Search in sources :

Example 1 with KeyStoreData

use of org.wso2.carbon.security.keystore.service.KeyStoreData in project carbon-identity-framework by wso2.

the class KeyStoreAdmin method getPaginatedKeystoreInfo.

/**
 * This method will list 1. Certificate aliases 2. Private key alise 3. Private key value to a
 * given keystore.
 *
 * @param keyStoreName The name of the keystore
 * @param pageNumber   page number
 * @return Instance of KeyStoreData
 * @throws SecurityConfigException will be thrown
 */
public PaginatedKeyStoreData getPaginatedKeystoreInfo(String keyStoreName, int pageNumber) throws SecurityConfigException {
    try {
        if (keyStoreName == null) {
            throw new Exception("keystore name cannot be null");
        }
        KeyStore keyStore;
        String keyStoreType;
        String keyStorePassword = null;
        if (KeyStoreUtil.isPrimaryStore(keyStoreName)) {
            KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
            keyStore = keyMan.getPrimaryKeyStore();
            ServerConfiguration serverConfig = ServerConfiguration.getInstance();
            keyStoreType = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIMARY_KEYSTORE_TYPE);
            keyStorePassword = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD);
        } else if (isTrustStore(keyStoreName)) {
            KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
            keyStore = getTrustStore();
            ServerConfiguration serverConfig = ServerConfiguration.getInstance();
            keyStoreType = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_TYPE);
            keyStorePassword = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_PASSWORD);
        } else {
            String path = SecurityConstants.KEY_STORES + "/" + keyStoreName;
            if (!registry.resourceExists(path)) {
                throw new SecurityConfigException("Key Store not found");
            }
            Resource resource = registry.get(path);
            KeyStoreManager manager = KeyStoreManager.getInstance(tenantId);
            keyStore = getKeyStore(keyStoreName);
            keyStoreType = resource.getProperty(SecurityConstants.PROP_TYPE);
            String encpass = resource.getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS);
            if (encpass != null) {
                CryptoUtil util = CryptoUtil.getDefaultCryptoUtil();
                keyStorePassword = new String(util.base64DecodeAndDecrypt(encpass));
            }
        }
        // Fill the information about the certificates
        Enumeration<String> aliases = keyStore.aliases();
        List<org.wso2.carbon.security.keystore.service.CertData> certDataList = new ArrayList<>();
        Format formatter = new SimpleDateFormat("dd/MM/yyyy");
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            if (keyStore.isCertificateEntry(alias)) {
                X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
                certDataList.add(fillCertData(cert, alias, formatter));
            }
        }
        // Create a cert array
        CertData[] certs = certDataList.toArray(new CertData[certDataList.size()]);
        // Create a KeyStoreData bean, set the name and fill in the cert information
        PaginatedKeyStoreData keyStoreData = new PaginatedKeyStoreData();
        keyStoreData.setKeyStoreName(keyStoreName);
        keyStoreData.setPaginatedCertData(doPaging(pageNumber, certs));
        keyStoreData.setKeyStoreType(keyStoreType);
        List<CertData> keyDataList = new ArrayList<>();
        aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            if (keyStore.isKeyEntry(alias)) {
                X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
                keyDataList.add(fillCertData(cert, alias, formatter));
            }
        }
        // Create a cert array.
        CertData[] keyCerts = keyDataList.toArray(new CertData[keyDataList.size()]);
        // Create a KeyStoreData bean, set the name and fill in the cert information.
        keyStoreData.setPaginatedKeyData(doPaging(pageNumber, keyCerts));
        return keyStoreData;
    } catch (Exception e) {
        String msg = "Error has encounted while loading the keystore to the given keystore name " + keyStoreName;
        log.error(msg, e);
        throw new SecurityConfigException(msg);
    }
}
Also used : PaginatedCertData(org.wso2.carbon.security.keystore.service.PaginatedCertData) CertData(org.wso2.carbon.security.keystore.service.CertData) ServerConfiguration(org.wso2.carbon.base.ServerConfiguration) Resource(org.wso2.carbon.registry.core.Resource) ArrayList(java.util.ArrayList) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) CryptoUtil(org.wso2.carbon.core.util.CryptoUtil) Format(java.text.Format) SimpleDateFormat(java.text.SimpleDateFormat) PaginatedKeyStoreData(org.wso2.carbon.security.keystore.service.PaginatedKeyStoreData) SimpleDateFormat(java.text.SimpleDateFormat)

Example 2 with KeyStoreData

use of org.wso2.carbon.security.keystore.service.KeyStoreData in project carbon-identity-framework by wso2.

the class KeyStoreAdmin method getKeyStores.

