Skip to content

Commit cdd59b2

Browse files
committed
More keystore helpers
1 parent 1f528c9 commit cdd59b2

4 files changed

Lines changed: 91 additions & 0 deletions

File tree

openstack-commons/src/main/java/org/openstack/crypto/ByteString.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,10 @@ public static ByteString get(ByteBuffer buffer) {
3838
return new ByteString(keyData);
3939
}
4040

41+
public byte[] toByteArray() {
42+
return Arrays.copyOf(bytes, bytes.length);
43+
}
44+
4145
// TODO: Is this needed or does the JVM do this for us?
4246
@Override
4347
public int hashCode() {
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
package org.openstack.crypto;
2+
3+
import java.security.PrivateKey;
4+
import java.security.PublicKey;
5+
import java.security.cert.X509Certificate;
6+
7+
public interface CertificateAndKey {
8+
9+
PrivateKey getPrivateKey();
10+
11+
X509Certificate[] getCertificateChain();
12+
13+
PublicKey getPublicKey();
14+
}

openstack-commons/src/main/java/org/openstack/crypto/KeyStoreUtils.java

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,18 @@
66
import java.io.FileInputStream;
77
import java.io.IOException;
88
import java.io.InputStream;
9+
import java.security.GeneralSecurityException;
910
import java.security.InvalidKeyException;
1011
import java.security.KeyStore;
12+
import java.security.KeyStore.Entry;
13+
import java.security.KeyStore.PrivateKeyEntry;
14+
import java.security.KeyStore.ProtectionParameter;
1115
import java.security.KeyStoreException;
1216
import java.security.NoSuchAlgorithmException;
1317
import java.security.NoSuchProviderException;
1418
import java.security.PrivateKey;
1519
import java.security.SignatureException;
20+
import java.security.UnrecoverableEntryException;
1621
import java.security.cert.Certificate;
1722
import java.security.cert.CertificateException;
1823
import java.security.cert.X509Certificate;
@@ -28,6 +33,13 @@
2833
import com.google.common.collect.Lists;
2934

3035
public class KeyStoreUtils {
36+
public static final String DEFAULT_KEYSTORE_SECRET = "notasecret";
37+
38+
public static KeyStore load(File keystoreFile) throws KeyStoreException, IOException, NoSuchAlgorithmException,
39+
CertificateException {
40+
return load(keystoreFile, DEFAULT_KEYSTORE_SECRET);
41+
}
42+
3143
public static KeyStore load(File keystoreFile, String keystoreSecret) throws KeyStoreException, IOException,
3244
NoSuchAlgorithmException, CertificateException {
3345
InputStream is = null;
@@ -150,4 +162,25 @@ public static byte[] serialize(KeyStore keystore, String keystoreSecret) throws
150162
Io.safeClose(baos);
151163
}
152164
}
165+
166+
public static CertificateAndKey getCertificateAndKey(KeyStore keyStore, String alias, String password)
167+
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
168+
if (!keyStore.isKeyEntry(alias)) {
169+
return null;
170+
}
171+
172+
ProtectionParameter protParam = new KeyStore.PasswordProtection(password.toCharArray());
173+
Entry key = keyStore.getEntry(alias, protParam);
174+
if (key == null || !(key instanceof PrivateKeyEntry)) {
175+
return null;
176+
}
177+
178+
return new KeystoreCertificateAndKey((PrivateKeyEntry) key);
179+
}
180+
181+
public static void put(KeyStore keystore, String alias, CertificateAndKey certificateAndKey, String secret)
182+
throws GeneralSecurityException {
183+
keystore.setKeyEntry(alias, certificateAndKey.getPrivateKey(), secret.toCharArray(),
184+
certificateAndKey.getCertificateChain());
185+
}
153186
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
package org.openstack.crypto;
2+
3+
import java.security.KeyStore.PrivateKeyEntry;
4+
import java.security.PrivateKey;
5+
import java.security.PublicKey;
6+
import java.security.cert.Certificate;
7+
import java.security.cert.X509Certificate;
8+
9+
public class KeystoreCertificateAndKey implements CertificateAndKey {
10+
final PrivateKeyEntry privateKeyEntry;
11+
12+
public KeystoreCertificateAndKey(PrivateKeyEntry privateKeyEntry) {
13+
super();
14+
this.privateKeyEntry = privateKeyEntry;
15+
}
16+
17+
@Override
18+
public PrivateKey getPrivateKey() {
19+
return privateKeyEntry.getPrivateKey();
20+
}
21+
22+
@Override
23+
public X509Certificate[] getCertificateChain() {
24+
Certificate[] chain = privateKeyEntry.getCertificateChain();
25+
26+
X509Certificate[] x509 = new X509Certificate[chain.length];
27+
28+
for (int i = 0; i < chain.length; i++) {
29+
x509[i] = (X509Certificate) chain[i];
30+
}
31+
32+
return x509;
33+
}
34+
35+
@Override
36+
public PublicKey getPublicKey() {
37+
Certificate[] chain = privateKeyEntry.getCertificateChain();
38+
return chain[0].getPublicKey();
39+
}
40+
}

0 commit comments

Comments
 (0)