本文整理汇总了Java中com.yahoo.athenz.auth.util.Crypto.loadPrivateKey方法的典型用法代码示例。如果您正苦于以下问题:Java Crypto.loadPrivateKey方法的具体用法?Java Crypto.loadPrivateKey怎么用?Java Crypto.loadPrivateKey使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类com.yahoo.athenz.auth.util.Crypto的用法示例。
在下文中一共展示了Crypto.loadPrivateKey方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: loadPrivateKey
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
private PrivateKey loadPrivateKey(String privateKeyURL) {
PrivateKey privateKey = null;
try {
URI uri = new URI(privateKeyURL);
if (isBlank(uri.getScheme())) {
// We treated as file path
privateKey = Crypto.loadPrivateKey(new File(privateKeyURL));
} else if (uri.getScheme().equals("file")) {
privateKey = Crypto.loadPrivateKey(new File(uri.getPath()));
} else if(uri.getScheme().equals("data")) {
List<String> dataParts = Splitter.on(",").splitToList(uri.getSchemeSpecificPart());
if (dataParts.get(0).equals("application/x-pem-file;base64")) {
privateKey = Crypto.loadPrivateKey(new String(Base64.getDecoder().decode(dataParts.get(1))));
} else {
throw new IllegalArgumentException("Unsupported media type or encoding format: " + dataParts.get(0));
}
}
} catch(URISyntaxException e) {
throw new IllegalArgumentException("Invalid privateKey format");
}
return privateKey;
}
示例2: testGenerateX509CertificateReqPrivateKey
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testGenerateX509CertificateReqPrivateKey() throws IOException {
Path path = Paths.get("src/test/resources/valid.csr");
String certStr = new String(Files.readAllBytes(path));
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(certStr);
X509Certificate caCertificate = Crypto.loadX509Certificate(ecPublicX509Cert);
PrivateKey caPrivateKey = Crypto.loadPrivateKey(rsaPrivateKey);
X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey,
caCertificate, 600, false);
assertNotNull(cert);
assertEquals(cert.getIssuerX500Principal().getName(),
"CN=athenz.syncer,O=My Test Company,L=Sunnyvale,ST=CA,C=US");
}
示例3: testX509CSRrequest
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test(dataProvider = "x500Principal")
public void testX509CSRrequest(String x500Principal, boolean badRequest) throws Exception{
PublicKey publicKey = Crypto.loadPublicKey(rsaPublicKey);
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
String certRequest = null;
GeneralName otherName1 = new GeneralName(GeneralName.otherName, new DERIA5String("role1"));
GeneralName otherName2 = new GeneralName(GeneralName.otherName, new DERIA5String("role2"));
GeneralName[] sanArray = new GeneralName[]{otherName1, otherName2};
try {
certRequest = Crypto.generateX509CSR(privateKey, publicKey, x500Principal, sanArray);
} catch (Exception e){
if (!badRequest){
fail("Should not have failed to create csr");
}
}
if (!badRequest){
//Now validate the csr
Crypto.getPKCS10CertRequest(certRequest);
}
}
示例4: testCreateStore
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testCreateStore() {
File privKeyFile = new File("src/test/resources/zts_private.pem");
String privKey = Crypto.encodedFile(privKeyFile);
PrivateKey pkey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey));
ZMSFileChangeLogStoreFactory factory = new ZMSFileChangeLogStoreFactory();
ChangeLogStore store = factory.create(ZTS_DATA_STORE_PATH, pkey, "0", null);
assertNotNull(store);
}
示例5: create
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Override
public CertSigner create() {
// extract the private key for this self cert signer
final String pKeyFileName = System.getProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_FNAME);
final String pKeyPassword = System.getProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_PASSWORD);
final String csrDn = System.getProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_CERT_DN,
"cn=Self Signed Athenz CA,o=Athenz,c=US");
if (pKeyFileName == null) {
LOGGER.error("No private key path available for Self Cert Signer Factory");
return null;
}
File caKey = new File(pKeyFileName);
