com.vmware.sso.client.utils

Class SecurityUtil

java.lang.Object

com.vmware.sso.client.utils.SecurityUtil

public class SecurityUtil
extends java.lang.Object

Use this utility class to load the private key and corresponding certificate chain from either a java keystore or individual files.

Note: This utility class is simply provided here for convenience sake. Users are free to use any other mechanism of loading the private key and certificate in java and use it.

Method Summary

Methods

Modifier and Type	Method and Description
static SecurityUtil	generateKeyCertPair() Generates a new pair of private key and X509Certificate on the fly.
java.security.PrivateKey	getPrivateKey()
java.security.cert.X509Certificate	getUserCert()
static SecurityUtil	loadFromFiles(java.lang.String privateKeyFileName, java.lang.String x509CertFileName) Load the private keys, and the certificate from individual files.
static SecurityUtil	loadFromKeystore(java.lang.String keyStorePath, java.lang.String keyStorePassword, java.lang.String userAlias) Loads the keys from the keystore.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

loadFromKeystore

public static SecurityUtil loadFromKeystore(java.lang.String keyStorePath,
                            java.lang.String keyStorePassword,
                            java.lang.String userAlias)

Loads the keys from the keystore.

Users can generate their own pair of private key and certificate using the keytool utility shipped with the jdk. Sample usage of the keytool to generate a pair would be as follows:

 
  > keytool -genkey -keyalg RSA -alias sample -keystore sampleKeystore.jks -storepass sample
  What is your first and last name?
    [Unknown]:  *.vmware.com
  What is the name of your organizational unit?
    [Unknown]:  Ecosystem Engineering
  What is the name of your organization?
    [Unknown]:  VMware, Inc.
  What is the name of your City or Locality?
    [Unknown]:  Palo Alto
  What is the name of your State or Province?
    [Unknown]:  California
  What is the two-letter country code for this unit?
    [Unknown]:  US
  Is CN=*.vmware.com, OU=Ecosystem Engineering, O="VMware, Inc.", L=Palo Alto, ST=
  California, C=US correct?
    [no]:  yes

  Enter key password for <sample>
          (RETURN if same as keystore password):
 
 

Parameters:

keyStorePath - path to the keystore

keyStorePassword - keystore password

userAlias - alias that was used at the time of key generation

Returns:

loadFromFiles

public static SecurityUtil loadFromFiles(java.lang.String privateKeyFileName,
                         java.lang.String x509CertFileName)

Load the private keys, and the certificate from individual files. This method comes handy when trying to work as a solution user for e.g. vCenter server. The open source "openssl" tool can be leveraged for converting your private key into the PKCS8 format by using the following command:

 
 openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key_file -nocrypt > pkcs8_key
 
 

Parameters:

privateKeyFileName - Path to the file storing the private key in PKCS8 format ONLY

x509CertFileName - Path to the file storing the certificate in X509 format ONLY

Returns:

generateKeyCertPair

public static SecurityUtil generateKeyCertPair()

Generates a new pair of private key and X509Certificate on the fly. This method is provided only for convenience to developers. Use it at your own risk.

Returns:

getPrivateKey

public java.security.PrivateKey getPrivateKey()

getUserCert

public java.security.cert.X509Certificate getUserCert()