private KeyManager[] getKeyManagers(InputStream certificate, String passphrase)
     throws IOException {
   if (key_managers == null) {
     KeyStore ks;
     try {
       ks = KeyStore.getInstance("PKCS12");
     } catch (KeyStoreException e) {
       throw new RuntimeException("Unable to create key store.");
     }
     char certphrase[] = passphrase.toCharArray();
     try {
       ks.load(certificate, certphrase);
     } catch (GeneralSecurityException e) {
       throw new RuntimeException("Bad certificate or unknown type.");
     } finally {
       closeQuietly(certificate);
     }
     KeyManagerFactory kmf;
     try {
       kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
       kmf.init(ks, certphrase);
     } catch (GeneralSecurityException e) {
       throw new RuntimeException(e.getMessage());
     }
     key_managers = kmf.getKeyManagers();
   }
   return key_managers;
 }
Example #2
0
 private static KeyStore readKeyStore(String name) throws Exception {
   File file = new File(PATH, name);
   InputStream in = new FileInputStream(file);
   KeyStore ks = KeyStore.getInstance("JKS");
   ks.load(in, passwd);
   in.close();
   return ks;
 }
Example #3
0
 /**
  * Creates an empty keystore
  *
  * @throws Exception
  */
 private void createKeystore() throws Exception {
   if (keystore == null) {
     Security.addProvider(bouncyCastleProvider);
     keystore =
         KeyStore.getInstance(Configuration.getSSLClientKeyStoreType(), bouncyCastleProvider);
     keystore.load(null, KEYSTORE_PASSWORD.toCharArray());
   }
 }
 public void testDefaults() throws Exception {
   Properties p = initProps();
   KeyStore ks = KeyStoreUtil.createKeyStore(p);
   List aliases = ListUtil.fromIterator(new EnumerationIterator(ks.aliases()));
   assertIsomorphic(SetUtil.set("mykey", "mycert"), SetUtil.theSet(aliases));
   assertNotNull(ks.getCertificate("mycert"));
   assertNull(ks.getCertificate("foocert"));
   assertEquals("JCEKS", ks.getType());
 }
 void assertPubKs(File file, String pass, List<String> hosts) throws Exception {
   KeyStore ks = loadKeyStore("jceks", file, pass);
   List aliases = ListUtil.fromIterator(new EnumerationIterator(ks.aliases()));
   assertEquals(hosts.size(), aliases.size());
   for (String host : hosts) {
     String alias = host + ".crt";
     Certificate cert = ks.getCertificate(alias);
     assertNotNull(cert);
     assertEquals("X.509", cert.getType());
   }
 }
  /*
   * Define the client side of the test.
   *
   * If the server prematurely exits, serverReady will be set to true
   * to avoid infinite hangs.
   */
  void doClientSide() throws Exception {

    /*
     * Wait for server to get started.
     */
    while (!serverReady) {
      Thread.sleep(50);
    }

    /*
     * See if an unknown keystore actually gets checked ok.
     */
    System.out.println("==============");
    System.out.println("Starting test0");
    KeyStore uks = KeyStore.getInstance("JKS");
    SSLContext ctx = SSLContext.getInstance("TLS");
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

    uks.load(new FileInputStream(unknownFilename), cpasswd);
    kmf.init(uks, cpasswd);

    TrustManager[] tms = new TrustManager[] {new MyJavaxX509TrustManager()};

    ctx.init(kmf.getKeyManagers(), tms, null);

    SSLSocketFactory sslsf = (SSLSocketFactory) ctx.getSocketFactory();

    System.out.println("Trying first socket " + serverPort);
    SSLSocket sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort);

    doTest(sslSocket);

    /*
     * Now try the other way.
     */
    com.sun.net.ssl.SSLContext ctx1 = com.sun.net.ssl.SSLContext.getInstance("TLS");
    com.sun.net.ssl.KeyManagerFactory kmf1 =
        com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");
    kmf1.init(uks, cpasswd);

    com.sun.net.ssl.TrustManager[] tms1 =
        new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};

    ctx1.init(kmf1.getKeyManagers(), tms1, null);

    sslsf = (SSLSocketFactory) ctx1.getSocketFactory();

