Java KeyStoreException類代碼示例

import java.security.KeyStoreException; //導入依賴的package包/類
/** Deshabilita las comprobaciones de certificados en conexiones SSL, aceptádose entonces
 * cualquier certificado.
 * @throws KeyManagementException Si hay problemas en la gestión de claves SSL.
 * @throws NoSuchAlgorithmException Si el JRE no soporta algún algoritmo necesario.
 * @throws KeyStoreException Si no se puede cargar el KeyStore SSL.
 * @throws IOException Si hay errores en la carga del fichero KeyStore SSL.
 * @throws CertificateException Si los certificados del KeyStore SSL son inválidos.
 * @throws UnrecoverableKeyException Si una clave del KeyStore SSL es inválida.
 * @throws NoSuchProviderException Si ocurre un error al recuperar la instancia del Keystore.*/
public static void disableSslChecks() throws KeyManagementException,
                                             NoSuchAlgorithmException,
                                             KeyStoreException,
                                             UnrecoverableKeyException,
                                             CertificateException,
                                             IOException,
                                             NoSuchProviderException {
	final SSLContext sc = SSLContext.getInstance(SSL_CONTEXT);
	sc.init(getKeyManager(), DUMMY_TRUST_MANAGER, new java.security.SecureRandom());
	HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
	HttpsURLConnection.setDefaultHostnameVerifier(
		new HostnameVerifier() {
			@Override
			public boolean verify(final String hostname, final SSLSession session) {
				return true;
			}
		}
	);
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
@Bean
public RestTemplate restTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {

    SSLContext sslContext = SSLContexts.custom()
            .loadTrustMaterial(null, new TrustSelfSignedStrategy())
            .build();

    SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
    CloseableHttpClient httpClient = HttpClients.custom()
            .setSSLSocketFactory(sslConnectionSocketFactory)
            .build();

    HttpComponentsClientHttpRequestFactory requestFactory =
            new HttpComponentsClientHttpRequestFactory();

    requestFactory.setHttpClient(httpClient);

    return new RestTemplate(requestFactory);
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
/**
 * Assigns the given certificate to the given alias.
 *
 * <p>If the given alias already exists in this keystore and identifies a
 * <i>trusted certificate entry</i>, the certificate associated with it is
 * overridden by the given certificate.
 *
 * @param alias the alias name
 * @param cert the certificate
 *
 * @exception KeyStoreException if the given alias already exists and does
 * not identify a <i>trusted certificate entry</i>, or this operation
 * fails for some other reason.
 */
public void engineSetCertificateEntry(String alias, Certificate cert)
    throws KeyStoreException
{
    if (alias == null) {
        throw new KeyStoreException("alias must not be null");
    }

    if (cert instanceof X509Certificate) {

        // TODO - build CryptoAPI chain?
        X509Certificate[] chain =
            new X509Certificate[]{ (X509Certificate) cert };
        KeyEntry entry = entries.get(alias);

        if (entry == null) {
            entry =
                new KeyEntry(alias, null, chain);
            storeWithUniqueAlias(alias, entry);
        }

        if (entry.getPrivateKey() == null) { // trusted-cert entry
            entry.setAlias(alias);

            try {
                entry.setCertificateChain(chain);

            } catch (CertificateException ce) {
                throw new KeyStoreException(ce);
            }
        }

    } else {
        throw new UnsupportedOperationException(
            "Cannot assign the certificate to the given alias.");
    }
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
/**
 * 通過keystore獲取私鑰證書的certId值
 * @param keyStore
 * @return
 */
private static String getCertIdIdByStore(KeyStore keyStore) {
	Enumeration<String> aliasenum = null;
	try {
		aliasenum = keyStore.aliases();
		String keyAlias = null;
		if (aliasenum.hasMoreElements()) {
			keyAlias = aliasenum.nextElement();
		}
		X509Certificate cert = (X509Certificate) keyStore
				.getCertificate(keyAlias);
		return cert.getSerialNumber().toString();
	} catch (KeyStoreException e) {
		log.error("getCertIdIdByStore Error", e);
		return null;
	}
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
public SslHandlerFactory(AmqpServerConfiguration configuration) throws KeyStoreException, IOException,
        CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
    KeyStore keyStore = getKeyStore(configuration.getSsl().getKeyStore().getType(),
                                    configuration.getSsl().getKeyStore().getLocation(),
                                    configuration.getSsl().getKeyStore().getPassword());
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(configuration.getSsl()
                                                                                     .getKeyStore()
                                                                                     .getCertType());
    keyManagerFactory.init(keyStore, configuration.getSsl().getKeyStore().getPassword().toCharArray());

    KeyStore trustStore = getKeyStore(configuration.getSsl().getTrustStore().getType(),
                                      configuration.getSsl().getTrustStore().getLocation(),
                                      configuration.getSsl().getTrustStore().getPassword());
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(configuration.getSsl()
                                                                           .getTrustStore()
                                                                           .getCertType());
    trustManagerFactory.init(trustStore);

