private KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException { try { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream in = null; // By convention, 'null' creates an empty key store. keyStore.load(in, password); return keyStore; } catch (IOException e) { throw new AssertionError(e); } }
private static SSLContext sslContext(String keystoreFile, String password) throws GeneralSecurityException, IOException { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); try (InputStream in = new FileInputStream(keystoreFile)) { keystore.load(in, password.toCharArray()); } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, password.toCharArray()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keystore); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init( keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext; } }
protected org.apache.http.conn.ssl.SSLSocketFactory createAdditionalCertsSSLSocketFactory() { try { final KeyStore ks = KeyStore.getInstance("BKS"); // the bks file we generated above final InputStream in = context.getResources().openRawResource( R.raw.mystore); try { // don't forget to put the password used above in strings.xml/mystore_password ks.load(in, context.getString( R.string.mystore_password ).toCharArray()); } finally { in.close(); } return new AdditionalKeyStoresSSLSocketFactory(ks); } catch( Exception e ) { throw new RuntimeException(e); } }
private static KeyStore loadKeyStore(String type, File path, String password, @Nullable String provider) throws Exception { KeyStore keyStore; if (provider == null) { keyStore = KeyStore.getInstance(type); } else { try { keyStore = KeyStore.getInstance(type, provider); } catch (KeyStoreException ignore) { log.warn("Keystore of type: {} is not supported for provider: {}. Trying out other providers...", type, provider); keyStore = KeyStore.getInstance(type); } } try (InputStream inputStream = new FileInputStream(path)) { keyStore.load(inputStream, password.toCharArray()); } return keyStore; } }
private SSLSocketFactory getSocketFactory() throws GeneralSecurityException, IOException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); KeyStore keyStore = KeyStore.getInstance("PKCS12"); InputStream keyInput = new FileInputStream(pathToPkcs12File); keyStore.load(keyInput, password.toCharArray()); keyInput.close(); keyManagerFactory.init(keyStore, password.toCharArray()); SSLContext context = SSLContext.getInstance("TLS"); context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom()); return context.getSocketFactory(); }
KeyStore readKeyStore() { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // get user password and file input stream char[] password = getPassword(); java.io.FileInputStream fis = null; try { fis = new java.io.FileInputStream("keyStoreName"); ks.load(fis, password); } finally { if (fis != null) { fis.close(); } } return ks; }
protected void load(URI uri) throws IOException { String path = uri.getPath(); if (path == null || path.isEmpty()) { throw new RuntimeException("KeyProvider parameters should specify a path"); } InputStream is = new FileInputStream(new File(path)); try { store.load(is, password); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (CertificateException e) { throw new RuntimeException(e); } finally { is.close(); } }
static TrustManagerFactory buildTrustManagerFactory( X509Certificate[] certCollection, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException { final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); int i = 1; for (X509Certificate cert: certCollection) { String alias = Integer.toString(i); ks.setCertificateEntry(alias, cert); i++; } // Set up trust manager factory to use our key store. if (trustManagerFactory == null) { trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); } trustManagerFactory.init(ks); return trustManagerFactory; }
KeyStore ks = KeyStore.getInstance("JKS"); InputStream ksIs = new FileInputStream("..."); try { ks.load(ksIs, "password".toCharArray()); } finally { if (ksIs != null) { ksIs.close(); } } KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory .getDefaultAlgorithm()); kmf.init(ks, "keypassword".toCharArray());
private SSLServerSocket getSSLSocket() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException{ KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(mContext.getAssets().open(KEYSTORE_FILE), KEYSTORE_PASS.toCharArray()); KeyManagerFactory keyMan = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyMan.init(keyStore, KEYSTORE_PASS.toCharArray()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(keyMan.getKeyManagers(), null, null); SSLServerSocketFactory sslFactory = sslContext.getServerSocketFactory(); return (SSLServerSocket) sslFactory.createServerSocket(mPort, BACKLOG, mAddress); }
private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword) throws IOException, GeneralSecurityException { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { // attempt to read the trust store as a PEM file List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath); if (!certificateChain.isEmpty()) { trustStore.load(null, null); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); trustStore.setCertificateEntry(principal.getName(), certificate); } return trustStore; } } catch (IOException | GeneralSecurityException ignored) { } try (InputStream in = new FileInputStream(trustStorePath)) { trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null)); } return trustStore; }
private static KeyStore newEmptyKeyStore(String keyStoreType) throws GeneralSecurityException { if (keyStoreType == null) { keyStoreType = KeyStore.getDefaultType(); } try { KeyStore keyStore = KeyStore.getInstance(keyStoreType); InputStream in = null; // By convention, 'null' creates an empty key store. keyStore.load(in, password); return keyStore; } catch (IOException e) { throw new AssertionError(e); } } }
public static KeyStore loadTrustStore(File certificateChainFile) throws IOException, GeneralSecurityException { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate); } return keyStore; }
InputStream is = new FileInputStream("cacert.crt"); // You could get a resource as a stream instead. CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate caCert = (X509Certificate)cf.generateCertificate(is); TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null); // You don't need the KeyStore instance to come from a file. ks.setCertificateEntry("caCert", caCert); tmf.init(ks); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, tmf.getTrustManagers(), null);
private static KeyManager[] initKeyManagers(String keystore, char[] keystorePassword, char[] keyManagerPassword) throws Exception { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream(keystore), keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore, keyManagerPassword); return keyManagerFactory.getKeyManagers(); }
private Optional<SSLContext> getSslContext() { if (sslEnabled) { try { KeyStore ks = KeyStore.getInstance(keystoreType); ks.load(new FileInputStream(keystore), keystorePassword.toCharArray()); // can be set with "ssl.KeyManagerFactory.algorithm" String algorithm = KeyManagerFactory.getDefaultAlgorithm(); // Set up key manager factory to use our key store KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, keystorePassword.toCharArray()); SSLContext serverContext = SSLContext.getInstance("TLS"); serverContext.init(kmf.getKeyManagers(), null, null); return Optional.of(serverContext); } catch (Exception e) { throw new Error("Failed to initialize the server-side SSLContext", e); } } else { return Optional.empty(); } }
private static KeyStore loadTrustStore(File trustStorePath, Optional<String> trustStorePassword) throws IOException, GeneralSecurityException { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); try { // attempt to read the trust store as a PEM file List<X509Certificate> certificateChain = PemReader.readCertificateChain(trustStorePath); if (!certificateChain.isEmpty()) { trustStore.load(null, null); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); trustStore.setCertificateEntry(principal.getName(), certificate); } return trustStore; } } catch (IOException | GeneralSecurityException ignored) { } try (InputStream in = new FileInputStream(trustStorePath)) { trustStore.load(in, trustStorePassword.map(String::toCharArray).orElse(null)); } return trustStore; }
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(trustStore, trustStorePassword); trustStore.close();
public static KeyStore loadTrustStore(File certificateChainFile) throws IOException, GeneralSecurityException { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile); for (X509Certificate certificate : certificateChain) { X500Principal principal = certificate.getSubjectX500Principal(); keyStore.setCertificateEntry(principal.getName("RFC2253"), certificate); } return keyStore; }
TrustManagerFactory tmf = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore ks = KeyStore.getInstance("JKS"); FileInputStream fis = new FileInputStream("/.../truststore.jks"); ks.load(fis, null); // or ks.load(fis, "thepassword".toCharArray()); fis.close(); tmf.init(ks); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, tmf.getTrustManagers(), null);