| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.synapse.securevault.keystore; |
| |
| import org.apache.commons.logging.Log; |
| import org.apache.commons.logging.LogFactory; |
| import org.apache.synapse.securevault.SecureVaultException; |
| import org.apache.synapse.securevault.definition.IdentityKeyStoreInformation; |
| import org.apache.synapse.securevault.definition.KeyStoreInformation; |
| import org.apache.synapse.securevault.definition.TrustKeyStoreInformation; |
| |
| import javax.crypto.SecretKey; |
| import java.security.*; |
| import java.security.cert.Certificate; |
| |
| /** |
| * Wraps the keyStore and provide abstraction need for ciphering. |
| */ |
| public abstract class KeyStoreWrapper { |
| |
| protected Log log; |
| /* Bean that encapsulates the information about KeyStore */ |
| private KeyStoreInformation keyStoreInformation; |
| /* Underlying KeyStore */ |
| private KeyStore keyStore; |
| /* Password to access private key entries*/ |
| private String keyPassword; |
| |
| protected KeyStoreWrapper() { |
| log = LogFactory.getLog(this.getClass()); |
| } |
| |
| /** |
| * Initialize the KeyStore wrapper based on provided KeyStoreInformation and passwords |
| * |
| * @param information The object that has encapsulated all information for a |
| * keyStore excepts passwords |
| * @param keyPassword Specifies the password of the key within the keyStore |
| */ |
| protected void init(KeyStoreInformation information, String keyPassword) { |
| |
| if (information == null) { |
| throw new SecureVaultException("KeyStore information cannot be found", log); |
| } |
| this.keyStoreInformation = information; |
| this.keyPassword = keyPassword; |
| |
| if (information instanceof TrustKeyStoreInformation) { |
| this.keyStore = ((TrustKeyStoreInformation) information).getTrustStore(); |
| } else if (information instanceof IdentityKeyStoreInformation) { |
| this.keyStore = ((IdentityKeyStoreInformation) information).getIdentityKeyStore(); |
| } else { |
| throw new SecureVaultException("Invalid KeyStore type", log); |
| } |
| } |
| |
| /** |
| * Returns the key based on provided alias and key password |
| * |
| * @param alias The alias of the certificate in the specified keyStore |
| * @param keyPassword Password for key within the KeyStrore |
| * @return Key if there is a one , otherwise null |
| */ |
| protected Key getKey(String alias, String keyPassword) { |
| |
| if (alias == null || "".equals(alias)) { |
| throw new SecureVaultException("The alias need to provided to get certificate", log); |
| } |
| if (keyPassword != null) { |
| try { |
| return keyStore.getKey(alias, keyPassword.toCharArray()); |
| } catch (KeyStoreException e) { |
| throw new SecureVaultException("Error loading key for alias : " + alias, e, log); |
| } catch (NoSuchAlgorithmException e) { |
| throw new SecureVaultException("Error loading key for alias : " + alias, e, log); |
| } catch (UnrecoverableKeyException e) { |
| throw new SecureVaultException("Error loading key for alias : " + alias, e, log); |
| } |
| } |
| return null; |
| } |
| |
| /** |
| * Returns the key based on certificate of the owner to who given alias belong |
| * |
| * @param alias The alias of the certificate in the specified keyStore |
| * @return Key , if there is a one , otherwise null |
| */ |
| protected Key getPublicKeyFromCertificate(String alias) { |
| try { |
| Certificate certificate = keyStore.getCertificate(alias); |
| if (certificate != null) { |
| return certificate.getPublicKey(); |
| } |
| } catch (KeyStoreException e) { |
| throw new SecureVaultException("Error loading key for alias : " + alias, e, log); |
| } |
| return null; |
| } |
| |
| /** |
| * Returns the key based on default alias or password |
| * |
| * @return Key , if there is a one , otherwise null |
| */ |
| protected Key getDefaultPrivateKey() { |
| if (keyPassword != null) { |
| return getKey(keyStoreInformation.getAlias(), keyPassword); |
| } |
| return null; |
| } |
| |
| /** |
| * Returns the key based on default key password |
| * |
| * @param alias The alias |
| * @return Key , if there is a one , otherwise null |
| */ |
| protected Key getPrivateKey(String alias) { |
| return getKey(alias, keyPassword); |
| } |
| |
| /** |
| * Returns the public key for the given alias |
| * |
| * @param alias The alias of the certificate in the specified keyStore |
| * @return PublicKey if there is a one , otherwise null |
| */ |
| public PublicKey getPublicKey(String alias) { |
| Key key = getPublicKeyFromCertificate(alias); |
| if (key instanceof PublicKey) { |
| return (PublicKey) key; |
| } |
| return null; |
| } |
| |
| /** |
| * Returns the public key based on initialization data |
| * |
| * @return PublicKey if there is a one , otherwise null |
| */ |
| public PublicKey getPublicKey() { |
| Key key = getPublicKeyFromCertificate(keyStoreInformation.getAlias()); |
| if (key instanceof PublicKey) { |
| return (PublicKey) key; |
| } |
| return null; |
| } |
| |
| /** |
| * Returns KeyStore Information |
| * |
| * @return KeyStore Instance |
| */ |
| protected KeyStore getKeyStore() { |
| return keyStore; |
| } |
| |
| /** |
| * Returns the secret key |
| * |
| * @param alias The alias of the certificate in the specified keyStore |
| * @param keyPassword Password to access secret key |
| * @return SecretKey if there is a one , otherwise null |
| */ |
| public SecretKey getSecretKey(String alias, String keyPassword) { |
| Key key = getKey(alias, keyPassword); |
| if (key instanceof SecretKey) { |
| return (SecretKey) key; |
| } |
| return null; |
| } |
| |
| /** |
| * Returns the secret key based on initialization data |
| * |
| * @return SecretKey if there is a one , otherwise null |
| */ |
| public SecretKey getSecretKey() { |
| Key key = getKey(keyStoreInformation.getAlias(), |
| keyStoreInformation.getKeyStorePasswordProvider().getResolvedSecret()); |
| if (key instanceof SecretKey) { |
| return (SecretKey) key; |
| } |
| return null; |
| } |
| } |