EncryptionUtil.java

package com.freemindcafe.security.sample2;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStore.PasswordProtection;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;

import javax.crypto.SecretKey;

import org.eclipse.jetty.http.security.Password;

public class EncryptionUtil {
    
    public static SecretKey readKeyFromKeystore(String keyStorePath, String keyStoreType, String keyStorePassword, String keyAlias)
            throws NoSuchProviderException, KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException, CertificateException, IOException {
        
        KeyStore keystore = loadKeyStore(keyStorePath, keyStoreType, keyStorePassword);
        PasswordProtection pp = new PasswordProtection(Password.deobfuscate(keyStorePassword).toCharArray());
        
        SecretKey key = null;
        if (keystore.entryInstanceOf(keyAlias, KeyStore.SecretKeyEntry.class)) {
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry)keystore.getEntry(keyAlias, pp);
            key = secretKeyEntry.getSecretKey();
        }
        if (key == null) {
            throw new RuntimeException("No secret key with alias " + keyAlias + " found in keystore file " + keyStorePath);
        }
        return key;
    }
    
    
    public static KeyStore loadKeyStore(String keyStorePath, String keyStoreType, String keyStorePassword)
            throws CertificateException, NoSuchAlgorithmException, NoSuchProviderException, KeyStoreException, IOException {
        KeyStore keystore = KeyStore.getInstance(keyStoreType, getSupportingSecurityProvider(keyStoreType));
        keystore.load(new FileInputStream(new File(keyStorePath)), Password.deobfuscate(keyStorePassword).toCharArray());
        return keystore;
    }
    
    public static Provider getSupportingSecurityProvider(String keyStoreType) throws NoSuchProviderException {
        Provider supportingProvider = null; 
        Provider[] providers = Security.getProviders();
        if (providers != null) {
            for (Provider p : providers) {
                if (p.getService("KeyStore", keyStoreType) != null) {
                    supportingProvider = p;
                    break;
                }
            }
        }
        if (supportingProvider == null) {
            throw new NoSuchProviderException("No Security Provider supporting keystore type '"+keyStoreType+"' is available");
        }
        return supportingProvider;
    }
}