net.i2p.crypto
Class KeyStoreUtil

java.lang.Object
  extended by net.i2p.crypto.KeyStoreUtil

public class KeyStoreUtil
extends Object

Keystore utilities, consolidated from various places.

Since:
0.9.9

Field Summary
static String DEFAULT_KEYSTORE_PASSWORD
           
 
Constructor Summary
KeyStoreUtil()
           
 
Method Summary
static boolean addCert(File file, String alias, KeyStore ks)
          Load an X509 Cert from a file and add it to the trusted set of certificates in the key store
static int addCerts(File dir, KeyStore ks)
          Load all X509 Certs from a directory and add them to the trusted set of certificates in the key store
static int countCerts(KeyStore ks)
          Count all X509 Certs in a key store
static boolean createKeys(File ks, String alias, String cname, String ou, String keyPW)
          Create a keypair and store it in the keystore at ks, creating it if necessary.
static boolean createKeys(File ks, String ksPW, String alias, String cname, String ou, int validDays, String keyAlg, int keySize, String keyPW)
          Create a keypair and store it in the keystore at ks, creating it if necessary.
static KeyStore createKeyStore(File ksFile, String password)
          Create a new KeyStore object, and load it from ksFile if it is non-null and it exists.
static boolean exportCert(File ks, String ksPW, String alias, File certFile)
          Pull the cert back OUT of the keystore and save it in Base64-encoded X.509 format so the clients can get to it.
static Certificate getCert(File ks, String ksPW, String alias)
          Get a cert out of a keystore
static PrivateKey getPrivateKey(File ks, String ksPW, String alias, String keyPW)
          Get a private key out of a keystore
static KeyStore loadSystemKeyStore()
          Loads certs from location of javax.net.ssl.keyStore property, else from $JAVA_HOME/lib/security/jssacacerts, else from $JAVA_HOME/lib/security/cacerts.
static void main(String[] args)
           
static String randomString()
          48 char b32 string (30 bytes of entropy)
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_KEYSTORE_PASSWORD

public static final String DEFAULT_KEYSTORE_PASSWORD
See Also:
Constant Field Values
Constructor Detail

KeyStoreUtil

public KeyStoreUtil()
Method Detail

createKeyStore

public static KeyStore createKeyStore(File ksFile,
                                      String password)
                               throws GeneralSecurityException,
                                      IOException
Create a new KeyStore object, and load it from ksFile if it is non-null and it exists. If ksFile is non-null and it does not exist, create a new empty keystore file.

Parameters:
ksFile - may be null
password - may be null
Returns:
success
Throws:
GeneralSecurityException
IOException

loadSystemKeyStore

public static KeyStore loadSystemKeyStore()
Loads certs from location of javax.net.ssl.keyStore property, else from $JAVA_HOME/lib/security/jssacacerts, else from $JAVA_HOME/lib/security/cacerts.

Returns:
null on catastrophic failure, returns empty KeyStore if can't load system file
Since:
0.8.2, moved from SSLEepGet.initSSLContext() in 0.9.9

countCerts

public static int countCerts(KeyStore ks)
Count all X509 Certs in a key store

Returns:
number successfully added
Since:
0.8.2, moved from SSLEepGet in 0.9.9

addCerts

public static int addCerts(File dir,
                           KeyStore ks)
Load all X509 Certs from a directory and add them to the trusted set of certificates in the key store

Returns:
number successfully added
Since:
0.8.2, moved from SSLEepGet in 0.9.9

addCert

public static boolean addCert(File file,
                              String alias,
                              KeyStore ks)
Load an X509 Cert from a file and add it to the trusted set of certificates in the key store

Returns:
success
Since:
0.8.2, moved from SSLEepGet in 0.9.9

randomString

public static String randomString()
48 char b32 string (30 bytes of entropy)


createKeys

public static boolean createKeys(File ks,
                                 String alias,
                                 String cname,
                                 String ou,
                                 String keyPW)
Create a keypair and store it in the keystore at ks, creating it if necessary. Use default keystore password, valid days, algorithm, and key size. Warning, may take a long time.

Parameters:
ks - path to the keystore
alias - the name of the key
cname - e.g. randomstuff.console.i2p.net
ou - e.g. console
keyPW - the key password, must be at least 6 characters
Returns:
success
Since:
0.8.3, consolidated from RouterConsoleRunner and SSLClientListenerRunner in 0.9.9

createKeys

public static boolean createKeys(File ks,
                                 String ksPW,
                                 String alias,
                                 String cname,
                                 String ou,
                                 int validDays,
                                 String keyAlg,
                                 int keySize,
                                 String keyPW)
Create a keypair and store it in the keystore at ks, creating it if necessary. Warning, may take a long time.

Parameters:
ks - path to the keystore
ksPW - the keystore password
alias - the name of the key
cname - e.g. randomstuff.console.i2p.net
ou - e.g. console
validDays - e.g. 3652 (10 years)
keyAlg - e.g. DSA , RSA, EC
keySize - e.g. 1024
keyPW - the key password, must be at least 6 characters
Returns:
success
Since:
0.8.3, consolidated from RouterConsoleRunner and SSLClientListenerRunner in 0.9.9

getPrivateKey

public static PrivateKey getPrivateKey(File ks,
                                       String ksPW,
                                       String alias,
                                       String keyPW)
                                throws GeneralSecurityException,
                                       IOException
Get a private key out of a keystore

Parameters:
ks - path to the keystore
ksPW - the keystore password, may be null
alias - the name of the key
keyPW - the key password, must be at least 6 characters
Returns:
the key or null if not found
Throws:
GeneralSecurityException
IOException

getCert

public static Certificate getCert(File ks,
                                  String ksPW,
                                  String alias)
                           throws GeneralSecurityException,
                                  IOException
Get a cert out of a keystore

Parameters:
ks - path to the keystore
ksPW - the keystore password, may be null
alias - the name of the key
Returns:
the certificate or null if not found
Throws:
GeneralSecurityException
IOException

exportCert

public static boolean exportCert(File ks,
                                 String ksPW,
                                 String alias,
                                 File certFile)
Pull the cert back OUT of the keystore and save it in Base64-encoded X.509 format so the clients can get to it.

Parameters:
ks - path to the keystore
ksPW - the keystore password, may be null
alias - the name of the key
certFile - output
Returns:
success
Since:
0.8.3 moved from SSLClientListenerRunner in 0.9.9

main

public static void main(String[] args)