/** * Used during setup to get the certification from the keystore and encrypt the auth_value with * the private key */ public void setCertificate() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnrecoverableEntryException { KeyStore store = KeyStore.getInstance(this.keystore_type); InputStream inputStream=Thread.currentThread().getContextClassLoader().getResourceAsStream(this.keystore_path); if(inputStream == null) inputStream=new FileInputStream(this.keystore_path); store.load(inputStream, this.keystore_password); this.cipher = Cipher.getInstance(this.cipher_type); this.certificate = (X509Certificate) store.getCertificate(this.cert_alias); log.debug("certificate = " + this.certificate.toString()); this.cipher.init(Cipher.ENCRYPT_MODE, this.certificate); this.encryptedToken = this.cipher.doFinal(this.auth_value.getBytes()); KeyStore.PrivateKeyEntry privateKey = (KeyStore.PrivateKeyEntry) store.getEntry( this.cert_alias, new KeyStore.PasswordProtection(this.cert_password)); this.certPrivateKey = privateKey.getPrivateKey(); this.valueSet=true; } }
@Override public void setKeyStoreEntry(KeyStore.PrivateKeyEntry entry) { this.key_pair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); }
KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry; Cipher output = Cipher.getInstance("RSA/ECB/PKCS1Padding"); output.init(Cipher.DECRYPT_MODE, privateKeyEntry.getPrivateKey());
public PrivateKey getPrivateKey(String alias) { if (alias == null) { return null; } if (hash.containsKey(alias)) { return hash.get(alias).getPrivateKey(); } return null; }
@Override public PrivateKey getPrivateKey(String alias) { KeyStore.PrivateKeyEntry keyEntry = privateKeyHash.get(alias); if (keyEntry == null) { return null; } return keyEntry.getPrivateKey(); }
private PrivateKey loadPrivateKey(InputStream input) throws Exception { // Load keystore KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(input, storePass.toCharArray()); // Retrieve private key PrivateKeyEntry entry = (PrivateKeyEntry)keystore.getEntry(keyAlias, new PasswordProtection(keyPass.toCharArray())); return entry.getPrivateKey(); }
/** * Returns the debug {@link PrivateKey} to use to sign applications for debug purpose. * @return the private key or <code>null</code> if its creation failed. */ @SuppressWarnings("unused") // the thrown Exceptions are not actually thrown public PrivateKey getDebugKey() throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, UnrecoverableEntryException { if (mEntry != null) { return mEntry.getPrivateKey(); } return null; }
final PrivateKey privateKey = privateKeyEntry.getPrivateKey(); final Certificate[] certificateChain = privateKeyEntry.getCertificateChain(); final X509Certificate[] x509Certificates = X500.asX509CertificateArray(certificateChain);
KeyStore.PrivateKeyEntry privateKeyEntry = tlsCertificateAuthorityManager.getOrGenerateCertificateAuthority(); certificate = (X509Certificate) privateKeyEntry.getCertificateChain()[0]; caKeyPair = new KeyPair(certificate.getPublicKey(), privateKeyEntry.getPrivateKey());
RSAPrivateKey privateKey = (RSAPrivateKey) privateKeyEntry.getPrivateKey(); RSAPublicKey publicKey = (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey();
engineSetKeyEntry(alias, prE.getPrivateKey(), passW, prE .getCertificateChain()); return;
final X509Certificate[] certificateChain = X500.asX509CertificateArray(privateKeyEntry.getCertificateChain()); final X509Certificate firstCert = certificateChain[0]; final PrivateKey privateKey = privateKeyEntry.getPrivateKey(); if (credentialType.isAssignableFrom(X509CertificateChainPrivateCredential.class)) { credential = new X509CertificateChainPrivateCredential(privateKey, certificateChain);
privateKey = privateKeyEntry.getPrivateKey(); } catch (final KeyStoreException e) { throw new SSLException(e);
KeyPair keyPair = new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey()); Certificate[] certificateChain = privateKeyEntry.getCertificateChain(); if (certificateChain.length != 1) {
@Override public CertificateAndKey load() { try { KeyStore.Entry entry; try { entry = keyStore.getEntry(privateKeyAlias, new KeyStore.PasswordProtection(keyStorePassword.toCharArray())); } catch (UnrecoverableEntryException e) { throw new CertificateSourceException("Unable to load private key with alias " + privateKeyAlias + " from KeyStore. Verify the KeyStore password is correct.", e); } if (entry == null) { throw new CertificateSourceException("Unable to find entry in keystore with alias: " + privateKeyAlias); } if (!(entry instanceof KeyStore.PrivateKeyEntry)) { throw new CertificateSourceException("Entry in KeyStore with alias " + privateKeyAlias + " did not contain a private key entry"); } KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry; PrivateKey privateKey = privateKeyEntry.getPrivateKey(); if (!(privateKeyEntry.getCertificate() instanceof X509Certificate)) { throw new CertificateSourceException("Certificate for private key in KeyStore was not an X509Certificate. Private key alias: " + privateKeyAlias + ". Certificate type: " + (privateKeyEntry.getCertificate() != null ? privateKeyEntry.getCertificate().getClass().getName() : null)); } X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate(); return new CertificateAndKey(x509Certificate, privateKey); } catch (KeyStoreException | NoSuchAlgorithmException e) { throw new CertificateSourceException("Error accessing keyStore", e); } }
@Override public SingleSignOnSessionFactory get() { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; CredentialSource source = this.credentialSource.get(); try { if (!store.containsAlias(alias)) { throw UndertowLogger.ROOT_LOGGER.missingKeyStoreEntry(alias); } if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { throw UndertowLogger.ROOT_LOGGER.keyStoreEntryNotPrivate(alias); } PasswordCredential credential = source.getCredential(PasswordCredential.class); if (credential == null) { throw UndertowLogger.ROOT_LOGGER.missingCredential(source.toString()); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw UndertowLogger.ROOT_LOGGER.credentialNotClearPassword(credential.toString()); } KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); KeyPair keyPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); Optional<SSLContext> context = Optional.ofNullable(this.sslContext).map(dependency -> dependency.get()); return new DefaultSingleSignOnSessionFactory(this.manager.get(), keyPair, connection -> context.ifPresent(ctx -> connection.setSSLSocketFactory(ctx.getSocketFactory()))); } catch (GeneralSecurityException | IOException e) { throw new IllegalArgumentException(e); } } }
@Override public CipherAuthToken apply(String authValue) { KeyStore store = this.keyStore.get(); String alias = this.keyAlias; try { if (!store.containsAlias(alias)) { throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias); } if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { throw JGroupsLogger.ROOT_LOGGER.unexpectedKeyStoreEntryType(alias, KeyStore.PrivateKeyEntry.class.getSimpleName()); } PasswordCredential credential = this.keyCredentialSource.get().getCredential(PasswordCredential.class); if (credential == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } ClearPassword password = credential.getPassword(ClearPassword.class); if (password == null) { throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource(); } KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword())); KeyPair pair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey()); Cipher cipher = Cipher.getInstance(this.transformation); return new CipherAuthToken(cipher, pair, authValue.getBytes(StandardCharsets.UTF_8)); } catch (GeneralSecurityException | IOException e) { throw new IllegalArgumentException(e); } } }
/** * Convert a key store entry into a credential object. * * @param keyStoreEntry the key store entry to convert (must not be {@code null}) * @return the corresponding credential, or {@code null} if the entry type is unrecognized */ static Credential fromKeyStoreEntry(KeyStore.Entry keyStoreEntry) { Assert.checkNotNullParam("keyStoreEntry", keyStoreEntry); if (keyStoreEntry instanceof PasswordEntry) { return new PasswordCredential(((PasswordEntry) keyStoreEntry).getPassword()); } else if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) { return new X509CertificateChainPrivateCredential(((KeyStore.PrivateKeyEntry) keyStoreEntry).getPrivateKey(), X500.asX509CertificateArray(((KeyStore.PrivateKeyEntry) keyStoreEntry).getCertificateChain())); } else if (keyStoreEntry instanceof KeyStore.TrustedCertificateEntry) { return new X509CertificateChainPublicCredential((X509Certificate) ((KeyStore.TrustedCertificateEntry) keyStoreEntry).getTrustedCertificate()); } else if (keyStoreEntry instanceof KeyStore.SecretKeyEntry) { return new SecretKeyCredential(((KeyStore.SecretKeyEntry) keyStoreEntry).getSecretKey()); } else { return null; } } }
public Registration createAgentCertificate(final File authorityKeystore, String agentHostname) { Date epoch = new Date(0); KeyPair agentKeyPair = generateKeyPair(); try { KeyStore store = loadOrCreateCAKeyStore(authorityKeystore); KeyStore.PrivateKeyEntry intermediateEntry = (KeyStore.PrivateKeyEntry) store.getEntry("ca-intermediate", new KeyStore.PasswordProtection(PASSWORD_AS_CHAR_ARRAY)); X509Certificate[] chain = new X509Certificate[3]; chain[2] = (X509Certificate) store.getCertificate("ca-cert"); chain[1] = (X509Certificate) intermediateEntry.getCertificate(); chain[0] = createAgentCertificate(agentKeyPair.getPublic(), intermediateEntry.getPrivateKey(), chain[1].getPublicKey(), agentHostname, epoch); return new Registration(agentKeyPair.getPrivate(), chain); } catch (Exception e) { throw bomb("Couldn't create agent certificate", e); } }
public X509CertificateChainPrivateCredential get() throws ConfigXMLParseException { final KeyStore.Entry entry = entrySupplier.get(); if (entry == null) { throw xmlLog.keyStoreEntryMissing(location, "unknown"); } if (entry instanceof KeyStore.PrivateKeyEntry) { final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry; final X509Certificate[] certificateChain = X500.asX509CertificateArray(privateKeyEntry.getCertificateChain()); return new X509CertificateChainPrivateCredential(privateKeyEntry.getPrivateKey(), certificateChain); } throw xmlLog.xmlInvalidKeyStoreEntryType(location, "unknown", KeyStore.PrivateKeyEntry.class, entry.getClass()); } }