Name

global.DBKeyStore

Description

No description available

Script

var DBKeyStore = Class.create();

DBKeyStore.prototype = {
initialize : function() {
  this.fDbKeyStoreFactory = new GlideDBKeyStoreFactory();
  this.fStore;
},

loadBySysId : function (sys_id) {
  var cgr = new GlideRecord("sys_certificate");
  cgr.addQuery("sys_id", sys_id);
  cgr.query();
  if(cgr.next()) {
    return this.loadRecord(cgr);
  }

  return false;
},

loadByName : function (entryName) {
  var cgr = new GlideRecord("sys_certificate");
  cgr.addQuery("name", entryName);
  cgr.query();
  if(cgr.next()) {
    return this.loadRecord(cgr);
  }

  return false;
},

/**
 * To convert pfx files into pkcs12 keystores, follow the following steps:
 *
 * Assuming that you have a pfx (Personal Info Exchange) file that contains 
 * your CA-signed or self-signed certificate and your private key,
 *
 * [One way of getting the pfx file could be by exporting the certificate 
 * from the Microsoft Windows Certificate Mangaement console)
 *
 * 1. (If you already have a pkcs12 pem file, skip #1)
 *    openssl pkcs12 -in mypfxfile.pfx -out mypemfile.pem
 *
 * 2.
 *    openssl pkcs12 -export -in mypemfile.pem -out mykeystore.p12 -name "My Certificate"
 *
 * 3. (To verify that the keystore exists)
 * keytool -v -list -keystore mykeystore.p12 -storetype pkcs12 
 *
 */
loadRecord : function (glideRecord) {
  var type = "JKS";
  if (glideRecord.type == "pkcs12_key_store") {
    type = "PKCS12";
  } else if (glideRecord.type == "bcfks_key_store") {
    type = "bcfks";
  }

  this.fStore = Packages.java.security.KeyStore.getInstance(type);
  this.fDbKeyStoreFactory.loadKeyStore(this.fStore, glideRecord);

  return true;
},

getKey : function (alias, keyPass) {
  var keyPassword = new Packages.java.lang.String(keyPass);
  return this.fStore.getKey(alias, keyPassword.toCharArray());
},

getKeyPEM : function (alias, keyPass) {
  var key = this.getKey(alias, keyPass);
  if (key == null)
    return "";

  var b64 = new Packages.java.util.Base64.getMimeEncoder().encodeToString(key.getEncoded());
  var str = "-----BEGIN PRIVATE KEY-----\n";
  str += b64 + "\n";
  str += "-----END PRIVATE KEY-----\n";
  return str;
},

/*
 * Method to check if the current loaded keystore contains an alias
 * @param alias (string) - the alias to check in the keystore 
 * @returns true if the keystore contains the alias, false if not or if no keystore is currently loaded
 */
containsAlias : function(alias)  {
	  if (!this.fStore)
	  	return false;
	  	
    return this.fStore.containsAlias(alias);
},

listAliases : function () {
  if (this.fStore == null) {
    return;
  }

  var en = this.fStore.aliases();
  while (en.hasMoreElements()) {
    var alias = en.nextElement();

    // Does alias refer to a private key?
    if(this.fStore.isKeyEntry(alias)) {
      gs.log(alias + " (key)");
    }

    // Does alias refer to a trusted certificate?
    if(this.fStore.isCertificateEntry(alias)) {
      gs.log(alias + " (certificate)");
    }
  }
}
}

Sys ID

a6108b830a0005fc2362e14359c0fc43

Offical Documentation

Official Docs: