Package de.captaingoldfish.scim.sdk.client.keys

Class KeyStoreSupporter

java.lang.Object
de.captaingoldfish.scim.sdk.client.keys.KeyStoreSupporter
public final class KeyStoreSupporter extends Object
author: Pascal Knueppel
created at: 09.12.2019

This class is meant to provide additional operations to work with keystores. This implies adding new entries into a keystore, reading entries, convert a keystore from jks to pkcs12 or vice versa etc.

  • Method Details

    • selectProvider

      public static Provider selectProvider(KeyStoreSupporter.KeyStoreType keyStoreType)
      this method will make sure that the correct security provider is chosen for the different keystore types. The experience shows us that BouncyCastleProvider is often tried to be used for JKS and JCEKS keystores. But bouncy castle cannot handle these types why we are chosing the providers manually here
      Parameters:
      keyStoreType - the keystore type for which a provider is needed.
      Returns:
      the provider that can handle the given keystore

    • toKeyStore

      public static KeyStore toKeyStore(PrivateKey privateKey, Certificate certificate, String alias, String keystorePassword, KeyStoreSupporter.KeyStoreType keyStoreType)
      creates a keystore from the given privateKey and the certificate
      Parameters:
      privateKey - the private key that should be packed into a keystore
      certificate - the certificate that should be packed into the keystore alongside the private key
      alias - the alias that should be used for the private key and the certificate
      keystorePassword - the password to safe the keystore and the private key
      keyStoreType - the type of the keystore
      Returns:
      the keystore with the private key and the certificate
      Throws:
      KeyStoreCreationFailedException - if the algorithm of the keyStoreType could not be resolved
      KeyStoreEntryException - if the certificate or private key could not be added to the keystore

    • toKeyStore

      public static KeyStore toKeyStore(Certificate certificate, String alias, String keystorePassword, KeyStoreSupporter.KeyStoreType keyStoreType)
      creates a keystore from the given certificate
      Parameters:
      certificate - the certificate that should be packed into the keystore alongside the private key
      alias - the alias that should be used for the private key and the certificate
      keystorePassword - the password to safe the keystore and the private key
      keyStoreType - the type of the keystore
      Returns:
      the keystore with the private key and the certificate
      Throws:
      KeyStoreCreationFailedException - if the algorithm of the keyStoreType could not be resolved
      KeyStoreEntryException - if the certificate or private key could not be added to the keystore

    • toKeyStore

      public static KeyStore toKeyStore(byte[] privateKeyBytes, byte[] certificateBytes, String alias, String keystorePassword, KeyStoreSupporter.KeyStoreType keyStoreType)
      creates a keystore from the given privateKey and the certificate
      Parameters:
      privateKeyBytes - the private key that should be packed into a keystore
      certificateBytes - the certificate that should be packed into the keystore alongside the private key
      alias - the alias that should be used for the private key and the certificate
      keystorePassword - the password to safe the keystore and the private key
      keyStoreType - the type of the keystore
      Returns:
      the keystore with the private key and the certificate
      Throws:
      KeyStoreCreationFailedException - if the algorithm of the keyStoreType could not be resolved
      KeyStoreEntryException - if the certificate or private key could not be added to the keystore
      KeyGenerationException - if the private key could not be created from the given byte-array
      CertificateCreationException - if the certificate could not be created from the given data.

    • getBytes

      public static byte[] getBytes(KeyStore keyStore, String password)
      will convert the given keystore into a byte array
      Parameters:
      keyStore - the keystore that should be converted
      password - the keystore password that will be used as encryption password for the keystore
      Returns:
      the byte array that contains the data of the given keystore

    • createEmptyKeyStore

      public static KeyStore createEmptyKeyStore(KeyStoreSupporter.KeyStoreType keyStoreType, String keystorePassword)
      creates an empty keystore
      Parameters:
      keyStoreType - the type of keystore to create
      keystorePassword - the password to secure the keystore
      Returns:
      the newly created empty keystore-instance

    • addCertificateEntryToKeyStore

      public static KeyStore addCertificateEntryToKeyStore(KeyStore keyStore, Certificate certificate, String alias)
      this method simply adds a certificate entry to the given keystore. This method is only to extend the adding of certificate method by logging and it prevents overriding existing entries.
      Parameters:
      keyStore - the keystore to which the certificate should be added
      certificate - the certificate to add to the given keystore
      alias - the alias that will be used for the certificate entry.
      Returns:
      the keystore that was also given as parameter with the added certificate.

