java.lang.Object
- com.google.api.client.util.SecurityUtils

```
public final class SecurityUtils
extends Object
```
Utilities related to Java security.

Since:

1.14

Author:

Yaniv Inbar

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static KeyStore`	`getDefaultKeyStore()`	Returns the default key store using `KeyStore.getDefaultType()`.
`static KeyStore`	`getJavaKeyStore()`	Returns the Java KeyStore (JKS).
`static KeyStore`	`getPkcs12KeyStore()`	Returns the PKCS12 key store.
`static PrivateKey`	`getPrivateKey(KeyStore keyStore, String alias, String keyPass)`	Returns the private key from the key store.
`static KeyFactory`	`getRsaKeyFactory()`	Returns the RSA key factory.
`static Signature`	`getSha1WithRsaSignatureAlgorithm()`	Returns the SHA-1 with RSA signature algorithm.
`static Signature`	`getSha256WithRsaSignatureAlgorithm()`	Returns the SHA-256 with RSA signature algorithm.
`static CertificateFactory`	`getX509CertificateFactory()`	Returns the X.509 certificate factory.
`static void`	`loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)`	Loads a key store from a stream.
`static void`	`loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)`	Loads a key store with certificates generated from the specified stream using `CertificateFactory.generateCertificates(InputStream)`.
`static PrivateKey`	`loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)`	Retrieves a private key from the specified key store stream and specified key store.
`static byte[]`	`sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)`	Signs content using a private key.
`static boolean`	`verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)`	Verifies the signature of signed content based on a public key.
`static X509Certificate`	`verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)`	Verifies the signature of signed content based on a certificate chain.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getDefaultKeyStore

public static KeyStore getDefaultKeyStore()
                                   throws KeyStoreException

Returns the default key store using KeyStore.getDefaultType().

Throws:: KeyStoreException

getJavaKeyStore

public static KeyStore getJavaKeyStore()
                                throws KeyStoreException

Returns the Java KeyStore (JKS).

Throws:: KeyStoreException

getPkcs12KeyStore

public static KeyStore getPkcs12KeyStore()
                                  throws KeyStoreException

Returns the PKCS12 key store.

Throws:: KeyStoreException

loadKeyStore

public static void loadKeyStore(KeyStore keyStore,
                                InputStream keyStream,
                                String storePass)
                         throws IOException,
                                GeneralSecurityException

Loads a key store from a stream.

Example usage:

    KeyStore keyStore = SecurityUtils.getJavaKeyStore();
    SecurityUtils.loadKeyStore(keyStore, new FileInputStream("certs.jks"), "password");

Parameters:: keyStore - key store; keyStream - input stream to the key store stream (closed at the end of this method in a finally block); storePass - password protecting the key store file
Throws:: IOException; GeneralSecurityException

getPrivateKey

public static PrivateKey getPrivateKey(KeyStore keyStore,
                                       String alias,
                                       String keyPass)
                                throws GeneralSecurityException

Returns the private key from the key store.

Parameters:: keyStore - key store; alias - alias under which the key is stored; keyPass - password protecting the key
Returns:: private key
Throws:: GeneralSecurityException

loadPrivateKeyFromKeyStore

public static PrivateKey loadPrivateKeyFromKeyStore(KeyStore keyStore,
                                                    InputStream keyStream,
                                                    String storePass,
                                                    String alias,
                                                    String keyPass)
                                             throws IOException,
                                                    GeneralSecurityException

Retrieves a private key from the specified key store stream and specified key store.

Parameters:: keyStore - key store; keyStream - input stream to the key store (closed at the end of this method in a finally block); storePass - password protecting the key store file; alias - alias under which the key is stored; keyPass - password protecting the key
Returns:: key from the key store
Throws:: IOException; GeneralSecurityException

getRsaKeyFactory

public static KeyFactory getRsaKeyFactory()
                                   throws NoSuchAlgorithmException

Returns the RSA key factory.

Throws:: NoSuchAlgorithmException

getSha1WithRsaSignatureAlgorithm

public static Signature getSha1WithRsaSignatureAlgorithm()
                                                  throws NoSuchAlgorithmException

Returns the SHA-1 with RSA signature algorithm.

Throws:: NoSuchAlgorithmException

getSha256WithRsaSignatureAlgorithm

public static Signature getSha256WithRsaSignatureAlgorithm()
                                                    throws NoSuchAlgorithmException

Returns the SHA-256 with RSA signature algorithm.

Throws:: NoSuchAlgorithmException

sign

public static byte[] sign(Signature signatureAlgorithm,
                          PrivateKey privateKey,
                          byte[] contentBytes)
                   throws InvalidKeyException,
                          SignatureException

Signs content using a private key.

Parameters:: signatureAlgorithm - signature algorithm; privateKey - private key; contentBytes - content to sign
Returns:: signed content
Throws:: InvalidKeyException; SignatureException

verify

public static boolean verify(Signature signatureAlgorithm,
                             PublicKey publicKey,
                             byte[] signatureBytes,
                             byte[] contentBytes)
                      throws InvalidKeyException,
                             SignatureException

Verifies the signature of signed content based on a public key.

Parameters:: signatureAlgorithm - signature algorithm; publicKey - public key; signatureBytes - signature bytes; contentBytes - content bytes
Returns:: whether the signature was verified
Throws:: InvalidKeyException; SignatureException

verify

public static X509Certificate verify(Signature signatureAlgorithm,
                                     X509TrustManager trustManager,
                                     List<String> certChainBase64,
                                     byte[] signatureBytes,
                                     byte[] contentBytes)
                              throws InvalidKeyException,
                                     SignatureException

Verifies the signature of signed content based on a certificate chain.

Parameters:: signatureAlgorithm - signature algorithm; trustManager - trust manager used to verify the certificate chain; certChainBase64 - Certificate chain used for verification. The certificates must be base64 encoded DER, the leaf certificate must be the first element.; signatureBytes - signature bytes; contentBytes - content bytes
Returns:: The signature certificate if the signature could be verified, null otherwise.
Throws:: InvalidKeyException; SignatureException
Since:: 1.19.1.

getX509CertificateFactory

public static CertificateFactory getX509CertificateFactory()
                                                    throws CertificateException

Returns the X.509 certificate factory.

Throws:: CertificateException

loadKeyStoreFromCertificates

public static void loadKeyStoreFromCertificates(KeyStore keyStore,
                                                CertificateFactory certificateFactory,
                                                InputStream certificateStream)
                                         throws GeneralSecurityException

Loads a key store with certificates generated from the specified stream using CertificateFactory.generateCertificates(InputStream).

For each certificate, KeyStore.setCertificateEntry(String, Certificate) is called with an alias that is the string form of incrementing non-negative integers starting with 0 (0, 1, 2, 3, ...).

Example usage:

    KeyStore keyStore = SecurityUtils.getJavaKeyStore();
    SecurityUtils.loadKeyStoreFromCertificates(keyStore, SecurityUtils.getX509CertificateFactory(),
        new FileInputStream(pemFile));

Parameters:: keyStore - key store (for example getJavaKeyStore()); certificateFactory - certificate factory (for example getX509CertificateFactory()); certificateStream - certificate stream
Throws:: GeneralSecurityException

Class SecurityUtils

Method Summary

Methods inherited from class java.lang.Object

Method Detail

getDefaultKeyStore

getJavaKeyStore

getPkcs12KeyStore

loadKeyStore

getPrivateKey

loadPrivateKeyFromKeyStore

getRsaKeyFactory

getSha1WithRsaSignatureAlgorithm

getSha256WithRsaSignatureAlgorithm

sign

verify

verify

getX509CertificateFactory

loadKeyStoreFromCertificates