static List<CertificateEntries> create(KeyStore keystore) throws GeneralSecurityException { Enumeration<String> aliases = keystore.aliases(); List<CertificateEntries> entries = new ArrayList<>(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); Certificate cert = keystore.getCertificate(alias); if (cert instanceof X509Certificate) entries.add(new CertificateEntries((X509Certificate) cert)); } return entries; }
public static TrustManager[] initTrustStore(File tlsClientAuthCertFile) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException { final KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(null, null); loadCertificates(trustStore, tlsClientAuthCertFile, CertificateFactory.getInstance("X.509")); if (LOG.isDebugEnabled()) { LOG.debug("Client authentication certificate file: {}", tlsClientAuthCertFile); LOG.debug("Aliases: {}", join(trustStore.aliases())); } final TrustManagerFactory instance = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); instance.init(trustStore); return instance.getTrustManagers(); }
/** * Returns a collection of all x.509 certificates in this store. Certificates returned by this method can be of any * state (eg: invalid, on a revocation list, etc). * * @return A collection (possibly empty, never null) of all certificates in this store, mapped by their alias. */ public Map<String, X509Certificate> getAllCertificates() throws KeyStoreException { final Map<String, X509Certificate> results = new HashMap<>(); for ( final String alias : Collections.list( store.aliases() ) ) { final Certificate certificate = store.getCertificate( alias ); if ( !( certificate instanceof X509Certificate ) ) { continue; } results.put( alias, (X509Certificate) certificate ); } return results; }
public class TestClass { public static void main(String[] args) throws Exception { KeyStore p12 = KeyStore.getInstance("pkcs12"); p12.load(new FileInputStream("pkcs.p12"), "password".toCharArray()); Enumeration e = p12.aliases(); while (e.hasMoreElements()) { String alias = (String) e.nextElement(); X509Certificate c = (X509Certificate) p12.getCertificate(alias); Principal subject = c.getSubjectDN(); String subjectArray[] = subject.toString().split(","); for (String s : subjectArray) { String[] str = s.trim().split("="); String key = str[0]; String value = str[1]; System.out.println(key + " - " + value); } } } }
@Override public List<String> getKeys() throws IOException { readLock.lock(); try { ArrayList<String> list = new ArrayList<String>(); String alias = null; try { Enumeration<String> e = keyStore.aliases(); while (e.hasMoreElements()) { alias = e.nextElement(); // only include the metadata key names in the list of names if (!alias.contains("@")) { list.add(alias); } } } catch (KeyStoreException e) { throw new IOException("Can't get key " + alias + " from " + path, e); } return list; } finally { readLock.unlock(); } }
@Override protected synchronized void engineInit(KeyStore keyStore, char[] chars) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { if (providerFactory != null) { throw new KeyStoreException("Already initialized"); } if (!keyStore.aliases().hasMoreElements()) { throw new KeyStoreException("No aliases found"); } kmf.init(keyStore, chars); providerFactory = new ProviderFactory(ReferenceCountedOpenSslContext.chooseX509KeyManager( kmf.getKeyManagers()), password(chars), Collections.list(keyStore.aliases())); }
/** * Returns the certificate contained in the keystore. * * @return The certificate that will be used to try to open the document. * * @throws KeyStoreException If there is an error accessing the certificate. */ public X509Certificate getCertificate() throws KeyStoreException { if(keyStore.size() == 1) { Enumeration<String> aliases = keyStore.aliases(); String keyStoreAlias = aliases.nextElement(); return (X509Certificate)keyStore.getCertificate(keyStoreAlias); } else { if(keyStore.containsAlias(alias)) { return (X509Certificate)keyStore.getCertificate(alias); } throw new KeyStoreException("the keystore does not contain the given alias"); } }
/** * Android Central Keystore repo usually located on /data/misc/keychain * including the system trusted anchors located on /system/etc/security */ KeyStore keyStore = KetStore.getInstance("AndroidCAStore"); keyStore.load(null, null); //Load default system keystore Enumeration<String> keyAliases = keyStore.aliases(); while(keyAliases.hasMoreElements()){ String alias = aliases.nextElement(); X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias); //<User cert in whatever way you want> }
private void populateMap() { try { final KeyStore keyStore = KeyStore.getInstance("JKS"); final char[] passPhrase = this.pubKeyPass != null ? this.pubKeyPass.toCharArray() : null; final FileInputStream keyStoreFile = new FileInputStream(this.pubKeyFilePath); try { keyStore.load(keyStoreFile, passPhrase); } finally { keyStoreFile.close(); } for (Enumeration e = keyStore.aliases(); e.hasMoreElements();) { final Object alias = e.nextElement(); final Certificate cert = keyStore.getCertificate((String) alias); if (cert instanceof X509Certificate) { this.aliasCertificateMap.put(alias, cert); } } } catch (Exception e) { throw new AuthenticationFailedException( "Exception while getting public keys: " + e.getMessage(), e); } }
public OpenfireX509TrustManager( KeyStore trustStore, boolean acceptSelfSigned, boolean checkValidity ) throws NoSuchAlgorithmException, KeyStoreException { this.acceptSelfSigned = acceptSelfSigned; this.checkValidity = checkValidity; // Retrieve all trusted certificates from the store, but don't validate them just yet! final Set<X509Certificate> trusted = new HashSet<>(); final Enumeration<String> aliases = trustStore.aliases(); while ( aliases.hasMoreElements() ) { final String alias = aliases.nextElement(); if ( trustStore.isCertificateEntry( alias ) ) { final Certificate certificate = trustStore.getCertificate( alias ); if ( certificate instanceof X509Certificate ) { trusted.add( (X509Certificate) certificate ); } } } trustedIssuers = Collections.unmodifiableSet( trusted ); Log.debug( "Constructed trust manager. Number of trusted issuers: {}, accepts self-signed: {}, checks validity: {}", trustedIssuers.size(), acceptSelfSigned, checkValidity ); }
public List<String> listEntries() throws EsHadoopSecurityException { try { List<String> entries = new ArrayList<String>(keyStore.size()); Enumeration<String> aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); entries.add(alias); } return entries; } catch (KeyStoreException e) { throw new EsHadoopSecurityException("Could not read aliases from keystore", e); } }
@Override protected synchronized void engineInit(KeyStore keyStore, char[] chars) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { if (providerFactory != null) { throw new KeyStoreException("Already initialized"); } if (!keyStore.aliases().hasMoreElements()) { throw new KeyStoreException("No aliases found"); } kmf.init(keyStore, chars); providerFactory = new ProviderFactory(ReferenceCountedOpenSslContext.chooseX509KeyManager( kmf.getKeyManagers()), password(chars), Collections.list(keyStore.aliases())); }
public static KeyManager[] initKeyStore(File tlsKeyFile, File tlsCertFile, String tlsKeyPassword) throws IOException, GeneralSecurityException { final KeyStore ks = KeyStore.getInstance("JKS"); ks.load(null, null); final Collection<? extends Certificate> certChain = loadCertificates(tlsCertFile.toPath()); final PrivateKey privateKey = loadPrivateKey(tlsKeyFile, tlsKeyPassword); final char[] password = Strings.nullToEmpty(tlsKeyPassword).toCharArray(); ks.setKeyEntry("key", privateKey, password, certChain.toArray(new Certificate[certChain.size()])); if (LOG.isDebugEnabled()) { LOG.debug("Private key file: {}", tlsKeyFile); LOG.debug("Certificate file: {}", tlsCertFile); LOG.debug("Aliases: {}", join(ks.aliases())); } final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(ks, password); return kmf.getKeyManagers(); }
