Search in sources :

Example 1 with X509CertifiedPublicKey

use of org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey in project xwiki-platform by xwiki.

the class AbstractX509WikiStore method storeCertificate.

/**
 * Create or update a certificate into the appropriate document of the given store, and return the unsaved document.
 *
 * @param store the reference of a document or a space where the certificate should be stored.
 * @param certificate the certificate to store.
 * @param context the XWikiContext.
 * @return the XWiki document to be saved where the object was updated or created.
 * @throws CertificateStoreException on error.
 */
protected XWikiDocument storeCertificate(StoreReference store, CertifiedPublicKey certificate, XWikiContext context) throws CertificateStoreException {
    if (!(certificate instanceof X509CertifiedPublicKey)) {
        throw new IllegalArgumentException("Certificate should be X509 certificates.");
    }
    X509CertifiedPublicKey publicKey = (X509CertifiedPublicKey) certificate;
    try {
        CertificateObjectReference certRef = findCertificate(store, publicKey);
        XWikiDocument document;
        BaseObject obj;
        if (certRef != null) {
            document = getDocument(store, certRef, context);
            obj = document.getXObject(X509CertificateWikiStore.CERTIFICATECLASS, certRef.getObjectNumber());
        } else {
            document = context.getWiki().getDocument(getDocumentReference(store, publicKey), context);
            obj = document.newXObject(X509CertificateWikiStore.CERTIFICATECLASS, context);
            byte[] keyId = publicKey.getSubjectKeyIdentifier();
            if (keyId != null) {
                obj.setStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_KEYID, this.base64.encode(keyId));
            }
            obj.setStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_ISSUER, publicKey.getIssuer().getName());
            obj.setStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_SERIAL, publicKey.getSerialNumber().toString());
            obj.setStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_SUBJECT, publicKey.getSubject().getName());
        }
        obj.setLargeStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_CERTIFICATE, this.base64.encode(certificate.getEncoded(), 64));
        return document;
    } catch (Exception e) {
        throw new CertificateStoreException("Error while preparing certificate for store [" + store + "]", e);
    }
}
Also used : XWikiDocument(com.xpn.xwiki.doc.XWikiDocument) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) CertificateStoreException(org.xwiki.crypto.store.CertificateStoreException) CertificateObjectReference(org.xwiki.crypto.store.wiki.internal.query.CertificateObjectReference) XWikiException(com.xpn.xwiki.XWikiException) CertificateStoreException(org.xwiki.crypto.store.CertificateStoreException) BaseObject(com.xpn.xwiki.objects.BaseObject)

Example 2 with X509CertifiedPublicKey

use of org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey in project xwiki-platform by xwiki.

the class X509KeyWikiStore method retrieve.

/**
 * {@inheritDoc}
 *
 * @param store an {@link org.xwiki.crypto.store.WikiStoreReference} to a space reference.
 */
@Override
public CertifiedKeyPair retrieve(StoreReference store, CertifiedPublicKey certificate, byte[] password) throws KeyStoreException {
    if (!(certificate instanceof X509CertifiedPublicKey)) {
        throw new IllegalArgumentException("Certificate should be X509 certificates.");
    }
    X509CertifiedPublicKey publicKey = (X509CertifiedPublicKey) certificate;
    XWikiContext context = getXWikiContext();
    try {
        CertificateObjectReference certRef = findCertificate(store, publicKey);
        if (certRef == null) {
            return null;
        }
        XWikiDocument document = getDocument(store, certRef, context);
        BaseObject pkObj = document.getXObject(PRIVATEKEYCLASS);
        if (pkObj == null) {
            return null;
        }
        byte[] key = getEncoder().decode(pkObj.getLargeStringValue(PRIVATEKEYCLASS_PROP_KEY));
        if (password != null) {
            return new CertifiedKeyPair(this.encryptor.decrypt(password, key), certificate);
        } else {
            return new CertifiedKeyPair(this.keyFactory.fromPKCS8(key), certificate);
        }
    } catch (Exception e) {
        throw new KeyStoreException("Failed to retrieved private key for certificate [" + publicKey.getSubject().getName() + "]");
    }
}
Also used : XWikiDocument(com.xpn.xwiki.doc.XWikiDocument) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) XWikiContext(com.xpn.xwiki.XWikiContext) CertificateObjectReference(org.xwiki.crypto.store.wiki.internal.query.CertificateObjectReference) KeyStoreException(org.xwiki.crypto.store.KeyStoreException) XWikiException(com.xpn.xwiki.XWikiException) IOException(java.io.IOException) CertificateStoreException(org.xwiki.crypto.store.CertificateStoreException) KeyStoreException(org.xwiki.crypto.store.KeyStoreException) BaseObject(com.xpn.xwiki.objects.BaseObject) CertifiedKeyPair(org.xwiki.crypto.pkix.params.CertifiedKeyPair)

Example 3 with X509CertifiedPublicKey

use of org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey in project xwiki-platform by xwiki.

the class RSACryptoScriptService method checkX509CertificateChainValidity.

/**
 * Check that an X509 certificate chain is complete and is valid on a given date.
 *
 * @param chain the ordered chain of certificate starting from root CA.
 * @param date the date to check the validity for, or null to check for now.
 * @return true if the chain is a X509 certificate chain complete and valid on the given date.
 */
public boolean checkX509CertificateChainValidity(Collection<CertifiedPublicKey> chain, Date date) {
    if (chain == null || chain.isEmpty()) {
        return false;
    }
    Date checkDate = (date != null) ? date : new Date();
    boolean rootExpected = true;
    for (CertifiedPublicKey cert : chain) {
        if (!(cert instanceof X509CertifiedPublicKey)) {
            return false;
        }
        if (rootExpected) {
            if (!((X509CertifiedPublicKey) cert).isRootCA()) {
                return false;
            }
            rootExpected = false;
        }
        if (!((X509CertifiedPublicKey) cert).isValidOn(checkDate)) {
            return false;
        }
    }
    return true;
}
Also used : X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) CertifiedPublicKey(org.xwiki.crypto.pkix.params.CertifiedPublicKey) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) Date(java.util.Date)

Example 4 with X509CertifiedPublicKey

use of org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey in project xwiki-platform by xwiki.

the class X509CertificateWikiStoreTest method getMockedCertificate.

private CertifiedPublicKey getMockedCertificate(boolean hasKeyId) throws Exception {
    X509CertifiedPublicKey certificate = mock(X509CertifiedPublicKey.class);
    when(certificate.getSerialNumber()).thenReturn(SERIAL);
    when(certificate.getIssuer()).thenReturn(new DistinguishedName(ISSUER));
    when(certificate.getSubject()).thenReturn(new DistinguishedName(SUBJECT));
    when(certificate.getEncoded()).thenReturn(CERTIFICATE);
    if (hasKeyId) {
        X509Extensions extensions = mock(X509Extensions.class);
        when(certificate.getExtensions()).thenReturn(extensions);
        when(extensions.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
        when(certificate.getSubjectKeyIdentifier()).thenReturn(SUBJECT_KEYID);
    }
    return certificate;
}
Also used : DistinguishedName(org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName) X509CertifiedPublicKey(org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey) X509Extensions(org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions)

Aggregations

X509CertifiedPublicKey (org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey)4 XWikiException (com.xpn.xwiki.XWikiException)2 XWikiDocument (com.xpn.xwiki.doc.XWikiDocument)2 BaseObject (com.xpn.xwiki.objects.BaseObject)2 CertificateStoreException (org.xwiki.crypto.store.CertificateStoreException)2 CertificateObjectReference (org.xwiki.crypto.store.wiki.internal.query.CertificateObjectReference)2 XWikiContext (com.xpn.xwiki.XWikiContext)1 IOException (java.io.IOException)1 Date (java.util.Date)1 CertifiedKeyPair (org.xwiki.crypto.pkix.params.CertifiedKeyPair)1 CertifiedPublicKey (org.xwiki.crypto.pkix.params.CertifiedPublicKey)1 DistinguishedName (org.xwiki.crypto.pkix.params.x509certificate.DistinguishedName)1 X509Extensions (org.xwiki.crypto.pkix.params.x509certificate.extension.X509Extensions)1 KeyStoreException (org.xwiki.crypto.store.KeyStoreException)1