    System.out.println("Trying second socket " + serverPort1);
    sslSocket = (SSLSocket) sslsf.createSocket("localhost", serverPort1);

    doTest(sslSocket);
    System.out.println("Completed test1");
  }
  public static void main(String args[]) {

    int port = 6502;
    SSLServerSocket server;

    try {
      // get the keystore into memory
      KeyStore ks = KeyStore.getInstance("JKS");
      ks.load(new FileInputStream(keyStore), keyStorePass);

      // initialize the key manager factory with the keystore data
      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      kmf.init(ks, keyStorePass);

      // initialize the SSLContext engine
      // may throw NoSuchProvider or NoSuchAlgorithm exception
      // TLS - Transport Layer Security most generic

      SSLContext sslContext = SSLContext.getInstance("TLS");

      // Inititialize context with given KeyManagers, TrustManagers,
      // SecureRandom defaults taken if null

      sslContext.init(kmf.getKeyManagers(), null, null);

      // Get ServerSocketFactory from the context object
      ServerSocketFactory ssf = sslContext.getServerSocketFactory();
      //  Now like programming with normal server sockets
      ServerSocket serverSocket = ssf.createServerSocket(port);

      System.out.println("Accepting secure connections");

      Socket client = serverSocket.accept();
      System.out.println("Got connection");

      BufferedWriter out = new BufferedWriter(new OutputStreamWriter(client.getOutputStream()));
      BufferedReader in = new BufferedReader(new InputStreamReader(client.getInputStream()));
      String username = in.readLine();
      String password = in.readLine();

      if (username.equals("Josh") && password.equals("GoBucs")) {
        out.write("Greeting Client");
      } else {
        out.write("Sorry, you are not authorized");
      }
      out.flush();
      in.close();
      out.close();
    } catch (Exception e) {
      System.out.println("Exception thrown " + e);
    }
  }
  private static TrustManager[] createTrustManagers() throws GeneralSecurityException, IOException {
    InputStream keyStoreStream =
        Thread.currentThread().getContextClassLoader().getResourceAsStream("ssltest-keystore.jks");
    char[] keyStorePassword = "******".toCharArray();
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(keyStoreStream, keyStorePassword);
    assert (ks.size() > 0);

    TrustManagerFactory tmf =
        TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ks);
    return tmf.getTrustManagers();
  }
Example #9
0
 private void createClientKeyStore() throws Exception {
   clientCertKeystore = KeyStore.getInstance(Configuration.getSSLClientKeyStoreType());
   String clientCertPath = Configuration.getSSLClientCertPath();
   FileInputStream fileInputStream = null;
   if (clientCertPath != null) {
     try {
       fileInputStream = new FileInputStream(clientCertPath);
     } catch (IOException ioe) {
       logger.error("\n----\nCertificate not found: " + clientCertPath + "\n----");
     }
   }
   String password = Configuration.getSSLClientCertPassword();
   char[] passphrase = password == null ? null : password.toCharArray();
   clientCertKeystore.load(fileInputStream, passphrase);
 }
Example #10
0
 public static KeyStore readKeyStore(String keystorePath, String password)
     throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
         UnrecoverableKeyException, KeyManagementException {
   KeyStore keyStore = KeyStore.getInstance("JKS");
   FileInputStream fis = null;
   try {
     fis = new FileInputStream(keystorePath);
     keyStore.load(fis, password.toCharArray());
   } finally {
     if (fis != null) {
       fis.close();
     }
   }
   return keyStore;
 }
Example #11
0
  /*
   * If this is a secure server, we now setup the SSLContext we'll
   * use for creating the SSLEngines throughout the lifetime of
   * this process.
   */
  private void createSSLContext() throws Exception {

    char[] passphrase = "passphrase".toCharArray();

    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream("testkeys"), passphrase);

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, passphrase);

    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(ks);

    sslContext = SSLContext.getInstance("TLS");
    sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
  }
  private static KeyManager[] createKeyManagers() throws GeneralSecurityException, IOException {
    InputStream keyStoreStream =
        Thread.currentThread().getContextClassLoader().getResourceAsStream("ssltest-cacerts.jks");
    char[] keyStorePassword = "******".toCharArray();
    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(keyStoreStream, keyStorePassword);
    assert (ks.size() > 0);

    // Set up key manager factory to use our key store
    char[] certificatePassword = "******".toCharArray();
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, certificatePassword);

    // Initialize the SSLContext to work with our key managers.
    return kmf.getKeyManagers();
  }
Example #13
0
 private void addCertToKeystore(X509Certificate _cert, Key _privateKey, String alias)
     throws KeyStoreException {
   X509Certificate[] chain = new X509Certificate[2];
   chain[0] = _cert;
   chain[1] = rootCA;
   keystore.setKeyEntry(alias, _privateKey, KEYSTORE_PASSWORD.toCharArray(), chain);
 }
Example #14
0
 private X509Certificate buildSignedCert(String domain, KeyPair _keyPair) throws Exception {
   PrivateKey privateRootKey =
       (PrivateKey)
           keystore.getKey(Configuration.getRootCaName(), KEYSTORE_PASSWORD.toCharArray());
   X509v3CertificateBuilder certificateBuilder = createX509v3CertificateBuilder(domain, _keyPair);
   return createX509Certificate(certificateBuilder, privateRootKey);
 }
Example #15
0
 private static void loadKeyStore(File keyStoreFile) {
   try {
     FileInputStream fileInputStream = null;
     try {
       fileInputStream = new FileInputStream(KEY_STORE_FILENAME);
       logger.trace("Loading key store from file [" + keyStoreFile + "]");
       keystore = KeyStore.getInstance(KeyStore.getDefaultType());
       keystore.load(fileInputStream, KEY_STORE_PASSWORD.toCharArray());
     } finally {
       if (fileInputStream != null) {
         fileInputStream.close();
       }
     }
   } catch (Exception e) {
     throw new RuntimeException(
         "Exception while loading KeyStore from " + keyStoreFile.getAbsolutePath(), e);
   }
 }
  public void testCreateSharedPLNKeyStores() throws Exception {
    List<String> hosts = ListUtil.list("host1", "host2.foo.bar", "host3");
    List<String> hosts2 = ListUtil.list("host3", "host4");
    File dir = getTempDir();
    File pub = new File(dir, "pub.ks");
    KeyStoreUtil.createSharedPLNKeyStores(
        dir, hosts, pub, "pubpass", MiscTestUtil.getSecureRandom());
    assertPubKs(pub, "pubpass", hosts);
    for (String host : hosts) {
      assertPrivateKs(
          new File(dir, host + ".jceks"), StringUtil.fromFile(new File(dir, host + ".pass")), host);
    }
    KeyStore pubks1 = loadKeyStore("jceks", new File(dir, "pub.ks"), "pubpass");

    Certificate host1cert1 = pubks1.getCertificate("host1.crt");
    Certificate host3cert1 = pubks1.getCertificate("host3.crt");

    String host1priv1 = StringUtil.fromFile(new File(dir, "host1.jceks"));
    String host3priv1 = StringUtil.fromFile(new File(dir, "host3.jceks"));

    // Now add host4 and generate a new key for host3
    KeyStoreUtil.createSharedPLNKeyStores(
        dir, hosts2, pub, "pubpass", MiscTestUtil.getSecureRandom());
    List<String> both = ListUtils.sum(hosts, hosts2);
    assertPubKs(pub, "pubpass", both);
    for (String host : both) {
      assertPrivateKs(
          new File(dir, host + ".jceks"), StringUtil.fromFile(new File(dir, host + ".pass")), host);
    }
    KeyStore pubks2 = loadKeyStore("jceks", new File(dir, "pub.ks"), "pubpass");
    // host1 should have the same cert, host3 not
    Certificate host1cert2 = pubks2.getCertificate("host1.crt");
    Certificate host3cert2 = pubks2.getCertificate("host3.crt");
    assertEquals(host1cert1, host1cert2);
    assertNotEquals(host3cert1, host3cert2);

