Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package com.ibm.cics.perf.ssl;
- import java.io.IOException;
- import java.io.PrintStream;
- import java.security.KeyStore;
- import java.security.KeyStoreException;
- import java.security.NoSuchAlgorithmException;
- import java.security.Provider;
- import java.security.Security;
- import java.security.cert.Certificate;
- import java.security.cert.CertificateException;
- import java.security.cert.X509Certificate;
- import java.util.Date;
- import java.util.Enumeration;
- import javax.net.ssl.TrustManagerFactory;
- import javax.security.auth.x500.X500Principal;
- import com.ibm.crypto.provider.RACFInputStream;
- public class RacfCertificateManipulation
- {
- private final PrintStream out;
- public RacfCertificateManipulation(PrintStream ps)
- {
- // Save the supplied output stream
- this.out = ps;
- }
- public static void main(String[] args) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException
- {
- /*
- * Part I - programmatic access
- */
- // Common constants
- final String username = "IBURNET";
- final String keyring = "IAN-BURNETT";
- final String alias = "Ian Burnett CA";
- // Create a new instance with the correct output
- RacfCertificateManipulation racf = new RacfCertificateManipulation(System.out);
- // List out all of the providers available to us
- racf.listProviders();
- // Get hold of the KeyStore object based on our RACF username and keyring
- KeyStore ks = racf.getRacfKeyStore(username, keyring);
- // List all certificates
- racf.displayAllAliases(ks);
- // Lookup the certificate in the keystore
- Certificate cert = ks.getCertificate(alias);
- // Display
- racf.displayCertificate(alias, cert);
- /*
- * Part II - system properties.
- */
- // Create a TrustManagerFactory using just system properties
- racf.doSystemProperties();
- }
- /**
- * Outputs a list of installed security providers.
- */
- private void listProviders()
- {
- // Start of list marker
- this.out.println("Available providers:");
- // Get hold of the list
- Provider[] providers = Security.getProviders();
- for ( Provider p : providers ) {
- this.out.println(" " + p.toString());
- }
- // End of list
- this.out.println("----");
- }
- public KeyStore getRacfKeyStore(String username, String keyring) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
- {
- // The KeyStore we need
- String racfKS = "JCERACFKS";
- // Use empty array as password for accessing RACF
- String password = "";
- char[] chPassword = password.toCharArray();
- // Simple message
- this.out.println("Searching for KeyStore : " + racfKS);
- // Get an instance of the KeyStore
- KeyStore ks = KeyStore.getInstance(racfKS);
- if ( ks != null ) {
- this.out.println(" Found KeyStore in provider " + ks.getProvider());
- }
- // Use a RACFInputStream to load the KeyStore instance
- RACFInputStream inputStream = new RACFInputStream(username, keyring, chPassword);
- ks.load(inputStream, chPassword);
- this.out.println(" Loaded KeyStore with size " + ks.size());
- // Final message
- this.out.println("----");
- // Return the KeyStore to the caller
- return ks;
- }
- /**
- * Displays all the aliases found in the supplied KeyStore.
- *
- * @param ks
- * @throws KeyStoreException
- */
- private void displayAllAliases(KeyStore ks) throws KeyStoreException
- {
- // Opening message
- this.out.println("Aliases found in KeyStore:");
- // Get all the aliases
- Enumeration<String> enumAliases = ks.aliases();
- while ( enumAliases.hasMoreElements() ) {
- // Simple display
- String alias = enumAliases.nextElement();
- this.out.println(" " + alias);
- }
- // Closing message
- this.out.println("----");
- }
- /**
- * Displays a certificate with the specified alias in the given KeyStore.
- *
- * @param ks
- * @param alias
- * @param debug
- *
- * @throws KeyStoreException
- */
- private void displayCertificate(String alias, Certificate cert) throws KeyStoreException
- {
- // Status message
- this.out.println("Certificate with alias \"" + alias + "\":");
- // Indent to add before each line
- String indent = " ";
- // Check this has been found
- if ( cert == null ) {
- // Nope
- this.out.println(indent + "<Not found>");
- }
- else if ( cert instanceof X509Certificate ) {
- // Convenience cast
- X509Certificate x509 = (X509Certificate) cert;
- // Get something to print
- X500Principal principal = x509.getSubjectX500Principal();
- Date notAfter = x509.getNotAfter();
- this.out.println(indent + principal);
- this.out.println(indent + "Not valid after " + notAfter);
- }
- else {
- // Unrecognised type
- this.out.println(indent + "Not a recognised type : " + cert.getType());
- }
- // End of message
- this.out.println("----");
- }
- private void doSystemProperties() throws NoSuchAlgorithmException, KeyStoreException
- {
- /*
- * The following properties should be set to the correct values in your JVM profile.
- * The code below sets them programmatically to show golden path.
- */
- // *MUST* specify this system property to resolve the safkeyring:// protocol
- System.setProperty("java.protocol.handler.pkgs", "com.ibm.crypto.provider");
- // Specify this system property to say we want a RACF KeyStore
- System.setProperty("javax.net.ssl.trustStoreType","JCERACFKS");
- // Specify this system property to specify the username and keyring
- // Alternative syntax: "safkeyring://USER1/IAN-BURNETT" to use another user's keyring (subject to RACF restrictions)
- System.setProperty("javax.net.ssl.trustStore","safkeyring:///IAN-BURNETT");
- // Password for RACF access is always empty - don't really need this property
- System.setProperty("javax.net.ssl.trustStorePassword", "");
- // Simple message
- this.out.println("Creating and initialising TrustManagerFactory");
- // Create a TrustManagerFactory instance
- TrustManagerFactory tmf = TrustManagerFactory.getInstance("IbmX509");
- // If this call completes successfully, you should be fully working
- tmf.init((KeyStore) null);
- this.out.println(" " + tmf);
- this.out.println("----");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement