JKSKeyProvider.java revision a688bcbb4bcff5398fdd29b86f83450257dc0df4
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: JKSKeyProvider.java,v 1.4 2008/06/25 05:47:38 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLUtilsCommon;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class <code>AMKeyProvider</code> is a class
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that is implemented to retrieve X509Certificates and Private Keys from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * user data store.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class JKSKeyProvider implements KeyProvider {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO: move the below two password to AMConfig.properties
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private final static String DEFAULT_KEYSTORE_FILE_PROP =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private final static String DEFAULT_KEYSTORE_PASS_FILE_PROP =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private final static String DEFAULT_KEYSTORE_TYPE_PROP =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private final static String DEFAULT_PRIVATE_KEY_PASS_FILE_PROP =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String keyStoreFilePropName, String keyStorePassFilePropName,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String keyStoreTypePropName, String privateKeyPassFilePropName) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keystoreFile = SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (keystoreFile == null || keystoreFile.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "JKSKeyProvider: keystore file does not exist");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String kspfile = SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String tmp_ksType = SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("JKSKeyProvider.initialize:"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Unable to read keystore password file " + kspfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("JKSKeyProvider: keystore" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " password is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String pkpfile = SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster privateKeyPass = SAMLUtilsCommon.decodePassword(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("JKSKeyProvider.initialize: "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to read privatekey password file " + kspfile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void mapPk2Cert(){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FileInputStream fis = new FileInputStream(keystoreFile);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // create publickey to Certificate mapping
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Enumeration e=ks.aliases();e.hasMoreElements();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.message("KeyTable size = " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("mapPk2Cert.JKSKeyProvider:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this(DEFAULT_KEYSTORE_FILE_PROP,DEFAULT_KEYSTORE_PASS_FILE_PROP,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DEFAULT_KEYSTORE_TYPE_PROP, DEFAULT_PRIVATE_KEY_PASS_FILE_PROP);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String keyStoreFilePropName,String keyStorePassFilePropName,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String keyStoreTypePropName, String privateKeyPassFilePropName) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster initialize(keyStoreFilePropName, keyStorePassFilePropName,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster keyStoreTypePropName, privateKeyPassFilePropName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set the key to access key store database. This method will only need to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * be calles once if the key could not be obtained by other means.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param storepass password for the key store
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param keypass password for the certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setKey(String storepass, String keypass) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.cert.X509Certificate for the specified certAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return X509Certificate which matches the certAlias, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the certificate could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public java.security.cert.X509Certificate getX509Certificate (
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (certAlias == null || certAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.cert.X509Certificate cert = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cert = (X509Certificate) ks.getCertificate(certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("Unable to get cert alias:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.PublicKey for the specified keyAlias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param keyAlias Key alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return PublicKey which matches the keyAlias, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the PublicKey could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public java.security.PublicKey getPublicKey (String keyAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (keyAlias == null || keyAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.error("Unable to get public key:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.PrivateKey for the specified certAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate alias name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return PrivateKey which matches the certAlias, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the private key could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public java.security.PrivateKey getPrivateKey (String certAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the alias name of the first keystore entry whose certificate matches
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the given certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert Certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the (alias) name of the first entry with matching certificate,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * or null if no such entry exists in this keystore. If the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * has not been loaded properly, return null as well.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getCertificateAlias(Certificate cert) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the private key password
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the private key password
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return java.security.PrivateKey for the given X509Certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert X509Certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return PrivateKey which matches the cert, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the private key could not be found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO:????? does not seem keystore support this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /*public java.security.PrivateKey getPrivateKey (
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.cert.X509Certificate cert) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.PrivateKey key = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtilsCommon.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.message("NOT implemented!");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set the Certificate with name certAlias in the leystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate's name Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert Certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setCertificateEntry(String certAlias, Certificate cert)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Get the Certificate named certAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias Certificate's name Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the Certificate, If the keystore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * doesn't contain such certAlias, return null.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Certificate getCertificate(String certAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Store the keystore changes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Save keystore to file.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ks.store(keyStoreOStream, keystorePass.toCharArray());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtilsCommon.debug.message("Keystore saved in " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return Certificate for the specified PublicKey.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param publicKey Certificate public key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Certificate which matches the PublicKey, return null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster the Certificate could not be found.