nl.nikhef.slcshttps.crypto
Class CryptoStore

java.lang.Object
  nl.nikhef.slcshttps.crypto.CryptoStore

public class CryptoStore
extends Object

This class is a holder for the different cryptographic objects: keypair (PrivateKey/PublicKey), certificate signing request (CSR) and a KeyStore containg the signed X509Certificate. The private key cannot be obtained directly, only indirectly by getting a KeyManager for the certificate. The keypair is created at construction time, or imported when using importPKCS12(KeyStore,char[]).

Version:

0.1

Author:

Mischa Sallé

Field Summary

private static String	CERT_ALIAS default alias for entry in keyStore containing the privatekey and certificate.
private CSR	csr Contains the CSR, initialized using CSRinit() or CSRinit(String), can be obtained using getCSR().
protected static int	KEYLENGTH default keylength is 1024.
private KeyStore	keyStore Keystore containing the signed X509Certificate and corresponding PrivateKey.
private char[]	password Password for entry in keyStore, initialized in constructor to a random value.
private static int	PASSWORD_LENGTH default length for keystore-entry random password is 16.
private PrivateKey	privateKey Contains private key, will be initialized in constructor.
private PublicKey	publicKey Contains public key, will be initialized in constructor.

Constructor Summary

CryptoStore()
Constructs a new CryptoStore, using a default RSA keylength 1024.

CryptoStore(int keyLen)
Constructs a new CryptoStore, using a RSA keylength keyLen.

Method Summary

void	CSRinit() Initializes a new certificate signing request (CSR) with a default DN.
void	CSRinit(String DN) Initializes a new certificate signing Request (CSR) for the given DN.
void	deleteCertificate() Removes the entry in the internal KeyStore which was stored with the default alias CERT_ALIAS.
void	deleteCertificate(String alias) Removes the entry in the internal KeyStore which was stored with the given alias.
X509Certificate	getCertificate() Returns the X509Certificate which was stored using the default CERT_ALIAS alias, if this alias is for a KeyEntry (which comes with a certificate chain), the first certificate in the chain is returned.
X509Certificate	getCertificate(String alias) Returns the X509Certificate which was stored with given alias, if this alias is for a KeyEntry (which comes with a certificate chain), the first certificate in the chain is returned.
CSR	getCSR() Returns the current CSR.
(package private) KeyManager[]	getKeyManagers() Returns a KeyManager[] array which can be used for, for example, setting up SSL connections.
private char[]	getPassword(int length) Creates a random password of length length from the set [a-zA-Z0-9].
X509Certificate	importPKCS12(KeyStore pkcs12Store, char[] password) Imports a X509Certificate and keypair from an existing PKCS12 KeyStore protected with password.
void	storeCertificate(X509Certificate x509Cert) Stores X509Certificate x509Cert in the internal keyStore, using the constant alias CERT_ALIAS and random password password.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

privateKey

private PrivateKey privateKey

Contains private key, will be initialized in constructor.

publicKey

private PublicKey publicKey

Contains public key, will be initialized in constructor.

csr

private CSR csr

Contains the CSR, initialized using CSRinit() or CSRinit(String), can be obtained using getCSR().

keyStore

private KeyStore keyStore

Keystore containing the signed X509Certificate and corresponding PrivateKey.

password

private char[] password

Password for entry in keyStore, initialized in constructor to a random value.

CERT_ALIAS

private static final String CERT_ALIAS

default alias for entry in keyStore containing the privatekey and certificate.

See Also:

Constant Field Values

PASSWORD_LENGTH

private static final int PASSWORD_LENGTH

default length for keystore-entry random password is 16.

See Also:

Constant Field Values

KEYLENGTH

protected static final int KEYLENGTH

default keylength is 1024.

See Also:

Constant Field Values

Constructor Detail

CryptoStore

public CryptoStore(int keyLen)
            throws NoSuchProviderException,
                   KeyStoreException

Constructs a new CryptoStore, using a RSA keylength keyLen. This initializes the BouncyCastleProvider if necessary, creates the keypair, initializes the internal PKCS12 KeyStore and creates the random password with length PASSWORD_LENGTH=16.

Parameters:

keyLen - the key length used for the keypair

Throws:

NoSuchProviderException - if adding the BouncyCastleProvider fails.

