Package com.browserup.bup.mitm.tools

Interface SecurityProviderTool

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      CertificateAndKey createCARootCertificate​(CertificateInfo certificateInfo, java.security.KeyPair keyPair, java.lang.String messageDigest)
      Creates a new self-signed CA root certificate, suitable for use signing new server certificates.
      java.security.KeyStore createRootCertificateKeyStore​(java.lang.String keyStoreType, CertificateAndKey rootCertificateAndKey, java.lang.String privateKeyAlias, java.lang.String password)
      Assembles a Java KeyStore containing a CA root certificate and its private key.
      CertificateAndKey createServerCertificate​(CertificateInfo certificateInfo, java.security.cert.X509Certificate caRootCertificate, java.security.PrivateKey caPrivateKey, java.security.KeyPair serverKeyPair, java.lang.String messageDigest)
      Creates a new server X.509 certificate using the serverKeyPair.
      java.security.KeyStore createServerKeyStore​(java.lang.String keyStoreType, CertificateAndKey serverCertificateAndKey, java.security.cert.X509Certificate rootCertificate, java.lang.String privateKeyAlias, java.lang.String password)
      Assembles a Java KeyStore containing a server's certificate, private key, and the certificate authority's certificate, which can be used to create an SSLContext.
      java.security.cert.X509Certificate decodePemEncodedCertificate​(java.io.Reader certificateReader)
      Decodes a PEM-encoded X.509 Certificate into a X509Certificate.
      java.security.PrivateKey decodePemEncodedPrivateKey​(java.io.Reader privateKeyReader, java.lang.String password)
      Decodes a PEM-encoded private key into a PrivateKey.
      java.lang.String encodeCertificateAsPem​(java.security.cert.Certificate certificate)
      Encodes a certificate in PEM format.
      java.lang.String encodePrivateKeyAsPem​(java.security.PrivateKey privateKey, java.lang.String passwordForPrivateKey, java.lang.String encryptionAlgorithm)
      Encodes a private key in PEM format, encrypting it with the specified password.
      javax.net.ssl.KeyManager[] getKeyManagers​(java.security.KeyStore keyStore, java.lang.String keyStorePassword)
      Retrieve the KeyManagers for the specified KeyStore.
      java.security.KeyStore loadKeyStore​(java.io.File file, java.lang.String keyStoreType, java.lang.String password)
      Loads a Java KeyStore object from a file.
      void saveKeyStore​(java.io.File file, java.security.KeyStore keyStore, java.lang.String keystorePassword)
      Saves a Java KeyStore to a file, protecting it with the specified password.

    • Method Detail

      • createCARootCertificate

        CertificateAndKey createCARootCertificate​(CertificateInfo certificateInfo,
                                          java.security.KeyPair keyPair,
                                          java.lang.String messageDigest)
        Creates a new self-signed CA root certificate, suitable for use signing new server certificates.
        Parameters:
        certificateInfo - certificate info to populate in the new root cert
        keyPair - root certificate's public and private keys
        messageDigest - digest to use when signing the new root certificate, such as SHA512
        Returns:
        a new root certificate and private key

      • createServerCertificate

        CertificateAndKey createServerCertificate​(CertificateInfo certificateInfo,
                                          java.security.cert.X509Certificate caRootCertificate,
                                          java.security.PrivateKey caPrivateKey,
                                          java.security.KeyPair serverKeyPair,
                                          java.lang.String messageDigest)
        Creates a new server X.509 certificate using the serverKeyPair. The new certificate will be populated with information from the specified certificateInfo and will be signed using the specified caPrivateKey and messageDigest.
        Parameters:
        certificateInfo - basic X.509 certificate info that will be used to create the server certificate
        caRootCertificate - root certificate that will be used to populate the issuer field of the server certificate
        serverKeyPair - server's public and private keys
        messageDigest - message digest to use when signing the server certificate, such as SHA512
        caPrivateKey - root certificate private key that will be used to sign the server certificate
        Returns:
        a new server certificate and its private key

