KeyManager (End-To-End Encryption - Crypto

java.lang.Object
- be.fgov.ehealth.etee.crypto.utils.KeyManager

```
public final class KeyManager
extends java.lang.Object
```
This class provides utility methods to retrieve keys and certificates.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`KeyManager.CertificateRetrievalException` Whenever the retrieval of a certificate has failed.
`static class`	`KeyManager.CertStoreException` Whenever we want to build a CertStore and it fails.
`static class`	`KeyManager.KeyStoreOpeningException` Whenever the opening of a keyStore fails.
`static class`	`KeyManager.KeyStoreStoringException` Whenever we want to store something on a keyStore and it fails.

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static void`	`addKey(java.io.File privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword, java.lang.String alias, java.security.PrivateKey key, char[] keyPassword, java.security.cert.Certificate[] chain)` Adds a key entry to a key store file.
`static void`	`emptyKeyStore(java.io.File keyStoreFile, java.lang.String keyStoreType, char[] keyStorePassword)` Empties a key store.
`static java.security.cert.X509Certificate`	`getCertificate(java.io.File certificateFile)`
`static java.security.cert.X509Certificate`	`getCertificate(java.io.InputStream certificateInputstream)`
`static java.security.cert.X509Certificate`	`getCertificate(java.security.KeyStore privateKeyStore, java.lang.String privateKeyAlias)` retrieves the certificate corresponding to the private key alias.
`static java.security.cert.X509Certificate[]`	`getCertificateChain(java.security.KeyStore privateKeyStore, java.lang.String privateKeyAlias)`
`static java.util.List<java.security.cert.X509Certificate>`	`getCertificates(java.io.File privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword)` Retrieves all the certificates in a key store.
`static java.util.List<java.security.cert.X509Certificate>`	`getCertificates(java.security.KeyStore privateKeyStore)` Retrieves all the certificates in a key store.
`static java.security.cert.CertStore`	`getCertStore(java.util.Collection<?> certsAndCrls)`
`static java.util.Map<java.lang.String,java.security.PrivateKey>`	`getDecryptionKeys(java.security.KeyStore privateKeyStore, char[] privateKeyPassword)` Retrieve all the private decryption keys in a private key store where the password is a match for and that have an according encryption certificate containing a key usage that has at least: dataEncipherment and keyEncipherment.
`static java.security.cert.X509Certificate`	`getIssuerFromTrustStore(java.security.KeyStore trustStore, java.security.cert.X509Certificate chainCert)`
`static java.security.PrivateKey`	`getKey(java.io.File privateKeyFile)` Creates a PrivateKey object out of a binary file DER encoded.
`static java.security.PrivateKey`	`getKey(java.io.File privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword, java.lang.String privateKeyAlias, char[] privateKeyPassword)`
`static java.security.PrivateKey`	`getKey(java.io.InputStream privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword, java.lang.String privateKeyAlias, char[] privateKeyPassword)`
`static java.security.PrivateKey`	`getKey(java.security.KeyStore privateKeyStore, java.lang.String privateKeyAlias, char[] privateKeyPassword)`
`static java.security.KeyStore.PrivateKeyEntry`	`getKeyAndCertificates(java.security.KeyStore privateKeyStore, java.lang.String privateKeyAlias, char[] privateKeyPassword)` Retrieves the private key and corresponding certificate and certificate chain from a key store.
`static java.util.Map<java.lang.String,java.security.PrivateKey>`	`getKeys(java.security.KeyStore privateKeyStore, char[] privateKeyPassword)` Retrieve all the private keys in a private key store where the password is a match for.
`static java.security.KeyStore`	`getKeyStore(java.io.File privateKeyStoreFile, java.lang.String privateKeyStoreType, char[] privateKeyStorePassword)` Returns a key store.
`static java.security.KeyStore`	`getKeyStore(java.io.InputStream keyStoreIS, java.lang.String keyStoreType, char[] keyStorePassword)`
`static java.security.KeyStore`	`getKeyStore(java.lang.String privateKeyStoreType)` Returns an empty key store object.
`static java.security.KeyStore`	`getKeyStore(java.lang.String keystorePath, java.lang.String keystoreType, char[] keystorePassword)`
`static int`	`getKeyUsage(java.security.cert.X509Certificate cert)` Gets the X509 extension 'key usage' of a certificate.
`static boolean`	`isSelfSigned(java.security.cert.X509Certificate cert)`
`static boolean`	`isTrustStoreCert(java.security.KeyStore trustStore, java.security.cert.X509Certificate chainCert)`
`static boolean`	`verifyIssuer(java.security.cert.X509Certificate endCert, java.security.cert.X509Certificate issuer)`

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getKeyStore

public static java.security.KeyStore getKeyStore(java.lang.String privateKeyStoreType)

Returns an empty key store object.

Returns:: loaded key store.

getKeyStore
```
public static java.security.KeyStore getKeyStore(java.io.File privateKeyStoreFile,
                                                 java.lang.String privateKeyStoreType,
                                                 char[] privateKeyStorePassword)
                                          throws java.security.cert.CertificateException,
                                                 java.io.IOException
```
Returns a key store. If the file doesn't exist, an empty key store is being returned.

