KeyStoreManager (selenium-server 2.13.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

cybervillains.ca
Class KeyStoreManager

java.lang.Object
  cybervillains.ca.KeyStoreManager

public class KeyStoreManager
extends java.lang.Object
extends java.lang.Object

This is the main entry point into the Cybervillains CA. This class handles generation, storage and the persistent mapping of input to duplicated certificates and mapped public keys. Default setting is to immediately persist changes to the store by writing out the keystore and mapping file every time a new certificate is added. This behavior can be disabled if desired, to enhance performance or allow temporary testing without modifying the certificate store. Copyright (c) 2007, Information Security Partners, LLC All rights reserved. In a special exception, Selenium/OpenQA is allowed to use this code under the Apache License 2.0.

Author:: Brad Hill

Field Summary
`static java.lang.String`	`_caPrivKeyAlias`
`java.security.KeyPairGenerator`	`_dsaKpg`
`java.security.KeyPairGenerator`	`_rsaKpg`
`java.lang.String`	`DSA_KEYGEN_ALGO`
`java.lang.String`	`RSA_KEYGEN_ALGO`

Constructor Summary
`KeyStoreManager(java.io.File root, java.lang.String certificateRevocationListPath)`

Method Summary
`void`	`addCertAndPrivateKey(java.lang.String hostname, java.security.cert.X509Certificate cert, java.security.PrivateKey privKey)` Stores a new certificate and its associated private key in the keystore.
`protected void`	`createKeystore()` Creates, writes and loads a new keystore and CA root certificate.
`java.security.cert.X509Certificate`	`getCertificateByAlias(java.lang.String alias)` Returns the aliased certificate.
`java.security.cert.X509Certificate`	`getCertificateByHostname(java.lang.String hostname)` Returns the aliased certificate.
`java.security.KeyPair`	`getDSAKeyPair()` Generate a DSA Key Pair
`java.security.KeyStore`	`getKeyStore()`
`java.security.cert.X509Certificate`	`getMappedCertificate(java.security.cert.X509Certificate cert)` This method returns the duplicated certificate mapped to the passed in cert, or creates and returns one if no mapping has yet been performed.
`java.security.cert.X509Certificate`	`getMappedCertificateForHostname(java.lang.String hostname)` This method returns the mapped certificate for a hostname, or generates a "standard" SSL server certificate issued by the CA to the supplied subject if no mapping has been created.
`java.security.PublicKey`	`getMappedPublicKey(java.security.PublicKey original)` If we get a KeyValue with a given public key, then later see an X509Data with the same public key, we shouldn't split this in our MITM impl.
`boolean`	`getPersistImmediately()` Whether updates are immediately written to disk.
`java.security.PrivateKey`	`getPrivateKey(java.security.PublicKey pk)` Returns the private key for a public key we have generated.
`java.security.PrivateKey`	`getPrivateKeyForLocalCert(java.security.cert.X509Certificate cert)` For a cert we have generated, return the private key.
`java.security.KeyPair`	`getRSAKeyPair()` Generate an RSA Key Pair
`java.security.cert.X509Certificate`	`getSigningCert()` Gets the authority root signing cert.
`java.security.PrivateKey`	`getSigningPrivateKey()` Gets the authority private signing key.
`void`	`mapPublicKeys(java.security.PublicKey original, java.security.PublicKey substitute)` Stores a public key mapping.
`void`	`persist()` Writes the keystore and certificate/keypair mappings to disk.
`void`	`setPersistImmediately(boolean persistImmediately)` Whether updates are immediately written to disk.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

_caPrivKeyAlias

public static final java.lang.String _caPrivKeyAlias

See Also:: Constant Field Values

RSA_KEYGEN_ALGO

public final java.lang.String RSA_KEYGEN_ALGO

See Also:: Constant Field Values

DSA_KEYGEN_ALGO

public final java.lang.String DSA_KEYGEN_ALGO

See Also:: Constant Field Values

_rsaKpg

public final java.security.KeyPairGenerator _rsaKpg

_dsaKpg

public final java.security.KeyPairGenerator _dsaKpg

Constructor Detail

KeyStoreManager

public KeyStoreManager(java.io.File root,
                       java.lang.String certificateRevocationListPath)

