Package ghidra.net

Class PKIUtils

java.lang.Object
ghidra.net.PKIUtils
public class PKIUtils extends Object
PKIUtils provides supporting utilities for creating and accessing X509 certificate keystore files.

  • Field Details

  • Constructor Details

    • PKIUtils

      public PKIUtils()

  • Method Details

    • getTrustManager

      public static X509TrustManager getTrustManager(File caCertsFile) throws CancelledException, GeneralSecurityException, IOException
      Establish X509TrustManager for the specified CA certificate storage.
      Parameters:
      caCertsFile - CA certificates storage file
      Returns:
      X509TrustManager
      Throws:
      CancelledException - if password entry was cancelled
      GeneralSecurityException - if error occured during truststore initialization
      IOException - if file read error occurs

    • exportX509Certificates

      public static void exportX509Certificates(Certificate[] certificates, File outFile) throws IOException, CertificateEncodingException
      Export X.509 certificates to the specified outFile.
      Parameters:
      certificates - certificates to be stored
      outFile - output file
      Throws:
      IOException - if error occurs writing to outFile
      CertificateEncodingException - if error occurs while encoding certificate data

    • createKeyStore

      public static final KeyStore createKeyStore(String alias, String dn, int durationDays, KeyStore.PrivateKeyEntry caEntry, File keyFile, String keystoreType, Collection<String> subjectAlternativeNames, char[] protectedPassphrase) throws KeyStoreException
      Generate a new X509Certificate with RSA KeyPair and create/update a KeyStore optionally backed by a keyFile.
      Parameters:
      alias - entry alias with keystore
      dn - distinguished name (e.g., "CN=Ghidra Test, O=Ghidra, OU=Test, C=US" )
      durationDays - number of days which generated certificate should remain valid
      caEntry - optional CA private key entry. If null, a self-signed CA certificate will be generated.
      keyFile - optional file to load/store resulting KeyStore (may be null)
      keystoreType - support keystore type (e.g., "JKS", "PKCS12")
      subjectAlternativeNames - an optional list of subject alternative names to be included in certificate (may be null)
      protectedPassphrase - key and keystore protection password
      Returns:
      keystore containing newly generated certification with key pair
      Throws:
      KeyStoreException - if error occurs while updating keystore

    • createKeyEntry

      public static final KeyStore.PrivateKeyEntry createKeyEntry(String alias, String dn, int durationDays, KeyStore.PrivateKeyEntry caEntry, File keyFile, String keystoreType, Collection<String> subjectAlternativeNames, char[] protectedPassphrase) throws KeyStoreException
      Generate a new X509Certificate with RSA KeyPair and create/update a KeyStore optionally backed by a keyFile.
      Parameters:
      alias - entry alias with keystore
      dn - distinguished name (e.g., "CN=Ghidra Test, O=Ghidra, OU=Test, C=US" )
      durationDays - number of days which generated certificate should remain valid
      caEntry - optional CA private key entry. If null, a self-signed CA certificate will be generated.
      keyFile - optional file to load/store resulting KeyStore (may be null)
      keystoreType - support keystore type (e.g., "JKS", "PKCS12")
      subjectAlternativeNames - an optional list of subject alternative names to be included in certificate (may be null)
      protectedPassphrase - key and keystore protection password
      Returns:
      newly generated keystore entry with key pair
      Throws:
      KeyStoreException - if error occurs while updating keystore

    • loadCertificateStore

      public static KeyStore loadCertificateStore(String certsPath) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException
      Load the all certificates from the specified certificate store in a standard X.509 form (e.g., concatenation of Base64 encoded certificates: *.pem, *.crt, *.cer, *.der) or Java JKS (*.jks) form.
      Parameters:
      certsPath - certificate(s) storage file path
      Returns:
      KeyStore containing certificates
      Throws:
      IOException - if failure occurred reading and processing keystore file.
      NoSuchAlgorithmException - if the algorithm used to check the integrity of the keystore cannot be found
      CertificateException - if any of the certificates in the keystore could not be loaded
      KeyStoreException - if a general error occurred opening/processing keystore

    • getKeyStoreInstance

      public static KeyStore getKeyStoreInstance(String keystorePath, char[] password) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException
      Attempt to load a client/server keystore in a PKCS12 form (*.p12, *.pks, *.pfx) or Java JKS (*.jks) form.
      Parameters:
      keystorePath - JKS or PKCS12 keystore file path
      password - keystore password
      Returns:
      keystore instance
      Throws:
      IOException - if failure occurred reading and processing keystore file or if the given password was incorrect. If the error is due to a wrong password, the cause of the IOException should be an UnrecoverableKeyException
      NoSuchAlgorithmException - if the algorithm used to check the integrity of the keystore cannot be found
      CertificateException - if any of the certificates in the keystore could not be loaded
      KeyStoreException - if a general error occurred opening/processing keystore

    • detectKeyStoreType

      public static String detectKeyStoreType(String keystorePath) throws IOException
      Attempt to detect PKI KeyStore type ("JKS" or "PKCS12") for the specified file.
      Parameters:
      keystorePath - key store file path
      Returns:
      "JKS", "PKCS12" or null
      Throws:
      IOException - if file read error occurs

    • logCerts

      public static void logCerts(X509Certificate[] x509Certs)
      Log all X509 certificates contained within array
      Parameters:
      x509Certs - array of certificates