下面列出了java.security.KeyStore#entryInstanceOf ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
/**
* Extracts the {@link java.security.KeyStore.TrustedCertificateEntry}s from the specified KeyStore. All other entry
* types, including private keys, will be ignored.
*
* @param trustStore keystore containing trusted certificate entries
* @return the trusted certificate entries in the specified keystore
*/
public static List<X509Certificate> extractTrustedCertificateEntries(KeyStore trustStore) {
try {
Enumeration<String> aliases = trustStore.aliases();
List<String> keyStoreAliases = Collections.list(aliases);
List<X509Certificate> trustedCertificates = new ArrayList<>(keyStoreAliases.size());
for (String alias : keyStoreAliases) {
if (trustStore.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) {
Certificate certificate = trustStore.getCertificate(alias);
if (!(certificate instanceof X509Certificate)) {
log.debug("Skipping non-X509Certificate in KeyStore. Certificate type: {}", certificate.getType());
continue;
}
trustedCertificates.add((X509Certificate) certificate);
}
}
return trustedCertificates;
} catch (KeyStoreException e) {
throw new KeyStoreAccessException("Error occurred while retrieving trusted CAs from KeyStore", e);
}
}
/**
* Extracts the {@link KeyStore.TrustedCertificateEntry}s from the specified KeyStore. All other entry
* types, including private keys, will be ignored.
*
* @param trustStore keystore containing trusted certificate entries
* @return the trusted certificate entries in the specified keystore
*/
public static List<X509Certificate> extractTrustedCertificateEntries(KeyStore trustStore) {
try {
Enumeration<String> aliases = trustStore.aliases();
List<String> keyStoreAliases = Collections.list(aliases);
List<X509Certificate> trustedCertificates = new ArrayList<>(keyStoreAliases.size());
for (String alias : keyStoreAliases) {
if (trustStore.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) {
Certificate certificate = trustStore.getCertificate(alias);
if (!(certificate instanceof X509Certificate)) {
log.debug("Skipping non-X509Certificate in KeyStore. Certificate type: {}", certificate.getType());
continue;
}
trustedCertificates.add((X509Certificate) certificate);
}
}
return trustedCertificates;
} catch (KeyStoreException e) {
throw new KeyStoreAccessException("Error occurred while retrieving trusted CAs from KeyStore", e);
}
}
public QpidBestFitX509KeyManager(String defaultAlias,
URL keyStoreUrl, String keyStoreType,
String keyStorePassword, String keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
{
KeyStore ks = SSLUtil.getInitializedKeyStore(keyStoreUrl,keyStorePassword,keyStoreType);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
kmf.init(ks, keyStorePassword.toCharArray());
List<String> aliases = new ArrayList<>();
for(String alias : Collections.list(ks.aliases()))
{
if(ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class))
{
aliases.add(alias);
}
}
_aliases = Collections.unmodifiableList(aliases);
_delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
_defaultAlias = defaultAlias;
}
/**
* Extracts the {@link KeyStore.TrustedCertificateEntry}s from the specified KeyStore. All other entry
* types, including private keys, will be ignored.
*
* @param trustStore keystore containing trusted certificate entries
* @return the trusted certificate entries in the specified keystore
*/
public static List<X509Certificate> extractTrustedCertificateEntries(KeyStore trustStore) {
try {
Enumeration<String> aliases = trustStore.aliases();
List<String> keyStoreAliases = Collections.list(aliases);
List<X509Certificate> trustedCertificates = new ArrayList<>(keyStoreAliases.size());
for (String alias : keyStoreAliases) {
if (trustStore.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) {
Certificate certificate = trustStore.getCertificate(alias);
if (!(certificate instanceof X509Certificate)) {
log.debug("Skipping non-X509Certificate in KeyStore. Certificate type: {}", certificate.getType());
continue;
}
trustedCertificates.add((X509Certificate) certificate);
}
}
return trustedCertificates;
} catch (KeyStoreException e) {
throw new KeyStoreAccessException("Error occurred while retrieving trusted CAs from KeyStore", e);
}
}
/**
* Extracts the {@link java.security.KeyStore.TrustedCertificateEntry}s from the specified KeyStore. All other entry
* types, including private keys, will be ignored.
*
* @param trustStore keystore containing trusted certificate entries
* @return the trusted certificate entries in the specified keystore
*/
public static List<X509Certificate> extractTrustedCertificateEntries(KeyStore trustStore) {
try {
Enumeration<String> aliases = trustStore.aliases();
List<String> keyStoreAliases = Collections.list(aliases);
List<X509Certificate> trustedCertificates = new ArrayList<>(keyStoreAliases.size());
for (String alias : keyStoreAliases) {
if (trustStore.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) {
Certificate certificate = trustStore.getCertificate(alias);
if (!(certificate instanceof X509Certificate)) {
log.debug("Skipping non-X509Certificate in KeyStore. Certificate type: {}", certificate.getType());
continue;
}
trustedCertificates.add((X509Certificate) certificate);
}
}
return trustedCertificates;
} catch (KeyStoreException e) {
throw new KeyStoreAccessException("Error occurred while retrieving trusted CAs from KeyStore", e);
}
}
private static void listaccesskeys(String keystorelocation, String password) throws Exception {
KeyStore keystore = KeyStore.getInstance("BCFKS", BC_FIPS_PROVIDER);
keystore.load(new FileInputStream(keystorelocation), password.toCharArray());
java.util.SortedSet<String> hsmobj = new java.util.TreeSet<>();
for (Enumeration<String> e = keystore.aliases(); e.hasMoreElements();) {
hsmobj.add(e.nextElement());
}
System.out.println("===> Objects in keystore:");
for (String s : hsmobj) {
if (keystore.entryInstanceOf(s, SecretKeyEntry.class)) {
System.out.println(String.format("%-24s %-20s %-48s", s, "SecretKey", "created on " + keystore.getCreationDate(s)));
}
}
}
@RequiresApi(Build.VERSION_CODES.M)
private static boolean hasKeyStoreEntry() {
try {
KeyStore ks = KeyStore.getInstance(ANDROID_KEY_STORE);
ks.load(null);
return ks.containsAlias(KEY_ALIAS) && ks.entryInstanceOf(KEY_ALIAS, KeyStore.SecretKeyEntry.class);
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException e) {
throw new AssertionError(e);
}
}
/**
* The OpenSSL provider does not support the {@link KeyManagerFactory}, so we have to lookup the integration
* certificate and key in order to provide it to OpenSSL.
* <p>
* TODO: SNI is currently not supported, we use only the first found private key.
*/
private static SslContextBuilder builderWithOpenSSLProvider(KeyStore ks, String keyPassword)
throws GeneralSecurityException {
for (String alias : Collections.list(ks.aliases())) {
if (ks.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
PrivateKey key = (PrivateKey) ks.getKey(alias, keyPassword.toCharArray());
Certificate[] chain = ks.getCertificateChain(alias);
X509Certificate[] certChain = new X509Certificate[chain.length];
System.arraycopy(chain, 0, certChain, 0, chain.length);
return SslContextBuilder.forServer(key, certChain);
}
}
throw new KeyManagementException("the SSL key-store does not contain a private key");
}
private String getEntryType(KeyStore keyStore, String alias) throws KeyStoreException {
if (keyStore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
return KeyStore.PrivateKeyEntry.class.getSimpleName();
} else if (keyStore.entryInstanceOf(alias, KeyStore.SecretKeyEntry.class)) {
return KeyStore.SecretKeyEntry.class.getSimpleName();
} else if (keyStore.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) {
return KeyStore.TrustedCertificateEntry.class.getSimpleName();
} else if (keyStore.entryInstanceOf(alias, PasswordEntry.class)) {
return PasswordEntry.class.getSimpleName();
} else {
return "Other";
}
}
public void removeClientCertificate(String alias) throws KeyStoreException {
KeyStore moduleKeyStore = getModuleKeyStore();
if (!moduleKeyStore.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) {
throw new RuntimeException("Only entries of type " + KeyStoreEntryDataContainer.DISPLAYABLE_ENTRY_TYPES.get(KeyStore.TrustedCertificateEntry.class) + " can be removed");
}
getModuleKeyStore().deleteEntry(alias);
}