Package com.saperion.common.crypto

Class CryptoUtils

java.lang.Object

com.saperion.common.crypto.CryptoUtils

public class CryptoUtils
extends java.lang.Object

Utility class of crypto-package.

Author:

veg, agz

Method Summary

Modifier and Type	Method	Description
static java.security.cert.X509Certificate	loadX509CertificateFromBase64EncodedString(java.lang.String encodedString)	This method loads an X.509 encoded certificate from a Base64 encoded string (PEM format).
static java.security.cert.X509Certificate	newCertificate(java.lang.String dn, Pair<java.security.Key,java.security.Key> pairKeys, int days, java.lang.String algorithm)	Creates a new self-signed X.509 Certificate.
static void	newKeyPairWithKeyTool(java.lang.String keyStore, java.lang.String storeType, java.lang.String storePassword, java.lang.String alias, CipherStrategy cipherStrategy, int daysValid, java.lang.String keySignAlgorithm, java.lang.String keyDn, java.lang.String keyPassword)	Creates a new KeyPair and adds it to the given key store under the specified alias using the standard jdk key tool executable.
static java.security.interfaces.RSAPublicKey	parseFromX509EncodedData(java.io.InputStream inputStream, java.nio.charset.Charset charset)	This method parses an RSAPublicKey from X509 encoded data.
static java.security.interfaces.RSAPublicKey	parseFromX509EncodedData(java.lang.String data)	This method parses an RSAPublicKey from X509 encoded data.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

newKeyPairWithKeyTool

public static void newKeyPairWithKeyTool(java.lang.String keyStore,
                                         java.lang.String storeType,
                                         java.lang.String storePassword,
                                         java.lang.String alias,
                                         CipherStrategy cipherStrategy,
                                         int daysValid,
                                         java.lang.String keySignAlgorithm,
                                         java.lang.String keyDn,
                                         java.lang.String keyPassword)
                                  throws java.io.IOException,
                                         java.lang.InterruptedException

Creates a new KeyPair and adds it to the given key store under the specified alias using the standard jdk key tool executable.

For this to work, the key tool must be located on the system path.

Note: the key tool invocation may block when necessary input parameters are missing (like storePassword, keyPassword). This is due to the fact, that key tool then waits for manual input - depending on the selected key store type.

The specified key store, storage type, alias, cipher strategy, key sign algorithm and key DN must not be null.

The specified days valid must be > 0.

Parameters:

keyStore - the path to the key store the key pair should be added to

storeType - the type of the key store (JKS etc.)

storePassword - the optional password for the key store to add the key to. Depending on the key store type, this must or must not be null

alias - the alias under which the key should be stored within the key store

cipherStrategy - the CipherStrategy to use

daysValid - the number of days this key should be valid (e.g. 365)

keySignAlgorithm - the algorithm to use for key signing (e.g. SHA256withRSA)

keyDn - the distinguished name to use for the certificate (e.g. CN=Integration Server, O=SAPERION, L=Berlin, C=DE)

keyPassword - the optional password for the key. depending on the key store type, this can or can't be null

Throws:

java.io.IOException - if an IO error occurs

java.lang.InterruptedException - if the process was interrupted

newCertificate

public static java.security.cert.X509Certificate newCertificate(java.lang.String dn,
                                                                Pair<java.security.Key,java.security.Key> pairKeys,
                                                                int days,
                                                                java.lang.String algorithm)

Creates a new self-signed X.509 Certificate.

This is e.g. needed when writing a private key to a key store.

Currently the certificate does not contain any extensions.

The specified dn, pair of keys and algorithm must not be null.

Parameters:

dn - the distinguished name, e.g. "CN=Test, L=London, C=GB"

pairKeys - the Pair of Keys - e.g. generated by Cipher.newKeys()

days - how many days from now the Certificate is valid for

algorithm - the signing algorithm, e.g. "SHA1withRSA"

Returns:

the Certificate

parseFromX509EncodedData

public static java.security.interfaces.RSAPublicKey parseFromX509EncodedData(java.io.InputStream inputStream,
                                                                             java.nio.charset.Charset charset)

This method parses an RSAPublicKey from X509 encoded data. For example, the data might have been read from a public key file in the format:

 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpjFOHYRA1DJBVWXzUxV
 V8B/tBUhzRoZo/uKfk9kSFUeOi+wBGLtiALPqKW/OXn8CBSkBsTJErnmTZfnXDS8
 IRfMwODjzRMYFdXUkDju+rKsA0Bix77t00wluhBu3nzZc01ynE/kWO5QyHuOL5WX
 P5bkG/qi2Q8c+PTRw51dsjmNgbVF5NDQDcP5vNo3QPmJIAAntkoPOj7c0P68KI0y
 O65dAkgpdOHAZznfg+U6IRYrXxFprlf/mGjIuxSF4slaFxIQIgqUclj+c0JRdgEg
 I3oPy5m2KalFRJw4pHwEaBPwQQO5VN6XJp/CS0W7KwsLRjbcEEuQKSSeIablY/qH
 YQIDAQAB
 -----END PUBLIC KEY-----
 

Parameters:

inputStream - an input stream containing the data to parse

charset - the charset used when reading from the stream

Returns:

an RSAPublicKey as parsed from the data

Throws:

java.lang.IllegalStateException - when the key could not be parsed

parseFromX509EncodedData

public static java.security.interfaces.RSAPublicKey parseFromX509EncodedData(java.lang.String data)

This method parses an RSAPublicKey from X509 encoded data. For example, the data might have been read from a public key file in the format:

 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpjFOHYRA1DJBVWXzUxV
 V8B/tBUhzRoZo/uKfk9kSFUeOi+wBGLtiALPqKW/OXn8CBSkBsTJErnmTZfnXDS8
 IRfMwODjzRMYFdXUkDju+rKsA0Bix77t00wluhBu3nzZc01ynE/kWO5QyHuOL5WX
 P5bkG/qi2Q8c+PTRw51dsjmNgbVF5NDQDcP5vNo3QPmJIAAntkoPOj7c0P68KI0y
 O65dAkgpdOHAZznfg+U6IRYrXxFprlf/mGjIuxSF4slaFxIQIgqUclj+c0JRdgEg
 I3oPy5m2KalFRJw4pHwEaBPwQQO5VN6XJp/CS0W7KwsLRjbcEEuQKSSeIablY/qH
 YQIDAQAB
 -----END PUBLIC KEY-----
 

Parameters:

data - the data to parse

Returns:

an RSAPublicKey as parsed from the data

Throws:

java.lang.IllegalStateException - when the key could not be parsed

loadX509CertificateFromBase64EncodedString

public static java.security.cert.X509Certificate loadX509CertificateFromBase64EncodedString(java.lang.String encodedString)

This method loads an X.509 encoded certificate from a Base64 encoded string (PEM format). Example:

 -----BEGIN CERTIFICATE-----
 MIICszCCAZsCBgFiBTBbQTANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDDBJTcHJp
 bmdCb290S2V5Y2xvYWswHhcNMTgwMzA4MTAzNjE3WhcNMjgwMzA4MTAzNzU3WjAd
 MRswGQYDVQQDDBJTcHJpbmdCb290S2V5Y2xvYWswggEiMA0GCSqGSIb3DQEBAQUA
 A4IBDwAwggEKAoIBAQCHtMFrciS+uW2+TgaEa5SphnSd3T5g/ToUiI9OWMD1K3jE
 iJ+xeYZ5/5+XRlgyZRLOUVHjU0bQwTCsvsUb/cFsYfTr1/pmRSKFVWs2wCNEq4sC
 Sl0Mut0Tn10MqYOh2eBBon+eyeP+m7HRpQ0Zwvx27D7mHJSUF4ElBuTQXeTRYlRR
 EMA73Bknbz+PjY8i2LzX8eCYxDCxc/ZsgvLjqbGa7UTYEoW1WzYu/GFyasHZyBAW
 OX7ngUwm4Qj9o4Z5qPEdhfIt81aaFW7sG+n7T8MX54wswNtVUwfqY2fsQ1yYukVB
 EtEUJPfeL9bFyMPkb49ILGLxXWctGZDT337rsYm5AgMBAAEwDQYJKoZIhvcNAQEL
 BQADggEBAFM40Mbd65wbAS22BR/eLKDB16UGw9Aq/vk78oYoufZxRmZSnTK66wNm
 /AEvuhJivVK17x48BBSUJCqL+31t2L8Nx9pTYEDKtVzj2YiNJBxqDeU2eneP6Yb7
 o3k2BflmRAGprtjxBcJCQ/aZe0Ipg/DPoxIYlJNcb4mEJLhnyk4QSzNiXd2jS5fi
 Bb0TcuVY8tfmaLbUkufYbh7bK+IH1/B5D09afsR0n354Lmb4FRMIOFa0ZGKczcOd
 yXaFuvXNARmfytuV4LJpOXE2CzK9NJcXFocvAxSEXZF7hYY9sBDnn5KVJdYoaq9P
 cR5W9x+nC28pYR85eEcYMl/B+PsKL9o=
 -----END CERTIFICATE-----
 

Parameters:

encodedString - the Base64 encoded string to parse

Returns:

the parsed new X509Certificate