iaik.utils
Class KeyAndCertificate

java.lang.Object
  |
  +--iaik.utils.KeyAndCertificate

public class KeyAndCertificate

extends java.lang.Object

A simple class for storing a private key and a certificate chain in one file.

The private key typically will be the private key belonging to the end entity´s public key being certified by the certificate located at the first position of the chain (e.g.. chain[0]).

This class may be used to build a KeyAndCertificate structure from given private key and certificate chain, to store this structure in a file using DER or PEM encoding, and to read in private key and certificate chain from the file again.

Assuming to already have created a X509Certificate chain and a private key, the following proceeding may be chosen for create a KeyAndCertificate structure, save it to a file and read in the contents again:

 // create a KeyAndCertificate structure from given private key and
 // certificate chain and save it to a file using DER encoding:
 KeyAndCertificate keyAndCert = new KeyAndCertificate(private_key, cert_chain);
 keyAndCert.saveTo("key_and_cert.der", ASN1.DER);
 // read in from file again:
 KeyAndCertificate key_and_cert = new KeyAndCertificate("key_and_cert.der");
 // obtain the private key:
 PrivateKey priv_key = key_and_cert.getPrivateKey();
 // obtain the certificate chain:
 X509Certificate[] chain = key_and_cert.getCertificateChain();
 

Constructor Summary

KeyAndCertificate(byte[] bytes)
Creates a KeyAndCertificate object from the given byte array.

KeyAndCertificate(java.io.InputStream in)
Creates a KeyAndCertificate object from the given InputStream.

KeyAndCertificate(PrivateKey privateKey, X509Certificate[] certificateChain)
Creates a KeyAndCertificate object from given private key and X509 certificate chain.

KeyAndCertificate(java.lang.String fileName)
Creates a KeyAndCertificate object from a given file.

Method Summary

PrivateKey	decrypt(char[] password) Decrypts the private key in this KeyAndCertificate with the given password.
void	encrypt(char[] password, AlgorithmID encryptionAlgorithm, SecureRandom random) Encrypt the private key with the specified password, the encryption algorithm and the specified random number generated.
X509Certificate[]	getCertificateChain() Gets the certificate chain from this KeyAndCertificate object.
PrivateKey	getPrivateKey() Gets the private key from this KeyAndCertificate object.
boolean	isEncrypted() Test whether this KeyAndCertificate object contains an encrypted private key.
void	saveTo(java.lang.String fileName, int format) Saves the private key and the certificate chain to a file using DER or PEM encoding.
void	writeTo(java.io.OutputStream os, int format) Write the private key and the certificate chain to an OutputStream.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyAndCertificate

public KeyAndCertificate(java.lang.String fileName)
                  throws java.io.IOException

Creates a KeyAndCertificate object from a given file.

The given file supplies the KeyAndCertificate structure in DER or PEM encoding format., e.g.:

KeyAndCertificate key_and_cert = new KeyAndCertificate("key_and_cert.der");

Parameters:

fileName - the name of the DER or PEM file from where to read in private key and certificate chain

Throws:

java.io.IOException - if an error occurs when reading from the file

KeyAndCertificate

public KeyAndCertificate(java.io.InputStream in)
                  throws java.io.IOException

Creates a KeyAndCertificate object from the given InputStream.

KeyAndCertificate

public KeyAndCertificate(byte[] bytes)
                  throws java.io.IOException

Creates a KeyAndCertificate object from the given byte array.

KeyAndCertificate

public KeyAndCertificate(PrivateKey privateKey,
                         X509Certificate[] certificateChain)

Creates a KeyAndCertificate object from given private key and X509 certificate chain.

Parameters:

privateKey - the private key

certificateChain - the X509 certificate chain

Method Detail

getCertificateChain

public X509Certificate[] getCertificateChain()

Gets the certificate chain from this KeyAndCertificate object.

Returns:

the X509 certifcate chain

getPrivateKey

public PrivateKey getPrivateKey()

Gets the private key from this KeyAndCertificate object.

Returns:

the private key

writeTo

public void writeTo(java.io.OutputStream os,
                    int format)
             throws java.io.IOException

Write the private key and the certificate chain to an OutputStream. For more info saveTo().

saveTo

public void saveTo(java.lang.String fileName,
                   int format)
            throws java.io.IOException

Saves the private key and the certificate chain to a file using DER or PEM encoding.

For instance:

 KeyAndCertificate keyAndCert = new KeyAndCertificate(private_key, cert_chain);
 keyAndCert.saveTo("key_and_cert.der", ASN1.DER);
 

Parameters:

fileName - the name of the file where the data shall be written to

format - the saving format (ASN1.DER or ASN1.PEM)

isEncrypted

public boolean isEncrypted()

Test whether this KeyAndCertificate object contains an encrypted private key.

Returns:

true if the private key is encrypted (EncryptedPrivateKeyInfo)

encrypt

public void encrypt(char[] password,
                    AlgorithmID encryptionAlgorithm,
                    SecureRandom random)
             throws NoSuchAlgorithmException

Encrypt the private key with the specified password, the encryption algorithm and the specified random number generated. If encryptionAlgorithm is null TripleDES will be used, if random is null a new instance will be generated via SecRandom. This method does nothing if the private key is already encrypted.

decrypt

public PrivateKey decrypt(char[] password)
                   throws NoSuchAlgorithmException

Decrypts the private key in this KeyAndCertificate with the given password. If the private key already was decrypted, it is returned immediately. Note that it is changed in this object, later calls to getPrivatKey() will return the decrypted key.

Returns:

the decrypted key or null if the decryption process fails

Throws:

NoSuchAlgorithmException - if the key or key- encryption algorithm is not supported