cybervillains.ca

Class KeyStoreManager

java.lang.Object

cybervillains.ca.KeyStoreManager

public class KeyStoreManager
extends Object

This is the main entry point into the Cybervillains CA. This class handles generation, storage and the persistent mapping of input to duplicated certificates and mapped public keys. Default setting is to immediately persist changes to the store by writing out the keystore and mapping file every time a new certificate is added. This behavior can be disabled if desired, to enhance performance or allow temporary testing without modifying the certificate store. Copyright (c) 2007, Information Security Partners, LLC All rights reserved. In a special exception, Selenium/OpenQA is allowed to use this code under the Apache License 2.0.

Author:

Brad Hill

Field Summary

Fields

Modifier and Type	Field and Description
static String	_caPrivKeyAlias
KeyPairGenerator	_dsaKpg
KeyPairGenerator	_rsaKpg
String	DSA_KEYGEN_ALGO
String	RSA_KEYGEN_ALGO

Constructor Summary

Constructors

Constructor and Description
KeyStoreManager(File root, String certificateRevocationList)

Method Summary

Modifier and Type	Method and Description
void	addCertAndPrivateKey(String hostname, X509Certificate cert, PrivateKey privKey) Stores a new certificate and its associated private key in the keystore.
protected void	createKeystore() Creates, writes and loads a new keystore and CA root certificate.
X509Certificate	getCertificateByAlias(String alias) Returns the aliased certificate.
X509Certificate	getCertificateByHostname(String hostname) Returns the aliased certificate.
KeyStore	getKeyStore()
X509Certificate	getMappedCertificateForHostname(String hostname) This method returns the mapped certificate for a hostname, or generates a "standard" SSL server certificate issued by the CA to the supplied subject if no mapping has been created.
KeyPair	getRSAKeyPair()
X509Certificate	getSigningCert() Gets the authority root signing cert.
PrivateKey	getSigningPrivateKey() Gets the authority private signing key.
void	persist() Writes the keystore and certificate/keypair mappings to disk.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

_caPrivKeyAlias

public static final String _caPrivKeyAlias

See Also:

Constant Field Values

RSA_KEYGEN_ALGO

public final String RSA_KEYGEN_ALGO

See Also:

Constant Field Values

DSA_KEYGEN_ALGO

public final String DSA_KEYGEN_ALGO

See Also:

Constant Field Values

_rsaKpg

public final KeyPairGenerator _rsaKpg

_dsaKpg

public final KeyPairGenerator _dsaKpg

Constructor Detail

KeyStoreManager

public KeyStoreManager(File root,
                       String certificateRevocationList)

Method Detail

createKeystore

protected void createKeystore()

Creates, writes and loads a new keystore and CA root certificate.

addCertAndPrivateKey

public void addCertAndPrivateKey(String hostname,
                                 X509Certificate cert,
                                 PrivateKey privKey)
                          throws KeyStoreException,
                                 CertificateException,
                                 NoSuchAlgorithmException

Stores a new certificate and its associated private key in the keystore.

Parameters:

hostname - host name

cert - certificate

privKey - private key

Throws:

KeyStoreException - key store exception

CertificateException - certificate exception

NoSuchAlgorithmException - no such algorithm

persist

public void persist()
             throws KeyStoreException,
                    NoSuchAlgorithmException,
                    CertificateException

Writes the keystore and certificate/keypair mappings to disk.

Throws:

KeyStoreException - key store exception

CertificateException - certificate exception

NoSuchAlgorithmException - no such algorithm

getCertificateByAlias

public X509Certificate getCertificateByAlias(String alias)
                                      throws KeyStoreException

Returns the aliased certificate. Certificates are aliased by their SHA1 digest.

Parameters:

alias - alias

Returns:

certificate

Throws:

KeyStoreException - keystore exception

See Also:

ThumbprintUtil

getCertificateByHostname

public X509Certificate getCertificateByHostname(String hostname)
                                         throws KeyStoreException,
                                                InvalidKeyException,
                                                SignatureException,
                                                CertificateException,
                                                NoSuchAlgorithmException,
                                                NoSuchProviderException,
                                                UnrecoverableKeyException

Returns the aliased certificate. Certificates are aliased by their hostname.

Parameters:

hostname - host name

Returns:

certificate

Throws:

KeyStoreException - keystore

UnrecoverableKeyException - unrecoverable key

NoSuchProviderException - no such provider

NoSuchAlgorithmException - no such algorithm

CertificateException - certificate

SignatureException - signature

CertificateNotYetValidException - certificate not yet valid

CertificateExpiredException - certificate expired

InvalidKeyException - invalid key

CertificateParsingException - certificate parsing

See Also:

ThumbprintUtil

getSigningCert

public X509Certificate getSigningCert()
                               throws KeyStoreException

Gets the authority root signing cert.

Returns:

certificate

Throws:

KeyStoreException - keystore

getSigningPrivateKey

public PrivateKey getSigningPrivateKey()
                                throws KeyStoreException,
                                       NoSuchAlgorithmException,
                                       UnrecoverableKeyException

Gets the authority private signing key.

Returns:

private key

Throws:

KeyStoreException - key store exception

UnrecoverableKeyException - unrecoverable key

NoSuchAlgorithmException - no such algorithm

getMappedCertificateForHostname

public X509Certificate getMappedCertificateForHostname(String hostname)
                                                throws InvalidKeyException,
                                                       SignatureException,
                                                       CertificateException,
                                                       NoSuchAlgorithmException,
                                                       NoSuchProviderException,
                                                       KeyStoreException,
                                                       UnrecoverableKeyException

This method returns the mapped certificate for a hostname, or generates a "standard" SSL server certificate issued by the CA to the supplied subject if no mapping has been created. This is not a true duplication, just a shortcut method that is adequate for web browsers.

Parameters:

hostname - host name

Returns:

mapped certificate

Throws:

KeyStoreException - keystore

UnrecoverableKeyException - unrecoverable key

NoSuchProviderException - no such provider

NoSuchAlgorithmException - no such algorithm

CertificateException - certificate

SignatureException - signature

InvalidKeyException - invalid key

getRSAKeyPair

public KeyPair getRSAKeyPair()

Returns:

Generated RSA Key Pair

getKeyStore

public KeyStore getKeyStore()