PrivateKey caPrivateKey = Crypto.loadPrivateKey(caKey, pKeyPassword);
// now generate a CSR for our own CA and self sign it
String csr = null;
try {
csr = Crypto.generateX509CSR(caPrivateKey, csrDn, null);
} catch (OperatorCreationException | IOException ex) {
LOGGER.error("Unable to generate X509 CSR for dn: " + csrDn
+ ", error: " + ex.getMessage());
return null;
}
// generate our self signed certificate
X500Principal subject = new X500Principal(csrDn);
X500Name issuer = X500Name.getInstance(subject.getEncoded());
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(csr);
X509Certificate caCertificate = Crypto.generateX509Certificate(certReq,
caPrivateKey, issuer, 30 * 24 * 60, true);
return new SelfCertSigner(caPrivateKey, caCertificate);
}
示例6: testGenerateX509CertificateAltNames
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testGenerateX509CertificateAltNames() throws IOException {
Path path = Paths.get("src/test/resources/csr_altnames.csr");
String certStr = new String(Files.readAllBytes(path));
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(certStr);
X509Certificate caCertificate = Crypto.loadX509Certificate(ecPublicX509Cert);
PrivateKey caPrivateKey = Crypto.loadPrivateKey(privateEncryptedKey, encryptedKeyPassword);
X509Certificate cert = Crypto.generateX509Certificate(certReq, caPrivateKey,
caCertificate, 600, true);
assertNotNull(cert);
}
示例7: testGenerateRoleCertificateRequest
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testGenerateRoleCertificateRequest() {
File privkey = new File("./src/test/resources/test_private_k0.pem");
PrivateKey privateKey = Crypto.loadPrivateKey(privkey);
RoleCertificateRequest req = ZTSClient.generateRoleCertificateRequest("coretech",
"test", "sports", "readers", privateKey, "aws", 3600);
assertNotNull(req);
PKCS10CertificationRequest certReq = Crypto.getPKCS10CertRequest(req.getCsr());
assertEquals("sports:role.readers", Crypto.extractX509CSRCommonName(certReq));
assertEquals("[email protected]", Crypto.extractX509CSREmail(certReq));
}
示例8: testSimpleIdentityDefaultV0
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testSimpleIdentityDefaultV0() {
SimpleServiceIdentityProvider provider = new SimpleServiceIdentityProvider("coretech",
"athenz", Crypto.loadPrivateKey(k0File), "0");
Principal user = provider.getIdentity("coretech", "athenz");
assertNotNull(user);
assertTrue(user.getIssueTime() != 0);
String token = user.getCredentials();
PrincipalToken prToken = new PrincipalToken(token);
assertTrue(prToken.validate(servicePublicKeyStringK0, 0, false));
assertEquals(prToken.getKeyId(), "0");
}
示例9: getPrivateKey
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Override
public PrivateKey getPrivateKey(String service, String serverHostName,
StringBuilder privateKeyId) {
String privKeyName = System.getProperty(ATHENZ_PROP_PRIVATE_KEY);
if (LOG.isDebugEnabled()) {
LOG.debug("FilePrivateKeyStore: private key file=" + privKeyName);
}
if (privKeyName == null) {
return null;
}
// check to see if this is running in dev mode and thus it's
// a resource in our jar file
String privKey = null;
if (privKeyName.startsWith(ATHENZ_STR_JAR_RESOURCE)) {
privKey = retrieveKeyFromResource(privKeyName.substring(ATHENZ_STR_JAR_RESOURCE.length()));
} else {
File privKeyFile = new File(privKeyName);
privKey = Crypto.encodedFile(privKeyFile);
}
PrivateKey pkey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey));
if (pkey != null) {
privateKeyId.append(System.getProperty(ATHENZ_PROP_PRIVATE_KEY_ID, "0"));
}
return pkey;
}
示例10: testSignVerifyRSAKey
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@Test
public void testSignVerifyRSAKey() {
PrivateKey privateKey = Crypto.loadPrivateKey(rsaPrivateKey);
assertNotNull(privateKey);
String signature = Crypto.sign(serviceToken, privateKey);
assertEquals(signature, serviceRSASignature);
PublicKey publicKey = Crypto.loadPublicKey(rsaPublicKey);
assertNotNull(publicKey);
assertTrue(Crypto.verify(serviceToken, publicKey, signature));
}
示例11: setup
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
