geode-dunit/src/main/java/org/apache/geode/security/templates/PKCSAuthInit.java - geode - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.apache.geode.security.templates;

 import java.io.FileInputStream;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.PrivateKey;
 import java.security.Signature;
 import java.security.cert.X509Certificate;
 import java.util.Properties;

 import org.apache.logging.log4j.Logger;

 import org.apache.geode.LogWriter;
 import org.apache.geode.distributed.DistributedMember;
 import org.apache.geode.internal.logging.LogService;
 import org.apache.geode.security.AuthInitialize;
 import org.apache.geode.security.AuthenticationFailedException;

 /**
  * An {@link AuthInitialize} implementation that obtains the digital signature for use with PKCS
  * scheme on server from the given set of properties.
  *
  * To use this class the {@code security-client-auth-init} property should be set to the fully
  * qualified name the static {@code create} function viz.
  * {@code org.apache.geode.security.templates.PKCSAuthInit.create}
  *
  * @since GemFire 5.5
  */
 public class PKCSAuthInit implements AuthInitialize {

   private static final Logger logger = LogService.getLogger();

   public static final String KEYSTORE_FILE_PATH = "security-keystorepath";
   public static final String KEYSTORE_ALIAS = "security-alias";
   public static final String KEYSTORE_PASSWORD = "security-keystorepass";
   public static final String SIGNATURE_DATA = "security-signature";

   protected LogWriter systemLogWriter;
   protected LogWriter securityLogWriter;

   public static AuthInitialize create() {
     return new PKCSAuthInit();
   }

   @Override
   public void init(final LogWriter systemLogWriter, final LogWriter securityLogWriter)
       throws AuthenticationFailedException {
     this.systemLogWriter = systemLogWriter;
     this.securityLogWriter = securityLogWriter;
   }

   @Override
   public Properties getCredentials(final Properties securityProperties,
       final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
     final String keyStorePath = securityProperties.getProperty(KEYSTORE_FILE_PATH);
     if (keyStorePath == null) {
       throw new AuthenticationFailedException(
           "PKCSAuthInit: key-store file path property [" + KEYSTORE_FILE_PATH + "] not set.");
     }

     final String alias = securityProperties.getProperty(KEYSTORE_ALIAS);
     if (alias == null) {
       throw new AuthenticationFailedException(
           "PKCSAuthInit: key alias name property [" + KEYSTORE_ALIAS + "] not set.");
     }

     final String keyStorePass = securityProperties.getProperty(KEYSTORE_PASSWORD);

     try {
       final KeyStore ks = KeyStore.getInstance("PKCS12");
       final char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null);
       final FileInputStream certificatefile = new FileInputStream(keyStorePath);

       try {
         ks.load(certificatefile, passPhrase);
       } finally {
         certificatefile.close();
       }

       final Key key = ks.getKey(alias, passPhrase);

       if (key instanceof PrivateKey) {
         final PrivateKey privKey = (PrivateKey) key;
         final X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
         final Signature sig = Signature.getInstance(cert.getSigAlgName());

         sig.initSign(privKey);
         sig.update(alias.getBytes("UTF-8"));
         final byte[] signatureBytes = sig.sign();

         final Properties newprops = new Properties();
         newprops.put(KEYSTORE_ALIAS, alias);
         newprops.put(SIGNATURE_DATA, signatureBytes);
         return newprops;

       } else {
         throw new AuthenticationFailedException(
             "PKCSAuthInit: " + "Failed to load private key from the given file: " + keyStorePath);
       }

     } catch (Exception ex) {
       throw new AuthenticationFailedException(
           "PKCSAuthInit: Exception while getting credentials: " + ex, ex);
     }
   }

   @Override
   public void close() {}
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/
	package org.apache.geode.security.templates;

	import java.io.FileInputStream;
	import java.security.Key;
	import java.security.KeyStore;
	import java.security.PrivateKey;
	import java.security.Signature;
	import java.security.cert.X509Certificate;
	import java.util.Properties;

	import org.apache.logging.log4j.Logger;

	import org.apache.geode.LogWriter;
	import org.apache.geode.distributed.DistributedMember;
	import org.apache.geode.internal.logging.LogService;
	import org.apache.geode.security.AuthInitialize;
	import org.apache.geode.security.AuthenticationFailedException;

	/**
	* An {@link AuthInitialize} implementation that obtains the digital signature for use with PKCS
	* scheme on server from the given set of properties.
	*
	* To use this class the {@code security-client-auth-init} property should be set to the fully
	* qualified name the static {@code create} function viz.
	* {@code org.apache.geode.security.templates.PKCSAuthInit.create}
	*
	* @since GemFire 5.5
	*/
	public class PKCSAuthInit implements AuthInitialize {

	private static final Logger logger = LogService.getLogger();

	public static final String KEYSTORE_FILE_PATH = "security-keystorepath";
	public static final String KEYSTORE_ALIAS = "security-alias";
	public static final String KEYSTORE_PASSWORD = "security-keystorepass";
	public static final String SIGNATURE_DATA = "security-signature";

	protected LogWriter systemLogWriter;
	protected LogWriter securityLogWriter;

	public static AuthInitialize create() {
	return new PKCSAuthInit();
	}

	@Override
	public void init(final LogWriter systemLogWriter, final LogWriter securityLogWriter)
	throws AuthenticationFailedException {
	this.systemLogWriter = systemLogWriter;
	this.securityLogWriter = securityLogWriter;
	}

	@Override
	public Properties getCredentials(final Properties securityProperties,
	final DistributedMember server, final boolean isPeer) throws AuthenticationFailedException {
	final String keyStorePath = securityProperties.getProperty(KEYSTORE_FILE_PATH);
	if (keyStorePath == null) {
	throw new AuthenticationFailedException(
	"PKCSAuthInit: key-store file path property [" + KEYSTORE_FILE_PATH + "] not set.");
	}

	final String alias = securityProperties.getProperty(KEYSTORE_ALIAS);
	if (alias == null) {
	throw new AuthenticationFailedException(
	"PKCSAuthInit: key alias name property [" + KEYSTORE_ALIAS + "] not set.");
	}

	final String keyStorePass = securityProperties.getProperty(KEYSTORE_PASSWORD);

	try {
	final KeyStore ks = KeyStore.getInstance("PKCS12");
	final char[] passPhrase = (keyStorePass != null ? keyStorePass.toCharArray() : null);
	final FileInputStream certificatefile = new FileInputStream(keyStorePath);

	try {
	ks.load(certificatefile, passPhrase);
	} finally {
	certificatefile.close();
	}

	final Key key = ks.getKey(alias, passPhrase);

	if (key instanceof PrivateKey) {
	final PrivateKey privKey = (PrivateKey) key;
	final X509Certificate cert = (X509Certificate) ks.getCertificate(alias);
	final Signature sig = Signature.getInstance(cert.getSigAlgName());

	sig.initSign(privKey);
	sig.update(alias.getBytes("UTF-8"));
	final byte[] signatureBytes = sig.sign();

	final Properties newprops = new Properties();
	newprops.put(KEYSTORE_ALIAS, alias);
	newprops.put(SIGNATURE_DATA, signatureBytes);
	return newprops;

	} else {
	throw new AuthenticationFailedException(
	"PKCSAuthInit: " + "Failed to load private key from the given file: " + keyStorePath);
	}

	} catch (Exception ex) {
	throw new AuthenticationFailedException(
	"PKCSAuthInit: Exception while getting credentials: " + ex, ex);
	}
	}

	@Override
	public void close() {}
	}