Package com.vmware.sso.client.utils

Class SecurityUtil

  • public class SecurityUtil
extends java.lang.Object
    Use this utility class to load the private key and corresponding certificate chain from either a java keystore or individual files.

    Note: This utility class is simply provided here for convenience sake. Users are free to use any other mechanism of loading the private key and certificate in java and use it.

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.security.PrivateKey getPrivateKey()  
      java.security.cert.X509Certificate getUserCert()  
      static SecurityUtil loadFromDefaultFiles()
      Load the pre-generated private keys, and the certificate from individual files.
      static SecurityUtil loadFromFiles​(java.lang.String privateKeyFileName, java.lang.String x509CertFileName)
      Load the private keys, and the certificate from individual files.
      static SecurityUtil loadFromKeystore​(java.lang.String keyStorePath, java.lang.String keyStorePassword, java.lang.String userAlias)
      Loads the keys from the keystore.

      • Methods inherited from class java.lang.Object

        equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • loadFromKeystore

        public static SecurityUtil loadFromKeystore​(java.lang.String keyStorePath,
                                            java.lang.String keyStorePassword,
                                            java.lang.String userAlias)
        Loads the keys from the keystore.

        Users can generate their own pair of private key and certificate using the keytool utility shipped with the jdk. Sample usage of the keytool to generate a pair would be as follows: 

         
  > keytool -genkey -keyalg RSA -alias sample -keystore sampleKeystore.jks -storepass sample
  What is your first and last name?
    [Unknown]:  *.vmware.com
  What is the name of your organizational unit?
    [Unknown]:  Ecosystem Engineering
  What is the name of your organization?
    [Unknown]:  VMware, Inc.
  What is the name of your City or Locality?
    [Unknown]:  Palo Alto
  What is the name of your State or Province?
    [Unknown]:  California
  What is the two-letter country code for this unit?
    [Unknown]:  US
  Is CN=*.vmware.com, OU=Ecosystem Engineering, O="VMware, Inc.", L=Palo Alto, ST=
  California, C=US correct?
    [no]:  yes

  Enter key password for <sample>
          (RETURN if same as keystore password):

        Parameters:
        keyStorePath - path to the keystore
        keyStorePassword - keystore password
        userAlias - alias that was used at the time of key generation
        Returns:

      • loadFromDefaultFiles

        public static SecurityUtil loadFromDefaultFiles()
        Load the pre-generated private keys, and the certificate from individual files.
        Returns:
        the pre-generated key/cert pair

      • loadFromFiles

        public static SecurityUtil loadFromFiles​(java.lang.String privateKeyFileName,
                                         java.lang.String x509CertFileName)
        Load the private keys, and the certificate from individual files. This method comes handy when trying to work as a solution user for e.g. vCenter server. The open source "openssl" tool can be leveraged for converting your private key into the PKCS8 format by using the following command: 
         
 openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key_file -nocrypt > pkcs8_key
        Parameters:
        privateKeyFileName - Path to the file storing the private key in PKCS8 format ONLY
        x509CertFileName - Path to the file storing the certificate in X509 format ONLY
        Returns:

      • getPrivateKey

        public java.security.PrivateKey getPrivateKey()

      • getUserCert

        public java.security.cert.X509Certificate getUserCert()