    • addCertificateEntry

      public static KeyStore addCertificateEntry(KeyStore keyStore, String alias, Certificate certificate)
      convenience method for adding a certificate entry to the given keystore under the given alias, without having to handle the checked exception
      Parameters:
      keyStore - the keystore to extend with the certificate
      alias - the alias under which the certificate should be stored
      certificate - the certificate for the new entry
      Returns:
      the keystore that was given as parameter

    • addEntryToKeystore

      public static KeyStore addEntryToKeystore(KeyStore keyStore, String alias, Key key, Certificate[] certificateChain, String password)
      will try to add the given entry under the given alias to the given keystore
      Parameters:
      keyStore - the keystore to which the key entry should be added
      alias - the alias to use for the key-entry
      key - the key to set under the given alias
      password - the password to secure the key within the keystore
      Returns:
      the same keystore that was given as parameter

    • convertKeyStore

      public static KeyStore convertKeyStore(KeyStore keyStore, String keyStorePassword, KeyStoreSupporter.KeyStoreType keyStoreType)
      This method will convert a given keystore with all its entries into another type of keystore.
      this will of course only work if the private key passwords are matching the keystore password.
      Parameters:
      keyStore - the kystore that shall be converted
      keyStorePassword - the password to open the keystore
      keyStoreType - the type to which the keystore should be converted
      Returns:
      the converted keystore.

    • tryCopyEntry

      public static void tryCopyEntry(KeyStore keyStore, String keyStorePassword, String keyPassword, KeyStoreSupporter.KeyStoreType keyStoreType, KeyStore newKeyStore, String alias)
      this method tries to access an entry of the given keyStore and will add it to the newKeyStore object no matter if the given alias is a key-entry or a certificate entry
      Parameters:
      keyStore - the keystore that holds the original entry
      keyStorePassword - the password to access the original keystore
      keyPassword - the password to access the original key entry under the given alias
      keyStoreType - the type of the original keystore
      newKeyStore - the new keystore to which the entry should be copied
      alias - the alias of the entry that should be copied

    • keyStoreToFile

      public static void keyStoreToFile(File file, KeyStore keyStore, String keystorePassword)
      Will store the given keystore into the given file.
      Parameters:
      file - the file where the keystore should be saved.
      keyStore - the keystore to save.
      keystorePassword - the password to access and save the given keystore

    • keyStoreToFile

      public static void keyStoreToFile(File directory, String filename, KeyStore keyStore, String keystorePassword)
      Will store the given keystore into the given file.
      Parameters:
      directory - the target directory where the keystore should be saved.
      filename - the file where the keystore should be saved.
      keyStore - the keystore to save.
      keystorePassword - the password to access and save the given keystore

    • readKeyStore

      public static KeyStore readKeyStore(File file, String keyStorePassword)
      will read a file to a keystore.
      Parameters:
      file - the file that should be read to a keystore
      keyStorePassword - the password to access the keystore
      Returns:
      the read keystore

    • readKeyStore

      public static KeyStore readKeyStore(byte[] keyStoreBytes, KeyStoreSupporter.KeyStoreType keyStoreType, String keyStorePassword)
      will read a byte array to a keystore.
      Parameters:
      keyStoreBytes - the bytes of the keyStore that should be read
      keyStoreType - the type of the keystore.
      keyStorePassword - the password to access the keystore
      Returns:
      the read keystore

    • readKeyStore

      public static KeyStore readKeyStore(InputStream keyStoreStream, KeyStoreSupporter.KeyStoreType keyStoreType, String keyStorePassword)
      will read an input stream to a keystore.
      Parameters:
      keyStoreStream - the bytes of the keyStore that should be read
      keyStoreType - the type of the keystore.
      keyStorePassword - the password to access the keystore
      Returns:
      the read keystore

    • readTruststore

      public static KeyStore readTruststore(byte[] truststoreBytes, KeyStoreSupporter.KeyStoreType keyStoreType)
      will read a keystore from the given byte array that can only be used as truststore
      Parameters:
      truststoreBytes - the bytes of the truststore
      keyStoreType - the keystore type that the truststore represents
      Returns:
      a keystore that can only be used as truststore

    • readTruststore

      public static KeyStore readTruststore(byte[] truststoreBytes, KeyStoreSupporter.KeyStoreType keyStoreType, String password)
      will read a keystore from the given byte array that can only be used as truststore
      Parameters:
      truststoreBytes - the bytes of the truststore
      keyStoreType - the keystore type that the truststore represents
      password - an optional password that can be entered for JKS keystores and must be entered for PKCS12 keystores
      Returns:
      a keystore that can only be used as truststore

    • readTruststore

      public static KeyStore readTruststore(InputStream truststoreStream, KeyStoreSupporter.KeyStoreType keyStoreType)
      will read a keystore from the given inputstream that can only be used as truststore
      Parameters:
      truststoreStream - a stream containing the truststore data
      keyStoreType - the keystore type that the truststore represents
      Returns:
      a keystore that can only be used as truststore

    • readTruststore

      public static KeyStore readTruststore(InputStream truststoreStream, KeyStoreSupporter.KeyStoreType keyStoreType, String password)
      will read a keystore from the given inputstream that can only be used as truststore
      Parameters:
      truststoreStream - a stream containing the truststore data
      keyStoreType - the keystore type that the truststore represents
      password - an optional password that can be entered for JKS keystores and must be entered for PKCS12 keystores
      Returns:
      a keystore that can only be used as truststore

    • mergeKeyStores

      public static KeyStore mergeKeyStores(KeyStore keyStore1, String password1, KeyStore keyStore2, String password2, KeyStoreSupporter.KeyStoreType keyStoreType, String mergedKeyStoreKeyPassword)
      this method will merge all accessible entries from the given keystores into a single keystore
      WARNING:
      It might be that keystore1 and 2 may contain different entries under the same alias. In order for these both not to collide with one another the alias from keystore2 will be extended by "_2"

      If keystore 1 and 2 will share the same entry under different aliases the alias from keystore1 is preferred unless the entry of keystore1 is accessible. Otherwise the entry of keystore2 will be added if it is accessbile instead.

      If a private key entry cannot be accessed since its password is not matching the keystore password the entry will be omitted and only be added as a certificate entry.
      Parameters:
      keyStore1 - the first keystore
      password1 - the password to access the first keystore
      keyStore2 - the second keystore
      password2 - the password to access the second keystore
      keyStoreType - this will be the type of the keystore that contains the new entries.
      mergedKeyStoreKeyPassword - this will be the password of all added private keys within the merged keystore.
      Returns:
      a new keystore that contains all entries of the two keystores that were directly accessible.

    • readFirstKeyPairEntryFromKeyStore

      public static KeyPair readFirstKeyPairEntryFromKeyStore(KeyStore keyStore, String privateKeyPassword)
      reads the first found keystore entry and expects it to be a private-key entry. This method can be used if the alias of the keystore is unknown and the given keystore contains only a single private-key-entry
      Parameters:
      keyStore - the keystore with hopefully only a single private key entry
      privateKeyPassword - the password of the private key
      Returns:
      the keypair of the keystore. (Since empty keystores are invalid this method should never return null)
      Throws:
      KeyStoreReadingException - if the keystore entry could not be read or if the first keystore entry is only a certificate entry

    • getAliases

      public static Enumeration<String> getAliases(KeyStore keyStore)
      convenience method to access the aliases of the keystore without having to handle the exception
      Parameters:
      keyStore - the keystore to get the aliases from
      Returns:
      the aliases of the given keystore
      Throws:
      KeyStoreReadingException - in case of a KeyStoreException

    • getKeyEntry

      public static Optional<Key> getKeyEntry(KeyStore keyStore, String alias, String password)
      convenience method to access the private key from the keystore without having to handle the checked exceptions
      Parameters:
      keyStore - the keystore from which the private key should be accessed
      alias - the alias of the private key entry
      password - the password of the private key entry for the given alias
      Returns:
      the private key entry if it does exist

    • getCertificateChain

      public static Optional<Certificate[]> getCertificateChain(KeyStore keyStore, String alias)
      will get the certificateChain from the given alias
      Parameters:
      keyStore - the keystore from which the certificate chain should be extracted
      alias - the alias where the chain should be found
      Returns:
      the certificate chain if present or an empty

    • getCertificate

      public static Optional<Certificate> getCertificate(KeyStore keyStore, String alias)
      convenience method to read a certificate entry from a keystore