Examples with PrivateKeyEntry java.security.KeyStore.PrivateKeyEntry used on opensource projects

Search in sources :

Example 51 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by crdroidandroid.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate[] expectedChain = new Certificate[2];
    expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
    expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
    mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
    Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull("Retrieved entry should exist", actualEntry);
    assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
    PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
    assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 52 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by crdroidandroid.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_RSA_Unencrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_RSA_Unencrypted_Success() throws Exception {
    mKeyStore.load(null, null);
    KeyFactory keyFact = KeyFactory.getInstance("RSA");
    PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate[] expectedChain = new Certificate[2];
    expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
    expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    PrivateKeyEntry expected = new PrivateKeyEntry(expectedKey, expectedChain);
    mKeyStore.setEntry(TEST_ALIAS_1, expected, null);
    Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
    assertNotNull("Retrieved entry should exist", actualEntry);
    assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
    PrivateKeyEntry actual = (PrivateKeyEntry) actualEntry;
    assertPrivateKeyEntryEquals(actual, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 53 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by crdroidandroid.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    // Start with PrivateKeyEntry
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] expectedChain = new Certificate[2];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        expectedChain[1] = caCert;
        PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
    }
    // Replace with TrustedCertificateEntry
    {
        TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type TrustedCertificateEntry", actualEntry instanceof TrustedCertificateEntry);
        TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
        assertEquals("Stored and retrieved certificates should be the same", expectedCertEntry.getTrustedCertificate(), actualCertEntry.getTrustedCertificate());
    }
}
Also used : TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) Entry(java.security.KeyStore.Entry) PrivateKey(java.security.PrivateKey) ByteArrayInputStream(java.io.ByteArrayInputStream) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) CertificateFactory(java.security.cert.CertificateFactory) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) KeyFactory(java.security.KeyFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) TrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry)

Example 54 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project bnd by bndtools.

the class Signer method signJar.

public void signJar(Jar jar) {
    if (digestNames == null || digestNames.length == 0)
        error("Need at least one digest algorithm name, none are specified");
    if (keystoreFile == null || !keystoreFile.getAbsoluteFile().exists()) {
        error("No such keystore file: %s", keystoreFile);
        return;
    }
    if (alias == null) {
        error("Private key alias not set for signing");
        return;
    }
    MessageDigest[] digestAlgorithms = new MessageDigest[digestNames.length];
    getAlgorithms(digestNames, digestAlgorithms);
    try {
        Manifest manifest = jar.getManifest();
        manifest.getMainAttributes().putValue("Signed-By", "Bnd");
        // Create a new manifest that contains the
        // Name parts with the specified digests
        ByteArrayOutputStream o = new ByteArrayOutputStream();
        manifest.write(o);
        doManifest(jar, digestNames, digestAlgorithms, o);
        o.flush();
        byte[] newManifestBytes = o.toByteArray();
        jar.putResource("META-INF/MANIFEST.MF", new EmbeddedResource(newManifestBytes, 0));
        // Use the bytes from the new manifest to create
        // a signature file
        byte[] signatureFileBytes = doSignatureFile(digestNames, digestAlgorithms, newManifestBytes);
        jar.putResource("META-INF/BND.SF", new EmbeddedResource(signatureFileBytes, 0));
        // Now we must create an RSA signature
        // this requires the private key from the keystore
        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        KeyStore.PrivateKeyEntry privateKeyEntry = null;
        try (InputStream keystoreInputStream = IO.stream(keystoreFile)) {
            char[] pw = password == null ? new char[0] : password.toCharArray();
            keystore.load(keystoreInputStream, pw);
            keystoreInputStream.close();
            privateKeyEntry = (PrivateKeyEntry) keystore.getEntry(alias, new KeyStore.PasswordProtection(pw));
        } catch (Exception e) {
            exception(e, "Not able to load the private key from the given keystore(%s) with alias %s", keystoreFile.getAbsolutePath(), alias);
            return;
        }
        PrivateKey privateKey = privateKeyEntry.getPrivateKey();
        Signature signature = Signature.getInstance("MD5withRSA");
        signature.initSign(privateKey);
        signature.update(signatureFileBytes);
        signature.sign();
        // TODO, place the SF in a PCKS#7 structure ...
        // no standard class for this? The following
        // is an idea but we will to have do ASN.1 BER
        // encoding ...
        ByteArrayOutputStream tmpStream = new ByteArrayOutputStream();
        jar.putResource("META-INF/BND.RSA", new EmbeddedResource(tmpStream.toByteArray(), 0));
    } catch (Exception e) {
        exception(e, "During signing: %s", e);
    }
}
Also used : PrivateKey(java.security.PrivateKey) InputStream(java.io.InputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) Manifest(java.util.jar.Manifest) KeyStore(java.security.KeyStore) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) EmbeddedResource(aQute.bnd.osgi.EmbeddedResource) Signature(java.security.Signature) MessageDigest(java.security.MessageDigest)

Example 55 with PrivateKeyEntry

use of java.security.KeyStore.PrivateKeyEntry in project android_frameworks_base by DirtyUnicorns.

the class AndroidKeyStoreSpi method engineSetEntry.

@Override
public void engineSetEntry(String alias, Entry entry, ProtectionParameter param) throws KeyStoreException {
    if (entry == null) {
        throw new KeyStoreException("entry == null");
    }
    Credentials.deleteAllTypesForAlias(mKeyStore, alias, mUid);
    if (entry instanceof java.security.KeyStore.TrustedCertificateEntry) {
        java.security.KeyStore.TrustedCertificateEntry trE = (java.security.KeyStore.TrustedCertificateEntry) entry;
        engineSetCertificateEntry(alias, trE.getTrustedCertificate());
        return;
    }
    if (entry instanceof PrivateKeyEntry) {
        PrivateKeyEntry prE = (PrivateKeyEntry) entry;
        setPrivateKeyEntry(alias, prE.getPrivateKey(), prE.getCertificateChain(), param);
    } else if (entry instanceof SecretKeyEntry) {
        SecretKeyEntry secE = (SecretKeyEntry) entry;
        setSecretKeyEntry(alias, secE.getSecretKey(), param);
    } else {
        throw new KeyStoreException("Entry must be a PrivateKeyEntry, SecretKeyEntry or TrustedCertificateEntry" + "; was " + entry);
    }
}
Also used : KeyStoreException(java.security.KeyStoreException) SecretKeyEntry(java.security.KeyStore.SecretKeyEntry) KeyStore(android.security.KeyStore) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)

Aggregations

PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)111 Entry (java.security.KeyStore.Entry)79 TrustedCertificateEntry (java.security.KeyStore.TrustedCertificateEntry)77 PrivateKey (java.security.PrivateKey)74 X509Certificate (java.security.cert.X509Certificate)64 ByteArrayInputStream (java.io.ByteArrayInputStream)62 CertificateFactory (java.security.cert.CertificateFactory)61 KeyFactory (java.security.KeyFactory)59 Certificate (java.security.cert.Certificate)59 PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)59 KeyStoreException (java.security.KeyStoreException)20 KeyStore (java.security.KeyStore)13 RSAPrivateKey (java.security.interfaces.RSAPrivateKey)10 IOException (java.io.IOException)9 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)9 CertificateException (java.security.cert.CertificateException)7 KeyStore (android.security.KeyStore)6 PublicKey (java.security.PublicKey)6 Cipher (javax.crypto.Cipher)6 SecretKey (javax.crypto.SecretKey)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial