KeyManager (End-To-End Encryption - Crypto

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

be.fgov.ehealth.etee.crypto.utils
Class KeyManager

java.lang.Object
  be.fgov.ehealth.etee.crypto.utils.KeyManager

public final class KeyManager
extends java.lang.Object
extends java.lang.Object

This class provides utility methods to retrieve keys and certificates.

Nested Class Summary
`static class`	`KeyManager.CertificateRetrievalException` Whenever the retrieval of a certificate has failed.
`static class`	`KeyManager.CertStoreException` Whenever we want to build a CertStore and it fails.
`static class`	`KeyManager.KeyStoreOpeningException` Whenever the opening of a keyStore fails.
`static class`	`KeyManager.KeyStoreStoringException` Whenever we want to store something on a keyStore and it fails.

Method Summary
`static void`	`addKey(java.io.File privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword, java.lang.String alias, java.security.PrivateKey key, char[] keyPassword, java.security.cert.Certificate[] chain)` Adds a key entry to a key store file.
`static void`	`emptyKeyStore(java.io.File keyStoreFile, java.lang.String keyStoreType, char[] keyStorePassword)` Empties a key store.
`static java.security.cert.X509Certificate`	`getCertificate(java.io.File certificateFile)`
`static java.security.cert.X509Certificate`	`getCertificate(java.io.InputStream certificateInputstream)`
`static java.security.cert.X509Certificate`	`getCertificate(java.security.KeyStore privateKeyStore, java.lang.String privateKeyAlias)` retrieves the certificate coresponding to the private key alias.
`static java.security.cert.X509Certificate[]`	`getCertificateChain(java.security.KeyStore privateKeyStore, java.lang.String privateKeyAlias)`
`static java.util.List<java.security.cert.X509Certificate>`	`getCertificates(java.io.File privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword)` Retrieves all the certificates in a key store.
`static java.util.List<java.security.cert.X509Certificate>`	`getCertificates(java.security.KeyStore privateKeyStore)` Retrieves all the certificates in a key store.
`static java.security.cert.CertStore`	`getCertStore(java.util.Collection<?> certsAndCrls)`
`static java.util.Map<java.lang.String,java.security.PrivateKey>`	`getDecryptionKeys(java.security.KeyStore privateKeyStore, char[] privateKeyPassword)` Retrieve all the private decryption keys in a private key store where the password is a match for and that have an according encryption certificate containing a key usage that has at least: dataEncipherment and keyEncipherment.
`static java.security.cert.X509Certificate`	`getIssuerFromTrustStore(java.security.KeyStore trustStore, java.security.cert.X509Certificate chainCert)`
`static java.security.PrivateKey`	`getKey(java.io.File privateKeyFile)` Creates a PrivateKey object out of a binary file DER encoded.
`static java.security.PrivateKey`	`getKey(java.io.File privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword, java.lang.String privateKeyAlias, char[] privateKeyPassword)`
`static java.security.PrivateKey`	`getKey(java.io.InputStream privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword, java.lang.String privateKeyAlias, char[] privateKeyPassword)`
`static java.security.PrivateKey`	`getKey(java.security.KeyStore privateKeyStore, java.lang.String privateKeyAlias, char[] privateKeyPassword)`
`static java.security.KeyStore.PrivateKeyEntry`	`getKeyAndCertificates(java.security.KeyStore privateKeyStore, java.lang.String privateKeyAlias, char[] privateKeyPassword)` Retrieves the private key and corresponding certificate and certificate chain from a key store.
`static java.security.KeyStore`	`getKeyStore(java.io.File privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword)` Returns a key store.
`static java.security.KeyStore`	`getKeyStore(java.io.InputStream keyStoreIS, java.lang.String keyStoreType, char[] keyStorePassword)`
`static java.security.KeyStore`	`getKeyStore(java.lang.String privateKeyStoreType)` Returns an empty key store object.
`static java.security.KeyStore`	`getKeyStore(java.lang.String keystorePath, java.lang.String keystoreType, char[] keystorePassword)`
`static int`	`getKeyUsage(java.security.cert.X509Certificate cert)` Gets the X509 extension 'key usage' of a certificate.
`static boolean`	`isSelfSigned(java.security.cert.X509Certificate cert)`
`static boolean`	`isTrustStoreCert(java.security.KeyStore trustStore, java.security.cert.X509Certificate chainCert)`
`static boolean`	`verifyIssuer(java.security.cert.X509Certificate endCert, java.security.cert.X509Certificate issuer)`

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

getKeyStore

public static java.security.KeyStore getKeyStore(java.lang.String privateKeyStoreType)

Returns an empty key store object.

Parameters:: privateKeyStoreType -
Returns:: loaded key store.

getKeyStore

public static java.security.KeyStore getKeyStore(java.io.File privateKeyStoreFile,
                                                 java.lang.String privateKeyStoreType,
                                                 char[] privateKeyStorePassword)
                                          throws java.security.cert.CertificateException,
                                                 java.io.IOException

Returns a key store. If the file doesn't exist, an empty key store is being returned.

Parameters:: privateKeyStoreFile -; privateKeyStoreType -; privateKeyStorePassword -
Returns:: loaded key store.
Throws:: KeyManager.KeyStoreOpeningException - (root cause : KeyStoreException) - if a KeyStoreSpi implementation for the specified type is not available from the specified provider.; KeyManager.KeyStoreOpeningException - (root cause : NoSuchAlgorithmException) - if the algorithm used to check the integrity of the keystore cannot be found.; java.security.cert.CertificateException - - if any of the certificates in the keystore could not be loaded.; java.io.IOException - - if there is an I/O or format problem with the keystore data , if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.; java.lang.RuntimeException - when the Bouncy Castle security provider has not been installed.

getKeyStore

public static java.security.KeyStore getKeyStore(java.lang.String keystorePath,
                                                 java.lang.String keystoreType,
                                                 char[] keystorePassword)

Parameters:: keystorePath -; keystoreType -; keystorePassword -
Returns:: the loaded keystore

getKeyStore

public static java.security.KeyStore getKeyStore(java.io.InputStream keyStoreIS,
                                                 java.lang.String keyStoreType,
                                                 char[] keyStorePassword)
                                          throws java.security.cert.CertificateException,
                                                 java.io.IOException

Parameters:: keyStoreIS -; keyStoreType -; keyStorePassword -
Returns:: the loaded key store
Throws:: KeyManager.KeyStoreOpeningException - (root cause : KeyStoreException) - if a KeyStoreSpi implementation for the specified type is not available from the specified provider.; KeyManager.KeyStoreOpeningException - (root cause : NoSuchAlgorithmException) - if the algorithm used to check the integrity of the keystore cannot be found.; java.security.cert.CertificateException - - if any of the certificates in the keystore could not be loaded.; java.io.IOException - - if there is an I/O or format problem with the keystore data , if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.; java.lang.RuntimeException - when the Bouncy Castle security provider has not been installed.

emptyKeyStore

public static void emptyKeyStore(java.io.File keyStoreFile,
                                 java.lang.String keyStoreType,
                                 char[] keyStorePassword)
                          throws java.security.cert.CertificateException,
                                 java.io.IOException

Empties a key store.

Parameters:: keyStoreFile -; keyStoreType -; keyStorePassword -
Throws:: java.io.IOException; java.security.cert.CertificateException

getCertStore

public static java.security.cert.CertStore getCertStore(java.util.Collection<?> certsAndCrls)

getKey

public static java.security.PrivateKey getKey(java.security.KeyStore privateKeyStore,
                                              java.lang.String privateKeyAlias,
                                              char[] privateKeyPassword)
                                       throws java.security.UnrecoverableKeyException

Parameters:: privateKeyStore -; privateKeyAlias -; privateKeyPassword -
Returns:: the private key
Throws:: java.security.UnrecoverableKeyException

getKey

public static java.security.PrivateKey getKey(java.io.File privateKeyStoreFile,
                                              java.lang.String privateKeyStoreType,
                                              char[] privateKeyStorePassword,
                                              java.lang.String privateKeyAlias,
                                              char[] privateKeyPassword)
                                       throws java.io.IOException,
                                              java.security.cert.CertificateException,
                                              java.security.UnrecoverableKeyException

Parameters:: privateKeyStoreFile -; privateKeyStoreType -; privateKeyStorePassword -; privateKeyAlias -; privateKeyPassword -
Returns:: the private key
Throws:: java.io.IOException; java.security.cert.CertificateException; java.security.UnrecoverableKeyException

getKey

public static java.security.PrivateKey getKey(java.io.InputStream privateKeyStoreFile,
                                              java.lang.String privateKeyStoreType,
                                              char[] privateKeyStorePassword,
                                              java.lang.String privateKeyAlias,
                                              char[] privateKeyPassword)
                                       throws java.security.cert.CertificateException,
                                              java.io.IOException,
                                              java.security.UnrecoverableKeyException

Parameters:: privateKeyStoreFile -; privateKeyStoreType - "JKS" "PKCS12" ..; privateKeyStorePassword -; privateKeyAlias -; privateKeyPassword -
Returns:: found key
Throws:: java.security.KeyStoreException; java.security.NoSuchAlgorithmException; java.security.cert.CertificateException; java.io.IOException; java.security.UnrecoverableKeyException

getDecryptionKeys

public static java.util.Map<java.lang.String,java.security.PrivateKey> getDecryptionKeys(java.security.KeyStore privateKeyStore,
                                                                                         char[] privateKeyPassword)

Retrieve all the private decryption keys in a private key store where the password is a match for and that have an according encryption certificate containing a key usage that has at least: dataEncipherment and keyEncipherment.

Parameters:: privateKeyStore -; privateKeyPassword -
Returns:: a map of found keys
Throws:: java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.; KeyManager.KeyStoreOpeningException - (KeyStoreException) when the key store was not initialized/loaded before.

getKeyAndCertificates

public static java.security.KeyStore.PrivateKeyEntry getKeyAndCertificates(java.security.KeyStore privateKeyStore,
                                                                           java.lang.String privateKeyAlias,
                                                                           char[] privateKeyPassword)
                                                                    throws java.security.UnrecoverableKeyException

Retrieves the private key and corresponding certificate and certificate chain from a key store.

Parameters:: privateKeyStore -; privateKeyAlias -; privateKeyPassword -
Returns:: a container that holds the private key and corresponding certificate
Throws:: java.security.UnrecoverableKeyException; KeyManager.KeyStoreOpeningException

getKey

public static java.security.PrivateKey getKey(java.io.File privateKeyFile)
                                       throws java.io.IOException,
                                              java.security.spec.InvalidKeySpecException

Creates a PrivateKey object out of a binary file DER encoded.

Parameters:: privateKeyFile -
Returns:: the created key object
Throws:: java.io.IOException - if the file wasn't found; java.security.spec.InvalidKeySpecException - the format of the binary file wasn't expected

getCertificate

public static java.security.cert.X509Certificate getCertificate(java.security.KeyStore privateKeyStore,
                                                                java.lang.String privateKeyAlias)

retrieves the certificate coresponding to the private key alias.

Parameters:: privateKeyStore -; privateKeyAlias -
Returns:: the certificate
Throws:: java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

getCertificate

public static java.security.cert.X509Certificate getCertificate(java.io.InputStream certificateInputstream)
                                                         throws java.security.cert.CertificateException

Parameters:: certificateInputstream - input stream to the certificate file
Returns:: the X509 certificate retrieved from the binary file
Throws:: java.security.cert.CertificateException - When the Certificate could not be parsed.; java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

getCertificate

public static java.security.cert.X509Certificate getCertificate(java.io.File certificateFile)
                                                         throws java.security.cert.CertificateException,
                                                                java.io.FileNotFoundException

