public static KeyStore createKeyStore(String clientCertData, String clientCertFile, String clientKeyData, String clientKeyFile, String clientKeyAlgo, String clientKeyPassphrase, String keyStoreFile, String keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException { try (InputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile); InputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile)) { return createKeyStore(certInputStream, keyInputStream, clientKeyAlgo, clientKeyPassphrase.toCharArray(), keyStoreFile, getKeyStorePassphrase(keyStorePassphrase)); } }
public static KeyStore createTrustStore(String caCertData, String caCertFile, String trustStoreFile, String trustStorePassphrase) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { try (InputStream pemInputStream = getInputStreamFromDataOrFile(caCertData, caCertFile)) { return createTrustStore(pemInputStream, trustStoreFile, getTrustStorePassphrase(trustStorePassphrase)); } }
public static KeyStore createKeyStore(InputStream certInputStream, InputStream keyInputStream, String clientKeyAlgo, char[] clientKeyPassphrase, String keyStoreFile, char[] keyStorePassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException { CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream); byte[] keyBytes = decodePem(keyInputStream); PrivateKey privateKey; KeyFactory keyFactory = KeyFactory.getInstance(clientKeyAlgo); try { // First let's try PKCS8 privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); } catch (InvalidKeySpecException e) { // Otherwise try PKCS8 RSAPrivateCrtKeySpec keySpec = PKCS1Util.decodePKCS1(keyBytes); privateKey = keyFactory.generatePrivate(keySpec); } KeyStore keyStore = KeyStore.getInstance("JKS"); if (Utils.isNotNullOrEmpty(keyStoreFile)){ keyStore.load(new FileInputStream(keyStoreFile), keyStorePassphrase); } else { loadDefaultKeyStoreFile(keyStore, keyStorePassphrase); } String alias = cert.getSubjectX500Principal().getName(); keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[]{cert}); return keyStore; }
private static void loadDefaultTrustStoreFile(KeyStore keyStore, char[] trustStorePassphrase) throws CertificateException, NoSuchAlgorithmException, IOException { File trustStoreFile = getDefaultTrustStoreFile(); if (!loadDefaultStoreFile(keyStore, trustStoreFile, trustStorePassphrase)) { keyStore.load(null); } }
private void verifyFabric8InStore(KeyStore trustStore) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { Certificate certificate = trustStore.getCertificate("fabric8-in-store"); assertNotNull(certificate); InputStream certificateFile = CertUtils.getInputStreamFromDataOrFile(null, "src/test/resources/ssl/fabric8.crt"); KeyStore storeWithCert = CertUtils.createTrustStore(certificateFile, null, "".toCharArray()); String certificateAlias = storeWithCert.getCertificateAlias(certificate); assertNotNull(certificateAlias); }
public static KeyManager[] keyManagers(InputStream certInputStream, InputStream keyInputStream, String algo, String passphrase, String keyStoreFile, String keyStorePassphrase) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, CertificateException, InvalidKeySpecException, IOException { KeyStore keyStore = createKeyStore(certInputStream, keyInputStream, algo, passphrase.toCharArray(), keyStoreFile, keyStorePassphrase.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, passphrase.toCharArray()); return kmf.getKeyManagers(); } }
public static TrustManager[] trustManagers(String certData, String certFile, boolean isTrustCerts, String trustStoreFile, String trustStorePassphrase) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException { TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore trustStore = null; if (isTrustCerts) { return new TrustManager[]{ new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String s) { } public void checkServerTrusted(X509Certificate[] chain, String s) { } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } } }; } else if (Utils.isNotNullOrEmpty(certData) || Utils.isNotNullOrEmpty(certFile)) { trustStore = createTrustStore(certData, certFile, trustStoreFile, trustStorePassphrase); } tmf.init(trustStore); return tmf.getTrustManagers(); }
@Ignore @Test public void testLoadingDodgyKubeConfig() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, InvalidKeySpecException { System.setProperty("kubeconfig", "/tmp/ceposta.kubeconfig"); KubernetesClient client = new DefaultKubernetesClient(); Config config = client.getConfiguration(); KeyStore ts = CertUtils.createTrustStore(config.getCaCertData(), null, null, "changeit"); KeyStore ks = CertUtils.createKeyStore(config.getClientCertData(), null, config.getClientKeyData(), null, "RSA", "changeit", null, "changeit"); }
public static KeyStore createKeyStore(String clientCertData, String clientCertFile, String clientKeyData, String clientKeyFile, String clientKeyAlgo, char[] clientKeyPassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException { try (InputStream certInputStream = getInputStreamFromDataOrFile(clientCertData, clientCertFile); InputStream keyInputStream = getInputStreamFromDataOrFile(clientKeyData, clientKeyFile)) { return createKeyStore(certInputStream, keyInputStream, clientKeyAlgo, clientKeyPassphrase); } }
