Search in sources :

Example 21 with KeyStoreException

use of java.security.KeyStoreException in project OpenAM by OpenRock.

the class WebServicesClients method getValidValues.

/**
     * Returns certificate subject DNs in the KeyStore as possible values. 
     *
     * @param token the <code>SSOToken</code>
     * @param pattern the pattern to match with valid values.
     *
     * @return <code>ValidValues</code> object wiht certificate subject DNs.
     *
     * @exception SSOException if SSO token is not valid
     * @exception PolicyException if unable to get the list of valid names.
     */
public ValidValues getValidValues(SSOToken token, String pattern) throws SSOException, PolicyException {
    // TODO: ignoring the pattern for now. Do we need to take care of it?
    // probably we can ignore for this subject.
    Set subjects = new HashSet();
    try {
        KeyProvider kp = null;
        try {
            kp = (KeyProvider) Class.forName(SystemConfigurationUtil.getProperty(SAMLConstants.KEY_PROVIDER_IMPL_CLASS, SAMLConstants.JKS_KEY_PROVIDER)).newInstance();
        } catch (ClassNotFoundException cnfe) {
            debug.error("WebServicesClients.getValidValues(): " + " Couldn't find the class.", cnfe);
            kp = null;
        } catch (InstantiationException ie) {
            debug.error("WebServicesClients.getValidValues(): " + " Couldn't instantiate the key provider instance.", ie);
            kp = null;
        } catch (IllegalAccessException iae) {
            debug.error("WebServicesClients.getValidValues(): " + " Couldn't access the default constructor.", iae);
            kp = null;
        }
        if (kp != null) {
            KeyStore ks = kp.getKeyStore();
            if (ks != null) {
                Enumeration aliases = ks.aliases();
                while (aliases.hasMoreElements()) {
                    String alias = (String) aliases.nextElement();
                    if (debug.messageEnabled()) {
                        debug.message("WSClient.getValidValues: alias=" + alias);
                    }
                    // TODO: need to take care of certificate chaining
                    if (ks.isCertificateEntry(alias)) {
                        debug.message("WSClient.getValidValues: " + "alias is trusted.");
                        X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
                        if (cert != null) {
                            debug.message("WSClient.getValidValues:cert " + "not null");
                            String name = CertUtils.getSubjectName(cert);
                            if (name != null && name.length() != 0) {
                                subjects.add(name);
                            }
                        } else {
                            debug.message("WSClient.getValidValues: " + "cert is null");
                        }
                    } else {
                        debug.message("WSClient.getValidValues:alias " + "not trusted.");
                    }
                }
            }
        }
    } catch (KeyStoreException kse) {
        if (debug.warningEnabled()) {
            debug.warning("WebServicesClients: couldn't get subjects", kse);
        }
        String[] objs = { kse.getMessage() };
        throw (new PolicyException(ResBundleUtils.rbName, "can_not_get_subject_values", objs, kse));
    }
    return (new ValidValues(ValidValues.SUCCESS, subjects));
}
Also used : KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider) HashSet(java.util.HashSet) Set(java.util.Set) Enumeration(java.util.Enumeration) ValidValues(com.sun.identity.policy.ValidValues) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) PolicyException(com.sun.identity.policy.PolicyException) HashSet(java.util.HashSet)

Example 22 with KeyStoreException

use of java.security.KeyStoreException in project android_frameworks_base by ResurrectionRemix.

the class AndroidKeyStoreTest method testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure.

public void testKeyStore_SetCertificate_PrivateKeyExists_Encrypted_Failure() throws Exception {
    setupPassword();
    mKeyStore.load(null, null);
    assertTrue(mAndroidKeyStore.importKey(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1, FAKE_RSA_KEY_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
    assertTrue(mAndroidKeyStore.put(Credentials.USER_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_USER_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
    assertTrue(mAndroidKeyStore.put(Credentials.CA_CERTIFICATE + TEST_ALIAS_1, FAKE_RSA_CA_1, KeyStore.UID_SELF, KeyStore.FLAG_ENCRYPTED));
    assertAliases(new String[] { TEST_ALIAS_1 });
    final CertificateFactory f = CertificateFactory.getInstance("X.509");
    final Certificate cert = f.generateCertificate(new ByteArrayInputStream(FAKE_RSA_CA_1));
    try {
        mKeyStore.setCertificateEntry(TEST_ALIAS_1, cert);
        fail("Should throw when trying to overwrite a PrivateKey entry with a Certificate");
    } catch (KeyStoreException success) {
    }
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) KeyStoreException(java.security.KeyStoreException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 23 with KeyStoreException

use of java.security.KeyStoreException in project android_frameworks_base by ResurrectionRemix.

