Examples with TrustedCertificateEntry java.security.KeyStore.TrustedCertificateEntry used on opensource projects

Example 1 with TrustedCertificateEntry

use of java.security.KeyStore.TrustedCertificateEntry in project platformlayer by platformlayer.

the class KeyStoreEncryptionStore method main.

public static void main(String[] args) throws Exception {
    if (!args[0].equals("explode")) {
        throw new IllegalStateException();
    }
    char[] password = "notasecret".toCharArray();
    ProtectionParameter protParam = new KeyStore.PasswordProtection(password);
    KeyStore keyStore = KeyStoreUtils.load(new File(args[1]));
    File dest = new File(args[2]);
    dest.mkdirs();
    Enumeration<String> aliases = keyStore.aliases();
    while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        if (keyStore.isKeyEntry(alias)) {
            Entry entry = keyStore.getEntry(alias, protParam);
            PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) entry;
            {
                X509Certificate[] certificateChain = toX509(privateKeyEntry.getCertificateChain());
                String encoded = CertificateUtils.toPem(certificateChain);
                File out = new File(dest, alias + ".crt");
                Files.write(encoded, out, Charsets.UTF_8);
            }
            {
                PrivateKey key = privateKeyEntry.getPrivateKey();
                String encoded = PrivateKeys.toPem(key);
                File out = new File(dest, alias + ".key");
                Files.write(encoded, out, Charsets.UTF_8);
            }
        }
        if (keyStore.isCertificateEntry(alias)) {
            Entry entry = keyStore.getEntry(alias, null);
            TrustedCertificateEntry trustedCertificateEntry = (TrustedCertificateEntry) entry;
            X509Certificate cert = (X509Certificate) trustedCertificateEntry.getTrustedCertificate();
            String encoded = CertificateUtils.toPem(cert);
            File out = new File(dest, alias + ".crt");
            Files.write(encoded, out, Charsets.UTF_8);
        }
    }
}

Example 2 with TrustedCertificateEntry

use of java.security.KeyStore.TrustedCertificateEntry in project robovm by robovm.

the class TestKeyStore method issuer.

/**
     * Return the issuing CA certificate of the given
     * certificate. Throws IllegalStateException if there are are more
     * or less than one.
     */
public static Certificate issuer(KeyStore keyStore, Certificate c) throws Exception {
    if (!(c instanceof X509Certificate)) {
        throw new IllegalStateException("issuer requires an X509Certificate, found " + c);
    }
    X509Certificate cert = (X509Certificate) c;
    Certificate found = null;
    for (String alias : Collections.list(keyStore.aliases())) {
        if (!keyStore.entryInstanceOf(alias, TrustedCertificateEntry.class)) {
            continue;
        }
        TrustedCertificateEntry certificateEntry = (TrustedCertificateEntry) keyStore.getEntry(alias, null);
        Certificate certificate = certificateEntry.getTrustedCertificate();
        if (!(certificate instanceof X509Certificate)) {
            continue;
        }
        X509Certificate x = (X509Certificate) certificate;
        if (!cert.getIssuerDN().equals(x.getSubjectDN())) {
            continue;
        }
        if (found != null) {
            throw new IllegalStateException("KeyStore has more than one issuing CA for " + cert + "\nfirst: " + found + "\nsecond: " + certificate);
        }
        found = certificate;
    }
    if (found == null) {
        throw new IllegalStateException("KeyStore contained no issuing CA for " + cert);
    }
    return found;
}

Example 3 with TrustedCertificateEntry

use of java.security.KeyStore.TrustedCertificateEntry in project platform_frameworks_base by android.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    // Start with PrivateKeyEntry
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] expectedChain = new Certificate[2];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        expectedChain[1] = caCert;
        PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
    }
    // Replace with TrustedCertificateEntry
    {
        TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type TrustedCertificateEntry", actualEntry instanceof TrustedCertificateEntry);
        TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
        assertEquals("Stored and retrieved certificates should be the same", expectedCertEntry.getTrustedCertificate(), actualCertEntry.getTrustedCertificate());
    }
}

Example 4 with TrustedCertificateEntry

use of java.security.KeyStore.TrustedCertificateEntry in project android_frameworks_base by DirtyUnicorns.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success.

public void testKeyStore_SetEntry_PrivateKeyEntry_Overwrites_CAEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    // Start with PrivateKeyEntry
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] expectedChain = new Certificate[2];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        expectedChain[1] = caCert;
        PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
    }
    // Replace with TrustedCertificateEntry
    {
        TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type TrustedCertificateEntry", actualEntry instanceof TrustedCertificateEntry);
        TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
        assertEquals("Stored and retrieved certificates should be the same", expectedCertEntry.getTrustedCertificate(), actualCertEntry.getTrustedCertificate());
    }
}

Example 5 with TrustedCertificateEntry

use of java.security.KeyStore.TrustedCertificateEntry in project android_frameworks_base by AOSPA.

the class AndroidKeyStoreTest method testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Encrypted_Success.

public void testKeyStore_SetEntry_CAEntry_Overwrites_PrivateKeyEntry_Encrypted_Success() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    // Start with TrustedCertificateEntry
    {
        final Certificate caCert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
        TrustedCertificateEntry expectedCertEntry = new TrustedCertificateEntry(caCert);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedCertEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type TrustedCertificateEntry", actualEntry instanceof TrustedCertificateEntry);
        TrustedCertificateEntry actualCertEntry = (TrustedCertificateEntry) actualEntry;
        assertEquals("Stored and retrieved certificates should be the same", expectedCertEntry.getTrustedCertificate(), actualCertEntry.getTrustedCertificate());
    }
    // Replace with PrivateKeyEntry
    {
        KeyFactory keyFact = KeyFactory.getInstance("RSA");
        PrivateKey expectedKey = keyFact.generatePrivate(new PKCS8EncodedKeySpec(FAKE_RSA_KEY_1));
        final Certificate[] expectedChain = new Certificate[2];
        expectedChain[0] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_USER_1));
        expectedChain[1] = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
        PrivateKeyEntry expectedPrivEntry = new PrivateKeyEntry(expectedKey, expectedChain);
        mKeyStore.setEntry(TEST_ALIAS_1, expectedPrivEntry, null);
        Entry actualEntry = mKeyStore.getEntry(TEST_ALIAS_1, null);
        assertNotNull("Retrieved entry should exist", actualEntry);
        assertTrue("Retrieved entry should be of type PrivateKeyEntry", actualEntry instanceof PrivateKeyEntry);
        PrivateKeyEntry actualPrivEntry = (PrivateKeyEntry) actualEntry;
        assertPrivateKeyEntryEquals(actualPrivEntry, "RSA", FAKE_RSA_KEY_1, FAKE_RSA_USER_1, FAKE_RSA_CA_1);
    }
}