Package com.ibm.security.keystoreski

A package that provides utilities for extracting information from a KeyStore given a Subject Key Identifier.

See:
          Description

Interface Summary
KeyStoreSKI Provides the ability to extract information from a KeyStore given a Subject Key Identifier (SKI).
SKIDefinition Defines the process of extracting a Subject Key Identifier from a Certificate.
 

Class Summary
KeyStoreSKIFactory Constructs and returns instances of KeyStoreSKIthat provide implementations to search through a key store based on a Subject Key Identifier.
SKIDefinitionFactory Constructs and returns instances of SKIDefinition that provides implementations which are typically based on definitions of Subject Key Identifier from RFC 3280 Section 4.2.1.2.
 

Package com.ibm.security.keystoreski Description

A package that provides utilities for extracting information from a KeyStore given a Subject Key Identifier. A Subject Key Identifier is specified in RFC 3280 X.509 Public Key Infrastructure Section 4.2.1.2. A code sample follows.

import com.ibm.security.keystoreski.KeyStoreSKIFactory;
import com.ibm.security.keystoreski.SKIDefinitionFactory;
import com.ibm.security.keystoreski.KeyStoreSKI;
import com.ibm.security.keystoreski.SKIDefinition;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.IOException;

public final class Sample
{
    private Sample() throws UnsupportedOperationException
    {
        throw new UnsupportedOperationException();
    }

    public static void main(final String... args) throws
            KeyStoreException,
            IOException,
            NoSuchAlgorithmException,
            CertificateException
    {
        if(args.length < 3)
        {
            System.out.println("Enter 3 command line arguments: <path-to-java-keystore> <keystore-password> <base 64 formatted SKI string");
        }
        else
        {
            final String filename = args[0];
            final KeyStore ks = KeyStore.getInstance("JKS");
            final InputStream in = new FileInputStream(filename);

            try
            {
                final char[] password = args[1].toCharArray();

                ks.load(in, password);
                // Construct a KeyStoreSKI to operate on the KeyStore.
                final KeyStoreSKI kss = KeyStoreSKIFactory.newKeyStoreSKI(ks);
                // The subject key identifier that is going to be the search criteria. It should be in Base64 format.
                String ski = args[2];

                // The definition of how to obtain the Subject Key Identifier from the each entry in the key store.
                // It is defined by first inspecting the extension field (2.5.29.14), and if that fails, generating the
                // SHA-1 hash of the public key as specified in RFC 3280 Section 4.2.1.2.

                final SKIDefinition definition1 = SKIDefinitionFactory.newX509ExtensionSKIDefinition();

                final SKIDefinition definition2 = SKIDefinitionFactory.newSHA1PublicKeySKIDefinition();

                final SKIDefinition definition = SKIDefinitionFactory.newCompositeSKIDefinition();

                // Obtain the first alias associated with an end entity certificate that matches the Subject Key Identifier criteria
                // with the given Subject Key Identifier definition.
                final String alias = kss.getAlias(ski, definition );

                // Obtain the first Certificate associated with an end entity certificate that matches the Subject Key Identifier
                // criteria with the given Subject Key Identifier definition.
                final Certificate certificate = kss.getCertificate(ski, definition );

                // Obtain the first private key with an end entity certificate that matches the Subject Key Identifier
                // criteria with the given Subject Key Identifier definition.
                final PrivateKey privateKey = kss.getPrivateKey(ski, definition, password);

                // Output the alias.
                System.out.println(alias);

                // Output the public key in hexadecimal.
                System.out.println(certificate.getPublicKey().toString());

                // Output the private key in hexadecimal.

                if(privateKey != null)

                {
                    System.out.println(privateKey.toString);
                }

            }
            finally
            {
                in.close();
            }
        }
    }
}