Java 类java.security.KeyStore.TrustedCertificateEntry 实例源码
项目:commons-eid
文件:JCATest.java
@Test
public void testRRNCertificate() throws Exception {
// setup
Security.addProvider(new BeIDProvider());
final KeyStore keyStore = KeyStore.getInstance("BeID");
keyStore.load(null);
// operate
assertTrue(keyStore.containsAlias("RRN"));
Entry entry = keyStore.getEntry("RRN", null);
assertNotNull(entry);
assertTrue(entry instanceof TrustedCertificateEntry);
TrustedCertificateEntry trustedCertificateEntry = (TrustedCertificateEntry) entry;
assertNotNull(trustedCertificateEntry.getTrustedCertificate());
assertTrue(((X509Certificate) trustedCertificateEntry.getTrustedCertificate()).getSubjectX500Principal()
.toString().contains("RRN"));
assertNotNull(keyStore.getCertificate("RRN"));
Certificate[] certificateChain = keyStore.getCertificateChain("RRN");
assertNotNull(certificateChain);
assertEquals(2, certificateChain.length);
LOGGER.debug("RRN subject: {}", ((X509Certificate) certificateChain[0]).getSubjectX500Principal());
LOGGER.debug("RRN issuer: {}", ((X509Certificate) certificateChain[0]).getIssuerX500Principal());
LOGGER.debug("root subject: {}", ((X509Certificate) certificateChain[1]).getSubjectX500Principal());
LOGGER.debug("root issuer: {}", ((X509Certificate) certificateChain[1]).getIssuerX500Principal());
}
项目:commons-eid
文件:JCATest.java
@Test
public void testGetEntry() throws Exception {
Security.addProvider(new BeIDProvider());
final KeyStore keyStore = KeyStore.getInstance("BeID");
keyStore.load(null);
PrivateKeyEntry privateKeyEntry = (PrivateKeyEntry) keyStore.getEntry("Authentication", null);
assertNotNull(privateKeyEntry);
assertTrue(privateKeyEntry.getPrivateKey() instanceof BeIDPrivateKey);
TrustedCertificateEntry caEntry = (TrustedCertificateEntry) keyStore.getEntry("CA", null);
assertNotNull(caEntry);
LOGGER.debug("CA entry: {}", ((X509Certificate) caEntry.getTrustedCertificate()).getSubjectX500Principal());
TrustedCertificateEntry rootEntry = (TrustedCertificateEntry) keyStore.getEntry("Root", null);
assertNotNull(rootEntry);
LOGGER.debug("root entry: {}", ((X509Certificate) rootEntry.getTrustedCertificate()).getSubjectX500Principal());
}
项目:commons-eid
文件:BeIDKeyStore.java
@Override
public Entry engineGetEntry(String alias, ProtectionParameter protParam)
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
LOGGER.debug("engineGetEntry: {}", alias);
if ("Authentication".equals(alias) || "Signature".equals(alias)) {
PrivateKey privateKey = (PrivateKey) engineGetKey(alias, null);
Certificate[] chain = engineGetCertificateChain(alias);
PrivateKeyEntry privateKeyEntry = new PrivateKeyEntry(privateKey, chain);
return privateKeyEntry;
}
if ("CA".equals(alias) || "Root".equals(alias) || "RRN".equals(alias)) {
Certificate certificate = engineGetCertificate(alias);
TrustedCertificateEntry trustedCertificateEntry = new TrustedCertificateEntry(certificate);
return trustedCertificateEntry;
}
return super.engineGetEntry(alias, protParam);
}
项目:aws-dynamodb-encryption-java
文件:KeyStoreMaterialsProvider.java
private static KeyPair entry2Pair(Entry entry) {
PublicKey pub = null;
PrivateKey priv = null;
if (entry instanceof PrivateKeyEntry) {
PrivateKeyEntry pk = (PrivateKeyEntry) entry;
if (pk.getCertificate() != null) {
pub = pk.getCertificate().getPublicKey();
}
priv = pk.getPrivateKey();
} else if (entry instanceof TrustedCertificateEntry) {
TrustedCertificateEntry tc = (TrustedCertificateEntry) entry;
pub = tc.getTrustedCertificate().getPublicKey();
} else {
throw new IllegalArgumentException(
"Only entry types PrivateKeyEntry and TrustedCertificateEntry are supported.");
}
return new KeyPair(pub, priv);
}
项目:conscrypt
文件:TestKeyStore.java
/**
* Return the issuing CA certificate of the given
* certificate. Throws IllegalStateException if there are are more
* or less than one.
