public final class KeyStoreUtil
extends java.lang.Object
修飾子とタイプ | フィールド | 説明 |
---|---|---|
static boolean |
_blacklistLogged |
|
static java.lang.String |
DEFAULT_KEYSTORE_PASSWORD |
コンストラクタ | 説明 |
---|---|
KeyStoreUtil() |
修飾子とタイプ | メソッド | 説明 |
---|---|---|
static boolean |
addCert(java.io.File file,
java.lang.String alias,
java.security.KeyStore ks) |
Load an X509 Cert from a file and add it to the
trusted set of certificates in the key store
This does NOT check for revocation.
|
static boolean |
addCert(java.io.File file,
java.lang.String alias,
java.security.KeyStore ks,
java.security.cert.CertStore cs) |
Load an X509 Cert from a file and add it to the
trusted set of certificates in the key store
This DOES check for revocation, IF cs is non-null.
|
static int |
addCerts(java.io.File dir,
java.security.KeyStore ks) |
Load all X509 Certs from a directory and add them to the
trusted set of certificates in the key store
This DOES check for revocation.
|
static int |
countCerts(java.security.KeyStore ks) |
Count all X509 Certs in a key store
|
static boolean |
createKeys(java.io.File ks,
java.lang.String alias,
java.lang.String cname,
java.lang.String ou,
java.lang.String keyPW) |
Create a keypair and store it in the keystore at ks, creating it if necessary.
|
static boolean |
createKeys(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String cname,
java.lang.String ou,
int validDays,
java.lang.String keyAlg,
int keySize,
java.lang.String keyPW) |
Create a keypair and store it in the keystore at ks, creating it if necessary.
|
static java.lang.Object[] |
createKeysAndCRL(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String cname,
java.lang.String ou,
int validDays,
java.lang.String keyAlg,
int keySize,
java.lang.String keyPW) |
New way - Native Java, does not call out to keytool.
|
static java.lang.Object[] |
createKeysAndCRL(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String cname,
java.lang.String ou,
int validDays,
SigType type,
java.lang.String keyPW) |
New way - Native Java, does not call out to keytool.
|
static java.security.KeyStore |
createKeyStore(java.io.File ksFile,
java.lang.String password) |
Create a new KeyStore object, and load it from ksFile if it is
non-null and it exists.
|
static boolean |
exportCert(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.io.File certFile) |
Pull the cert back OUT of the keystore and save it in Base64-encoded X.509 format
so the clients can get to it.
|
static void |
exportPrivateKey(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String keyPW,
java.io.OutputStream out) |
Export the private key and certificate chain (if any) out of a keystore.
|
static java.security.cert.Certificate |
getCert(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias) |
Get a cert out of a keystore
|
static java.security.PrivateKey |
getPrivateKey(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String keyPW) |
Get a private key out of a keystore
|
static java.lang.String |
importPrivateKey(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String keyPW,
java.io.InputStream in) |
Import the private key and certificate chain to a keystore.
|
static java.security.KeyStore |
loadSystemKeyStore() |
Loads certs from location of javax.net.ssl.keyStore property,
else from $JAVA_HOME/lib/security/jssecacerts,
else from $JAVA_HOME/lib/security/cacerts.
|
static java.lang.String |
randomString() |
48 char b32 string (30 bytes of entropy)
|
static void |
storePrivateKey(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String keyPW,
java.security.PrivateKey pk,
java.util.List<java.security.cert.X509Certificate> certs) |
Import the private key and certificate chain to a keystore.
|
public static boolean _blacklistLogged
public static final java.lang.String DEFAULT_KEYSTORE_PASSWORD
public static java.security.KeyStore createKeyStore(java.io.File ksFile, java.lang.String password) throws java.security.GeneralSecurityException, java.io.IOException
ksFile
- may be nullpassword
- may be nulljava.security.GeneralSecurityException
java.io.IOException
public static java.security.KeyStore loadSystemKeyStore()
public static int countCerts(java.security.KeyStore ks)
public static int addCerts(java.io.File dir, java.security.KeyStore ks)
public static boolean addCert(java.io.File file, java.lang.String alias, java.security.KeyStore ks)
public static boolean addCert(java.io.File file, java.lang.String alias, java.security.KeyStore ks, java.security.cert.CertStore cs)
cs
- may be null; if non-null, check for revocationpublic static java.lang.String randomString()
public static boolean createKeys(java.io.File ks, java.lang.String alias, java.lang.String cname, java.lang.String ou, java.lang.String keyPW)
ks
- path to the keystorealias
- the name of the keycname
- e.g. randomstuff.console.i2p.netou
- e.g. consolekeyPW
- the key password, must be at least 6 characterspublic static boolean createKeys(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String cname, java.lang.String ou, int validDays, java.lang.String keyAlg, int keySize, java.lang.String keyPW)
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. randomstuff.console.i2p.netou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyAlg
- e.g. DSA , RSA, ECkeySize
- e.g. 1024keyPW
- the key password, must be at least 6 characterspublic static java.lang.Object[] createKeysAndCRL(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String cname, java.lang.String ou, int validDays, java.lang.String keyAlg, int keySize, java.lang.String keyPW) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. randomstuff.console.i2p.netou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyAlg
- e.g. DSA , RSA, ECkeySize
- e.g. 1024keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.lang.Object[] createKeysAndCRL(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String cname, java.lang.String ou, int validDays, SigType type, java.lang.String keyPW) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. randomstuff.console.i2p.netou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.security.PrivateKey getPrivateKey(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String keyPW) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keykeyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static void exportPrivateKey(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String keyPW, java.io.OutputStream out) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keykeyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.lang.String importPrivateKey(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String keyPW, java.io.InputStream in) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the key. If null, will be taken from the Subject CN
of the first certificate in the chain.keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static void storePrivateKey(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String keyPW, java.security.PrivateKey pk, java.util.List<java.security.cert.X509Certificate> certs) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the key, non-null.keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.security.cert.Certificate getCert(java.io.File ks, java.lang.String ksPW, java.lang.String alias) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keyjava.security.GeneralSecurityException
java.io.IOException
public static boolean exportCert(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.io.File certFile)
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keycertFile
- output