/**
 * Method to retrive keystore data.
 *
 * @param isSuperTenant - Indication whether the querying super tennat data
 * @return
 * @throws SecurityConfigException
 */
public KeyStoreData[] getKeyStores(boolean isSuperTenant) throws SecurityConfigException {
    CarbonUtils.checkSecurity();
    KeyStoreData[] names = new KeyStoreData[0];
    try {
        if (registry.resourceExists(SecurityConstants.KEY_STORES)) {
            Collection collection = (Collection) registry.get(SecurityConstants.KEY_STORES);
            String[] ks = collection.getChildren();
            List<KeyStoreData> lst = new ArrayList<>();
            for (int i = 0; i < ks.length; i++) {
                String fullname = ks[i];
                if (RegistryResources.SecurityManagement.PRIMARY_KEYSTORE_PHANTOM_RESOURCE.equals(fullname)) {
                    continue;
                }
                Resource store = registry.get(ks[i]);
                int lastIndex = fullname.lastIndexOf("/");
                String name = fullname.substring(lastIndex + 1);
                String type = store.getProperty(SecurityConstants.PROP_TYPE);
                String provider = store.getProperty(SecurityConstants.PROP_PROVIDER);
                KeyStoreData data = new KeyStoreData();
                data.setKeyStoreName(name);
                data.setKeyStoreType(type);
                data.setProvider(provider);
                String alias = store.getProperty(SecurityConstants.PROP_PRIVATE_KEY_ALIAS);
                if (alias != null) {
                    data.setPrivateStore(true);
                } else {
                    data.setPrivateStore(false);
                }
                // Dump the generated public key to the file system for sub tenants
                if (!isSuperTenant) {
                    Association[] associations = registry.getAssociations(ks[i], SecurityConstants.ASSOCIATION_TENANT_KS_PUB_KEY);
                    if (associations != null && associations.length > 0) {
                        Resource pubKeyResource = registry.get(associations[0].getDestinationPath());
                        String fileName = generatePubCertFileName(ks[i], pubKeyResource.getProperty(SecurityConstants.PROP_TENANT_PUB_KEY_FILE_NAME_APPENDER));
                        if (MessageContext.getCurrentMessageContext() != null) {
                            String pubKeyFilePath = KeyStoreMgtUtil.dumpCert(MessageContext.getCurrentMessageContext().getConfigurationContext(), (byte[]) pubKeyResource.getContent(), fileName);
                            data.setPubKeyFilePath(pubKeyFilePath);
                        }
                    }
                }
                lst.add(data);
            }
            names = new KeyStoreData[lst.size() + 1];
            Iterator<KeyStoreData> ite = lst.iterator();
            int count = 0;
            while (ite.hasNext()) {
                names[count] = ite.next();
                count++;
            }
            if (isSuperTenant) {
                KeyStoreData data = new KeyStoreData();
                ServerConfiguration config = ServerConfiguration.getInstance();
                String fileName = config.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIMARY_KEYSTORE_FILE);
                String type = config.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIMARY_KEYSTORE_TYPE);
                String name = KeyStoreUtil.getKeyStoreFileName(fileName);
                data.setKeyStoreName(name);
                data.setKeyStoreType(type);
                data.setProvider(" ");
                data.setPrivateStore(true);
                names[count] = data;
            }
        }
        return names;
    } catch (RegistryException e) {
        String msg = "Error when getting keyStore data";
        log.error(msg, e);
        throw new SecurityConfigException(msg, e);
    }
}
Also used : ServerConfiguration(org.wso2.carbon.base.ServerConfiguration) ArrayList(java.util.ArrayList) Resource(org.wso2.carbon.registry.core.Resource) PaginatedKeyStoreData(org.wso2.carbon.security.keystore.service.PaginatedKeyStoreData) KeyStoreData(org.wso2.carbon.security.keystore.service.KeyStoreData) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) Association(org.wso2.carbon.registry.core.Association) Collection(org.wso2.carbon.registry.core.Collection)

