public final class KeyStoreUtil extends Object
Modifier and Type | Field and Description |
---|---|
static boolean |
_blacklistLogged |
static String |
DEFAULT_KEYSTORE_PASSWORD |
Constructor and Description |
---|
KeyStoreUtil() |
Modifier and Type | Method and Description |
---|---|
static boolean |
addCert(File file,
String alias,
KeyStore ks)
Load an X509 Cert from a file and add it to the
trusted set of certificates in the key store
This does NOT check for revocation.
|
static boolean |
addCert(File file,
String alias,
KeyStore ks,
CertStore cs)
Load an X509 Cert from a file and add it to the
trusted set of certificates in the key store
This DOES check for revocation, IF cs is non-null.
|
static int |
addCerts(File dir,
KeyStore ks)
Load all X509 Certs from a directory and add them to the
trusted set of certificates in the key store
This DOES check for revocation.
|
static int |
countCerts(KeyStore ks)
Count all X509 Certs in a key store
|
static boolean |
createKeys(File ks,
String alias,
String cname,
String ou,
String keyPW)
Create a keypair and store it in the keystore at ks, creating it if necessary.
|
static boolean |
createKeys(File ks,
String ksPW,
String alias,
String cname,
String ou,
int validDays,
String keyAlg,
int keySize,
String keyPW)
Create a keypair and store it in the keystore at ks, creating it if necessary.
|
static Object[] |
createKeysAndCRL(File ks,
String ksPW,
String alias,
String cname,
String ou,
int validDays,
SigType type,
String keyPW)
New way - Native Java, does not call out to keytool.
|
static Object[] |
createKeysAndCRL(File ks,
String ksPW,
String alias,
String cname,
String ou,
int validDays,
String keyAlg,
int keySize,
String keyPW)
New way - Native Java, does not call out to keytool.
|
static KeyStore |
createKeyStore(File ksFile,
String password)
Create a new KeyStore object, and load it from ksFile if it is
non-null and it exists.
|
static boolean |
exportCert(File ks,
String ksPW,
String alias,
File certFile)
Pull the cert back OUT of the keystore and save it in Base64-encoded X.509 format
so the clients can get to it.
|
static void |
exportPrivateKey(File ks,
String ksPW,
String alias,
String keyPW,
OutputStream out)
Export the private key and certificate chain (if any) out of a keystore.
|
static Certificate |
getCert(File ks,
String ksPW,
String alias)
Get a cert out of a keystore
|
static PrivateKey |
getPrivateKey(File ks,
String ksPW,
String alias,
String keyPW)
Get a private key out of a keystore
|
static String |
importPrivateKey(File ks,
String ksPW,
String alias,
String keyPW,
InputStream in)
Import the private key and certificate chain to a keystore.
|
static KeyStore |
loadSystemKeyStore()
Loads certs from location of javax.net.ssl.keyStore property,
else from $JAVA_HOME/lib/security/jssecacerts,
else from $JAVA_HOME/lib/security/cacerts.
|
static String |
randomString()
48 char b32 string (30 bytes of entropy)
|
static void |
storePrivateKey(File ks,
String ksPW,
String alias,
String keyPW,
PrivateKey pk,
List<X509Certificate> certs)
Import the private key and certificate chain to a keystore.
|
public static boolean _blacklistLogged
public static final String DEFAULT_KEYSTORE_PASSWORD
public static KeyStore createKeyStore(File ksFile, String password) throws GeneralSecurityException, IOException
ksFile
- may be nullpassword
- may be nullGeneralSecurityException
IOException
public static KeyStore loadSystemKeyStore()
public static int countCerts(KeyStore ks)
public static int addCerts(File dir, KeyStore ks)
public static boolean addCert(File file, String alias, KeyStore ks)
public static boolean addCert(File file, String alias, KeyStore ks, CertStore cs)
cs
- may be null; if non-null, check for revocationpublic static String randomString()
public static boolean createKeys(File ks, String alias, String cname, String ou, String keyPW)
ks
- path to the keystorealias
- the name of the keycname
- e.g. randomstuff.console.i2p.netou
- e.g. consolekeyPW
- the key password, must be at least 6 characterspublic static boolean createKeys(File ks, String ksPW, String alias, String cname, String ou, int validDays, String keyAlg, int keySize, String keyPW)
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. randomstuff.console.i2p.netou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyAlg
- e.g. DSA , RSA, ECkeySize
- e.g. 1024keyPW
- the key password, must be at least 6 characterspublic static Object[] createKeysAndCRL(File ks, String ksPW, String alias, String cname, String ou, int validDays, String keyAlg, int keySize, String keyPW) throws GeneralSecurityException, IOException
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. randomstuff.console.i2p.netou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyAlg
- e.g. DSA , RSA, ECkeySize
- e.g. 1024keyPW
- the key password, must be at least 6 charactersGeneralSecurityException
IOException
public static Object[] createKeysAndCRL(File ks, String ksPW, String alias, String cname, String ou, int validDays, SigType type, String keyPW) throws GeneralSecurityException, IOException
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. randomstuff.console.i2p.netou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyPW
- the key password, must be at least 6 charactersGeneralSecurityException
IOException
public static PrivateKey getPrivateKey(File ks, String ksPW, String alias, String keyPW) throws GeneralSecurityException, IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keykeyPW
- the key password, must be at least 6 charactersGeneralSecurityException
IOException
public static void exportPrivateKey(File ks, String ksPW, String alias, String keyPW, OutputStream out) throws GeneralSecurityException, IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keykeyPW
- the key password, must be at least 6 charactersGeneralSecurityException
IOException
public static String importPrivateKey(File ks, String ksPW, String alias, String keyPW, InputStream in) throws GeneralSecurityException, IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the key. If null, will be taken from the Subject CN
of the first certificate in the chain.keyPW
- the key password, must be at least 6 charactersGeneralSecurityException
IOException
public static void storePrivateKey(File ks, String ksPW, String alias, String keyPW, PrivateKey pk, List<X509Certificate> certs) throws GeneralSecurityException, IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the key, non-null.keyPW
- the key password, must be at least 6 charactersGeneralSecurityException
IOException
public static Certificate getCert(File ks, String ksPW, String alias) throws GeneralSecurityException, IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keyGeneralSecurityException
IOException
public static boolean exportCert(File ks, String ksPW, String alias, File certFile)
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keycertFile
- output