Example 21 with KeyStoreException
use of java.security.KeyStoreException in project OpenAM by OpenRock.
the class WebServicesClients method getValidValues.
/**
* Returns certificate subject DNs in the KeyStore as possible values.
*
* @param token the <code>SSOToken</code>
* @param pattern the pattern to match with valid values.
*
* @return <code>ValidValues</code> object wiht certificate subject DNs.
*
* @exception SSOException if SSO token is not valid
* @exception PolicyException if unable to get the list of valid names.
*/
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
// TODO: ignoring the pattern for now. Do we need to take care of it?
// probably we can ignore for this subject.
Set subjects = new HashSet();
try {
KeyProvider kp = null;
try {
kp = (KeyProvider) Class.forName(SystemConfigurationUtil.getProperty(SAMLConstants.KEY_PROVIDER_IMPL_CLASS, SAMLConstants.JKS_KEY_PROVIDER)).newInstance();
} catch (ClassNotFoundException cnfe) {
debug.error("WebServicesClients.getValidValues(): " + " Couldn't find the class.", cnfe);
kp = null;
} catch (InstantiationException ie) {
debug.error("WebServicesClients.getValidValues(): " + " Couldn't instantiate the key provider instance.", ie);
kp = null;
} catch (IllegalAccessException iae) {
debug.error("WebServicesClients.getValidValues(): " + " Couldn't access the default constructor.", iae);
kp = null;
}
if (kp != null) {
KeyStore ks = kp.getKeyStore();
if (ks != null) {
Enumeration aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = (String) aliases.nextElement();
if (debug.messageEnabled()) {
debug.message("WSClient.getValidValues: alias=" + alias);
}
// TODO: need to take care of certificate chaining
if (ks.isCertificateEntry(alias)) {
debug.message("WSClient.getValidValues: " + "alias is trusted.");
X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
if (cert != null) {
debug.message("WSClient.getValidValues:cert " + "not null");
String name = CertUtils.getSubjectName(cert);
if (name != null && name.length() != 0) {
subjects.add(name);
}
} else {
debug.message("WSClient.getValidValues: " + "cert is null");
}
} else {
debug.message("WSClient.getValidValues:alias " + "not trusted.");
}
}
}
}
} catch (KeyStoreException kse) {
if (debug.warningEnabled()) {
debug.warning("WebServicesClients: couldn't get subjects", kse);
}
String[] objs = { kse.getMessage() };
throw (new PolicyException(ResBundleUtils.rbName, "can_not_get_subject_values", objs, kse));
}
return (new ValidValues(ValidValues.SUCCESS, subjects));
}
Also used :
KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider)
HashSet(java.util.HashSet)
Set(java.util.Set)
Enumeration(java.util.Enumeration)
ValidValues(com.sun.identity.policy.ValidValues)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
PolicyException(com.sun.identity.policy.PolicyException)
HashSet(java.util.HashSet)
Example 22 with KeyStoreException
use of java.security.KeyStoreException in project android_frameworks_base by ResurrectionRemix.
the class AndroidKeyStoreTest method testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure.
public void testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure() throws Exception {
setupPassword();
mKeyStore.load(null, null);
assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
assertAliases(new String[] { TEST_ALIAS_1 });
final CertificateFactory f = CertificateFactory.getInstance("X.509");
final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
try {
mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert);
fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate");
} catch (KeyStoreException success) {
}
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
KeyStoreException(java.security.KeyStoreException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 23 with KeyStoreException
use of java.security.KeyStoreException in project android_frameworks_base by ResurrectionRemix.
the class OSUManager method deleteCerts.
private static int deleteCerts(KeyStore keyStore, String fqdn, String... prefixes) {
int count = 0;
for (String prefix : prefixes) {
try {
String alias = prefix + fqdn;
Certificate cert = keyStore.getCertificate(alias);
if (cert != null) {
keyStore.deleteEntry(alias);
count++;
}
} catch (KeyStoreException kse) {
/**/
}
}
return count;
}
Also used :
KeyStoreException(java.security.KeyStoreException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 24 with KeyStoreException
use of java.security.KeyStoreException in project OpenAM by OpenRock.
the class SoapSTSAgentCredentialsAccessImpl method decryptAgentPassword.
private String decryptAgentPassword(String encryptedAgentPassword, KeyStore soapSTSInternalKeystore) throws STSInitializationException {
try {
KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry) soapSTSInternalKeystore.getEntry(SharedSTSConstants.AM_INTERNAL_PEK_ALIAS, new KeyStore.PasswordProtection(SharedSTSConstants.AM_INTERNAL_SOAP_STS_KEYSTORE_PW.toCharArray()));
JCEEncryption jceEncryption = new JCEEncryption();
final byte[] decodedPassword = Base64.decode(encryptedAgentPassword);
try {
jceEncryption.setPassword(new String(entry.getSecretKey().getEncoded(), StandardCharsets.UTF_8));
final byte[] decryptedPassword = jceEncryption.decrypt(decodedPassword);
return new String(decryptedPassword, StandardCharsets.UTF_8);
} catch (Exception e) {
throw new STSInitializationException(ResourceException.INTERNAL_ERROR, e.getMessage(), e);
}
} catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
throw new STSInitializationException(ResourceException.INTERNAL_ERROR, e.getMessage(), e);
}
}
Also used :
JCEEncryption(com.iplanet.services.util.JCEEncryption)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
STSInitializationException(org.forgerock.openam.sts.STSInitializationException)
KeyStoreException(java.security.KeyStoreException)
ResourceException(org.forgerock.json.resource.ResourceException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
STSInitializationException(org.forgerock.openam.sts.STSInitializationException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
Example 25 with KeyStoreException
use of java.security.KeyStoreException in project Tusky by Vavassor.
the class OkHttpUtils method enableHigherTlsOnPreLollipop.
private static OkHttpClient.Builder enableHigherTlsOnPreLollipop(OkHttpClient.Builder builder) {
if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
try {
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] { trustManager }, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
builder.sslSocketFactory(new SSLSocketFactoryCompat(sslSocketFactory), trustManager);
} catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
Log.e(TAG, "Failed enabling TLS 1.1 & 1.2. " + e.getMessage());
}
}
return builder;
}
Also used :
X509TrustManager(javax.net.ssl.X509TrustManager)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLContext(javax.net.ssl.SSLContext)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
SSLSocketFactory(javax.net.ssl.SSLSocketFactory)
KeyManagementException(java.security.KeyManagementException)
TrustManager(javax.net.ssl.TrustManager)
X509TrustManager(javax.net.ssl.X509TrustManager)
Aggregations
KeyStoreException (java.security.KeyStoreException)797
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)506
IOException (java.io.IOException)409
KeyStore (java.security.KeyStore)359
CertificateException (java.security.cert.CertificateException)353
UnrecoverableKeyException (java.security.UnrecoverableKeyException)194
X509Certificate (java.security.cert.X509Certificate)189
KeyManagementException (java.security.KeyManagementException)172
Certificate (java.security.cert.Certificate)132
InputStream (java.io.InputStream)103
SSLContext (javax.net.ssl.SSLContext)103
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)95
FileInputStream (java.io.FileInputStream)94
File (java.io.File)80
PrivateKey (java.security.PrivateKey)71
TrustManager (javax.net.ssl.TrustManager)70
FileNotFoundException (java.io.FileNotFoundException)61
ByteArrayInputStream (java.io.ByteArrayInputStream)58
CertificateFactory (java.security.cert.CertificateFactory)58
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)53
