Example 1 with CertificateManagementException
use of org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateManagementException in project carbon-apimgt by wso2.
the class CertificateMgtUtils method updateCertificate.
/**
* Method to update the certificate which matches the given alias.
*
* @param certificate: The base64 encoded certificate string.
* @param alias : Alias of the certificate that should be retrieved.
* @return :
*/
public synchronized ResponseCode updateCertificate(String certificate, String alias) throws CertificateManagementException {
try {
File trustStoreFile = new File(trustStoreLocation);
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream localTrustStoreStream = new FileInputStream(trustStoreFile)) {
trustStore.load(localTrustStoreStream, trustStorePassword);
}
if (trustStore.getCertificate(alias) == null) {
log.error("Could not update the certificate. The certificate for alias '" + alias + "' is not found" + " in the trust store.");
return ResponseCode.CERTIFICATE_NOT_FOUND;
}
// Generate the certificate from the input string.
byte[] cert = (Base64.decodeBase64(certificate.getBytes(StandardCharsets.UTF_8)));
Certificate newCertificate;
try (InputStream certificateStream = new ByteArrayInputStream(cert)) {
if (certificateStream.available() == 0) {
log.error("Certificate is empty for the provided alias " + alias);
return ResponseCode.INTERNAL_SERVER_ERROR;
}
CertificateFactory certificateFactory = CertificateFactory.getInstance(certificateType);
newCertificate = certificateFactory.generateCertificate(certificateStream);
}
X509Certificate x509Certificate = (X509Certificate) newCertificate;
if (x509Certificate.getNotAfter().getTime() <= System.currentTimeMillis()) {
log.error("Could not update the certificate. The certificate expired.");
return ResponseCode.CERTIFICATE_EXPIRED;
}
// If the certificate is not expired, delete the existing certificate and add the new cert.
trustStore.deleteEntry(alias);
// Store the certificate in the trust store.
trustStore.setCertificateEntry(alias, newCertificate);
try (OutputStream fileOutputStream = new FileOutputStream(trustStoreFile)) {
trustStore.store(fileOutputStream, trustStorePassword);
}
} catch (IOException e) {
throw new CertificateManagementException("Error updating certificate.", e);
} catch (CertificateException e) {
throw new CertificateManagementException("Error generating the certificate.", e);
} catch (NoSuchAlgorithmException e) {
throw new CertificateManagementException("Error loading the keystore.", e);
} catch (KeyStoreException e) {
throw new CertificateManagementException("Error updating the certificate in the keystore.", e);
}
return ResponseCode.SUCCESS;
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
OutputStream(java.io.OutputStream)
FileOutputStream(java.io.FileOutputStream)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
CertificateFactory(java.security.cert.CertificateFactory)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileOutputStream(java.io.FileOutputStream)
CertificateManagementException(org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateManagementException)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 2 with CertificateManagementException
use of org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateManagementException in project carbon-apimgt by wso2.
the class CertificateMgtUtils method getCertificateContent.
/**
* Retrieve the certificate which is represented by the given alias.
*
* @param alias : The alias of the required certificate.
* @return : The Certificate as a ByteArrayInputStream.
* @throws CertificateManagementException :
*/
public synchronized ByteArrayInputStream getCertificateContent(String alias) throws CertificateManagementException {
File trustStoreFile = new File(trustStoreLocation);
Certificate certificate;
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
try (InputStream localTrustStoreStream = new FileInputStream(trustStoreFile)) {
trustStore.load(localTrustStoreStream, trustStorePassword);
}
if (trustStore.containsAlias(alias)) {
certificate = trustStore.getCertificate(alias);
return new ByteArrayInputStream(certificate.getEncoded());
}
} catch (IOException e) {
throw new CertificateManagementException("Error in loading the certificate.", e);
} catch (CertificateException e) {
throw new CertificateManagementException("Error loading certificate.", e);
} catch (NoSuchAlgorithmException e) {
throw new CertificateManagementException("Could not find the algorithm to load the certificate.", e);
} catch (KeyStoreException e) {
throw new CertificateManagementException("Error reading certificate contents.", e);
}
return null;
}
Also used :
ByteArrayInputStream(java.io.ByteArrayInputStream)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
CertificateManagementException(org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateManagementException)
CertificateException(java.security.cert.CertificateException)
IOException(java.io.IOException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
KeyStoreException(java.security.KeyStoreException)
File(java.io.File)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 3 with CertificateManagementException
use of org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateManagementException in project carbon-apimgt by wso2.
the class CertificateMgtDAO method addCertificate.
/**
* Method to add a new certificate to the database.
*
* @param alias : Alias for the new certificate.
* @param endpoint : The endpoint/ server url which the certificate will be mapped to.
* @param tenantId : The Id of the tenant who uploaded the certificate.
* @return : True if the information is added successfully, false otherwise.
* @throws CertificateManagementException if existing entry is found for the given endpoint or alias.
*/
public boolean addCertificate(String certificate, String alias, String endpoint, int tenantId) throws CertificateManagementException, CertificateAliasExistsException {
boolean result = false;
String addCertQuery = SQLConstants.CertificateConstants.INSERT_CERTIFICATE;
try (Connection connection = APIMgtDBUtil.getConnection()) {
boolean certificateExist = isCertificateExist(connection, alias, tenantId);
if (certificateExist) {
if (log.isDebugEnabled()) {
log.debug("A certificate for the endpoint " + endpoint + " has already added with alias " + alias);
}
String message = "Alias or Endpoint exists in the database!";
throw new CertificateAliasExistsException(message);
}
connection.setAutoCommit(false);
try (PreparedStatement preparedStatement = connection.prepareStatement(addCertQuery)) {
preparedStatement.setInt(1, tenantId);
preparedStatement.setString(2, endpoint);
preparedStatement.setString(3, alias);
preparedStatement.setBinaryStream(4, getInputStream(certificate));
result = preparedStatement.executeUpdate() == 1;
connection.commit();
} catch (SQLException e) {
handleConnectionRollBack(connection);
if (log.isDebugEnabled()) {
log.debug("Error occurred while adding certificate metadata to database.", e);
}
handleException("Error while persisting certificate metadata.", e);
}
} catch (SQLException e) {
handleException("Error while retrieving connection", e);
}
return result;
}
Also used :
SQLException(java.sql.SQLException)
CertificateAliasExistsException(org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateAliasExistsException)
Connection(java.sql.Connection)
PreparedStatement(java.sql.PreparedStatement)
Example 4 with CertificateManagementException
use of org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateManagementException in project carbon-apimgt by wso2.
the class CertificateMgtDAO method getCertificate.
/**
* Method to retrieve certificate metadata from db for specific tenant which matches alias or endpoint.
* From alias and endpoint, only one parameter is required.
*
* @param tenantId : The id of the tenant which the certificate belongs to.
* @param alias : Alias for the certificate. (Optional)
* @param endpoint : The endpoint/ server url which the certificate is mapped to. (Optional)
* @return : A CertificateMetadataDTO object if the certificate is retrieved successfully, null otherwise.