Parameters:: certificateFile - certificate file
Returns:: the X509 certificate retrieved from the binary file
Throws:: java.io.FileNotFoundException; java.security.cert.CertificateException; java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

getCertificateChain

public static java.security.cert.X509Certificate[] getCertificateChain(java.security.KeyStore privateKeyStore,
                                                                       java.lang.String privateKeyAlias)

Parameters:: privateKeyStore -; privateKeyAlias -
Returns:: the certificate chain
Throws:: java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

getCertificates

public static java.util.List<java.security.cert.X509Certificate> getCertificates(java.io.File privateKeyStoreFile,
                                                                                 java.lang.String privateKeyStoreType,
                                                                                 char[] privateKeyStorePassword)
                                                                          throws java.security.cert.CertificateException,
                                                                                 java.io.IOException

Retrieves all the certificates in a key store.

Parameters:: privateKeyStoreFile -; privateKeyStoreType -; privateKeyStorePassword -
Returns:: a list of found certificates
Throws:: java.security.cert.CertificateException; java.io.IOException; java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

getCertificates

public static java.util.List<java.security.cert.X509Certificate> getCertificates(java.security.KeyStore privateKeyStore)

Retrieves all the certificates in a key store.

Parameters:: privateKeyStore -
Returns:: a list of found certificates
Throws:: java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

addKey

public static void addKey(java.io.File privateKeyStoreFile,
                          java.lang.String privateKeyStoreType,
                          char[] privateKeyStorePassword,
                          java.lang.String alias,
                          java.security.PrivateKey key,
                          char[] keyPassword,
                          java.security.cert.Certificate[] chain)
                   throws java.security.cert.CertificateException,
                          java.io.IOException

Adds a key entry to a key store file. If the alias already exists in the key store, the key entry is being overwritten. If the file doesnt exist, a new key store file for the key entry is being generated.

Parameters:: privateKeyStoreFile -; privateKeyStoreType -; privateKeyStorePassword -; alias -; key -; keyPassword -; chain -
Throws:: java.security.cert.CertificateException; java.io.IOException

getKeyUsage

public static int getKeyUsage(java.security.cert.X509Certificate cert)

Gets the X509 extension 'key usage' of a certificate. Returns the more covenient integer format (the JCE way) of the key usage.

Parameters:: cert - the X509 V3 certificate with extensions
Returns:: the key usage for this X509V3 certificate in the convenient integer format. Returns 0 if the key usage extension is not present in the certifcate.

verifyIssuer

public static boolean verifyIssuer(java.security.cert.X509Certificate endCert,
                                   java.security.cert.X509Certificate issuer)
                            throws java.security.cert.CertificateException

Throws:: java.security.cert.CertificateException

isSelfSigned

public static boolean isSelfSigned(java.security.cert.X509Certificate cert)
                            throws java.security.cert.CertificateException

Throws:: java.security.cert.CertificateException

getIssuerFromTrustStore

public static java.security.cert.X509Certificate getIssuerFromTrustStore(java.security.KeyStore trustStore,
                                                                         java.security.cert.X509Certificate chainCert)
                                                                  throws java.security.KeyStoreException

Throws:: java.security.KeyStoreException

isTrustStoreCert

public static boolean isTrustStoreCert(java.security.KeyStore trustStore,
                                       java.security.cert.X509Certificate chainCert)
                                throws java.security.KeyStoreException

Throws:: java.security.KeyStoreException

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

be.fgov.ehealth.etee.crypto.utils Class KeyManager

getKeyStore

getKeyStore

getKeyStore

getKeyStore

emptyKeyStore

getCertStore

getKey

getKey

getKey

getDecryptionKeys

getKeyAndCertificates

getKey

getCertificate

getCertificate

getCertificate

getCertificateChain

getCertificates

getCertificates

addKey

getKeyUsage

verifyIssuer

isSelfSigned

getIssuerFromTrustStore

isTrustStoreCert

be.fgov.ehealth.etee.crypto.utils
Class KeyManager