Example 1 with CertData
use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.
the class KeyStoreAdmin method getPaginatedKeystoreInfo.
/**
* This method will list 1. Certificate aliases 2. Private key alise 3. Private key value to a
* given keystore.
*
* @param keyStoreName The name of the keystore
* @param pageNumber page number
* @return Instance of KeyStoreData
* @throws SecurityConfigException will be thrown
*/
public PaginatedKeyStoreData getPaginatedKeystoreInfo(String keyStoreName, int pageNumber) throws SecurityConfigException {
try {
if (keyStoreName == null) {
throw new Exception("keystore name cannot be null");
}
KeyStore keyStore;
String keyStoreType;
String keyStorePassword = null;
if (KeyStoreUtil.isPrimaryStore(keyStoreName)) {
KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
keyStore = keyMan.getPrimaryKeyStore();
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
keyStoreType = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIMARY_KEYSTORE_TYPE);
keyStorePassword = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD);
} else if (isTrustStore(keyStoreName)) {
KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
keyStore = getTrustStore();
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
keyStoreType = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_TYPE);
keyStorePassword = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_PASSWORD);
} else {
String path = SecurityConstants.KEY_STORES + "/" + keyStoreName;
if (!registry.resourceExists(path)) {
throw new SecurityConfigException("Key Store not found");
}
Resource resource = registry.get(path);
KeyStoreManager manager = KeyStoreManager.getInstance(tenantId);
keyStore = getKeyStore(keyStoreName);
keyStoreType = resource.getProperty(SecurityConstants.PROP_TYPE);
String encpass = resource.getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS);
if (encpass != null) {
CryptoUtil util = CryptoUtil.getDefaultCryptoUtil();
keyStorePassword = new String(util.base64DecodeAndDecrypt(encpass));
}
}
// Fill the information about the certificates
Enumeration<String> aliases = keyStore.aliases();
List<org.wso2.carbon.security.keystore.service.CertData> certDataList = new ArrayList<>();
Format formatter = new SimpleDateFormat("dd/MM/yyyy");
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keyStore.isCertificateEntry(alias)) {
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
certDataList.add(fillCertData(cert, alias, formatter));
}
}
// Create a cert array
CertData[] certs = certDataList.toArray(new CertData[certDataList.size()]);
// Create a KeyStoreData bean, set the name and fill in the cert information
PaginatedKeyStoreData keyStoreData = new PaginatedKeyStoreData();
keyStoreData.setKeyStoreName(keyStoreName);
keyStoreData.setPaginatedCertData(doPaging(pageNumber, certs));
keyStoreData.setKeyStoreType(keyStoreType);
List<CertData> keyDataList = new ArrayList<>();
aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keyStore.isKeyEntry(alias)) {
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
keyDataList.add(fillCertData(cert, alias, formatter));
}
}
// Create a cert array.
CertData[] keyCerts = keyDataList.toArray(new CertData[keyDataList.size()]);
// Create a KeyStoreData bean, set the name and fill in the cert information.
keyStoreData.setPaginatedKeyData(doPaging(pageNumber, keyCerts));
return keyStoreData;
} catch (Exception e) {
String msg = "Error has encounted while loading the keystore to the given keystore name " + keyStoreName;
log.error(msg, e);
throw new SecurityConfigException(msg);
}
}
Also used :
PaginatedCertData(org.wso2.carbon.security.keystore.service.PaginatedCertData)
CertData(org.wso2.carbon.security.keystore.service.CertData)
ServerConfiguration(org.wso2.carbon.base.ServerConfiguration)
Resource(org.wso2.carbon.registry.core.Resource)
ArrayList(java.util.ArrayList)
KeyStore(java.security.KeyStore)
KeyStoreException(java.security.KeyStoreException)
SecurityConfigException(org.wso2.carbon.security.SecurityConfigException)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager)
SecurityConfigException(org.wso2.carbon.security.SecurityConfigException)
CryptoUtil(org.wso2.carbon.core.util.CryptoUtil)
Format(java.text.Format)
SimpleDateFormat(java.text.SimpleDateFormat)
PaginatedKeyStoreData(org.wso2.carbon.security.keystore.service.PaginatedKeyStoreData)
SimpleDateFormat(java.text.SimpleDateFormat)
Example 2 with CertData
use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.
the class KeyStoreAdmin method extractCertificate.