@BeforeMethod
public void setup() {
// we want to make sure we start we clean dir structure
ZMSFileChangeLogStore.deleteDirectory(new File(ZTS_DATA_STORE_PATH));
String privKeyName = System.getProperty(FilePrivateKeyStore.ATHENZ_PROP_PRIVATE_KEY);
File privKeyFile = new File(privKeyName);
String privKey = Crypto.encodedFile(privKeyFile);
privateKey = Crypto.loadPrivateKey(Crypto.ybase64DecodeString(privKey));
/* create our data store */
roleTokenDefaultTimeout = 2400;
System.setProperty(ZTSConsts.ZTS_PROP_ROLE_TOKEN_DEFAULT_TIMEOUT,
Integer.toString(roleTokenDefaultTimeout));
roleTokenMaxTimeout = 96000;
System.setProperty(ZTSConsts.ZTS_PROP_ROLE_TOKEN_MAX_TIMEOUT,
Integer.toString(roleTokenMaxTimeout));
System.setProperty(ZTSConsts.ZTS_PROP_AUTHORIZED_PROXY_USERS,
"user_domain.proxy-user1,user_domain.proxy-user2");
ChangeLogStore structStore = new MockZMSFileChangeLogStore("/tmp/zts_server_unit_tests/zts_root",
privateKey, "0");
CloudStore cloudStore = new CloudStore(null);
cloudStore.setHttpClient(null);
System.setProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_FNAME,
"src/test/resources/private_encrypted.key");
System.setProperty(ZTSConsts.ZTS_PROP_SELF_SIGNER_PRIVATE_KEY_PASSWORD, "athenz");
ZMSFileChangeLogStore.deleteDirectory(new File("/tmp/zts_server_cert_store"));
System.setProperty(ZTSConsts.ZTS_PROP_CERT_FILE_STORE_PATH, "/tmp/zts_server_cert_store");
store = new DataStore(structStore, cloudStore);
zts = new ZTSImpl(cloudStore, store);
ZTSImpl.serverHostName = "localhost";
authorizer = new ZTSAuthorizer(store);
}
示例12: main
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
public static void main(String[] args) throws MalformedURLException, IOException {
// parse our command line to retrieve required input
CommandLine cmd = parseCommandLine(args);
String domainName = cmd.getOptionValue("domain").toLowerCase();
String serviceName = cmd.getOptionValue("service").toLowerCase();
String provider = cmd.getOptionValue("provider").toLowerCase();
String instance = cmd.getOptionValue("instance");
String dnsSuffix = cmd.getOptionValue("dnssuffix");
String providerKeyPath = cmd.getOptionValue("providerkey");
String providerKeyId = cmd.getOptionValue("providerkeyid");
String instanceKeyPath = cmd.getOptionValue("instancekey");
String ztsUrl = cmd.getOptionValue("ztsurl");
// get our configured private key
PrivateKey providerKey = Crypto.loadPrivateKey(new File(providerKeyPath));
// first we are going to generate our attestation data
// which we are going to use jwt. ZTS Server will send
// this object to the specified provider for validation
String compactJws = Jwts.builder()
.setSubject(domainName + "." + serviceName)
.setIssuer(provider)
.setAudience("zts")
.setId(instance)
.setExpiration(new Date(System.currentTimeMillis()
+ TimeUnit.MILLISECONDS.convert(5, TimeUnit.MINUTES)))
.setHeaderParam("keyId", providerKeyId)
.signWith(SignatureAlgorithm.RS256, providerKey)
.compact();
System.out.println("JWS: \n" + compactJws + "\n");
// now we need to generate our CSR so we can get
// a TLS certificate for our instance
PrivateKey instanceKey = Crypto.loadPrivateKey(new File(instanceKeyPath));
String csr = generateCSR(domainName, serviceName, instance, dnsSuffix, instanceKey);
if (csr == null) {
System.err.println("Unable to generate CSR for instance");
System.exit(1);
}
System.out.println("CSR: \n" + csr + "\n");
// now let's generate our instance register object that will be sent
// to the ZTS Server
InstanceRegisterInformation info = new InstanceRegisterInformation()
.setAttestationData(compactJws)
.setDomain(domainName)
.setService(serviceName)
.setProvider(provider)
.setToken(true)
.setCsr(csr);
// now contact zts server to request identity for instance
InstanceIdentity identity = null;
Map<String, List<String>> responseHeaders = new HashMap<>();
try (ZTSClient ztsClient = new ZTSClient(ztsUrl)) {
identity = ztsClient.postInstanceRegisterInformation(info, responseHeaders);
} catch (ZTSClientException ex) {
System.out.println("Unable to register instance: " + ex.getMessage());
System.exit(2);
}
System.out.println("Identity TLS Certificate: \n" + identity.getX509Certificate());
Map<String, String> attrs = identity.getAttributes();
if (attrs != null) {
System.out.println("Provider Attributes:");
for (String key : attrs.keySet()) {
System.out.println("\t" + key + ": " + attrs.get(key));
}
}
}
示例13: main
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
public static void main(String[] args) throws MalformedURLException, IOException {
// parse our command line to retrieve required input
CommandLine cmd = parseCommandLine(args);
String domainName = cmd.getOptionValue("domain").toLowerCase();
String serviceName = cmd.getOptionValue("service").toLowerCase();
String provider = cmd.getOptionValue("provider").toLowerCase();
String instance = cmd.getOptionValue("instance");
String dnsSuffix = cmd.getOptionValue("dnssuffix");
String instanceKeyPath = cmd.getOptionValue("instancekey");
String ztsUrl = cmd.getOptionValue("ztsurl");
// now we need to generate our CSR so we can get
// a TLS certificate for our instance
PrivateKey instanceKey = Crypto.loadPrivateKey(new File(instanceKeyPath));
String csr = generateCSR(domainName, serviceName, instance, dnsSuffix, instanceKey);
if (csr == null) {
System.err.println("Unable to generate CSR for instance");
System.exit(1);
}
System.out.println("CSR: \n" + csr + "\n");
// now let's generate our instance refresh object that will be sent
// to the ZTS Server
InstanceRefreshInformation info = new InstanceRefreshInformation()
.setToken(true)
.setCsr(csr);
// now contact zts server to request identity for instance
InstanceIdentity identity = null;
try (ZTSClient ztsClient = new ZTSClient(ztsUrl)) {
identity = ztsClient.postInstanceRefreshInformation(provider, domainName,
serviceName, instance, info);
} catch (ZTSClientException ex) {
System.out.println("Unable to register instance: " + ex.getMessage());
System.exit(2);
}
System.out.println("Identity TLS Certificate: \n" + identity.getX509Certificate());
}
示例14: InstanceProviderHandlerImpl
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
public InstanceProviderHandlerImpl() {
instanceProvider = System.getProperty(PROP_PROVIDER_NAME);
final String keyPath = System.getProperty(PROP_PROVIDER_KEY_PATH);
providerKey = Crypto.loadPrivateKey(new File(keyPath));
}
示例15: signPolicies
import com.yahoo.athenz.auth.util.Crypto; //导入方法依赖的package包/类
static String signPolicies(String ztsPrivateKeyPath, String zmsPrivateKeyPath, String signedPolicyFile,
String newPolicyFile) {
String etag = null;
try {
Path path = Paths.get(ztsPrivateKeyPath);
PrivateKey ztsPrivateKey = Crypto.loadPrivateKey(new String((Files.readAllBytes(path))));
path = Paths.get(zmsPrivateKeyPath);
PrivateKey zmsPrivateKey = Crypto.loadPrivateKey(new String((Files.readAllBytes(path))));
path = Paths.get(signedPolicyFile);
DomainSignedPolicyData domainSignedPolicyData = JSON.fromBytes(Files.readAllBytes(path),
DomainSignedPolicyData.class);
SignedPolicyData signedPolicyData = domainSignedPolicyData.getSignedPolicyData();
PolicyData policyData = signedPolicyData.getPolicyData();
signedPolicyData.setZmsSignature(Crypto.sign(SignUtils.asCanonicalString(policyData), zmsPrivateKey));
signedPolicyData.setZmsKeyId("0");
long curTime = System.currentTimeMillis();
Timestamp modified = Timestamp.fromMillis(curTime);
signedPolicyData.setModified(modified);
Timestamp expires = Timestamp.fromMillis(curTime + (1000L * 60 * 60 * 24 * 7));
signedPolicyData.setExpires(expires);
String signature = Crypto.sign(SignUtils.asCanonicalString(signedPolicyData), ztsPrivateKey);
domainSignedPolicyData.setSignature(signature).setKeyId("0");
File file = new File(newPolicyFile);
file.createNewFile();
Files.write(file.toPath(), JSON.bytes(domainSignedPolicyData));
etag = "\"" + modified.toString() + "\"";
} catch (IOException e) {
System.out.println("Exception: " + e.getMessage());
System.exit(-1);
}
System.out.println("Signed " + newPolicyFile + " policy file");
return etag;
}