Package ghidra.net
Class ApplicationKeyManagerUtils
- java.lang.Object
-
- ghidra.net.ApplicationKeyManagerUtils
-
public class ApplicationKeyManagerUtils extends java.lang.ObjectApplicationKeyManagerUtilsprovides public methods for utilizing the application PKI key management, including access to trusted issuers (i.e., CA certificates), token signing and validation, and the ability to generate keystores for testing or when a self-signed certificate will suffice.
-
-
Field Summary
Fields Change Modifier and Type Field Description NEW static java.lang.StringBEGIN_CERTNEW static java.lang.StringEND_CERTNEW static java.lang.StringRSA_TYPEREMOVED DEFAULT_SIGNING_ALGORITHM() (Removed)REMOVED DEFAULT_AUTH_TYPE() (Removed)
-
Method Summary
All Methods Static Methods Concrete Methods Change Modifier and Type Method Description static java.security.KeyStore.PrivateKeyEntrycreateKeyEntry(java.lang.String alias, java.lang.String dn, int durationDays, java.security.KeyStore.PrivateKeyEntry caEntry, java.io.File keyFile, java.lang.String keystoreType, char[] protectedPassphrase)Generate a newX509Certificatewith RSAKeyPairand create/update aKeyStoreoptionally backed by a keyFile.static java.security.KeyStorecreateKeyStore(java.lang.String alias, java.lang.String dn, int durationDays, java.security.KeyStore.PrivateKeyEntry caEntry, java.io.File keyFile, java.lang.String keystoreType, char[] protectedPassphrase)Generate a newX509Certificatewith RSAKeyPairand create/update aKeyStoreoptionally backed by a keyFile.static voidexportX509Certificates(java.security.cert.Certificate[] certificates, java.io.File outFile)Export X.509 certificates to the specified outFile.static SignedTokengetSignedToken(java.security.Principal[] authorities, byte[] token)Sign the supplied token byte array using an installed certificate from one of the specified authoritiesstatic javax.security.auth.x500.X500Principal[]getTrustedIssuers()Returns a list of trusted issuers (i.e., CA certificates) as established by theApplicationTrustManagerFactory.static booleanisMySignature(java.security.Principal[] authorities, byte[] token, byte[] signature)Verify that the specified sigBytes reflect my signature of the specified token.static voidvalidateClient(java.security.cert.X509Certificate[] certChain, java.lang.String authType)Validate a client certificate ensuring that it is not expired and is trusted based upon the active trust managers.REMOVED KeyStorecreateKeyStore(File keyFile, String keystoreType, char[] protectedPassphrase, String alias, CertificateExtensions certExtensions, String dn, PrivateKeyEntry caSignerKeyEntry, int durationDays) (Removed)REMOVED voidexportX509Certificates(KeyStore keystore, File outFile) (Removed)REMOVED voidexportKeystore(KeyStore keystore, File outFile, char[] password) (Removed)
-
-
-
Field Detail
-
RSA_TYPE NEW
public static final java.lang.String RSA_TYPE
- See Also:
- Constant Field Values
-
BEGIN_CERT NEW
public static final java.lang.String BEGIN_CERT
- See Also:
- Constant Field Values
Method Detail
-
getSignedToken
public static SignedToken getSignedToken(java.security.Principal[] authorities, byte[] token) throws java.security.NoSuchAlgorithmException, java.security.SignatureException, java.security.cert.CertificateException
Sign the supplied token byte array using an installed certificate from one of the specified authorities- Parameters:
authorities- trusted certificate authoritiestoken- token byte array- Returns:
- signed token object
- Throws:
java.security.NoSuchAlgorithmException- algorithym associated within signing certificate not foundjava.security.SignatureException- failed to generate SignedTokenjava.security.cert.CertificateException- error associated with signing certificate
-
isMySignature
public static boolean isMySignature(java.security.Principal[] authorities, byte[] token, byte[] signature) throws java.security.NoSuchAlgorithmException, java.security.SignatureException, java.security.cert.CertificateExceptionVerify that the specified sigBytes reflect my signature of the specified token.- Parameters:
authorities- trusted certificate authoritiestoken- byte array tokensignature- token signature- Returns:
- true if signature is my signature
- Throws:
java.security.NoSuchAlgorithmException- algorithym associated within signing certificate not foundjava.security.SignatureException- failed to generate SignedTokenjava.security.cert.CertificateException- error associated with signing certificate
-
getTrustedIssuers
public static javax.security.auth.x500.X500Principal[] getTrustedIssuers() throws java.security.cert.CertificateExceptionReturns a list of trusted issuers (i.e., CA certificates) as established by theApplicationTrustManagerFactory.- Returns:
- array of trusted Certificate Authorities
- Throws:
java.security.cert.CertificateException- if failed to properly initialize trust manager due to CA certificate error(s).
-
validateClient
public static void validateClient(java.security.cert.X509Certificate[] certChain, java.lang.String authType) throws java.security.cert.CertificateExceptionValidate a client certificate ensuring that it is not expired and is trusted based upon the active trust managers.- Parameters:
certChain- X509 certificate chainauthType- authentication type (i.e., "RSA")- Throws:
java.security.cert.CertificateException- if certificate validation fails
-
exportX509Certificates NEW
public static void exportX509Certificates(java.security.cert.Certificate[] certificates, java.io.File outFile) throws java.io.IOException, java.security.cert.CertificateEncodingExceptionExport X.509 certificates to the specified outFile.- Parameters:
certificates- certificates to be storedoutFile- output file- Throws:
java.io.IOException- if error occurs writing to outFilejava.security.cert.CertificateEncodingException- if error occurs while encoding certificate data
-
createKeyStore NEW
public static final java.security.KeyStore createKeyStore(java.lang.String alias, java.lang.String dn, int durationDays, java.security.KeyStore.PrivateKeyEntry caEntry, java.io.File keyFile, java.lang.String keystoreType, char[] protectedPassphrase) throws java.security.KeyStoreExceptionGenerate a newX509Certificatewith RSAKeyPairand create/update aKeyStoreoptionally backed by a keyFile.- Parameters:
alias- entry alias with keystoredn- distinguished name (e.g., "CN=Ghidra Test, O=Ghidra, OU=Test, C=US" )durationDays- number of days which generated certificate should remain validcaEntry- optional CA private key entry. If null, a self-signed CA certificate will be generated.keyFile- optional file to load/store resultingKeyStore(may be null)keystoreType- support keystore type (e.g., "JKS", "PKCS12")protectedPassphrase- key and keystore protection password- Returns:
- keystore containing newly generated certification with key pair
- Throws:
java.security.KeyStoreException- if error occurs while updating keystore
-
createKeyEntry NEW
public static final java.security.KeyStore.PrivateKeyEntry createKeyEntry(java.lang.String alias, java.lang.String dn, int durationDays, java.security.KeyStore.PrivateKeyEntry caEntry, java.io.File keyFile, java.lang.String keystoreType, char[] protectedPassphrase) throws java.security.KeyStoreExceptionGenerate a newX509Certificatewith RSAKeyPairand create/update aKeyStoreoptionally backed by a keyFile.- Parameters:
alias- entry alias with keystoredn- distinguished name (e.g., "CN=Ghidra Test, O=Ghidra, OU=Test, C=US" )durationDays- number of days which generated certificate should remain validcaEntry- optional CA private key entry. If null, a self-signed CA certificate will be generated.keyFile- optional file to load/store resultingKeyStore(may be null)keystoreType- support keystore type (e.g., "JKS", "PKCS12")protectedPassphrase- key and keystore protection password- Returns:
- newly generated keystore entry with key pair
- Throws:
java.security.KeyStoreException- if error occurs while updating keystore
-
-