/**
* Extract the encoded certificate into {@link X509Certificate}.
*
* @param certData encoded certificate.
* @return {@link X509Certificate} object.
* @throws SecurityConfigException if extracting the certificate fails.
*/
public X509Certificate extractCertificate(String certData) throws SecurityConfigException {
byte[] bytes = Base64.decode(certData);
X509Certificate cert;
try {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
cert = (X509Certificate) factory.generateCertificate(new ByteArrayInputStream(bytes));
} catch (CertificateException e) {
if (log.isDebugEnabled()) {
log.debug(e.getMessage(), e);
}
throw new SecurityConfigException("Invalid format of the provided certificate file");
}
return cert;
}
Also used :
SecurityConfigException(org.wso2.carbon.security.SecurityConfigException)
ByteArrayInputStream(java.io.ByteArrayInputStream)
CertificateException(java.security.cert.CertificateException)
CertificateFactory(java.security.cert.CertificateFactory)
X509Certificate(java.security.cert.X509Certificate)
Example 3 with CertData
use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.
the class KeyStoreAdmin method getKeystoreInfo.
/**
* This method will list 1. Certificate aliases 2. Private key alise 3. Private key value to a
* given keystore.
*
* @param keyStoreName The name of the keystore
* @return Instance of KeyStoreData
* @throws SecurityConfigException will be thrown
*/
public KeyStoreData getKeystoreInfo(String keyStoreName) throws SecurityConfigException {
try {
if (keyStoreName == null) {
throw new Exception("keystore name cannot be null");
}
KeyStore keyStore;
String keyStoreType;
String privateKeyPassword = null;
if (KeyStoreUtil.isPrimaryStore(keyStoreName)) {
KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
keyStore = keyMan.getPrimaryKeyStore();
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
keyStoreType = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIMARY_KEYSTORE_TYPE);
privateKeyPassword = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD);
} else if (isTrustStore(keyStoreName)) {
keyStore = getTrustStore();
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
keyStoreType = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_TYPE);
privateKeyPassword = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_PASSWORD);
} else {
String path = SecurityConstants.KEY_STORES + "/" + keyStoreName;
if (!registry.resourceExists(path)) {
throw new SecurityConfigException("Key Store not found");
}
Resource resource = registry.get(path);
keyStore = getKeyStore(keyStoreName);
keyStoreType = resource.getProperty(SecurityConstants.PROP_TYPE);
String encpass = resource.getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS);
if (encpass != null) {
CryptoUtil util = CryptoUtil.getDefaultCryptoUtil();
privateKeyPassword = new String(util.base64DecodeAndDecrypt(encpass));
}
}
// Fill the information about the certificates
Enumeration<String> aliases = keyStore.aliases();
List<org.wso2.carbon.security.keystore.service.CertData> certDataList = new ArrayList<>();
Format formatter = new SimpleDateFormat("dd/MM/yyyy");
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keyStore.isCertificateEntry(alias)) {
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
certDataList.add(fillCertData(cert, alias, formatter));
}
}
// Create a cert array
CertData[] certs = certDataList.toArray(new CertData[certDataList.size()]);
// Create a KeyStoreData bean, set the name and fill in the cert information
KeyStoreData keyStoreData = new KeyStoreData();
keyStoreData.setKeyStoreName(keyStoreName);
keyStoreData.setCerts(certs);
keyStoreData.setKeyStoreType(keyStoreType);
aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
// There be only one entry in WSAS related keystores
if (keyStore.isKeyEntry(alias)) {
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
keyStoreData.setKey(fillCertData(cert, alias, formatter));
PrivateKey key = (PrivateKey) keyStore.getKey(alias, privateKeyPassword.toCharArray());
String pemKey;
pemKey = "-----BEGIN PRIVATE KEY-----\n";
pemKey += Base64.encode(key.getEncoded());
pemKey += "\n-----END PRIVATE KEY-----";
keyStoreData.setKeyValue(pemKey);
break;
}
}
return keyStoreData;
} catch (Exception e) {
String msg = "Error has encounted while loading the keystore to the given keystore name " + keyStoreName;
log.error(msg, e);
throw new SecurityConfigException(msg);
}
}
Also used :
PaginatedCertData(org.wso2.carbon.security.keystore.service.PaginatedCertData)
CertData(org.wso2.carbon.security.keystore.service.CertData)
PrivateKey(java.security.PrivateKey)
ServerConfiguration(org.wso2.carbon.base.ServerConfiguration)
Resource(org.wso2.carbon.registry.core.Resource)
ArrayList(java.util.ArrayList)
PaginatedKeyStoreData(org.wso2.carbon.security.keystore.service.PaginatedKeyStoreData)
KeyStoreData(org.wso2.carbon.security.keystore.service.KeyStoreData)
KeyStore(java.security.KeyStore)
KeyStoreException(java.security.KeyStoreException)
SecurityConfigException(org.wso2.carbon.security.SecurityConfigException)
RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager)
SecurityConfigException(org.wso2.carbon.security.SecurityConfigException)
CryptoUtil(org.wso2.carbon.core.util.CryptoUtil)
Format(java.text.Format)
SimpleDateFormat(java.text.SimpleDateFormat)
SimpleDateFormat(java.text.SimpleDateFormat)
Example 4 with CertData
use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.
