codec.pkcs.bin
Class ExtKeyTool

java.lang.Object
  codec.pkcs.bin.ExtKeyTool

public class ExtKeyTool
extends Object

Extension utility for use alongside Sun's keytool program. Performs useful functions not found in original.

Author:

Walter Hoehn

Nested Class Summary

private class	ExtKeyTool.ByteContainer Auto-enlarging container for bytes.
protected class	ExtKeyTool.ExtKeyToolException Signals that an error was encounted while using ExtKeyTool functions.
protected class	ExtKeyTool.InvalidCertificateChainException Signals that an error occurred while trying to constuct a certificate chain.

Field Summary

protected static boolean

debug_

Constructor Summary

ExtKeyTool()

Method Summary

void	exportKey(String provider, PrintStream outStream, InputStream keyStoreStream, String storeType, char[] keyStorePassword, String keyAlias, char[] keyPassword, boolean rfc) Retrieves a private key from a java keystore and writes it to an PrintStream
ByteArrayOutputStream	importKey(String provider, String keyAlgorithm, InputStream keyStream, InputStream chainStream, InputStream keyStoreInStream, String storeType, String keyAlias, char[] keyStorePassword, char[] keyPassword) Given a java keystore, private key, and matching certificate chain; creates a new keystore containing the union of these objects
protected String	initProvider(Properties arguments) Ensures that providers specified on the command line are in fact loaded into the current environment.
protected boolean	isMatchingKey(String algorithm, PublicKey pubKey, PrivateKey privKey) Boolean indication of whether a given private key and public key form a valid keypair.
protected X509Certificate[]	linkChain(String keyAlgorithm, X509Certificate[] untestedCerts, PrivateKey privKey) Converts an array of certificates into an ordered chain.
protected KeyStore	loadKeyStore(String provider, InputStream keyStoreStream, String storeType, char[] keyStorePassword) Creates and initializes a java KeyStore
protected static void	log(String str)
static void	main(String[] args)
private static Properties	parseArguments(String[] args) Tries to decipher command line arguments.
private static void	printUsage(PrintStream out)
protected PrivateKey	readPrivateKey(String provider, InputStream keyStream, String algorithm) Attempts to unmarshall a private key from a given stream.
protected char[]	resolveKeyPass(String keyPass, char[] storePass) Decides what password to use for storing/retrieving keys from the keystore.
protected File	resolveKeyStore(String keyStoreLocation) Determines the location of the keystore to use when performing the action
private void	run(Properties arguments) Based on on a set of properties, executes ExtKeyTool actions.
protected void	walkChain(X509Certificate[] chainSource, ArrayList chainDest) Given an ArrayList containing a base certificate and an array of unordered certificates, populates the ArrayList with an ordered certificate chain, based on subject and issuer.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

debug_

protected static boolean debug_

Constructor Detail

ExtKeyTool

public ExtKeyTool()

Method Detail

log

protected static void log(String str)

loadKeyStore

protected KeyStore loadKeyStore(String provider,
                                InputStream keyStoreStream,
                                String storeType,
                                char[] keyStorePassword)
                         throws ExtKeyTool.ExtKeyToolException

Creates and initializes a java KeyStore

Parameters:

provider - name of the jce provider to use in loading the keystore

keyStoreStream - stream used to retrieve the keystore

storeType - the type of the keystore

keyStorePassword - password used to verify the integrity of the keystore

Throws:

ExtKeyTool.ExtKeyToolException - if a problem is encountered loading the keystore

exportKey

public void exportKey(String provider,
                      PrintStream outStream,
                      InputStream keyStoreStream,
                      String storeType,
                      char[] keyStorePassword,
                      String keyAlias,
                      char[] keyPassword,
                      boolean rfc)
               throws ExtKeyTool.ExtKeyToolException

Retrieves a private key from a java keystore and writes it to an PrintStream

Parameters:

provider - name of the jce provider to use in retrieving the key

outStream - stream that should be used to output the retrieved key

keyStoreStream - stream used to retrieve the keystore

storeType - the type of the keystore

keyStorePassword - password used to verify the integrity of the keystore

keyAlias - the alias under which the key is stored

keyPassword - the password for recovering the key

rfc - boolean indicator of whether the key should be Base64 encoded before being written to the stream

Throws:

ExtKeyTool.ExtKeyToolException - if there a problem retrieving or writing the key

isMatchingKey

protected boolean isMatchingKey(String algorithm,
                                PublicKey pubKey,
                                PrivateKey privKey)

Boolean indication of whether a given private key and public key form a valid keypair.

Parameters:

pubKey - the public key

privKey - the private key

readPrivateKey

protected PrivateKey readPrivateKey(String provider,
                                    InputStream keyStream,
                                    String algorithm)
                             throws ExtKeyTool.ExtKeyToolException

Attempts to unmarshall a private key from a given stream.

Parameters:

keyStream - the InputStream suppying the key

algorithm - the key algorithm

Throws:

ExtKeyTool.ExtKeyToolException - if there a problem unmarshalling the key

linkChain

protected X509Certificate[] linkChain(String keyAlgorithm,
                                      X509Certificate[] untestedCerts,
                                      PrivateKey privKey)
                               throws ExtKeyTool.InvalidCertificateChainException

Converts an array of certificates into an ordered chain. A certificate that matches the specified private key will be returned first and the root certificate will be returned last.

Parameters:

untestedCerts - array of certificates

privKey - the private key used to determine the first cert in the chain

Throws:

ExtKeyTool.InvalidCertificateChainException - thrown if a chain cannot be constructed from the specified elements

walkChain

protected void walkChain(X509Certificate[] chainSource,
                         ArrayList chainDest)
                  throws ExtKeyTool.InvalidCertificateChainException

Given an ArrayList containing a base certificate and an array of unordered certificates, populates the ArrayList with an ordered certificate chain, based on subject and issuer.

Parameters:

chainSource - array of certificates to pull from

chainDest - ArrayList containing base certificate

Throws:

ExtKeyTool.InvalidCertificateChainException - thrown if a chain cannot be constructed from the specified elements

importKey

public ByteArrayOutputStream importKey(String provider,
                                       String keyAlgorithm,
                                       InputStream keyStream,
                                       InputStream chainStream,
                                       InputStream keyStoreInStream,
                                       String storeType,
                                       String keyAlias,
                                       char[] keyStorePassword,
                                       char[] keyPassword)
                                throws ExtKeyTool.ExtKeyToolException

Given a java keystore, private key, and matching certificate chain; creates a new keystore containing the union of these objects

Parameters:

provider - the name of the jce provider to use

keyAlgorithm - the algorithm of the key to be added, defaults to RSA if null

keyStream - strema used to retrieve the private key, can contain a PEM encoded or pkcs8 encoded key

chainStream - stream used to retrieve certificates, can contain a series of PEM encoded certs or a pkcs7 chain

keyStoreInStream - stream used to retrieve the initial keystore

storeType - the type of the keystore

keyAlias - the alias under which the key/chain should be saved

keyStorePassword - password used to verify the integrity of the old keystore and save the new keystore

keyPassword - the password for saving the key

Returns:

an OutputStream containing the new keystore

Throws:

ExtKeyTool.ExtKeyToolException - if there a problem importing the key

parseArguments

private static Properties parseArguments(String[] args)
                                  throws IllegalArgumentException

Tries to decipher command line arguments.

Throws:

IllegalArgumentException - if arguments are not properly formatted

initProvider

protected String initProvider(Properties arguments)

Ensures that providers specified on the command line are in fact loaded into the current environment.

Returns:

the name of the provider add, null if no provider was added

main

public static void main(String[] args)

run

private void run(Properties arguments)
          throws ExtKeyTool.ExtKeyToolException

Based on on a set of properties, executes ExtKeyTool actions.

Parameters:

arguments - runtime parameters specified on the command line

Throws:

ExtKeyTool.ExtKeyToolException

resolveKeyStore

protected File resolveKeyStore(String keyStoreLocation)
                        throws ExtKeyTool.ExtKeyToolException,
                               FileNotFoundException

Determines the location of the keystore to use when performing the action

Returns:

the File representation of the selected keystore

Throws:

ExtKeyTool.ExtKeyToolException

FileNotFoundException

resolveKeyPass

protected char[] resolveKeyPass(String keyPass,
                                char[] storePass)

Decides what password to use for storing/retrieving keys from the keystore. NOTE: Possible terminal interaction with the user.

Returns:

a char array containing the password

printUsage

private static void printUsage(PrintStream out)