Package com.google.api.client.util

Class SecurityUtils

  • public final class SecurityUtils
extends java.lang.Object
    Utilities related to Java security.
    Since:
    1.14

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private SecurityUtils()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.security.KeyStore getDefaultKeyStore()
      Returns the default key store using KeyStore.getDefaultType().
      static java.security.KeyStore getJavaKeyStore()
      Returns the Java KeyStore (JKS).
      static java.security.KeyStore getPkcs12KeyStore()
      Returns the PKCS12 key store.
      static java.security.PrivateKey getPrivateKey​(java.security.KeyStore keyStore, java.lang.String alias, java.lang.String keyPass)
      Returns the private key from the key store.
      static java.security.KeyFactory getRsaKeyFactory()
      Returns the RSA key factory.
      static java.security.Signature getSha1WithRsaSignatureAlgorithm()
      Returns the SHA-1 with RSA signature algorithm.
      static java.security.Signature getSha256WithRsaSignatureAlgorithm()
      Returns the SHA-256 with RSA signature algorithm.
      static java.security.cert.CertificateFactory getX509CertificateFactory()
      Returns the X.509 certificate factory.
      static void loadKeyStore​(java.security.KeyStore keyStore, java.io.InputStream keyStream, java.lang.String storePass)
      Loads a key store from a stream.
      static void loadKeyStoreFromCertificates​(java.security.KeyStore keyStore, java.security.cert.CertificateFactory certificateFactory, java.io.InputStream certificateStream)
      Loads a key store with certificates generated from the specified stream using CertificateFactory.generateCertificates(InputStream).
      static java.security.PrivateKey loadPrivateKeyFromKeyStore​(java.security.KeyStore keyStore, java.io.InputStream keyStream, java.lang.String storePass, java.lang.String alias, java.lang.String keyPass)
      Retrieves a private key from the specified key store stream and specified key store.
      static byte[] sign​(java.security.Signature signatureAlgorithm, java.security.PrivateKey privateKey, byte[] contentBytes)
      Signs content using a private key.
      static boolean verify​(java.security.Signature signatureAlgorithm, java.security.PublicKey publicKey, byte[] signatureBytes, byte[] contentBytes)
      Verifies the signature of signed content based on a public key.
      static java.security.cert.X509Certificate verify​(java.security.Signature signatureAlgorithm, javax.net.ssl.X509TrustManager trustManager, java.util.List<java.lang.String> certChainBase64, byte[] signatureBytes, byte[] contentBytes)
      Verifies the signature of signed content based on a certificate chain.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SecurityUtils

        private SecurityUtils()

    • Method Detail

      • getDefaultKeyStore

        public static java.security.KeyStore getDefaultKeyStore()
                                                 throws java.security.KeyStoreException
        Returns the default key store using KeyStore.getDefaultType().
        Throws:
        java.security.KeyStoreException

      • getJavaKeyStore

        public static java.security.KeyStore getJavaKeyStore()
                                              throws java.security.KeyStoreException
        Returns the Java KeyStore (JKS).
        Throws:
        java.security.KeyStoreException

      • getPkcs12KeyStore

        public static java.security.KeyStore getPkcs12KeyStore()
                                                throws java.security.KeyStoreException
        Returns the PKCS12 key store.
        Throws:
        java.security.KeyStoreException

      • loadKeyStore

        public static void loadKeyStore​(java.security.KeyStore keyStore,
                                java.io.InputStream keyStream,
                                java.lang.String storePass)
                         throws java.io.IOException,
                                java.security.GeneralSecurityException
        Loads a key store from a stream.

        Example usage: 

            KeyStore keyStore = SecurityUtils.getJavaKeyStore();
    SecurityUtils.loadKeyStore(keyStore, new FileInputStream("certs.jks"), "password");
        Parameters:
        keyStore - key store
        keyStream - input stream to the key store stream (closed at the end of this method in a finally block)
        storePass - password protecting the key store file
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException

      • getPrivateKey

        public static java.security.PrivateKey getPrivateKey​(java.security.KeyStore keyStore,
                                                     java.lang.String alias,
                                                     java.lang.String keyPass)
                                              throws java.security.GeneralSecurityException
        Returns the private key from the key store.
        Parameters:
        keyStore - key store
        alias - alias under which the key is stored
        keyPass - password protecting the key
        Returns:
        private key
        Throws:
        java.security.GeneralSecurityException

      • loadPrivateKeyFromKeyStore

        public static java.security.PrivateKey loadPrivateKeyFromKeyStore​(java.security.KeyStore keyStore,
                                                                  java.io.InputStream keyStream,
                                                                  java.lang.String storePass,
                                                                  java.lang.String alias,
                                                                  java.lang.String keyPass)
                                                           throws java.io.IOException,
                                                                  java.security.GeneralSecurityException
        Retrieves a private key from the specified key store stream and specified key store.
        Parameters:
        keyStore - key store
        keyStream - input stream to the key store (closed at the end of this method in a finally block)
        storePass - password protecting the key store file
        alias - alias under which the key is stored
        keyPass - password protecting the key
        Returns:
        key from the key store
        Throws:
        java.io.IOException
        java.security.GeneralSecurityException

      • getRsaKeyFactory

        public static java.security.KeyFactory getRsaKeyFactory()
                                                 throws java.security.NoSuchAlgorithmException
        Returns the RSA key factory.
        Throws:
        java.security.NoSuchAlgorithmException

      • getSha1WithRsaSignatureAlgorithm

        public static java.security.Signature getSha1WithRsaSignatureAlgorithm()
                                                                throws java.security.NoSuchAlgorithmException
        Returns the SHA-1 with RSA signature algorithm.
        Throws:
        java.security.NoSuchAlgorithmException

      • getSha256WithRsaSignatureAlgorithm

        public static java.security.Signature getSha256WithRsaSignatureAlgorithm()
                                                                  throws java.security.NoSuchAlgorithmException
        Returns the SHA-256 with RSA signature algorithm.
        Throws:
        java.security.NoSuchAlgorithmException

      • sign

        public static byte[] sign​(java.security.Signature signatureAlgorithm,
                          java.security.PrivateKey privateKey,
                          byte[] contentBytes)
                   throws java.security.InvalidKeyException,
                          java.security.SignatureException
        Signs content using a private key.
        Parameters:
        signatureAlgorithm - signature algorithm
        privateKey - private key
        contentBytes - content to sign
        Returns:
        signed content
        Throws:
        java.security.InvalidKeyException
        java.security.SignatureException

      • verify

        public static boolean verify​(java.security.Signature signatureAlgorithm,
                             java.security.PublicKey publicKey,
                             byte[] signatureBytes,
                             byte[] contentBytes)
                      throws java.security.InvalidKeyException,
                             java.security.SignatureException
        Verifies the signature of signed content based on a public key.
        Parameters:
        signatureAlgorithm - signature algorithm
        publicKey - public key
        signatureBytes - signature bytes
        contentBytes - content bytes
        Returns:
        whether the signature was verified
        Throws:
        java.security.InvalidKeyException
        java.security.SignatureException

      • verify

        public static java.security.cert.X509Certificate verify​(java.security.Signature signatureAlgorithm,
                                                        javax.net.ssl.X509TrustManager trustManager,
                                                        java.util.List<java.lang.String> certChainBase64,
                                                        byte[] signatureBytes,
                                                        byte[] contentBytes)
                                                 throws java.security.InvalidKeyException,
                                                        java.security.SignatureException
        Verifies the signature of signed content based on a certificate chain.
        Parameters:
        signatureAlgorithm - signature algorithm
        trustManager - trust manager used to verify the certificate chain
        certChainBase64 - Certificate chain used for verification. The certificates must be base64 encoded DER, the leaf certificate must be the first element.
        signatureBytes - signature bytes
        contentBytes - content bytes
        Returns:
        The signature certificate if the signature could be verified, null otherwise.
        Throws:
        java.security.InvalidKeyException
        java.security.SignatureException
        Since:
        1.19.1.

      • getX509CertificateFactory

        public static java.security.cert.CertificateFactory getX509CertificateFactory()
                                                                       throws java.security.cert.CertificateException
        Returns the X.509 certificate factory.
        Throws:
        java.security.cert.CertificateException

      • loadKeyStoreFromCertificates

        public static void loadKeyStoreFromCertificates​(java.security.KeyStore keyStore,
                                                java.security.cert.CertificateFactory certificateFactory,
                                                java.io.InputStream certificateStream)
                                         throws java.security.GeneralSecurityException
        Loads a key store with certificates generated from the specified stream using CertificateFactory.generateCertificates(InputStream).

        For each certificate, KeyStore.setCertificateEntry(String, Certificate) is called with an alias that is the string form of incrementing non-negative integers starting with 0 (0, 1, 2, 3, ...).

        Example usage: 

            KeyStore keyStore = SecurityUtils.getJavaKeyStore();
    SecurityUtils.loadKeyStoreFromCertificates(keyStore, SecurityUtils.getX509CertificateFactory(),
        new FileInputStream(pemFile));
        Parameters:
        keyStore - key store (for example getJavaKeyStore())
        certificateFactory - certificate factory (for example getX509CertificateFactory())
        certificateStream - certificate stream
        Throws:
        java.security.GeneralSecurityException