Example 6 with FileBasedKeyStoreService
use of won.cryptography.service.keystore.FileBasedKeyStoreService in project webofneeds by researchstudio-sat.
the class CryptographyService method createClientDefaultCertificateIfNotPresent.
/**
* A default key (application acting as client key) has to be put into the key
* store if not already present. This has to be done before other objects start
* using CryptographyService or corresponding KeyStore.
*/
private void createClientDefaultCertificateIfNotPresent() {
if (defaultAlias == null)
return;
logger.debug("checking if the certificate with alias {} is in the keystore", defaultAlias);
if (containsEntry(defaultAlias)) {
logger.info("entry with alias {} found in the keystore", defaultAlias);
} else {
// no certificate, create it:
logger.info("certificate not found under alias {}, creating new one", defaultAlias);
try {
createNewKeyPair(defaultAlias, null);
logger.info("certificate created");
} catch (IOException e) {
throw new RuntimeException("Could not create certificate for " + defaultAlias, e);
}
}
// System.setProperty("javax.net.debug", "ssl");
if (this.keyToTrustFile == null) {
logger.info("no additional key configured to be imported into truststore");
return;
}
FileBasedKeyStoreService keyToTrustKeyStoreService = new FileBasedKeyStoreService(new File(this.keyToTrustFile), keyToTrustFilePassword, keyToTrustKeystoreType);
try {
keyToTrustKeyStoreService.init();
} catch (Exception e) {
logger.info("unable to read key for alias " + keyToTrustAlias + " from keystore " + keyToTrustFile, e);
}
Certificate cert = keyToTrustKeyStoreService.getCertificate(keyToTrustAlias);
if (cert == null) {
try {
Optional<String> aliases = Collections.list(keyToTrustKeyStoreService.getUnderlyingKeyStore().aliases()).stream().reduce((x, y) -> x + "," + y);
logger.info("no key for alias {} found in keystore {}. Available aliases: {}", new Object[] { keyToTrustAlias, keyToTrustFile, aliases.orElse("(none)") });
} catch (Exception e) {
logger.info("no key for alias " + keyToTrustAlias + " found in keystore " + keyToTrustFile + "; caught exception while trying to log available aliases", e);
}
return;
}
// we need this so we can connect to ourself with ssl (used by the activemq
// broker)
logger.info("certificate with alias {} will be added/overwritten in truststore", keyToTrustAliasUnder);
try {
trustStoreService.addCertificate(keyToTrustAliasUnder, cert, true);
} catch (Exception e) {
logger.info("could not add certificate for alias " + keyToTrustAliasUnder + " to truststore", e);
}
logger.info("certificate with alias {} has been added to truststore", keyToTrustAliasUnder);
}
Also used :
FileBasedKeyStoreService(won.cryptography.service.keystore.FileBasedKeyStoreService)
IOException(java.io.IOException)
File(java.io.File)
IOException(java.io.IOException)
KeyStoreException(java.security.KeyStoreException)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
File (java.io.File)6
FileBasedKeyStoreService (won.cryptography.service.keystore.FileBasedKeyStoreService)6
BouncyCastleProvider (org.bouncycastle.jce.provider.BouncyCastleProvider)4
Before (org.junit.Before)2
CertificateService (won.cryptography.service.CertificateService)2
KeyPairService (won.cryptography.service.KeyPairService)2
IOException (java.io.IOException)1
KeyStoreException (java.security.KeyStoreException)1
Certificate (java.security.cert.Certificate)1
X509Certificate (java.security.cert.X509Certificate)1
DefaultWebIdKeyLoader (won.cryptography.rdfsign.DefaultWebIdKeyLoader)1
CryptographyService (won.cryptography.service.CryptographyService)1
KeyStoreService (won.cryptography.service.keystore.KeyStoreService)1
TestingDataSource (won.cryptography.utils.TestingDataSource)1
SignatureAddingWonMessageProcessor (won.protocol.message.processor.impl.SignatureAddingWonMessageProcessor)1
SignatureCheckingWonMessageProcessor (won.protocol.message.processor.impl.SignatureCheckingWonMessageProcessor)1