    // host1's private key file should be the same, host3's not
    String host1priv2 = StringUtil.fromFile(new File(dir, "host1.jceks"));
    String host3priv2 = StringUtil.fromFile(new File(dir, "host3.jceks"));
    assertEquals(host1priv1, host1priv2);
    assertNotEquals(host3priv1, host3priv2);
  }
Example #17
0
 /**
  * We need a root CA as a file to add to the browser under which all certificates will be trusted.
  *
  * @throws Exception
  */
 private void createRootCA() throws Exception {
   KeyPair _keyPair = newKeyPair();
   rootCA = buildRootCert(Configuration.getRootCaName(), _keyPair);
   writePEMObject(rootCAPath, rootCA);
   writePEMObject(Configuration.getRootKeyPath(), _keyPair.getPrivate());
   keystore.setKeyEntry(
       Configuration.getRootCaName(),
       _keyPair.getPrivate(),
       KEYSTORE_PASSWORD.toCharArray(),
       new X509Certificate[] {rootCA});
 }
Example #18
0
 private void loadKeyStoreFromFile(KeyStore pKeyStore, String pFile, char[] pPassword)
     throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
   FileInputStream fis = null;
   try {
     fis = new FileInputStream(getAndValidateFile(pFile, "keystore"));
     pKeyStore.load(fis, pPassword);
   } finally {
     if (fis != null) {
       fis.close();
     }
   }
 }
Example #19
0
 /**
  * Read certificate and adds it to the keystore.
  *
  * @throws IOException
  * @throws CertificateException
  * @throws KeyStoreException
  */
 private void readRootCA() throws IOException, CertificateException, KeyStoreException {
   Key _privateKey = readPrivateKey(Configuration.getRootKeyPath());
   X509CertificateHolder holder =
       (X509CertificateHolder) readWithPemParser(Configuration.getRootCaPath());
   rootCA =
       new JcaX509CertificateConverter()
           .setProvider(BouncyCastleProvider.PROVIDER_NAME)
           .getCertificate(holder);
   keystore.setKeyEntry(
       Configuration.getRootCaName(),
       _privateKey,
       KEYSTORE_PASSWORD.toCharArray(),
       new X509Certificate[] {rootCA});
 }
Example #20
0
  private KeyStore getKeyStore(JolokiaServerConfig pConfig)
      throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
          InvalidKeySpecException, InvalidKeyException, NoSuchProviderException,
          SignatureException {
    char[] password = pConfig.getKeystorePassword();
    String keystoreFile = pConfig.getKeystore();
    KeyStore keystore = KeyStore.getInstance(pConfig.getKeyStoreType());
    if (keystoreFile != null) {
      // Load everything from a keystore which must include CA (if useClientSslAuthenticatin is
      // used) and
      // server cert/key
      loadKeyStoreFromFile(keystore, keystoreFile, password);
    } else {
      // Load keys from PEM files
      keystore.load(null);
      updateKeyStoreFromPEM(keystore, pConfig);

      // If no server cert is configured, then use a self-signed server certificate
      if (pConfig.getServerCert() == null) {
        KeyStoreUtil.updateWithSelfSignedServerCertificate(keystore);
      }
    }
    return keystore;
  }
  public void testStore() throws Exception {
    File dir = getTempDir();
    File file = new File(dir, "test.ks");
    Properties p = initProps();
    p.put(KeyStoreUtil.PROP_KEYSTORE_FILE, file.toString());
    assertFalse(file.exists());
    KeyStore ks = KeyStoreUtil.createKeyStore(p);
    assertTrue(file.exists());

    KeyStore ks2 = loadKeyStore(ks.getType(), file, PASSWD);
    List aliases = ListUtil.fromIterator(new EnumerationIterator(ks2.aliases()));
    assertIsomorphic(SetUtil.set("mykey", "mycert"), SetUtil.theSet(aliases));
    assertNotNull(ks2.getCertificate("mycert"));
    assertNull(ks2.getCertificate("foocert"));
    assertEquals("JCEKS", ks2.getType());
  }
 void assertPrivateKs(File file, String pass, String alias) throws Exception {
   KeyStore ks = loadKeyStore("jceks", file, alias);
   List aliases = ListUtil.fromIterator(new EnumerationIterator(ks.aliases()));
   assertEquals(2, aliases.size());
   Certificate cert = ks.getCertificate(alias + ".crt");
   assertNotNull(cert);
   assertEquals("X.509", cert.getType());
   assertTrue(ks.isKeyEntry(alias + ".key"));
   assertTrue(ks.isCertificateEntry(alias + ".crt"));
   Key key = ks.getKey(alias + ".key", pass.toCharArray());
   assertNotNull(key);
   assertEquals("RSA", key.getAlgorithm());
 }
Example #23
0
 private static void saveKeyStore() {
   try {
     ByteArrayOutputStream bout = new ByteArrayOutputStream();
     keystore.store(bout, KEY_STORE_PASSWORD.toCharArray());
     File keyStoreFile = new File(KEY_STORE_FILENAME);
     logger.trace("Saving key store to file [" + keyStoreFile + "]");
     FileOutputStream fileOutputStream = null;
     try {
       fileOutputStream = new FileOutputStream(keyStoreFile);
       fileOutputStream.write(bout.toByteArray());
     } finally {
       if (fileOutputStream != null) {
         fileOutputStream.close();
       }
     }
     keyStoreFile.deleteOnExit();
   } catch (Exception e) {
     throw new RuntimeException("Exception while saving KeyStore", e);
   }
 }
Example #24
0
  private void initialize() throws Exception {
    String trustFilename =
        System.getProperty("test.src", "./") + "/" + pathToStores + "/" + trustStoreFile;
    char[] passphrase = "passphrase".toCharArray();

    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(trustFilename), passphrase);

    for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
      String alias = (String) e.nextElement();
      if (ks.isCertificateEntry(alias)) {
        certChain[0] = (X509Certificate) ks.getCertificate(alias);
        break;
      }
    }

    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(ks);

    trustManager = (X509TrustManager) (tmf.getTrustManagers())[0];
  }
Example #25
0
  static {
    try {
      KeyStore ks = KeyStore.getInstance("JKS");
      KeyStore ts = KeyStore.getInstance("JKS");

      char[] passphrase = "passphrase".toCharArray();

      ks.load(new FileInputStream(keyFilename), passphrase);
      ts.load(new FileInputStream(trustFilename), passphrase);

      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      kmf.init(ks, passphrase);

      TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
      tmf.init(ts);

      SSLContext sslCtx = SSLContext.getInstance("TLS");
      sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
      sslc = sslCtx;
    } catch (Exception e) {
      loadException = e;
    }
  }
  /*
   * Define the server side of the test.
   *
   * If the server prematurely exits, serverReady will be set to true
   * to avoid infinite hangs.
   */
  void doServerSide() throws Exception {
    KeyStore ks = KeyStore.getInstance("JKS");
    com.sun.net.ssl.SSLContext ctx = com.sun.net.ssl.SSLContext.getInstance("TLS");
    com.sun.net.ssl.KeyManagerFactory kmf =
        com.sun.net.ssl.KeyManagerFactory.getInstance("SunX509");

    ks.load(new FileInputStream(keyFilename), cpasswd);
    kmf.init(ks, cpasswd);

    com.sun.net.ssl.TrustManager[] tms =
        new com.sun.net.ssl.TrustManager[] {new MyComX509TrustManager()};

    ctx.init(kmf.getKeyManagers(), tms, null);

    SSLServerSocketFactory sslssf = (SSLServerSocketFactory) ctx.getServerSocketFactory();

    SSLServerSocket sslServerSocket = (SSLServerSocket) sslssf.createServerSocket(serverPort);
    serverPort = sslServerSocket.getLocalPort();

    sslServerSocket.setNeedClientAuth(true);

    /*
     * Create using the other type.
     */
    SSLContext ctx1 = SSLContext.getInstance("TLS");
    KeyManagerFactory kmf1 = KeyManagerFactory.getInstance("SunX509");

    TrustManager[] tms1 = new TrustManager[] {new MyJavaxX509TrustManager()};

    kmf1.init(ks, cpasswd);

    ctx1.init(kmf1.getKeyManagers(), tms1, null);

    sslssf = (SSLServerSocketFactory) ctx1.getServerSocketFactory();

    SSLServerSocket sslServerSocket1 = (SSLServerSocket) sslssf.createServerSocket(serverPort1);
    serverPort1 = sslServerSocket1.getLocalPort();
    sslServerSocket1.setNeedClientAuth(true);

    /*
     * Signal Client, we're ready for his connect.
     */
    serverReady = true;

    SSLSocket sslSocket = (SSLSocket) sslServerSocket.accept();
    sslServerSocket.close();
    serverReady = false;

    InputStream sslIS = sslSocket.getInputStream();
    OutputStream sslOS = sslSocket.getOutputStream();

    sslIS.read();
    sslOS.write(85);
    sslOS.flush();
    sslSocket.close();

    sslSocket = (SSLSocket) sslServerSocket1.accept();
    sslIS = sslSocket.getInputStream();
    sslOS = sslSocket.getOutputStream();

    sslIS.read();
    sslOS.write(85);
    sslOS.flush();
    sslSocket.close();

    System.out.println("Server exiting!");
    System.out.flush();
  }
Example #27
0
  /**
   * Create KeyStore and add a self-signed X.509 Certificate
   *
   * @param dname the X.509 Distinguished Name, eg "CN=www.google.co.uk, O=\"Google Inc\",
   *     L=\"Mountain View\", S=California, C=US"
   * @param keyAlgorithmName the key algorithm, eg "RSA"
   */
  private static KeyStore generateCertificate(
      String alias,
      char[] keyStorePassword,
      KeyAlgorithmName keyAlgorithmName,
      String dname,
      String... sanDomains)
      throws GeneralSecurityException, IOException {

    CertAndKeyGen certAndKeyGen =
        new CertAndKeyGen(
            keyAlgorithmName.name(), keyAlgorithmName.signatureAlgorithmName, "SunCertificates");
    certAndKeyGen.generate(keyAlgorithmName.keySize);

    PrivateKey privateKey = certAndKeyGen.getPrivateKey();
    X509CertInfo info = new X509CertInfo();
    Date from = new Date();
    Date to = new Date(from.getTime() + TimeUnit.DAYS.toMillis(360));
    CertificateValidity interval = new CertificateValidity(from, to);
    BigInteger sn = new BigInteger(64, new SecureRandom());
    X500Name owner = new X500Name(dname);

    info.set(X509CertInfo.VALIDITY, interval);
    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
    info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
    info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
    info.set(X509CertInfo.KEY, new CertificateX509Key(certAndKeyGen.getPublicKey()));
    info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    info.set(
        X509CertInfo.ALGORITHM_ID,
        new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid)));

    // add subject alternative names
    GeneralNames generalNames = new GeneralNames();
    for (String sanDomain : sanDomains) {
      generalNames.add(new GeneralName(new DNSName(sanDomain)));
    }
    if (generalNames.size() > 0) {
      CertificateExtensions certificateExtensions =
          (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
      if (certificateExtensions == null) certificateExtensions = new CertificateExtensions();
      certificateExtensions.set(
          SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(generalNames));
      info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
    }

    // Sign the certificate to identify the algorithm that's used.
    X509CertImpl x509Certificate = new X509CertImpl(info);
    x509Certificate.sign(privateKey, keyAlgorithmName.signatureAlgorithmName);

    // update the algorithm, and resign.
    info.set(
        CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM,
        x509Certificate.get(X509CertImpl.SIG_ALG));
    x509Certificate = new X509CertImpl(info);
    x509Certificate.sign(privateKey, keyAlgorithmName.signatureAlgorithmName);

    // add to new key store
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    keyStore.load(null, keyStorePassword);
    keyStore.setKeyEntry(
        alias, privateKey, keyStorePassword, new X509Certificate[] {x509Certificate});

    return keyStore;
  }
 KeyStore loadKeyStore(String type, File file, String passwd) throws Exception {
   KeyStore ks = KeyStore.getInstance(type);
   FileInputStream fis = new FileInputStream(file);
   ks.load(fis, passwd.toCharArray());
   return ks;
 }