Examples with CertificateAndKey com.fathomdb.crypto.CertificateAndKey used on opensource projects

Search in sources :

Example 1 with CertificateAndKey

use of com.fathomdb.crypto.CertificateAndKey in project platformlayer by platformlayer.

the class OpsSystem method getServerTrustKeys.

public List<String> getServerTrustKeys() throws OpsException {
    if (trustKeys == null) {
        CertificateAndKey certificateAndKey = encryptionStore.getCertificateAndKey("https");
        List<String> trustKeys = Lists.newArrayList();
        for (X509Certificate certificate : certificateAndKey.getCertificateChain()) {
            PublicKey publicKey = certificate.getPublicKey();
            trustKeys.add(OpenSshUtils.getSignatureString(publicKey));
        }
        this.trustKeys = Optional.of(trustKeys);
    }
    return trustKeys.orNull();
}
Also used : PublicKey(java.security.PublicKey) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) X509Certificate(java.security.cert.X509Certificate)

Example 2 with CertificateAndKey

use of com.fathomdb.crypto.CertificateAndKey in project platformlayer by platformlayer.

the class DirectoryEncryptionStore method getCertificateAndKey.

@Override
public CertificateAndKey getCertificateAndKey(String alias) {
    CertificateAndKey certificateAndKey;
    Preconditions.checkNotNull(alias);
    // Path to file
    File certPath = new File(base, alias + ".crt");
    List<X509Certificate> certificate;
    try {
        certificate = CertificateUtils.fromPem(certPath);
    } catch (IOException e) {
        throw new IllegalArgumentException("Error reading certificate: " + certPath, e);
    }
    File keyPath = new File(base, alias + ".key");
    PrivateKey privateKey;
    try {
        privateKey = PrivateKeys.fromPem(keyPath);
    } catch (IOException e) {
        throw new IllegalArgumentException("Error reading private key: " + keyPath, e);
    }
    certificateAndKey = new SimpleCertificateAndKey(certificate, privateKey);
    return certificateAndKey;
}
Also used : SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) PrivateKey(java.security.PrivateKey) IOException(java.io.IOException) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) File(java.io.File) X509Certificate(java.security.cert.X509Certificate)

Example 3 with CertificateAndKey

use of com.fathomdb.crypto.CertificateAndKey in project platformlayer by platformlayer.

the class PlatformLayerAuthAdminClient method build.

public static AuthenticationTokenValidator build(HttpStrategy httpStrategy, Configuration configuration, EncryptionStore encryptionStore) throws OpsException {
    String keystoneServiceUrl = configuration.lookup("auth.system.url", "https://127.0.0.1:" + WellKnownPorts.PORT_PLATFORMLAYER_AUTH_ADMIN + "/");
    String cert = configuration.get("auth.system.tls.clientcert");
    CertificateAndKey certificateAndKey = encryptionStore.getCertificateAndKey(cert);
    HostnameVerifier hostnameVerifier = null;
    KeyManager keyManager = new SimpleClientCertificateKeyManager(certificateAndKey);
    TrustManager trustManager = null;
    String trustKeys = configuration.lookup("auth.system.ssl.keys", null);
    if (trustKeys != null) {
        trustManager = new PublicKeyTrustManager(Splitter.on(',').trimResults().split(trustKeys));
        hostnameVerifier = new AcceptAllHostnameVerifier();
    }
    if (log.isDebugEnabled() && certificateAndKey != null) {
        X509Certificate[] chain = certificateAndKey.getCertificateChain();
        log.debug("Using client cert for PL auth: " + Joiner.on(",").join(chain));
    }
    SslConfiguration sslConfiguration = new SslConfiguration(keyManager, trustManager, hostnameVerifier);
    RestfulClient restfulClient = new JreRestfulClient(httpStrategy, keystoneServiceUrl, sslConfiguration);
    AuthenticationTokenValidator tokenValidator = new PlatformLayerAuthAdminClient(restfulClient);
    tokenValidator = new CachingAuthenticationTokenValidator(tokenValidator);
    return tokenValidator;
}
Also used : SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager) AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator) RestfulClient(org.platformlayer.rest.RestfulClient) JreRestfulClient(org.platformlayer.rest.JreRestfulClient) X509Certificate(java.security.cert.X509Certificate) AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier) HostnameVerifier(javax.net.ssl.HostnameVerifier) TrustManager(javax.net.ssl.TrustManager) PublicKeyTrustManager(com.fathomdb.crypto.ssl.PublicKeyTrustManager) AcceptAllHostnameVerifier(com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier) JreRestfulClient(org.platformlayer.rest.JreRestfulClient) SslConfiguration(org.platformlayer.http.SslConfiguration) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) SimpleClientCertificateKeyManager(com.fathomdb.crypto.SimpleClientCertificateKeyManager) KeyManager(javax.net.ssl.KeyManager)

Example 4 with CertificateAndKey

use of com.fathomdb.crypto.CertificateAndKey in project platformlayer by platformlayer.

the class PkiServiceImpl method signCsr.

@Override
public List<X509Certificate> signCsr(ProjectEntity project, String csr) throws OpsException {
    CertificateAndKey projectPki;
    try {
        projectPki = repository.getProjectPki(project);
    } catch (RepositoryException e) {
        throw new OpsException("Error getting project PKI info", e);
    }
    SimpleCertificateAuthority ca = new SimpleCertificateAuthority();
    ca.caCertificate = projectPki.getCertificateChain();
    ca.caPrivateKey = projectPki.getPrivateKey();
    X509Certificate certificate = ca.signCsr(csr);
    List<X509Certificate> chain = Lists.newArrayList();
    chain.add(certificate);
    for (X509Certificate cert : projectPki.getCertificateChain()) {
        chain.add(cert);
    }
    return chain;
}
Also used : OpsException(org.platformlayer.ops.OpsException) SimpleCertificateAuthority(org.platformlayer.crypto.SimpleCertificateAuthority) RepositoryException(org.platformlayer.RepositoryException) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) X509Certificate(java.security.cert.X509Certificate)

Example 5 with CertificateAndKey

use of com.fathomdb.crypto.CertificateAndKey in project platformlayer by platformlayer.

the class StandaloneXaasWebserver method start.

public boolean start() throws Exception {
    LogbackHook.attachToRootLogger();
    this.server = new Server();
    {
        SslContextFactory sslContextFactory = new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH);
        {
            CertificateAndKey certificateAndKey = encryptionStore.getCertificateAndKey("https");
            String secret = KeyStoreUtils.DEFAULT_KEYSTORE_SECRET;
            KeyStore keystore = KeyStoreUtils.createEmpty(secret);
            String alias = "https";
            KeyStoreUtils.put(keystore, alias, certificateAndKey, secret);
            sslContextFactory.setKeyStore(keystore);
            sslContextFactory.setKeyStorePassword(secret);
            sslContextFactory.setCertAlias(alias);
        }
        // TODO: Preconfigure a better SSLContext??
        SSLContext sslContext = SSLContext.getDefault();
        sslContextFactory.setIncludeCipherSuites(SslPolicy.DEFAULT.getEngineConfig(sslContext).getEnabledCipherSuites());
        sslContextFactory.setIncludeProtocols(SslPolicy.DEFAULT.getEngineConfig(sslContext).getEnabledProtocols());
        SslSelectChannelConnector connector = new SslSelectChannelConnector(sslContextFactory);
        connector.setPort(PORT);
        String host = configuration.lookup("http.host", null);
        if (host != null) {
            connector.setHost(host);
        }
        server.setConnectors(new Connector[] { connector });
    }
    ContextHandlerCollection contexts = new ContextHandlerCollection();
    {
        ServletContextHandler context = new ServletContextHandler(contexts, "/api");
        // context.setContextPath("/");
        context.addEventListener(guiceServletConfig);
        // Must add DefaultServlet for embedded Jetty
        // Failing to do this will cause 404 errors.
        context.addServlet(DefaultServlet.class, "/");
        FilterHolder filterHolder = new FilterHolder(GuiceFilter.class);
        context.addFilter(filterHolder, "*", EnumSet.of(DispatcherType.REQUEST));
        context.setClassLoader(Thread.currentThread().getContextClassLoader());
    }
    for (Entry<String, File> entry : wars.entrySet()) {
        String contextPath = entry.getKey();
        File war = entry.getValue();
        WebAppContext context = new WebAppContext();
        context.setWar(war.getAbsolutePath());
        context.setContextPath(contextPath);
        context.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
        context.addFilter(GwtCacheHeaderFilter.class, "/*", EnumSet.of(DispatcherType.REQUEST));
        contexts.addHandler(context);
    }
    server.setHandler(contexts);
    server.addLifeCycleListener(new CloseOnFailLifecycleListener());
    server.start();
    if (!server.isStarted()) {
        return false;
    }
    if (configuration.lookup("jobrunner.enabled", true)) {
        scheduler.start();
        jobPoller.start();
    }
    return true;
}
Also used : SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) Connector(org.eclipse.jetty.server.Connector) FilterHolder(org.eclipse.jetty.servlet.FilterHolder) Server(org.eclipse.jetty.server.Server) ContextHandlerCollection(org.eclipse.jetty.server.handler.ContextHandlerCollection) SSLContext(javax.net.ssl.SSLContext) KeyStore(java.security.KeyStore) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) WebAppContext(org.eclipse.jetty.webapp.WebAppContext) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) GuiceFilter(com.google.inject.servlet.GuiceFilter) DefaultServlet(org.eclipse.jetty.servlet.DefaultServlet) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) File(java.io.File)

Aggregations

CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)9 X509Certificate (java.security.cert.X509Certificate)6 SimpleCertificateAndKey (com.fathomdb.crypto.SimpleCertificateAndKey)3 File (java.io.File)3 IOException (java.io.IOException)2 PrivateKey (java.security.PrivateKey)2 RepositoryException (org.platformlayer.RepositoryException)2 OpsException (org.platformlayer.ops.OpsException)2 SimpleClientCertificateKeyManager (com.fathomdb.crypto.SimpleClientCertificateKeyManager)1 AcceptAllHostnameVerifier (com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)1 PublicKeyTrustManager (com.fathomdb.crypto.ssl.PublicKeyTrustManager)1 JdbcTransaction (com.fathomdb.jdbc.JdbcTransaction)1 GuiceFilter (com.google.inject.servlet.GuiceFilter)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyStore (java.security.KeyStore)1 PublicKey (java.security.PublicKey)1 SQLException (java.sql.SQLException)1 HostnameVerifier (javax.net.ssl.HostnameVerifier)1 KeyManager (javax.net.ssl.KeyManager)1 SSLContext (javax.net.ssl.SSLContext)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial