modules/securevault/src/main/java/org/apache/synapse/securevault/keystore/KeyStoreWrapper.java - synapse - Git at Google

 /*
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 */
 package org.apache.synapse.securevault.keystore;

 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.synapse.securevault.SecureVaultException;
 import org.apache.synapse.securevault.definition.IdentityKeyStoreInformation;
 import org.apache.synapse.securevault.definition.KeyStoreInformation;
 import org.apache.synapse.securevault.definition.TrustKeyStoreInformation;

 import javax.crypto.SecretKey;
 import java.security.*;
 import java.security.cert.Certificate;

 /**
  * Wraps the keyStore and provide abstraction need for ciphering.
  */
 public abstract class KeyStoreWrapper {

     protected Log log;
     /* Bean that encapsulates the information about KeyStore */
     private KeyStoreInformation keyStoreInformation;
     /* Underlying KeyStore */
     private KeyStore keyStore;
     /* Password to access private key entries*/
     private String keyPassword;

     protected KeyStoreWrapper() {
         log = LogFactory.getLog(this.getClass());
     }

     /**
      * Initialize the KeyStore wrapper based on provided KeyStoreInformation and passwords
      *
      * @param information The object that has encapsulated all information for a
      *                    keyStore excepts passwords
      * @param keyPassword Specifies the password of the key within the keyStore
      */
     protected void init(KeyStoreInformation information, String keyPassword) {

         if (information == null) {
             throw new SecureVaultException("KeyStore information cannot be found", log);
         }
         this.keyStoreInformation = information;
         this.keyPassword = keyPassword;

         if (information instanceof TrustKeyStoreInformation) {
             this.keyStore = ((TrustKeyStoreInformation) information).getTrustStore();
         } else if (information instanceof IdentityKeyStoreInformation) {
             this.keyStore = ((IdentityKeyStoreInformation) information).getIdentityKeyStore();
         } else {
             throw new SecureVaultException("Invalid KeyStore type", log);
         }
     }

     /**
      * Returns the key based on provided alias and key password
      *
      * @param alias       The alias of the certificate in the specified keyStore
      * @param keyPassword Password for key within the KeyStrore
      * @return Key if there is a one , otherwise null
      */
     protected Key getKey(String alias, String keyPassword) {

         if (alias == null || "".equals(alias)) {
             throw new SecureVaultException("The alias need to provided to get certificate", log);
         }
         if (keyPassword != null) {
             try {
                 return keyStore.getKey(alias, keyPassword.toCharArray());
             } catch (KeyStoreException e) {
                 throw new SecureVaultException("Error loading key for alias : " + alias, e, log);
             } catch (NoSuchAlgorithmException e) {
                 throw new SecureVaultException("Error loading key for alias : " + alias, e, log);
             } catch (UnrecoverableKeyException e) {
                 throw new SecureVaultException("Error loading key for alias : " + alias, e, log);
             }
         }
         return null;
     }

     /**
      * Returns the key based on certificate of the owner to who given alias belong
      *
      * @param alias The alias of the certificate in the specified keyStore
      * @return Key , if there is a one , otherwise null
      */
     protected Key getPublicKeyFromCertificate(String alias) {
         try {
             Certificate certificate = keyStore.getCertificate(alias);
             if (certificate != null) {
                 return certificate.getPublicKey();
             }
         } catch (KeyStoreException e) {
             throw new SecureVaultException("Error loading key for alias : " + alias, e, log);
         }
         return null;
     }

     /**
      * Returns the key based on default alias or password
      *
      * @return Key , if there is a one , otherwise null
      */
     protected Key getDefaultPrivateKey() {
         if (keyPassword != null) {
             return getKey(keyStoreInformation.getAlias(), keyPassword);
         }
         return null;
     }

     /**
      * Returns the key based on default key password
      *
      * @param alias The alias
      * @return Key , if there is a one , otherwise null
      */
     protected Key getPrivateKey(String alias) {
         return getKey(alias, keyPassword);
     }

     /**
      * Returns the public key for the given alias
      *
      * @param alias The alias of the certificate in the specified keyStore
      * @return PublicKey if there is a one , otherwise null
      */
     public PublicKey getPublicKey(String alias) {
         Key key = getPublicKeyFromCertificate(alias);
         if (key instanceof PublicKey) {
             return (PublicKey) key;
         }
         return null;
     }

     /**
      * Returns the public key based on initialization data
      *
      * @return PublicKey if there is a one , otherwise null
      */
     public PublicKey getPublicKey() {
         Key key = getPublicKeyFromCertificate(keyStoreInformation.getAlias());
         if (key instanceof PublicKey) {
             return (PublicKey) key;
         }
         return null;
     }

     /**
      * Returns KeyStore Information
      *
      * @return KeyStore Instance
      */
     protected KeyStore getKeyStore() {
         return keyStore;
     }

     /**
      * Returns the secret key
      *
      * @param alias       The alias of the certificate in the specified keyStore
      * @param keyPassword Password to access secret key
      * @return SecretKey if there is a one , otherwise null
      */
     public SecretKey getSecretKey(String alias, String keyPassword) {
         Key key = getKey(alias, keyPassword);
         if (key instanceof SecretKey) {
             return (SecretKey) key;
         }
         return null;
     }

     /**
      * Returns the secret key based on initialization data
      *
      * @return SecretKey if there is a one , otherwise null
      */
     public SecretKey getSecretKey() {
         Key key = getKey(keyStoreInformation.getAlias(),
                 keyStoreInformation.getKeyStorePasswordProvider().getResolvedSecret());
         if (key instanceof SecretKey) {
             return (SecretKey) key;
         }
         return null;
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.synapse.securevault.keystore;

	import org.apache.commons.logging.Log;
	import org.apache.commons.logging.LogFactory;
	import org.apache.synapse.securevault.SecureVaultException;
	import org.apache.synapse.securevault.definition.IdentityKeyStoreInformation;
	import org.apache.synapse.securevault.definition.KeyStoreInformation;
	import org.apache.synapse.securevault.definition.TrustKeyStoreInformation;

	import javax.crypto.SecretKey;
	import java.security.*;
	import java.security.cert.Certificate;

	/**
	* Wraps the keyStore and provide abstraction need for ciphering.
	*/
	public abstract class KeyStoreWrapper {

	protected Log log;
	/* Bean that encapsulates the information about KeyStore */
	private KeyStoreInformation keyStoreInformation;
	/* Underlying KeyStore */
	private KeyStore keyStore;
	/* Password to access private key entries*/
	private String keyPassword;

	protected KeyStoreWrapper() {
	log = LogFactory.getLog(this.getClass());
	}

	/**
	* Initialize the KeyStore wrapper based on provided KeyStoreInformation and passwords
	*
	* @param information The object that has encapsulated all information for a
	* keyStore excepts passwords
	* @param keyPassword Specifies the password of the key within the keyStore
	*/
	protected void init(KeyStoreInformation information, String keyPassword) {

	if (information == null) {
	throw new SecureVaultException("KeyStore information cannot be found", log);
	}
	this.keyStoreInformation = information;
	this.keyPassword = keyPassword;

	if (information instanceof TrustKeyStoreInformation) {
	this.keyStore = ((TrustKeyStoreInformation) information).getTrustStore();
	} else if (information instanceof IdentityKeyStoreInformation) {
	this.keyStore = ((IdentityKeyStoreInformation) information).getIdentityKeyStore();
	} else {
	throw new SecureVaultException("Invalid KeyStore type", log);
	}
	}

	/**
	* Returns the key based on provided alias and key password
	*
	* @param alias The alias of the certificate in the specified keyStore
	* @param keyPassword Password for key within the KeyStrore
	* @return Key if there is a one , otherwise null
	*/
	protected Key getKey(String alias, String keyPassword) {

	if (alias == null \|\| "".equals(alias)) {
	throw new SecureVaultException("The alias need to provided to get certificate", log);
	}
	if (keyPassword != null) {
	try {
	return keyStore.getKey(alias, keyPassword.toCharArray());
	} catch (KeyStoreException e) {
	throw new SecureVaultException("Error loading key for alias : " + alias, e, log);
	} catch (NoSuchAlgorithmException e) {
	throw new SecureVaultException("Error loading key for alias : " + alias, e, log);
	} catch (UnrecoverableKeyException e) {
	throw new SecureVaultException("Error loading key for alias : " + alias, e, log);
	}
	}
	return null;
	}

	/**
	* Returns the key based on certificate of the owner to who given alias belong
	*
	* @param alias The alias of the certificate in the specified keyStore
	* @return Key , if there is a one , otherwise null
	*/
	protected Key getPublicKeyFromCertificate(String alias) {
	try {
	Certificate certificate = keyStore.getCertificate(alias);
	if (certificate != null) {
	return certificate.getPublicKey();
	}
	} catch (KeyStoreException e) {
	throw new SecureVaultException("Error loading key for alias : " + alias, e, log);
	}
	return null;
	}

	/**
	* Returns the key based on default alias or password
	*
	* @return Key , if there is a one , otherwise null
	*/
	protected Key getDefaultPrivateKey() {
	if (keyPassword != null) {
	return getKey(keyStoreInformation.getAlias(), keyPassword);
	}
	return null;
	}

	/**
	* Returns the key based on default key password
	*
	* @param alias The alias
	* @return Key , if there is a one , otherwise null
	*/
	protected Key getPrivateKey(String alias) {
	return getKey(alias, keyPassword);
	}

	/**
	* Returns the public key for the given alias
	*
	* @param alias The alias of the certificate in the specified keyStore
	* @return PublicKey if there is a one , otherwise null
	*/
	public PublicKey getPublicKey(String alias) {
	Key key = getPublicKeyFromCertificate(alias);
	if (key instanceof PublicKey) {
	return (PublicKey) key;
	}
	return null;
	}

	/**
	* Returns the public key based on initialization data
	*
	* @return PublicKey if there is a one , otherwise null
	*/
	public PublicKey getPublicKey() {
	Key key = getPublicKeyFromCertificate(keyStoreInformation.getAlias());
	if (key instanceof PublicKey) {
	return (PublicKey) key;
	}
	return null;
	}

	/**
	* Returns KeyStore Information
	*
	* @return KeyStore Instance
	*/
	protected KeyStore getKeyStore() {
	return keyStore;
	}

	/**
	* Returns the secret key
	*
	* @param alias The alias of the certificate in the specified keyStore
	* @param keyPassword Password to access secret key
	* @return SecretKey if there is a one , otherwise null
	*/
	public SecretKey getSecretKey(String alias, String keyPassword) {
	Key key = getKey(alias, keyPassword);
	if (key instanceof SecretKey) {
	return (SecretKey) key;
	}
	return null;
	}

	/**
	* Returns the secret key based on initialization data
	*
	* @return SecretKey if there is a one , otherwise null
	*/
	public SecretKey getSecretKey() {
	Key key = getKey(keyStoreInformation.getAlias(),
	keyStoreInformation.getKeyStorePasswordProvider().getResolvedSecret());
	if (key instanceof SecretKey) {
	return (SecretKey) key;
	}
	return null;
	}
	}