/** java.security.KeyStore#containsAlias(java.lang.String) */
  public void test_containsAliasLjava_lang_String() throws Exception {
    // Test for method boolean
    // java.security.KeyStore.containsAlias(java.lang.String)
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cert[] = new X509Certificate[2];
    cert[0] = (X509Certificate) cf.generateCertificate(certArray);
    cert[1] = (X509Certificate) cf.generateCertificate(certArray2);
    KeyStore keyTest = KeyStore.getInstance(KeyStore.getDefaultType());

    try {
      keyTest.containsAlias("alias1");
      fail();
    } catch (KeyStoreException expected) {
    }

    keyTest.load(null, null);

    // alias 1
    keyTest.setCertificateEntry("alias1", cert[0]);

    // alias 2
    keyTest.setCertificateEntry("alias2", cert[0]);

    assertTrue("alias1 does not exist", keyTest.containsAlias("alias1"));
    assertTrue("alias2 does not exist", keyTest.containsAlias("alias2"));
    assertFalse("alias3 exists", keyTest.containsAlias("alias3"));

    try {
      keyTest.containsAlias(null);
      fail();
    } catch (NullPointerException expected) {
    }
  }
 /**
  * Remove a key with the specified alias from the keystore.
  *
  * @param keyStore to remove from
  * @param alias of key to remove
  * @return true if the key alias was removed
  * @throws CryptoTokenOfflineException if the keystore was null
  * @throws KeyStoreException for keystore related errors
  * @throws SignServerException if the keystore did not contain a key with the specified alias
  */
 public static boolean removeKey(final KeyStore keyStore, final String alias)
     throws CryptoTokenOfflineException, KeyStoreException, SignServerException {
   if (keyStore == null) {
     throw new CryptoTokenOfflineException("Token offline");
   }
   if (!keyStore.containsAlias(alias)) {
     throw new SignServerException("No such alias in token: " + alias);
   }
   keyStore.deleteEntry(alias);
   return !keyStore.containsAlias(alias);
 }
  /** Returns a trust store merged from the internal keystore and system keystore. */
  public static KeyStore getTrustStore(Context context)
      throws KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException,
          CertificateException, IOException {

    if (sTrustStore == null) {
      // load internal truststore from file
      sTrustStore = KeyStore.getInstance("BKS", PGP.PROVIDER);
      InputStream in = context.getResources().openRawResource(R.raw.truststore);
      sTrustStore.load(in, "changeit".toCharArray());

      // load system trust store
      KeyStore systemStore = loadSystemTrustStore();

      // copy system entries to our trust store
      Enumeration<String> aliases = systemStore.aliases();
      while (aliases.hasMoreElements()) {
        String alias = aliases.nextElement();
        Certificate cert = systemStore.getCertificate(alias);

        if (sTrustStore.containsAlias(alias)) alias = "system_" + alias;

        sTrustStore.setCertificateEntry(alias, cert);
      }
    }

    return sTrustStore;
  }
 // check the existing aliases
 private void checkAlias(KeyStore obj, int range) throws KeyStoreException {
   for (int k = 0; k < range; k++) {
     if (!obj.containsAlias(ALIAS_HEAD + k)) {
       throw new RuntimeException("ERROR: alias (" + k + ") should exist");
     }
   }
 }
  /**
   * Takes a GFIPM entity ID or a Java key store entry alias name and deletes its entry from the
   * Java key store. Writes out an error messages on an exception.
   *
   * @param entityid The GFIPM entity or key store alias to be deleted.
   * @return true on success, false otherwise.
   */
  public boolean deleteEntry(String entityid) {

    if (entityid == null) {
      System.err.println("ERROR: GFIPMKeystore.deleteEntry: No entityid or alias name. Aborted.");
      System.err.flush();
      return false;
    }
    String alias = makeEntityAliasName(entityid);

    try {
      if (keyStore.containsAlias(alias)) {
        if (verboseOut) {
          System.out.println("Key store: delete entry " + alias);
          System.out.flush();
        }
        keyStore.deleteEntry(alias);
        modifiedFlag = true;

      } else {
        if (verboseOut) {
          System.out.println("Key store: Entry to be delete not found with alias " + alias);
        }
      }

    } catch (KeyStoreException e) {
      System.err.println("ERROR: GFIPMKeystore.deleteEntry failed: ");
      System.err.println(e.toString());
      System.err.flush();
      return false;
    }

    return true;
  } // end deleteEntry
Beispiel #6
0
  /**
   * Returns the private key for the specified ID.
   *
   * @param id The ID of the requested private key.
   * @param key_password The passphrase associated with the private key or {@code null} if the key
   *     has no passphrase.
   * @return PrivateKey for the specified ID.
   * @throws KeyStoreException When the wrong keystore has been provided.
   * @throws IOException For errors related to processing the keystore.
   */
  public PrivateKey getKey(ID id, char[] key_password) throws KeyStoreException, IOException {

    String alias = id.toString();

    try {
      synchronized (keystore_manager) {
        KeyStore store = keystore_manager.loadKeyStore(keystore_password);

        if (!store.containsAlias(alias) || !store.isKeyEntry(alias)) {
          return null;
        }

        return (PrivateKey) store.getKey(alias, key_password);
      }

    } catch (NoSuchAlgorithmException failed) {

      Logging.logCheckedSevere(LOG, "Something failed\n", failed);

      KeyStoreException failure = new KeyStoreException("Something Failed");

      failure.initCause(failed);
      throw failure;

    } catch (UnrecoverableKeyException failed) {

      Logging.logCheckedSevere(LOG, "Key passphrase failure\n", failed);

      KeyStoreException failure = new KeyStoreException("Key passphrase failure");
      failure.initCause(failed);
      throw failure;
    }
  }
Beispiel #7
0
  /**
   * Returns <tt>true</tt> if the specified id is associated with a private key.
   *
   * @param id The ID of the requested private key.
   * @param store_password The passphrase used to unlock the keystore may be {@code null} for
   *     keystores with no passphrase.
   * @return <tt>true</tt> if a private key with the specified ID is present otherwise
   *     <tt>false</tt>
   * @throws KeyStoreException When the wrong keystore has been provided.
   * @throws IOException For errors related to processing the keystore.
   */
  public boolean isKey(ID id, char[] store_password) throws KeyStoreException, IOException {
    String alias = id.toString();

    synchronized (keystore_manager) {
      KeyStore store = keystore_manager.loadKeyStore(store_password);

      return store.containsAlias(alias) & store.isKeyEntry(alias);
    }
  }
 public boolean hasServerIdentityAlias() {
   try {
     if (!mKeyStore.containsAlias(LOCAL_IDENTITY_ALIAS)) {
       LogUtils.e("Key store missing identity for " + LOCAL_IDENTITY_ALIAS);
       return false;
     }
   } catch (KeyStoreException e) {
     LogUtils.e("Key store exception occurred", e);
     return false;
   }
   return true;
 }
Beispiel #9
0
  /**
   * Returns the trusted cert for the specified id.
   *
   * @param id The id of the Certificate to retrieve.
   * @param store_password The passphrase used to unlock the keystore may be {@code null} for
   *     keystores with no passphrase.
   * @return Certificate for the specified ID or null if the store does not contain the specified
   *     certificate.
   * @throws KeyStoreException When the wrong keystore has been provided.
   * @throws IOException For errors related to processing the keystore.
   */
  X509Certificate getTrustedCertificate(ID id, char[] store_password)
      throws KeyStoreException, IOException {

    String alias = id.toString();

    synchronized (keystore_manager) {
      KeyStore store = keystore_manager.loadKeyStore(store_password);

      if (!store.containsAlias(alias)) {
        return null;
      }

      return (X509Certificate) store.getCertificate(alias);
    }
  }
 public synchronized void storeCertificate(Certificate peerCert) {
   try {
     String alias =
         String.format(KeyStoreManager.REMOTE_IDENTITY_ALIAS_PATTERN, peerCert.hashCode());
     if (mKeyStore.containsAlias(alias)) {
       LogUtils.w("Deleting existing entry for " + alias);
       mKeyStore.deleteEntry(alias);
     }
     LogUtils.i("Adding cert to keystore: " + alias);
     mKeyStore.setCertificateEntry(alias, peerCert);
     store();
   } catch (KeyStoreException e) {
     LogUtils.e("Storing cert failed", e);
   }
 }
  /** Creates the X509Credential from the TrustStore certificate. */
  public static X509Credential loadCredentialFromTrustStore(String alias, KeyStore trustStore)
      throws RelyingPartyException {
    X509Credential credential = null;
    java.security.cert.X509Certificate cert = null;

    try {
      if (trustStore.containsAlias(alias)) {
        cert = (java.security.cert.X509Certificate) trustStore.getCertificate(alias);
        credential = new X509CredentialImpl(cert);
      }
    } catch (KeyStoreException e) {
      log.error("Error while loading credentials from trust store", e);
      throw new RelyingPartyException("Error while loading credentials from trust store", e);
    }
    return credential;
  }
  public void addPrivateKey(
      @Nonnull @Nonempty final String sAlias,
      @Nonnull final Key aKey,
      @Nonnull final String sPassword)
      throws OpenAS2Exception {
    ValueEnforcer.notEmpty(sAlias, "Alias");
    ValueEnforcer.notNull(aKey, "Key");
    ValueEnforcer.notNull(sPassword, "Password");

    final KeyStore aKeyStore = getKeyStore();
    try {
      if (!aKeyStore.containsAlias(sAlias)) throw new CertificateNotFoundException(null, sAlias);

      final Certificate[] aCertChain = aKeyStore.getCertificateChain(sAlias);
      aKeyStore.setKeyEntry(sAlias, aKey, sPassword.toCharArray(), aCertChain);
      save(getFilename(), getPassword());
    } catch (final GeneralSecurityException ex) {
      throw WrappedOpenAS2Exception.wrap(ex);
    }
  }
  public void addCertificate(
      @Nonnull @Nonempty final String sAlias,
      @Nonnull final X509Certificate aCert,
      final boolean bOverwrite)
      throws OpenAS2Exception {
    ValueEnforcer.notEmpty(sAlias, "Alias");
    ValueEnforcer.notNull(aCert, "Cert");

    final KeyStore aKeyStore = getKeyStore();

    try {
      if (aKeyStore.containsAlias(sAlias) && !bOverwrite)
        throw new CertificateExistsException(sAlias);

      aKeyStore.setCertificateEntry(sAlias, aCert);
      save(getFilename(), getPassword());
      s_aLogger.info(
          "Added certificate alias '" + sAlias + "' of certificate '" + aCert.getSubjectDN());
    } catch (final GeneralSecurityException ex) {
      throw WrappedOpenAS2Exception.wrap(ex);
    }
  }
Beispiel #14
0
  /**
   * Returns the trusted cert chain for the specified id.
   *
   * @param id The ID of the certificate who's certificate chain is desired.
   * @return Certificate chain for the specified ID or null if the PSE does not contain the
   *     specified certificate.
   * @throws KeyStoreException When the wrong keystore has been provided.
   * @throws IOException For errors related to processing the keystore.
   */
  public X509Certificate[] getTrustedCertificateChain(ID id) throws KeyStoreException, IOException {

    String alias = id.toString();

    synchronized (keystore_manager) {
      KeyStore store = keystore_manager.loadKeyStore(keystore_password);

      if (!store.containsAlias(alias)) {
        return null;
      }

      Certificate certs[] = store.getCertificateChain(alias);

      if (null == certs) {
        return null;
      }

      X509Certificate x509certs[] = new X509Certificate[certs.length];

      System.arraycopy(certs, 0, x509certs, 0, certs.length);

      return x509certs;
    }
  }
  /** Do action. */
  @Override
  protected void doAction() {
    try {
      KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();

      KeyStoreState currentState = history.getCurrentState();
      KeyStoreState newState = currentState.createBasisForNextState(this);

