|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object cybervillains.ca.KeyStoreManager
public class KeyStoreManager
This is the main entry point into the Cybervillains CA. This class handles generation, storage and the persistent mapping of input to duplicated certificates and mapped public keys. Default setting is to immediately persist changes to the store by writing out the keystore and mapping file every time a new certificate is added. This behavior can be disabled if desired, to enhance performance or allow temporary testing without modifying the certificate store. Copyright (c) 2007, Information Security Partners, LLC All rights reserved. In a special exception, Selenium/OpenQA is allowed to use this code under the Apache License 2.0.
Field Summary | |
---|---|
static java.lang.String |
_caPrivKeyAlias
|
java.security.KeyPairGenerator |
_dsaKpg
|
java.security.KeyPairGenerator |
_rsaKpg
|
java.lang.String |
DSA_KEYGEN_ALGO
|
java.lang.String |
RSA_KEYGEN_ALGO
|
Constructor Summary | |
---|---|
KeyStoreManager(java.io.File root,
java.lang.String certificateRevocationListPath)
|
Method Summary | |
---|---|
void |
addCertAndPrivateKey(java.lang.String hostname,
java.security.cert.X509Certificate cert,
java.security.PrivateKey privKey)
Stores a new certificate and its associated private key in the keystore. |
protected void |
createKeystore()
Creates, writes and loads a new keystore and CA root certificate. |
java.security.cert.X509Certificate |
getCertificateByAlias(java.lang.String alias)
Returns the aliased certificate. |
java.security.cert.X509Certificate |
getCertificateByHostname(java.lang.String hostname)
Returns the aliased certificate. |
java.security.KeyPair |
getDSAKeyPair()
Generate a DSA Key Pair |
java.security.KeyStore |
getKeyStore()
|
java.security.cert.X509Certificate |
getMappedCertificate(java.security.cert.X509Certificate cert)
This method returns the duplicated certificate mapped to the passed in cert, or creates and returns one if no mapping has yet been performed. |
java.security.cert.X509Certificate |
getMappedCertificateForHostname(java.lang.String hostname)
This method returns the mapped certificate for a hostname, or generates a "standard" SSL server certificate issued by the CA to the supplied subject if no mapping has been created. |
java.security.PublicKey |
getMappedPublicKey(java.security.PublicKey original)
If we get a KeyValue with a given public key, then later see an X509Data with the same public key, we shouldn't split this in our MITM impl. |
boolean |
getPersistImmediately()
Whether updates are immediately written to disk. |
java.security.PrivateKey |
getPrivateKey(java.security.PublicKey pk)
Returns the private key for a public key we have generated. |
java.security.PrivateKey |
getPrivateKeyForLocalCert(java.security.cert.X509Certificate cert)
For a cert we have generated, return the private key. |
java.security.KeyPair |
getRSAKeyPair()
Generate an RSA Key Pair |
java.security.cert.X509Certificate |
getSigningCert()
Gets the authority root signing cert. |
java.security.PrivateKey |
getSigningPrivateKey()
Gets the authority private signing key. |
void |
mapPublicKeys(java.security.PublicKey original,
java.security.PublicKey substitute)
Stores a public key mapping. |
void |
persist()
Writes the keystore and certificate/keypair mappings to disk. |
void |
setPersistImmediately(boolean persistImmediately)
Whether updates are immediately written to disk. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final java.lang.String _caPrivKeyAlias
public final java.lang.String RSA_KEYGEN_ALGO
public final java.lang.String DSA_KEYGEN_ALGO
public final java.security.KeyPairGenerator _rsaKpg
public final java.security.KeyPairGenerator _dsaKpg
Constructor Detail |
---|
public KeyStoreManager(java.io.File root, java.lang.String certificateRevocationListPath)
Method Detail |
---|
protected void createKeystore()
public void addCertAndPrivateKey(java.lang.String hostname, java.security.cert.X509Certificate cert, java.security.PrivateKey privKey) throws java.security.KeyStoreException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException
hostname
- cert
- privKey
- @throws KeyStoreException
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.KeyStoreException
public void persist() throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
public java.security.cert.X509Certificate getCertificateByAlias(java.lang.String alias) throws java.security.KeyStoreException
alias
-
java.security.KeyStoreException
ThumbprintUtil
public java.security.cert.X509Certificate getCertificateByHostname(java.lang.String hostname) throws java.security.KeyStoreException, java.security.cert.CertificateParsingException, java.security.InvalidKeyException, java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException, java.security.SignatureException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, java.security.UnrecoverableKeyException
alias
-
java.security.KeyStoreException
java.security.UnrecoverableKeyException
java.security.NoSuchProviderException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.SignatureException
java.security.cert.CertificateNotYetValidException
java.security.cert.CertificateExpiredException
java.security.InvalidKeyException
java.security.cert.CertificateParsingException
ThumbprintUtil
public java.security.cert.X509Certificate getSigningCert() throws java.security.KeyStoreException
java.security.KeyStoreException
public java.security.PrivateKey getSigningPrivateKey() throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.UnrecoverableKeyException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.UnrecoverableKeyException
public boolean getPersistImmediately()
public void setPersistImmediately(boolean persistImmediately)
persistImmediately
- public java.security.cert.X509Certificate getMappedCertificate(java.security.cert.X509Certificate cert) throws java.security.cert.CertificateEncodingException, java.security.InvalidKeyException, java.security.cert.CertificateException, java.security.cert.CertificateNotYetValidException, java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, java.security.SignatureException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
cert
-
java.security.cert.CertificateEncodingException
java.security.InvalidKeyException
java.security.cert.CertificateException
java.security.cert.CertificateNotYetValidException
java.security.NoSuchAlgorithmException
java.security.NoSuchProviderException
java.security.SignatureException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
public java.security.cert.X509Certificate getMappedCertificateForHostname(java.lang.String hostname) throws java.security.cert.CertificateParsingException, java.security.InvalidKeyException, java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException, java.security.SignatureException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, java.security.KeyStoreException, java.security.UnrecoverableKeyException
hostname
-
java.security.cert.CertificateParsingException
java.security.InvalidKeyException
java.security.cert.CertificateExpiredException
java.security.cert.CertificateNotYetValidException
java.security.SignatureException
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.NoSuchProviderException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
public java.security.PrivateKey getPrivateKeyForLocalCert(java.security.cert.X509Certificate cert) throws java.security.cert.CertificateEncodingException, java.security.KeyStoreException, java.security.UnrecoverableKeyException, java.security.NoSuchAlgorithmException
cert
-
java.security.cert.CertificateEncodingException
java.security.KeyStoreException
java.security.UnrecoverableKeyException
java.security.NoSuchAlgorithmException
public java.security.KeyPair getRSAKeyPair()
public java.security.KeyPair getDSAKeyPair()
public void mapPublicKeys(java.security.PublicKey original, java.security.PublicKey substitute)
original
- substitute
- public java.security.PublicKey getMappedPublicKey(java.security.PublicKey original)
pk
-
public java.security.PrivateKey getPrivateKey(java.security.PublicKey pk)
pk
-
public java.security.KeyStore getKeyStore()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |