public Certificate[] engineGetCertificateChain(final String alias) { try { return delegate.getCertificateChain(alias); } catch (KeyStoreException e) { return null; } }
@Override public Certificate[] engineGetCertificateChain(String alias) { try { return getKeyStore().getCertificateChain(alias); } catch (KeyStoreException e) { throw new IllegalStateException(e); } }
static List<X509Certificate> loadCertChain(KeyStore keyStore, String certAlias) { try { Certificate[] certificates = keyStore.getCertificateChain(certAlias); if (null == certificates) { throw new PkiException("There is no X.509 certificate chain under alias " + certAlias); } return Stream.of(certificates).map(it -> (X509Certificate) it).collect(Collectors.toList()); } catch (KeyStoreException e) { throw new PkiException("Failed to load certificate under alias " + certAlias, e); } }
public boolean hasCertificates(String friendlyName, File storeFile, String passwd) { try { KeyStore keyStore = loadOrEmpty(storeFile, passwd); bombIfNull(keyStore, "Store not yet initialized"); return keyStore.getCertificateChain(friendlyName) != null; } catch (Exception e) { return false; } }
private void logKeyStore(KeyStore ks, String ksLocation, char[] ksPwd) { if (log.isInfoEnabled()) { log.info("Loaded cluster key store from: {}", ksLocation); try { for (Enumeration<String> e = ks.aliases(); e.hasMoreElements();) { String alias = e.nextElement(); Key key = ks.getKey(alias, ksPwd); Certificate[] certs = ks.getCertificateChain(alias); log.debug("{} -> {}", alias, certs); final byte[] encodedKey; if (certs != null && certs.length > 0) { encodedKey = certs[0].getEncoded(); } else { log.info("Could not find cert chain for {}, using fingerprint of key instead...", alias); encodedKey = key.getEncoded(); } // Compute the certificate's fingerprint (use the key if certificate cannot be found) MessageDigest digest = MessageDigest.getInstance("SHA1"); digest.update(encodedKey); StringJoiner fingerprint = new StringJoiner(":"); for (byte b : digest.digest()) { fingerprint.add(String.format("%02X", b)); } log.info("{} -> {}", alias, fingerprint); } } catch (Exception e) { log.warn("Unable to print contents of key store: {}", ksLocation, e); } } }
if (!domains.isEmpty()) { PrivateKey key = (PrivateKey) ks.getKey(alias, password != null ? password.toCharArray() : null); Certificate[] tmp = ks.getCertificateChain(alias); if (tmp == null) {
/** * The OpenSSL provider does not support the {@link KeyManagerFactory}, so we have to lookup the integration * certificate and key in order to provide it to OpenSSL. * <p> * TODO: SNI is currently not supported, we use only the first found private key. */ private static SslContextBuilder builderWithOpenSSLProvider(KeyStore ks, String keyPassword) throws GeneralSecurityException { for (String alias : Collections.list(ks.aliases())) { if (ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) { PrivateKey key = (PrivateKey) ks.getKey(alias, keyPassword.toCharArray()); Certificate[] chain = ks.getCertificateChain(alias); X509Certificate[] certChain = new X509Certificate[chain.length]; System.arraycopy(chain, 0, certChain, 0, chain.length); return SslContextBuilder.forServer(key, certChain); } } throw new KeyManagementException("the SSL key-store does not contain a private key"); }
entry = new KeyStore.PrivateKeyEntry( (PrivateKey) key, oldKS.getCertificateChain(alias)); if (key instanceof PublicKey) entry = new KeyStore.TrustedCertificateEntry(oldKS.getCertificate(alias));
public void initializeServerCertificates(String commonName, SubjectAlternativeNameHolder subjectAlternativeNames) throws GeneralSecurityException, OperatorCreationException, IOException { KeyStore ks = CertificateHelper.createServerCertificate(commonName, subjectAlternativeNames, authority, caCert, caPrivKey); PrivateKey key = (PrivateKey) ks.getKey(authority.alias(), authority.password()); exportPem(authority.aliasFile("-" + commonName + "-key.pem"), key); Object[] certs = ks.getCertificateChain(authority.alias()); exportPem(authority.aliasFile("-" + commonName + "-cert.pem"), certs); }
ClientKeyStore(KeyStore ks, String keyAlias, String keyPass) throws GeneralSecurityException { this.keyAlias = keyAlias; this.key = (PrivateKey) ks.getKey(this.keyAlias, keyPass.toCharArray()); Certificate[] certs = ks.getCertificateChain(this.keyAlias); X509Certificate[] X509certs = new X509Certificate[certs.length]; for (int i=0; i < certs.length; i++) { X509certs[i] = (X509Certificate) certs[i]; } this.certChain = X509certs; }
/** * Export the private key and certificate chain (if any) out of a keystore. * Does NOT close the output stream. Throws on all errors. * * @param ks path to the keystore * @param ksPW the keystore password, may be null * @param alias the name of the key * @param keyPW the key password, must be at least 6 characters * @since 0.9.25 */ public static void exportPrivateKey(File ks, String ksPW, String alias, String keyPW, OutputStream out) throws GeneralSecurityException, IOException { InputStream fis = null; try { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); fis = new FileInputStream(ks); char[] pwchars = ksPW != null ? ksPW.toCharArray() : null; keyStore.load(fis, pwchars); char[] keypwchars = keyPW.toCharArray(); PrivateKey pk = (PrivateKey) keyStore.getKey(alias, keypwchars); if (pk == null) throw new GeneralSecurityException("private key not found: " + alias); Certificate[] certs = keyStore.getCertificateChain(alias); CertUtil.exportPrivateKey(pk, certs, out); } finally { if (fis != null) try { fis.close(); } catch (IOException ioe) {} } }
if (pk == null) throw new GeneralSecurityException("private key not found: " + alias); Certificate[] certs = keyStore.getCertificateChain(alias); if (certs.length != 1) throw new GeneralSecurityException("Bad cert chain length");
Certificate[] certificateChains = keyStore.getCertificateChain(alias);
if (!domains.isEmpty()) { PrivateKey key = (PrivateKey) ks.getKey(alias, password != null ? password.toCharArray() : null); Certificate[] tmp = ks.getCertificateChain(alias); if (tmp == null) {
Certificate[] certChain = keystore.getCertificateChain(alias); if (certChain == null)
certChain = keyStore.getCertificateChain(certAlias); if (certChain == null || certChain.length == 0)
private static SigningConfiguration readSigningConfigFromLoadedKeyStore( KeyStore keystore, String keyAlias, char[] keyPassword) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException { PrivateKey privateKey = (PrivateKey) keystore.getKey(keyAlias, keyPassword); Certificate[] certChain = keystore.getCertificateChain(keyAlias); if (certChain == null) { throw CommandExecutionException.builder() .withMessage("No key found with alias '%s' in keystore.", keyAlias) .build(); } ImmutableList<X509Certificate> certificates = Arrays.stream(certChain).map(c -> (X509Certificate) c).collect(toImmutableList()); return SigningConfiguration.builder() .setPrivateKey(privateKey) .setCertificates(certificates) .build(); } }
Certificate[] cchain = ks.getCertificateChain(sslKeyAlias);
Certificate[] certchain = (Certificate[]) keystore.getCertificateChain(KEY_ALIAS_IN_KEYSTORE);
Certificate[] cs; try { cs = ks.getCertificateChain(alias); } catch (KeyStoreException kse) { error("Unable to check certificates for \"" + alias + "\" in key store " + location, kse);