项目:atlas
文件:PatchBuilder.java
public PatchBuilder(File outFile,File dexFile,PrivateKeyEntry key,PrintStream verboseStream) {
try {
if (null != key) {
mBuilder = new SignedJarBuilder(
new FileOutputStream(outFile,false),key.getPrivateKey(),(X509Certificate) key.getCertificate());
} else {
mBuilder = new SignedJarBuilder(
new FileOutputStream(outFile,null,null);
}
mBuilder.writeFile(dexFile,"classes.dex");
} catch (Exception e) {
e.printstacktrace();
}
}
项目:xtf
文件:XTFKeyStore.java
public void addSelfSignedCertificate(String certificatealias,String dn,String password) {
try {
KeyPair keys = generateKeyPair();
Calendar start = Calendar.getInstance();
Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.YEAR,1);
X500Name name = new X500Name(dn);
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(name,BigInteger.ONE,start.getTime(),expiry.getTime(),name,SubjectPublicKeyInfo.getInstance(keys.getPublic().getEncoded()));
ContentSigner signer = new JcaContentSignerBuilder("SHA1WithRSA").setProvider(new BouncyCastleProvider()).build(keys.getPrivate());
X509CertificateHolder holder = certificateBuilder.build(signer);
Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
Entry entry = new PrivateKeyEntry(keys.getPrivate(),new Certificate[]{ cert });
keystore.setEntry(certificatealias,entry,new PasswordProtection(password.tochararray()));
} catch (GeneralSecurityException | OperatorCreationException ex) {
throw new RuntimeException("Unable to generate self-signed certificate",ex);
}
}
项目:xtf
文件:XTFKeyStore.java
/**
* asymmetric cryptography - only the private key from generated pair is used.
* Pre-condition: #certificatealias refers to existing certificate
*
* @throws {@link NullPointerException} when #certificatealias is @code{null}
*/
public void addPrivateKey(String keyAlias,String certificatealias,String password) {
keyAlias = String.format("%s (%s)",keyAlias,certificatealias);
try {
Certificate[] certChain = keystore.getCertificateChain(certificatealias);
if (certChain == null) {
LoggerFactory.getLogger(getClass()).warn("Could not find certificate");
certChain = new Certificate[0];
}
Entry entry = new PrivateKeyEntry(generateKeyPair().getPrivate(),certChain);
ProtectionParameter protParam = new KeyStore.PasswordProtection(password.tochararray());
keystore.setEntry(keyAlias,protParam);
} catch (KeyStoreException | NoSuchAlgorithmException ex) {
throw new RuntimeException("Unable to add new private key",ex);
}
}
项目:mi-firma-android
文件:CeresKeyStoreImpl.java
/** {@inheritDoc} */
@Override
public KeyStore.Entry engineGetEntry(final String alias,final ProtectionParameter protParam) {
if (protParam instanceof KeyStore.PasswordProtection) {
final PasswordCallback pwc = new CachePasswordCallback(((KeyStore.PasswordProtection)protParam).getpassword());
this.cryptoCard.setPasswordCallback(pwc);
}
if (!engineContainsAlias(alias)) {
return null;
}
final PrivateKey key = (PrivateKey) engineGetKey(
alias,null // Le pasamos null porque ya hemos establecido el PasswordCallback o el CallbackHander antes
);
return new PrivateKeyEntry(key,engineGetCertificateChain(alias));
}
项目:conscrypt
文件:OpenJdkEngineFactory.java
private static SslContext newNettyServerContext(
io.netty.handler.ssl.SslProvider sslProvider,boolean useAlpn) {
try {
PrivateKeyEntry server = TestKeyStore.getServer().getPrivateKey("RSA","RSA");
SslContextBuilder ctx =
SslContextBuilder
.forServer(server.getPrivateKey(),(X509Certificate[]) server.getCertificateChain())
.sslProvider(sslProvider);
if (useAlpn) {
ctx.applicationProtocolConfig(OpenJdkEngineFactoryConfig.NETTY_ALPN_CONfig);
}
return ctx.build();
} catch (SSLException e) {
throw new RuntimeException(e);
}
}
项目:commons-eid
文件:JCATest.java
@Test
public void testGetEntry() throws Exception {
Security.addProvider(new BeIDProvider());
final KeyStore keyStore = KeyStore.getInstance("BeID");
keyStore.load(null);
PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry("Authentication",null);
assertNotNull(privateKeyEntry);
assertTrue(privateKeyEntry.getPrivateKey() instanceof BeIDPrivateKey);
TrustedCertificateEntry caEntry = (TrustedCertificateEntry) keyStore.getEntry("CA",null);
assertNotNull(caEntry);
LOGGER.debug("CA entry: {}",((X509Certificate) caEntry.getTrustedCertificate()).getSubjectX500Principal());
TrustedCertificateEntry rootEntry = (TrustedCertificateEntry) keyStore.getEntry("Root",null);
assertNotNull(rootEntry);
LOGGER.debug("root entry: {}",((X509Certificate) rootEntry.getTrustedCertificate()).getSubjectX500Principal());
}
项目:commons-eid
文件:BeIDKeyStore.java
@Override
public Entry engineGetEntry(String alias,ProtectionParameter protParam)
throws KeyStoreException,NoSuchAlgorithmException,UnrecoverableEntryException {
LOGGER.debug("engineGetEntry: {}",alias);
if ("Authentication".equals(alias) || "Signature".equals(alias)) {
PrivateKey privateKey = (PrivateKey) engineGetKey(alias,null);
Certificate[] chain = engineGetCertificateChain(alias);
PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry(privateKey,chain);
return privateKeyEntry;
}
if ("CA".equals(alias) || "Root".equals(alias) || "RRN".equals(alias)) {
Certificate certificate = engineGetCertificate(alias);
TrustedCertificateEntry trustedCertificateEntry = new TrustedCertificateEntry(certificate);
return trustedCertificateEntry;
}
return super.engineGetEntry(alias,protParam);
}
private void test_X509KeyManager_alias(X509KeyManager km,String alias,String keyType) {
if (alias == null) {
assertNull(km.getCertificateChain(alias));
assertNull(km.getPrivateKey(alias));
return;
}
X509Certificate[] certificateChain = km.getCertificateChain(alias);
PrivateKey privateKey = km.getPrivateKey(alias);
if (keyType == null) {
keyType = privateKey.getAlgorithm();
} else {
assertEquals(keyType,certificateChain[0].getPublicKey().getAlgorithm());
assertEquals(keyType,privateKey.getAlgorithm());
}
PrivateKeyEntry privateKeyEntry
= TestKeyStore.privateKey(TEST_KEY_STORE.keyStore,TEST_KEY_STORE.storePassword,keyType);
assertEquals(Arrays.asList(privateKeyEntry.getCertificateChain()),Arrays.asList(certificateChain));
assertEquals(privateKeyEntry.getPrivateKey(),privateKey);
}
项目:12306-android-Decompile
文件:WLDeviceAuthManager.java
public boolean isCertificateExists(String paramString)
{
if (this.context == null)
return false;
try
{
KeyStore.PrivateKeyEntry localPrivateKeyEntry = getPrivateKeyEntry(paramString);
int i = 0;
if (localPrivateKeyEntry != null)
i = 1;
return i;
}
catch (Exception localException)
{
WLUtils.error("Failed to determine the existence of certificate for device authentication with " + localException.getMessage(),localException);
}
return false;
}
项目:12306-android-Decompile
文件:WLDeviceAuthManager.java
public String signDeviceAuth(String paramString1,String paramString2,boolean paramBoolean)
throws Exception
{
if ((paramBoolean) && (isCertificateExists(paramString2)))
{
JSONObject localJSONObject = new JSONObject();
localJSONObject.put("alg","RS256");
KeyStore.PrivateKeyEntry localPrivateKeyEntry = getPrivateKeyEntry(paramString2);
localJSONObject.put("x5c",Base64.encodeUrlSafe(localPrivateKeyEntry.getCertificate().getEncoded(),"UTF-8"));
String str1 = localJSONObject.toString();
String str2 = Base64.encodeUrlSafe(str1.getBytes(),"UTF-8") + "." + Base64.encodeUrlSafe(paramString1.getBytes(),"UTF-8");
String str3 = Base64.encodeUrlSafe(signData(str2,localPrivateKeyEntry.getPrivateKey()),"UTF-8");
return str2 + "." + str3;
}
return paramString1;
}
项目:aws-dynamodb-encryption-java
文件:KeyStoreMaterialsProvider.java
private static KeyPair entry2Pair(Entry entry) {
PublicKey pub = null;
PrivateKey priv = null;
if (entry instanceof PrivateKeyEntry) {
PrivateKeyEntry pk = (PrivateKeyEntry) entry;
if (pk.getCertificate() != null) {
pub = pk.getCertificate().getPublicKey();
}
priv = pk.getPrivateKey();
} else if (entry instanceof TrustedCertificateEntry) {
TrustedCertificateEntry tc = (TrustedCertificateEntry) entry;
pub = tc.getTrustedCertificate().getPublicKey();
} else {
throw new IllegalArgumentException(
"Only entry types PrivateKeyEntry and TrustedCertificateEntry are supported.");
}
return new KeyPair(pub,priv);
}
项目:pushy
文件:ApnsClientBuilderTest.java
@Test
public void testBuildClientWithCertificateAndPasswordProtectedKey() throws Exception {
// We're happy here as long as nothing throws an exception
try (final InputStream p12InputStream = this.getClass().getResourceAsstream(SINGLE_TOPIC_CLIENT_KEYSTORE_FILENAME)) {
final PrivateKeyEntry privateKeyEntry =
P12Util.getFirstPrivateKeyEntryFromP12InputStream(p12InputStream,KEYSTORE_PASSWORD);
final ApnsClient client = new ApnsClientBuilder()
.setApnsServer(ApnsClientBuilder.PRODUCTION_APNS_HOST)
.setEventLoopGroup(EVENT_LOOP_GROUP)
.setClientCredentials((X509Certificate) privateKeyEntry.getCertificate(),privateKeyEntry.getPrivateKey(),KEYSTORE_PASSWORD)
.build();
client.close().await();
}
}
项目:pushy
文件:ApnsClientBuilderTest.java
@Test
public void testBuildClientWithCertificateAndUnprotectedKey() throws Exception {
// We DO need a password to unlock the keystore,but the key itself should be unprotected
try (final InputStream p12InputStream = this.getClass().getResourceAsstream(SINGLE_TOPIC_CLIENT_KEYSTORE_UNPROTECTED_FILENAME)) {
final PrivateKeyEntry privateKeyEntry =
P12Util.getFirstPrivateKeyEntryFromP12InputStream(p12InputStream,null)
.build();
client.close().await();
}
}
项目:pushy
文件:ApnsClientBuilderTest.java
@Test(expected = IllegalStateException.class)
public void testBuildWithClientCredentialsAndSigningCertificate() throws Exception {
try (final InputStream p12InputStream = this.getClass().getResourceAsstream(SINGLE_TOPIC_CLIENT_KEYSTORE_UNPROTECTED_FILENAME)) {
final PrivateKeyEntry privateKeyEntry =
P12Util.getFirstPrivateKeyEntryFromP12InputStream(p12InputStream,KEYSTORE_PASSWORD);
try (final InputStream p8InputStream = this.getClass().getResourceAsstream(SIGNING_KEY_FILENAME)) {
final ApnsSigningKey signingKey = ApnsSigningKey.loadFromInputStream(p8InputStream,"TEAM_ID","KEY_ID");
new ApnsClientBuilder()
.setEventLoopGroup(EVENT_LOOP_GROUP)
.setClientCredentials((X509Certificate) privateKeyEntry.getCertificate(),null)
.setSigningKey(signingKey)
.build();
}
}
}
项目:dCache-Cloud
文件:KeyStoreHelper.java
public static boolean storeOwnasymmetric(KeyPair pair)
{
X509Certificate cert = generateSelfSignedCertificate(pair);
KeyStore.PrivateKeyEntry privEntry = new PrivateKeyEntry(pair.getPrivate(),new java.security.cert.Certificate[] {cert});
try {
// KeyStore ks = load(c);
ks.setEntry("ownPrivate",privEntry,pp);
ks.setCertificateEntry("ownCert",cert);
// closeStore();
return true;
} catch (KeyStoreException e) {
e.printstacktrace();
}
return false;
}
项目:oscm
文件:SignTask.java
项目:oscm
文件:CertificateHandler.java
private void loadPrivateKeyEntry() throws GeneralSecurityException {
rootPrivateKeyEntry = (PrivateKeyEntry) rootCaKeystore.getEntry(
rootCaAlias,new PasswordProtection(rootCaPassword.tochararray()));
if (rootPrivateKeyEntry == null) {
throw new RuntimeException(
"Could not read private key entry from rootca keystore with alias "
+ rootCaAlias);
}
}
项目:xtf
文件:XTFKeyStore.java
public void addSignedCertificate(final XTFKeyStore signerKeyStore,final String signerAlias,final String signerPassword,final String dn,final String certificatealias,final String password) {
try {
final X509Certificate caCert = (X509Certificate) signerKeyStore.keystore.getCertificate(signerAlias);
final PrivateKey caKey = (PrivateKey) signerKeyStore.keystore.getKey(signerAlias,signerPassword.tochararray());
final Calendar start = Calendar.getInstance();
final Calendar expiry = Calendar.getInstance();
expiry.add(Calendar.YEAR,1);
final KeyPair keyPair = generateKeyPair();
final X500Name certName = new X500Name(dn);
final X500Name issuerName = new X500Name(caCert.getSubjectDN().getName());
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
issuerName,BigInteger.valueOf(System.nanoTime()),certName,SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
final JcaX509ExtensionUtils u = new JcaX509ExtensionUtils();
certificateBuilder.addExtension(Extension.authorityKeyIdentifier,false,u.createAuthorityKeyIdentifier(caCert));
certificateBuilder.addExtension(Extension.subjectKeyIdentifier,u.createSubjectKeyIdentifier(keyPair.getPublic()));
ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(caKey);
X509CertificateHolder holder = certificateBuilder.build(signer);
Certificate cert = new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(holder);
Entry entry = new PrivateKeyEntry(keyPair.getPrivate(),new Certificate[] {cert,caCert});
keystore.setEntry(certificatealias,new PasswordProtection(password.tochararray()));
} catch (GeneralSecurityException | OperatorCreationException | CertIOException ex) {
throw new RuntimeException("Unable to generate signed certificate",ex);
}
}
项目:mi-firma-android
文件:SignTask.java
/** Construye la tarea encargada de realizar la operación criptográfica.
* @param context Contexto de la aplicación.
* @param pke Clave privada para la firma.
* @param extraParams Parámetros adicionales para la configuración de la firma.*/
public SignTask(final Activity context,final PrivateKeyEntry pke,final Properties extraParams,final ProgressDialog progDialog) throws IOException {
this.context = context;
this.pke = pke;
this.extraParams = extraParams != null ? extraParams : new Properties();
this.progDailog = progDialog;
final Properties p = new Properties();
AssetManager assetManager = context.getAssets();
InputStream inputStream = assetManager.open(Utils.CONfig_FILE);
p.load(inputStream);
final String urlProp = p.getProperty(Utils.CONfig_FILE_KEY_PROPOSALS);
if (urlProp == null) {
throw new IOException(
"El fichero de configuracion no contiene la URL: " + Utils.CONfig_FILE_KEY_PROPOSALS //$NON-NLS-1$
);
}
urlSign = p.getProperty(Utils.CONfig_FILE_KEY_SIGNATURE);
if (urlSign == null) {
throw new IOException(
"El fichero de configuracion no contiene la URL: " + Utils.CONfig_FILE_KEY_PROPOSALS //$NON-NLS-1$
);
}
}
项目:mi-firma-android
文件:MobileKeyStoreManager.java
/** Obtiene la enTrada que apunta a una clave privada asociada al evento.