the class KeyStoreManagementServiceImpl method getPublicCertificate.
@Override
public Map<String, X509Certificate> getPublicCertificate(String tenantDomain) throws KeyStoreManagementException {
Map<String, X509Certificate> certData = new HashMap<>();
KeyStoreData keyStoreInfo = getKeystoreData(tenantDomain, getKeyStoreName(tenantDomain));
CertData key = keyStoreInfo.getKey();
certData.put(key.getAlias(), ((CertDataDetail) key).getCertificate());
return certData;
}
Also used :
CertData(org.wso2.carbon.security.keystore.service.CertData)
HashMap(java.util.HashMap)
KeyStoreData(org.wso2.carbon.security.keystore.service.KeyStoreData)
X509Certificate(java.security.cert.X509Certificate)
Example 5 with CertData
use of org.wso2.carbon.identity.application.common.model.CertData in project carbon-identity-framework by wso2.
the class KeyStoreManagementServiceImpl method getKeyStoreCertificate.
@Override
public X509Certificate getKeyStoreCertificate(String tenantDomain, String alias) throws KeyStoreManagementException {
if (StringUtils.isEmpty(alias)) {
throw handleClientException(ERROR_CODE_EMPTY_ALIAS, null);
}
KeyStoreData keyStoreInfo = getKeystoreData(tenantDomain, getKeyStoreName(tenantDomain));
CertData key = keyStoreInfo.getKey();
if (key != null && StringUtils.equals(key.getAlias(), alias)) {
return ((CertDataDetail) key).getCertificate();
}
CertData[] certDataArray = keyStoreInfo.getCerts();
for (CertData certData : certDataArray) {
String aliasFromKeyStore = certData.getAlias();
if (StringUtils.equals(aliasFromKeyStore, alias)) {
return ((CertDataDetail) certData).getCertificate();
}
}
return null;
}
Also used :
CertData(org.wso2.carbon.security.keystore.service.CertData)
CertDataDetail(org.wso2.carbon.security.keystore.service.CertDataDetail)
KeyStoreData(org.wso2.carbon.security.keystore.service.KeyStoreData)
Aggregations
CertData (org.wso2.carbon.security.keystore.service.CertData)7
X509Certificate (java.security.cert.X509Certificate)5
ArrayList (java.util.ArrayList)5
CertificateException (java.security.cert.CertificateException)4
SecurityConfigException (org.wso2.carbon.security.SecurityConfigException)4
PaginatedCertData (org.wso2.carbon.security.keystore.service.PaginatedCertData)4
IOException (java.io.IOException)3
KeyStore (java.security.KeyStore)3
KeyStoreException (java.security.KeyStoreException)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3
CertificateEncodingException (java.security.cert.CertificateEncodingException)3
RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)3
KeyStoreData (org.wso2.carbon.security.keystore.service.KeyStoreData)3
Format (java.text.Format)2
SimpleDateFormat (java.text.SimpleDateFormat)2
HashMap (java.util.HashMap)2
ServerConfiguration (org.wso2.carbon.base.ServerConfiguration)2
CryptoUtil (org.wso2.carbon.core.util.CryptoUtil)2
KeyStoreManager (org.wso2.carbon.core.util.KeyStoreManager)2
CertData (org.wso2.carbon.identity.application.common.model.CertData)2
