Example 1 with SimpleCertificateAndKey
use of com.fathomdb.crypto.SimpleCertificateAndKey in project platformlayer by platformlayer.
the class DirectoryEncryptionStore method getCertificateAndKey.
@Override
public CertificateAndKey getCertificateAndKey(String alias) {
CertificateAndKey certificateAndKey;
Preconditions.checkNotNull(alias);
// Path to file
File certPath = new File(base, alias + ".crt");
List<X509Certificate> certificate;
try {
certificate = CertificateUtils.fromPem(certPath);
} catch (IOException e) {
throw new IllegalArgumentException("Error reading certificate: " + certPath, e);
}
File keyPath = new File(base, alias + ".key");
PrivateKey privateKey;
try {
privateKey = PrivateKeys.fromPem(keyPath);
} catch (IOException e) {
throw new IllegalArgumentException("Error reading private key: " + keyPath, e);
}
certificateAndKey = new SimpleCertificateAndKey(certificate, privateKey);
return certificateAndKey;
}
Also used :
SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey)
PrivateKey(java.security.PrivateKey)
IOException(java.io.IOException)
CertificateAndKey(com.fathomdb.crypto.CertificateAndKey)
SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with SimpleCertificateAndKey
use of com.fathomdb.crypto.SimpleCertificateAndKey in project platformlayer by platformlayer.
the class KeyStoreEncryptionStore method getCertificateAndKey.
@Override
public CertificateAndKey getCertificateAndKey(String alias) {
CertificateAndKey certificateAndKey;
if (alias.startsWith("/")) {
// Path to file
File certPath = new File(alias + ".crt");
List<X509Certificate> certificate;
try {
certificate = CertificateUtils.fromPem(certPath);
} catch (IOException e) {
throw new IllegalArgumentException("Error reading certificate: " + certPath, e);
}
File keyPath = new File(alias + ".key");
PrivateKey privateKey;
try {
privateKey = PrivateKeys.fromPem(keyPath);
} catch (IOException e) {
throw new IllegalArgumentException("Error reading private key: " + keyPath, e);
}
certificateAndKey = new SimpleCertificateAndKey(certificate, privateKey);
} else {
String password = DEFAULT_PASSWORD;
try {
certificateAndKey = KeyStoreUtils.getCertificateAndKey(keyStore, alias, password);
} catch (GeneralSecurityException e) {
throw new IllegalArgumentException("Error reading private key", e);
}
if (certificateAndKey == null) {
log.warn("Unable to find private key: " + alias);
throw new IllegalArgumentException("Private key not found");
}
}
return certificateAndKey;
}
Also used :
SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey)
PrivateKey(java.security.PrivateKey)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
CertificateAndKey(com.fathomdb.crypto.CertificateAndKey)
SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Example 3 with SimpleCertificateAndKey
use of com.fathomdb.crypto.SimpleCertificateAndKey in project platformlayer by platformlayer.
the class ProjectContext method getProjectCredentials.
public CertificateAndKey getProjectCredentials() throws OpsException {
// OK... this is weird... we sign the project cert with the project cert.
// It sort of makes sense, in that we don't want to share the project signing cert outside the auth server
ProjectId projectId = getProjectId();
KeyPair keyPair = privateData.findKeyPair(projectId, null, METADATA_PROJECT_KEY);
List<X509Certificate> chain = privateData.findCertificate(projectId, null, METADATA_PROJECT_CERT);
if (keyPair == null) {
keyPair = RsaUtils.generateRsaKeyPair();
privateData.putKeyPair(projectId, null, METADATA_PROJECT_KEY, keyPair);
}
if (chain == null) {
AuthenticationTokenValidator authenticationTokenValidator = OpsContext.get().getInjector().getInstance(AuthenticationTokenValidator.class);
ProjectAuthorization projectAuthorization = Scope.get().get(ProjectAuthorization.class);
String projectKey = projectAuthorization.getName();
if (!projectKey.equals(projectId.getKey())) {
throw new IllegalStateException();
}
PlatformLayerAuthAdminClient adminClient = PlatformLayerAuthAdminClient.find(authenticationTokenValidator);
Csr csr = Csr.buildCsr(keyPair, getX500Principal());
chain = adminClient.signCsr(projectId.getKey(), projectAuthorization.getProjectSecret(), csr.getEncoded());
privateData.putCertificate(projectId, null, METADATA_PROJECT_CERT, chain);
}
return new SimpleCertificateAndKey(chain, keyPair.getPrivate());
}
Also used :
KeyPair(java.security.KeyPair)
SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey)
ProjectId(org.platformlayer.ids.ProjectId)
ProjectAuthorization(org.platformlayer.model.ProjectAuthorization)
AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator)
PlatformLayerAuthAdminClient(org.platformlayer.auth.system.PlatformLayerAuthAdminClient)
X509Certificate(java.security.cert.X509Certificate)
Example 4 with SimpleCertificateAndKey
use of com.fathomdb.crypto.SimpleCertificateAndKey in project platformlayer by platformlayer.
the class JdbcUserRepository method getProjectPki.
@Override
@JdbcTransaction
public CertificateAndKey getProjectPki(ProjectEntity project) throws RepositoryException, OpsException {
DbHelper db = new DbHelper();
try {
ProjectEntity existing = findProjectByKey(db, project.getName());
if (existing == null) {
return null;
}
project.setProjectSecret(project.getProjectSecret());
if (project.getPkiCertificate() == null) {
// KeyPair keyPair = RsaUtils.generateRsaKeyPair();
// SimpleCertificateAuthority ca = new SimpleCertificateAuthority();
X500Principal subject = new X500Principal("CN=" + project.getName());
CertificateAndKey certificateAndKey = CertificateUtils.createSelfSigned(subject, RsaUtils.DEFAULT_KEYSIZE);
project.setPkiCertificate(certificateAndKey.getCertificateChain()[0]);
project.setPkiPrivateKey(certificateAndKey.getPrivateKey());
db.update(project);
}
X509Certificate[] certificateChain = new X509Certificate[1];
certificateChain[0] = project.getPkiCertificate();
CertificateAndKey certificateAndKey = new SimpleCertificateAndKey(certificateChain, project.getPkiPrivateKey());
return certificateAndKey;
} catch (SQLException e) {
throw new RepositoryException("Error retrieving PKI info", e);
} finally {
db.close();
}
}
Also used :
SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey)
SQLException(java.sql.SQLException)
X500Principal(javax.security.auth.x500.X500Principal)
RepositoryException(org.platformlayer.RepositoryException)
CertificateAndKey(com.fathomdb.crypto.CertificateAndKey)
SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey)
X509Certificate(java.security.cert.X509Certificate)
JdbcTransaction(com.fathomdb.jdbc.JdbcTransaction)
Aggregations
SimpleCertificateAndKey (com.fathomdb.crypto.SimpleCertificateAndKey)4
X509Certificate (java.security.cert.X509Certificate)4
CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)3
File (java.io.File)2
IOException (java.io.IOException)2
PrivateKey (java.security.PrivateKey)2
JdbcTransaction (com.fathomdb.jdbc.JdbcTransaction)1
GeneralSecurityException (java.security.GeneralSecurityException)1
KeyPair (java.security.KeyPair)1
SQLException (java.sql.SQLException)1
X500Principal (javax.security.auth.x500.X500Principal)1
RepositoryException (org.platformlayer.RepositoryException)1
AuthenticationTokenValidator (org.platformlayer.auth.AuthenticationTokenValidator)1
PlatformLayerAuthAdminClient (org.platformlayer.auth.system.PlatformLayerAuthAdminClient)1
ProjectId (org.platformlayer.ids.ProjectId)1
ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)1
