Package de.captaingoldfish.scim.sdk.client.keys

Class KeyStoreSupporter

  • public final class KeyStoreSupporter
extends Object
    author: Pascal Knueppel
    created at: 09.12.2019

    This class is meant to provide additional operations to work with keystores. This implies adding new entries into a keystore, reading entries, convert a keystore from jks to pkcs12 or vice versa etc.

    • Method Detail

      • selectProvider

        public static Provider selectProvider​(KeyStoreSupporter.KeyStoreType keyStoreType)
        this method will make sure that the correct security provider is chosen for the different keystore types. The experience shows us that BouncyCastleProvider is often tried to be used for JKS and JCEKS keystores. But bouncy castle cannot handle these types why we are chosing the providers manually here
        Parameters:
        keyStoreType - the keystore type for which a provider is needed.
        Returns:
        the provider that can handle the given keystore

      • toKeyStore

        public static KeyStore toKeyStore​(PrivateKey privateKey,
                                  Certificate certificate,
                                  String alias,
                                  String keystorePassword,
                                  KeyStoreSupporter.KeyStoreType keyStoreType)
        creates a keystore from the given privateKey and the certificate
        Parameters:
        privateKey - the private key that should be packed into a keystore
        certificate - the certificate that should be packed into the keystore alongside the private key
        alias - the alias that should be used for the private key and the certificate
        keystorePassword - the password to safe the keystore and the private key
        keyStoreType - the type of the keystore
        Returns:
        the keystore with the private key and the certificate
        Throws:
        KeyStoreCreationFailedException - if the algorithm of the keyStoreType could not be resolved
        KeyStoreEntryException - if the certificate or private key could not be added to the keystore

      • toKeyStore

        public static KeyStore toKeyStore​(Certificate certificate,
                                  String alias,
                                  String keystorePassword,
                                  KeyStoreSupporter.KeyStoreType keyStoreType)
        creates a keystore from the given certificate
        Parameters:
        certificate - the certificate that should be packed into the keystore alongside the private key
        alias - the alias that should be used for the private key and the certificate
        keystorePassword - the password to safe the keystore and the private key
        keyStoreType - the type of the keystore
        Returns:
        the keystore with the private key and the certificate
        Throws:
        KeyStoreCreationFailedException - if the algorithm of the keyStoreType could not be resolved
        KeyStoreEntryException - if the certificate or private key could not be added to the keystore

      • toKeyStore

        public static KeyStore toKeyStore​(byte[] privateKeyBytes,
                                  byte[] certificateBytes,
                                  String alias,
                                  String keystorePassword,
                                  KeyStoreSupporter.KeyStoreType keyStoreType)
        creates a keystore from the given privateKey and the certificate
        Parameters:
        privateKeyBytes - the private key that should be packed into a keystore
        certificateBytes - the certificate that should be packed into the keystore alongside the private key
        alias - the alias that should be used for the private key and the certificate
        keystorePassword - the password to safe the keystore and the private key
        keyStoreType - the type of the keystore
        Returns:
        the keystore with the private key and the certificate
        Throws:
        KeyStoreCreationFailedException - if the algorithm of the keyStoreType could not be resolved
        KeyStoreEntryException - if the certificate or private key could not be added to the keystore
        KeyGenerationException - if the private key could not be created from the given byte-array
        CertificateCreationException - if the certificate could not be created from the given data.

      • getBytes

        public static byte[] getBytes​(KeyStore keyStore,
                              String password)
        will convert the given keystore into a byte array
        Parameters:
        keyStore - the keystore that should be converted
        password - the keystore password that will be used as encryption password for the keystore
        Returns:
        the byte array that contains the data of the given keystore

      • createEmptyKeyStore

        public static KeyStore createEmptyKeyStore​(KeyStoreSupporter.KeyStoreType keyStoreType,
                                           String keystorePassword)
        creates an empty keystore
        Parameters:
        keyStoreType - the type of keystore to create
        keystorePassword - the password to secure the keystore
        Returns:
        the newly created empty keystore-instance

      • addCertificateEntryToKeyStore

        public static KeyStore addCertificateEntryToKeyStore​(KeyStore keyStore,
                                                     Certificate certificate,
                                                     String alias)
        this method simply adds a certificate entry to the given keystore. This method is only to extend the adding of certificate method by logging and it prevents overriding existing entries.
        Parameters:
        keyStore - the keystore to which the certificate should be added
        certificate - the certificate to add to the given keystore
        alias - the alias that will be used for the certificate entry.
        Returns:
        the keystore that was also given as parameter with the added certificate.

      • addCertificateEntry

        public static KeyStore addCertificateEntry​(KeyStore keyStore,
                                           String alias,
                                           Certificate certificate)
        convenience method for adding a certificate entry to the given keystore under the given alias, without having to handle the checked exception
        Parameters:
        keyStore - the keystore to extend with the certificate
        alias - the alias under which the certificate should be stored
        certificate - the certificate for the new entry
        Returns:
        the keystore that was given as parameter

      • addEntryToKeystore

        public static KeyStore addEntryToKeystore​(KeyStore keyStore,
                                          String alias,
                                          Key key,
                                          Certificate[] certificateChain,
                                          String password)
        will try to add the given entry under the given alias to the given keystore
        Parameters:
        keyStore - the keystore to which the key entry should be added
        alias - the alias to use for the key-entry
        key - the key to set under the given alias
        password - the password to secure the key within the keystore
        Returns:
        the same keystore that was given as parameter

      • convertKeyStore

        public static KeyStore convertKeyStore​(KeyStore keyStore,
                                       String keyStorePassword,
                                       KeyStoreSupporter.KeyStoreType keyStoreType)
        This method will convert a given keystore with all its entries into another type of keystore.
        this will of course only work if the private key passwords are matching the keystore password.
        Parameters:
        keyStore - the kystore that shall be converted
        keyStorePassword - the password to open the keystore
        keyStoreType - the type to which the keystore should be converted
        Returns:
        the converted keystore.

      • tryCopyEntry

        public static void tryCopyEntry​(KeyStore keyStore,
                                String keyStorePassword,
                                String keyPassword,
                                KeyStoreSupporter.KeyStoreType keyStoreType,
                                KeyStore newKeyStore,
                                String alias)
        this method tries to access an entry of the given keyStore and will add it to the newKeyStore object no matter if the given alias is a key-entry or a certificate entry
        Parameters:
        keyStore - the keystore that holds the original entry
        keyStorePassword - the password to access the original keystore
        keyPassword - the password to access the original key entry under the given alias
        keyStoreType - the type of the original keystore
        newKeyStore - the new keystore to which the entry should be copied
        alias - the alias of the entry that should be copied

      • keyStoreToFile

        public static void keyStoreToFile​(File file,
                                  KeyStore keyStore,
                                  String keystorePassword)
        Will store the given keystore into the given file.
        Parameters:
        file - the file where the keystore should be saved.
        keyStore - the keystore to save.
        keystorePassword - the password to access and save the given keystore

      • keyStoreToFile

        public static void keyStoreToFile​(File directory,
                                  String filename,
                                  KeyStore keyStore,
                                  String keystorePassword)
        Will store the given keystore into the given file.
        Parameters:
        directory - the target directory where the keystore should be saved.
        filename - the file where the keystore should be saved.
        keyStore - the keystore to save.
        keystorePassword - the password to access and save the given keystore

      • readKeyStore

        public static KeyStore readKeyStore​(File file,
                                    String keyStorePassword)
        will read a file to a keystore.
        Parameters:
        file - the file that should be read to a keystore
        keyStorePassword - the password to access the keystore
        Returns:
        the read keystore

      • readKeyStore

        public static KeyStore readKeyStore​(byte[] keyStoreBytes,
                                    KeyStoreSupporter.KeyStoreType keyStoreType,
                                    String keyStorePassword)
        will read a byte array to a keystore.
        Parameters:
        keyStoreBytes - the bytes of the keyStore that should be read
        keyStoreType - the type of the keystore.
        keyStorePassword - the password to access the keystore
        Returns:
        the read keystore

      • readKeyStore

        public static KeyStore readKeyStore​(InputStream keyStoreStream,
                                    KeyStoreSupporter.KeyStoreType keyStoreType,
                                    String keyStorePassword)
        will read an input stream to a keystore.
        Parameters:
        keyStoreStream - the bytes of the keyStore that should be read
        keyStoreType - the type of the keystore.
        keyStorePassword - the password to access the keystore
        Returns:
        the read keystore

      • readTruststore

        public static KeyStore readTruststore​(byte[] truststoreBytes,
                                      KeyStoreSupporter.KeyStoreType keyStoreType)
        will read a keystore from the given byte array that can only be used as truststore
        Parameters:
        truststoreBytes - the bytes of the truststore
        keyStoreType - the keystore type that the truststore represents
        Returns:
        a keystore that can only be used as truststore

