Examples with Key java.security.Key used on opensource projects

Example 81 with Key

use of java.security.Key in project nhin-d by DirectProject.

the class CertUtils method toX509Certificate.

/**
	 * Converts a byte stream to an X509Certificate.  The byte stream can either be an encoded X509Certificate or a PKCS12 byte stream.  
	 * <p>
	 * If the stream is a PKCS12 representation, then the pass phrase is used to decrypt the stream.  In addition the resulting X509Certificate
	 * implementation will contain the private key.
	 * @param data The byte stream representation to convert.
	 * @param passPhrase  If the byte stream is a PKCS12 representation, then the then the pass phrase is used to decrypt the stream.  Can be
	 * null if the stream is an encoded X509Certificate and not a PKCS12 byte stream.
	 * @return  An X509Certificate representation of the byte stream.
	 */
public static X509Certificate toX509Certificate(byte[] data, String passPhrase) {
    if (data == null || data.length == 0)
        throw new IllegalArgumentException("Byte stream cannot be null or empty.");
    // do not use a null pass phrase
    if (passPhrase == null)
        passPhrase = "";
    if (isByteDataWrappedKeyPair(data)) {
        final CertContainer cont = CertUtils.toCertContainer(data, null, null);
        return cont.getCert();
    }
    X509Certificate retVal = null;
    ByteArrayInputStream bais = new ByteArrayInputStream(data);
    try {
        // lets try this a as a PKCS12 data stream first
        try {
            KeyStore localKeyStore = KeyStore.getInstance("PKCS12", getJCEProviderName());
            localKeyStore.load(bais, passPhrase.toCharArray());
            Enumeration<String> aliases = localKeyStore.aliases();
            // we are really expecting only one alias 
            if (aliases.hasMoreElements()) {
                String alias = aliases.nextElement();
                X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
                // check if there is private key
                Key key = localKeyStore.getKey(alias, passPhrase.toCharArray());
                if (key != null && key instanceof PrivateKey) {
                    retVal = cert;
                }
            }
        } catch (Exception e) {
        // must not be a PKCS12 stream, try next step
        }
        if (retVal == null) {
            //try X509 certificate factory next       
            bais.reset();
            bais = new ByteArrayInputStream(data);
            retVal = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(bais);
        }
    } catch (Exception e) {
        throw new CertificateConversionException("Failed to convert byte stream to a certificate.", e);
    } finally {
        try {
            bais.close();
        } catch (IOException ex) {
        }
    }
    return retVal;
}

Example 82 with Key

use of java.security.Key in project nhin-d by DirectProject.

the class CertUtils method pkcs12ToStrippedPkcs12.

/**
     * Takes a PKCS12 byte stream and returns a PKCS12 byte stream with the pass phrase protection and encryption removed.  
     * @param bytes The PKCS12 byte stream that will be stripped.
     * @param passphrase The pass phrase of the PKCS12 byte stream.  This is used to decrypt the PKCS12 stream.
     * @return A PKCS12 byte stream representation of the original PKCS12 stream with the pass phrase protection and encryption removed.
     */
public static byte[] pkcs12ToStrippedPkcs12(byte[] bytes, String passphrase) throws DNSException {
    if (bytes == null || bytes.length == 0)
        throw new IllegalArgumentException("Pkcs byte stream cannot be null or empty.");
    if (passphrase == null)
        throw new IllegalArgumentException("Passphrase cannot be null.");
    byte[] retVal = null;
    final ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
    final ByteArrayOutputStream outStr = new ByteArrayOutputStream();
    // lets try this a as a PKCS12 data stream first
    try {
        final KeyStore localKeyStore = KeyStore.getInstance("PKCS12", CryptoExtensions.getJCEProviderName());
        localKeyStore.load(bais, passphrase.toCharArray());
        final Enumeration<String> aliases = localKeyStore.aliases();
        // we are really expecting only one alias 
        if (aliases.hasMoreElements()) {
            final String alias = aliases.nextElement();
            X509Certificate cert = (X509Certificate) localKeyStore.getCertificate(alias);
            // check if there is private key
            final Key key = localKeyStore.getKey(alias, "".toCharArray());
            if (key != null && key instanceof PrivateKey) {
                // now convert to a pcks12 format without the passphrase
                final char[] emptyPass = "".toCharArray();
                localKeyStore.setKeyEntry("privCert", key, emptyPass, new java.security.cert.Certificate[] { cert });
                localKeyStore.store(outStr, emptyPass);
                retVal = outStr.toByteArray();
            }
        }
    } catch (Exception e) {
        throw new DNSException("Failed to strip encryption for PKCS stream.");
    } finally {
        try {
            bais.close();
        } catch (Exception e) {
        /* no-op */
        }
        try {
            outStr.close();
        } catch (Exception e) {
        /* no-op */
        }
    }
    return retVal;
}

Example 83 with Key

use of java.security.Key in project jdk8u_jdk by JetBrains.

the class FinalizeHalf method main.

public static void main(String[] args) throws Throwable {
    List<Consumer<Key>> methods = new ArrayList<>();
    methods.add((Key k) -> k.getEncoded());
    methods.add((Key k) -> k.toString());
    for (String algo : new String[] { "DiffieHellman", "DSA", "RSA" }) {
        for (Provider provider : Security.getProviders()) {
            for (boolean priv : new boolean[] { true, false }) {
                for (Consumer<Key> method : methods) {
                    test(algo, provider, priv, method);
                }
            }
        }
    }
    if (failures > 0) {
        throw new RuntimeException(failures + " test(s) failed.");
    }
}

Example 84 with Key

use of java.security.Key in project jdk8u_jdk by JetBrains.

the class FinalizeHalf method test.

static void test(String algo, Provider provider, boolean priv, Consumer<Key> method) throws Exception {
    KeyPairGenerator generator;
    try {
        generator = KeyPairGenerator.getInstance(algo, provider);
    } catch (NoSuchAlgorithmException nsae) {
        return;
    }
    System.out.println("Checking " + provider.getName() + ", " + algo);
    KeyPair pair = generator.generateKeyPair();
    Key key = priv ? pair.getPrivate() : pair.getPublic();
    pair = null;
    for (int i = 0; i < 32; ++i) {
        System.gc();
    }
    try {
        method.accept(key);
    } catch (ProviderException pe) {
        failures++;
    }
}

Example 85 with Key

use of java.security.Key in project jdk8u_jdk by JetBrains.

the class ConvertP12Test method run.

private void run(KeyStore inputKeyStore, KeyStore outputKeyStore, String inKeyPass, String outKeyPass) throws Exception {
    Enumeration<String> e = inputKeyStore.aliases();
    String alias;
    while (e.hasMoreElements()) {
        alias = e.nextElement();
        Certificate[] certs = inputKeyStore.getCertificateChain(alias);
        boolean isCertEntry = inputKeyStore.isCertificateEntry(alias);
        // Test KeyStore only contain key pair entries.
        if (isCertEntry == true) {
            throw new RuntimeException("inputKeystore should not be certEntry because test" + " keystore only contain key pair entries" + " for alias:" + alias);
        }
        boolean isKeyEntry = inputKeyStore.isKeyEntry(alias);
        Key key = null;
        if (isKeyEntry) {
            key = inputKeyStore.getKey(alias, inKeyPass.toCharArray());
        } else {
            throw new RuntimeException("Entry type unknown for alias:" + alias);
        }
        outputKeyStore.setKeyEntry(alias, key, outKeyPass.toCharArray(), certs);
    }
}