Search in sources :

Example 1 with CertData

use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.

the class KeyStoreAdmin method getPaginatedKeystoreInfo.

/**
 * This method will list 1. Certificate aliases 2. Private key alise 3. Private key value to a
 * given keystore.
 *
 * @param keyStoreName The name of the keystore
 * @param pageNumber   page number
 * @return Instance of KeyStoreData
 * @throws SecurityConfigException will be thrown
 */
public PaginatedKeyStoreData getPaginatedKeystoreInfo(String keyStoreName, int pageNumber) throws SecurityConfigException {
    try {
        if (keyStoreName == null) {
            throw new Exception("keystore name cannot be null");
        }
        KeyStore keyStore;
        String keyStoreType;
        String keyStorePassword = null;
        if (KeyStoreUtil.isPrimaryStore(keyStoreName)) {
            KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
            keyStore = keyMan.getPrimaryKeyStore();
            ServerConfiguration serverConfig = ServerConfiguration.getInstance();
            keyStoreType = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIMARY_KEYSTORE_TYPE);
            keyStorePassword = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD);
        } else if (isTrustStore(keyStoreName)) {
            KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
            keyStore = getTrustStore();
            ServerConfiguration serverConfig = ServerConfiguration.getInstance();
            keyStoreType = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_TYPE);
            keyStorePassword = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_PASSWORD);
        } else {
            String path = SecurityConstants.KEY_STORES + "/" + keyStoreName;
            if (!registry.resourceExists(path)) {
                throw new SecurityConfigException("Key Store not found");
            }
            Resource resource = registry.get(path);
            KeyStoreManager manager = KeyStoreManager.getInstance(tenantId);
            keyStore = getKeyStore(keyStoreName);
            keyStoreType = resource.getProperty(SecurityConstants.PROP_TYPE);
            String encpass = resource.getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS);
            if (encpass != null) {
                CryptoUtil util = CryptoUtil.getDefaultCryptoUtil();
                keyStorePassword = new String(util.base64DecodeAndDecrypt(encpass));
            }
        }
        // Fill the information about the certificates
        Enumeration<String> aliases = keyStore.aliases();
        List<org.wso2.carbon.security.keystore.service.CertData> certDataList = new ArrayList<>();
        Format formatter = new SimpleDateFormat("dd/MM/yyyy");
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            if (keyStore.isCertificateEntry(alias)) {
                X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
                certDataList.add(fillCertData(cert, alias, formatter));
            }
        }
        // Create a cert array
        CertData[] certs = certDataList.toArray(new CertData[certDataList.size()]);
        // Create a KeyStoreData bean, set the name and fill in the cert information
        PaginatedKeyStoreData keyStoreData = new PaginatedKeyStoreData();
        keyStoreData.setKeyStoreName(keyStoreName);
        keyStoreData.setPaginatedCertData(doPaging(pageNumber, certs));
        keyStoreData.setKeyStoreType(keyStoreType);
        List<CertData> keyDataList = new ArrayList<>();
        aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            if (keyStore.isKeyEntry(alias)) {
                X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
                keyDataList.add(fillCertData(cert, alias, formatter));
            }
        }
        // Create a cert array.
        CertData[] keyCerts = keyDataList.toArray(new CertData[keyDataList.size()]);
        // Create a KeyStoreData bean, set the name and fill in the cert information.
        keyStoreData.setPaginatedKeyData(doPaging(pageNumber, keyCerts));
        return keyStoreData;
    } catch (Exception e) {
        String msg = "Error has encounted while loading the keystore to the given keystore name " + keyStoreName;
        log.error(msg, e);
        throw new SecurityConfigException(msg);
    }
}
Also used : PaginatedCertData(org.wso2.carbon.security.keystore.service.PaginatedCertData) CertData(org.wso2.carbon.security.keystore.service.CertData) ServerConfiguration(org.wso2.carbon.base.ServerConfiguration) Resource(org.wso2.carbon.registry.core.Resource) ArrayList(java.util.ArrayList) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) CryptoUtil(org.wso2.carbon.core.util.CryptoUtil) Format(java.text.Format) SimpleDateFormat(java.text.SimpleDateFormat) PaginatedKeyStoreData(org.wso2.carbon.security.keystore.service.PaginatedKeyStoreData) SimpleDateFormat(java.text.SimpleDateFormat)

Example 2 with CertData

use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.

the class KeyStoreAdmin method extractCertificate.

/**
 * Extract the encoded certificate into {@link X509Certificate}.
 *
 * @param certData encoded certificate.
 * @return {@link X509Certificate} object.
 * @throws SecurityConfigException if extracting the certificate fails.
 */
public X509Certificate extractCertificate(String certData) throws SecurityConfigException {
    byte[] bytes = Base64.decode(certData);
    X509Certificate cert;
    try {
        CertificateFactory factory = CertificateFactory.getInstance("X.509");
        cert = (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(bytes));
    } catch (CertificateException e) {
        if (log.isDebugEnabled()) {
            log.debug(e.getMessage(), e);
        }
        throw new SecurityConfigException("Invalid format of the provided certificate file");
    }
    return cert;
}
Also used : SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) ByteArrayInputStream(java.io.ByteArrayInputStream) CertificateException(java.security.cert.CertificateException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(java.security.cert.X509Certificate)

Example 3 with CertData

use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.

the class KeyStoreAdmin method getKeystoreInfo.

/**
 * This method will list 1. Certificate aliases 2. Private key alise 3. Private key value to a
 * given keystore.
 *
 * @param keyStoreName The name of the keystore
 * @return Instance of KeyStoreData
 * @throws SecurityConfigException will be thrown
 */
public KeyStoreData getKeystoreInfo(String keyStoreName) throws SecurityConfigException {
    try {
        if (keyStoreName == null) {
            throw new Exception("keystore name cannot be null");
        }
        KeyStore keyStore;
        String keyStoreType;
        String privateKeyPassword = null;
        if (KeyStoreUtil.isPrimaryStore(keyStoreName)) {
            KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
            keyStore = keyMan.getPrimaryKeyStore();
            ServerConfiguration serverConfig = ServerConfiguration.getInstance();
            keyStoreType = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIMARY_KEYSTORE_TYPE);
            privateKeyPassword = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD);
        } else if (isTrustStore(keyStoreName)) {
            keyStore = getTrustStore();
            ServerConfiguration serverConfig = ServerConfiguration.getInstance();
            keyStoreType = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_TYPE);
            privateKeyPassword = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_PASSWORD);
        } else {
            String path = SecurityConstants.KEY_STORES + "/" + keyStoreName;
            if (!registry.resourceExists(path)) {
                throw new SecurityConfigException("Key Store not found");
            }
            Resource resource = registry.get(path);
            keyStore = getKeyStore(keyStoreName);
            keyStoreType = resource.getProperty(SecurityConstants.PROP_TYPE);
            String encpass = resource.getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS);
            if (encpass != null) {
                CryptoUtil util = CryptoUtil.getDefaultCryptoUtil();
                privateKeyPassword = new String(util.base64DecodeAndDecrypt(encpass));
            }
        }
        // Fill the information about the certificates
        Enumeration<String> aliases = keyStore.aliases();
        List<org.wso2.carbon.security.keystore.service.CertData> certDataList = new ArrayList<>();
        Format formatter = new SimpleDateFormat("dd/MM/yyyy");
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            if (keyStore.isCertificateEntry(alias)) {
                X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
                certDataList.add(fillCertData(cert, alias, formatter));
            }
        }
        // Create a cert array
        CertData[] certs = certDataList.toArray(new CertData[certDataList.size()]);
        // Create a KeyStoreData bean, set the name and fill in the cert information
        KeyStoreData keyStoreData = new KeyStoreData();
        keyStoreData.setKeyStoreName(keyStoreName);
        keyStoreData.setCerts(certs);
        keyStoreData.setKeyStoreType(keyStoreType);
        aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            // There be only one entry in WSAS related keystores
            if (keyStore.isKeyEntry(alias)) {
                X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
                keyStoreData.setKey(fillCertData(cert, alias, formatter));
                PrivateKey key = (PrivateKey) keyStore.getKey(alias, privateKeyPassword.toCharArray());
                String pemKey;
                pemKey = "-----BEGIN PRIVATE KEY-----\n";
                pemKey += Base64.encode(key.getEncoded());
                pemKey += "\n-----END PRIVATE KEY-----";
                keyStoreData.setKeyValue(pemKey);
                break;
            }
        }
        return keyStoreData;
    } catch (Exception e) {
        String msg = "Error has encounted while loading the keystore to the given keystore name " + keyStoreName;
        log.error(msg, e);
        throw new SecurityConfigException(msg);
    }
}
Also used : PaginatedCertData(org.wso2.carbon.security.keystore.service.PaginatedCertData) CertData(org.wso2.carbon.security.keystore.service.CertData) PrivateKey(java.security.PrivateKey) ServerConfiguration(org.wso2.carbon.base.ServerConfiguration) Resource(org.wso2.carbon.registry.core.Resource) ArrayList(java.util.ArrayList) PaginatedKeyStoreData(org.wso2.carbon.security.keystore.service.PaginatedKeyStoreData) KeyStoreData(org.wso2.carbon.security.keystore.service.KeyStoreData) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) CryptoUtil(org.wso2.carbon.core.util.CryptoUtil) Format(java.text.Format) SimpleDateFormat(java.text.SimpleDateFormat) SimpleDateFormat(java.text.SimpleDateFormat)

Example 4 with CertData

use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.

the class KeyStoreManagementServiceImpl method getPublicCertificate.

@Override
public Map<String, X509Certificate> getPublicCertificate(String tenantDomain) throws KeyStoreManagementException {
    Map<String, X509Certificate> certData = new HashMap<>();
    KeyStoreData keyStoreInfo = getKeystoreData(tenantDomain, getKeyStoreName(tenantDomain));
    CertData key = keyStoreInfo.getKey();
    certData.put(key.getAlias(), ((CertDataDetail) key).getCertificate());
    return certData;
}
Also used : CertData(org.wso2.carbon.security.keystore.service.CertData) HashMap(java.util.HashMap) KeyStoreData(org.wso2.carbon.security.keystore.service.KeyStoreData) X509Certificate(java.security.cert.X509Certificate)

Example 5 with CertData

use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.

the class KeyStoreManagementServiceImpl method getKeyStoreCertificate.

@Override
public X509Certificate getKeyStoreCertificate(String tenantDomain, String alias) throws KeyStoreManagementException {
    if (StringUtils.isEmpty(alias)) {
        throw handleClientException(ERROR_CODE_EMPTY_ALIAS, null);
    }
    KeyStoreData keyStoreInfo = getKeystoreData(tenantDomain, getKeyStoreName(tenantDomain));
    CertData key = keyStoreInfo.getKey();
    if (key != null && StringUtils.equals(key.getAlias(), alias)) {
        return ((CertDataDetail) key).getCertificate();
    }
    CertData[] certDataArray = keyStoreInfo.getCerts();
    for (CertData certData : certDataArray) {
        String aliasFromKeyStore = certData.getAlias();
        if (StringUtils.equals(aliasFromKeyStore, alias)) {
            return ((CertDataDetail) certData).getCertificate();
        }
    }
    return null;
}
Also used : CertData(org.wso2.carbon.security.keystore.service.CertData) CertDataDetail(org.wso2.carbon.security.keystore.service.CertDataDetail) KeyStoreData(org.wso2.carbon.security.keystore.service.KeyStoreData)

Aggregations

CertData (org.wso2.carbon.security.keystore.service.CertData)7 X509Certificate (java.security.cert.X509Certificate)5 ArrayList (java.util.ArrayList)5 CertificateException (java.security.cert.CertificateException)4 SecurityConfigException (org.wso2.carbon.security.SecurityConfigException)4 PaginatedCertData (org.wso2.carbon.security.keystore.service.PaginatedCertData)4 IOException (java.io.IOException)3 KeyStore (java.security.KeyStore)3 KeyStoreException (java.security.KeyStoreException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)3 KeyStoreData (org.wso2.carbon.security.keystore.service.KeyStoreData)3 Format (java.text.Format)2 SimpleDateFormat (java.text.SimpleDateFormat)2 HashMap (java.util.HashMap)2 ServerConfiguration (org.wso2.carbon.base.ServerConfiguration)2 CryptoUtil (org.wso2.carbon.core.util.CryptoUtil)2 KeyStoreManager (org.wso2.carbon.core.util.KeyStoreManager)2 CertData (org.wso2.carbon.identity.application.common.model.CertData)2