*/
public CertificateMetadataDTO getCertificate(String alias, String endpoint, int tenantId) throws CertificateManagementException {
String getCertQuery;
getCertQuery = SQLConstants.CertificateConstants.GET_CERTIFICATE_TENANT_ALIAS_ENDPOINT;
try (Connection connection = APIMgtDBUtil.getConnection()) {
try (PreparedStatement preparedStatement = connection.prepareStatement(getCertQuery)) {
preparedStatement.setInt(1, tenantId);
preparedStatement.setString(2, alias);
preparedStatement.setString(3, endpoint);
try (ResultSet resultSet = preparedStatement.executeQuery()) {
if (resultSet.next()) {
CertificateMetadataDTO certificateMetadataDTO = new CertificateMetadataDTO();
certificateMetadataDTO.setAlias(resultSet.getString("ALIAS"));
certificateMetadataDTO.setEndpoint(resultSet.getString("END_POINT"));
try (InputStream certificate = resultSet.getBinaryStream("CERTIFICATE")) {
certificateMetadataDTO.setCertificate(APIMgtDBUtil.getStringFromInputStream(certificate));
}
return certificateMetadataDTO;
}
}
}
} catch (SQLException | IOException e) {
handleException("Error while retrieving certificate metadata.", e);
}
throw new CertificateManagementException("Certificate didn't exist with alias" + alias);
}
Also used :
CertificateMetadataDTO(org.wso2.carbon.apimgt.api.dto.CertificateMetadataDTO)
SQLException(java.sql.SQLException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
Connection(java.sql.Connection)
ResultSet(java.sql.ResultSet)
CertificateManagementException(org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateManagementException)
PreparedStatement(java.sql.PreparedStatement)
IOException(java.io.IOException)
Example 5 with CertificateManagementException
use of org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateManagementException in project carbon-apimgt by wso2.
the class CertificateMgtDAO method updateClientCertificate.
/**
* To update an already existing client certificate.
*
* @param certificate : Specific certificate.
* @param alias : Alias of the certificate.
* @param tier : Name of tier related with the certificate.
* @param tenantId : ID of the tenant.
* @param organization : Organization
* @return true if the update succeeds, unless false.
* @throws CertificateManagementException Certificate Management Exception.
*/
public boolean updateClientCertificate(String certificate, String alias, String tier, int tenantId, String organization) throws CertificateManagementException {
List<ClientCertificateDTO> clientCertificateDTOList = getClientCertificates(tenantId, alias, null, organization);
ClientCertificateDTO clientCertificateDTO;
if (clientCertificateDTOList.size() == 0) {
if (log.isDebugEnabled()) {
log.debug("Client certificate update request is received for a non-existing alias " + alias + " of " + "tenant " + tenantId);
}
return false;
}
clientCertificateDTO = clientCertificateDTOList.get(0);
if (StringUtils.isNotEmpty(certificate)) {
clientCertificateDTO.setCertificate(certificate);
}
if (StringUtils.isNotEmpty(tier)) {
clientCertificateDTO.setTierName(tier);
}
try (Connection connection = APIMgtDBUtil.getConnection()) {
try {
connection.setAutoCommit(false);
deleteClientCertificate(connection, null, alias, tenantId);
addClientCertificate(connection, clientCertificateDTO.getCertificate(), clientCertificateDTO.getApiIdentifier(), alias, clientCertificateDTO.getTierName(), tenantId, organization);
connection.commit();
} catch (SQLException e) {
handleConnectionRollBack(connection);
handleException("Error while updating client certificate for the API for the alias " + alias, e);
}
} catch (SQLException e) {
handleException("Error while updating client certificate for the API for the alias " + alias, e);
}
return true;
}
Also used :
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ClientCertificateDTO(org.wso2.carbon.apimgt.api.dto.ClientCertificateDTO)
Aggregations
Test (org.junit.Test)11
CertificateMetadataDTO (org.wso2.carbon.apimgt.api.dto.CertificateMetadataDTO)9
CertificateManagementException (org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateManagementException)8
ArrayList (java.util.ArrayList)7
IOException (java.io.IOException)6
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
InputStream (java.io.InputStream)5
Connection (java.sql.Connection)5
SQLException (java.sql.SQLException)5
File (java.io.File)4
PreparedStatement (java.sql.PreparedStatement)4
ResponseCode (org.wso2.carbon.apimgt.impl.certificatemgt.ResponseCode)4
CertificateAliasExistsException (org.wso2.carbon.apimgt.impl.certificatemgt.exceptions.CertificateAliasExistsException)4
FileInputStream (java.io.FileInputStream)3
KeyStore (java.security.KeyStore)3
KeyStoreException (java.security.KeyStoreException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CertificateException (java.security.cert.CertificateException)3
X509Certificate (java.security.cert.X509Certificate)3
