Example 36 with KeyStore
use of java.security.KeyStore in project gitblit by gitblit.
the class X509Utils method getPrivateKey.
/**
* Retrieves the private key for the specified alias from the certificate
* store.
*
* @param alias
* @param storeFile
* @param storePassword
* @return the private key
*/
public static PrivateKey getPrivateKey(String alias, File storeFile, String storePassword) {
try {
KeyStore store = openKeyStore(storeFile, storePassword);
PrivateKey key = (PrivateKey) store.getKey(alias, storePassword.toCharArray());
return key;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
PrivateKey(java.security.PrivateKey)
KeyStore(java.security.KeyStore)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 37 with KeyStore
use of java.security.KeyStore in project gitblit by gitblit.
the class X509Utils method newCertificateAuthority.
/**
* Creates a new certificate authority PKCS#12 store. This function will
* destroy any existing CA store.
*
* @param metadata
* @param storeFile
* @param keystorePassword
* @param x509log
* @return
*/
public static X509Certificate newCertificateAuthority(X509Metadata metadata, File storeFile, X509Log x509log) {
try {
KeyPair caPair = newKeyPair();
ContentSigner caSigner = new JcaContentSignerBuilder(SIGNING_ALGORITHM).setProvider(BC).build(caPair.getPrivate());
// clone metadata
X509Metadata caMetadata = metadata.clone(CA_CN, metadata.password);
X500Name issuerDN = buildDistinguishedName(caMetadata);
// Generate self-signed certificate
X509v3CertificateBuilder caBuilder = new JcaX509v3CertificateBuilder(issuerDN, BigInteger.valueOf(System.currentTimeMillis()), caMetadata.notBefore, caMetadata.notAfter, issuerDN, caPair.getPublic());
JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
caBuilder.addExtension(X509Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(caPair.getPublic()));
caBuilder.addExtension(X509Extension.authorityKeyIdentifier, false, extUtils.createAuthorityKeyIdentifier(caPair.getPublic()));
caBuilder.addExtension(X509Extension.basicConstraints, false, new BasicConstraints(true));
caBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider(BC);
X509Certificate cert = converter.getCertificate(caBuilder.build(caSigner));
// confirm the validity of the CA certificate
cert.checkValidity(new Date());
cert.verify(cert.getPublicKey());
// Delete existing keystore
if (storeFile.exists()) {
storeFile.delete();
}
// Save private key and certificate to new keystore
KeyStore store = openKeyStore(storeFile, caMetadata.password);
store.setKeyEntry(CA_ALIAS, caPair.getPrivate(), caMetadata.password.toCharArray(), new Certificate[] { cert });
saveKeyStore(storeFile, store, caMetadata.password);
x509log.log(MessageFormat.format("New CA certificate {0,number,0} [{1}]", cert.getSerialNumber(), cert.getIssuerDN().getName()));
// update serial number in metadata object
caMetadata.serialNumber = cert.getSerialNumber().toString();
return cert;
} catch (Throwable t) {
throw new RuntimeException("Failed to generate Gitblit CA certificate!", t);
}
}
Also used :
JcaX509ExtensionUtils(org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils)
KeyPair(java.security.KeyPair)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
KeyUsage(org.bouncycastle.asn1.x509.KeyUsage)
X500Name(org.bouncycastle.asn1.x500.X500Name)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Date(java.util.Date)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BasicConstraints(org.bouncycastle.asn1.x509.BasicConstraints)
Example 38 with KeyStore
use of java.security.KeyStore in project gitblit by gitblit.
the class X509Utils method addTrustedCertificate.
/**
* Imports a certificate into the trust store.
*
* @param alias
* @param cert
* @param storeFile
* @param storePassword
*/
public static void addTrustedCertificate(String alias, X509Certificate cert, File storeFile, String storePassword) {
try {
KeyStore store = openKeyStore(storeFile, storePassword);
store.setCertificateEntry(alias, cert);
saveKeyStore(storeFile, store, storePassword);
} catch (Exception e) {
throw new RuntimeException("Failed to import certificate into trust store " + storeFile, e);
}
}
Also used :
KeyStore(java.security.KeyStore)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 39 with KeyStore
use of java.security.KeyStore in project gitblit by gitblit.
the class X509Utils method getCertificate.
/**
* Retrieves the X509 certificate with the specified alias from the certificate
* store.
*
* @param alias
* @param storeFile
* @param storePassword
* @return the certificate
*/
public static X509Certificate getCertificate(String alias, File storeFile, String storePassword) {
try {
KeyStore store = openKeyStore(storeFile, storePassword);
X509Certificate caCert = (X509Certificate) store.getCertificate(alias);
return caCert;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
Also used :
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Example 40 with KeyStore
use of java.security.KeyStore in project gitblit by gitblit.
the class X509Utils method revoke.
/**
* Revoke a certificate.
*
* @param cert
* @param reason
* @param caRevocationList
* @param caKeystoreFile
* @param caKeystorePassword
* @param x509log
* @return true if the certificate has been revoked
*/
public static boolean revoke(X509Certificate cert, RevocationReason reason, File caRevocationList, File caKeystoreFile, String caKeystorePassword, X509Log x509log) {
try {
// read the Gitblit CA key and certificate
KeyStore store = openKeyStore(caKeystoreFile, caKeystorePassword);
PrivateKey caPrivateKey = (PrivateKey) store.getKey(CA_ALIAS, caKeystorePassword.toCharArray());
return revoke(cert, reason, caRevocationList, caPrivateKey, x509log);
} catch (Exception e) {
logger.error(MessageFormat.format("Failed to revoke certificate {0,number,0} [{1}] in {2}", cert.getSerialNumber(), cert.getSubjectDN().getName(), caRevocationList));
}
return false;
}
Also used :
PrivateKey(java.security.PrivateKey)
KeyStore(java.security.KeyStore)
OperatorCreationException(org.bouncycastle.operator.OperatorCreationException)
SignatureException(java.security.SignatureException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
CertPathBuilderException(java.security.cert.CertPathBuilderException)
IOException(java.io.IOException)
Aggregations
KeyStore (java.security.KeyStore)899
IOException (java.io.IOException)226
X509Certificate (java.security.cert.X509Certificate)216
FileInputStream (java.io.FileInputStream)186
InputStream (java.io.InputStream)177
KeyStoreException (java.security.KeyStoreException)174
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)165
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)146
Certificate (java.security.cert.Certificate)144
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)136
SSLContext (javax.net.ssl.SSLContext)130
CertificateException (java.security.cert.CertificateException)115
PrivateKey (java.security.PrivateKey)104
File (java.io.File)95
CertificateFactory (java.security.cert.CertificateFactory)80
ByteArrayInputStream (java.io.ByteArrayInputStream)78
UnrecoverableKeyException (java.security.UnrecoverableKeyException)64
Key (java.security.Key)63
TrustManager (javax.net.ssl.TrustManager)60
Test (org.junit.Test)54