      KeyStore keyStore = newState.getKeyStore();
      String alias = kseFrame.getSelectedEntryAlias();

      DGetAlias dGetAlias =
          new DGetAlias(
              frame, res.getString("RenameTrustedCertificateAction.NewEntryAlias.Title"), alias);
      dGetAlias.setLocationRelativeTo(frame);
      dGetAlias.setVisible(true);
      String newAlias = dGetAlias.getAlias();

      if (newAlias == null) {
        return;
      }

      if (newAlias.equalsIgnoreCase(alias)) {
        JOptionPane.showMessageDialog(
            frame,
            MessageFormat.format(
                res.getString("RenameTrustedCertificateAction.RenameAliasIdentical.message"),
                alias),
            res.getString("RenameTrustedCertificateAction.RenameEntry.Title"),
            JOptionPane.WARNING_MESSAGE);
        return;
      }

      if (keyStore.containsAlias(newAlias)) {
        String message =
            MessageFormat.format(
                res.getString("RenameTrustedCertificateAction.OverWriteEntry.message"), newAlias);

        int selected =
            JOptionPane.showConfirmDialog(
                frame,
                message,
                res.getString("RenameTrustedCertificateAction.RenameEntry.Title"),
                JOptionPane.YES_NO_OPTION);
        if (selected != JOptionPane.YES_OPTION) {
          return;
        }

        keyStore.deleteEntry(newAlias);
        newState.removeEntryPassword(newAlias);
      }

      Certificate cert = keyStore.getCertificate(alias);
      keyStore.setCertificateEntry(newAlias, cert);

      keyStore.deleteEntry(alias);

      currentState.append(newState);

      kseFrame.updateControls(true);
    } catch (Exception ex) {
      DError.displayError(frame, ex);
    }
  }
  /** Generate a secret key in the currently opened KeyStore. */
  public void generateSecret() {
    try {
      int secretKeySize = applicationSettings.getGenerateSecretKeySize();
      SecretKeyType secretKeyType = applicationSettings.getGenerateSecretKeyType();

      DGenerateSecretKey dGenerateSecretKey =
          new DGenerateSecretKey(frame, secretKeyType, secretKeySize);
      dGenerateSecretKey.setLocationRelativeTo(frame);
      dGenerateSecretKey.setVisible(true);

      if (!dGenerateSecretKey.isSuccessful()) {
        return;
      }

      secretKeySize = dGenerateSecretKey.getSecretKeySize();
      secretKeyType = dGenerateSecretKey.getSecretKeyType();

      applicationSettings.setGenerateSecretKeySize(secretKeySize);
      applicationSettings.setGenerateSecretKeyType(secretKeyType);

      SecretKey secretKey = SecretKeyUtil.generateSecretKey(secretKeyType, secretKeySize);

      KeyStoreHistory history = kseFrame.getActiveKeyStoreHistory();

      KeyStoreState currentState = history.getCurrentState();
      KeyStoreState newState = currentState.createBasisForNextState(this);

      KeyStore keyStore = newState.getKeyStore();

      DGetAlias dGetAlias =
          new DGetAlias(
              frame, res.getString("GenerateSecretKeyAction.NewSecretKeyEntryAlias.Title"), null);
      dGetAlias.setLocationRelativeTo(frame);
      dGetAlias.setVisible(true);
      String alias = dGetAlias.getAlias();

      if (alias == null) {
        return;
      }

      if (keyStore.containsAlias(alias)) {
        String message =
            MessageFormat.format(
                res.getString("GenerateSecretKeyAction.OverWriteEntry.message"), alias);

        int selected =
            JOptionPane.showConfirmDialog(
                frame,
                message,
                res.getString("GenerateSecretKeyAction.NewSecretKeyEntryAlias.Title"),
                JOptionPane.YES_NO_OPTION);
        if (selected != JOptionPane.YES_OPTION) {
          return;
        }
      }

      Password password = new Password((char[]) null);
      KeyStoreType type = KeyStoreType.resolveJce(keyStore.getType());

      if (type.hasEntryPasswords()) {
        DGetNewPassword dGetNewPassword =
            new DGetNewPassword(
                frame,
                res.getString("GenerateSecretKeyAction.NewSecretKeyEntryPassword.Title"),
                applicationSettings.getPasswordQualityConfig());
        dGetNewPassword.setLocationRelativeTo(frame);
        dGetNewPassword.setVisible(true);
        password = dGetNewPassword.getPassword();

        if (password == null) {
          return;
        }
      }

      if (keyStore.containsAlias(alias)) {
        keyStore.deleteEntry(alias);
        newState.removeEntryPassword(alias);
      }

      keyStore.setKeyEntry(alias, secretKey, password.toCharArray(), null);
      newState.setEntryPassword(alias, password);

      currentState.append(newState);

      kseFrame.updateControls(true);

      JOptionPane.showMessageDialog(
          frame,
          res.getString("GenerateSecretKeyAction.SecretKeyGenerationSuccessful.message"),
          res.getString("GenerateSecretKeyAction.GenerateSecretKey.Title"),
          JOptionPane.INFORMATION_MESSAGE);
    } catch (Exception ex) {
      DError.displayError(frame, ex);
    }
  }
Beispiel #17
0
  private void readTest(String inKeyStore) throws Exception {

    KeyStore inputKeyStore;

    // Initialize KeyStore
    String dir = System.getProperty("test.src", ".");
    String keystorePath = dir + File.separator + "certs" + File.separator + "readP12";
    inputKeyStore = KeyStore.getInstance(IN_KEYSTORE_TYPE);
    // KeyStore have encoded by Base64.getMimeEncoder().encode(),need decode
    // first.
    byte[] input = Files.readAllBytes(Paths.get(keystorePath, inKeyStore));
    ByteArrayInputStream arrayIn = new ByteArrayInputStream(Base64.getMimeDecoder().decode(input));
    inputKeyStore.load(arrayIn, IN_STORE_PASS.toCharArray());
    out.println("Initialize KeyStore : " + inKeyStore + " success");

    out.println("getProvider : " + inputKeyStore.getProvider());
    out.println("getType : " + inputKeyStore.getType());
    out.println("getDefaultType : " + KeyStore.getDefaultType());

    int idx = 0;
    Enumeration<String> e = inputKeyStore.aliases();
    String alias;
    while (e.hasMoreElements()) {
      alias = e.nextElement();
      out.println("Alias " + idx + " : " + alias);
      if (inputKeyStore.containsAlias(alias) == false) {
        throw new RuntimeException("Alias not found");
      }

      out.println("getCreationDate : " + inputKeyStore.getCreationDate(alias));

      X509Certificate cert = (X509Certificate) inputKeyStore.getCertificate(alias);
      out.println("getCertificate : " + cert.getSubjectDN());
      String retAlias = inputKeyStore.getCertificateAlias(cert);
      if (!retAlias.equals(alias)) {
        throw new RuntimeException("Alias mismatch");
      }
      out.println("getCertificateAlias : " + retAlias);

      Certificate[] certs = inputKeyStore.getCertificateChain(alias);
      for (int i = 0; i < certs.length; i++) {
        out.println(
            "getCertificateChain " + i + " : " + ((X509Certificate) certs[i]).getSubjectDN());
      }

      boolean isCertEntry = inputKeyStore.isCertificateEntry(alias);
      // test KeyStore only contain key pair entries.
      if (isCertEntry == true) {
        throw new RuntimeException(
            "inputKeystore should not be certEntry because test keystore only contain key pair entries.");
      }

      boolean isKeyEntry = inputKeyStore.isKeyEntry(alias);
      if (isKeyEntry) {
        Key key = inputKeyStore.getKey(alias, IN_STORE_PASS.toCharArray());
        out.println("Key : " + key.toString());
      } else {
        throw new RuntimeException("Entry type unknown\n");
      }
      idx++;
    }

    int size = inputKeyStore.size();
    if (idx != size) {
      throw new RuntimeException("Size not match");
    }
  }