API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 11th, 2017
258
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.02 KB | None | 0 0
raw download clone embed print report
  1. package com.ibm.cics.perf.ssl;
  2.  
  3. import java.io.IOException;
  4. import java.io.PrintStream;
  5. import java.security.KeyStore;
  6. import java.security.KeyStoreException;
  7. import java.security.NoSuchAlgorithmException;
  8. import java.security.Provider;
  9. import java.security.Security;
  10. import java.security.cert.Certificate;
  11. import java.security.cert.CertificateException;
  12. import java.security.cert.X509Certificate;
  13. import java.util.Date;
  14. import java.util.Enumeration;
  15.  
  16. import javax.net.ssl.TrustManagerFactory;
  17. import javax.security.auth.x500.X500Principal;
  18.  
  19. import com.ibm.crypto.provider.RACFInputStream;
  20.  
  21.  
  22. public class RacfCertificateManipulation
  23. {
  24.  
  25. private final PrintStream out;
  26.  
  27.  
  28. public RacfCertificateManipulation(PrintStream ps)
  29. {
  30. // Save the supplied output stream
  31. this.out = ps;
  32. }
  33.  
  34.  
  35.  
  36. public static void main(String[] args) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException
  37. {
  38. /*
  39. * Part I - programmatic access
  40. */
  41.  
  42. // Common constants
  43. final String username = "IBURNET";
  44. final String keyring = "IAN-BURNETT";
  45. final String alias = "Ian Burnett CA";
  46.  
  47. // Create a new instance with the correct output
  48. RacfCertificateManipulation racf = new RacfCertificateManipulation(System.out);
  49.  
  50. // List out all of the providers available to us
  51. racf.listProviders();
  52.  
  53. // Get hold of the KeyStore object based on our RACF username and keyring
  54. KeyStore ks = racf.getRacfKeyStore(username, keyring);
  55.  
  56. // List all certificates
  57. racf.displayAllAliases(ks);
  58.  
  59. // Lookup the certificate in the keystore
  60. Certificate cert = ks.getCertificate(alias);
  61.  
  62. // Display
  63. racf.displayCertificate(alias, cert);
  64.  
  65. /*
  66. * Part II - system properties.
  67. */
  68.  
  69. // Create a TrustManagerFactory using just system properties
  70. racf.doSystemProperties();
  71. }
  72.  
  73.  
  74.  
  75. /**
  76. * Outputs a list of installed security providers.
  77. */
  78. private void listProviders()
  79. {
  80. // Start of list marker
  81. this.out.println("Available providers:");
  82.  
  83. // Get hold of the list
  84. Provider[] providers = Security.getProviders();
  85. for ( Provider p : providers ) {
  86. this.out.println(" " + p.toString());
  87. }
  88.  
  89. // End of list
  90. this.out.println("----");
  91. }
  92.  
  93.  
  94. public KeyStore getRacfKeyStore(String username, String keyring) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
  95. {
  96. // The KeyStore we need
  97. String racfKS = "JCERACFKS";
  98.  
  99. // Use empty array as password for accessing RACF
  100. String password = "";
  101. char[] chPassword = password.toCharArray();
  102.  
  103. // Simple message
  104. this.out.println("Searching for KeyStore : " + racfKS);
  105.  
  106. // Get an instance of the KeyStore
  107. KeyStore ks = KeyStore.getInstance(racfKS);
  108. if ( ks != null ) {
  109. this.out.println(" Found KeyStore in provider " + ks.getProvider());
  110. }
  111.  
  112. // Use a RACFInputStream to load the KeyStore instance
  113. RACFInputStream inputStream = new RACFInputStream(username, keyring, chPassword);
  114. ks.load(inputStream, chPassword);
  115. this.out.println(" Loaded KeyStore with size " + ks.size());
  116.  
  117. // Final message
  118. this.out.println("----");
  119.  
  120. // Return the KeyStore to the caller
  121. return ks;
  122. }
  123.  
  124. /**
  125. * Displays all the aliases found in the supplied KeyStore.
  126. *
  127. * @param ks
  128. * @throws KeyStoreException
  129. */
  130. private void displayAllAliases(KeyStore ks) throws KeyStoreException
  131. {
  132. // Opening message
  133. this.out.println("Aliases found in KeyStore:");
  134.  
  135. // Get all the aliases
  136. Enumeration<String> enumAliases = ks.aliases();
  137. while ( enumAliases.hasMoreElements() ) {
  138.  
  139. // Simple display
  140. String alias = enumAliases.nextElement();
  141. this.out.println(" " + alias);
  142. }
  143.  
  144. // Closing message
  145. this.out.println("----");
  146. }
  147.  
  148. /**
  149. * Displays a certificate with the specified alias in the given KeyStore.
  150. *
  151. * @param ks
  152. * @param alias
  153. * @param debug
  154. *
  155. * @throws KeyStoreException
  156. */
  157. private void displayCertificate(String alias, Certificate cert) throws KeyStoreException
  158. {
  159. // Status message
  160. this.out.println("Certificate with alias \"" + alias + "\":");
  161.  
  162. // Indent to add before each line
  163. String indent = " ";
  164.  
  165. // Check this has been found
  166. if ( cert == null ) {
  167. // Nope
  168. this.out.println(indent + "<Not found>");
  169. }
  170. else if ( cert instanceof X509Certificate ) {
  171.  
  172. // Convenience cast
  173. X509Certificate x509 = (X509Certificate) cert;
  174.  
  175. // Get something to print
  176. X500Principal principal = x509.getSubjectX500Principal();
  177. Date notAfter = x509.getNotAfter();
  178. this.out.println(indent + principal);
  179. this.out.println(indent + "Not valid after " + notAfter);
  180. }
  181. else {
  182. // Unrecognised type
  183. this.out.println(indent + "Not a recognised type : " + cert.getType());
  184. }
  185.  
  186. // End of message
  187. this.out.println("----");
  188. }
  189.  
  190.  
  191. private void doSystemProperties() throws NoSuchAlgorithmException, KeyStoreException
  192. {
  193. /*
  194. * The following properties should be set to the correct values in your JVM profile.
  195. * The code below sets them programmatically to show golden path.
  196. */
  197.  
  198. // *MUST* specify this system property to resolve the safkeyring:// protocol
  199. System.setProperty("java.protocol.handler.pkgs", "com.ibm.crypto.provider");
  200.  
  201. // Specify this system property to say we want a RACF KeyStore
  202. System.setProperty("javax.net.ssl.trustStoreType","JCERACFKS");
  203.  
  204. // Specify this system property to specify the username and keyring
  205. // Alternative syntax: "safkeyring://USER1/IAN-BURNETT" to use another user's keyring (subject to RACF restrictions)
  206. System.setProperty("javax.net.ssl.trustStore","safkeyring:///IAN-BURNETT");
  207.  
  208. // Password for RACF access is always empty - don't really need this property
  209. System.setProperty("javax.net.ssl.trustStorePassword", "");
  210.  
  211. // Simple message
  212. this.out.println("Creating and initialising TrustManagerFactory");
  213.  
  214. // Create a TrustManagerFactory instance
  215. TrustManagerFactory tmf = TrustManagerFactory.getInstance("IbmX509");
  216.  
  217. // If this call completes successfully, you should be fully working
  218. tmf.init((KeyStore) null);
  219. this.out.println(" " + tmf);
  220. this.out.println("----");
  221. }
  222. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!