Returns:

loaded key store.

Throws:

KeyManager.KeyStoreOpeningException - (root cause : KeyStoreException) - if a KeyStoreSpi implementation for the specified type is not available from the specified provider.

KeyManager.KeyStoreOpeningException - (root cause : NoSuchAlgorithmException) - if the algorithm used to check the integrity of the keystore cannot be found.

java.security.cert.CertificateException - - if any of the certificates in the keystore could not be loaded.

java.io.IOException - - if there is an I/O or format problem with the keystore data , if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.

java.lang.RuntimeException - when the Bouncy Castle security provider has not been installed.

getKeyStore

public static java.security.KeyStore getKeyStore(java.lang.String keystorePath,
                                                 java.lang.String keystoreType,
                                                 char[] keystorePassword)

Returns:: the loaded keystore

getKeyStore
```
public static java.security.KeyStore getKeyStore(java.io.InputStream keyStoreIS,
                                                 java.lang.String keyStoreType,
                                                 char[] keyStorePassword)
                                          throws java.security.cert.CertificateException,
                                                 java.io.IOException
```
Returns:

the loaded key store

Throws:

KeyManager.KeyStoreOpeningException - (root cause : KeyStoreException) - if a KeyStoreSpi implementation for the specified type is not available from the specified provider.

KeyManager.KeyStoreOpeningException - (root cause : NoSuchAlgorithmException) - if the algorithm used to check the integrity of the keystore cannot be found.

java.security.cert.CertificateException - - if any of the certificates in the keystore could not be loaded.

java.io.IOException - - if there is an I/O or format problem with the keystore data , if a password is required but not given, or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException.

java.lang.RuntimeException - when the Bouncy Castle security provider has not been installed.

emptyKeyStore

public static void emptyKeyStore(java.io.File keyStoreFile,
                                 java.lang.String keyStoreType,
                                 char[] keyStorePassword)
                          throws java.security.cert.CertificateException,
                                 java.io.IOException

Empties a key store.

Throws:: java.security.cert.CertificateException; java.io.IOException

getCertStore

public static java.security.cert.CertStore getCertStore(java.util.Collection<?> certsAndCrls)

getKey

public static java.security.PrivateKey getKey(java.security.KeyStore privateKeyStore,
                                              java.lang.String privateKeyAlias,
                                              char[] privateKeyPassword)
                                       throws java.security.UnrecoverableKeyException

Returns:: the private key
Throws:: java.security.UnrecoverableKeyException

getKey

public static java.security.PrivateKey getKey(java.io.File privateKeyStoreFile,
                                              java.lang.String privateKeyStoreType,
                                              char[] privateKeyStorePassword,
                                              java.lang.String privateKeyAlias,
                                              char[] privateKeyPassword)
                                       throws java.io.IOException,
                                              java.security.cert.CertificateException,
                                              java.security.UnrecoverableKeyException

Returns:: the private key
Throws:: java.io.IOException; java.security.cert.CertificateException; java.security.UnrecoverableKeyException

getKey

public static java.security.PrivateKey getKey(java.io.InputStream privateKeyStoreFile,
                                              java.lang.String privateKeyStoreType,
                                              char[] privateKeyStorePassword,
                                              java.lang.String privateKeyAlias,
                                              char[] privateKeyPassword)
                                       throws java.security.cert.CertificateException,
                                              java.io.IOException,
                                              java.security.UnrecoverableKeyException

Parameters:: privateKeyStoreType - "JKS" "PKCS12" ..
Returns:: found key
Throws:: java.security.cert.CertificateException; java.io.IOException; java.security.UnrecoverableKeyException

getKeys
```
public static java.util.Map<java.lang.String,java.security.PrivateKey> getKeys(java.security.KeyStore privateKeyStore,
                                                                               char[] privateKeyPassword)
```
Retrieve all the private keys in a private key store where the password is a match for.

Returns:

a map of found keys

Throws:

java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

KeyManager.KeyStoreOpeningException - (KeyStoreException) when the key store was not initialized/loaded before.

getDecryptionKeys
```
public static java.util.Map<java.lang.String,java.security.PrivateKey> getDecryptionKeys(java.security.KeyStore privateKeyStore,
                                                                                         char[] privateKeyPassword)
```
Retrieve all the private decryption keys in a private key store where the password is a match for and that have an according encryption certificate containing a key usage that has at least: dataEncipherment and keyEncipherment.

Returns:

a map of found keys

Throws:

java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

KeyManager.KeyStoreOpeningException - (KeyStoreException) when the key store was not initialized/loaded before.

getKeyAndCertificates

public static java.security.KeyStore.PrivateKeyEntry getKeyAndCertificates(java.security.KeyStore privateKeyStore,
                                                                           java.lang.String privateKeyAlias,
                                                                           char[] privateKeyPassword)
                                                                    throws java.security.UnrecoverableKeyException

Retrieves the private key and corresponding certificate and certificate chain from a key store.

