use of java.security.Key in project nhin-d by DirectProject.
the class CertUtils method toX509Certificate.
/**
* Converts a byte stream to an X509Certificate. The byte stream can either be an encoded X509Certificate or a PKCS12 byte stream.
* <p>
* If the stream is a PKCS12 representation, then the pass phrase is used to decrypt the stream. In addition the resulting X509Certificate
* implementation will contain the private key.
* @param data The byte stream representation to convert.
* @param passPhrase If the byte stream is a PKCS12 representation, then the then the pass phrase is used to decrypt the stream. Can be
* null if the stream is an encoded X509Certificate and not a PKCS12 byte stream.
* @return An X509Certificate representation of the byte stream.
*/
public static X509Certificate toX509Certificate(byte[] data, String passPhrase) {
if (data == null || data.length == 0)
throw new IllegalArgumentException("Byte stream cannot be null or empty.");
// do not use a null pass phrase
if (passPhrase == null)
passPhrase = "";
if (isByteDataWrappedKeyPair(data)) {
final CertContainer cont = CertUtils.toCertContainer(data, null, null);
return cont.getCert();
}
X509Certificate retVal = null;
ByteArrayInputStream bais = new ByteArrayInputStream(data);
try {
// lets try this a as a PKCS12 data stream first
try {
KeyStore localKeyStore = KeyStore.getInstance("PKCS12", getJCEProviderName());
localKeyStore.load(bais, passPhrase.toCharArray());
Enumeration<String> aliases = localKeyStore.aliases();
// we are really expecting only one alias
if (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
// check if there is private key
Key key = localKeyStore.getKey(alias, passPhrase.toCharArray());
if (key != null && key instanceof PrivateKey) {
retVal = cert;
}
}
} catch (Exception e) {
// must not be a PKCS12 stream, try next step
}
if (retVal == null) {
//try X509 certificate factory next
bais.reset();
bais = new ByteArrayInputStream(data);
retVal = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
}
} catch (Exception e) {
throw new CertificateConversionException("Failed to convert byte stream to a certificate.", e);
} finally {
try {
bais.close();
} catch (IOException ex) {
}
}
return retVal;
}
use of java.security.Key in project nhin-d by DirectProject.
the class CertUtils method pkcs12ToStrippedPkcs12.
/**
* Takes a PKCS12 byte stream and returns a PKCS12 byte stream with the pass phrase protection and encryption removed.
* @param bytes The PKCS12 byte stream that will be stripped.
* @param passphrase The pass phrase of the PKCS12 byte stream. This is used to decrypt the PKCS12 stream.
* @return A PKCS12 byte stream representation of the original PKCS12 stream with the pass phrase protection and encryption removed.
*/
public static byte[] pkcs12ToStrippedPkcs12(byte[] bytes, String passphrase) throws DNSException {
if (bytes == null || bytes.length == 0)
throw new IllegalArgumentException("Pkcs byte stream cannot be null or empty.");
if (passphrase == null)
throw new IllegalArgumentException("Passphrase cannot be null.");
byte[] retVal = null;
final ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
// lets try this a as a PKCS12 data stream first
try {
final KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
localKeyStore.load(bais, passphrase.toCharArray());
final Enumeration<String> aliases = localKeyStore.aliases();
// we are really expecting only one alias
if (aliases.hasMoreElements()) {
final String alias = aliases.nextElement();
X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
// check if there is private key
final Key key = localKeyStore.getKey(alias, "".toCharArray());
if (key != null && key instanceof PrivateKey) {
// now convert to a pcks12 format without the passphrase
final char[] emptyPass = "".toCharArray();
localKeyStore.setKeyEntry("privCert", key, emptyPass, new java.security.cert.Certificate[] { cert });
localKeyStore.store(outStr, emptyPass);
retVal = outStr.toByteArray();
}
}
} catch (Exception e) {
throw new DNSException("Failed to strip encryption for PKCS stream.");
} finally {
try {
bais.close();
} catch (Exception e) {
/* no-op */
}
try {
outStr.close();
} catch (Exception e) {
/* no-op */
}
}
return retVal;
}
use of java.security.Key in project jdk8u_jdk by JetBrains.
the class FinalizeHalf method main.
public static void main(String[] args) throws Throwable {
List<Consumer<Key>> methods = new ArrayList<>();
methods.add((Key k) -> k.getEncoded());
methods.add((Key k) -> k.toString());
for (String algo : new String[] { "DiffieHellman", "DSA", "RSA" }) {
for (Provider provider : Security.getProviders()) {
for (boolean priv : new boolean[] { true, false }) {
for (Consumer<Key> method : methods) {
test(algo, provider, priv, method);
}
}
}
}
if (failures > 0) {
throw new RuntimeException(failures + " test(s) failed.");
}
}
use of java.security.Key in project jdk8u_jdk by JetBrains.
the class FinalizeHalf method test.
static void test(String algo, Provider provider, boolean priv, Consumer<Key> method) throws Exception {
KeyPairGenerator generator;
try {
generator = KeyPairGenerator.getInstance(algo, provider);
} catch (NoSuchAlgorithmException nsae) {
return;
}
System.out.println("Checking " + provider.getName() + ", " + algo);
KeyPair pair = generator.generateKeyPair();
Key key = priv ? pair.getPrivate() : pair.getPublic();
pair = null;
for (int i = 0; i < 32; ++i) {
System.gc();
}
try {
method.accept(key);
} catch (ProviderException pe) {
failures++;
}
}
use of java.security.Key in project jdk8u_jdk by JetBrains.
the class ConvertP12Test method run.
private void run(KeyStore inputKeyStore, KeyStore outputKeyStore, String inKeyPass, String outKeyPass) throws Exception {
Enumeration<String> e = inputKeyStore.aliases();
String alias;
while (e.hasMoreElements()) {
alias = e.nextElement();
Certificate[] certs = inputKeyStore.getCertificateChain(alias);
boolean isCertEntry = inputKeyStore.isCertificateEntry(alias);
// Test KeyStore only contain key pair entries.
if (isCertEntry == true) {
throw new RuntimeException("inputKeystore should not be certEntry because test" + " keystore only contain key pair entries" + " for alias:" + alias);
}
boolean isKeyEntry = inputKeyStore.isKeyEntry(alias);
Key key = null;
if (isKeyEntry) {
key = inputKeyStore.getKey(alias, inKeyPass.toCharArray());
} else {
throw new RuntimeException("Entry type unknown for alias:" + alias);
}
outputKeyStore.setKeyEntry(alias, key, outKeyPass.toCharArray(), certs);
}
}
Aggregations