a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: JKSKeyProvider.java,v 1.4 2008/06/25 05:47:38 qcheng Exp $
0cd8368ca65c58915ee90bc73d84e65f3da9e120Mark de Reeper * Portions Copyrighted 2013 ForgeRock, Inc.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunningtonimport com.sun.identity.saml.common.SAMLUtilsCommon;
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunningtonimport org.forgerock.openam.utils.AMKeyProvider;
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunningtonimport java.security.NoSuchAlgorithmException;
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunningtonimport java.security.cert.CertificateException;
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington * The class <code>JKSKeyProvider</code> is a class
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that is implemented to retrieve X509Certificates and Private Keys from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * user data store.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class JKSKeyProvider implements KeyProvider {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington keyProvider.setLogger(SAMLUtilsCommon.debug);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington public JKSKeyProvider(String keyStoreFilePropName,String keyStorePassFilePropName, String keyStoreTypePropName,
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington keyProvider = new AMKeyProvider(keyStoreFilePropName, keyStorePassFilePropName, keyStoreTypePropName,
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington keyProvider.setLogger(SAMLUtilsCommon.debug);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set the key to access key store database. This method will only need to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * be calles once if the key could not be obtained by other means.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param storepass password for the key store
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param keypass password for the certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setKey(String storepass, String keypass) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.cert.X509Certificate for the specified certAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return X509Certificate which matches the certAlias, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the certificate could not be found.
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington public java.security.cert.X509Certificate getX509Certificate (String certAlias) {
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington return keyProvider.getX509Certificate(certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.PublicKey for the specified keyAlias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param keyAlias Key alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return PublicKey which matches the keyAlias, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the PublicKey could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public java.security.PublicKey getPublicKey (String keyAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.PrivateKey for the specified certAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return PrivateKey which matches the certAlias, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the private key could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public java.security.PrivateKey getPrivateKey (String certAlias) {
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington return keyProvider.getPrivateKey(certAlias);
0cd8368ca65c58915ee90bc73d84e65f3da9e120Mark de Reeper * Return the {@link java.security.PrivateKey} for the specified certAlias and encrypted private key password.
0cd8368ca65c58915ee90bc73d84e65f3da9e120Mark de Reeper * @param certAlias Certificate alias name
0cd8368ca65c58915ee90bc73d84e65f3da9e120Mark de Reeper * @param encryptedKeyPass The encrypted keypass to use when getting the private certificate
0cd8368ca65c58915ee90bc73d84e65f3da9e120Mark de Reeper * @return PrivateKey which matches the certAlias, return null if the private key could not be found.
0cd8368ca65c58915ee90bc73d84e65f3da9e120Mark de Reeper public PrivateKey getPrivateKey (String certAlias, String encryptedKeyPass) {
0cd8368ca65c58915ee90bc73d84e65f3da9e120Mark de Reeper return keyProvider.getPrivateKey(certAlias, encryptedKeyPass);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the alias name of the first keystore entry whose certificate matches
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the given certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert Certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the (alias) name of the first entry with matching certificate,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * or null if no such entry exists in this keystore. If the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * has not been loaded properly, return null as well.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getCertificateAlias(Certificate cert) {
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington return keyProvider.getCertificateAlias(cert);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the private key password
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the private key password
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.PrivateKey for the given X509Certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert X509Certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return PrivateKey which matches the cert, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the private key could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO:????? does not seem keystore support this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /*public java.security.PrivateKey getPrivateKey (
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.cert.X509Certificate cert) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.PrivateKey key = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtilsCommon.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.message("NOT implemented!");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set the Certificate with name certAlias in the leystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate's name Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert Certificate
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington public void setCertificateEntry(String certAlias, Certificate cert) throws SAMLException {
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington keyProvider.setCertificateEntry(certAlias, cert);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the Certificate named certAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate's name Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the Certificate, If the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * doesn't contain such certAlias, return null.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Certificate getCertificate(String certAlias) {
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington return keyProvider.getCertificate(certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Store the keystore changes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return Certificate for the specified PublicKey.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param publicKey Certificate public key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Certificate which matches the PublicKey, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the Certificate could not be found.
5dc171fcee4f9e3e144b120a10a51dadbde01f69Phill Cunnington public Certificate getCertificate (java.security.PublicKey publicKey) {