Class SecurityUtils (1.45.0)

public final class SecurityUtils

Utilities related to Java security.

Inheritance

java.lang.Object > SecurityUtils

Static Methods

createMtlsKeyStore(InputStream certAndKey)

public static KeyStore createMtlsKeyStore(InputStream certAndKey)

Beta
Create a keystore for mutual TLS with the certificate and private key provided.

Parameter
Name Description
certAndKey InputStream

Certificate and private key input stream. The stream should contain one certificate and one unencrypted private key. If there are multiple certificates, only the first certificate will be used.

Returns
Type Description
KeyStore

keystore for mutual TLS.

Exceptions
Type Description
GeneralSecurityException
IOException

getDefaultKeyStore()

public static KeyStore getDefaultKeyStore()

Returns the default key store using KeyStore#getDefaultType().

Returns
Type Description
KeyStore
Exceptions
Type Description
KeyStoreException

getEs256SignatureAlgorithm()

public static Signature getEs256SignatureAlgorithm()

Returns the SHA-256 with ECDSA signature algorithm

Returns
Type Description
Signature
Exceptions
Type Description
NoSuchAlgorithmException

getJavaKeyStore()

public static KeyStore getJavaKeyStore()

Returns the Java KeyStore (JKS).

Returns
Type Description
KeyStore
Exceptions
Type Description
KeyStoreException

getPkcs12KeyStore()

public static KeyStore getPkcs12KeyStore()

Returns the PKCS12 key store.

Returns
Type Description
KeyStore
Exceptions
Type Description
KeyStoreException

getPrivateKey(KeyStore keyStore, String alias, String keyPass)

public static PrivateKey getPrivateKey(KeyStore keyStore, String alias, String keyPass)

Returns the private key from the key store.

Parameters
Name Description
keyStore KeyStore

key store

alias String

alias under which the key is stored

keyPass String

password protecting the key

Returns
Type Description
PrivateKey

private key

Exceptions
Type Description
GeneralSecurityException

getRsaKeyFactory()

public static KeyFactory getRsaKeyFactory()

Returns the RSA key factory.

Returns
Type Description
KeyFactory
Exceptions
Type Description
NoSuchAlgorithmException

getSha1WithRsaSignatureAlgorithm()

public static Signature getSha1WithRsaSignatureAlgorithm()

Returns the SHA-1 with RSA signature algorithm.

Returns
Type Description
Signature
Exceptions
Type Description
NoSuchAlgorithmException

getSha256WithRsaSignatureAlgorithm()

public static Signature getSha256WithRsaSignatureAlgorithm()

Returns the SHA-256 with RSA signature algorithm.

Returns
Type Description
Signature
Exceptions
Type Description
NoSuchAlgorithmException

getX509CertificateFactory()

public static CertificateFactory getX509CertificateFactory()

Returns the X.509 certificate factory.

Returns
Type Description
CertificateFactory
Exceptions
Type Description
CertificateException

loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)

public static void loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)

Loads a key store from a stream.

Example usage:

KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStore(keyStore, new FileInputStream("certs.jks"), "password");

Parameters
Name Description
keyStore KeyStore

key store

keyStream InputStream

input stream to the key store stream (closed at the end of this method in a finally block)

storePass String

password protecting the key store file

Exceptions
Type Description
IOException
GeneralSecurityException

loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)

public static void loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)

Loads a key store with certificates generated from the specified stream using CertificateFactory#generateCertificates(InputStream).

For each certificate, KeyStore#setCertificateEntry(String, Certificate) is called with an alias that is the string form of incrementing non-negative integers starting with 0 (0, 1, 2, 3, ...).

Example usage:

KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStoreFromCertificates(keyStore, SecurityUtils.getX509CertificateFactory(), new FileInputStream(pemFile));

Parameters
Name Description
keyStore KeyStore

key store (for example #getJavaKeyStore())

certificateFactory CertificateFactory

certificate factory (for example #getX509CertificateFactory())

certificateStream InputStream

certificate stream

Exceptions
Type Description
GeneralSecurityException

loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)

public static PrivateKey loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)

Retrieves a private key from the specified key store stream and specified key store.

Parameters
Name Description
keyStore KeyStore

key store

keyStream InputStream

input stream to the key store (closed at the end of this method in a finally block)

storePass String

password protecting the key store file

alias String

alias under which the key is stored

keyPass String

password protecting the key

Returns
Type Description
PrivateKey

key from the key store

Exceptions
Type Description
IOException
GeneralSecurityException

sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)

public static byte[] sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)

Signs content using a private key.

Parameters
Name Description
signatureAlgorithm Signature

signature algorithm

privateKey PrivateKey

private key

contentBytes byte[]

content to sign

Returns
Type Description
byte[]

signed content

Exceptions
Type Description
InvalidKeyException
SignatureException

verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)

public static boolean verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)

Verifies the signature of signed content based on a public key.

Parameters
Name Description
signatureAlgorithm Signature

signature algorithm

publicKey PublicKey

public key

signatureBytes byte[]

signature bytes

contentBytes byte[]

content bytes

Returns
Type Description
boolean

whether the signature was verified

Exceptions
Type Description
InvalidKeyException
SignatureException

verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)

public static X509Certificate verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)

Verifies the signature of signed content based on a certificate chain.

Parameters
Name Description
signatureAlgorithm Signature

signature algorithm

trustManager X509TrustManager

trust manager used to verify the certificate chain

certChainBase64 List<String>

Certificate chain used for verification. The certificates must be base64 encoded DER, the leaf certificate must be the first element.

signatureBytes byte[]

signature bytes

contentBytes byte[]

content bytes

Returns
Type Description
X509Certificate

The signature certificate if the signature could be verified, null otherwise.

Exceptions
Type Description
InvalidKeyException
SignatureException