      • createServerKeyStore

        java.security.KeyStore createServerKeyStore​(java.lang.String keyStoreType,
                                            CertificateAndKey serverCertificateAndKey,
                                            java.security.cert.X509Certificate rootCertificate,
                                            java.lang.String privateKeyAlias,
                                            java.lang.String password)
        Assembles a Java KeyStore containing a server's certificate, private key, and the certificate authority's certificate, which can be used to create an SSLContext.
        Parameters:
        keyStoreType - the KeyStore type, such as JKS or PKCS12
        serverCertificateAndKey - certificate and private key for the server, which will be placed in the KeyStore
        rootCertificate - CA root certificate of the private key that signed the server certificate
        privateKeyAlias - alias to assign the private key (with accompanying certificate chain) to in the KeyStore
        password - password for the new KeyStore and private key
        Returns:
        a new KeyStore with the server's certificate and password-protected private key

      • createRootCertificateKeyStore

        java.security.KeyStore createRootCertificateKeyStore​(java.lang.String keyStoreType,
                                                     CertificateAndKey rootCertificateAndKey,
                                                     java.lang.String privateKeyAlias,
                                                     java.lang.String password)
        Assembles a Java KeyStore containing a CA root certificate and its private key.
        Parameters:
        keyStoreType - the KeyStore type, such as JKS or PKCS12
        rootCertificateAndKey - certification authority's root certificate and private key, which will be placed in the KeyStore
        privateKeyAlias - alias to assign the private key (with accompanying certificate chain) to in the KeyStore
        password - password for the new KeyStore and private key
        Returns:
        a new KeyStore with the root certificate and password-protected private key

      • encodePrivateKeyAsPem

        java.lang.String encodePrivateKeyAsPem​(java.security.PrivateKey privateKey,
                                       java.lang.String passwordForPrivateKey,
                                       java.lang.String encryptionAlgorithm)
        Encodes a private key in PEM format, encrypting it with the specified password. The private key will be encrypted using the specified algorithm.
        Parameters:
        privateKey - private key to encode
        passwordForPrivateKey - password to protect the private key
        encryptionAlgorithm - algorithm to use to encrypt the private key
        Returns:
        PEM-encoded private key as a String

      • encodeCertificateAsPem

        java.lang.String encodeCertificateAsPem​(java.security.cert.Certificate certificate)
        Encodes a certificate in PEM format.
        Parameters:
        certificate - certificate to encode
        Returns:
        PEM-encoded certificate as a String

      • decodePemEncodedPrivateKey

        java.security.PrivateKey decodePemEncodedPrivateKey​(java.io.Reader privateKeyReader,
                                                    java.lang.String password)
        Decodes a PEM-encoded private key into a PrivateKey. The password may be null if the PEM-encoded private key is not password-encrypted.
        Parameters:
        privateKeyReader - a reader for a PEM-encoded private key
        password - password protecting the private key @return the decoded private key
        Returns:
        PrivateKey

      • decodePemEncodedCertificate

        java.security.cert.X509Certificate decodePemEncodedCertificate​(java.io.Reader certificateReader)
        Decodes a PEM-encoded X.509 Certificate into a X509Certificate.
        Parameters:
        certificateReader - a reader for a PEM-encoded certificate
        Returns:
        the decoded X.509 certificate

      • loadKeyStore

        java.security.KeyStore loadKeyStore​(java.io.File file,
                                    java.lang.String keyStoreType,
                                    java.lang.String password)
        Loads a Java KeyStore object from a file.
        Parameters:
        file - KeyStore file to load
        keyStoreType - KeyStore type (PKCS12, JKS, etc.)
        password - the KeyStore password
        Returns:
        an initialized Java KeyStore object

      • saveKeyStore

        void saveKeyStore​(java.io.File file,
                  java.security.KeyStore keyStore,
                  java.lang.String keystorePassword)
        Saves a Java KeyStore to a file, protecting it with the specified password.
        Parameters:
        file - file to save the KeyStore to
        keyStore - KeyStore to save
        keystorePassword - password for the KeyStore

      • getKeyManagers

        javax.net.ssl.KeyManager[] getKeyManagers​(java.security.KeyStore keyStore,
                                          java.lang.String keyStorePassword)
        Retrieve the KeyManagers for the specified KeyStore.
        Parameters:
        keyStore - the KeyStore to retrieve KeyManagers from
        keyStorePassword - the KeyStore password
        Returns:
        KeyManagers for the specified KeyStore