Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Class SecurityUtils (1.41.8)

public final class SecurityUtils

Utilities related to Java security.

Inheritance

java.lang.Object > SecurityUtils

Inherited Members

Object.clone()

Object.equals(Object)

Object.finalize()

Object.getClass()

Object.hashCode()

Object.notify()

Object.notifyAll()

Object.toString()

Object.wait()

Object.wait(long)

Object.wait(long,int)

Static Methods

createMtlsKeyStore(InputStream certAndKey)

public static KeyStore createMtlsKeyStore(InputStream certAndKey)

Beta
Create a keystore for mutual TLS with the certificate and private key provided.

Parameter

Name	Description
certAndKey	`InputStream` Certificate and private key input stream. The stream should contain one certificate and one unencrypted private key. If there are multiple certificates, only the first certificate will be used.

Returns

Type	Description
KeyStore	keystore for mutual TLS.

Exceptions

Type	Description
GeneralSecurityException
IOException

getDefaultKeyStore()

public static KeyStore getDefaultKeyStore()

Returns the default key store using KeyStore#getDefaultType().

Returns

Type	Description
KeyStore

Exceptions

Type	Description
KeyStoreException

getEs256SignatureAlgorithm()

public static Signature getEs256SignatureAlgorithm()

Returns the SHA-256 with ECDSA signature algorithm

Returns

Type	Description
Signature

Exceptions

Type	Description
NoSuchAlgorithmException

getJavaKeyStore()

public static KeyStore getJavaKeyStore()

Returns the Java KeyStore (JKS).

Returns

Type	Description
KeyStore

Exceptions

Type	Description
KeyStoreException

getPkcs12KeyStore()

public static KeyStore getPkcs12KeyStore()

Returns the PKCS12 key store.

Returns

Type	Description
KeyStore

Exceptions

Type	Description
KeyStoreException

getPrivateKey(KeyStore keyStore, String alias, String keyPass)

public static PrivateKey getPrivateKey(KeyStore keyStore, String alias, String keyPass)

Returns the private key from the key store.

Parameters

Name	Description
keyStore	`KeyStore` key store
alias	`String` alias under which the key is stored
keyPass	`String` password protecting the key

Returns

Type	Description
PrivateKey	private key

Exceptions

Type	Description
GeneralSecurityException

getRsaKeyFactory()

public static KeyFactory getRsaKeyFactory()

Returns the RSA key factory.

Returns

Type	Description
KeyFactory

Exceptions

Type	Description
NoSuchAlgorithmException

getSha1WithRsaSignatureAlgorithm()

public static Signature getSha1WithRsaSignatureAlgorithm()

Returns the SHA-1 with RSA signature algorithm.

Returns

Type	Description
Signature

Exceptions

Type	Description
NoSuchAlgorithmException

getSha256WithRsaSignatureAlgorithm()

public static Signature getSha256WithRsaSignatureAlgorithm()

Returns the SHA-256 with RSA signature algorithm.

Returns

Type	Description
Signature

Exceptions

Type	Description
NoSuchAlgorithmException

getX509CertificateFactory()

public static CertificateFactory getX509CertificateFactory()

Returns the X.509 certificate factory.

Returns

Type	Description
CertificateFactory

Exceptions

Type	Description
CertificateException

loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)

public static void loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)

Loads a key store from a stream.

Example usage:

KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStore(keyStore, new FileInputStream("certs.jks"), "password");

Parameters

Name	Description
keyStore	`KeyStore` key store
keyStream	`InputStream` input stream to the key store stream (closed at the end of this method in a finally block)
storePass	`String` password protecting the key store file

Exceptions

Type	Description
IOException
GeneralSecurityException

loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)

public static void loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)

Loads a key store with certificates generated from the specified stream using CertificateFactory#generateCertificates(InputStream).

For each certificate, KeyStore#setCertificateEntry(String, Certificate) is called with an alias that is the string form of incrementing non-negative integers starting with 0 (0, 1, 2, 3, ...).

Example usage:

KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStoreFromCertificates(keyStore, SecurityUtils.getX509CertificateFactory(), new FileInputStream(pemFile));

Parameters

Name	Description
keyStore	`KeyStore` key store (for example #getJavaKeyStore())
certificateFactory	`CertificateFactory` certificate factory (for example #getX509CertificateFactory())
certificateStream	`InputStream` certificate stream

Exceptions

Type	Description
GeneralSecurityException

loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)

public static PrivateKey loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)

Retrieves a private key from the specified key store stream and specified key store.

Parameters

Name	Description
keyStore	`KeyStore` key store
keyStream	`InputStream` input stream to the key store (closed at the end of this method in a finally block)
storePass	`String` password protecting the key store file
alias	`String` alias under which the key is stored
keyPass	`String` password protecting the key

Returns

Type	Description
PrivateKey	key from the key store

Exceptions

Type	Description
IOException
GeneralSecurityException

sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)

public static byte[] sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)

Signs content using a private key.

Parameters

Name	Description
signatureAlgorithm	`Signature` signature algorithm
privateKey	`PrivateKey` private key
contentBytes	`byte[]` content to sign

Returns

Type	Description
byte[]	signed content

Exceptions

Type	Description
InvalidKeyException
SignatureException

verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)

public static boolean verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)

Verifies the signature of signed content based on a public key.

Parameters

Name	Description
signatureAlgorithm	`Signature` signature algorithm
publicKey	`PublicKey` public key
signatureBytes	`byte[]` signature bytes
contentBytes	`byte[]` content bytes

Returns

Type	Description
boolean	whether the signature was verified

Exceptions

Type	Description
InvalidKeyException
SignatureException

verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)

public static X509Certificate verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)

Verifies the signature of signed content based on a certificate chain.

Parameters

Name	Description
signatureAlgorithm	`Signature` signature algorithm
trustManager	`X509TrustManager` trust manager used to verify the certificate chain
certChainBase64	`List<String>` Certificate chain used for verification. The certificates must be base64 encoded DER, the leaf certificate must be the first element.
signatureBytes	`byte[]` signature bytes
contentBytes	`byte[]` content bytes

Returns

Type	Description
X509Certificate	The signature certificate if the signature could be verified, null otherwise.

Exceptions

Type	Description
InvalidKeyException
SignatureException