Search in sources :

Example 1 with SimpleCertificateAndKey

use of com.fathomdb.crypto.SimpleCertificateAndKey in project platformlayer by platformlayer.

the class DirectoryEncryptionStore method getCertificateAndKey.

@Override
public CertificateAndKey getCertificateAndKey(String alias) {
    CertificateAndKey certificateAndKey;
    Preconditions.checkNotNull(alias);
    // Path to file
    File certPath = new File(base, alias + ".crt");
    List<X509Certificate> certificate;
    try {
        certificate = CertificateUtils.fromPem(certPath);
    } catch (IOException e) {
        throw new IllegalArgumentException("Error reading certificate: " + certPath, e);
    }
    File keyPath = new File(base, alias + ".key");
    PrivateKey privateKey;
    try {
        privateKey = PrivateKeys.fromPem(keyPath);
    } catch (IOException e) {
        throw new IllegalArgumentException("Error reading private key: " + keyPath, e);
    }
    certificateAndKey = new SimpleCertificateAndKey(certificate, privateKey);
    return certificateAndKey;
}
Also used : SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) PrivateKey(java.security.PrivateKey) IOException(java.io.IOException) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) File(java.io.File) X509Certificate(java.security.cert.X509Certificate)

Example 2 with SimpleCertificateAndKey

use of com.fathomdb.crypto.SimpleCertificateAndKey in project platformlayer by platformlayer.

the class KeyStoreEncryptionStore method getCertificateAndKey.

@Override
public CertificateAndKey getCertificateAndKey(String alias) {
    CertificateAndKey certificateAndKey;
    if (alias.startsWith("/")) {
        // Path to file
        File certPath = new File(alias + ".crt");
        List<X509Certificate> certificate;
        try {
            certificate = CertificateUtils.fromPem(certPath);
        } catch (IOException e) {
            throw new IllegalArgumentException("Error reading certificate: " + certPath, e);
        }
        File keyPath = new File(alias + ".key");
        PrivateKey privateKey;
        try {
            privateKey = PrivateKeys.fromPem(keyPath);
        } catch (IOException e) {
            throw new IllegalArgumentException("Error reading private key: " + keyPath, e);
        }
        certificateAndKey = new SimpleCertificateAndKey(certificate, privateKey);
    } else {
        String password = DEFAULT_PASSWORD;
        try {
            certificateAndKey = KeyStoreUtils.getCertificateAndKey(keyStore, alias, password);
        } catch (GeneralSecurityException e) {
            throw new IllegalArgumentException("Error reading private key", e);
        }
        if (certificateAndKey == null) {
            log.warn("Unable to find private key: " + alias);
            throw new IllegalArgumentException("Private key not found");
        }
    }
    return certificateAndKey;
}
Also used : SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) PrivateKey(java.security.PrivateKey) GeneralSecurityException(java.security.GeneralSecurityException) IOException(java.io.IOException) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) File(java.io.File) X509Certificate(java.security.cert.X509Certificate)

Example 3 with SimpleCertificateAndKey

use of com.fathomdb.crypto.SimpleCertificateAndKey in project platformlayer by platformlayer.

the class ProjectContext method getProjectCredentials.

public CertificateAndKey getProjectCredentials() throws OpsException {
    // OK... this is weird... we sign the project cert with the project cert.
    // It sort of makes sense, in that we don't want to share the project signing cert outside the auth server
    ProjectId projectId = getProjectId();
    KeyPair keyPair = privateData.findKeyPair(projectId, null, METADATA_PROJECT_KEY);
    List<X509Certificate> chain = privateData.findCertificate(projectId, null, METADATA_PROJECT_CERT);
    if (keyPair == null) {
        keyPair = RsaUtils.generateRsaKeyPair();
        privateData.putKeyPair(projectId, null, METADATA_PROJECT_KEY, keyPair);
    }
    if (chain == null) {
        AuthenticationTokenValidator authenticationTokenValidator = OpsContext.get().getInjector().getInstance(AuthenticationTokenValidator.class);
        ProjectAuthorization projectAuthorization = Scope.get().get(ProjectAuthorization.class);
        String projectKey = projectAuthorization.getName();
        if (!projectKey.equals(projectId.getKey())) {
            throw new IllegalStateException();
        }
        PlatformLayerAuthAdminClient adminClient = PlatformLayerAuthAdminClient.find(authenticationTokenValidator);
        Csr csr = Csr.buildCsr(keyPair, getX500Principal());
        chain = adminClient.signCsr(projectId.getKey(), projectAuthorization.getProjectSecret(), csr.getEncoded());
        privateData.putCertificate(projectId, null, METADATA_PROJECT_CERT, chain);
    }
    return new SimpleCertificateAndKey(chain, keyPair.getPrivate());
}
Also used : KeyPair(java.security.KeyPair) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) ProjectId(org.platformlayer.ids.ProjectId) ProjectAuthorization(org.platformlayer.model.ProjectAuthorization) AuthenticationTokenValidator(org.platformlayer.auth.AuthenticationTokenValidator) PlatformLayerAuthAdminClient(org.platformlayer.auth.system.PlatformLayerAuthAdminClient) X509Certificate(java.security.cert.X509Certificate)

Example 4 with SimpleCertificateAndKey

use of com.fathomdb.crypto.SimpleCertificateAndKey in project platformlayer by platformlayer.

the class JdbcUserRepository method getProjectPki.

@Override
@JdbcTransaction
public CertificateAndKey getProjectPki(ProjectEntity project) throws RepositoryException, OpsException {
    DbHelper db = new DbHelper();
    try {
        ProjectEntity existing = findProjectByKey(db, project.getName());
        if (existing == null) {
            return null;
        }
        project.setProjectSecret(project.getProjectSecret());
        if (project.getPkiCertificate() == null) {
            // KeyPair keyPair = RsaUtils.generateRsaKeyPair();
            // SimpleCertificateAuthority ca = new SimpleCertificateAuthority();
            X500Principal subject = new X500Principal("CN=" + project.getName());
            CertificateAndKey certificateAndKey = CertificateUtils.createSelfSigned(subject, RsaUtils.DEFAULT_KEYSIZE);
            project.setPkiCertificate(certificateAndKey.getCertificateChain()[0]);
            project.setPkiPrivateKey(certificateAndKey.getPrivateKey());
            db.update(project);
        }
        X509Certificate[] certificateChain = new X509Certificate[1];
        certificateChain[0] = project.getPkiCertificate();
        CertificateAndKey certificateAndKey = new SimpleCertificateAndKey(certificateChain, project.getPkiPrivateKey());
        return certificateAndKey;
    } catch (SQLException e) {
        throw new RepositoryException("Error retrieving PKI info", e);
    } finally {
        db.close();
    }
}
Also used : SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) SQLException(java.sql.SQLException) X500Principal(javax.security.auth.x500.X500Principal) RepositoryException(org.platformlayer.RepositoryException) CertificateAndKey(com.fathomdb.crypto.CertificateAndKey) SimpleCertificateAndKey(com.fathomdb.crypto.SimpleCertificateAndKey) X509Certificate(java.security.cert.X509Certificate) JdbcTransaction(com.fathomdb.jdbc.JdbcTransaction)

Aggregations

SimpleCertificateAndKey (com.fathomdb.crypto.SimpleCertificateAndKey)4 X509Certificate (java.security.cert.X509Certificate)4 CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)3 File (java.io.File)2 IOException (java.io.IOException)2 PrivateKey (java.security.PrivateKey)2 JdbcTransaction (com.fathomdb.jdbc.JdbcTransaction)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyPair (java.security.KeyPair)1 SQLException (java.sql.SQLException)1 X500Principal (javax.security.auth.x500.X500Principal)1 RepositoryException (org.platformlayer.RepositoryException)1 AuthenticationTokenValidator (org.platformlayer.auth.AuthenticationTokenValidator)1 PlatformLayerAuthAdminClient (org.platformlayer.auth.system.PlatformLayerAuthAdminClient)1 ProjectId (org.platformlayer.ids.ProjectId)1 ProjectAuthorization (org.platformlayer.model.ProjectAuthorization)1