Example 3 with KeyStoreData

use of org.wso2.carbon.security.keystore.service.KeyStoreData in project carbon-identity-framework by wso2.

the class KeyStoreAdmin method getPrivateKey.

public Key getPrivateKey(String alias, boolean isSuperTenant) throws SecurityConfigException {
    KeyStoreData[] keystores = getKeyStores(isSuperTenant);
    KeyStore keyStore = null;
    String privateKeyPassowrd = null;
    try {
        for (int i = 0; i < keystores.length; i++) {
            if (KeyStoreUtil.isPrimaryStore(keystores[i].getKeyStoreName())) {
                KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
                keyStore = keyMan.getPrimaryKeyStore();
                ServerConfiguration serverConfig = ServerConfiguration.getInstance();
                privateKeyPassowrd = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD);
                return keyStore.getKey(alias, privateKeyPassowrd.toCharArray());
            }
        }
    } catch (Exception e) {
        String msg = "Error has encounted while loading the key for the given alias " + alias;
        log.error(msg, e);
        throw new SecurityConfigException(msg);
    }
    return null;
}
Also used : KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) ServerConfiguration(org.wso2.carbon.base.ServerConfiguration) PaginatedKeyStoreData(org.wso2.carbon.security.keystore.service.PaginatedKeyStoreData) KeyStoreData(org.wso2.carbon.security.keystore.service.KeyStoreData) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException)

Example 4 with KeyStoreData

use of org.wso2.carbon.security.keystore.service.KeyStoreData in project carbon-identity-framework by wso2.

the class KeyStoreAdmin method getKeystoreInfo.

/**
 * This method will list 1. Certificate aliases 2. Private key alise 3. Private key value to a
 * given keystore.
 *
 * @param keyStoreName The name of the keystore
 * @return Instance of KeyStoreData
 * @throws SecurityConfigException will be thrown
 */
public KeyStoreData getKeystoreInfo(String keyStoreName) throws SecurityConfigException {
    try {
        if (keyStoreName == null) {
            throw new Exception("keystore name cannot be null");
        }
        KeyStore keyStore;
        String keyStoreType;
        String privateKeyPassword = null;
        if (KeyStoreUtil.isPrimaryStore(keyStoreName)) {
            KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId);
            keyStore = keyMan.getPrimaryKeyStore();
            ServerConfiguration serverConfig = ServerConfiguration.getInstance();
            keyStoreType = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIMARY_KEYSTORE_TYPE);
            privateKeyPassword = serverConfig.getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD);
        } else if (isTrustStore(keyStoreName)) {
            keyStore = getTrustStore();
            ServerConfiguration serverConfig = ServerConfiguration.getInstance();
            keyStoreType = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_TYPE);
            privateKeyPassword = serverConfig.getFirstProperty(SERVER_TRUSTSTORE_PASSWORD);
        } else {
            String path = SecurityConstants.KEY_STORES + "/" + keyStoreName;
            if (!registry.resourceExists(path)) {
                throw new SecurityConfigException("Key Store not found");
            }
            Resource resource = registry.get(path);
            keyStore = getKeyStore(keyStoreName);
            keyStoreType = resource.getProperty(SecurityConstants.PROP_TYPE);
            String encpass = resource.getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS);
            if (encpass != null) {
                CryptoUtil util = CryptoUtil.getDefaultCryptoUtil();
                privateKeyPassword = new String(util.base64DecodeAndDecrypt(encpass));
            }
        }
        // Fill the information about the certificates
        Enumeration<String> aliases = keyStore.aliases();
        List<org.wso2.carbon.security.keystore.service.CertData> certDataList = new ArrayList<>();
        Format formatter = new SimpleDateFormat("dd/MM/yyyy");
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            if (keyStore.isCertificateEntry(alias)) {
                X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
                certDataList.add(fillCertData(cert, alias, formatter));
            }
        }
        // Create a cert array
        CertData[] certs = certDataList.toArray(new CertData[certDataList.size()]);
        // Create a KeyStoreData bean, set the name and fill in the cert information
        KeyStoreData keyStoreData = new KeyStoreData();
        keyStoreData.setKeyStoreName(keyStoreName);
        keyStoreData.setCerts(certs);
        keyStoreData.setKeyStoreType(keyStoreType);
        aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            // There be only one entry in WSAS related keystores
            if (keyStore.isKeyEntry(alias)) {
                X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
                keyStoreData.setKey(fillCertData(cert, alias, formatter));
                PrivateKey key = (PrivateKey) keyStore.getKey(alias, privateKeyPassword.toCharArray());
                String pemKey;
                pemKey = "-----BEGIN PRIVATE KEY-----\n";
                pemKey += Base64.encode(key.getEncoded());
                pemKey += "\n-----END PRIVATE KEY-----";
                keyStoreData.setKeyValue(pemKey);
                break;
            }
        }
        return keyStoreData;
    } catch (Exception e) {
        String msg = "Error has encounted while loading the keystore to the given keystore name " + keyStoreName;
        log.error(msg, e);
        throw new SecurityConfigException(msg);
    }
}
Also used : PaginatedCertData(org.wso2.carbon.security.keystore.service.PaginatedCertData) CertData(org.wso2.carbon.security.keystore.service.CertData) PrivateKey(java.security.PrivateKey) ServerConfiguration(org.wso2.carbon.base.ServerConfiguration) Resource(org.wso2.carbon.registry.core.Resource) ArrayList(java.util.ArrayList) PaginatedKeyStoreData(org.wso2.carbon.security.keystore.service.PaginatedKeyStoreData) KeyStoreData(org.wso2.carbon.security.keystore.service.KeyStoreData) KeyStore(java.security.KeyStore) KeyStoreException(java.security.KeyStoreException) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) X509Certificate(java.security.cert.X509Certificate) KeyStoreManager(org.wso2.carbon.core.util.KeyStoreManager) SecurityConfigException(org.wso2.carbon.security.SecurityConfigException) CryptoUtil(org.wso2.carbon.core.util.CryptoUtil) Format(java.text.Format) SimpleDateFormat(java.text.SimpleDateFormat) SimpleDateFormat(java.text.SimpleDateFormat)

