Skip to main content
Skip table of contents

KeystoreService

Name

KeystoreService

Class Path

be.securit.trustbuilder.service.KeystoreService

Versions

9 10 11

Overview

The KeystoreService class provides functionality for managing cryptographic keystores, handling certificates, and retrieving remote server certificates over SSL/TLS.

Available Methods

Initialize Keystore

void begin(String path, String password)

Loads and initializes a keystore from the specified path.

  • Parameters:

    • path (String): Path to the keystore file (.jks, .p12, or .pkcs12).

    • password (String): Password to access the keystore.

  • Throws:

    • KeyStoreException: If the keystore cannot be loaded or is not supported.

Retrieve a Certificate

String getCertificate(String alias)

Retrieves a certificate from the keystore and returns it as a PEM-encoded string.

  • Parameters:

    • alias (String): The alias of the certificate in the keystore.

  • Returns:

    • String: PEM-formatted certificate.

  • Throws:

    • KeyStoreException: If the certificate cannot be retrieved.

Retrieve Public Key

String getPublicKey(String alias)

Retrieves the public key from a certificate stored in the keystore.

  • Parameters:

    • alias (String): The alias of the certificate.

  • Returns:

    • String: Base64-encoded public key.

  • Throws:

    • KeyStoreException: If the public key cannot be retrieved.

Store a Certificate

void setCertificate(String alias, String pemFile)

Stores a certificate into the keystore.

  • Parameters:

    • alias (String): The alias under which the certificate will be stored.

    • pemFile (String): PEM-formatted certificate.

  • Throws:

    • CertificateException: If the certificate is invalid.

    • KeyStoreException: If storing the certificate fails.

Load Remote Certificates

void loadRemoteCertificates(String host, int port)

Retrieves and stores certificates from a remote server.

  • Parameters:

    • host (String): The hostname of the remote server.

    • port (int): The port number (typically 443 for HTTPS).

  • Throws:

    • KeyStoreException: If an error occurs while storing the remote certificates.

Retrieve Remote Server Certificates

List<X509Certificate> getRemoteCertificates(String host, int port)

Retrieves the certificates from a remote server over SSL/TLS.

  • Parameters:

    • host (String): The remote server's hostname.

    • port (int): The port number (typically 443).

  • Returns:

    • List<X509Certificate>: A list of certificates from the remote server.

  • Throws:

    • RuntimeException: If an error occurs during SSL handshake.

Commit Keystore Changes

void commit()

Saves changes made to the keystore.

  • Throws:

    • KeyStoreException: If the keystore cannot be saved.

Inner Class: X509Retriever

This is an internal class responsible for extracting SSL/TLS certificates from a remote server during the handshake process.

  • Implements X509TrustManager to retrieve and store server certificates.

  • Used in getRemoteCertificates(String host, int port) to fetch and return server certificates.

Security Considerations

  • Ensure the keystore password is securely stored.

  • Validate certificates before adding them to the keystore.

  • Only trust certificates from known and verified sources.

  • When retrieving remote certificates, ensure the server is trusted before storing them.

The KeystoreService provides essential functionality for managing keystores and handling certificates, ensuring secure storage and retrieval of cryptographic materials.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close