Platform SDK Java 8.5 API Reference

com.genesyslab.platform.commons.connection.tls
Class KeyManagerHelper

java.lang.Object
  extended by com.genesyslab.platform.commons.connection.tls.KeyManagerHelper

public class KeyManagerHelper
extends java.lang.Object

Helper class that provides convenient methods to create KeyManager instances.


Constructor Summary
KeyManagerHelper()
           
 
Method Summary
static javax.net.ssl.X509ExtendedKeyManager createEmptyKeyManager()
          Creates empty KeyManager instance, one that does not contain any keys and/or certificates.
static javax.net.ssl.X509ExtendedKeyManager createJKSKeyManager(java.io.InputStream jksStream, char[] keyStorePassword, char[] entryPassword)
          Creates KeyManager that will use specified key store to get party credentials.
static javax.net.ssl.X509ExtendedKeyManager createJKSKeyManager(java.lang.String jksFilePath, char[] keyStorePassword, char[] entryPassword)
          Creates KeyManager that will use specified key store to get party credentials.
static javax.net.ssl.X509ExtendedKeyManager createMSCAPIKeyManager(javax.security.auth.callback.CallbackHandler callbackHandler, java.lang.String certThumbprint)
          Creates KeyManager that will use specified entry from Windows Certificate Services (WCS) as party credentials.
static javax.net.ssl.X509ExtendedKeyManager createPEMKeyManager(java.io.InputStream certStream, java.io.InputStream keyStream)
          Creates KeyManager that will use specified private key and certificate as party credentials.
static javax.net.ssl.X509ExtendedKeyManager createPEMKeyManager(java.lang.String certFilePath, java.lang.String keyFilePath)
          Creates KeyManager that will use specified private key and certificate as party credentials.
static javax.net.ssl.X509ExtendedKeyManager createPKCS11KeyManager(javax.security.auth.callback.CallbackHandler callbackHandler)
          Creates KeyManager that will use PKCS#11 security provider key store as party credentials.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

KeyManagerHelper

public KeyManagerHelper()
Method Detail

createPEMKeyManager

public static javax.net.ssl.X509ExtendedKeyManager createPEMKeyManager(java.io.InputStream certStream,
                                                                       java.io.InputStream keyStream)
                                                                throws java.io.IOException,
                                                                       java.security.GeneralSecurityException
Creates KeyManager that will use specified private key and certificate as party credentials.

Parameters:
certStream - Stream to load certificate from. Certificate must be in X.509 PEM format.
keyStream - Stream to load private key from. Key must be in PKCS#8 PEM format without password protection.
Returns:
Prepared KeyManager instance
Throws:
java.io.IOException - If there are problems reading any of the streams
java.security.GeneralSecurityException - If there are problems with certificate/key format and/or data

createPEMKeyManager

public static javax.net.ssl.X509ExtendedKeyManager createPEMKeyManager(java.lang.String certFilePath,
                                                                       java.lang.String keyFilePath)
                                                                throws java.io.IOException,
                                                                       java.security.GeneralSecurityException
Creates KeyManager that will use specified private key and certificate as party credentials.

Parameters:
certFilePath - Path to an existing file containing certificate in PEM-encoded X.509 format.
keyFilePath - Path to an existing file containing private key in PEM-encoded PKCS#8 format.
Returns:
Configured X509ExtendedKeyManager instance
Throws:
java.io.IOException
java.security.GeneralSecurityException

createMSCAPIKeyManager

public static javax.net.ssl.X509ExtendedKeyManager createMSCAPIKeyManager(javax.security.auth.callback.CallbackHandler callbackHandler,
                                                                          java.lang.String certThumbprint)
                                                                   throws java.io.IOException,
                                                                          java.security.GeneralSecurityException
Creates KeyManager that will use specified entry from Windows Certificate Services (WCS) as party credentials.

Parameters:
callbackHandler - CallbackHandler instance used to provide password necessary to access the entry. Must be always provided, can not be null. Use DummyCallbackHandler instance if no password is required.
certThumbprint - Hexadecimal thumbprint (SHA1 hash of signed certificate data) used to identify entry in WCS
Returns:
Configured X509ExtendedKeyManager instance
Throws:
java.io.IOException
java.security.GeneralSecurityException

createPKCS11KeyManager

public static javax.net.ssl.X509ExtendedKeyManager createPKCS11KeyManager(javax.security.auth.callback.CallbackHandler callbackHandler)
                                                                   throws java.io.IOException,
                                                                          java.security.GeneralSecurityException
Creates KeyManager that will use PKCS#11 security provider key store as party credentials. There is no way to specify a concrete entry in key store, as Java FIPS-compliant implementation does not allow that. Use provider-specific tools to configure key store.

Parameters:
callbackHandler - CallbackHandler instance used to provide password necessary to access key store. Must be always provided, can not be null. Use DummyCallbackHandler instance if no password is required.
Returns:
Configured X509ExtendedKeyManager instance or null if PKCS#11 security provider does not implement X509ExtendedKeyManager.
Throws:
java.security.GeneralSecurityException - If Java runtime is not in FIPS mode or there are problems getting data from key store.
java.io.IOException - If there are problems accessing key store.

createJKSKeyManager

public static javax.net.ssl.X509ExtendedKeyManager createJKSKeyManager(java.io.InputStream jksStream,
                                                                       char[] keyStorePassword,
                                                                       char[] entryPassword)
                                                                throws java.io.IOException,
                                                                       java.security.GeneralSecurityException
Creates KeyManager that will use specified key store to get party credentials. Unlike other key store types, JKS needs explicit passwords, Java API does not allow to wrap them in CallbackHandler objects.

Parameters:
jksStream - Stream to read key store from
keyStorePassword - Password to access key store
entryPassword - Password to access key/certificate entry in the key store
Returns:
Configured X509ExtendedKeyManager instance
Throws:
java.io.IOException - If there are problems reading data from stream.
java.security.GeneralSecurityException - If there are problems accessing key store.

createJKSKeyManager

public static javax.net.ssl.X509ExtendedKeyManager createJKSKeyManager(java.lang.String jksFilePath,
                                                                       char[] keyStorePassword,
                                                                       char[] entryPassword)
                                                                throws java.io.IOException,
                                                                       java.security.GeneralSecurityException
Creates KeyManager that will use specified key store to get party credentials. Unlike other key store types, JKS needs explicit passwords, Java API does not allow to wrap them in CallbackHandler objects.

Parameters:
jksFilePath - Path to file to read key store from
keyStorePassword - Password to access key store
entryPassword - Password to access key/certificate entry in the key store
Returns:
Configured X509ExtendedKeyManager instance
Throws:
java.io.IOException - If there are problems reading data from file.
java.security.GeneralSecurityException - If there are problems accessing key store.

createEmptyKeyManager

public static javax.net.ssl.X509ExtendedKeyManager createEmptyKeyManager()
Creates empty KeyManager instance, one that does not contain any keys and/or certificates. Used when application is not expected to provide any credentials to the other side.

Returns:
Empty KeyManager instance

Platform SDK Java 8.5 API Reference

Send comments on this topicTechpubs.webadmin@genesys.com.
Document version: 8.5.302.00
Copyright © 2006–2017 Genesys Telecommunications Laboratories, Inc. All rights reserved.