static List<CertificateEntries> create(KeyStore keystore) throws GeneralSecurityException { Enumeration<String> aliases = keystore.aliases(); List<CertificateEntries> entries = new ArrayList<>(); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); Certificate cert = keystore.getCertificate(alias); if (cert instanceof X509Certificate) entries.add(new CertificateEntries((X509Certificate) cert)); } return entries; }
/** * Returns a collection of all x.509 certificates in this store. Certificates returned by this method can be of any * state (eg: invalid, on a revocation list, etc). * * @return A collection (possibly empty, never null) of all certificates in this store, mapped by their alias. */ public Map<String, X509Certificate> getAllCertificates() throws KeyStoreException { final Map<String, X509Certificate> results = new HashMap<>(); for ( final String alias : Collections.list( store.aliases() ) ) { final Certificate certificate = store.getCertificate( alias ); if ( !( certificate instanceof X509Certificate ) ) { continue; } results.put( alias, (X509Certificate) certificate ); } return results; }
public class TestClass { public static void main(String[] args) throws Exception { KeyStore p12 = KeyStore.getInstance("pkcs12"); p12.load(new FileInputStream("pkcs.p12"), "password".toCharArray()); Enumeration e = p12.aliases(); while (e.hasMoreElements()) { String alias = (String) e.nextElement(); X509Certificate c = (X509Certificate) p12.getCertificate(alias); Principal subject = c.getSubjectDN(); String subjectArray[] = subject.toString().split(","); for (String s : subjectArray) { String[] str = s.trim().split("="); String key = str[0]; String value = str[1]; System.out.println(key + " - " + value); } } } }
/** * Load the private key of the server. This method is not thread safe. */ public static void initPrivateKey(Properties props) throws Exception { String privateKeyFilePath = props.getProperty(PRIVATE_KEY_FILE_PROP); privateKeyAlias = ""; privateKeyEncrypt = null; if (privateKeyFilePath != null && privateKeyFilePath.length() > 0) { KeyStore ks = KeyStore.getInstance("PKCS12"); privateKeyAlias = props.getProperty(PRIVATE_KEY_ALIAS_PROP); if (privateKeyAlias == null) { privateKeyAlias = ""; } String keyStorePass = props.getProperty(PRIVATE_KEY_PASSWD_PROP); char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null); FileInputStream privateKeyFile = new FileInputStream(privateKeyFilePath); try { ks.load(privateKeyFile, passPhrase); } finally { privateKeyFile.close(); } Key key = ks.getKey(privateKeyAlias, passPhrase); Certificate keyCert = ks.getCertificate(privateKeyAlias); if (key instanceof PrivateKey && keyCert instanceof X509Certificate) { privateKeyEncrypt = (PrivateKey) key; privateKeySignAlgo = ((X509Certificate) keyCert).getSigAlgName(); privateKeySubject = ((X509Certificate) keyCert).getSubjectDN().getName(); } } }
/** * Returns the certificate contained in the keystore. * * @return The certificate that will be used to try to open the document. * * @throws KeyStoreException If there is an error accessing the certificate. */ public X509Certificate getCertificate() throws KeyStoreException { if(keyStore.size() == 1) { Enumeration<String> aliases = keyStore.aliases(); String keyStoreAlias = aliases.nextElement(); return (X509Certificate)keyStore.getCertificate(keyStoreAlias); } else { if(keyStore.containsAlias(alias)) { return (X509Certificate)keyStore.getCertificate(alias); } throw new KeyStoreException("the keystore does not contain the given alias"); } }
/** * Android Central Keystore repo usually located on /data/misc/keychain * including the system trusted anchors located on /system/etc/security */ KeyStore keyStore = KetStore.getInstance("AndroidCAStore"); keyStore.load(null, null); //Load default system keystore Enumeration<String> keyAliases = keyStore.aliases(); while(keyAliases.hasMoreElements()){ String alias = aliases.nextElement(); X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias); //<User cert in whatever way you want> }
@Test public void keystore_impls_is_not_a_singleton() throws KeyStoreException { assertNotSame(KeyStore.getInstance("JKS"), KeyStore.getInstance("JKS")); JKSKeyManager manager1 = (JKSKeyManager) SamlKeyManagerFactory.getKeyManager(config); config.setKeys(EMPTY_MAP); config.setPrivateKey(key1); config.setPrivateKeyPassword("password"); config.setCertificate(certificate1); JKSKeyManager manager2 = (JKSKeyManager) SamlKeyManagerFactory.getKeyManager(config); KeyStore ks1 = (KeyStore) ReflectionTestUtils.getField(manager1, JKSKeyManager.class, "keyStore"); KeyStore ks2 = (KeyStore) ReflectionTestUtils.getField(manager2, JKSKeyManager.class, "keyStore"); String alias = SamlConfig.LEGACY_KEY_ID; assertNotEquals(ks1.getCertificate(alias), ks2.getCertificate(alias)); assertEquals(ks1.getCertificate(alias), ks1.getCertificate(alias)); }
private void reloadKeystore() throws FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException { InputStream is = new FileInputStream(new File(root, _caPrivateKeystore)); if (is != null) { _ks.load(is, _keystorepass); _caCert = (X509Certificate)_ks.getCertificate(_caCertAlias); _caPrivKey = (PrivateKey)_ks.getKey(_caPrivKeyAlias, _keypassword); } }
private void populateMap() { try { final KeyStore keyStore = KeyStore.getInstance("JKS"); final char[] passPhrase = this.pubKeyPass != null ? this.pubKeyPass.toCharArray() : null; final FileInputStream keyStoreFile = new FileInputStream(this.pubKeyFilePath); try { keyStore.load(keyStoreFile, passPhrase); } finally { keyStoreFile.close(); } for (Enumeration e = keyStore.aliases(); e.hasMoreElements();) { final Object alias = e.nextElement(); final Certificate cert = keyStore.getCertificate((String) alias); if (cert instanceof X509Certificate) { this.aliasCertificateMap.put(alias, cert); } } } catch (Exception e) { throw new AuthenticationFailedException( "Exception while getting public keys: " + e.getMessage(), e); } }
public OpenfireX509TrustManager( KeyStore trustStore, boolean acceptSelfSigned, boolean checkValidity ) throws NoSuchAlgorithmException, KeyStoreException { this.acceptSelfSigned = acceptSelfSigned; this.checkValidity = checkValidity; // Retrieve all trusted certificates from the store, but don't validate them just yet! final Set<X509Certificate> trusted = new HashSet<>(); final Enumeration<String> aliases = trustStore.aliases(); while ( aliases.hasMoreElements() ) { final String alias = aliases.nextElement(); if ( trustStore.isCertificateEntry( alias ) ) { final Certificate certificate = trustStore.getCertificate( alias ); if ( certificate instanceof X509Certificate ) { trusted.add( (X509Certificate) certificate ); } } } trustedIssuers = Collections.unmodifiableSet( trusted ); Log.debug( "Constructed trust manager. Number of trusted issuers: {}, accepts self-signed: {}, checks validity: {}", trustedIssuers.size(), acceptSelfSigned, checkValidity ); }
/** * Used during setup to get the certification from the keystore and encrypt the auth_value with * the private key */ public void setCertificate() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnrecoverableEntryException { KeyStore store = KeyStore.getInstance(this.keystore_type); InputStream inputStream=Thread.currentThread().getContextClassLoader().getResourceAsStream(this.keystore_path); if(inputStream == null) inputStream=new FileInputStream(this.keystore_path); store.load(inputStream, this.keystore_password); this.cipher = Cipher.getInstance(this.cipher_type); this.certificate = (X509Certificate) store.getCertificate(this.cert_alias); log.debug("certificate = " + this.certificate.toString()); this.cipher.init(Cipher.ENCRYPT_MODE, this.certificate); this.encryptedToken = this.cipher.doFinal(this.auth_value.getBytes()); KeyStore.PrivateKeyEntry privateKey = (KeyStore.PrivateKeyEntry) store.getEntry( this.cert_alias, new KeyStore.PasswordProtection(this.cert_password)); this.certPrivateKey = privateKey.getPrivateKey(); this.valueSet=true; } }
KeyStore ks = KeyStore.getInstance("jks"); /* Load the key store. */ ... char[] password = ...; /* Save the private key. */ FileOutputStream kos = new FileOutputStream("tmpkey.der"); Key pvt = ks.getKey("your_alias", password); kos.write(pvt.getEncoded()); kos.flush(); kos.close(); /* Save the certificate. */ FileOutputStream cos = new FileOutputStream("tmpcert.der"); Certificate pub = ks.getCertificate("your_alias"); cos.write(pub.getEncoded()); cos.flush(); cos.close();
public PublicKey getVerificationPublicKey() { try { KeyStore keyStore = getKeyStore(); keyStore.load(null); return keyStore.getCertificate(KEY_NAME).getPublicKey(); } catch (KeyStoreException | CertificateException | NoSuchAlgorithmException | IOException e) { throw new RuntimeException("Failed to get public key", e); } }
private static void validateCertificates(KeyStore keyStore) throws GeneralSecurityException { for (String alias : list(keyStore.aliases())) { if (!keyStore.isKeyEntry(alias)) { continue; } Certificate certificate = keyStore.getCertificate(alias); if (!(certificate instanceof X509Certificate)) { continue; } try { ((X509Certificate) certificate).checkValidity(); } catch (CertificateExpiredException e) { throw new CertificateExpiredException("KeyStore certificate is expired: " + e.getMessage()); } catch (CertificateNotYetValidException e) { throw new CertificateNotYetValidException("KeyStore certificate is not yet valid: " + e.getMessage()); } } }
/** * Populate the available server public keys into a local static HashMap. This method is not * thread safe. */ public static void initCertsMap(Properties props) throws Exception { certificateMap = new HashMap(); certificateFilePath = props.getProperty(PUBLIC_KEY_FILE_PROP); if (certificateFilePath != null && certificateFilePath.length() > 0) { KeyStore ks = KeyStore.getInstance("JKS"); String keyStorePass = props.getProperty(PUBLIC_KEY_PASSWD_PROP); char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null); FileInputStream keystorefile = new FileInputStream(certificateFilePath); try { ks.load(keystorefile, passPhrase); } finally { keystorefile.close(); } Enumeration aliases = ks.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); Certificate cert = ks.getCertificate(alias); if (cert instanceof X509Certificate) { String subject = ((X509Certificate) cert).getSubjectDN().getName(); certificateMap.put(subject, cert); } } } }
/** * 获取配置文件acp_sdk.properties中配置的签名私钥证书certId * * @return 证书的物理编号 */ public static String getSignCertId() { try { Enumeration<String> aliasenum = keyStore.aliases(); String keyAlias = null; if (aliasenum.hasMoreElements()) { keyAlias = aliasenum.nextElement(); } X509Certificate cert = (X509Certificate) keyStore .getCertificate(keyAlias); return cert.getSerialNumber().toString(); } catch (Exception e) { e.printStackTrace(); LogUtil.writeErrorLog("getSignCertId Error", e); return null; } }
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream inStream = new ByteArrayInputStream( FileUtils.readFileToByteArray(keystoreFile)); keystore.load(inStream, ADHOC_PASSWORD.toCharArray()); Certificate cert = keystore.getCertificate("adhoc"); byte[] certBytes = cert.getEncoded(); byte[] sha1 = MessageDigest.getInstance("SHA1").digest(certBytes);
private static void validateCertificates(KeyStore keyStore) throws GeneralSecurityException { for (String alias : list(keyStore.aliases())) { if (!keyStore.isKeyEntry(alias)) { continue; } Certificate certificate = keyStore.getCertificate(alias); if (!(certificate instanceof X509Certificate)) { continue; } try { ((X509Certificate) certificate).checkValidity(); } catch (CertificateExpiredException e) { throw new CertificateExpiredException("KeyStore certificate is expired: " + e.getMessage()); } catch (CertificateNotYetValidException e) { throw new CertificateNotYetValidException("KeyStore certificate is not yet valid: " + e.getMessage()); } } }
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); String password = "password"; keystore.load(is, password.toCharArray()); Enumeration enumeration = keystore.aliases(); while(enumeration.hasMoreElements()) { String alias = (String)enumeration.nextElement(); System.out.println("alias name: " + alias); Certificate certificate = keystore.getCertificate(alias); System.out.println(certificate.toString());
/** * 通过keystore获取私钥证书的certId值 * @param keyStore * @return */ private static String getCertIdIdByStore(KeyStore keyStore) { Enumeration<String> aliasenum = null; try { aliasenum = keyStore.aliases(); String keyAlias = null; if (aliasenum.hasMoreElements()) { keyAlias = aliasenum.nextElement(); } X509Certificate cert = (X509Certificate) keyStore .getCertificate(keyAlias); return cert.getSerialNumber().toString(); } catch (KeyStoreException e) { LogUtil.writeErrorLog("getCertIdIdByStore Error", e); return null; } }