the class OSUManager method deleteCerts.

private static int deleteCerts(KeyStore keyStore, String fqdn, String... prefixes) {
    int count = 0;
    for (String prefix : prefixes) {
        try {
            String alias = prefix + fqdn;
            Certificate cert = keyStore.getCertificate(alias);
            if (cert != null) {
                keyStore.deleteEntry(alias);
                count++;
            }
        } catch (KeyStoreException kse) {
        /**/
        }
    }
    return count;
}
Also used : KeyStoreException(java.security.KeyStoreException) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 24 with KeyStoreException

use of java.security.KeyStoreException in project OpenAM by OpenRock.

the class SoapSTSAgentCredentialsAccessImpl method decryptAgentPassword.

private String decryptAgentPassword(String encryptedAgentPassword, KeyStore soapSTSInternalKeystore) throws STSInitializationException {
    try {
        KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry) soapSTSInternalKeystore.getEntry(SharedSTSConstants.AM_INTERNAL_PEK_ALIAS, new KeyStore.PasswordProtection(SharedSTSConstants.AM_INTERNAL_SOAP_STS_KEYSTORE_PW.toCharArray()));
        JCEEncryption jceEncryption = new JCEEncryption();
        final byte[] decodedPassword = Base64.decode(encryptedAgentPassword);
        try {
            jceEncryption.setPassword(new String(entry.getSecretKey().getEncoded(), StandardCharsets.UTF_8));
            final byte[] decryptedPassword = jceEncryption.decrypt(decodedPassword);
            return new String(decryptedPassword, StandardCharsets.UTF_8);
        } catch (Exception e) {
            throw new STSInitializationException(ResourceException.INTERNAL_ERROR, e.getMessage(), e);
        }
    } catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
        throw new STSInitializationException(ResourceException.INTERNAL_ERROR, e.getMessage(), e);
    }
}
Also used : JCEEncryption(com.iplanet.services.util.JCEEncryption) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) STSInitializationException(org.forgerock.openam.sts.STSInitializationException) KeyStoreException(java.security.KeyStoreException) ResourceException(org.forgerock.json.resource.ResourceException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnrecoverableEntryException(java.security.UnrecoverableEntryException) STSInitializationException(org.forgerock.openam.sts.STSInitializationException) UnrecoverableEntryException(java.security.UnrecoverableEntryException)

Example 25 with KeyStoreException

use of java.security.KeyStoreException in project Tusky by Vavassor.

the class OkHttpUtils method enableHigherTlsOnPreLollipop.

private static OkHttpClient.Builder enableHigherTlsOnPreLollipop(OkHttpClient.Builder builder) {
    if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
            }
            X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, new TrustManager[] { trustManager }, null);
            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
            builder.sslSocketFactory(new SSLSocketFactoryCompat(sslSocketFactory), trustManager);
        } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
            Log.e(TAG, "Failed enabling TLS 1.1 & 1.2. " + e.getMessage());
        }
    }
    return builder;
}
Also used : X509TrustManager(javax.net.ssl.X509TrustManager) TrustManagerFactory(javax.net.ssl.TrustManagerFactory) SSLContext(javax.net.ssl.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) KeyManagementException(java.security.KeyManagementException) TrustManager(javax.net.ssl.TrustManager) X509TrustManager(javax.net.ssl.X509TrustManager)

Aggregations

KeyStoreException (java.security.KeyStoreException)797 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)506 IOException (java.io.IOException)409 KeyStore (java.security.KeyStore)359 CertificateException (java.security.cert.CertificateException)353 UnrecoverableKeyException (java.security.UnrecoverableKeyException)194 X509Certificate (java.security.cert.X509Certificate)189 KeyManagementException (java.security.KeyManagementException)172 Certificate (java.security.cert.Certificate)132 InputStream (java.io.InputStream)103 SSLContext (javax.net.ssl.SSLContext)103 TrustManagerFactory (javax.net.ssl.TrustManagerFactory)95 FileInputStream (java.io.FileInputStream)94 File (java.io.File)80 PrivateKey (java.security.PrivateKey)71 TrustManager (javax.net.ssl.TrustManager)70 FileNotFoundException (java.io.FileNotFoundException)61 ByteArrayInputStream (java.io.ByteArrayInputStream)58 CertificateFactory (java.security.cert.CertificateFactory)58 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)53