Class CryptoKeystoreService
java.lang.Object
com.eurodyn.qlack.fuse.crypto.service.CryptoKeystoreService
Utility methods to interact with keystores.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionbyte[]
createKeystore
(String keystoreType, String keystoreProvider, @NotNull String keystorePassword) Creates an empty keystore.keystoreFromByteArray
(@jakarta.validation.constraints.NotNull byte[] keystore, String keystoreType, @NotNull String keystorePassword, String keystoreProvider) Converts a byte array representing aKeyStore
to a KeyStore.byte[]
keystoreToByteArray
(@NotNull KeyStore keystore, @NotNull String keystorePassword) Converts aKeyStore
to a byte array.readKeyFromKeystore
(InputStream keystore, String keystorePassword, String keyName, String keyPassword) Reads a key from the given keystore utilising the system's default keystore type and security provider.readKeyFromKeystore
(InputStream keystore, String keystorePassword, String keyName, String keyPassword, String keystoreType, String keystoreProvider) Reads a key from the given keystore.byte[]
saveCertificate
(@jakarta.validation.constraints.NotNull byte[] keystore, String keystoreType, String keystoreProvider, String keystorePassword, String certificateAlias, byte[] certificate) Saves a certificate to the keystore.byte[]
savePrivateKey
(@jakarta.validation.constraints.NotNull byte[] keystore, String keystoreType, String keystoreProvider, String keystorePassword, String keyAlias, byte[] key, String keyAlgorithm, String keyProvider, String keyPassword, Set<byte[]> certificates) Saves a private (asymmetric) key to the keystore.byte[]
saveSymmetricKey
(@jakarta.validation.constraints.NotNull byte[] keystore, String keystoreType, String keystoreProvider, @NotNull String keystorePassword, @NotNull String keyAlias, @jakarta.validation.constraints.NotNull byte[] key, @NotNull String keyPassword, @NotNull String keyAlgorithm) Saves a symmetric key to the keystore.
-
Constructor Details
-
CryptoKeystoreService
-
-
Method Details
-
readKeyFromKeystore
public CPPHolderDTO readKeyFromKeystore(InputStream keystore, String keystorePassword, String keyName, String keyPassword, String keystoreType, String keystoreProvider) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, NoSuchProviderException Reads a key from the given keystore.- Parameters:
keystore
- the keystore to read fromkeystorePassword
- the keystore passwordkeyName
- the name of the key to readkeyPassword
- the key password of the keykeystoreType
- the type of the keystorekeystoreProvider
- the security provider generated the keystore- Returns:
- the key information
- Throws:
KeyStoreException
- thrown when they key is not validIOException
- thrown when something unexpected happensCertificateException
- thrown when the certificate cannot be generatedNoSuchAlgorithmException
- thrown when no algorithm is found for encryptionUnrecoverableKeyException
- thrown when the key os not validNoSuchProviderException
- thrown when the provider is not valid
-
readKeyFromKeystore
public CPPHolderDTO readKeyFromKeystore(InputStream keystore, String keystorePassword, String keyName, String keyPassword) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, NoSuchProviderException Reads a key from the given keystore utilising the system's default keystore type and security provider.- Parameters:
keystore
- the keystore to read fromkeystorePassword
- the keystore passwordkeyName
- the name of the key to readkeyPassword
- the key's password- Returns:
- the key information
- Throws:
KeyStoreException
- thrown when they key is not validIOException
- thrown when something unexpected happensCertificateException
- thrown when the certificate cannot be generatedNoSuchAlgorithmException
- thrown when no algorithm is found for encryptionUnrecoverableKeyException
- thrown when the key os not validNoSuchProviderException
- thrown when the provider is not valid
-
keystoreToByteArray
public byte[] keystoreToByteArray(@NotNull @NotNull KeyStore keystore, @NotNull @NotNull String keystorePassword) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException Converts aKeyStore
to a byte array.- Parameters:
keystore
- The keystore to convert.keystorePassword
- The password of the keystore.- Throws:
IOException
CertificateException
NoSuchAlgorithmException
KeyStoreException
-
keystoreFromByteArray
public KeyStore keystoreFromByteArray(@NotNull @jakarta.validation.constraints.NotNull byte[] keystore, String keystoreType, @NotNull @NotNull String keystorePassword, String keystoreProvider) throws KeyStoreException, NoSuchProviderException, IOException, CertificateException, NoSuchAlgorithmException Converts a byte array representing aKeyStore
to a KeyStore.- Parameters:
keystore
- The keystore representation as a byte array.keystoreType
- The type of the keystore, e.g. PKCS12keystorePassword
- The password of the keystore.keystoreProvider
- A provider for the specific keystore type.- Throws:
KeyStoreException
NoSuchProviderException
IOException
CertificateException
NoSuchAlgorithmException
-
createKeystore
public byte[] createKeystore(String keystoreType, String keystoreProvider, @NotNull @NotNull String keystorePassword) throws KeyStoreException, NoSuchProviderException, CertificateException, NoSuchAlgorithmException, IOException Creates an empty keystore. This keystore can later on be used to add keys and certificates into it.- Parameters:
keystoreType
- The type of the keystore to create.keystoreProvider
- The provider for the specific keystore type.keystorePassword
- The password of the keystore.- Throws:
KeyStoreException
NoSuchProviderException
CertificateException
NoSuchAlgorithmException
IOException
-
saveSymmetricKey
public byte[] saveSymmetricKey(@NotNull @jakarta.validation.constraints.NotNull byte[] keystore, String keystoreType, String keystoreProvider, @NotNull @NotNull String keystorePassword, @NotNull @NotNull String keyAlias, @NotNull @jakarta.validation.constraints.NotNull byte[] key, @NotNull @NotNull String keyPassword, @NotNull @NotNull String keyAlgorithm) throws KeyStoreException, NoSuchProviderException, CertificateException, NoSuchAlgorithmException, IOException Saves a symmetric key to the keystore. If the key identified by the alias of the key already exists it gets overwritten.- Parameters:
keystore
- The keystore to save the symmetric key into.keystoreType
- The type of the keystore.keystoreProvider
- The provider for the specific type of keystore.keystorePassword
- The password of the keystore.keyAlias
- The alias under which the key will be saved.key
- The key to save.keyPassword
- The password of the key.keyAlgorithm
- The algorithm with which the key was generated.- Throws:
KeyStoreException
NoSuchProviderException
CertificateException
NoSuchAlgorithmException
IOException
-
savePrivateKey
public byte[] savePrivateKey(@NotNull @jakarta.validation.constraints.NotNull byte[] keystore, String keystoreType, String keystoreProvider, String keystorePassword, String keyAlias, byte[] key, String keyAlgorithm, String keyProvider, String keyPassword, Set<byte[]> certificates) throws NoSuchAlgorithmException, CertificateException, NoSuchProviderException, KeyStoreException, IOException, InvalidKeySpecException Saves a private (asymmetric) key to the keystore. If the key identified by the alias of the key already exists it gets overwritten.- Parameters:
keystore
- The keystore to save the symmetric key into.keystoreType
- The type of the keystore.keystoreProvider
- The provider for the specific type of keystore.keystorePassword
- The password of the keystore.keyAlias
- The alias under which the key will be saved.key
- The key to save in DER format.keyAlgorithm
- The algorithm the key was generated with.keyProvider
- The provider for the specific key algorithm.keyPassword
- The password of the key.certificates
- The certificate chain for the key.- Throws:
NoSuchAlgorithmException
CertificateException
NoSuchProviderException
KeyStoreException
IOException
InvalidKeySpecException
-
saveCertificate
public byte[] saveCertificate(@NotNull @jakarta.validation.constraints.NotNull byte[] keystore, String keystoreType, String keystoreProvider, String keystorePassword, String certificateAlias, byte[] certificate) throws NoSuchAlgorithmException, CertificateException, NoSuchProviderException, KeyStoreException, IOException Saves a certificate to the keystore. If the certificate identified by the alias already exists it gets overwritten.- Parameters:
keystore
- The keystore to save the symmetric key into.keystoreType
- The type of the keystore.keystoreProvider
- The provider for the specific type of keystore.keystorePassword
- The password of the keystore.certificate
- The certificate to save.certificateAlias
- The alias under which the certificate is saved.- Throws:
NoSuchAlgorithmException
CertificateException
NoSuchProviderException
KeyStoreException
IOException
-