public final class KeyStoreUtil
extends java.lang.Object
修飾子とタイプ | フィールド | 説明 |
---|---|---|
static boolean |
_blacklistLogged |
|
static java.lang.String |
DEFAULT_KEYSTORE_PASSWORD |
コンストラクタ | 説明 |
---|---|
KeyStoreUtil() |
修飾子とタイプ | メソッド | 説明 |
---|---|---|
static boolean |
addCert(java.io.File file,
java.lang.String alias,
java.security.KeyStore ks) |
Load an X509 Cert from a file and add it to the
trusted set of certificates in the key store
This does NOT check for revocation.
|
static boolean |
addCert(java.io.File file,
java.lang.String alias,
java.security.KeyStore ks,
java.security.cert.CertStore cs) |
Load an X509 Cert from a file and add it to the
trusted set of certificates in the key store
This DOES check for revocation, IF cs is non-null.
|
static int |
addCerts(java.io.File dir,
java.security.KeyStore ks) |
Load all X509 Certs from a directory and add them to the
trusted set of certificates in the key store
This DOES check for revocation.
|
static int |
countCerts(java.security.KeyStore ks) |
Count all X509 Certs in a key store
|
static boolean |
createKeys(java.io.File ks,
java.lang.String alias,
java.lang.String cname,
java.lang.String ou,
java.lang.String keyPW) |
Create a keypair and store it in the keystore at ks, creating it if necessary.
|
static boolean |
createKeys(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String cname,
java.lang.String ou,
int validDays,
java.lang.String keyAlg,
int keySize,
java.lang.String keyPW) |
Create a keypair and store it in the keystore at ks, creating it if necessary.
|
static boolean |
createKeys(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String cname,
java.util.Set<java.lang.String> altNames,
java.lang.String ou,
int validDays,
java.lang.String keyAlg,
int keySize,
java.lang.String keyPW) |
Create a keypair and store it in the keystore at ks, creating it if necessary.
|
static boolean |
createKeys(java.io.File ks,
java.lang.String alias,
java.lang.String cname,
java.util.Set<java.lang.String> altNames,
java.lang.String ou,
java.lang.String keyPW) |
Create a keypair and store it in the keystore at ks, creating it if necessary.
|
static java.lang.Object[] |
createKeysAndCRL(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String cname,
java.lang.String ou,
int validDays,
java.lang.String keyAlg,
int keySize,
java.lang.String keyPW) |
New way - Native Java, does not call out to keytool.
|
static java.lang.Object[] |
createKeysAndCRL(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String cname,
java.lang.String ou,
int validDays,
SigType type,
java.lang.String keyPW) |
New way - Native Java, does not call out to keytool.
|
static java.lang.Object[] |
createKeysAndCRL(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String cname,
java.util.Set<java.lang.String> altNames,
java.lang.String ou,
int validDays,
java.lang.String keyAlg,
int keySize,
java.lang.String keyPW) |
New way - Native Java, does not call out to keytool.
|
static java.lang.Object[] |
createKeysAndCRL(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String cname,
java.util.Set<java.lang.String> altNames,
java.lang.String ou,
int validDays,
SigType type,
java.lang.String keyPW) |
New way - Native Java, does not call out to keytool.
|
static java.security.KeyStore |
createKeyStore(java.io.File ksFile,
java.lang.String password) |
Create a new KeyStore object, and load it from ksFile if it is
non-null and it exists.
|
static boolean |
exportCert(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.io.File certFile) |
Pull the cert back OUT of the keystore and save it in Base64-encoded X.509 format
so the clients can get to it.
|
static void |
exportPrivateKey(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String keyPW,
java.io.OutputStream out) |
Export the private key and certificate chain (if any) out of a keystore.
|
static java.security.cert.Certificate |
getCert(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias) |
Get a cert out of a keystore
|
static java.security.PrivateKey |
getPrivateKey(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String keyPW) |
Get a private key out of a keystore
|
static java.lang.String |
importPrivateKey(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String keyPW,
java.io.InputStream in) |
Import the private key and certificate chain to a keystore.
|
static java.security.KeyStore |
loadSystemKeyStore() |
Loads certs from location of javax.net.ssl.keyStore property,
else from $JAVA_HOME/lib/security/jssecacerts,
else from $JAVA_HOME/lib/security/cacerts.
|
static boolean |
logCertExpiration(java.io.File f,
java.lang.String ksPW,
long expiresWithin) |
Validate expiration for all private key certs in a key store.
|
static boolean |
logCertExpiration(java.security.KeyStore ks,
java.lang.String location,
long expiresWithin) |
Validate expiration for all private key certs in a key store.
|
static java.lang.String |
randomString() |
48 char b32 string (30 bytes of entropy)
|
static java.security.cert.X509Certificate |
renewPrivateKeyCertificate(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String keyPW,
int validDays) |
Renew the the private key certificate in a keystore.
|
static void |
storePrivateKey(java.io.File ks,
java.lang.String ksPW,
java.lang.String alias,
java.lang.String keyPW,
java.security.PrivateKey pk,
java.util.List<java.security.cert.X509Certificate> certs) |
Import the private key and certificate chain to a keystore.
|
public static boolean _blacklistLogged
public static final java.lang.String DEFAULT_KEYSTORE_PASSWORD
public static java.security.KeyStore createKeyStore(java.io.File ksFile, java.lang.String password) throws java.security.GeneralSecurityException, java.io.IOException
ksFile
- may be nullpassword
- may be nulljava.security.GeneralSecurityException
java.io.IOException
public static java.security.KeyStore loadSystemKeyStore()
public static int countCerts(java.security.KeyStore ks)
public static boolean logCertExpiration(java.io.File f, java.lang.String ksPW, long expiresWithin)
f
- keystore fileksPW
- keystore passwordexpiresWithin
- ms if cert expires within this long, we will log a warning, e.g. 180*24*60*60*1000Lpublic static boolean logCertExpiration(java.security.KeyStore ks, java.lang.String location, long expiresWithin)
location
- the path or other identifying info, for logging onlyexpiresWithin
- ms if cert expires within this long, we will log a warning, e.g. 180*24*60*60*1000Lpublic static int addCerts(java.io.File dir, java.security.KeyStore ks)
public static boolean addCert(java.io.File file, java.lang.String alias, java.security.KeyStore ks)
public static boolean addCert(java.io.File file, java.lang.String alias, java.security.KeyStore ks, java.security.cert.CertStore cs)
cs
- may be null; if non-null, check for revocationpublic static java.lang.String randomString()
public static boolean createKeys(java.io.File ks, java.lang.String alias, java.lang.String cname, java.lang.String ou, java.lang.String keyPW)
ks
- path to the keystorealias
- the name of the keycname
- e.g. localhost. Must be a hostname or email address. IP addresses will not be correctly encoded.ou
- e.g. consolekeyPW
- the key password, must be at least 6 characterspublic static boolean createKeys(java.io.File ks, java.lang.String alias, java.lang.String cname, java.util.Set<java.lang.String> altNames, java.lang.String ou, java.lang.String keyPW)
ks
- path to the keystorealias
- the name of the keycname
- e.g. localhost. Must be a hostname or email address. IP addresses will not be correctly encoded.altNames
- the Subject Alternative Names. May be null. May contain hostnames and/or IP addresses.
cname, localhost, 127.0.0.1, and ::1 will be automatically added.ou
- e.g. consolekeyPW
- the key password, must be at least 6 characterspublic static boolean createKeys(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String cname, java.lang.String ou, int validDays, java.lang.String keyAlg, int keySize, java.lang.String keyPW)
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. localhost. Must be a hostname or email address. IP addresses will not be correctly encoded.ou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyAlg
- e.g. DSA , RSA, ECkeySize
- e.g. 1024keyPW
- the key password, must be at least 6 characterspublic static boolean createKeys(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String cname, java.util.Set<java.lang.String> altNames, java.lang.String ou, int validDays, java.lang.String keyAlg, int keySize, java.lang.String keyPW)
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. localhost. Must be a hostname or email address. IP addresses will not be correctly encoded.altNames
- the Subject Alternative Names. May be null. May contain hostnames and/or IP addresses.
cname, localhost, 127.0.0.1, and ::1 will be automatically added.ou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyAlg
- e.g. DSA , RSA, ECkeySize
- e.g. 1024keyPW
- the key password, must be at least 6 characterspublic static java.lang.Object[] createKeysAndCRL(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String cname, java.lang.String ou, int validDays, java.lang.String keyAlg, int keySize, java.lang.String keyPW) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. localhost. Must be a hostname or email address. IP addresses will not be correctly encoded.ou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyAlg
- e.g. DSA , RSA, ECkeySize
- e.g. 1024keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.lang.Object[] createKeysAndCRL(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String cname, java.util.Set<java.lang.String> altNames, java.lang.String ou, int validDays, java.lang.String keyAlg, int keySize, java.lang.String keyPW) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. localhost. Must be a hostname or email address. IP addresses will not be correctly encoded.altNames
- the Subject Alternative Names. May be null. May contain hostnames and/or IP addresses.
cname, localhost, 127.0.0.1, and ::1 will be automatically added.ou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyAlg
- e.g. DSA , RSA, ECkeySize
- e.g. 1024keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.lang.Object[] createKeysAndCRL(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String cname, java.lang.String ou, int validDays, SigType type, java.lang.String keyPW) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. localhost. Must be a hostname or email address. IP addresses will not be correctly encoded.ou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.lang.Object[] createKeysAndCRL(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String cname, java.util.Set<java.lang.String> altNames, java.lang.String ou, int validDays, SigType type, java.lang.String keyPW) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore passwordalias
- the name of the keycname
- e.g. localhost. Must be a hostname or email address. IP addresses will not be correctly encoded.altNames
- the Subject Alternative Names. May be null. May contain hostnames and/or IP addresses.
cname, localhost, 127.0.0.1, and ::1 will be automatically added.ou
- e.g. consolevalidDays
- e.g. 3652 (10 years)keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.security.PrivateKey getPrivateKey(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String keyPW) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keykeyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static void exportPrivateKey(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String keyPW, java.io.OutputStream out) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keykeyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.security.cert.X509Certificate renewPrivateKeyCertificate(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String keyPW, int validDays) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the key, or null to get the first one in keystorekeyPW
- the key password, must be at least 6 charactersvalidDays
- new cert to expire this many days from nowjava.security.GeneralSecurityException
java.io.IOException
public static java.lang.String importPrivateKey(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String keyPW, java.io.InputStream in) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the key. If null, will be taken from the Subject CN
of the first certificate in the chain.keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static void storePrivateKey(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.lang.String keyPW, java.security.PrivateKey pk, java.util.List<java.security.cert.X509Certificate> certs) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the key, non-null.keyPW
- the key password, must be at least 6 charactersjava.security.GeneralSecurityException
java.io.IOException
public static java.security.cert.Certificate getCert(java.io.File ks, java.lang.String ksPW, java.lang.String alias) throws java.security.GeneralSecurityException, java.io.IOException
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keyjava.security.GeneralSecurityException
java.io.IOException
public static boolean exportCert(java.io.File ks, java.lang.String ksPW, java.lang.String alias, java.io.File certFile)
ks
- path to the keystoreksPW
- the keystore password, may be nullalias
- the name of the keycertFile
- output