private static void validateCertificates(KeyStore keyStore) throws GeneralSecurityException { for (String alias : list(keyStore.aliases())) { if (!keyStore.isKeyEntry(alias)) { continue; } Certificate certificate = keyStore.getCertificate(alias); if (!(certificate instanceof X509Certificate)) { continue; } try { ((X509Certificate) certificate).checkValidity(); } catch (CertificateExpiredException e) { throw new CertificateExpiredException("KeyStore certificate is expired: " + e.getMessage()); } catch (CertificateNotYetValidException e) { throw new CertificateNotYetValidException("KeyStore certificate is not yet valid: " + e.getMessage()); } } }
/** * Populate the available server public keys into a local static HashMap. This method is not * thread safe. */ public static void initCertsMap(Properties props) throws Exception { certificateMap = new HashMap(); certificateFilePath = props.getProperty(PUBLIC_KEY_FILE_PROP); if (certificateFilePath != null && certificateFilePath.length() > 0) { KeyStore ks = KeyStore.getInstance("JKS"); String keyStorePass = props.getProperty(PUBLIC_KEY_PASSWD_PROP); char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null); FileInputStream keystorefile = new FileInputStream(certificateFilePath); try { ks.load(keystorefile, passPhrase); } finally { keystorefile.close(); } Enumeration aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); Certificate cert = ks.getCertificate(alias); if (cert instanceof X509Certificate) { String subject = ((X509Certificate) cert).getSubjectDN().getName(); certificateMap.put(subject, cert); } } } }
/** * 获取配置文件acp_sdk.properties中配置的签名私钥证书certId * * @return 证书的物理编号 */ public static String getSignCertId() { try { Enumeration<String> aliasenum = keyStore.aliases(); String keyAlias = null; if (aliasenum.hasMoreElements()) { keyAlias = aliasenum.nextElement(); } X509Certificate cert = (X509Certificate) keyStore .getCertificate(keyAlias); return cert.getSerialNumber().toString(); } catch (Exception e) { e.printStackTrace(); LogUtil.writeErrorLog("getSignCertId Error", e); return null; } }
@Override public List<String> getAliases() throws IOException { readLock.lock(); try { ArrayList<String> list = new ArrayList<String>(); String alias = null; try { Enumeration<String> e = keyStore.aliases(); while (e.hasMoreElements()) { alias = e.nextElement(); list.add(alias); } } catch (KeyStoreException e) { throw new IOException("Can't get alias " + alias + " from " + getPathAsString(), e); } return list; } finally { readLock.unlock(); } }
private void testKeyStore(KeyCertOptions options) throws Exception { KeyStoreHelper helper = KeyStoreHelper.create((VertxInternal) vertx, options); KeyStore keyStore = helper.store(); Enumeration<String> aliases = keyStore.aliases(); assertTrue(aliases.hasMoreElements()); KeyManager[] keyManagers = helper.getKeyMgr(); assertTrue(keyManagers.length > 0); }
KeyStore keyStore = KeyStore.getInstance(getKeyStoreType(), "SunMSCAPI"); keyStore.load(null, null); try { Field field = keyStore.getClass().getDeclaredField("keyStoreSpi"); field.setAccessible(true); KeyStoreSpi keyStoreVeritable = (KeyStoreSpi)field.get(keyStore); field = keyStoreVeritable.getClass().getEnclosingClass().getDeclaredField("entries"); field.setAccessible(true); } catch (Exception e) { LOGGER.log(Level.SEVERE, "Set accessible keyStoreSpi problem", e); } Enumeration enumeration = keyStore.aliases();
private static void validateCertificates(KeyStore keyStore) throws GeneralSecurityException { for (String alias : list(keyStore.aliases())) { if (!keyStore.isKeyEntry(alias)) { continue; } Certificate certificate = keyStore.getCertificate(alias); if (!(certificate instanceof X509Certificate)) { continue; } try { ((X509Certificate) certificate).checkValidity(); } catch (CertificateExpiredException e) { throw new CertificateExpiredException("KeyStore certificate is expired: " + e.getMessage()); } catch (CertificateNotYetValidException e) { throw new CertificateNotYetValidException("KeyStore certificate is not yet valid: " + e.getMessage()); } } }