iaik.utils

Class KeyAndCertificate

java.lang.Object

iaik.utils.KeyAndCertificate

public class KeyAndCertificate
extends java.lang.Object

A simple class for storing a private key and a certificate chain in one file.

The private key typically will be the private key belonging to the end entity's public key being certified by the certificate located at the first position of the chain (e.g.. chain[0]).

This class may be used to build a KeyAndCertificate structure from given private key and certificate chain, to store this structure in a file using DER or PEM encoding, and to read in private key and certificate chain from the file again.

Assuming to already have created a X509Certificate chain and a private key, the following proceeding may be chosen for create a KeyAndCertificate structure, save it to a file and read in the contents again:

 // create a <code>KeyAndCertificate</code> structure from given private key and
 // certificate chain and save it to a file using DER encoding:
 KeyAndCertificate keyAndCert = new KeyAndCertificate(private_key, cert_chain);
 keyAndCert.saveTo("key_and_cert.der", ASN1.DER);
 // read in from file again:
 KeyAndCertificate key_and_cert = new KeyAndCertificate("key_and_cert.der");
 // obtain the private key:
 PrivateKey priv_key = key_and_cert.getPrivateKey();
 // obtain the certificate chain:
 X509Certificate[] chain = key_and_cert.getCertificateChain();
 

Version:

File Revision 20

Constructor Summary

Constructors

Constructor and Description
KeyAndCertificate(byte[] bytes) Creates a KeyAndCertificate object from the given byte array.
KeyAndCertificate(java.io.InputStream in) Creates a KeyAndCertificate object from the given InputStream.
KeyAndCertificate(java.security.PrivateKey privateKey, X509Certificate[] certificateChain) Creates a KeyAndCertificate object from given private key and X509 certificate chain.
KeyAndCertificate(java.lang.String fileName) Creates a KeyAndCertificate object from a given file.

Method Summary

Methods

Modifier and Type	Method and Description
java.security.PrivateKey	decrypt(char[] password) Decrypts the private key in this KeyAndCertificate with the given password.
void	encrypt(char[] password, AlgorithmID encryptionAlgorithm, java.security.SecureRandom random) Encrypt the private key with the specified password, the encryption algorithm and the specified random number generated.
boolean	equals(java.lang.Object obj) Tests if the given object is equal to this KeyAndCertificate.
X509Certificate[]	getCertificateChain() Gets the certificate chain from this KeyAndCertificate object.
java.security.PrivateKey	getPrivateKey() Gets the private key from this KeyAndCertificate object.
int	hashCode() Gets a hashcode for this object.
boolean	isEncrypted() Test whether this KeyAndCertificate object contains an encrypted private key.
void	saveTo(java.lang.String fileName, int format) Saves the private key and the certificate chain to a file using DER or PEM encoding.
void	writeTo(java.io.OutputStream os, int format) Write the private key and the certificate chain to an OutputStream.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyAndCertificate

public KeyAndCertificate(java.lang.String fileName)
                  throws java.io.IOException

Creates a KeyAndCertificate object from a given file.

The given file supplies the KeyAndCertificate structure in DER or PEM encoding format., e.g.:

KeyAndCertificate key_and_cert = new KeyAndCertificate("key_and_cert.der");

Parameters:

fileName - the name of the DER or PEM file from where to read in private key and certificate chain

Throws:

java.io.IOException - if an error occurs when reading from the file

KeyAndCertificate

public KeyAndCertificate(java.io.InputStream in)
                  throws java.io.IOException

Creates a KeyAndCertificate object from the given InputStream.

Throws:

java.io.IOException

KeyAndCertificate

public KeyAndCertificate(byte[] bytes)
                  throws java.io.IOException

Creates a KeyAndCertificate object from the given byte array.

Throws:

java.io.IOException

KeyAndCertificate

public KeyAndCertificate(java.security.PrivateKey privateKey,
                 X509Certificate[] certificateChain)

Creates a KeyAndCertificate object from given private key and X509 certificate chain.

Parameters:

privateKey - the private key

certificateChain - the X509 certificate chain (not cloned)

Method Detail

getCertificateChain

public X509Certificate[] getCertificateChain()

Gets the certificate chain from this KeyAndCertificate object.

Returns:

the X509 certifcate chain (not cloned)

getPrivateKey

public java.security.PrivateKey getPrivateKey()

Gets the private key from this KeyAndCertificate object.

Returns:

the private key

hashCode

public int hashCode()

Gets a hashcode for this object.

Overrides:

hashCode in class java.lang.Object

Returns:

the hashcode

equals

public boolean equals(java.lang.Object obj)

Tests if the given object is equal to this KeyAndCertificate.

Overrides:

equals in class java.lang.Object

Parameters:

obj - the object to be compared with this KeyAndCertificate

Returns:

true if the two objects are equal, false if they are not equal

writeTo

public void writeTo(java.io.OutputStream os,
           int format)
             throws java.io.IOException

Write the private key and the certificate chain to an OutputStream. For more info saveTo().

Throws:

java.io.IOException

saveTo

public void saveTo(java.lang.String fileName,
          int format)
            throws java.io.IOException

Saves the private key and the certificate chain to a file using DER or PEM encoding.

For instance:

 KeyAndCertificate keyAndCert = new KeyAndCertificate(private_key, cert_chain);
 keyAndCert.saveTo("key_and_cert.der", ASN1.DER);
 

Parameters:

fileName - the name of the file where the data shall be written to

format - the saving format (ASN1.DER or ASN1.PEM)

Throws:

java.io.IOException

isEncrypted

public boolean isEncrypted()

Test whether this KeyAndCertificate object contains an encrypted private key.

Returns:

true if the private key is encrypted (EncryptedPrivateKeyInfo)

encrypt

public void encrypt(char[] password,
           AlgorithmID encryptionAlgorithm,
           java.security.SecureRandom random)
             throws java.security.NoSuchAlgorithmException

Encrypt the private key with the specified password, the encryption algorithm and the specified random number generated. If encryptionAlgorithm is null TripleDES will be used, if random is null a new instance will be generated via SecRandom. This method does nothing if the private key is already encrypted.

Throws:

java.security.NoSuchAlgorithmException

decrypt

public java.security.PrivateKey decrypt(char[] password)
                                 throws java.security.NoSuchAlgorithmException

Decrypts the private key in this KeyAndCertificate with the given password. If the private key already was decrypted, it is returned immediately. Note that it is changed in this object, later calls to getPrivatKey() will return the decrypted key.

Returns:

the decrypted key or null if the decryption process fails

Throws:

java.security.NoSuchAlgorithmException - if the key or key- encryption algorithm is not supported