Class SecurityUtils (1.43.0)

public final class SecurityUtils

Utilities related to Java security.

Inheritance

java.lang.Object > SecurityUtils

Inherited Members

Object.clone()

Object.equals(Object)

Object.finalize()

Object.getClass()

Object.hashCode()

Object.notify()

Object.notifyAll()

Object.toString()

Object.wait()

Object.wait(long)

Object.wait(long,int)

Static Methods

createMtlsKeyStore(InputStream certAndKey)

public static KeyStore createMtlsKeyStore(InputStream certAndKey)

Beta
Create a keystore for mutual TLS with the certificate and private key provided.

Parameter

Name	Description
`certAndKey`	`InputStream` Certificate and private key input stream. The stream should contain one certificate and one unencrypted private key. If there are multiple certificates, only the first certificate will be used.

Returns

Type	Description
`KeyStore`	keystore for mutual TLS.

Exceptions

Type	Description
`GeneralSecurityException`
`IOException`

getDefaultKeyStore()

public static KeyStore getDefaultKeyStore()

Returns the default key store using KeyStore#getDefaultType().

Returns

Type	Description
`KeyStore`

Exceptions

Type	Description
`KeyStoreException`

getEs256SignatureAlgorithm()

public static Signature getEs256SignatureAlgorithm()

Returns the SHA-256 with ECDSA signature algorithm

Returns

Type	Description
`Signature`

Exceptions

Type	Description
`NoSuchAlgorithmException`

getJavaKeyStore()

public static KeyStore getJavaKeyStore()

Returns the Java KeyStore (JKS).

Returns

Type	Description
`KeyStore`

Exceptions

Type	Description
`KeyStoreException`

getPkcs12KeyStore()

public static KeyStore getPkcs12KeyStore()

Returns the PKCS12 key store.

Returns

Type	Description
`KeyStore`

Exceptions

Type	Description
`KeyStoreException`

getPrivateKey(KeyStore keyStore, String alias, String keyPass)

public static PrivateKey getPrivateKey(KeyStore keyStore, String alias, String keyPass)

Returns the private key from the key store.

Parameters

Name	Description
`keyStore`	`KeyStore` key store
`alias`	`String` alias under which the key is stored
`keyPass`	`String` password protecting the key

Returns

Type	Description
`PrivateKey`	private key

Exceptions

Type	Description
`GeneralSecurityException`

getRsaKeyFactory()

public static KeyFactory getRsaKeyFactory()

Returns the RSA key factory.

Returns

Type	Description
`KeyFactory`

Exceptions

Type	Description
`NoSuchAlgorithmException`

getSha1WithRsaSignatureAlgorithm()

public static Signature getSha1WithRsaSignatureAlgorithm()

Returns the SHA-1 with RSA signature algorithm.

Returns

Type	Description
`Signature`

Exceptions

Type	Description
`NoSuchAlgorithmException`

getSha256WithRsaSignatureAlgorithm()

public static Signature getSha256WithRsaSignatureAlgorithm()

Returns the SHA-256 with RSA signature algorithm.

Returns

Type	Description
`Signature`

Exceptions

Type	Description
`NoSuchAlgorithmException`

getX509CertificateFactory()

public static CertificateFactory getX509CertificateFactory()

Returns the X.509 certificate factory.

Returns

Type	Description
`CertificateFactory`

Exceptions

Type	Description
`CertificateException`

loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)

public static void loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)

Loads a key store from a stream.

Example usage:

KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStore(keyStore, new FileInputStream("certs.jks"), "password");

Parameters

Name	Description
`keyStore`	`KeyStore` key store
`keyStream`	`InputStream` input stream to the key store stream (closed at the end of this method in a finally block)
`storePass`	`String` password protecting the key store file

Exceptions

Type	Description
`IOException`
`GeneralSecurityException`

loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)

public static void loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)

Loads a key store with certificates generated from the specified stream using CertificateFactory#generateCertificates(InputStream).

For each certificate, KeyStore#setCertificateEntry(String, Certificate) is called with an alias that is the string form of incrementing non-negative integers starting with 0 (0, 1, 2, 3, ...).

Example usage:

KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStoreFromCertificates(keyStore, SecurityUtils.getX509CertificateFactory(), new FileInputStream(pemFile));

Parameters

Name	Description
`keyStore`	`KeyStore` key store (for example #getJavaKeyStore())
`certificateFactory`	`CertificateFactory` certificate factory (for example #getX509CertificateFactory())
`certificateStream`	`InputStream` certificate stream

Exceptions

Type	Description
`GeneralSecurityException`

loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)

public static PrivateKey loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)

Retrieves a private key from the specified key store stream and specified key store.

Parameters

Name	Description
`keyStore`	`KeyStore` key store
`keyStream`	`InputStream` input stream to the key store (closed at the end of this method in a finally block)
`storePass`	`String` password protecting the key store file
`alias`	`String` alias under which the key is stored
`keyPass`	`String` password protecting the key

Returns

Type	Description
`PrivateKey`	key from the key store

Exceptions

Type	Description
`IOException`
`GeneralSecurityException`

sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)

public static byte[] sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)

Signs content using a private key.

Parameters

Name	Description
`signatureAlgorithm`	`Signature` signature algorithm
`privateKey`	`PrivateKey` private key
`contentBytes`	`byte[]` content to sign

Returns

Type	Description
`byte[]`	signed content

Exceptions

Type	Description
`InvalidKeyException`
`SignatureException`

verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)

public static boolean verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)

Verifies the signature of signed content based on a public key.

Parameters

Name	Description
`signatureAlgorithm`	`Signature` signature algorithm
`publicKey`	`PublicKey` public key
`signatureBytes`	`byte[]` signature bytes
`contentBytes`	`byte[]` content bytes

Returns

Type	Description
`boolean`	whether the signature was verified

Exceptions

Type	Description
`InvalidKeyException`
`SignatureException`

verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)

public static X509Certificate verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)

Verifies the signature of signed content based on a certificate chain.

Parameters

Name	Description
`signatureAlgorithm`	`Signature` signature algorithm
`trustManager`	`X509TrustManager` trust manager used to verify the certificate chain
`certChainBase64`	`List<String>` Certificate chain used for verification. The certificates must be base64 encoded DER, the leaf certificate must be the first element.
`signatureBytes`	`byte[]` signature bytes
`contentBytes`	`byte[]` content bytes

Returns

Type	Description
`X509Certificate`	The signature certificate if the signature could be verified, null otherwise.

Exceptions

Type	Description
`InvalidKeyException`
`SignatureException`