Examples with PrivateKeyCallback javax.security.auth.message.callback.PrivateKeyCallback used on opensource projects

Search in sources :

Example 6 with PrivateKeyCallback

use of javax.security.auth.message.callback.PrivateKeyCallback in project Payara by payara.

the class BaseContainerCallbackHandler method processPrivateKey.

private void processPrivateKey(PrivateKeyCallback privKeyCallback) {
    KeyStore[] kstores = secSup.getKeyStores();
    _logger.log(Level.FINE, "JASPIC: In PrivateKeyCallback Processor");
    // Make sure we have a keystore
    if (kstores == null || kstores.length == 0) {
        // cannot get any information
        privKeyCallback.setKey(null, null);
        return;
    }
    // get the request type
    PrivateKeyCallback.Request req = privKeyCallback.getRequest();
    PrivateKey privKey = null;
    Certificate[] certs = null;
    if (req == null) {
        // no request type - set default key
        PrivateKeyEntry pke = getDefaultPrivateKeyEntry(kstores);
        if (pke != null) {
            privKey = pke.getPrivateKey();
            certs = pke.getCertificateChain();
        }
        privKeyCallback.setKey(privKey, certs);
        return;
    }
    // find key based on request type
    try {
        if (req instanceof PrivateKeyCallback.AliasRequest) {
            PrivateKeyCallback.AliasRequest aReq = (PrivateKeyCallback.AliasRequest) req;
            String alias = aReq.getAlias();
            PrivateKeyEntry privKeyEntry;
            if (alias == null) {
                // use default key
                privKeyEntry = getDefaultPrivateKeyEntry(kstores);
            } else {
                privKeyEntry = sslUtils.getPrivateKeyEntryFromTokenAlias(alias);
            }
            if (privKeyEntry != null) {
                privKey = privKeyEntry.getPrivateKey();
                certs = privKeyEntry.getCertificateChain();
            }
        } else if (req instanceof PrivateKeyCallback.IssuerSerialNumRequest) {
            PrivateKeyCallback.IssuerSerialNumRequest isReq = (PrivateKeyCallback.IssuerSerialNumRequest) req;
            X500Principal issuer = isReq.getIssuer();
            BigInteger serialNum = isReq.getSerialNum();
            if (issuer != null && serialNum != null) {
                boolean found = false;
                for (int i = 0; i < kstores.length && !found; i++) {
                    Enumeration aliases = kstores[i].aliases();
                    while (aliases.hasMoreElements() && !found) {
                        String nextAlias = (String) aliases.nextElement();
                        PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
                        if (key != null) {
                            Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
                            // check issuer/serial
                            X509Certificate eeCert = (X509Certificate) certificates[0];
                            if (eeCert.getIssuerX500Principal().equals(issuer) && eeCert.getSerialNumber().equals(serialNum)) {
                                privKey = key;
                                certs = certificates;
                                found = true;
                            }
                        }
                    }
                }
            }
        } else if (req instanceof PrivateKeyCallback.SubjectKeyIDRequest) {
            PrivateKeyCallback.SubjectKeyIDRequest skReq = (PrivateKeyCallback.SubjectKeyIDRequest) req;
            byte[] subjectKeyID = skReq.getSubjectKeyID();
            if (subjectKeyID != null) {
                boolean found = false;
                // In DER, subjectKeyID will be an OCTET STRING of OCTET STRING
                DerValue derValue1 = new DerValue(DerValue.tag_OctetString, subjectKeyID);
                DerValue derValue2 = new DerValue(DerValue.tag_OctetString, derValue1.toByteArray());
                byte[] derSubjectKeyID = derValue2.toByteArray();
                for (int i = 0; i < kstores.length && !found; i++) {
                    Enumeration aliases = kstores[i].aliases();
                    while (aliases.hasMoreElements() && !found) {
                        String nextAlias = (String) aliases.nextElement();
                        PrivateKey key = secSup.getPrivateKeyForAlias(nextAlias, i);
                        if (key != null) {
                            Certificate[] certificates = kstores[i].getCertificateChain(nextAlias);
                            X509Certificate eeCert = (X509Certificate) certificates[0];
                            // Extension: SubjectKeyIdentifier
                            byte[] derSubKeyID = eeCert.getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID);
                            if (derSubKeyID != null && Arrays.equals(derSubKeyID, derSubjectKeyID)) {
                                privKey = key;
                                certs = certificates;
                                found = true;
                            }
                        }
                    }
                }
            }
        } else if (req instanceof PrivateKeyCallback.DigestRequest) {
            PrivateKeyCallback.DigestRequest dReq = (PrivateKeyCallback.DigestRequest) req;
            byte[] digest = dReq.getDigest();
            String algorithm = dReq.getAlgorithm();
            PrivateKeyEntry privKeyEntry = null;
            if (digest == null) {
                // get default key
                privKeyEntry = getDefaultPrivateKeyEntry(kstores);
            } else {
                if (algorithm == null) {
                    algorithm = DEFAULT_DIGEST_ALGORITHM;
                }
                MessageDigest md = MessageDigest.getInstance(algorithm);
                privKeyEntry = getPrivateKeyEntry(kstores, md, digest);
            }
            if (privKeyEntry != null) {
                privKey = privKeyEntry.getPrivateKey();
                certs = privKeyEntry.getCertificateChain();
            }
        } else {
            if (_logger.isLoggable(Level.FINE)) {
                _logger.log(Level.FINE, "invalid request type: " + req.getClass().getName());
            }
        }
    } catch (Exception e) {
        // KeyStoreException
        if (_logger.isLoggable(FINE)) {
            _logger.log(FINE, "JASPIC: In PrivateKeyCallback Processor: " + " Error reading key !", e);
        }
    } finally {
        privKeyCallback.setKey(privKey, certs);
    }
}
Also used : PrivateKey(java.security.PrivateKey) DerValue(sun.security.util.DerValue) MessageDigest(java.security.MessageDigest) Enumeration(java.util.Enumeration) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) KeyStoreException(java.security.KeyStoreException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) LoginException(com.sun.enterprise.security.auth.login.common.LoginException) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) IOException(java.io.IOException) X500Principal(javax.security.auth.x500.X500Principal) BigInteger(java.math.BigInteger) PrivateKeyCallback(javax.security.auth.message.callback.PrivateKeyCallback) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)6 PrivateKeyCallback (javax.security.auth.message.callback.PrivateKeyCallback)6 CallerPrincipalCallback (javax.security.auth.message.callback.CallerPrincipalCallback)4 CertStoreCallback (javax.security.auth.message.callback.CertStoreCallback)4 GroupPrincipalCallback (javax.security.auth.message.callback.GroupPrincipalCallback)4 PasswordValidationCallback (javax.security.auth.message.callback.PasswordValidationCallback)4 SecretKeyCallback (javax.security.auth.message.callback.SecretKeyCallback)4 TrustStoreCallback (javax.security.auth.message.callback.TrustStoreCallback)4 LoginException (com.sun.enterprise.security.auth.login.common.LoginException)2 IOException (java.io.IOException)2 BigInteger (java.math.BigInteger)2 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2 KeyStore (java.security.KeyStore)2 PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)2 KeyStoreException (java.security.KeyStoreException)2 MessageDigest (java.security.MessageDigest)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 PrivateKey (java.security.PrivateKey)2 Certificate (java.security.cert.Certificate)2 X509Certificate (java.security.cert.X509Certificate)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial