JKSKeyProvider.java revision a688bcbb4bcff5398fdd29b86f83450257dc0df4
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: JKSKeyProvider.java,v 1.4 2008/06/25 05:47:38 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.saml.xmlsig;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLUtilsCommon;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.io.BufferedReader;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.io.FileInputStream;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.io.FileOutputStream;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.io.InputStreamReader;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.KeyStore;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.KeyStoreException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.PrivateKey;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.PublicKey;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.cert.Certificate;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.security.cert.X509Certificate;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.HashMap;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Enumeration;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.Base64;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class <code>AMKeyProvider</code> is a class
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that is implemented to retrieve X509Certificates and Private Keys from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * user data store.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <p>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class JKSKeyProvider implements KeyProvider {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private KeyStore ks = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO: move the below two password to AMConfig.properties
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String privateKeyPass = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String keystorePass = "";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String keystoreFile = "";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String keystoreType = "JKS";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private final static String DEFAULT_KEYSTORE_FILE_PROP =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "com.sun.identity.saml.xmlsig.keystore";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private final static String DEFAULT_KEYSTORE_PASS_FILE_PROP =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "com.sun.identity.saml.xmlsig.storepass";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private final static String DEFAULT_KEYSTORE_TYPE_PROP =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "com.sun.identity.saml.xmlsig.storetype";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private final static String DEFAULT_PRIVATE_KEY_PASS_FILE_PROP =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "com.sun.identity.saml.xmlsig.keypass";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HashMap keyTable = new HashMap();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void initialize(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String keyStoreFilePropName, String keyStorePassFilePropName,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String keyStoreTypePropName, String privateKeyPassFilePropName) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FileInputStream fis = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster InputStreamReader isr = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster BufferedReader br = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keystoreFile = SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyStoreFilePropName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (keystoreFile == null || keystoreFile.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "JKSKeyProvider: keystore file does not exist");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String kspfile = SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyStorePassFilePropName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String tmp_ksType = SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyStoreTypePropName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ( null != tmp_ksType ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keystoreType = tmp_ksType.trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (kspfile != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster fis = new FileInputStream(kspfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster isr = new InputStreamReader(fis);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster br = new BufferedReader(isr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keystorePass = SAMLUtilsCommon.decodePassword(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster br.readLine());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster fis.close();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception ex) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ex.printStackTrace();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("JKSKeyProvider.initialize:"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Unable to read keystore password file " + kspfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("JKSKeyProvider: keystore" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " password is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String pkpfile = SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster privateKeyPassFilePropName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (pkpfile != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster fis = new FileInputStream(pkpfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster isr = new InputStreamReader(fis);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster br = new BufferedReader(isr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster privateKeyPass = SAMLUtilsCommon.decodePassword(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster br.readLine());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster fis.close();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception ex) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ex.printStackTrace();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("JKSKeyProvider.initialize: "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to read privatekey password file " + kspfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void mapPk2Cert(){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ks = KeyStore.getInstance(keystoreType);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FileInputStream fis = new FileInputStream(keystoreFile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ks.load(fis, keystorePass.toCharArray());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // create publickey to Certificate mapping
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Enumeration e=ks.aliases();e.hasMoreElements();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String alias = (String) e.nextElement ();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Certificate cert = getCertificate(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster PublicKey pk = getPublicKey(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String key =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Base64.encode(pk.getEncoded());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyTable.put(key, cert);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.message("KeyTable size = " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyTable.size());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("mapPk2Cert.JKSKeyProvider:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public JKSKeyProvider() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this(DEFAULT_KEYSTORE_FILE_PROP,DEFAULT_KEYSTORE_PASS_FILE_PROP,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DEFAULT_KEYSTORE_TYPE_PROP, DEFAULT_PRIVATE_KEY_PASS_FILE_PROP);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public JKSKeyProvider(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String keyStoreFilePropName,String keyStorePassFilePropName,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String keyStoreTypePropName, String privateKeyPassFilePropName) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster initialize(keyStoreFilePropName, keyStorePassFilePropName,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyStoreTypePropName, privateKeyPassFilePropName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster mapPk2Cert();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set the key to access key store database. This method will only need to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * be calles once if the key could not be obtained by other means.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param storepass password for the key store
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param keypass password for the certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setKey(String storepass, String keypass) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keystorePass = storepass;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster privateKeyPass = keypass;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.cert.X509Certificate for the specified certAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return X509Certificate which matches the certAlias, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the certificate could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public java.security.cert.X509Certificate getX509Certificate (
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String certAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (certAlias == null || certAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.cert.X509Certificate cert = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cert = (X509Certificate) ks.getCertificate(certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("Unable to get cert alias:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster certAlias, e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return cert;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.PublicKey for the specified keyAlias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param keyAlias Key alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return PublicKey which matches the keyAlias, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the PublicKey could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public java.security.PublicKey getPublicKey (String keyAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (keyAlias == null || keyAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.PublicKey pkey = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.cert.X509Certificate cert =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (X509Certificate) ks.getCertificate(keyAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster pkey = cert.getPublicKey();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("Unable to get public key:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyAlias, e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return pkey;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.PrivateKey for the specified certAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return PrivateKey which matches the certAlias, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the private key could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public java.security.PrivateKey getPrivateKey (String certAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.PrivateKey key = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster key = (PrivateKey) ks.getKey(certAlias,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster privateKeyPass.toCharArray());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error(e.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return key;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the alias name of the first keystore entry whose certificate matches
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the given certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert Certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the (alias) name of the first entry with matching certificate,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * or null if no such entry exists in this keystore. If the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * has not been loaded properly, return null as well.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getCertificateAlias(Certificate cert) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String certalias = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (ks != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster certalias = ks.getCertificateAlias(cert);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (KeyStoreException ke) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return certalias;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the private key password
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the private key password
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getPrivateKeyPass() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return privateKeyPass;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public KeyStore getKeyStore() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return ks;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.PrivateKey for the given X509Certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert X509Certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return PrivateKey which matches the cert, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the private key could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO:????? does not seem keystore support this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /*public java.security.PrivateKey getPrivateKey (
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.cert.X509Certificate cert) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.PrivateKey key = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtilsCommon.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.message("NOT implemented!");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return key;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }*/
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set the Certificate with name certAlias in the leystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate's name Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert Certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setCertificateEntry(String certAlias, Certificate cert)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ks.setCertificateEntry(certAlias, cert);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error(e.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(e.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the Certificate named certAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate's name Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the Certificate, If the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * doesn't contain such certAlias, return null.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Certificate getCertificate(String certAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return ks.getCertificate(certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error(e.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Store the keystore changes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void store() throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Save keystore to file.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FileOutputStream keyStoreOStream =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster new FileOutputStream(keystoreFile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ks.store(keyStoreOStream, keystorePass.toCharArray());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyStoreOStream.close();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyStoreOStream = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtilsCommon.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.message("Keystore saved in " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keystoreFile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error(e.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(e.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return Certificate for the specified PublicKey.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param publicKey Certificate public key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Certificate which matches the PublicKey, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the Certificate could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Certificate getCertificate (
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.PublicKey publicKey) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String key = Base64.encode(publicKey.getEncoded());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (Certificate) keyTable.get (key);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}