* @return EnTrada que apunta a una clave privada asiciada al evento
* @throws Throwable Si la obtención de la clave privada produjo algun error */
PrivateKeyEntry getPrivateKeyEntry() throws Throwable {
if (this.e != null) {
throw this.e;
}
return this.pke;
}
项目:mi-firma-android
文件:CeresKeyStoreImpl.java
/** {@inheritDoc} */
@Override
public boolean engineEntryInstanceOf(final String alias,final Class<? extends KeyStore.Entry> entryClass) {
if (!engineContainsAlias(alias)) {
return false;
}
return entryClass.equals(PrivateKeyEntry.class);
}
项目:mi-firma-android
文件:DnieKeyStoreImpl.java
/** {@inheritDoc} */
@Override
public KeyStore.Entry engineGetEntry(final String alias,final ProtectionParameter protParam) {
if(protParam instanceof KeyStore.CallbackHandlerProtection) {
// Establecemos el CallbackHandler
final CallbackHandler chp = ((KeyStore.CallbackHandlerProtection) protParam).getCallbackHandler();
if(chp != null) {
this.cryptoCard.setCallbackHandler(chp);
}
}
else if (protParam instanceof KeyStore.PasswordProtection) {
// Establecemos el PasswordCallback
final PasswordCallback pwc = new CachePasswordCallback(((KeyStore.PasswordProtection)protParam).getpassword());
this.cryptoCard.setPasswordCallback(pwc);
}
else {
LOGGER.warning(
"Se ha proporcionado un ProtectionParameter de tipo no soportado,se ignorara: " + (protParam != null ? protParam.getClass().getName() : "NULO") //$NON-NLS-1$ //$NON-NLS-2$
);
}
if (!engineContainsAlias(alias)) {
return null;
}
final PrivateKey key = (PrivateKey) engineGetKey(
alias,engineGetCertificateChain(alias));
}
项目:mi-firma-android
文件:DnieKeyStoreImpl.java
/** {@inheritDoc} */
@Override
public boolean engineEntryInstanceOf(final String alias,final Class<? extends KeyStore.Entry> entryClass) {
if (!engineContainsAlias(alias)) {
return false;
}
return entryClass.equals(PrivateKeyEntry.class);
}
项目:java-bambou
文件:DynamicKeystoreGenerator.java
public static KeyStore createAndLoadDynamicKeystore(RSAPrivateKey rsaPrivateKey,Certificate certificate) throws KeyManagementException {
logger.debug("Generating Keystore from RSA private key and X509 certificate");
Certificate[] certificateChain = { certificate };
PrivateKeyEntry privateKeyEntry = new KeyStore.PrivateKeyEntry(rsaPrivateKey,certificateChain);
ProtectionParameter protectionParameter = new KeyStore.PasswordProtection(KEY_PASSWORD);
KeyStore keystore = null;
try {
keystore = KeyStore.getInstance(KEYSTORE_INSTANCE_TYPE);
keystore.load(null,null);
keystore.setEntry(KEYSTORE_ALIAS,privateKeyEntry,protectionParameter);
} catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException ex) {
throw new KeyManagementException(ex);
}
return keystore;
}
项目:conscrypt
文件:NativeCryptoTest.java
/**
* Lazily create shared test certificates.
*/
private static synchronized void initCerts() {
if (SERVER_PRIVATE_KEY != null) {
return;
}
try {
PrivateKeyEntry serverPrivateKeyEntry =
TestKeyStore.getServer().getPrivateKey("RSA","RSA");
SERVER_PRIVATE_KEY = OpenSSLKey.fromPrivateKey(serverPrivateKeyEntry.getPrivateKey());
SERVER_CERTIFICATES_HOLDER =
encodeCertificateList(serverPrivateKeyEntry.getCertificateChain());
SERVER_CERTIFICATE_REFS = getCertificateReferences(SERVER_CERTIFICATES_HOLDER);
ENCODED_SERVER_CERTIFICATES = getEncodedCertificates(SERVER_CERTIFICATES_HOLDER);
PrivateKeyEntry clientPrivateKeyEntry =
TestKeyStore.getClientCertificate().getPrivateKey("RSA","RSA");
CLIENT_PRIVATE_KEY = OpenSSLKey.fromPrivateKey(clientPrivateKeyEntry.getPrivateKey());
CLIENT_CERTIFICATES_HOLDER =
encodeCertificateList(clientPrivateKeyEntry.getCertificateChain());
CLIENT_CERTIFICATE_REFS = getCertificateReferences(CLIENT_CERTIFICATES_HOLDER);
ENCODED_CLIENT_CERTIFICATES = getEncodedCertificates(CLIENT_CERTIFICATES_HOLDER);
KeyStore ks = TestKeyStore.getClient().keyStore;
String caCertAlias = ks.aliases().nextElement();
X509Certificate certificate = (X509Certificate) ks.getCertificate(caCertAlias);
X500Principal principal = certificate.getIssuerX500Principal();
CA_PRINCIPALS = new byte[][] {principal.getEncoded()};
initChannelIdKey();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
项目:conscrypt
文件:TestKeyStore.java
private static OCSPResp generateOCSPResponse(PrivateKeyEntry server,PrivateKeyEntry issuer,CertificateStatus status) throws CertificateException {
try {
X509Certificate serverCertJca = (X509Certificate) server.getCertificate();
X509Certificate caCertJca = (X509Certificate) issuer.getCertificate();
X509CertificateHolder caCert = new JcaX509CertificateHolder(caCertJca);
DigestCalculatorProvider digCalcProv = new BcDigestCalculatorProvider();
BasicOCSPRespBuilder basicBuilder = new BasicOCSPRespBuilder(
SubjectPublicKeyInfo.getInstance(caCertJca.getPublicKey().getEncoded()),digCalcProv.get(CertificateID.HASH_SHA1));
CertificateID certId = new CertificateID(digCalcProv.get(CertificateID.HASH_SHA1),caCert,serverCertJca.getSerialNumber());
basicBuilder.addResponse(certId,status);
BasicOCSPResp resp = basicBuilder.build(
new JcaContentSignerBuilder("SHA256withRSA").build(issuer.getPrivateKey()),new Date());
OCSPRespBuilder builder = new OCSPRespBuilder();
return builder.build(OCSPRespBuilder.SUCCESSFUL,resp);
} catch (Exception e) {
throw new CertificateException("cannot generate OCSP response",e);
}
}
项目:conscrypt
文件:TestKeyStore.java
public static byte[] getoCSPResponseForGood(PrivateKeyEntry server,PrivateKeyEntry issuer)
throws CertificateException {
try {
return generateOCSPResponse(server,issuer,CertificateStatus.GOOD).getEncoded();
} catch (IOException e) {
throw new CertificateException(e);
}
}
项目:conscrypt
文件:TestKeyStore.java
public static byte[] getoCSPResponseForRevoked(PrivateKeyEntry server,PrivateKeyEntry issuer)
throws CertificateException {
try {
return generateOCSPResponse(
server,new RevokedStatus(new Date(),CRLReason.keyCompromise))
.getEncoded();
} catch (IOException e) {
throw new CertificateException(e);
}
}
项目:conscrypt
文件:TrustManagerFactoryTest.java
@Test
public void test_TrustManagerFactory_intermediate() throws Exception {
// chain should be server/intermediate/root
PrivateKeyEntry pke = TestKeyStore.getServer().getPrivateKey("RSA","RSA");
X509Certificate[] chain = (X509Certificate[]) pke.getCertificateChain();
assertEquals(3,chain.length);
// keyStore should contain only the intermediate CA so we can
// test proper validation even if there are extra certs after
// the trusted one (in this case the original root is "extra")
KeyStore keyStore = TestKeyStore.createKeyStore();
keyStore.setCertificateEntry("alias",chain[1]);
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
Set<Provider.Service> services = provider.getServices();
for (Provider.Service service : services) {
String type = service.getType();
if (!type.equals("TrustManagerFactory")) {
continue;
}
String algorithm = service.getAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(keyStore);
TrustManager[] trustManagers = tmf.getTrustManagers();
for (TrustManager trustManager : trustManagers) {
if (!(trustManager instanceof x509trustmanager)) {
continue;
}
x509trustmanager tm = (x509trustmanager) trustManager;
tm.checkClientTrusted(chain,"RSA");
tm.checkServerTrusted(chain,"RSA");
}
}
}
}
项目:conscrypt
文件:TrustManagerFactoryTest.java
@Test
public void test_TrustManagerFactory_keyOnly() throws Exception {
// create a KeyStore containing only a private key with chain.
// unlike PKIXParameters(KeyStore),the cert chain of the key should be trusted.
KeyStore ks = TestKeyStore.createKeyStore();
KeyStore.PrivateKeyEntry pke = getTestKeyStore().getPrivateKey("RSA","RSA");
ks.setKeyEntry("key",pke.getPrivateKey(),"pw".tochararray(),pke.getCertificateChain());
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(ks);
x509trustmanager trustManager = (x509trustmanager) tmf.getTrustManagers()[0];
trustManager.checkServerTrusted((X509Certificate[]) pke.getCertificateChain(),"RSA");
}
项目:conscrypt
文件:KeyManagerFactoryTest.java
private void test_X509KeyManager_alias(X509KeyManager km,String keyType,boolean many,boolean empty) throws Exception {
if (empty || (!many && (keyType == null || keyType.isEmpty()))) {
assertNull(keyType,alias);
assertNull(keyType,km.getCertificateChain(alias));
assertNull(keyType,km.getPrivateKey(alias));
return;
}
assertNotNull(keyType,alias);
X509Certificate[] certificateChain = km.getCertificateChain(alias);
PrivateKey privateKey = km.getPrivateKey(alias);
String keyAlgName = privateKey.getAlgorithm();
X509Certificate certificate = certificateChain[0];
assertEquals(keyType,keyAlgName,certificate.getPublicKey().getAlgorithm());
String sigalgName = certificate.getSigalgName();
PrivateKeyEntry privateKeyEntry = getTestKeyStore().getPrivateKey(keyAlgName,sigalgName);
assertEquals(keyType,Arrays.asList(privateKeyEntry.getCertificateChain()),Arrays.<Certificate>asList(certificateChain));
assertEquals(keyType,privateKey);
if (keyType != null) {
assertEquals(TestKeyStore.keyAlgorithm(keyType),keyAlgName);
// Skip this when we're given only "DH" or "EC" instead of "DH_DSA",// "EC_RSA",etc. since we don't kNow what the expected
// algorithm was.
if (!keyType.equals("DH") && !keyType.equals("EC")) {
assertTrue(sigalgName.contains(TestKeyStore.signatureAlgorithm(keyType)));
}
}
}
项目:aws-encryption-sdk-java
文件:KeyStoreProvider.java
private JceMasterKey internalGetMasterKey(final String provider,final String keyId) {
final Entry entry;
try {
entry = keystore_.getEntry(keyId,keystore_.isKeyEntry(keyId) ? protection_ : null);
} catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
throw new UnsupportedProviderException(e);
}
if (entry == null) {
throw new NoSuchMasterKeyException();
}
if (entry instanceof SecretKeyEntry) {
final SecretKeyEntry skEntry = (SecretKeyEntry) entry;
if (!skEntry.getSecretKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(skEntry.getSecretKey(),provider,keyId,wrappingalgorithm_);
} else if (entry instanceof PrivateKeyEntry) {
final PrivateKeyEntry pkEntry = (PrivateKeyEntry) entry;
if (!pkEntry.getPrivateKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(pkEntry.getCertificate().getPublicKey(),pkEntry.getPrivateKey(),wrappingalgorithm_);
} else if (entry instanceof TrustedCertificateEntry) {
final TrustedCertificateEntry certEntry = (TrustedCertificateEntry) entry;
if (!certEntry.getTrustedCertificate().getPublicKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(certEntry.getTrustedCertificate().getPublicKey(),wrappingalgorithm_);
} else {
throw new NoSuchMasterKeyException();
}
}
项目:eid-applet
文件:PKCS11Test.java
@Test
public void testPKCS1viaPKCS11() throws Exception {
File tmpConfigFile = File.createTempFile("pkcs11-","conf");
tmpConfigFile.deleteOnExit();
PrintWriter configWriter = new PrintWriter(new FileOutputStream(tmpConfigFile),true);
configWriter.println("name=SmartCard");
configWriter.println("library=/usr/lib/libbeidpkcs11.so.0");
configWriter.println("slotListIndex=2");
SunPKCS11 provider = new SunPKCS11(tmpConfigFile.getAbsolutePath());
Security.addProvider(provider);
KeyStore keyStore = KeyStore.getInstance("PKCS11",provider);
keyStore.load(null,null);
PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry("Authentication",null);
PrivateKey privateKey = privateKeyEntry.getPrivateKey();
Signature signature = Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
byte[] toBeSigned = "hello world".getBytes();
signature.update(toBeSigned);
byte[] signatureValue = signature.sign();
X509Certificate certificate = (X509Certificate) privateKeyEntry.getCertificate();
RSAPublicKey publicKey = (RSAPublicKey) certificate.getPublicKey();
BigInteger signatureValueBigInteger = new BigInteger(signatureValue);
BigInteger messageBigInteger = signatureValueBigInteger.modPow(publicKey.getPublicExponent(),publicKey.getModulus());
LOG.debug("original message: " + new String(Hex.encodeHex(messageBigInteger.toByteArray())));
// LOG.debug("ASN.1 signature: " + ASN1Dump.dumpAsstring(obj)
}
项目:development
文件:SignTask.java
项目:development
文件:CertificateHandler.java
private void loadPrivateKeyEntry() throws GeneralSecurityException {
rootPrivateKeyEntry = (PrivateKeyEntry) rootCaKeystore.getEntry(
rootCaAlias,new PasswordProtection(rootCaPassword.tochararray()));
if (rootPrivateKeyEntry == null) {
throw new RuntimeException(
"Could not read private key entry from rootca keystore with alias "
+ rootCaAlias);
}
}
private KSPrivateKeyEntry getKSPrivateKeyEntry(final String alias,ProtectionParameter passwordProtection) {
KeyStore keyStore = getKeyStore();
try {
if (keyStore.isKeyEntry(alias)) {
final PrivateKeyEntry entry = (PrivateKeyEntry) keyStore.getEntry(alias,passwordProtection);
return new KSPrivateKeyEntry(alias,entry);
}
} catch (GeneralSecurityException e) {
throw new DSSException("Unable to retrieve key for alias '" + alias + "'",e);
}
return null;
}
private String[] chooseAlias(String[] keyType,Principal[] issuers) {
if (keyType == null || keyType.length == 0) {
return null;
}
Vector<String> found = new Vector<String>();
for (Enumeration<String> aliases = hash.keys(); aliases.hasMoreElements();) {
final String alias = aliases.nextElement();
final KeyStore.PrivateKeyEntry entry = hash.get(alias);
final Certificate[] certs = entry.getCertificateChain();
final String alg = certs[0].getPublicKey().getAlgorithm();
for (int i = 0; i < keyType.length; i++) {
if (alg.equals(keyType[i])) {
if (issuers != null && issuers.length != 0) {
// check that certificate was issued by specified issuer
loop: for (int ii = 0; ii < certs.length; ii++) {
if (certs[ii] instanceof X509Certificate) {
X500Principal issuer = ((X509Certificate) certs[ii])
.getIssuerX500Principal();
for (int iii = 0; iii < issuers.length; iii++) {
if (issuer.equals(issuers[iii])) {
found.add(alias);
break loop;
}
}
}
}
} else {
found.add(alias);
}
}
}
}
if (!found.isEmpty()) {
return found.toArray(new String[found.size()]);
}
return null;
}
public static void setPrivateKey(KeyStore ks,PrivateKeyEntry privateKey)
throws Exception {
ks.setKeyEntry(alias,privateKey.getPrivateKey(),PASSWORD_KEY,privateKey.getCertificateChain());
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。