Refine search
/** * Generates a new {@link KeyStore}. * * @param certChain a X.509 certificate chain * @param key a PKCS#8 private key * @param keyPasswordChars the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @return generated {@link KeyStore}. */ static KeyStore buildKeyStore(X509Certificate[] certChain, PrivateKey key, char[] keyPasswordChars) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setKeyEntry(ALIAS, key, keyPasswordChars, certChain); return ks; }
X509Certificate clientCert = CertificateUtils.generateIssuedCertificate(reorderedDn, keyPair.getPublic(), null, certificate, caKeyPair, signingAlgorithm, days); KeyStore keyStore = KeyStoreUtils.getKeyStore(KeystoreType.PKCS12.toString()); keyStore.load(null, null); keyStore.setKeyEntry(NIFI_KEY, keyPair.getPrivate(), null, new Certificate[]{clientCert, certificate}); String password = TlsHelper.writeKeyStore(keyStore, outputStreamFactory, clientCertFile, clientPasswords.get(i), standaloneConfig.isClientPasswordsGenerated());
KeyStore ks = KeyStore.getInstance("JKS"); ks.setKeyEntry("keyAlias", key, passwordForKeyCharArray, certChain); OutputStream writeStream = new FileOutputStream(filePathToStore); ks.store(writeStream, keystorePasswordCharArray); writeStream.close();
public static KeyStore toKeystore(final String authenticationCertificateAlias, final char[] password, final X509Certificate authenticationCertificate[], final PrivateKey authenticationKey) throws Exception { if(authenticationCertificateAlias != null && authenticationCertificate != null && authenticationKey != null) { KeyStore ks = KeyStore.getInstance(JKS); ks.load(null, null); ks.setKeyEntry(authenticationCertificateAlias, authenticationKey, password, authenticationCertificate); return ks; } else { return null; } }
protected void createSingleKeyView(KeyStore original, String alias, char[] password) { try { ks = KeyStoreHelper.getInstanceForCredential("JKS"); ks.load(null); Key key = original.getKey(alias, password); Certificate []chain = original.getCertificateChain(alias); ks.setKeyEntry(ALIAS, key, KEY_PASSWD, chain); } catch (Exception e) { throw new RuntimeException("Got error when loading data from the " + "correct original keystore - this is most probably a bug", e); } }
/** * Generates a new {@link KeyStore}. * * @param certChain a X.509 certificate chain * @param key a PKCS#8 private key * @param keyPasswordChars the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @return generated {@link KeyStore}. */ static KeyStore buildKeyStore(X509Certificate[] certChain, PrivateKey key, char[] keyPasswordChars) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, null); ks.setKeyEntry(ALIAS, key, keyPasswordChars, certChain); return ks; }
public KeyStore getKeyStore( char[] keyStorePass, char[] privateKeyPass ) { KeyStore keyStore; try { keyStore = KeyStore.getInstance( KeyStore.getDefaultType() ); log.debug( "Keystore loaded is of type " + keyStore.getClass().getName() ); keyStore.load( null, keyStorePass ); keyStore.setKeyEntry( "key", privateKey, privateKeyPass, keyCertChain ); } catch ( Exception e ) { throw new RuntimeException( e ); } return keyStore; }
public static KeyStore loadKeyStore(File certificateChainFile, File privateKeyFile, Optional<String> keyPassword) throws IOException, GeneralSecurityException { PrivateKey key = loadPrivateKey(privateKeyFile, keyPassword); List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile); if (certificateChain.isEmpty()) { throw new CertificateException("Certificate file does not contain any certificates: " + certificateChainFile); } KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); keyStore.setKeyEntry("key", key, keyPassword.orElse("").toCharArray(), certificateChain.toArray(new Certificate[0])); return keyStore; }
public static KeyManager[] initKeyStore(File tlsKeyFile, File tlsCertFile, String tlsKeyPassword) throws IOException, GeneralSecurityException { final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); final Collection<? extends Certificate> certChain = loadCertificates(tlsCertFile.toPath()); final PrivateKey privateKey = loadPrivateKey(tlsKeyFile, tlsKeyPassword); final char[] password = Strings.nullToEmpty(tlsKeyPassword).toCharArray(); ks.setKeyEntry("key", privateKey, password, certChain.toArray(new Certificate[certChain.size()])); if (LOG.isDebugEnabled()) { LOG.debug("Private key file: {}", tlsKeyFile); LOG.debug("Certificate file: {}", tlsCertFile); LOG.debug("Aliases: {}", join(ks.aliases())); } final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password); return kmf.getKeyManagers(); }
@Override public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException { try { // pack key into keystore and protect it using password ByteArrayOutputStream os = new ByteArrayOutputStream(); KeyStore keystore = KeyStore.getInstance(keyType); keystore.load(null, password); keystore.setKeyEntry(alias, key, password, chain); keystore.store(os, password); byte[] keystoreBytes = os.toByteArray(); engineSetKeyEntry(alias, keystoreBytes, chain); } catch (CertificateException | NoSuchAlgorithmException | IOException e) { throw log.ldapKeyStoreFailedToSerializeKey(alias, e); } }