*/
public static Certificate issuer(KeyStore keyStore, Certificate c) throws Exception {
if (!(c instanceof X509Certificate)) {
throw new IllegalStateException("issuer requires an X509Certificate, found " + c);
}
X509Certificate cert = (X509Certificate) c;
Certificate found = null;
for (String alias : Collections.list(keyStore.aliases())) {
if (!keyStore.entryInstanceOf(alias, TrustedCertificateEntry.class)) {
continue;
}
TrustedCertificateEntry certificateEntry =
(TrustedCertificateEntry) keyStore.getEntry(alias, null);
Certificate certificate = certificateEntry.getTrustedCertificate();
if (!(certificate instanceof X509Certificate)) {
continue;
}
X509Certificate x = (X509Certificate) certificate;
if (!cert.getIssuerDN().equals(x.getSubjectDN())) {
continue;
}
if (found != null) {
throw new IllegalStateException("KeyStore has more than one issuing CA for " + cert
+ "\nfirst: " + found + "\nsecond: " + certificate);
}
found = certificate;
}
if (found == null) {
throw new IllegalStateException("KeyStore contained no issuing CA for " + cert);
}
return found;
}
项目:conscrypt
文件:TestKeyStore.java
/**
* Return the only self-signed root certificate in a keystore for
* the given algorithm. Throws IllegalStateException if there are
* are more or less than one.
*/
public static X509Certificate rootCertificate(KeyStore keyStore, String algorithm) {
try {
X509Certificate found = null;
for (String alias : Collections.list(keyStore.aliases())) {
if (!keyStore.entryInstanceOf(alias, TrustedCertificateEntry.class)) {
continue;
}
TrustedCertificateEntry certificateEntry =
(TrustedCertificateEntry) keyStore.getEntry(alias, null);
Certificate certificate = certificateEntry.getTrustedCertificate();
if (!certificate.getPublicKey().getAlgorithm().equals(algorithm)) {
continue;
}
if (!(certificate instanceof X509Certificate)) {
continue;
}
X509Certificate x = (X509Certificate) certificate;
if (!x.getIssuerDN().equals(x.getSubjectDN())) {
continue;
}
if (found != null) {
throw new IllegalStateException("KeyStore has more than one root CA for "
+ algorithm + "\nfirst: " + found + "\nsecond: " + certificate);
}
found = x;
}
if (found == null) {
throw new IllegalStateException("KeyStore contained no root CA for " + algorithm);
}
return found;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
项目:aws-encryption-sdk-java
文件:KeyStoreProvider.java
private JceMasterKey internalGetMasterKey(final String provider, final String keyId) {
final Entry entry;
try {
entry = keystore_.getEntry(keyId, keystore_.isKeyEntry(keyId) ? protection_ : null);
} catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
throw new UnsupportedProviderException(e);
}
if (entry == null) {
throw new NoSuchMasterKeyException();
}
if (entry instanceof SecretKeyEntry) {
final SecretKeyEntry skEntry = (SecretKeyEntry) entry;
if (!skEntry.getSecretKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(skEntry.getSecretKey(), provider, keyId, wrappingAlgorithm_);
} else if (entry instanceof PrivateKeyEntry) {
final PrivateKeyEntry pkEntry = (PrivateKeyEntry) entry;
if (!pkEntry.getPrivateKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(pkEntry.getCertificate().getPublicKey(), pkEntry.getPrivateKey(), provider,
keyId, wrappingAlgorithm_);
} else if (entry instanceof TrustedCertificateEntry) {
