net.lightbody.bmp.mitm.tools

Interface SecurityProviderTool

All Known Implementing Classes:

BouncyCastleSecurityProviderTool, DefaultSecurityProviderTool

public interface SecurityProviderTool

Generic interface for functionality provided by a Security Provider.

Method Summary

Modifier and Type	Method and Description
CertificateAndKey	createCARootCertificate(CertificateInfo certificateInfo, KeyPair keyPair, String messageDigest) Creates a new self-signed CA root certificate, suitable for use signing new server certificates.
KeyStore	createRootCertificateKeyStore(String keyStoreType, CertificateAndKey rootCertificateAndKey, String privateKeyAlias, String password) Assembles a Java KeyStore containing a CA root certificate and its private key.
CertificateAndKey	createServerCertificate(CertificateInfo certificateInfo, X509Certificate caRootCertificate, PrivateKey caPrivateKey, KeyPair serverKeyPair, String messageDigest) Creates a new server X.509 certificate using the serverKeyPair.
KeyStore	createServerKeyStore(String keyStoreType, CertificateAndKey serverCertificateAndKey, X509Certificate rootCertificate, String privateKeyAlias, String password) Assembles a Java KeyStore containing a server's certificate, private key, and the certificate authority's certificate, which can be used to create an SSLContext.
X509Certificate	decodePemEncodedCertificate(Reader certificateReader) Decodes a PEM-encoded X.509 Certificate into a X509Certificate.
PrivateKey	decodePemEncodedPrivateKey(Reader privateKeyReader, String password) Decodes a PEM-encoded private key into a PrivateKey.
String	encodeCertificateAsPem(Certificate certificate) Encodes a certificate in PEM format.
String	encodePrivateKeyAsPem(PrivateKey privateKey, String passwordForPrivateKey, String encryptionAlgorithm) Encodes a private key in PEM format, encrypting it with the specified password.
KeyManager[]	getKeyManagers(KeyStore keyStore, String keyStorePassword) Retrieve the KeyManagers for the specified KeyStore.
KeyStore	loadKeyStore(File file, String keyStoreType, String password) Loads a Java KeyStore object from a file.
void	saveKeyStore(File file, KeyStore keyStore, String keystorePassword) Saves a Java KeyStore to a file, protecting it with the specified password.

Method Detail

createCARootCertificate

CertificateAndKey createCARootCertificate(CertificateInfo certificateInfo,
                                          KeyPair keyPair,
                                          String messageDigest)

Creates a new self-signed CA root certificate, suitable for use signing new server certificates.

Parameters:

certificateInfo - certificate info to populate in the new root cert

keyPair - root certificate's public and private keys

messageDigest - digest to use when signing the new root certificate, such as SHA512

Returns:

a new root certificate and private key

createServerCertificate

CertificateAndKey createServerCertificate(CertificateInfo certificateInfo,
                                          X509Certificate caRootCertificate,
                                          PrivateKey caPrivateKey,
                                          KeyPair serverKeyPair,
                                          String messageDigest)

Creates a new server X.509 certificate using the serverKeyPair. The new certificate will be populated with information from the specified certificateInfo and will be signed using the specified caPrivateKey and messageDigest.

Parameters:

certificateInfo - basic X.509 certificate info that will be used to create the server certificate

caRootCertificate - root certificate that will be used to populate the issuer field of the server certificate

serverKeyPair - server's public and private keys

messageDigest - message digest to use when signing the server certificate, such as SHA512

caPrivateKey - root certificate private key that will be used to sign the server certificate

Returns:

a new server certificate and its private key

createServerKeyStore

KeyStore createServerKeyStore(String keyStoreType,
                              CertificateAndKey serverCertificateAndKey,
                              X509Certificate rootCertificate,
                              String privateKeyAlias,
                              String password)

Assembles a Java KeyStore containing a server's certificate, private key, and the certificate authority's certificate, which can be used to create an SSLContext.

Parameters:

keyStoreType - the KeyStore type, such as JKS or PKCS12

serverCertificateAndKey - certificate and private key for the server, which will be placed in the KeyStore

rootCertificate - CA root certificate of the private key that signed the server certificate

privateKeyAlias - alias to assign the private key (with accompanying certificate chain) to in the KeyStore

password - password for the new KeyStore and private key

Returns:

a new KeyStore with the server's certificate and password-protected private key

createRootCertificateKeyStore

KeyStore createRootCertificateKeyStore(String keyStoreType,
                                       CertificateAndKey rootCertificateAndKey,
                                       String privateKeyAlias,
                                       String password)

Assembles a Java KeyStore containing a CA root certificate and its private key.

Parameters:

keyStoreType - the KeyStore type, such as JKS or PKCS12

rootCertificateAndKey - certification authority's root certificate and private key, which will be placed in the KeyStore

privateKeyAlias - alias to assign the private key (with accompanying certificate chain) to in the KeyStore

password - password for the new KeyStore and private key

Returns:

a new KeyStore with the root certificate and password-protected private key

encodePrivateKeyAsPem

String encodePrivateKeyAsPem(PrivateKey privateKey,
                             String passwordForPrivateKey,
                             String encryptionAlgorithm)

Encodes a private key in PEM format, encrypting it with the specified password. The private key will be encrypted using the specified algorithm.

Parameters:

privateKey - private key to encode

passwordForPrivateKey - password to protect the private key

encryptionAlgorithm - algorithm to use to encrypt the private key

Returns:

PEM-encoded private key as a String

encodeCertificateAsPem

String encodeCertificateAsPem(Certificate certificate)

Encodes a certificate in PEM format.

Parameters:

certificate - certificate to encode

Returns:

PEM-encoded certificate as a String

decodePemEncodedPrivateKey

PrivateKey decodePemEncodedPrivateKey(Reader privateKeyReader,
                                      String password)

Decodes a PEM-encoded private key into a PrivateKey. The password may be null if the PEM-encoded private key is not password-encrypted.

Parameters:

privateKeyReader - a reader for a PEM-encoded private key

password - password protecting the private key @return the decoded private key

decodePemEncodedCertificate

X509Certificate decodePemEncodedCertificate(Reader certificateReader)

Decodes a PEM-encoded X.509 Certificate into a X509Certificate.

Parameters:

certificateReader - a reader for a PEM-encoded certificate

Returns:

the decoded X.509 certificate

loadKeyStore

KeyStore loadKeyStore(File file,
                      String keyStoreType,
                      String password)

Loads a Java KeyStore object from a file.

Parameters:

file - KeyStore file to load

keyStoreType - KeyStore type (PKCS12, JKS, etc.)

password - the KeyStore password

Returns:

an initialized Java KeyStore object

saveKeyStore

void saveKeyStore(File file,
                  KeyStore keyStore,
                  String keystorePassword)

Saves a Java KeyStore to a file, protecting it with the specified password.

Parameters:

file - file to save the KeyStore to

keyStore - KeyStore to save

keystorePassword - password for the KeyStore

getKeyManagers

KeyManager[] getKeyManagers(KeyStore keyStore,
                            String keyStorePassword)

Retrieve the KeyManagers for the specified KeyStore.

Parameters:

keyStore - the KeyStore to retrieve KeyManagers from

keyStorePassword - the KeyStore password

Returns:

KeyManagers for the specified KeyStore