Tuesday, March 28, 2017

Connecting to KSS keystore to get Public/Private Key

1- Add permission to Jazn-data file indicating the strip and keystore name info 

oracle.security.jps.service.keystore.
KeyStoreAccessPermission

stripeName=system,keystoreName=*,alias=*
read,write,update,delete

2-  Use the following code to connect to key store to get certificate information a KeyPair object can be used to wrap public/private keys. You need to run this from weblogic application

public void run()
    throws JpsException {
    System.out.println(".... Reading KSS ...!");
    JpsStartup startup=new JpsStartup();
    startup.start();
    JpsContext ctx =  
     JpsContextFactory.getContextFactory().getContext();
    KeyStoreService kss = ctx.getServiceInstance(KeyStoreService.class);
    java.security.KeyStore.ProtectionParameter pwd =
    new java.security.KeyStore.PasswordProtection("password".toCharArray());
    java.security.KeyStore keyStore =
         kss.getKeyStore("system""demoidentity", pwd);
    try {
        Enumeration aliases = keyStore.aliases();
        while(aliases.hasMoreElements()){
        System.out.println(aliases.nextElement());
        }
        Key key=
        keyStore.getKey("DemoIdentity""password".toCharArray());
        System.out.println(key.getFormat());
        System.out.println(key.toString());
        RSAPrivateCrtKeyImpl key1=(RSAPrivateCrtKeyImpl)key;
        System.out.println(key1.toString());
        BASE64Encoder base64 = new BASE64Encoder();
        String privateKey=base64.encodeBuffer(key1.getEncoded());
        System.out.println("PRIVATE KEY:");
        System.out.println(privateKey);
        System.out.println("__________________________");
        X509Certificate certificate = 
           (X509Certificate)keyStore.getCertificate("DemoIdentity");
        System.out.println(certificate.getPublicKey());
    catch (Exception e) {
        e.printStackTrace();
    }
    System.out.println(".... exit ....!");
}