final TrustedCertificateEntry certEntry = (TrustedCertificateEntry) entry;
if (!certEntry.getTrustedCertificate().getPublicKey().getAlgorithm().equals(keyAlgorithm_)) {
return null;
}
return JceMasterKey.getInstance(certEntry.getTrustedCertificate().getPublicKey(), null, provider, keyId,
wrappingAlgorithm_);
} else {
throw new NoSuchMasterKeyException();
}
}
项目:proactive-component-monitoring
文件:KeyStoreTools.java
public static void newCertificate(KeyStore keystore, TypedCertificate certificate)
throws KeyStoreException {
TrustedCertificateEntry certificateEntry = new TrustedCertificateEntry(certificate.getCert());
String alias = typeToPath(certificate.getType()) +
certificate.getCert().getSubjectX500Principal().getName();
if (keystore.containsAlias(alias)) {
keystore.deleteEntry(alias);
}
keystore.setEntry(alias, certificateEntry, null);
}
项目:openjdk9
文件:AddTrustedCert.java
public static void main(String[] args) throws Exception {
if (initSecmod() == false) {
return;
}
X509Certificate cert;
try (InputStream in = new FileInputStream(BASE + SEP + "anchor.cer")) {
CertificateFactory factory =
CertificateFactory.getInstance("X.509");
cert = (X509Certificate)factory.generateCertificate(in);
}
String configName = BASE + SEP + "nss.cfg";
Provider p = getSunPKCS11(configName);
System.out.println(p);
Security.addProvider(p);
if (args.length > 1 && "sm".equals(args[0])) {
System.setProperty("java.security.policy",
BASE + File.separator + args[1]);
System.setSecurityManager(new SecurityManager());
}
KeyStore ks = KeyStore.getInstance(PKCS11, p);
ks.load(null, password);
Collection<String> aliases = new TreeSet<>(Collections.list(
ks.aliases()));
System.out.println("entries: " + aliases.size());
System.out.println(aliases);
int size1 = aliases.size();
String alias = "anchor";
if (ks.containsAlias(alias)) {
throw new Exception("Alias exists: " + alias);
}
ks.setCertificateEntry(alias, cert);
KeyStore.Entry first = ks.getEntry(alias, null);
System.out.println("first entry = " + first);
if (!ks.entryInstanceOf(alias, TrustedCertificateEntry.class)) {
throw new Exception("Unexpected first entry type: " + first);
}
ks.setCertificateEntry(alias, cert);
KeyStore.Entry second = ks.getEntry(alias, null);
System.out.println("second entry = " + second);
if (!ks.entryInstanceOf(alias, TrustedCertificateEntry.class)) {
throw new Exception("Unexpected second entry type: "
+ second);
}
aliases = new TreeSet<>(Collections.list(ks.aliases()));
System.out.println("entries: " + aliases.size());
System.out.println(aliases);
int size2 = aliases.size();
if ((size2 != size1 + 1) || (aliases.contains(alias) == false)) {
throw new Exception("Trusted cert not added");
}
X509Certificate cert2 = (X509Certificate)ks.getCertificate(alias);
if (cert.equals(cert2) == false) {
throw new Exception("KeyStore returned incorrect certificate");
}
ks.deleteEntry(alias);
if (ks.containsAlias(alias)) {
throw new Exception("Alias still exists: " + alias);
}
System.out.println("OK");
}
项目:In-the-Box-Fork
文件:KeyStoreTest.java
public static void assertCertificate(Entry actual)
throws Exception {
assertSame(TrustedCertificateEntry.class, actual.getClass());
assertEquals(PRIVATE_KEY.getCertificate(),
((TrustedCertificateEntry) actual).getTrustedCertificate());
}