSimple(KeyStore ks, char[] password) throws GeneralSecurityException { if (ks != null) { Enumeration<String> aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); if (ks.entryInstanceOf(alias, PrivateKeyEntry.class)) { PrivateKey privateKey = (PrivateKey)ks.getKey(alias, password); X509Certificate[] certificateChain = JsseUtils.getX509CertificateChain(ks.getCertificateChain(alias)); if (certificateChain != null && certificateChain.length > 0) { credentials.put(alias, new Credential(privateKey, certificateChain)); } } } } }
protected static String getPrivateKeyAlias(final KeyStore keyStore, final String keyStoreAlias) { try { final Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { final String currentAlias = aliases.nextElement(); if (keyStoreAlias != null) { if (currentAlias.equalsIgnoreCase(keyStoreAlias)) { return currentAlias; } } else if (keyStore.entryInstanceOf(currentAlias, KeyStore.PrivateKeyEntry.class)) { return currentAlias; } } throw new SAMLException("Keystore has no private keys"); } catch (final KeyStoreException e) { throw new SAMLException("Unable to get aliases from keyStore", e); } } }
public void removeClientCertificate(String alias) throws KeyStoreException { KeyStore moduleKeyStore = getModuleKeyStore(); if (!moduleKeyStore.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) { throw new RuntimeException("Only entries of type " + KeyStoreEntryDataContainer.DISPLAYABLE_ENTRY_TYPES.get(KeyStore.TrustedCertificateEntry.class) + " can be removed"); } getModuleKeyStore().deleteEntry(alias); }
/** * Initialisation if a supplied key is defined in the properties. This supplied key must be in a keystore which * can be generated using the keystoreGenerator file in demos. The keystore must be on the classpath to find it. */ protected void readSecretKeyFromKeystore() throws Exception { // must not use default keystore type - as it does not support secret keys KeyStore store=KeyStore.getInstance(keystore_type != null? keystore_type : KeyStore.getDefaultType()); if(key_password == null && store_password != null) { key_password=store_password; log.debug("%s: key_password used is same as store_password", local_addr); } try (InputStream inputStream = getKeyStoreSource()) { store.load(inputStream, store_password.toCharArray()); } // loaded keystore - get the key if (!store.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) { throw new Exception("Key '" + alias + "' from keystore " + keystore_name + " is not a secret key"); } KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(key_password.toCharArray())); if (entry == null) { throw new Exception("Key '" + alias + "' not found in keystore " + keystore_name); } this.setKeyStoreEntry(entry); }
@Override public void accept(P protocol) { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; try { if (!store.containsAlias(alias)) { throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias); } PasswordCredential credential = this.credentialSource.get().getCredential(PasswordCredential.class); if (credential == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } if (!store.entryInstanceOf(alias, this.entryClass)) { throw JGroupsLogger.ROOT_LOGGER.unexpectedKeyStoreEntryType(alias, this.entryClass.getSimpleName()); } KeyStore.Entry entry = store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); protocol.setKeyStoreEntry(this.entryClass.cast(entry)); } catch (KeyStoreException | IOException | NoSuchAlgorithmException | UnrecoverableEntryException e) { throw new IllegalArgumentException(e); } } }