Package com.browserup.bup.mitm.tools
Class DefaultSecurityProviderTool
- java.lang.Object
-
- com.browserup.bup.mitm.tools.DefaultSecurityProviderTool
-
- All Implemented Interfaces:
SecurityProviderTool
public class DefaultSecurityProviderTool extends java.lang.Object implements SecurityProviderTool
ASecurityProviderToolimplementation that uses the default system Security provider where possible, but uses the Bouncy Castle provider for operations that the JCA does not provide or implement (e.g. certificate generation and signing).
-
-
Constructor Summary
Constructors Constructor Description DefaultSecurityProviderTool()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description CertificateAndKeycreateCARootCertificate(CertificateInfo certificateInfo, java.security.KeyPair keyPair, java.lang.String messageDigest)Creates a new self-signed CA root certificate, suitable for use signing new server certificates.java.security.KeyStorecreateRootCertificateKeyStore(java.lang.String keyStoreType, CertificateAndKey rootCertificateAndKey, java.lang.String privateKeyAlias, java.lang.String password)Assembles a Java KeyStore containing a CA root certificate and its private key.CertificateAndKeycreateServerCertificate(CertificateInfo certificateInfo, java.security.cert.X509Certificate caRootCertificate, java.security.PrivateKey caPrivateKey, java.security.KeyPair serverKeyPair, java.lang.String messageDigest)Creates a new server X.509 certificate using the serverKeyPair.java.security.KeyStorecreateServerKeyStore(java.lang.String keyStoreType, CertificateAndKey serverCertificateAndKey, java.security.cert.X509Certificate rootCertificate, java.lang.String privateKeyAlias, java.lang.String password)Assembles a Java KeyStore containing a server's certificate, private key, and the certificate authority's certificate, which can be used to create anSSLContext.java.security.cert.X509CertificatedecodePemEncodedCertificate(java.io.Reader certificateReader)Decodes a PEM-encoded X.509 Certificate into aX509Certificate.java.security.PrivateKeydecodePemEncodedPrivateKey(java.io.Reader privateKeyReader, java.lang.String password)Decodes a PEM-encoded private key into aPrivateKey.java.lang.StringencodeCertificateAsPem(java.security.cert.Certificate certificate)Encodes a certificate in PEM format.java.lang.StringencodePrivateKeyAsPem(java.security.PrivateKey privateKey, java.lang.String passwordForPrivateKey, java.lang.String encryptionAlgorithm)Encodes a private key in PEM format, encrypting it with the specified password.javax.net.ssl.KeyManager[]getKeyManagers(java.security.KeyStore keyStore, java.lang.String keyStorePassword)Retrieve the KeyManagers for the specified KeyStore.java.security.KeyStoreloadKeyStore(java.io.File file, java.lang.String keyStoreType, java.lang.String password)Loads the KeyStore from the specified InputStream.voidsaveKeyStore(java.io.File file, java.security.KeyStore keyStore, java.lang.String keystorePassword)Exports the keyStore to the specified file.
-
-
-
Method Detail
-
createCARootCertificate
public CertificateAndKey createCARootCertificate(CertificateInfo certificateInfo, java.security.KeyPair keyPair, java.lang.String messageDigest)
Description copied from interface:SecurityProviderToolCreates a new self-signed CA root certificate, suitable for use signing new server certificates.- Specified by:
createCARootCertificatein interfaceSecurityProviderTool- Parameters:
certificateInfo- certificate info to populate in the new root certkeyPair- root certificate's public and private keysmessageDigest- digest to use when signing the new root certificate, such as SHA512- Returns:
- a new root certificate and private key
-
createServerCertificate
public CertificateAndKey createServerCertificate(CertificateInfo certificateInfo, java.security.cert.X509Certificate caRootCertificate, java.security.PrivateKey caPrivateKey, java.security.KeyPair serverKeyPair, java.lang.String messageDigest)
Description copied from interface:SecurityProviderToolCreates a new server X.509 certificate using the serverKeyPair. The new certificate will be populated with information from the specified certificateInfo and will be signed using the specified caPrivateKey and messageDigest.- Specified by:
createServerCertificatein interfaceSecurityProviderTool- Parameters:
certificateInfo- basic X.509 certificate info that will be used to create the server certificatecaRootCertificate- root certificate that will be used to populate the issuer field of the server certificatecaPrivateKey- root certificate private key that will be used to sign the server certificateserverKeyPair- server's public and private keysmessageDigest- message digest to use when signing the server certificate, such as SHA512- Returns:
- a new server certificate and its private key
-
createServerKeyStore
public java.security.KeyStore createServerKeyStore(java.lang.String keyStoreType, CertificateAndKey serverCertificateAndKey, java.security.cert.X509Certificate rootCertificate, java.lang.String privateKeyAlias, java.lang.String password)Description copied from interface:SecurityProviderToolAssembles a Java KeyStore containing a server's certificate, private key, and the certificate authority's certificate, which can be used to create anSSLContext.- Specified by:
createServerKeyStorein interfaceSecurityProviderTool- Parameters:
keyStoreType- the KeyStore type, such as JKS or PKCS12serverCertificateAndKey- certificate and private key for the server, which will be placed in the KeyStorerootCertificate- CA root certificate of the private key that signed the server certificateprivateKeyAlias- alias to assign the private key (with accompanying certificate chain) to in the KeyStorepassword- password for the new KeyStore and private key- Returns:
- a new KeyStore with the server's certificate and password-protected private key
-
createRootCertificateKeyStore
public java.security.KeyStore createRootCertificateKeyStore(java.lang.String keyStoreType, CertificateAndKey rootCertificateAndKey, java.lang.String privateKeyAlias, java.lang.String password)Description copied from interface:SecurityProviderToolAssembles a Java KeyStore containing a CA root certificate and its private key.- Specified by:
createRootCertificateKeyStorein interfaceSecurityProviderTool- Parameters:
keyStoreType- the KeyStore type, such as JKS or PKCS12rootCertificateAndKey- certification authority's root certificate and private key, which will be placed in the KeyStoreprivateKeyAlias- alias to assign the private key (with accompanying certificate chain) to in the KeyStorepassword- password for the new KeyStore and private key- Returns:
- a new KeyStore with the root certificate and password-protected private key
-
encodePrivateKeyAsPem
public java.lang.String encodePrivateKeyAsPem(java.security.PrivateKey privateKey, java.lang.String passwordForPrivateKey, java.lang.String encryptionAlgorithm)Description copied from interface:SecurityProviderToolEncodes a private key in PEM format, encrypting it with the specified password. The private key will be encrypted using the specified algorithm.- Specified by:
encodePrivateKeyAsPemin interfaceSecurityProviderTool- Parameters:
privateKey- private key to encodepasswordForPrivateKey- password to protect the private keyencryptionAlgorithm- algorithm to use to encrypt the private key- Returns:
- PEM-encoded private key as a String
-
encodeCertificateAsPem
public java.lang.String encodeCertificateAsPem(java.security.cert.Certificate certificate)
Description copied from interface:SecurityProviderToolEncodes a certificate in PEM format.- Specified by:
encodeCertificateAsPemin interfaceSecurityProviderTool- Parameters:
certificate- certificate to encode- Returns:
- PEM-encoded certificate as a String
-
decodePemEncodedPrivateKey
public java.security.PrivateKey decodePemEncodedPrivateKey(java.io.Reader privateKeyReader, java.lang.String password)Description copied from interface:SecurityProviderToolDecodes a PEM-encoded private key into aPrivateKey. The password may be null if the PEM-encoded private key is not password-encrypted.- Specified by:
decodePemEncodedPrivateKeyin interfaceSecurityProviderTool- Parameters:
privateKeyReader- a reader for a PEM-encoded private keypassword- password protecting the private key @return the decoded private key- Returns:
- PrivateKey
-
decodePemEncodedCertificate
public java.security.cert.X509Certificate decodePemEncodedCertificate(java.io.Reader certificateReader)
Description copied from interface:SecurityProviderToolDecodes a PEM-encoded X.509 Certificate into aX509Certificate.- Specified by:
decodePemEncodedCertificatein interfaceSecurityProviderTool- Parameters:
certificateReader- a reader for a PEM-encoded certificate- Returns:
- the decoded X.509 certificate
-
loadKeyStore
public java.security.KeyStore loadKeyStore(java.io.File file, java.lang.String keyStoreType, java.lang.String password)Loads the KeyStore from the specified InputStream. The InputStream is not closed after the KeyStore has been read.- Specified by:
loadKeyStorein interfaceSecurityProviderTool- Parameters:
file- file containing a KeyStorekeyStoreType- KeyStore type, such as "JKS" or "PKCS12"password- password of the KeyStore- Returns:
- KeyStore loaded from the input stream
-
saveKeyStore
public void saveKeyStore(java.io.File file, java.security.KeyStore keyStore, java.lang.String keystorePassword)Exports the keyStore to the specified file.- Specified by:
saveKeyStorein interfaceSecurityProviderTool- Parameters:
file- file to save the KeyStore tokeyStore- KeyStore to exportkeystorePassword- the password for the KeyStore
-
getKeyManagers
public javax.net.ssl.KeyManager[] getKeyManagers(java.security.KeyStore keyStore, java.lang.String keyStorePassword)Description copied from interface:SecurityProviderToolRetrieve the KeyManagers for the specified KeyStore.- Specified by:
getKeyManagersin interfaceSecurityProviderTool- Parameters:
keyStore- the KeyStore to retrieve KeyManagers fromkeyStorePassword- the KeyStore password- Returns:
- KeyManagers for the specified KeyStore
-
-