Examples with CertificateAndKey - com.fathomdb.crypto.CertificateAndKey

Example 6 with CertificateAndKey

use of com.fathomdb.crypto.CertificateAndKey in project platformlayer by platformlayer.

the class KeyStoreEncryptionStore method getCertificateAndKey.

@Override
public CertificateAndKey getCertificateAndKey(String alias) {
    CertificateAndKey certificateAndKey;
    if (alias.startsWith("/")) {
        // Path to file
        File certPath = new File(alias + ".crt");
        List<X509Certificate> certificate;
        try {
            certificate = CertificateUtils.fromPem(certPath);
        } catch (IOException e) {
            throw new IllegalArgumentException("Error reading certificate: " + certPath, e);
        }
        File keyPath = new File(alias + ".key");
        PrivateKey privateKey;
        try {
            privateKey = PrivateKeys.fromPem(keyPath);
        } catch (IOException e) {
            throw new IllegalArgumentException("Error reading private key: " + keyPath, e);
        }
        certificateAndKey = new SimpleCertificateAndKey(certificate, privateKey);
    } else {
        String password = DEFAULT_PASSWORD;
        try {
            certificateAndKey = KeyStoreUtils.getCertificateAndKey(keyStore, alias, password);
        } catch (GeneralSecurityException e) {
            throw new IllegalArgumentException("Error reading private key", e);
        }
        if (certificateAndKey == null) {
            log.warn("Unable to find private key: " + alias);
            throw new IllegalArgumentException("Private key not found");
        }
    }
    return certificateAndKey;
}

Also used : SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) File(java.io.File) X509Certificate(java.security.cert.X509Certificate)

Example 7 with CertificateAndKey

use of com.fathomdb.crypto.CertificateAndKey in project platformlayer by platformlayer.

the class SimpleMultitenantConfiguration method build.

public static MultitenantConfiguration build(Configuration configuration, EncryptionStore encryptionStore, AuthenticationService authenticationService, AuthenticationTokenValidator authenticationTokenValidator) throws OpsException {
    String projectKey = configuration.lookup("multitenant.project", null);
    String username = configuration.lookup("multitenant.user", null);
    String password = configuration.lookup("multitenant.password", null);
    String certAlias = configuration.lookup("multitenant.cert", null);
    CertificateAndKey certificateAndKey = null;
    if (certAlias != null) {
        certificateAndKey = encryptionStore.getCertificateAndKey(certAlias);
    }
    String message = "Invalid multitenant configuration";
    if (username == null || projectKey == null) {
        throw new OpsException(message);
    }
    AuthenticationToken authn = null;
    if (certificateAndKey != null) {
        try {
            authn = authenticationService.authenticateWithCertificate(username, certificateAndKey.getPrivateKey(), certificateAndKey.getCertificateChain());
        } catch (PlatformlayerAuthenticationClientException e) {
            throw new OpsException(message, e);
        }
    } else if (password != null) {
        log.warn("Using password authentication with multitenant");
        if (!ApplicationMode.isDevelopment()) {
            throw new IllegalStateException();
        }
        try {
            authn = authenticationService.authenticateWithPassword(username, password);
        } catch (PlatformlayerAuthenticationClientException e) {
            throw new OpsException(message, e);
        }
    }
    if (authn == null) {
        throw new OpsException(message);
    }
    ProjectAuthorization authz = authenticationTokenValidator.validateToken(authn, projectKey);
    if (authz == null) {
        throw new OpsException(message);
    }
    // {
    // try {
    // project = userRepository.findProject(user, projectKey);
    // } catch (RepositoryException e) {
    // throw new OpsException(message, e);
    // }
    //
    // if (project == null) {
    // throw new OpsException(message);
    // }
    // }
    List<PlatformLayerKey> mappedItems = Lists.newArrayList();
    for (String key : Splitter.on(",").split(configuration.lookup("multitenant.keys", ""))) {
        String[] tokens = key.split("/");
        if (tokens.length != 2) {
            throw new IllegalStateException();
        }
        String serviceType = tokens[0];
        String itemType = tokens[1];
        mappedItems.add(PlatformLayerKey.fromServiceAndItem(serviceType, itemType));
    }
    if (mappedItems.isEmpty()) {
        throw new OpsException(message);
    }
    MultitenantConfiguration config = new SimpleMultitenantConfiguration(authz, mappedItems);
    return config;
}

Also used : OpsException(org.platformlayer.ops.OpsException) AuthenticationToken(org.platformlayer.auth.AuthenticationToken) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) PlatformlayerAuthenticationClientException(org.platformlayer.auth.PlatformlayerAuthenticationClientException) PlatformLayerKey(org.platformlayer.core.model.PlatformLayerKey) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) MultitenantConfiguration(org.platformlayer.ops.MultitenantConfiguration)

Example 8 with CertificateAndKey

use of com.fathomdb.crypto.CertificateAndKey in project platformlayer by platformlayer.

the class JdbcUserRepository method getProjectPki.

@Override
@JdbcTransaction
public CertificateAndKey getProjectPki(ProjectEntity project) throws RepositoryException, OpsException {
    DbHelper db = new DbHelper();
    try {
        ProjectEntity existing = findProjectByKey(db, project.getName());
        if (existing == null) {
            return null;
        }
        project.setProjectSecret(project.getProjectSecret());
        if (project.getPkiCertificate() == null) {
            // KeyPair keyPair = RsaUtils.generateRsaKeyPair();
            // SimpleCertificateAuthority ca = new SimpleCertificateAuthority();
            X500Principal subject = new X500Principal("CN=" + project.getName());
            CertificateAndKey certificateAndKey = CertificateUtils.createSelfSigned(subject, RsaUtils.DEFAULT_KEYSIZE);
            project.setPkiCertificate(certificateAndKey.getCertificateChain()[0]);
            project.setPkiPrivateKey(certificateAndKey.getPrivateKey());
            db.update(project);
        }
        X509Certificate[] certificateChain = new X509Certificate[1];
        certificateChain[0] = project.getPkiCertificate();
        CertificateAndKey certificateAndKey = new SimpleCertificateAndKey(certificateChain, project.getPkiPrivateKey());
        return certificateAndKey;
    } catch (SQLException e) {
        throw new RepositoryException("Error retrieving PKI info", e);
    } finally {
        db.close();
    }
}

Also used : SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) SQLException(java.sql.SQLException) X500Principal(javax.security.auth.x500.X500Principal) RepositoryException(org.platformlayer.RepositoryException) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) X509Certificate(java.security.cert.X509Certificate) JdbcTransaction(com.fathomdb.jdbc.JdbcTransaction)

Example 9 with CertificateAndKey

use of com.fathomdb.crypto.CertificateAndKey in project platformlayer by platformlayer.

the class MetricClientImpl method build.

public static MetricClient build(Configuration configuration, EncryptionStore encryptionStore) throws OpsException {
    if (!configuration.lookup("metrics.report.enabled", true)) {
        return new DummyMetricClient();
    }
    // String cert = configuration.get("metrics.report.ssl.cert");
    String cert = configuration.get("metrics.tls.clientcert");
    CertificateAndKey certificateAndKey = encryptionStore.getCertificateAndKey(cert);
    String project = configuration.get("metrics.report.project");
    MetricTreeObject tags = new MetricTreeObject(null);
    Map<String, String> tagProperties = configuration.getChildProperties("metrics.report.tags.");
    copyPropertiesToTree(tagProperties, tags.getSubtree("tags"));
    return build(configuration, encryptionStore, project, tags, certificateAndKey);
}

Also used : MetricTreeObject(org.platformlayer.metrics.MetricTreeObject) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey)

Aggregations

CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)9 X509Certificate (java.security.cert.X509Certificate)6 SimpleCertificateAndKey (com.fathomdb.crypto.SimpleCertificateAndKey)3 File (java.io.File)3 IOException (java.io.IOException)2 PrivateKey (java.security.PrivateKey)2 RepositoryException (org.platformlayer.RepositoryException)2 OpsException (org.platformlayer.ops.OpsException)2 SimpleClientCertificateKeyManager (com.fathomdb.crypto.SimpleClientCertificateKeyManager)1 AcceptAllHostnameVerifier (com.fathomdb.crypto.ssl.AcceptAllHostnameVerifier)1 PublicKeyTrustManager (com.fathomdb.crypto.ssl.PublicKeyTrustManager)1 JdbcTransaction (com.fathomdb.jdbc.JdbcTransaction)1 GuiceFilter (com.google.inject.servlet.GuiceFilter)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyStore (java.security.KeyStore)1 PublicKey (java.security.PublicKey)1 SQLException (java.sql.SQLException)1 HostnameVerifier (javax.net.ssl.HostnameVerifier)1 KeyManager (javax.net.ssl.KeyManager)1 SSLContext (javax.net.ssl.SSLContext)1