import com.ibm.security.keystoreski.KeyStoreSKIFactory;
import com.ibm.security.keystoreski.SKIDefinitionFactory;
import com.ibm.security.keystoreski.KeyStoreSKI;
import com.ibm.security.keystoreski.SKIDefinition;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.io.InputStream;
import java.io.FileInputStream;
import java.io.IOException;
public final class Sample
{
private Sample() throws UnsupportedOperationException
{
throw new UnsupportedOperationException();
}
public static void main(final String... args) throws
KeyStoreException,
IOException,
NoSuchAlgorithmException,
CertificateException
{
if(args.length < 3)
{
System.out.println("Enter 3 command line arguments: <path-to-java-keystore> <keystore-password>
<base 64 formatted SKI string");
}
else
{
final String filename = args[0];
final KeyStore ks = KeyStore.getInstance("JKS");
final InputStream in = new FileInputStream(filename);
try
{
final char[] password = args[1].toCharArray();
ks.load(in, password);
// Construct a KeyStoreSKI to operate on the KeyStore.
final KeyStoreSKI kss = KeyStoreSKIFactory.newKeyStoreSKI(ks);
// The subject key identifier that is going to be the search criteria.
It should be in Base64 format.
String ski = args[2];
// The definition of how to obtain the Subject Key Identifier from the each entry in the key store.
// It is defined by first inspecting the extension field (2.5.29.14), and if that fails, generating the
// SHA-1 hash of the public key
as specified in RFC 3280 Section 4.2.1.2.
final SKIDefinition definition1 = SKIDefinitionFactory.newX509ExtensionSKIDefinition();
final SKIDefinition definition2 = SKIDefinitionFactory.newSHA1PublicKeySKIDefinition();
final SKIDefinition definition = SKIDefinitionFactory.newCompositeSKIDefinition();
// Obtain the first alias associated with an end entity certificate that matches the Subject Key Identifier criteria
// with the given Subject Key Identifier definition.
final String alias = kss.getAlias(ski,
definition );
// Obtain the first Certificate associated with an end entity certificate that matches the Subject Key Identifier
// criteria with the given Subject Key Identifier definition.
final Certificate
certificate = kss.getCertificate(ski, definition );
// Obtain the first private key with an end entity certificate that matches the Subject Key Identifier
// criteria with the given Subject Key Identifier definition.
final PrivateKey privateKey = kss.getPrivateKey(ski,
definition, password);
// Output the alias.
System.out.println(alias);
// Output the public key in hexadecimal.
System.out.println(certificate.getPublicKey().toString());
// Output the private key in hexadecimal.
if (privateKey != null )
{
System.out.println(privateKey.toString);
}
}
finally
{
in.close();
}
}
}
}
|