KeyStoreException - for other errors relating to key creation.

See Also:

CryptoStore()

CryptoStore

public CryptoStore()
            throws NoSuchProviderException,
                   KeyStoreException

Constructs a new CryptoStore, using a default RSA keylength 1024. This initializes the BouncyCastleProvider if necessary, creates the keypair, initializes the internal PKCS12 KeyStore and creates the random password with length 16.

Throws:

NoSuchProviderException - if adding the BouncyCastleProvider fails.

KeyStoreException - for other errors relating to key creation.

See Also:

CryptoStore(int)

Method Detail

CSRinit

public void CSRinit(String DN)
             throws SignatureException

Initializes a new certificate signing Request (CSR) for the given DN.

Parameters:

DN - String describing the DN to use in the CSR.

Throws:

SignatureException - upon error.

See Also:

CSR.CSR(String,PublicKey,PrivateKey)

CSRinit

public void CSRinit()
             throws SignatureException

Initializes a new certificate signing request (CSR) with a default DN.

Throws:

SignatureException

See Also:

CSRinit(String), CSR.CSR(PublicKey,PrivateKey)

getCSR

public CSR getCSR()

Returns the current CSR.

Returns:

CSR, the current CSR.

storeCertificate

public void storeCertificate(X509Certificate x509Cert)
                      throws KeyStoreException

Stores X509Certificate x509Cert in the internal keyStore, using the constant alias CERT_ALIAS and random password password.

Parameters:

x509Cert - the certificate to be stored.

Throws:

KeyStoreException - upon error.

importPKCS12

public X509Certificate importPKCS12(KeyStore pkcs12Store,
                                    char[] password)
                             throws CertificateException,
                                    KeyStoreException

Imports a X509Certificate and keypair from an existing PKCS12 KeyStore protected with password. Only the first entry in the KeyStore will be used and this should be a KeyEntry with the certificate and private key. The public key is derived from the certificate itself. The password should be the same for keystore and entry inside it.

Parameters:

pkcs12Store - PKCS12 KeyStore.

password - PKCS12 KeyStore password, also password for getting the private key

Returns:

X509Certificate the certificate imported from the PKCS12 KeyStore.

Throws:

KeyStoreException - in case the KeyStore could not be read, is not PKCS12, is empty etc.

CertificateException - in case the certificate/key cannot be retrieved from the KeyStore, if there is no key etc.

See Also:

KeyStore.isKeyEntry(String)

getCertificate

public X509Certificate getCertificate(String alias)
                               throws KeyStoreException

Returns the X509Certificate which was stored with given alias, if this alias is for a KeyEntry (which comes with a certificate chain), the first certificate in the chain is returned.

Parameters:

alias - alias for the KeyStore entry

Returns:

X509Certificate stored using the given alias.

Throws:

KeyStoreException

See Also:

KeyStore.getCertificate(java.lang.String)

getCertificate

public X509Certificate getCertificate()
                               throws KeyStoreException

Returns the X509Certificate which was stored using the default CERT_ALIAS alias, if this alias is for a KeyEntry (which comes with a certificate chain), the first certificate in the chain is returned.

Returns:

X509Certificate stored using the default CERT_ALIAS.

Throws:

KeyStoreException

See Also:

getCertificate(String)

deleteCertificate

public void deleteCertificate(String alias)
                       throws KeyStoreException

Removes the entry in the internal KeyStore which was stored with the given alias.

Parameters:

alias - alias for the KeyStore entry

Throws:

KeyStoreException

deleteCertificate

public void deleteCertificate()
                       throws KeyStoreException

Removes the entry in the internal KeyStore which was stored with the default alias CERT_ALIAS.

Throws:

KeyStoreException

See Also:

deleteCertificate(String)

getKeyManagers

KeyManager[] getKeyManagers()
                      throws KeyStoreException

Returns a KeyManager[] array which can be used for, for example, setting up SSL connections. Note that a KeyManager gives public access to its private key, hence this method is package private.

Returns:

KeyManager[]

Throws:

KeyStoreException - in case of error

getPassword

private char[] getPassword(int length)
                    throws KeyStoreException

Creates a random password of length length from the set [a-zA-Z0-9].

Parameters:

length - length of password.

Returns:

char[] with the password.

Throws:

KeyStoreException - upon error