private InputStream getMultipleCertsInputSteam() throws IOException { return CertUtils.getInputStreamFromDataOrFile(null, "src/test/resources/ssl/multiple-certs.pem"); }
private static byte[] decodePem(InputStream keyInputStream) throws IOException { BufferedReader reader = new BufferedReader(new InputStreamReader(keyInputStream)); try { String line; while ((line = reader.readLine()) != null) { if (line.contains("-----BEGIN ")) { return readBytes(reader, line.trim().replace("BEGIN", "END")); } } throw new IOException("PEM is invalid: no begin marker"); } finally { reader.close(); } }
public static KeyStore createKeyStore(InputStream certInputStream, InputStream keyInputStream, String clientKeyAlgo, char[] clientKeyPassphrase) throws IOException, CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, KeyStoreException { CertificateFactory certFactory = CertificateFactory.getInstance("X509"); X509Certificate cert = (X509Certificate) certFactory.generateCertificate(certInputStream); byte[] keyBytes = decodePem(keyInputStream); PrivateKey privateKey; KeyFactory keyFactory = KeyFactory.getInstance(clientKeyAlgo); try { // First let's try PKCS8 privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); } catch (InvalidKeySpecException e) { // Otherwise try PKCS8 RSAPrivateCrtKeySpec keySpec = PKCS1Util.decodePKCS1(keyBytes); privateKey = keyFactory.generatePrivate(keySpec); } KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null, clientKeyPassphrase); String alias = cert.getSubjectX500Principal().getName(); keyStore.setKeyEntry(alias, privateKey, clientKeyPassphrase, new Certificate[]{cert}); return keyStore; }
public static KeyStore createTrustStore(String caCertData, String caCertFile) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { try (InputStream pemInputStream = getInputStreamFromDataOrFile(caCertData, caCertFile)) { return createTrustStore(pemInputStream); } }
public static KeyManager[] keyManagers(String certData, String certFile, String keyData, String keyFile, String algo, String passphrase, String keyStoreFile, String keyStorePassphrase) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, CertificateException, InvalidKeySpecException, IOException { KeyManager[] keyManagers = null; if ((Utils.isNotNullOrEmpty(certData) || Utils.isNotNullOrEmpty(certFile)) && (Utils.isNotNullOrEmpty(keyData) || Utils.isNotNullOrEmpty(keyFile))) { KeyStore keyStore = createKeyStore(certData, certFile, keyData, keyFile, algo, passphrase, keyStoreFile, keyStorePassphrase); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, passphrase.toCharArray()); keyManagers = kmf.getKeyManagers(); } return keyManagers; }
@Test public void testLoadTrustStoreFromFileUsingSystemProperties() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException { System.setProperty(CertUtils.TRUST_STORE_SYSTEM_PROPERTY, FABRIC8_STORE_PATH); System.setProperty(CertUtils.TRUST_STORE_PASSWORD_SYSTEM_PROPERTY, String.valueOf(FABRIC8_STORE_PASSPHRASE)); KeyStore trustStore = CertUtils.createTrustStore(getMultipleCertsInputSteam(), null, null); assertEquals(3, trustStore.size()); verifyFabric8InStore(trustStore); }
private static byte[] decodePem(InputStream keyInputStream) throws IOException { BufferedReader reader = new BufferedReader(new InputStreamReader(keyInputStream)); try { String line; while ((line = reader.readLine()) != null) { if (line.contains("-----BEGIN ")) { return readBytes(reader, line.trim().replace("BEGIN", "END")); } } throw new IOException("PEM is invalid: no begin marker"); } finally { reader.close(); } }
@Test public void testLoadKeyStoreFromFileUsingSystemProperties() throws InvalidKeySpecException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, URISyntaxException { System.setProperty(CertUtils.KEY_STORE_SYSTEM_PROPERTY, FABRIC8_STORE_PATH); System.setProperty(CertUtils.KEY_STORE_PASSWORD_SYSTEM_PROPERTY, String.valueOf(FABRIC8_STORE_PASSPHRASE)); String privateKeyPath = Utils.filePath(getClass().getResource("/ssl/fabric8")); String multipleCertsPath = Utils.filePath(getClass().getResource("/ssl/multiple-certs.pem")); KeyStore trustStore = CertUtils.createKeyStore(null, multipleCertsPath, null, privateKeyPath, "RSA", "changeit", null, null); assertEquals(2, trustStore.size()); verifyFabric8InStore(trustStore); }
@Test public void testLoadingMultipleCertsFromSameFile() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException { KeyStore ts = CertUtils.createTrustStore(getMultipleCertsInputSteam(), null, "changeit".toCharArray()); assertTrue(ts.size() >= 2); }
@Test public void testLoadKeyStoreFromFileUsingConfigProperties() throws InvalidKeySpecException, CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException { InputStream privateKey = getClass().getResourceAsStream("/ssl/fabric8"); KeyStore trustStore = CertUtils.createKeyStore(getMultipleCertsInputSteam(), privateKey, "RSA", "changeit".toCharArray(), FABRIC8_STORE_PATH, FABRIC8_STORE_PASSPHRASE); assertEquals(2, trustStore.size()); verifyFabric8InStore(trustStore); }
@Test public void testLoadTrustStoreFromFileUsingConfigProperties() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException { KeyStore trustStore = CertUtils.createTrustStore(getMultipleCertsInputSteam(), FABRIC8_STORE_PATH, FABRIC8_STORE_PASSPHRASE); assertEquals(3, trustStore.size()); verifyFabric8InStore(trustStore); }