Example 5 with KeyStoreData

use of org.wso2.carbon.security.keystore.service.KeyStoreData in project carbon-identity-framework by wso2.

the class Util method doFilter.

public static KeyStoreData[] doFilter(String filter, KeyStoreData[] keyStoreDataSet) {
    String regPattern = filter.replace("*", ".*");
    List<KeyStoreData> list = new ArrayList<>();
    for (KeyStoreData keyStore : keyStoreDataSet) {
        if (keyStore != null && keyStore.getKeyStoreName().toLowerCase().matches(regPattern.toLowerCase())) {
            list.add(keyStore);
        }
    }
    return list.toArray(new KeyStoreData[list.size()]);
}
Also used : ArrayList(java.util.ArrayList) KeyStoreData(org.wso2.carbon.security.mgt.stub.keystore.xsd.KeyStoreData)

Aggregations

KeyStoreData (org.wso2.carbon.security.keystore.service.KeyStoreData)7 SecurityConfigException (org.wso2.carbon.security.SecurityConfigException)6 CertData (org.wso2.carbon.security.keystore.service.CertData)6 ArrayList (java.util.ArrayList)5 ServerConfiguration (org.wso2.carbon.base.ServerConfiguration)4 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)4 PaginatedKeyStoreData (org.wso2.carbon.security.keystore.service.PaginatedKeyStoreData)4 IOException (java.io.IOException)3 KeyStore (java.security.KeyStore)3 KeyStoreException (java.security.KeyStoreException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 CertificateEncodingException (java.security.cert.CertificateEncodingException)3 CertificateException (java.security.cert.CertificateException)3 X509Certificate (java.security.cert.X509Certificate)3 KeyStoreManager (org.wso2.carbon.core.util.KeyStoreManager)3 Resource (org.wso2.carbon.registry.core.Resource)3 PaginatedCertData (org.wso2.carbon.security.keystore.service.PaginatedCertData)3 KeyStoreData (org.wso2.carbon.security.mgt.stub.keystore.xsd.KeyStoreData)3 Format (java.text.Format)2 SimpleDateFormat (java.text.SimpleDateFormat)2