Package org.openmuc.jship.node
Class KeyManagement
- java.lang.Object
-
- org.openmuc.jship.node.KeyManagement
-
public class KeyManagement extends java.lang.Object
everything related to key management and key encryption
-
-
Field Summary
Fields Modifier and Type Field Description protected static org.slf4j.Logger
log
-
Constructor Summary
Constructors Constructor Description KeyManagement(char[] passphrase, java.lang.String dn, int days)
creates a new key pair and certificate based on the generated key pair and stores it in a keystoreKeyManagement(java.nio.file.Path pathToKeyStore, java.lang.String keystoreFileName, char[] passphrase, java.lang.String dn, int days)
creates a new key pair and certificate and stores it in the specified path
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static void
addBCProvider()
adds provider only if it's not already in the JVMstatic void
addTrustedSki(java.lang.String ski, java.lang.Integer trustLevel)
static void
clearTrustedSkis()
CertificateInfo
createCertificate(java.security.KeyPair keyPair, java.lang.String dn, int days, CertificateInfo issuer)
generates a self-signed X.509 Certificatestatic org.bouncycastle.asn1.x509.SubjectKeyIdentifier
generateSki(java.security.PublicKey publicKey)
CertificateInfo
getCert()
java.security.KeyPair
getKeyPair()
java.security.KeyStore
getKs()
org.bouncycastle.asn1.x509.SubjectKeyIdentifier
getOwnSki()
java.lang.String
getOwnSkiAsStr()
char[]
getPassphrase()
java.nio.file.Path
getPathToKeyStoreFile()
static java.util.Map<java.lang.String,SkiManagementInfo>
getTrustedSkis()
static boolean
isValidSki(java.lang.String ski)
checks if a given string represents a valid SKI.static java.lang.String
parseSkiToString(org.bouncycastle.asn1.x509.SubjectKeyIdentifier ski)
returns the hex string that represents the SKI valuestatic boolean
removeTrustedSki(java.lang.String ski)
removes a ski from the trustedSkis mapvoid
setCert(CertificateInfo cert)
void
setKeyPair(java.security.KeyPair keyPair)
void
setKs(java.security.KeyStore ks)
void
setPassphrase(char[] passphrase)
void
setPathToKeyStoreFile(java.nio.file.Path pathToKeyStoreFile)
static void
setTrustedSkiAuthenticated(java.lang.String ski)
void
storeKeyPairInKeyStore(java.lang.String alias)
void
storeSymKeyInKeyStore(java.lang.String alias)
-
-
-
Constructor Detail
-
KeyManagement
public KeyManagement(java.nio.file.Path pathToKeyStore, java.lang.String keystoreFileName, char[] passphrase, java.lang.String dn, int days)
creates a new key pair and certificate and stores it in the specified path- Parameters:
pathToKeyStore
- path where the key store exists or should be createdkeystoreFileName
- key store file name without file extensionpassphrase
- passphrase for the key storedn
- X.509 Distinguished Name, eg "CN=TEst, L=London, C=GB". For IoT devices, usually the DeviceIDdays
- how many days the certificate should be valid for
-
KeyManagement
public KeyManagement(char[] passphrase, java.lang.String dn, int days)
creates a new key pair and certificate based on the generated key pair and stores it in a keystore- Parameters:
passphrase
- passphrase for the key storedn
- the X.509 Distinguished Name, eg "CN=Test, L=London, C=GB". For IoT devices, usually the DeviceIDdays
- how many days the Certificate is valid for
-
-
Method Detail
-
generateSki
public static org.bouncycastle.asn1.x509.SubjectKeyIdentifier generateSki(java.security.PublicKey publicKey)
-
parseSkiToString
public static java.lang.String parseSkiToString(org.bouncycastle.asn1.x509.SubjectKeyIdentifier ski)
returns the hex string that represents the SKI value- Returns:
- SKI value as hex string in lower case
-
isValidSki
public static boolean isValidSki(java.lang.String ski)
checks if a given string represents a valid SKI. Note that this method removes whitespaces prior to checking- Parameters:
ski
- the string to check- Returns:
true
if the string only uses hex digits and has a length of exactly 40
-
addBCProvider
public static void addBCProvider()
adds provider only if it's not already in the JVM
-
addTrustedSki
public static void addTrustedSki(java.lang.String ski, java.lang.Integer trustLevel)
-
setTrustedSkiAuthenticated
public static void setTrustedSkiAuthenticated(java.lang.String ski)
-
removeTrustedSki
public static boolean removeTrustedSki(java.lang.String ski)
removes a ski from the trustedSkis map- Parameters:
ski
- the ski to remove- Returns:
true
if the map contained the ski, otherwisefalse
-
getTrustedSkis
public static java.util.Map<java.lang.String,SkiManagementInfo> getTrustedSkis()
-
clearTrustedSkis
public static void clearTrustedSkis()
-
storeKeyPairInKeyStore
public void storeKeyPairInKeyStore(java.lang.String alias) throws java.security.NoSuchProviderException, java.security.KeyStoreException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.io.IOException
- Throws:
java.security.NoSuchProviderException
java.security.KeyStoreException
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.io.IOException
-
storeSymKeyInKeyStore
public void storeSymKeyInKeyStore(java.lang.String alias) throws java.security.NoSuchProviderException, java.security.KeyStoreException, java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.io.IOException
- Throws:
java.security.NoSuchProviderException
java.security.KeyStoreException
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.io.IOException
-
createCertificate
public CertificateInfo createCertificate(java.security.KeyPair keyPair, java.lang.String dn, int days, CertificateInfo issuer) throws org.bouncycastle.operator.OperatorCreationException, org.bouncycastle.cert.CertIOException, java.security.cert.CertificateException
generates a self-signed X.509 Certificate- Parameters:
dn
- the X.509 Distinguished Name, eg "CN=TEst, L=London, C=GB". For IoT devices, usually the DeviceIDdays
- how many days the Certificate is valid for- Returns:
- A self-signed certificate
- Throws:
org.bouncycastle.operator.OperatorCreationException
- if certificate generation goes wrongorg.bouncycastle.cert.CertIOException
- if certificate generation goes wrongjava.security.cert.CertificateException
- if certificate generation goes wrong
-
getOwnSki
public org.bouncycastle.asn1.x509.SubjectKeyIdentifier getOwnSki()
-
getOwnSkiAsStr
public java.lang.String getOwnSkiAsStr()
-
getKeyPair
public java.security.KeyPair getKeyPair()
-
setKeyPair
public void setKeyPair(java.security.KeyPair keyPair)
-
getCert
public CertificateInfo getCert()
-
setCert
public void setCert(CertificateInfo cert)
-
getPathToKeyStoreFile
public java.nio.file.Path getPathToKeyStoreFile()
-
setPathToKeyStoreFile
public void setPathToKeyStoreFile(java.nio.file.Path pathToKeyStoreFile)
-
getKs
public java.security.KeyStore getKs()
-
setKs
public void setKs(java.security.KeyStore ks)
-
getPassphrase
public char[] getPassphrase()
-
setPassphrase
public void setPassphrase(char[] passphrase)
-
-