List of usage examples for java.security.cert CertStoreException CertStoreException
public CertStoreException(Throwable cause)
From source file:mitm.common.security.KeyAndCertStoreImpl.java
/** * Removes the certificate and if the certificate has an associated key entry an attempt is made to remove the * associated key (note that not all KeyStores allow keys to be removed) *//*from ww w . ja va 2 s .co m*/ @Override public void removeCertificate(X509Certificate certificate) throws CertStoreException { if (logger.isDebugEnabled()) { logger.debug("Removing certificate: {}", certificate); } X509CertStoreEntry entry = getByCertificate(certificate); if (entry == null) { throw new CertStoreException("CertStore entry not found."); } if (keyStore != null && entry.getKeyAlias() != null) { if (logger.isDebugEnabled()) { logger.debug("Deleting associated key with alias: {}", entry.getKeyAlias()); } /* * try to remove the associated key from the keyStore */ try { keyStore.deleteEntry(entry.getKeyAlias()); } catch (KeyStoreException e) { logger.error("Unable to remove associated key for certificate: " + certificate, e); } } certStore.removeCertificate(certificate); }
From source file:mitm.common.security.KeyAndCertStoreImpl.java
/** * Removes all certificate and key entries. *//*from w w w. jav a 2 s. c om*/ @Override public void removeAllEntries() throws CertStoreException { /* remove all entries from the certificate store */ certStore.removeAllEntries(); /* remove all entries from the KeyStore */ if (keyStore != null) { try { Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); keyStore.deleteEntry(alias); } } catch (KeyStoreException e) { throw new CertStoreException(e); } } }
From source file:mitm.common.security.KeyAndCertStoreImpl.java
/** * @See KeyAndCertStore.addKeyAndCertificate *///from www . ja v a 2 s. com @Override public boolean addKeyAndCertificate(KeyAndCertificate keyAndCertificate) throws CertStoreException, KeyStoreException { Check.notNull(keyAndCertificate, "keyAndCertificate"); X509Certificate certificate = keyAndCertificate.getCertificate(); PrivateKey privateKey = keyAndCertificate.getPrivateKey(); Check.notNull(certificate, "certificate"); if (logger.isDebugEnabled()) { logger.debug("Adding KeyAndCertificate: {}", certificate); } String keyAlias = null; if (keyStore != null && privateKey != null) { try { /* we set the key alias to the thumbprint of the associated certificate */ keyAlias = X509CertificateInspector.getThumbprint(certificate); } catch (CertificateEncodingException e) { throw new CertStoreException(e); } catch (NoSuchAlgorithmException e) { throw new CertStoreException(e); } catch (NoSuchProviderException e) { throw new CertStoreException(e); } if (logger.isDebugEnabled()) { logger.debug("Setting Key entry with alias: {}", keyAlias); } keyStore.setKeyEntry(keyAlias, privateKey, getPassword(), new Certificate[] { certificate }); } X509CertStoreEntry certStoreEntry = certStore.getByCertificate(keyAndCertificate.getCertificate()); boolean added = false; if (certStoreEntry == null) { certStore.addCertificate(certificate, keyAlias); added = true; } else { /* * Only set the key alias if the key alias is set and never set the key alias to null if the new * key alias is null. If we would set the key alias to null for an existing cert store entry, it * might happen that when we re-import a certificate but now without a key (for example from a * p7b), the key alias will be set to null which is not want we want. Why? suppose you first * import a pfx file with certificates and keys and then import a p7b file containing a large * number of certificates. Now if the p7b file contains a certificate that was also stored in * the pfx together with the private key, if we would have set the key alias to null when we * imported the p7b, we no longer have the associated private key. The private key is still * there but detached from it's certificate. */ if (keyAlias != null) { /* * Only set if the key alias is changing */ if (!keyAlias.equals(certStoreEntry.getKeyAlias())) { certStoreEntry.setKeyAlias(keyAlias); added = true; } } } return added; }
From source file:mitm.common.security.KeyAndCertStoreImpl.java
/** * @See KeyAndCertStore.sync//from w ww . j a va 2 s . c om */ @Override public void sync(SyncMode syncMode) throws KeyStoreException, CertStoreException { if (keyStore == null) { logger.warn("keyStore is null."); return; } if (syncMode == SyncMode.CERT_STORE || syncMode == SyncMode.ALL) { logger.info("Syncing Key store --> Certificate store"); Enumeration<String> aliases = keyStore.aliases(); /* * sync keyStore by getting the certificates and keys from the keyStore and placing it in the certStore. */ while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); Certificate certificate = keyStore.getCertificate(alias); if (!(certificate instanceof X509Certificate)) { /* * only X509Certificates are supported. If the key entry does not have an * associated certificate we will not import the key because the key * would not be used. */ continue; } X509Certificate x509Certificate = (X509Certificate) certificate; try { String keyAlias = null; if (keyStore.isKeyEntry(alias)) { keyAlias = alias; } X509CertStoreEntry certEntry = getByCertificate(x509Certificate); if (certEntry != null) { /* * Certificate already exists. Set key alias if different */ if (!StringUtils.equals(certEntry.getKeyAlias(), keyAlias)) { logger.info("Certificate with thumbprint {} already exist. Setting new key alias: {}", X509CertificateInspector.getThumbprint(certificate), keyAlias); certEntry.setKeyAlias(keyAlias); } } else { logger.info("Adding certificate with thumbprint {} and key alias: {}", X509CertificateInspector.getThumbprint(certificate), keyAlias); addCertificate(x509Certificate, keyAlias); } } catch (Exception e) { logger.error("Error syncing the item with alias: " + alias, e); } } } if (syncMode == SyncMode.KEY_STORE || syncMode == SyncMode.ALL) { logger.info("Syncing Certificate store --> Key store"); /* * synchronize certStore entries to make sure that all key aliases references valid keys. If a key alias * references a key that is no longer available the key entry will be set to null. * * Warning: if a removable keyStore (like smartcard) is used and the keyStore is temporarily unavailable * synchronizing will result in the deassociation of the key with the certificate. */ CloseableIterator<? extends X509CertStoreEntry> certStoreIterator = certStore.getCertStoreIterator(null, MissingKeyAlias.NOT_ALLOWED, null, null); try { try { while (certStoreIterator.hasNext()) { X509CertStoreEntry certStoreEntry = certStoreIterator.next(); String keyAlias = certStoreEntry.getKeyAlias(); if (keyAlias != null) { if (!keyStore.isKeyEntry(keyAlias)) { logger.warn("Key with alias {} cannot be found. Removing key alias.", keyAlias); certStoreEntry.setKeyAlias(null); } } } } finally { certStoreIterator.close(); } } catch (CloseableIteratorException e) { throw new CertStoreException(e); } } logger.info("Syncing finished"); }