public final class SecurityUtilsUtilities related to Java security.
Static Methods
createMtlsKeyStore(InputStream certAndKey)
public static KeyStore createMtlsKeyStore(InputStream certAndKey)Beta 
 Create a keystore for mutual TLS with the certificate and private key provided.
| Name | Description | 
| certAndKey | InputStreamCertificate and private key input stream. The stream should contain one certificate and one unencrypted private key. If there are multiple certificates, only the first certificate will be used. | 
| Type | Description | 
| KeyStore | keystore for mutual TLS. | 
| Type | Description | 
| GeneralSecurityException | |
| IOException | 
getDefaultKeyStore()
public static KeyStore getDefaultKeyStore()Returns the default key store using KeyStore#getDefaultType().
| Type | Description | 
| KeyStore | 
| Type | Description | 
| KeyStoreException | 
getEs256SignatureAlgorithm()
public static Signature getEs256SignatureAlgorithm()Returns the SHA-256 with ECDSA signature algorithm
| Type | Description | 
| Signature | 
| Type | Description | 
| NoSuchAlgorithmException | 
getJavaKeyStore()
public static KeyStore getJavaKeyStore()Returns the Java KeyStore (JKS).
| Type | Description | 
| KeyStore | 
| Type | Description | 
| KeyStoreException | 
getPkcs12KeyStore()
public static KeyStore getPkcs12KeyStore()Returns the PKCS12 key store.
| Type | Description | 
| KeyStore | 
| Type | Description | 
| KeyStoreException | 
getPrivateKey(KeyStore keyStore, String alias, String keyPass)
public static PrivateKey getPrivateKey(KeyStore keyStore, String alias, String keyPass)Returns the private key from the key store.
| Name | Description | 
| keyStore | KeyStorekey store | 
| alias | Stringalias under which the key is stored | 
| keyPass | Stringpassword protecting the key | 
| Type | Description | 
| PrivateKey | private key | 
| Type | Description | 
| GeneralSecurityException | 
getRsaKeyFactory()
public static KeyFactory getRsaKeyFactory()Returns the RSA key factory.
| Type | Description | 
| KeyFactory | 
| Type | Description | 
| NoSuchAlgorithmException | 
getSha1WithRsaSignatureAlgorithm()
public static Signature getSha1WithRsaSignatureAlgorithm()Returns the SHA-1 with RSA signature algorithm.
| Type | Description | 
| Signature | 
| Type | Description | 
| NoSuchAlgorithmException | 
getSha256WithRsaSignatureAlgorithm()
public static Signature getSha256WithRsaSignatureAlgorithm()Returns the SHA-256 with RSA signature algorithm.
| Type | Description | 
| Signature | 
| Type | Description | 
| NoSuchAlgorithmException | 
getX509CertificateFactory()
public static CertificateFactory getX509CertificateFactory()Returns the X.509 certificate factory.
| Type | Description | 
| CertificateFactory | 
| Type | Description | 
| CertificateException | 
loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)
public static void loadKeyStore(KeyStore keyStore, InputStream keyStream, String storePass)Loads a key store from a stream.
Example usage:
KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStore(keyStore, new FileInputStream("certs.jks"), "password");
| Name | Description | 
| keyStore | KeyStorekey store | 
| keyStream | InputStreaminput stream to the key store stream (closed at the end of this method in a finally block) | 
| storePass | Stringpassword protecting the key store file | 
| Type | Description | 
| IOException | |
| GeneralSecurityException | 
loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)
public static void loadKeyStoreFromCertificates(KeyStore keyStore, CertificateFactory certificateFactory, InputStream certificateStream)Loads a key store with certificates generated from the specified stream using CertificateFactory#generateCertificates(InputStream).
For each certificate, KeyStore#setCertificateEntry(String, Certificate) is called with an alias that is the string form of incrementing non-negative integers starting with 0 (0, 1, 2, 3, ...).
Example usage:
KeyStore keyStore = SecurityUtils.getJavaKeyStore(); SecurityUtils.loadKeyStoreFromCertificates(keyStore, SecurityUtils.getX509CertificateFactory(), new FileInputStream(pemFile));
| Name | Description | 
| keyStore | KeyStorekey store (for example #getJavaKeyStore()) | 
| certificateFactory | CertificateFactorycertificate factory (for example #getX509CertificateFactory()) | 
| certificateStream | InputStreamcertificate stream | 
| Type | Description | 
| GeneralSecurityException | 
loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)
public static PrivateKey loadPrivateKeyFromKeyStore(KeyStore keyStore, InputStream keyStream, String storePass, String alias, String keyPass)Retrieves a private key from the specified key store stream and specified key store.
| Name | Description | 
| keyStore | KeyStorekey store | 
| keyStream | InputStreaminput stream to the key store (closed at the end of this method in a finally block) | 
| storePass | Stringpassword protecting the key store file | 
| alias | Stringalias under which the key is stored | 
| keyPass | Stringpassword protecting the key | 
| Type | Description | 
| PrivateKey | key from the key store | 
| Type | Description | 
| IOException | |
| GeneralSecurityException | 
sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)
public static byte[] sign(Signature signatureAlgorithm, PrivateKey privateKey, byte[] contentBytes)Signs content using a private key.
| Name | Description | 
| signatureAlgorithm | Signaturesignature algorithm | 
| privateKey | PrivateKeyprivate key | 
| contentBytes | byte[]content to sign | 
| Type | Description | 
| byte[] | signed content | 
| Type | Description | 
| InvalidKeyException | |
| SignatureException | 
verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)
public static boolean verify(Signature signatureAlgorithm, PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)Verifies the signature of signed content based on a public key.
| Name | Description | 
| signatureAlgorithm | Signaturesignature algorithm | 
| publicKey | PublicKeypublic key | 
| signatureBytes | byte[]signature bytes | 
| contentBytes | byte[]content bytes | 
| Type | Description | 
| boolean | whether the signature was verified | 
| Type | Description | 
| InvalidKeyException | |
| SignatureException | 
verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)
public static X509Certificate verify(Signature signatureAlgorithm, X509TrustManager trustManager, List<String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)Verifies the signature of signed content based on a certificate chain.
| Name | Description | 
| signatureAlgorithm | Signaturesignature algorithm | 
| trustManager | X509TrustManagertrust manager used to verify the certificate chain | 
| certChainBase64 | List<String>Certificate chain used for verification. The certificates must be base64 encoded DER, the leaf certificate must be the first element. | 
| signatureBytes | byte[]signature bytes | 
| contentBytes | byte[]content bytes | 
| Type | Description | 
| X509Certificate | The signature certificate if the signature could be verified, null otherwise. | 
| Type | Description | 
| InvalidKeyException | |
| SignatureException |