Java Code Examples for java.security.KeyStoreException#getMessage()

The following examples show how to use java.security.KeyStoreException#getMessage() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: ApplicationKeyStorage.java    From android_9.0.0_r45 with Apache License 2.0 6 votes vote down vote up
public void setSymmetricKeyEntry(int userId, int uid, String alias, byte[] secretKey)
        throws KeyStoreException {
    Log.i(TAG, String.format(Locale.US, "Set %d/%d/%s: %d bytes of key material",
            userId, uid, alias, secretKey.length));
    try {
        mKeyStore.setEntry(
            getInternalAlias(userId, uid, alias),
            new SecretKeyEntry(
                new SecretKeySpec(secretKey, KeyProperties.KEY_ALGORITHM_AES)),
            new KeyProtection.Builder(
                    KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                .build());
    } catch (KeyStoreException e) {
        throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
    }
}
 
Example 2
Source File: RepositoryManagedSignatureProvider.java    From CounterSign with GNU Affero General Public License v3.0 6 votes vote down vote up
/**
 * Get the certificate chain for the CA certificate
 * 
 * @param trustedKs
 * @return
 */
private Certificate[] getCaCertChain(KeyStore trustedKs) 
{
	Certificate[] caCertChain = null;
	String certAlias = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_CERT_ALIAS);
	
	try
	{
		caCertChain = trustedKs.getCertificateChain(certAlias);
	}
	catch(KeyStoreException kse)
	{
		throw new AlfrescoRuntimeException(kse.getMessage());
	}
	
	return caCertChain;
}
 
Example 3
Source File: LdapConnectionConfig.java    From directory-ldap-api with Apache License 2.0 6 votes vote down vote up
/**
 * Sets the default trust manager based on the SunX509 trustManagement algorithm
 * 
 * We use a non-verification Trust Manager    
 **/
private void setDefaultTrustManager()
{
    String defaultAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    
    try
    {
        TrustManagerFactory tmf = TrustManagerFactory.getInstance( defaultAlgorithm );
        tmf.init( ( KeyStore ) null );
        trustManagers = tmf.getTrustManagers();
    }
    catch ( KeyStoreException kse )
    {
        LOG.error( I18n.err( I18n.ERR_04172_KEYSTORE_INIT_FAILURE ) );
        throw new RuntimeException( kse.getMessage(), kse );
    }
    catch ( NoSuchAlgorithmException nsae )
    {
        LOG.error( I18n.err( I18n.ERR_04173_ALGORITHM_NOT_FOUND, defaultAlgorithm ) );
        throw new RuntimeException( nsae.getMessage(), nsae );
    }
}
 
Example 4
Source File: DistributedKeyStoreRegistry.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
   try {
      KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
      Validate.notNull(store);
      LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
      store.load(param);
      if (this.distributedKeyStores.containsKey(key)) {
         LOG.info("Key [" + key + "] already in cache.");
      }

      this.distributedKeyStores.put(key, store);
      return store;
   } catch (IOException var5) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
   } catch (KeyStoreException var6) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
   } catch (NoSuchAlgorithmException var7) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
   } catch (CertificateException var8) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
   }
}
 
Example 5
Source File: DistributedKeyStoreRegistry.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
   try {
      KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
      Validate.notNull(store);
      LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
      store.load(param);
      if (this.distributedKeyStores.containsKey(key)) {
         LOG.info("Key [" + key + "] already in cache.");
      }

      this.distributedKeyStores.put(key, store);
      return store;
   } catch (IOException var5) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
   } catch (KeyStoreException var6) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
   } catch (NoSuchAlgorithmException var7) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
   } catch (CertificateException var8) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
   }
}
 
Example 6
Source File: DistributedKeyStoreRegistry.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
   try {
      KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
      Validate.notNull(store);
      LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
      store.load(param);
      if (this.distributedKeyStores.containsKey(key)) {
         LOG.info("Key [" + key + "] already in cache.");
      }

      this.distributedKeyStores.put(key, store);
      return store;
   } catch (IOException var5) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
   } catch (KeyStoreException var6) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
   } catch (NoSuchAlgorithmException var7) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
   } catch (CertificateException var8) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
   }
}
 
Example 7
Source File: CertificateValidator.java    From IoTgo_Android_App with MIT License 6 votes vote down vote up
/**
 * validates a specific alias inside of the keystore being passed in
 * 
 * @param keyStore
 * @param keyAlias
 * @return the keyAlias if valid
 * @throws CertificateException
 */
public String validate(KeyStore keyStore, String keyAlias) throws CertificateException
{
    String result = null;

    if (keyAlias != null)
    {
        try
        {
            validate(keyStore, keyStore.getCertificate(keyAlias));
        }
        catch (KeyStoreException kse)
        {
            LOG.debug(kse);
            throw new CertificateException("Unable to validate certificate" +
                    " for alias [" + keyAlias + "]: " + kse.getMessage(), kse);
        }
        result = keyAlias;            
    }
    
    return result;
}
 
Example 8
Source File: DistributedKeyStoreRegistry.java    From freehealth-connector with GNU Affero General Public License v3.0 6 votes vote down vote up
public KeyStore createDistributedKeyStore(String key, DistributedSignerProxy proxy) throws TechnicalConnectorException {
   try {
      KeyStore store = KeyStore.getInstance("DistributedKeyProvider");
      Validate.notNull(store);
      LoadStoreParameter param = new DistributedKeyLoadStoreParam(proxy);
      store.load(param);
      if (this.distributedKeyStores.containsKey(key)) {
         LOG.info("Key [" + key + "] already in cache.");
      }

      this.distributedKeyStores.put(key, store);
      return store;
   } catch (IOException var5) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var5, new Object[]{var5.getMessage()});
   } catch (KeyStoreException var6) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var6, new Object[]{var6.getMessage()});
   } catch (NoSuchAlgorithmException var7) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var7, new Object[]{var7.getMessage()});
   } catch (CertificateException var8) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var8, new Object[]{var8.getMessage()});
   }
}
 
Example 9
Source File: KeyStoreExceptionTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up
/**
 * Test for <code>KeyStoreException(String, Throwable)</code> constructor
 * Assertion: constructs KeyStoreException when <code>cause</code> is not
 * null <code>msg</code> is null
 */
public void testKeyStoreException08() {
    KeyStoreException tE = new KeyStoreException(null, tCause);
    if (tE.getMessage() != null) {
        String toS = tCause.toString();
        String getM = tE.getMessage();
        assertTrue("getMessage() must should ".concat(toS), (getM
                .indexOf(toS) != -1));
    }
    assertNotNull("getCause() must not return null", tE.getCause());
    assertEquals("getCause() must return ".concat(tCause.toString()), tE
            .getCause(), tCause);
}
 
Example 10
Source File: KeystoreTool.java    From secure-storage-android with Apache License 2.0 5 votes vote down vote up
static void deleteKeyPair(@NonNull Context context) throws SecureStorageException {
    // Delete Key from Keystore
    if (keyPairExists()) {
        try {
            getKeyStoreInstance().deleteEntry(KEY_ALIAS);
        } catch (KeyStoreException e) {
            throw new SecureStorageException(e.getMessage(), e, KEYSTORE_EXCEPTION);
        }
    } else if (BuildConfig.DEBUG) {
        Log.e(KeystoreTool.class.getName(),
                context.getString(R.string.message_keypair_does_not_exist));
    }
}
 
Example 11
Source File: PFSecurityUtilsOld.java    From PFLockScreen-Android with Apache License 2.0 5 votes vote down vote up
/**
 * Delete key from KeyStore.
 * @param alias KeyStore alias.
 * @throws PFSecurityException throw Exception if something went wrong.
 */
@Override
public void deleteKey(String alias) throws PFSecurityException {
    final KeyStore keyStore = loadKeyStore();
    try {
        keyStore.deleteEntry(alias);
    } catch (KeyStoreException e) {
        e.printStackTrace();
        throw new PFSecurityException(
                "Can not delete key: " + e.getMessage(),
                PFSecurityUtilsErrorCodes.ERROR_DELETE_KEY
        );
    }
}
 
Example 12
Source File: PFSecurityUtilsOld.java    From PFLockScreen-Android with Apache License 2.0 5 votes vote down vote up
@Override
public boolean isKeystoreContainAlias(String alias) throws PFSecurityException {
    final KeyStore keyStore = loadKeyStore();
    try {
        return keyStore.containsAlias(alias);
    } catch (KeyStoreException e) {
        e.printStackTrace();
        throw new PFSecurityException(
                e.getMessage(),
                PFSecurityUtilsErrorCodes.ERROR_KEY_STORE
        );
    }
}
 
Example 13
Source File: CertificateValidator.java    From IoTgo_Android_App with MIT License 5 votes vote down vote up
/**
 * validates a specific certificate inside of the keystore being passed in
 * 
 * @param keyStore
 * @param cert
 * @throws CertificateException
 */
public void validate(KeyStore keyStore, Certificate cert) throws CertificateException
{
    Certificate[] certChain = null;
    
    if (cert != null && cert instanceof X509Certificate)
    {
        ((X509Certificate)cert).checkValidity();
        
        String certAlias = null;
        try
        {
            if (keyStore == null)
            {
                throw new InvalidParameterException("Keystore cannot be null");
            }

            certAlias = keyStore.getCertificateAlias((X509Certificate)cert);
            if (certAlias == null)
            {
                certAlias = "JETTY" + String.format("%016X",__aliasCount.incrementAndGet());
                keyStore.setCertificateEntry(certAlias, cert);
            }
            
            certChain = keyStore.getCertificateChain(certAlias);
            if (certChain == null || certChain.length == 0)
            {
                throw new IllegalStateException("Unable to retrieve certificate chain");
            }
        }
        catch (KeyStoreException kse)
        {
            LOG.debug(kse);
            throw new CertificateException("Unable to validate certificate" +
                    (certAlias == null ? "":" for alias [" +certAlias + "]") + ": " + kse.getMessage(), kse);
        }
        
        validate(certChain);
    } 
}
 
Example 14
Source File: JavaKeystoreKeyProvider.java    From keycloak with Apache License 2.0 5 votes vote down vote up
@Override
protected KeyWrapper loadKey(RealmModel realm, ComponentModel model) {
    try {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(model.get(JavaKeystoreKeyProviderFactory.KEYSTORE_KEY)), model.get(JavaKeystoreKeyProviderFactory.KEYSTORE_PASSWORD_KEY).toCharArray());

        PrivateKey privateKey = (PrivateKey) keyStore.getKey(model.get(JavaKeystoreKeyProviderFactory.KEY_ALIAS_KEY), model.get(JavaKeystoreKeyProviderFactory.KEY_PASSWORD_KEY).toCharArray());
        PublicKey publicKey = KeyUtils.extractPublicKey(privateKey);

        KeyPair keyPair = new KeyPair(publicKey, privateKey);

        X509Certificate certificate = (X509Certificate) keyStore.getCertificate(model.get(JavaKeystoreKeyProviderFactory.KEY_ALIAS_KEY));
        if (certificate == null) {
            certificate = CertificateUtils.generateV1SelfSignedCertificate(keyPair, realm.getName());
        }

        return createKeyWrapper(keyPair, certificate);
    } catch (KeyStoreException kse) {
        throw new RuntimeException("KeyStore error on server. " + kse.getMessage(), kse);
    } catch (FileNotFoundException fnfe) {
        throw new RuntimeException("File not found on server. " + fnfe.getMessage(), fnfe);
    } catch (IOException ioe) {
        throw new RuntimeException("IO error on server. " + ioe.getMessage(), ioe);
    } catch (NoSuchAlgorithmException nsae) {
        throw new RuntimeException("Algorithm not available on server. " + nsae.getMessage(), nsae);
    } catch (CertificateException ce) {
        throw new RuntimeException("Certificate error on server. " + ce.getMessage(), ce);
    } catch (UnrecoverableKeyException uke) {
        throw new RuntimeException("Keystore on server can not be recovered. " + uke.getMessage(), uke);
    }
}
 
Example 15
Source File: RepositoryManagedSignatureProvider.java    From CounterSign with GNU Affero General Public License v3.0 5 votes vote down vote up
/**
 * Get the trusted keystore as configured in the extension properties.
 * 
 * @return
 */
private KeyStore getTrustedKeyStore() 
{
	try 
	{
		String keystorePassword = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_KEYSTORE_PASSWORD);
		String keystorePath = config.getProperty(RepositoryManagedSignatureProviderFactory.TRUSTED_KEYSTORE_PATH);
		KeyStore keystore = KeyStore.getInstance("pkcs12");
	    FileInputStream keyStream = new FileInputStream(keystorePath);
	    keystore.load(keyStream, keystorePassword.toCharArray());
	    
		// return the keystore
		return keystore;
	}
	catch(KeyStoreException kse)
	{
		throw new AlfrescoRuntimeException(kse.getMessage());
	} 
	catch (java.security.cert.CertificateException ce) 
	{
		throw new AlfrescoRuntimeException(ce.getMessage());
	}
	catch(NoSuchAlgorithmException nsaex)
	{
		throw new AlfrescoRuntimeException(nsaex.getMessage());
	}
	catch (IOException ioex) 
	{
		throw new AlfrescoRuntimeException(ioex.getMessage());
	} 
}
 
Example 16
Source File: KeyStoreUtils.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
private void addCertificate(X509Certificate cert) throws TechnicalConnectorException {
   try {
      String alias = cert.getSubjectX500Principal().getName("RFC2253");
      this.store.setCertificateEntry(alias, cert);
   } catch (KeyStoreException var3) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var3, new Object[]{var3.getMessage()});
   }
}
 
Example 17
Source File: CertificateValidator.java    From WebSocket-for-Android with Apache License 2.0 5 votes vote down vote up
/**
 * validates a specific certificate inside of the keystore being passed in
 *
 * @param keyStore
 * @param cert
 * @throws CertificateException
 */
public void validate(KeyStore keyStore, Certificate cert) throws CertificateException
{
    Certificate[] certChain = null;

    if (cert != null && cert instanceof X509Certificate)
    {
        ((X509Certificate)cert).checkValidity();