Returns:: a container that holds the private key and corresponding certificate
Throws:: java.security.UnrecoverableKeyException

getKey
```
public static java.security.PrivateKey getKey(java.io.File privateKeyFile)
                                       throws java.io.IOException,
                                              java.security.spec.InvalidKeySpecException
```
Creates a PrivateKey object out of a binary file DER encoded.

Returns:

the created key object

Throws:

java.io.IOException - if the file wasn't found

java.security.spec.InvalidKeySpecException - the format of the binary file wasn't expected

getCertificate
```
public static java.security.cert.X509Certificate getCertificate(java.security.KeyStore privateKeyStore,
                                                                java.lang.String privateKeyAlias)
```
retrieves the certificate corresponding to the private key alias.

Returns:

the certificate

Throws:

java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

getCertificate
```
public static java.security.cert.X509Certificate getCertificate(java.io.InputStream certificateInputstream)
                                                         throws java.security.cert.CertificateException
```
Parameters:

certificateInputstream - input stream to the certificate file

Returns:

the X509 certificate retrieved from the binary file

Throws:

java.security.cert.CertificateException - When the Certificate could not be parsed.

java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

getCertificate
```
public static java.security.cert.X509Certificate getCertificate(java.io.File certificateFile)
                                                         throws java.security.cert.CertificateException,
                                                                java.io.FileNotFoundException
```
Parameters:

certificateFile - certificate file

Returns:

the X509 certificate retrieved from the binary file

Throws:

java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

java.security.cert.CertificateException

java.io.FileNotFoundException

getCertificateChain

public static java.security.cert.X509Certificate[] getCertificateChain(java.security.KeyStore privateKeyStore,
                                                                       java.lang.String privateKeyAlias)

Returns:: the certificate chain
Throws:: java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

getCertificates

public static java.util.List<java.security.cert.X509Certificate> getCertificates(java.io.File privateKeyStoreFile,
                                                                                 java.lang.String privateKeyStoreType,
                                                                                 char[] privateKeyStorePassword)
                                                                          throws java.security.cert.CertificateException,
                                                                                 java.io.IOException

Retrieves all the certificates in a key store.

Returns:: a list of found certificates
Throws:: java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.; java.security.cert.CertificateException; java.io.IOException

getCertificates
```
public static java.util.List<java.security.cert.X509Certificate> getCertificates(java.security.KeyStore privateKeyStore)
```
Retrieves all the certificates in a key store.

Returns:

a list of found certificates

Throws:

java.lang.ClassCastException - when the key store does contain certificates that cannot be parsed to X509Certificate instances.

addKey

public static void addKey(java.io.File privateKeyStoreFile,
                          java.lang.String privateKeyStoreType,
                          char[] privateKeyStorePassword,
                          java.lang.String alias,
                          java.security.PrivateKey key,
                          char[] keyPassword,
                          java.security.cert.Certificate[] chain)
                   throws java.security.cert.CertificateException,
                          java.io.IOException

Adds a key entry to a key store file. If the alias already exists in the key store, the key entry is being overwritten. If the file doesn't exist, a new key store file for the key entry is being generated.

Throws:: java.security.cert.CertificateException; java.io.IOException

getKeyUsage
```
public static int getKeyUsage(java.security.cert.X509Certificate cert)
```
Gets the X509 extension 'key usage' of a certificate. Returns the more convenient integer format (the JCE way) of the key usage.

Parameters:

cert - the X509 V3 certificate with extensions

Returns:

the key usage for this X509V3 certificate in the convenient integer format. Returns 0 if the key usage extension is not present in the certificate.

verifyIssuer

public static boolean verifyIssuer(java.security.cert.X509Certificate endCert,
                                   java.security.cert.X509Certificate issuer)
                            throws java.security.cert.CertificateException

Throws:: java.security.cert.CertificateException

isSelfSigned

public static boolean isSelfSigned(java.security.cert.X509Certificate cert)
                            throws java.security.cert.CertificateException

Throws:: java.security.cert.CertificateException

getIssuerFromTrustStore

public static java.security.cert.X509Certificate getIssuerFromTrustStore(java.security.KeyStore trustStore,
                                                                         java.security.cert.X509Certificate chainCert)
                                                                  throws java.security.KeyStoreException

Throws:: java.security.KeyStoreException

isTrustStoreCert

public static boolean isTrustStoreCert(java.security.KeyStore trustStore,
                                       java.security.cert.X509Certificate chainCert)
                                throws java.security.KeyStoreException

Throws:: java.security.KeyStoreException

Class KeyManager

Nested Class Summary

Method Summary

Methods inherited from class java.lang.Object

Method Detail

getKeyStore

getKeyStore

getKeyStore

getKeyStore

emptyKeyStore

getCertStore

getKey

getKey

getKey

getKeys

getDecryptionKeys

getKeyAndCertificates

getKey

getCertificate

getCertificate

getCertificate

getCertificateChain

getCertificates

getCertificates

addKey

getKeyUsage

verifyIssuer

isSelfSigned

getIssuerFromTrustStore

isTrustStoreCert