public final class SecurityUtilsUtilities related to Java security.
Static Methods
createMtlsKeyStore(InputStream certAndKey)
public static KeyStore createMtlsKeyStore(InputStream certAndKey)Beta
Create a keystore for mutual TLS with the certificate and private key provided.
| Name | Description |
| certAndKey | InputStreamCertificate and private key input stream. The stream should contain one certificate and one unencrypted private key. If there are multiple certificates, only the first certificate will be used. |
| Type | Description |
| KeyStore | keystore for mutual TLS. |
| Type | Description |
| GeneralSecurityException | |
| IOException |
getDefaultKeyStore()
public static KeyStore getDefaultKeyStore()Returns the default key store using KeyStore#getDefaultType().
| Type | Description |
| KeyStore |
| Type | Description |
| KeyStoreException |
getEs256SignatureAlgorithm()
public static Signature getEs256SignatureAlgorithm()Returns the SHA-256 with ECDSA signature algorithm
| Type | Description |
| Signature |
| Type | Description |
| NoSuchAlgorithmException |
getJavaKeyStore()
public static KeyStore getJavaKeyStore()Returns the Java KeyStore (JKS).
| Type | Description |
| KeyStore |
| Type | Description |
| KeyStoreException |
getPkcs12KeyStore()
public static KeyStore getPkcs12KeyStore()Returns the PKCS12 key store.
| Type | Description |
| KeyStore |
| Type | Description |
| KeyStoreException |
getPrivateKey(KeyStore keyStore, String alias, String keyPass)
public static PrivateKey getPrivateKey(KeyStore keyStore, String alias, String keyPass)Returns the private key from the key store.
| Name | Description |
| keyStore | KeyStorekey store |
| alias | Stringalias under which the key is stored |
| keyPass | Stringpassword protecting the key |
| Type | Description |
| PrivateKey | private key |
| Type | Description |
| GeneralSecurityException |
getRsaKeyFactory()
public static KeyFactory getRsaKeyFactory()Returns the RSA key factory.
| Type | Description |
| KeyFactory |
| Type | Description |
| NoSuchAlgorithmException |
getSha1WithRsaSignatureAlgorithm()
public static Signature getSha1WithRsaSignatureAlgorithm()Returns the SHA-1 with RSA signature algorithm.
| Type | Description |
| Signature |
| Type | Description |
| NoSuchAlgorithmException |
getSha256WithRsaSignatureAlgorithm()
public static Signature getSha256WithRsaSignatureAlgorithm()Returns the SHA-256 with RSA signature algorithm.
| Type | Description |
| Signature |
| Type | Description |
| NoSuchAlgorithmException |
getX509CertificateFactory()
public static CertificateFactory getX509CertificateFactory()Returns the X.509 certificate factory.
| Type | Description |
| CertificateFactory |
| Type | Description |
| CertificateException |
loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)
public static void loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)Loads a key store from a stream.
Example usage:
KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStore(keyStore, new FileInputStream("certs.jks"), "password");
| Name | Description |
| keyStore | KeyStorekey store |
| keyStream | InputStreaminput stream to the key store stream (closed at the end of this method in a finally block) |
| storePass | Stringpassword protecting the key store file |
| Type | Description |
| IOException | |
| GeneralSecurityException |
loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)
public static void loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)Loads a key store with certificates generated from the specified stream using CertificateFactory#generateCertificates(InputStream).
For each certificate, KeyStore#setCertificateEntry(String, Certificate) is called with an alias that is the string form of incrementing non-negative integers starting with 0 (0, 1, 2, 3, ...).
Example usage:
KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStoreFromCertificates(keyStore, SecurityUtils.getX509CertificateFactory(), new FileInputStream(pemFile));
| Name | Description |
| keyStore | KeyStorekey store (for example #getJavaKeyStore()) |
| certificateFactory | CertificateFactorycertificate factory (for example #getX509CertificateFactory()) |
| certificateStream | InputStreamcertificate stream |
| Type | Description |
| GeneralSecurityException |
loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)
public static PrivateKey loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)Retrieves a private key from the specified key store stream and specified key store.
| Name | Description |
| keyStore | KeyStorekey store |
| keyStream | InputStreaminput stream to the key store (closed at the end of this method in a finally block) |
| storePass | Stringpassword protecting the key store file |
| alias | Stringalias under which the key is stored |
| keyPass | Stringpassword protecting the key |
| Type | Description |
| PrivateKey | key from the key store |
| Type | Description |
| IOException | |
| GeneralSecurityException |
sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)
public static byte[] sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)Signs content using a private key.
| Name | Description |
| signatureAlgorithm | Signaturesignature algorithm |
| privateKey | PrivateKeyprivate key |
| contentBytes | byte[]content to sign |
| Type | Description |
| byte[] | signed content |
| Type | Description |
| InvalidKeyException | |
| SignatureException |
verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)
public static boolean verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)Verifies the signature of signed content based on a public key.
| Name | Description |
| signatureAlgorithm | Signaturesignature algorithm |
| publicKey | PublicKeypublic key |
| signatureBytes | byte[]signature bytes |
| contentBytes | byte[]content bytes |
| Type | Description |
| boolean | whether the signature was verified |
| Type | Description |
| InvalidKeyException | |
| SignatureException |
verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)
public static X509Certificate verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)Verifies the signature of signed content based on a certificate chain.
| Name | Description |
| signatureAlgorithm | Signaturesignature algorithm |
| trustManager | X509TrustManagertrust manager used to verify the certificate chain |
| certChainBase64 | List<String>Certificate chain used for verification. The certificates must be base64 encoded DER, the leaf certificate must be the first element. |
| signatureBytes | byte[]signature bytes |
| contentBytes | byte[]content bytes |
| Type | Description |
| X509Certificate | The signature certificate if the signature could be verified, null otherwise. |
| Type | Description |
| InvalidKeyException | |
| SignatureException |