SecurityUtils (google-http-client 1.24.1)

java.lang.Object
- com.google.api.client.util.SecurityUtils

```
public final class SecurityUtils
extends java.lang.Object
```
Utilities related to Java security.

Since:

1.14

Author:

Yaniv Inbar

Method Summary

Methods
Modifier and Type	Method and Description
`static java.security.KeyStore`	`getDefaultKeyStore()` Returns the default key store using `KeyStore.getDefaultType()`.
`static java.security.KeyStore`	`getJavaKeyStore()` Returns the Java KeyStore (JKS).
`static java.security.KeyStore`	`getPkcs12KeyStore()` Returns the PKCS12 key store.
`static java.security.PrivateKey`	`getPrivateKey(java.security.KeyStore keyStore, java.lang.String alias, java.lang.String keyPass)` Returns the private key from the key store.
`static java.security.KeyFactory`	`getRsaKeyFactory()` Returns the RSA key factory.
`static java.security.Signature`	`getSha1WithRsaSignatureAlgorithm()` Returns the SHA-1 with RSA signature algorithm.
`static java.security.Signature`	`getSha256WithRsaSignatureAlgorithm()` Returns the SHA-256 with RSA signature algorithm.
`static java.security.cert.CertificateFactory`	`getX509CertificateFactory()` Returns the X.509 certificate factory.
`static void`	`loadKeyStore(java.security.KeyStore keyStore, java.io.InputStream keyStream, java.lang.String storePass)` Loads a key store from a stream.
`static void`	`loadKeyStoreFromCertificates(java.security.KeyStore keyStore, java.security.cert.CertificateFactory certificateFactory, java.io.InputStream certificateStream)` Loads a key store with certificates generated from the specified stream using `CertificateFactory.generateCertificates(InputStream)`.
`static java.security.PrivateKey`	`loadPrivateKeyFromKeyStore(java.security.KeyStore keyStore, java.io.InputStream keyStream, java.lang.String storePass, java.lang.String alias, java.lang.String keyPass)` Retrieves a private key from the specified key store stream and specified key store.
`static byte[]`	`sign(java.security.Signature signatureAlgorithm, java.security.PrivateKey privateKey, byte[] contentBytes)` Signs content using a private key.
`static boolean`	`verify(java.security.Signature signatureAlgorithm, java.security.PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)` Verifies the signature of signed content based on a public key.
`static java.security.cert.X509Certificate`	`verify(java.security.Signature signatureAlgorithm, javax.net.ssl.X509TrustManager trustManager, java.util.List<java.lang.String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)` Verifies the signature of signed content based on a certificate chain.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getDefaultKeyStore

public static java.security.KeyStore getDefaultKeyStore()
                                                 throws java.security.KeyStoreException

Returns the default key store using KeyStore.getDefaultType().

Throws:: java.security.KeyStoreException

getJavaKeyStore

public static java.security.KeyStore getJavaKeyStore()
                                              throws java.security.KeyStoreException

Returns the Java KeyStore (JKS).

Throws:: java.security.KeyStoreException

getPkcs12KeyStore

public static java.security.KeyStore getPkcs12KeyStore()
                                                throws java.security.KeyStoreException

Returns the PKCS12 key store.

Throws:: java.security.KeyStoreException

loadKeyStore

public static void loadKeyStore(java.security.KeyStore keyStore,
                java.io.InputStream keyStream,
                java.lang.String storePass)
                         throws java.io.IOException,
                                java.security.GeneralSecurityException

Loads a key store from a stream.

Example usage:

    KeyStore keyStore = SecurityUtils.getJavaKeyStore();
    SecurityUtils.loadKeyStore(keyStore, new FileInputStream("certs.jks"), "password");

Parameters:: keyStore - key store; keyStream - input stream to the key store stream (closed at the end of this method in a finally block); storePass - password protecting the key store file
Throws:: java.io.IOException; java.security.GeneralSecurityException

getPrivateKey

public static java.security.PrivateKey getPrivateKey(java.security.KeyStore keyStore,
                                     java.lang.String alias,
                                     java.lang.String keyPass)
                                              throws java.security.GeneralSecurityException

Returns the private key from the key store.

Parameters:: keyStore - key store; alias - alias under which the key is stored; keyPass - password protecting the key
Returns:: private key
Throws:: java.security.GeneralSecurityException

loadPrivateKeyFromKeyStore

public static java.security.PrivateKey loadPrivateKeyFromKeyStore(java.security.KeyStore keyStore,
                                                  java.io.InputStream keyStream,
                                                  java.lang.String storePass,
                                                  java.lang.String alias,
                                                  java.lang.String keyPass)
                                                           throws java.io.IOException,
                                                                  java.security.GeneralSecurityException

Retrieves a private key from the specified key store stream and specified key store.

Parameters:: keyStore - key store; keyStream - input stream to the key store (closed at the end of this method in a finally block); storePass - password protecting the key store file; alias - alias under which the key is stored; keyPass - password protecting the key
Returns:: key from the key store
Throws:: java.io.IOException; java.security.GeneralSecurityException

getRsaKeyFactory

public static java.security.KeyFactory getRsaKeyFactory()
                                                 throws java.security.NoSuchAlgorithmException

Returns the RSA key factory.

Throws:: java.security.NoSuchAlgorithmException

getSha1WithRsaSignatureAlgorithm

public static java.security.Signature getSha1WithRsaSignatureAlgorithm()
                                                                throws java.security.NoSuchAlgorithmException

Returns the SHA-1 with RSA signature algorithm.

Throws:: java.security.NoSuchAlgorithmException

getSha256WithRsaSignatureAlgorithm

public static java.security.Signature getSha256WithRsaSignatureAlgorithm()
                                                                  throws java.security.NoSuchAlgorithmException

Returns the SHA-256 with RSA signature algorithm.

Throws:: java.security.NoSuchAlgorithmException

sign

public static byte[] sign(java.security.Signature signatureAlgorithm,
          java.security.PrivateKey privateKey,
          byte[] contentBytes)
                   throws java.security.InvalidKeyException,
                          java.security.SignatureException

Signs content using a private key.

Parameters:: signatureAlgorithm - signature algorithm; privateKey - private key; contentBytes - content to sign
Returns:: signed content
Throws:: java.security.InvalidKeyException; java.security.SignatureException

verify

public static boolean verify(java.security.Signature signatureAlgorithm,
             java.security.PublicKey publicKey,
             byte[] signatureBytes,
             byte[] contentBytes)
                      throws java.security.InvalidKeyException,
                             java.security.SignatureException

Verifies the signature of signed content based on a public key.

Parameters:: signatureAlgorithm - signature algorithm; publicKey - public key; signatureBytes - signature bytes; contentBytes - content bytes
Returns:: whether the signature was verified
Throws:: java.security.InvalidKeyException; java.security.SignatureException

verify

public static java.security.cert.X509Certificate verify(java.security.Signature signatureAlgorithm,
                                        javax.net.ssl.X509TrustManager trustManager,
                                        java.util.List<java.lang.String> certChainBase64,
                                        byte[] signatureBytes,
                                        byte[] contentBytes)
                                                 throws java.security.InvalidKeyException,
                                                        java.security.SignatureException

Verifies the signature of signed content based on a certificate chain.

Parameters:: signatureAlgorithm - signature algorithm; trustManager - trust manager used to verify the certificate chain; certChainBase64 - Certificate chain used for verification. The certificates must be base64 encoded DER, the leaf certificate must be the first element.; signatureBytes - signature bytes; contentBytes - content bytes
Returns:: The signature certificate if the signature could be verified, null otherwise.
Throws:: java.security.InvalidKeyException; java.security.SignatureException
Since:: 1.19.1.

getX509CertificateFactory

public static java.security.cert.CertificateFactory getX509CertificateFactory()
                                                                       throws java.security.cert.CertificateException

Returns the X.509 certificate factory.

Throws:: java.security.cert.CertificateException

loadKeyStoreFromCertificates
```
public static void loadKeyStoreFromCertificates(java.security.KeyStore keyStore,
                                java.security.cert.CertificateFactory certificateFactory,
                                java.io.InputStream certificateStream)
                                         throws java.security.GeneralSecurityException
```
Loads a key store with certificates generated from the specified stream using CertificateFactory.generateCertificates(InputStream).
For each certificate, KeyStore.setCertificateEntry(String, Certificate) is called with an alias that is the string form of incrementing non-negative integers starting with 0 (0, 1, 2, 3, ...).

Example usage:
```
    KeyStore keyStore = SecurityUtils.getJavaKeyStore();
    SecurityUtils.loadKeyStoreFromCertificates(keyStore, SecurityUtils.getX509CertificateFactory(),
        new FileInputStream(pemFile));
 
```
Parameters:
keyStore - key store (for example getJavaKeyStore())
certificateFactory - certificate factory (for example getX509CertificateFactory())
certificateStream - certificate stream

Throws:

java.security.GeneralSecurityException

Class SecurityUtils

Method Summary

Methods inherited from class java.lang.Object

Method Detail

getDefaultKeyStore

getJavaKeyStore

getPkcs12KeyStore

loadKeyStore

getPrivateKey

loadPrivateKeyFromKeyStore

getRsaKeyFactory

getSha1WithRsaSignatureAlgorithm

getSha256WithRsaSignatureAlgorithm

sign

verify

verify

getX509CertificateFactory

loadKeyStoreFromCertificates