Example 1 with PrivateKeyCertificate
use of password.pwm.bean.PrivateKeyCertificate in project pwm by pwm-project.
the class HttpsServerCertificateManager method importKey.
public static void importKey(final StoredConfiguration storedConfiguration, final KeyStoreFormat keyStoreFormat, final InputStream inputStream, final PasswordData password, final String alias) throws PwmUnrecoverableException {
final char[] charPassword = password == null ? new char[0] : password.getStringValue().toCharArray();
final PrivateKeyCertificate privateKeyCertificate;
try {
final KeyStore keyStore = KeyStore.getInstance(keyStoreFormat.toString());
keyStore.load(inputStream, charPassword);
final String effectiveAlias;
{
final List<String> allAliases = new ArrayList<>();
for (final Enumeration enu = keyStore.aliases(); enu.hasMoreElements(); ) {
final String value = (String) enu.nextElement();
allAliases.add(value);
}
effectiveAlias = allAliases.size() == 1 ? allAliases.iterator().next() : alias;
}
final KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(charPassword);
final KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(effectiveAlias, passwordProtection);
if (entry == null) {
final String errorMsg = "unable to import https key entry with alias '" + alias + "'";
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_CERTIFICATE_ERROR, errorMsg, new String[] { "no key entry alias '" + alias + "' in keystore" }));
}
final PrivateKey key = entry.getPrivateKey();
final List<X509Certificate> certificates = Arrays.asList((X509Certificate[]) entry.getCertificateChain());
LOGGER.debug("importing certificate chain: " + JsonUtil.serializeCollection(X509Utils.makeDebugInfoMap(certificates)));
privateKeyCertificate = new PrivateKeyCertificate(certificates, key);
} catch (Exception e) {
final String errorMsg = "unable to load configured https certificate: " + e.getMessage();
final String[] errorDetail = new String[] { e.getMessage() };
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_CERTIFICATE_ERROR, errorMsg, errorDetail));
}
final StoredValue storedValue = new PrivateKeyValue(privateKeyCertificate);
storedConfiguration.writeSetting(PwmSetting.HTTPS_CERT, storedValue, null);
}
Also used :
PrivateKeyValue(password.pwm.config.value.PrivateKeyValue)
Enumeration(java.util.Enumeration)
PrivateKey(java.security.PrivateKey)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PrivateKeyCertificate(password.pwm.bean.PrivateKeyCertificate)
StoredValue(password.pwm.config.StoredValue)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
URISyntaxException(java.net.URISyntaxException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
IOException(java.io.IOException)
ErrorInformation(password.pwm.error.ErrorInformation)
List(java.util.List)
ArrayList(java.util.ArrayList)
Example 2 with PrivateKeyCertificate
use of password.pwm.bean.PrivateKeyCertificate in project pwm by pwm-project.
the class PrivateKeyValue method factory.
public static StoredValue.StoredValueFactory factory() {
return new StoredValue.StoredValueFactory() {
public PrivateKeyValue fromXmlElement(final Element settingElement, final PwmSecurityKey key) {
if (settingElement != null && settingElement.getChild("value") != null) {
final Element valueElement = settingElement.getChild("value");
if (valueElement != null) {
final List<X509Certificate> certificates = new ArrayList<>();
for (final Element certificateElement : valueElement.getChildren(ELEMENT_NAME_CERTIFICATE)) {
try {
final String b64Text = certificateElement.getText();
final X509Certificate cert = X509Utils.certificateFromBase64(b64Text);
certificates.add(cert);
} catch (Exception e) {
LOGGER.error("error reading certificate: " + e.getMessage(), e);
}
}
PrivateKey privateKey = null;
try {
final Element keyElement = valueElement.getChild(ELEMENT_NAME_KEY);
final String encryptedText = keyElement.getText();
final String decryptedText = SecureEngine.decryptStringValue(encryptedText, key, PwmBlockAlgorithm.CONFIG);
final byte[] privateKeyBytes = StringUtil.base64Decode(decryptedText);
privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(privateKeyBytes));
} catch (Exception e) {
LOGGER.error("error reading privateKey: " + e.getMessage(), e);
}
if (!certificates.isEmpty() && privateKey != null) {
final PrivateKeyCertificate privateKeyCertificate = new PrivateKeyCertificate(certificates, privateKey);
return new PrivateKeyValue(privateKeyCertificate);
}
}
}
return new PrivateKeyValue(null);
}
public X509CertificateValue fromJson(final String input) {
return new X509CertificateValue(new X509Certificate[0]);
}
};
}
Also used :
PrivateKey(java.security.PrivateKey)
Element(org.jdom2.Element)
ArrayList(java.util.ArrayList)
PrivateKeyCertificate(password.pwm.bean.PrivateKeyCertificate)
X509Certificate(java.security.cert.X509Certificate)
PwmSecurityKey(password.pwm.util.secure.PwmSecurityKey)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
Example 3 with PrivateKeyCertificate
use of password.pwm.bean.PrivateKeyCertificate in project pwm by pwm-project.
the class HttpsServerCertificateManager method exportKey.
private static KeyStore exportKey(final Configuration configuration, final KeyStoreFormat format, final PasswordData passwordData, final String alias) throws PwmUnrecoverableException {
final PrivateKeyCertificate privateKeyCertificate = configuration.readSettingAsPrivateKey(PwmSetting.HTTPS_CERT);
if (privateKeyCertificate == null) {
return null;
}
final KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(passwordData.getStringValue().toCharArray());
try {
final KeyStore keyStore = KeyStore.getInstance(format.toString());
// load of null is required to init keystore.
keyStore.load(null, passwordData.getStringValue().toCharArray());
keyStore.setEntry(alias, new KeyStore.PrivateKeyEntry(privateKeyCertificate.getKey(), privateKeyCertificate.getCertificates().toArray(new X509Certificate[privateKeyCertificate.getCertificates().size()])), passwordProtection);
return keyStore;
} catch (Exception e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, "error generating keystore file;: " + e.getMessage()));
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PrivateKeyCertificate(password.pwm.bean.PrivateKeyCertificate)
KeyStore(java.security.KeyStore)
URISyntaxException(java.net.URISyntaxException)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
IOException(java.io.IOException)
Aggregations
PrivateKeyCertificate (password.pwm.bean.PrivateKeyCertificate)3
IOException (java.io.IOException)2
URISyntaxException (java.net.URISyntaxException)2
KeyStore (java.security.KeyStore)2
PrivateKey (java.security.PrivateKey)2
X509Certificate (java.security.cert.X509Certificate)2
ArrayList (java.util.ArrayList)2
ErrorInformation (password.pwm.error.ErrorInformation)2
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)2
PKCS8EncodedKeySpec (java.security.spec.PKCS8EncodedKeySpec)1
Enumeration (java.util.Enumeration)1
List (java.util.List)1
Element (org.jdom2.Element)1
StoredValue (password.pwm.config.StoredValue)1
PrivateKeyValue (password.pwm.config.value.PrivateKeyValue)1
PwmSecurityKey (password.pwm.util.secure.PwmSecurityKey)1