        String certAlias = null;
        try
        {
            if (keyStore == null)
            {
                throw new InvalidParameterException("Keystore cannot be null");
            }

            certAlias = keyStore.getCertificateAlias((X509Certificate)cert);
            if (certAlias == null)
            {
                certAlias = "JETTY" + String.format("%016X",__aliasCount.incrementAndGet());
                keyStore.setCertificateEntry(certAlias, cert);
            }

            certChain = keyStore.getCertificateChain(certAlias);
            if (certChain == null || certChain.length == 0)
            {
                throw new IllegalStateException("Unable to retrieve certificate chain");
            }
        }
        catch (KeyStoreException kse)
        {
            LOG.debug(kse);
            throw new CertificateException("Unable to validate certificate" +
                    (certAlias == null ? "":" for alias [" +certAlias + "]") + ": " + kse.getMessage(), kse);
        }

        validate(certChain);
    }
}
 
Example 18
Source File: KeyStoreManager.java    From freehealth-connector with GNU Affero General Public License v3.0 5 votes vote down vote up
private void addCertificate(X509Certificate cert) throws TechnicalConnectorException {
   try {
      String alias = cert.getSubjectX500Principal().getName("RFC2253");
      this.store.setCertificateEntry(alias, cert);
   } catch (KeyStoreException var3) {
      throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.ERROR_GENERAL, var3, new Object[]{var3.getMessage()});
   }
}
 
Example 19
Source File: ApplicationKeyStorage.java    From android_9.0.0_r45 with Apache License 2.0 5 votes vote down vote up
public void deleteEntry(int userId, int uid, String alias) {
    Log.i(TAG, String.format(Locale.US, "Del %d/%d/%s", userId, uid, alias));
    try {
        mKeyStore.deleteEntry(getInternalAlias(userId, uid, alias));
    } catch (KeyStoreException e) {
        throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
    }
}
 
Example 20
Source File: ContentSignatureActionExecuter.java    From CounterSign with GNU Affero General Public License v3.0 4 votes vote down vote up
@Override
protected void executeImpl(Action ruleAction, NodeRef actionedUponNodeRef) 
{
	NodeService nodeService = serviceRegistry.getNodeService();
	ContentService contentService = serviceRegistry.getContentService();
	byte[] sigBytes;

	if (nodeService.exists(actionedUponNodeRef) == false)
       {
           return;
       }
   	 
       String location = (String)ruleAction.getParameterValue(PARAM_LOCATION);
       String geolocation = (String)ruleAction.getParameterValue(PARAM_GEOLOCATION);
       String reason = (String)ruleAction.getParameterValue(PARAM_REASON);
       String keyPassword = (String)ruleAction.getParameterValue(PARAM_KEY_PASSWORD);
       
	// get a hash of the document
       InputStream contentStream = contentService.
       		getReader(actionedUponNodeRef, ContentModel.PROP_CONTENT).getContentInputStream();
	
       try
       {
           // get the user's private key
        String user = AuthenticationUtil.getRunAsUser();
    	SignatureProvider signatureProvider = signatureProviderFactory.getSignatureProvider(user);
        KeyStore keystore = signatureProvider.getUserKeyStore(keyPassword);
        PrivateKey key = (PrivateKey)keystore.getKey(alias, keyPassword.toCharArray());
        
        // compute the document hash
        byte[] hash = signatureProvider.computeHash(contentStream);
        
		// sign the hash
		sigBytes = signatureProvider.signHash(hash, keyPassword);
		
		// create a "signature" node and associate it with the signed doc
        NodeRef sig = addSignatureNodeAssociation(actionedUponNodeRef, location, reason, 
        		"none", new java.util.Date(), geolocation, -1, "none");
        
		// save the signature
		ContentWriter writer = contentService.getWriter(sig, ContentModel.PROP_CONTENT, true);
		writer.putContent(new ByteArrayInputStream(sigBytes));
		
		// also save the expected hash in the signature
		nodeService.setProperty(sig, CounterSignSignatureModel.PROP_DOCHASH, new String(hash));
       }
       catch(UnrecoverableKeyException uke)
       {
       	throw new AlfrescoRuntimeException(uke.getMessage());
       } 
       catch (KeyStoreException kse) 
       {
		throw new AlfrescoRuntimeException(kse.getMessage());
	} 
       catch (NoSuchAlgorithmException nsae) 
	{
		throw new AlfrescoRuntimeException(nsae.getMessage());
	} 
       catch (Exception e) 
       {
		throw new AlfrescoRuntimeException(e.getMessage());
	}
}