      • readTruststore

        public static KeyStore readTruststore​(byte[] truststoreBytes,
                                      KeyStoreSupporter.KeyStoreType keyStoreType,
                                      String password)
        will read a keystore from the given byte array that can only be used as truststore
        Parameters:
        truststoreBytes - the bytes of the truststore
        keyStoreType - the keystore type that the truststore represents
        password - an optional password that can be entered for JKS keystores and must be entered for PKCS12 keystores
        Returns:
        a keystore that can only be used as truststore

      • readTruststore

        public static KeyStore readTruststore​(InputStream truststoreStream,
                                      KeyStoreSupporter.KeyStoreType keyStoreType)
        will read a keystore from the given inputstream that can only be used as truststore
        Parameters:
        truststoreStream - a stream containing the truststore data
        keyStoreType - the keystore type that the truststore represents
        Returns:
        a keystore that can only be used as truststore

      • readTruststore

        public static KeyStore readTruststore​(InputStream truststoreStream,
                                      KeyStoreSupporter.KeyStoreType keyStoreType,
                                      String password)
        will read a keystore from the given inputstream that can only be used as truststore
        Parameters:
        truststoreStream - a stream containing the truststore data
        keyStoreType - the keystore type that the truststore represents
        password - an optional password that can be entered for JKS keystores and must be entered for PKCS12 keystores
        Returns:
        a keystore that can only be used as truststore

      • mergeKeyStores

        public static KeyStore mergeKeyStores​(KeyStore keyStore1,
                                      String password1,
                                      KeyStore keyStore2,
                                      String password2,
                                      KeyStoreSupporter.KeyStoreType keyStoreType,
                                      String mergedKeyStoreKeyPassword)
        this method will merge all accessible entries from the given keystores into a single keystore
        WARNING:
        It might be that keystore1 and 2 may contain different entries under the same alias. In order for these both not to collide with one another the alias from keystore2 will be extended by "_2"

        If keystore 1 and 2 will share the same entry under different aliases the alias from keystore1 is preferred unless the entry of keystore1 is accessible. Otherwise the entry of keystore2 will be added if it is accessbile instead.

        If a private key entry cannot be accessed since its password is not matching the keystore password the entry will be omitted and only be added as a certificate entry.
        Parameters:
        keyStore1 - the first keystore
        password1 - the password to access the first keystore
        keyStore2 - the second keystore
        password2 - the password to access the second keystore
        keyStoreType - this will be the type of the keystore that contains the new entries.
        mergedKeyStoreKeyPassword - this will be the password of all added private keys within the merged keystore.
        Returns:
        a new keystore that contains all entries of the two keystores that were directly accessible.

      • readFirstKeyPairEntryFromKeyStore

        public static KeyPair readFirstKeyPairEntryFromKeyStore​(KeyStore keyStore,
                                                        String privateKeyPassword)
        reads the first found keystore entry and expects it to be a private-key entry. This method can be used if the alias of the keystore is unknown and the given keystore contains only a single private-key-entry
        Parameters:
        keyStore - the keystore with hopefully only a single private key entry
        privateKeyPassword - the password of the private key
        Returns:
        the keypair of the keystore. (Since empty keystores are invalid this method should never return null)
        Throws:
        KeyStoreReadingException - if the keystore entry could not be read or if the first keystore entry is only a certificate entry

      • getAliases

        public static Enumeration<String> getAliases​(KeyStore keyStore)
        convenience method to access the aliases of the keystore without having to handle the exception
        Parameters:
        keyStore - the keystore to get the aliases from
        Returns:
        the aliases of the given keystore
        Throws:
        KeyStoreReadingException - in case of a KeyStoreException

      • getKeyEntry

        public static Optional<Key> getKeyEntry​(KeyStore keyStore,
                                        String alias,
                                        String password)
        convenience method to access the private key from the keystore without having to handle the checked exceptions
        Parameters:
        keyStore - the keystore from which the private key should be accessed
        alias - the alias of the private key entry
        password - the password of the private key entry for the given alias
        Returns:
        the private key entry if it does exist

      • getCertificateChain

        public static Optional<Certificate[]> getCertificateChain​(KeyStore keyStore,
                                                          String alias)
        will get the certificateChain from the given alias
        Parameters:
        keyStore - the keystore from which the certificate chain should be extracted
        alias - the alias where the chain should be found
        Returns:
        the certificate chain if present or an empty

      • getCertificate

        public static Optional<Certificate> getCertificate​(KeyStore keyStore,
                                                   String alias)
        convenience method to read a certificate entry from a keystore