@SuppressFBWarnings(value = "NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE") public static KeyStore createKeyStore(final String keypem, final String certpem) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, CertificateException, KeyStoreException { PrivateKey privateKey = loadPrivateKey(keypem); requireNonNull(privateKey); List<Certificate> privateCertificates = loadCertificates(certpem); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null); keyStore.setKeyEntry("docker", privateKey, "docker".toCharArray(), privateCertificates.toArray(new Certificate[privateCertificates.size()]) ); return keyStore; }
private void writeKeystore(X509Certificate certificate, KeyPair entityKeyPair, String path) throws Exception { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, PASSWORD); keyStore.setKeyEntry("alias", entityKeyPair.getPrivate(), PASSWORD, new Certificate[] { certificate }); FileOutputStream outputStream = new FileOutputStream(path); keyStore.store(outputStream, PASSWORD); outputStream.flush(); outputStream.close(); }
private static KeyManagerFactory buildKmf(KeyConfig privateKeyConfig) throws IOException, GeneralSecurityException { String algorithm = Security.getProperty("ssl.KeyManagerFactory.algorithm"); if (algorithm == null) { algorithm = "SunX509"; } byte[] passwordBytes = new byte[64]; RANDOM.nextBytes(passwordBytes); char[] password = Base64.getEncoder().encodeToString(passwordBytes).toCharArray(); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); ks.setKeyEntry("key", privateKeyConfig.privateKey().orElseThrow(() -> new RuntimeException("Private key not available")), password, privateKeyConfig.certChain().toArray(new Certificate[0])); KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm); kmf.init(ks, password); return kmf; }
keyStore = KeyStore.getInstance("JKS"); char[] password = "password".toCharArray(); try { keyStore.load(null, password); } catch (IOException e) { throw new IllegalStateException("Specification says this should not happen as we are not doing I/O", e); throw new IllegalStateException("Specification says this should not happen as we are not loading keys", e); keyStore.setKeyEntry("jenkins", privateKey, password, new X509Certificate[]{identityCertificate});
public static KeyStore loadKeyStore(File certificateChainFile, File privateKeyFile, Optional<String> keyPassword) throws IOException, GeneralSecurityException { PrivateKey key = loadPrivateKey(privateKeyFile, keyPassword); List<X509Certificate> certificateChain = readCertificateChain(certificateChainFile); if (certificateChain.isEmpty()) { throw new CertificateException("Certificate file does not contain any certificates: " + certificateChainFile); } KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); // ensure there is a certificate that matches the private key Certificate[] certificates = certificateChain.toArray(new Certificate[0]); boolean foundMatchingCertificate = false; for (int i = 0; i < certificates.length; i++) { Certificate certificate = certificates[i]; if (matches(key, certificate)) { foundMatchingCertificate = true; // certificate for private key must be in index zero certificates[i] = certificates[0]; certificates[0] = certificate; break; } } if (!foundMatchingCertificate) { throw new KeyStoreException("Private key does not match the public key of any certificate"); } keyStore.setKeyEntry("key", key, new char[0], certificates); return keyStore; }
final KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); ks.load(null, password); ks.setKeyEntry("key", key, password, certChain.toArray(new Certificate[certChain.size()]));
KeyStore store=KeyStore.getInstance(storeType); store.load(null, null); store.setKeyEntry(alias, key, storePass.toCharArray(), null); store.store(stream, storePass.toCharArray());
/** * Create a key stored holding certificates and secret keys from the given Docker key cert * * @param certPath directory holding the keys (key.pem) and certs (ca.pem, cert.pem) * @return a keystore where the private key is secured with "docker" * * @throws IOException is reading of the the PEMs failed * @throws GeneralSecurityException when the files in a wrong format */ public static KeyStore createDockerKeyStore(String certPath) throws IOException, GeneralSecurityException { PrivateKey privKey = loadPrivateKey(certPath + "/key.pem"); Certificate[] certs = loadCertificates(certPath + "/cert.pem"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); keyStore.setKeyEntry("docker", privKey, "docker".toCharArray(), certs); addCA(keyStore, certPath + "/ca.pem"); return keyStore; }
if (keyStore == null) { keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, keyStorePassword); keyStore.setKeyEntry(certificationAlias, privateKey, keyStorePassword, chain);
public static void main(String[] args) throws Exception { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, null); keyStore.setKeyEntry(alias, privKey, keyPass, chain);