    sslContext = SSLContext.getInstance(configuration.getSsl().getProtocol());
    sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
private void initializeTrustedCACertificatesFromKeyStore() {
  try {
    InputStream is = AuthenticationResponseValidator.class.getResourceAsStream("/trusted_certificates.jks");
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    keystore.load(is, "changeit".toCharArray());
    Enumeration<String> aliases = keystore.aliases();
    while (aliases.hasMoreElements()) {
      String alias = aliases.nextElement();
      X509Certificate certificate = (X509Certificate) keystore.getCertificate(alias);
      addTrustedCACertificate(certificate);
    }
  } catch (IOException | CertificateException | KeyStoreException | NoSuchAlgorithmException e) {
    logger.error("Error initializing trusted CA certificates", e);
    throw new TechnicalErrorException("Error initializing trusted CA certificates", e);
  }
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
private static Key getKeyStoreKey(KeyStore ks, String keyAlias, List<char[]> passwords)
        throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
    UnrecoverableKeyException lastFailure = null;
    for (char[] password : passwords) {
        try {
            return ks.getKey(keyAlias, password);
        } catch (UnrecoverableKeyException e) {
            lastFailure = e;
        }
    }
    if (lastFailure == null) {
        throw new RuntimeException("No key passwords");
    } else {
        throw lastFailure;
    }
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
private CloseableHttpClient getApacheSslBypassClient() throws NoSuchAlgorithmException,
        KeyManagementException, KeyStoreException {
    return HttpClients.custom().
            setHostnameVerifier(new AllowAllHostnameVerifier()).
            setSslcontext(new SSLContextBuilder()
                                  .loadTrustMaterial(null, (arg0, arg1) -> true)
                                  .build()).build();
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
private void compareKeyEntry(KeyStore a, KeyStore b, String aPass,
        String bPass, String alias) throws KeyStoreException,
        UnrecoverableKeyException, NoSuchAlgorithmException {
    Certificate[] certsA = a.getCertificateChain(alias);
    Certificate[] certsB = b.getCertificateChain(alias);

    if (!Arrays.equals(certsA, certsB)) {
        throw new RuntimeException("Certs don't match for alias:" + alias);
    }

    Key keyA = a.getKey(alias, aPass.toCharArray());
    Key keyB = b.getKey(alias, bPass.toCharArray());

    if (!keyA.equals(keyB)) {
        throw new RuntimeException(
                "Key don't match for alias:" + alias);
    }
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
private void handleInteractions(Socket socket) throws IOException, KeyStoreException,
        NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, KeyManagementException,
        UnexpectedCommandException {

    ImapInteraction interaction = interactions.pop();
    if (interaction instanceof ExpectedCommand) {
        readExpectedCommand((ExpectedCommand) interaction);
    } else if (interaction instanceof CannedResponse) {
        writeCannedResponse((CannedResponse) interaction);
    } else if (interaction instanceof CloseConnection) {
        clientSocket.close();
    } else if (interaction instanceof EnableCompression) {
        enableCompression(socket);
    } else if (interaction instanceof UpgradeToTls) {
        upgradeToTls(socket);
    }
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
private void upgradeToTls(Socket socket) throws KeyStoreException, IOException, NoSuchAlgorithmException,
        CertificateException, UnrecoverableKeyException, KeyManagementException {

    KeyStore keyStore = keyStoreProvider.getKeyStore();

    String defaultAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(defaultAlgorithm);
    keyManagerFactory.init(keyStore, keyStoreProvider.getPassword());

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
    SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

    SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(
            socket, socket.getInetAddress().getHostAddress(), socket.getPort(), true);
    sslSocket.setUseClientMode(false);
    sslSocket.startHandshake();

    input = Okio.buffer(Okio.source(sslSocket.getInputStream()));
    output = Okio.buffer(Okio.sink(sslSocket.getOutputStream()));
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);
    txtKeystoreState = (TextView) findViewById(R.id.txtLabelKeyStore);

    try {
        secureUserStore = new SecureUserStore(this);
        SyncManager.setUserStore(secureUserStore);

        if (secureUserStore.isKeystoreUnlocked()) {
            buildSyncConf();
            keystoreUnlockedMessage();
        } else {
            secureUserStore.unlockKeystore();
        }
    } catch (KeyStoreException e) {
        e.printStackTrace();
    }
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
private static HttpClient createAllTrustingClient() throws RestClientException {
	HttpClient httpclient = null;
	try {
		final SSLContextBuilder builder = new SSLContextBuilder();
		builder.loadTrustMaterial((TrustStrategy) (X509Certificate[] chain, String authType) -> true);
		final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
				builder.build());
		httpclient = HttpClients
				.custom()
				.setSSLSocketFactory(sslsf)
				.setMaxConnTotal(1000)
				.setMaxConnPerRoute(1000)
				.build();
	} catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
		throw new RestClientException("Cannot create all SSL certificates trusting client", e);
	}
	return httpclient;
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
public DefaultX509TrustManager init() throws IOException {
    try {
        final TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(KeyStore.getInstance(KeyStore.getDefaultType()));
        final TrustManager[] trustmanagers = factory.getTrustManagers();
        if(trustmanagers.length == 0) {
            throw new NoSuchAlgorithmException("SunX509 trust manager not supported");
        }
        system = (javax.net.ssl.X509TrustManager) trustmanagers[0];
    }
    catch(NoSuchAlgorithmException | KeyStoreException e) {
        log.error(String.format("Initialization of trust store failed. %s", e.getMessage()));
        throw new IOException(e);
    }
    return this;
}
 

import java.security.KeyStoreException; //導入依賴的package包/類
/**
 * @since 4.1
 */
public SSLSocketFactory(
        final String algorithm,
        final KeyStore keystore,
        final String keyPassword,
        final KeyStore truststore,
        final SecureRandom random,
        final TrustStrategy trustStrategy,
        final X509HostnameVerifier hostnameVerifier)
            throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
    this(SSLContexts.custom()
            .useProtocol(algorithm)
            .setSecureRandom(random)
            .loadKeyMaterial(keystore, keyPassword != null ? keyPassword.toCharArray() : null)
            .loadTrustMaterial(truststore, trustStrategy)
            .build(),
            hostnameVerifier);
}