List of usage examples for java.security KeyStore setKeyEntry
public final void setKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException
From source file:org.kontalk.client.KontalkConnection.java
@SuppressLint("AllowAllHostnameVerifier") private static void setupSSL(XMPPTCPConnectionConfiguration.Builder builder, boolean direct, PrivateKey privateKey, X509Certificate bridgeCert, boolean acceptAnyCertificate, KeyStore trustStore) { try {// ww w.ja v a 2 s .c o m SSLContext ctx = SSLContext.getInstance("TLS"); KeyManager[] km = null; if (privateKey != null && bridgeCert != null) { // in-memory keystore KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, null); keystore.setKeyEntry("private", privateKey, null, new Certificate[] { bridgeCert }); // key managers KeyManagerFactory kmFactory = KeyManagerFactory .getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmFactory.init(keystore, null); km = kmFactory.getKeyManagers(); // disable PLAIN mechanism if not upgrading from legacy if (!LegacyAuthentication.isUpgrading()) { // blacklist PLAIN mechanism SASLAuthentication.blacklistSASLMechanism("PLAIN"); } } // trust managers TrustManager[] tm; if (acceptAnyCertificate) { tm = new TrustManager[] { new X509TrustManager() { @Override public X509Certificate[] getAcceptedIssuers() { return null; } @SuppressLint("TrustAllX509TrustManager") @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @SuppressLint("TrustAllX509TrustManager") @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } } }; builder.setHostnameVerifier(new AllowAllHostnameVerifier()); } else { // builtin keystore TrustManagerFactory tmFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmFactory.init(trustStore); tm = tmFactory.getTrustManagers(); } ctx.init(km, tm, null); builder.setCustomSSLContext(ctx); if (direct) builder.setSocketFactory(ctx.getSocketFactory()); // SASL EXTERNAL is already enabled in Smack } catch (Exception e) { Log.w(TAG, "unable to setup SSL connection", e); } }
From source file:org.kontalk.client.ClientHTTPConnection.java
public static SSLSocketFactory setupSSLSocketFactory(Context context, PrivateKey privateKey, X509Certificate certificate, boolean acceptAnyCertificate) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException, UnrecoverableKeyException, NoSuchProviderException { // in-memory keystore KeyManager[] km = null;/* w w w.java 2 s .co m*/ if (privateKey != null && certificate != null) { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, null); keystore.setKeyEntry("private", privateKey, null, new Certificate[] { certificate }); // key managers KeyManagerFactory kmFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmFactory.init(keystore, null); km = kmFactory.getKeyManagers(); } // trust managers TrustManager[] tm; if (acceptAnyCertificate) { tm = new TrustManager[] { new X509TrustManager() { @Override public X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } } }; } else { // load merged truststore (system + internal) KeyStore trustStore = InternalTrustStore.getTrustStore(context); // builtin keystore TrustManagerFactory tmFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmFactory.init(trustStore); tm = tmFactory.getTrustManagers(); } SSLContext ctx = SSLContext.getInstance("TLSv1"); ctx.init(km, tm, null); return new TlsOnlySocketFactory(ctx.getSocketFactory(), true); }
From source file:net.link.util.common.KeyUtils.java
public static KeyStore newKeyStore(PrivateKey privateKey, X509Certificate certificate, char[] keyStorePassword, char[] keyEntryPassword) { try {//from w w w. jav a 2 s. com KeyStore keyStore = newKeyStore(); keyStore.setKeyEntry("default", privateKey, keyEntryPassword, new Certificate[] { certificate }); return keyStore; } catch (KeyStoreException e) { throw new InternalInconsistencyException( "PKCS12 KeyStores not supported or store does not support the key or certificate.", e); } }
From source file:org.glite.slcs.pki.bouncycastle.Codec.java
/** * Stores the private key and certificate in a PKCS12 file. The certificate * Subject CN is used as key alias in the PKCS12 store. * // w w w . j a v a 2s.c om * @param privateKey * The private key. * @param certificate * The X509 certificate. * @param chain * The X509 certificate chain. * @param file * The file object. * @param password * The password for the PKCS12 file. * @throws GeneralSecurityException * If a crypto error occurs. * @throws IOException * If an IO error occurs. */ static public void storePKCS12(PrivateKey privateKey, X509Certificate certificate, X509Certificate chain[], File file, char[] password) throws GeneralSecurityException, IOException { // set the bag information for the PKCS12 keystore PKCS12BagAttributeCarrier bagAttr = (PKCS12BagAttributeCarrier) privateKey; PublicKey publicKey = certificate.getPublicKey(); bagAttr.setBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new SubjectKeyIdentifierStructure(publicKey)); // the PKCS12 keystore key alias is the CN String alias = getPrincipalValue(certificate, X509Principal.CN); // build full cert chain int nCerts = chain.length + 1; Certificate certs[] = new Certificate[nCerts]; certs[0] = certificate; for (int i = 0; i < chain.length; i++) { certs[i + 1] = chain[i]; } // create a PKCS12 keystore KeyStore p12Store = KeyStore.getInstance("PKCS12", BouncyCastleProvider.PROVIDER_NAME); p12Store.load(null, null); // set the key entry p12Store.setKeyEntry(alias, privateKey, null, certs); // store the file FileOutputStream fos = new FileOutputStream(file); p12Store.store(fos, password); fos.close(); }
From source file:com.ibm.mqlight.api.security.KeyStoreUtils.java
/** * Adds a private key to the specified key store from the passed private key file and certificate chain. * * @param keyStore//ww w .j av a 2 s . c om * The key store to receive the private key. * @param pemKeyFile * A PEM format file containing the private key. * @param passwordChars * The password that protects the private key. * @param certChain The certificate chain to associate with the private key. * @throws IOException if the key store file cannot be read * @throws GeneralSecurityException if a cryptography problem is encountered. */ public static void addPrivateKey(KeyStore keyStore, File pemKeyFile, char[] passwordChars, List<Certificate> certChain) throws IOException, GeneralSecurityException { final String methodName = "addPrivateKey"; logger.entry(methodName, pemKeyFile, certChain); PrivateKey privateKey = createPrivateKey(pemKeyFile, passwordChars); keyStore.setKeyEntry("key", privateKey, passwordChars, certChain.toArray(new Certificate[certChain.size()])); logger.exit(methodName); }
From source file:com.blackducksoftware.tools.commonframework.core.encryption.Password.java
/** * Generates a new key. Should be used manually and only when creating a new * key is necessary. WARNING: If the keys in the KeyStore files are replaced * then we will not be able to decrypt passwords that were encrypted with * the old keys.//from w w w . jav a2 s . co m * * @param keypass * char[] with the keypass that will gain access to the key * (currently hard coded in) * @throws IOException */ @SuppressWarnings("unused") private static Key setKey(final char[] keypass, final File keyFile) throws Exception { Key key = null; FileOutputStream output = null; try { output = new FileOutputStream(keyFile.getCanonicalPath()); key = KeyGenerator.getInstance(ENCRYPTION_ALGORITHM).generateKey(); final KeyStore keystore = KeyStore.getInstance(KEYSTORE_TYPE); keystore.load(null, null); keystore.setKeyEntry(KEY_ALIAS, key, keypass, null); keystore.store(output, keypass); } finally { if (output != null) { output.close(); } } return key; }
From source file:org.tolven.gatekeeper.CertificateHelper.java
public static void changeKeyStorePassword(KeyStore keyStore, String alias, char[] oldPassword, char[] newPassword) { try {/*from ww w . ja v a2 s . c o m*/ PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, oldPassword); keyStore.setKeyEntry(alias, privateKey, newPassword, keyStore.getCertificateChain(alias)); } catch (GeneralSecurityException ex) { throw new RuntimeException("Could not change the keystore password for with alias: " + alias, ex); } }
From source file:io.kubernetes.client.util.SSLUtils.java
public static KeyStore createKeyStore(InputStream certInputStream, InputStream keyInputStream, String clientKeyAlgo, char[] clientKeyPassphrase, String keyStoreFile, char[] keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {//w w w .j av a 2 s. c o m CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream); byte[] keyBytes = decodePem(keyInputStream); PrivateKey privateKey; KeyFactory keyFactory = KeyFactory.getInstance(clientKeyAlgo); try { // First let's try PKCS8 privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); } catch (InvalidKeySpecException e) { // Otherwise try PKCS8 RSAPrivateCrtKeySpec keySpec = decodePKCS1(keyBytes); privateKey = keyFactory.generatePrivate(keySpec); } KeyStore keyStore = KeyStore.getInstance("JKS"); if (keyStoreFile != null && keyStoreFile.length() > 0) { keyStore.load(new FileInputStream(keyStoreFile), keyStorePassphrase); } else { loadDefaultKeyStoreFile(keyStore, keyStorePassphrase); } String alias = cert.getSubjectX500Principal().getName(); keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[] { cert }); return keyStore; }
From source file:nextflow.k8s.client.SSLUtils.java
public static KeyStore createKeyStore(InputStream certInputStream, InputStream keyInputStream, String clientKeyAlgo, char[] clientKeyPassphrase, String keyStoreFile, char[] keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException {/* ww w. ja va 2 s. c o m*/ CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream); byte[] keyBytes = decodePem(keyInputStream); PrivateKey privateKey; KeyFactory keyFactory = KeyFactory.getInstance(clientKeyAlgo); try { // First let's try PKCS8 privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); } catch (InvalidKeySpecException e) { // Otherwise try PKCS1 RSAPrivateCrtKeySpec keySpec = decodePKCS1(keyBytes); privateKey = keyFactory.generatePrivate(keySpec); } KeyStore keyStore = KeyStore.getInstance("JKS"); if (keyStoreFile != null && keyStoreFile.length() > 0) { keyStore.load(new FileInputStream(keyStoreFile), keyStorePassphrase); } else { loadDefaultKeyStoreFile(keyStore, keyStorePassphrase); } String alias = cert.getSubjectX500Principal().getName(); keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[] { cert }); return keyStore; }
From source file:test.integ.be.fedict.trust.util.TestUtils.java
/** * Persist the given private key and corresponding certificate to a keystore * file.// www .ja v a 2 s . c om * * @param pkcs12keyStore * The file of the keystore to write the key material to. * @param keyStoreType * The type of the key store format to use. * @param privateKey * The private key to persist. * @param certificate * The X509 certificate corresponding with the private key. * @param keyStorePassword * The keystore password. * @param keyEntryPassword * The keyentry password. */ public static KeyStore persistInKeyStore(File pkcs12keyStore, String keyStoreType, PrivateKey privateKey, Certificate certificate, String keyStorePassword, String keyEntryPassword, String alias) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, keyStorePassword.toCharArray()); keyStore.setKeyEntry(alias, privateKey, keyEntryPassword.toCharArray(), new Certificate[] { certificate }); FileOutputStream keyStoreOut; keyStoreOut = new FileOutputStream(pkcs12keyStore); keyStore.store(keyStoreOut, keyStorePassword.toCharArray()); keyStoreOut.close(); return keyStore; }