Method Detail

createKeystore

protected void createKeystore()

Creates, writes and loads a new keystore and CA root certificate.

addCertAndPrivateKey

public void addCertAndPrivateKey(java.lang.String hostname,
                                 java.security.cert.X509Certificate cert,
                                 java.security.PrivateKey privKey)
                          throws java.security.KeyStoreException,
                                 java.security.cert.CertificateException,
                                 java.security.NoSuchAlgorithmException

Stores a new certificate and its associated private key in the keystore.

Parameters:: hostname -; cert -; privKey - @throws KeyStoreException
Throws:: java.security.cert.CertificateException; java.security.NoSuchAlgorithmException; java.security.KeyStoreException

persist

public void persist()
             throws java.security.KeyStoreException,
                    java.security.NoSuchAlgorithmException,
                    java.security.cert.CertificateException

Writes the keystore and certificate/keypair mappings to disk.

Throws:: java.security.KeyStoreException; java.security.NoSuchAlgorithmException; java.security.cert.CertificateException

getCertificateByAlias

public java.security.cert.X509Certificate getCertificateByAlias(java.lang.String alias)
                                                         throws java.security.KeyStoreException

Returns the aliased certificate. Certificates are aliased by their SHA1 digest.

Parameters:: alias -
Returns:
Throws:: java.security.KeyStoreException
See Also:: ThumbprintUtil

getCertificateByHostname

public java.security.cert.X509Certificate getCertificateByHostname(java.lang.String hostname)
                                                            throws java.security.KeyStoreException,
                                                                   java.security.cert.CertificateParsingException,
                                                                   java.security.InvalidKeyException,
                                                                   java.security.cert.CertificateExpiredException,
                                                                   java.security.cert.CertificateNotYetValidException,
                                                                   java.security.SignatureException,
                                                                   java.security.cert.CertificateException,
                                                                   java.security.NoSuchAlgorithmException,
                                                                   java.security.NoSuchProviderException,
                                                                   java.security.UnrecoverableKeyException

Returns the aliased certificate. Certificates are aliased by their hostname.

Parameters:: alias -
Returns:
Throws:: java.security.KeyStoreException; java.security.UnrecoverableKeyException; java.security.NoSuchProviderException; java.security.NoSuchAlgorithmException; java.security.cert.CertificateException; java.security.SignatureException; java.security.cert.CertificateNotYetValidException; java.security.cert.CertificateExpiredException; java.security.InvalidKeyException; java.security.cert.CertificateParsingException
See Also:: ThumbprintUtil

getSigningCert

public java.security.cert.X509Certificate getSigningCert()
                                                  throws java.security.KeyStoreException

Gets the authority root signing cert.

Returns:
Throws:: java.security.KeyStoreException

getSigningPrivateKey

public java.security.PrivateKey getSigningPrivateKey()
                                              throws java.security.KeyStoreException,
                                                     java.security.NoSuchAlgorithmException,
                                                     java.security.UnrecoverableKeyException

Gets the authority private signing key.

Returns:
Throws:: java.security.KeyStoreException; java.security.NoSuchAlgorithmException; java.security.UnrecoverableKeyException

getPersistImmediately

public boolean getPersistImmediately()

Whether updates are immediately written to disk.

Returns:

setPersistImmediately

public void setPersistImmediately(boolean persistImmediately)

Whether updates are immediately written to disk.

Parameters:: persistImmediately -

getMappedCertificate

public java.security.cert.X509Certificate getMappedCertificate(java.security.cert.X509Certificate cert)
                                                        throws java.security.cert.CertificateEncodingException,
                                                               java.security.InvalidKeyException,
                                                               java.security.cert.CertificateException,
                                                               java.security.cert.CertificateNotYetValidException,
                                                               java.security.NoSuchAlgorithmException,
                                                               java.security.NoSuchProviderException,
                                                               java.security.SignatureException,
                                                               java.security.KeyStoreException,
                                                               java.security.UnrecoverableKeyException

This method returns the duplicated certificate mapped to the passed in cert, or creates and returns one if no mapping has yet been performed. If a naked public key has already been mapped that matches the key in the cert, the already mapped keypair will be reused for the mapped cert.

Parameters:: cert -
Returns:
Throws:: java.security.cert.CertificateEncodingException; java.security.InvalidKeyException; java.security.cert.CertificateException; java.security.cert.CertificateNotYetValidException; java.security.NoSuchAlgorithmException; java.security.NoSuchProviderException; java.security.SignatureException; java.security.KeyStoreException; java.security.UnrecoverableKeyException

getMappedCertificateForHostname

public java.security.cert.X509Certificate getMappedCertificateForHostname(java.lang.String hostname)
                                                                   throws java.security.cert.CertificateParsingException,
                                                                          java.security.InvalidKeyException,
                                                                          java.security.cert.CertificateExpiredException,
                                                                          java.security.cert.CertificateNotYetValidException,
                                                                          java.security.SignatureException,
                                                                          java.security.cert.CertificateException,
                                                                          java.security.NoSuchAlgorithmException,
                                                                          java.security.NoSuchProviderException,
                                                                          java.security.KeyStoreException,
                                                                          java.security.UnrecoverableKeyException

This method returns the mapped certificate for a hostname, or generates a "standard" SSL server certificate issued by the CA to the supplied subject if no mapping has been created. This is not a true duplication, just a shortcut method that is adequate for web browsers.

Parameters:: hostname -
Returns:
Throws:: java.security.cert.CertificateParsingException; java.security.InvalidKeyException; java.security.cert.CertificateExpiredException; java.security.cert.CertificateNotYetValidException; java.security.SignatureException; java.security.cert.CertificateException; java.security.NoSuchAlgorithmException; java.security.NoSuchProviderException; java.security.KeyStoreException; java.security.UnrecoverableKeyException

getPrivateKeyForLocalCert

public java.security.PrivateKey getPrivateKeyForLocalCert(java.security.cert.X509Certificate cert)
                                                   throws java.security.cert.CertificateEncodingException,
                                                          java.security.KeyStoreException,
                                                          java.security.UnrecoverableKeyException,
                                                          java.security.NoSuchAlgorithmException

For a cert we have generated, return the private key.

Parameters:: cert -
Returns:
Throws:: java.security.cert.CertificateEncodingException; java.security.KeyStoreException; java.security.UnrecoverableKeyException; java.security.NoSuchAlgorithmException

getRSAKeyPair

public java.security.KeyPair getRSAKeyPair()

Generate an RSA Key Pair

Returns:

getDSAKeyPair

public java.security.KeyPair getDSAKeyPair()

Generate a DSA Key Pair

Returns:

mapPublicKeys

public void mapPublicKeys(java.security.PublicKey original,
                          java.security.PublicKey substitute)

Stores a public key mapping.

Parameters:: original -; substitute -

getMappedPublicKey

public java.security.PublicKey getMappedPublicKey(java.security.PublicKey original)

If we get a KeyValue with a given public key, then later see an X509Data with the same public key, we shouldn't split this in our MITM impl. So when creating a new cert, we should check if we've already assigned a substitute key and re-use it, and vice-versa.

Parameters:: pk -
Returns:

getPrivateKey

public java.security.PrivateKey getPrivateKey(java.security.PublicKey pk)

Returns the private key for a public key we have generated.

Parameters:: pk -
Returns:

getKeyStore

public java.security.KeyStore getKeyStore()