List of usage examples for java.security KeyStore getCertificate
public final Certificate getCertificate(String alias) throws KeyStoreException
From source file:org.renci.ahab.ndllib.transport.OrcaSMXMLRPCProxy.java
/** * Set the identity for the communications to the XMLRPC controller. Eventually * we may talk to several controller with different identities. For now only * one is configured.//from w w w. j a va2 s. c om */ private void setSSLIdentity() throws Exception { //if (sslIdentitySet) // return; //System.out.println("In setSSLIdentity()"); try { // create multikeymanager mkm = new MultiKeyManager(); //TODO //URL ctrlrUrl = new URL(GUI.getInstance().getSelectedController()); URL ctrlrUrl = new URL(CONTROLLER_URL); // TODO // register a new protocol ContextualSSLProtocolSocketFactory regSslFact = new ContextualSSLProtocolSocketFactory(); // add this multikey context factory for the controller host/port regSslFact.addHostContextFactory(new MultiKeySSLContextFactory(mkm, trustAllCerts), ctrlrUrl.getHost(), ctrlrUrl.getPort()); if (rmProperties == null) { System.out.println("ERROR ... Property File with user credentials not supplied..."); return; } KeyStore ks = null; //File keyStorePath = loadUserFile("/Users/anirban/Misc/tmp/renci-openvpn/flukes.jks"); //File certFilePath = loadUserFile("/Users/anirban/.ssl/geni-anirban.pem"); //File certKeyFilePath = loadUserFile("/Users/anirban/.ssl/geni-anirban.pem"); File keyStorePath = null; File certFilePath = null; File certKeyFilePath = null; if (rmProperties.getProperty(USER_KEYSTORE_PATH_PROP) != null) { keyStorePath = loadUserFile(rmProperties.getProperty(USER_KEYSTORE_PATH_PROP)); } if (rmProperties.getProperty(USER_CERTFILE_PATH_PROP) != null) { certFilePath = loadUserFile(rmProperties.getProperty(USER_CERTFILE_PATH_PROP)); } if (rmProperties.getProperty(USER_CERTKEYFILE_PATH_PROP) != null) { certKeyFilePath = loadUserFile(rmProperties.getProperty(USER_CERTKEYFILE_PATH_PROP)); } String keyAlias = null, keyPassword = null; if (keyStorePath != null && keyStorePath.exists()) { // load keystore and get the right cert from it System.out.println("Reading auth details from keystore"); //TODO keyAlias = rmProperties.getProperty(USER_KEYSTORE_KEYALIAS_PROP); keyPassword = rmProperties.getProperty(USER_KEYSTORE_KEYPASS_PROP); //TODO FileInputStream jksIS = new FileInputStream(keyStorePath); ks = loadJKSData(jksIS, keyAlias, keyPassword); jksIS.close(); } else if (certFilePath != null && certKeyFilePath != null && certFilePath.exists() && certKeyFilePath.exists()) { System.out.println("Reading auth details from cert file and certkeyfile"); FileInputStream certIS = new FileInputStream(certFilePath); FileInputStream keyIS = new FileInputStream(certKeyFilePath); keyAlias = "x509convert"; //TODO keyPassword = rmProperties.getProperty(USER_KEYPASS_PROP); //TODO ks = loadX509Data(certIS, keyIS, keyAlias, keyPassword); certIS.close(); keyIS.close(); } if (ks == null) throw new Exception("Was unable to find either: " + keyStorePath.getCanonicalPath() + " or the pair of: " + certFilePath.getCanonicalPath() + " and " + certKeyFilePath.getCanonicalPath() + " as specified."); // check that the spelling of key alias is proper Enumeration<String> as = ks.aliases(); while (as.hasMoreElements()) { String a = as.nextElement(); if (keyAlias.toLowerCase().equals(a.toLowerCase())) { keyAlias = a; break; } } // alias has to exist and have a key and cert present if (!ks.containsAlias(keyAlias)) { throw new Exception("Alias " + keyAlias + " does not exist in keystore " + keyStorePath + "."); } if (ks.getKey(keyAlias, keyPassword.toCharArray()) == null) throw new Exception( "Key with alias " + keyAlias + " does not exist in keystore " + keyStorePath + "."); if (ks.getCertificate(keyAlias) == null) { throw new Exception( "Certificate with alias " + keyAlias + " does not exist in keystore " + keyStorePath + "."); } if (ks.getCertificate(keyAlias).getType().equals("X.509")) { X509Certificate x509Cert = (X509Certificate) ks.getCertificate(keyAlias); try { x509Cert.checkValidity(); } catch (Exception e) { throw new Exception("Certificate with alias " + keyAlias + " is not yet valid or has expired."); } } // add the identity into it mkm.addPrivateKey(keyAlias, (PrivateKey) ks.getKey(keyAlias, keyPassword.toCharArray()), ks.getCertificate(keyAlias)); // before we do SSL to this controller, set our identity mkm.setCurrentGuid(keyAlias); // register the protocol (Note: All xmlrpc clients must use XmlRpcCommonsTransportFactory // for this to work). See ContextualSSLProtocolSocketFactory. Protocol reghhttps = new Protocol("https", (ProtocolSocketFactory) regSslFact, 443); Protocol.registerProtocol("https", reghhttps); sslIdentitySet = true; } catch (Exception e) { e.printStackTrace(); throw new Exception("Unable to load user private key and certificate from the keystore: " + e); } //System.out.println("Exiting setSSLIdentity"); }
From source file:eu.stork.peps.auth.engine.STORKSAMLEngine.java
/** * Gets the alias from X.509 Certificate at keystore. * //from ww w. jav a 2 s.c om * @param keyInfo the key info * @param storkOwnKeyStore * @param storkOwnKeyStore * * @return the alias */ private String getAlias(final KeyInfo keyInfo, KeyStore storkOwnKeyStore) { LOG.debug("Recover alias information"); String alias = null; try { final org.opensaml.xml.signature.X509Certificate xmlCert = keyInfo.getX509Datas().get(0) .getX509Certificates().get(0); // Transform the KeyInfo to X509Certificate. CertificateFactory certFact; certFact = CertificateFactory.getInstance("X.509"); final ByteArrayInputStream bis = new ByteArrayInputStream(Base64.decode(xmlCert.getValue())); final X509Certificate cert = (X509Certificate) certFact.generateCertificate(bis); final String tokenSerialNumber = cert.getSerialNumber().toString(16); final X509Principal tokenIssuerDN = new X509Principal(cert.getIssuerDN().getName()); String aliasCert; X509Certificate certificate; boolean find = false; for (final Enumeration<String> e = storkOwnKeyStore.aliases(); e.hasMoreElements() && !find;) { aliasCert = e.nextElement(); certificate = (X509Certificate) storkOwnKeyStore.getCertificate(aliasCert); final String serialNum = certificate.getSerialNumber().toString(16); X509Principal issuerDN = new X509Principal(certificate.getIssuerDN().getName()); if (serialNum.equalsIgnoreCase(tokenSerialNumber) && X509PrincipalUtil.equals2(issuerDN, tokenIssuerDN)) { alias = aliasCert; find = true; } } } catch (KeyStoreException e) { LOG.error("Procces getAlias from certificate associated into the signing keystore..", e); } catch (CertificateException e) { LOG.error("Procces getAlias from certificate associated into the signing keystore..", e); } catch (RuntimeException e) { LOG.error("Procces getAlias from certificate associated into the signing keystore..", e); } return alias; }
From source file:com.vmware.identity.idm.client.TenantManagementTest.java
@TestOrderAnnotation(order = 44) @Test/*from w w w . j ava 2 s . c om*/ public void findSolutionUserByCertDN() throws Exception, IDMException { CasIdmClient idmClient = getIdmClient(); Properties props = getTestProperties(); String tenantName = props.getProperty(CFG_KEY_IDM_TENANT_1_NAME); Assert.assertNotNull(tenantName); Tenant tenant = IdmClientTestUtil.ensureTenantExists(idmClient, tenantName); KeyStore ks = loadKeyStore(CFG_KEY_STS_KEYSTORE, CFG_KEY_STS_KEYSTORE_PASSWORD); X509Certificate cert = (X509Certificate) ks.getCertificate(props.getProperty(CFG_KEY_STS_KEY_ALIAS)); SolutionUser user = idmClient.findSolutionUserByCertDn(tenant.getName(), cert.getSubjectX500Principal().getName()); Assert.assertNotNull(user); }
From source file:com.vmware.identity.idm.client.TenantManagementTest.java
private List<X509Certificate> buildExternalIdpSTSKeyCertificates() throws Exception { Properties props = getTestProperties(); KeyStore ks = loadKeyStore(CFG_KEY_EXTERNAL_IDP_STS_STORE, CFG_KEY_EXTERNAL_IDP_STS_STORE_PASS); X509Certificate leaf = (X509Certificate) ks .getCertificate(props.getProperty(CFG_KEY_EXTERNAL_IDP_STS_ALIAS_LEAF_CERT)); X509Certificate root = (X509Certificate) ks .getCertificate(props.getProperty(CFG_KEY_EXTERNAL_IDP_STS_ALIAS_ROOT_CERT)); List<X509Certificate> x509Certs = Arrays.asList(leaf, root); return x509Certs; }
From source file:com.vmware.identity.idm.client.TenantManagementTest.java
@TestOrderAnnotation(order = 40) @Test/*from w w w . j a v a2s . co m*/ public void addSolutionUserInNonSystemTenant() throws Exception, IDMException { CasIdmClient idmClient = getIdmClient(); Properties props = getTestProperties(); String tenantName = props.getProperty(CFG_KEY_IDM_TENANT_1_NAME); Assert.assertNotNull(tenantName); Tenant tenant = IdmClientTestUtil.ensureTenantExists(idmClient, tenantName); KeyStore ks = loadKeyStore(CFG_KEY_STS_KEYSTORE, CFG_KEY_STS_KEYSTORE_PASSWORD); X509Certificate cert = (X509Certificate) ks.getCertificate(props.getProperty(CFG_KEY_STS_KEY_ALIAS)); SolutionDetail detail = new SolutionDetail(cert); PrincipalId principal = idmClient.addSolutionUser(tenant.getName(), _solution_user_name_non_sp, detail); Assert.assertNotNull(principal); ValidateMemberOfSolutionUsersGroup(idmClient, tenant.getName(), _solution_user_name_non_sp); // add a solution user w/o cert try { principal = idmClient.addSolutionUser(tenant.getName(), _solution_user_name_non_sp_no_cert, new SolutionDetail(null)); } catch (InvalidArgumentException e) { // succeed Assert.assertNotNull(e); return; } Assert.fail("addSolution user failed to throw InvalidArgumentException " + "adding a solution user without userCertificate"); }
From source file:com.vmware.identity.idm.client.TenantManagementTest.java
@TestOrderAnnotation(order = 42) @Test/*ww w . ja v a 2 s . co m*/ public void addSolutionUserInSystemTenant() throws Exception, IDMException { CasIdmClient idmClient = getIdmClient(); Properties props = getTestProperties(); String systemTenantName = props.getProperty(CFG_KEY_IDM_SYSTEM_TENANT_NAME); Assert.assertNotNull(systemTenantName); Tenant tenant = IdmClientTestUtil.ensureTenantExists(idmClient, systemTenantName); KeyStore ks = loadKeyStore(CFG_KEY_STS_KEYSTORE, CFG_KEY_STS_KEYSTORE_PASSWORD); X509Certificate cert = (X509Certificate) ks.getCertificate(props.getProperty(CFG_KEY_STS_KEY_ALIAS)); SolutionDetail detail = new SolutionDetail(cert); PrincipalId principal = idmClient.addSolutionUser(tenant.getName(), _solution_user_name_sp, detail); Assert.assertNotNull(principal); ValidateMemberOfSolutionUsersGroup(idmClient, tenant.getName(), _solution_user_name_sp); // add a solution user w/o cert try { principal = idmClient.addSolutionUser(tenant.getName(), _solution_user_name_sp_no_cert, new SolutionDetail(null)); } catch (InvalidArgumentException e) { // succeed Assert.assertNotNull(e); return; } catch (Exception e) { Assert.fail("addSolution user failed to throw InvalidArgumentException " + "adding a solution user without userCertificate"); } Assert.fail("should not be able to addSolutionUser"); }
From source file:com.vmware.identity.idm.client.TenantManagementTest.java
@TestOrderAnnotation(order = 3) @Test//from w w w. j a v a 2 s . c o m public void testImportExportExternalIDPConfiguration() throws Exception, IDMException { CasIdmClient idmClient = getIdmClient(); Properties props = getTestProperties(); DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance(); builderFactory.setNamespaceAware(true); DocumentBuilder builder = builderFactory.newDocumentBuilder(); builder.setErrorHandler(new SamlParserErrorHandler()); Document externalIDPDoc = builder.parse(getClass().getResourceAsStream(_impExternalIDPConfigFile)); Document externalIDPNoSLODoc = builder .parse(getClass().getResourceAsStream(_impExternalIDPNoSLOConfigFile)); IdmClientTestUtil.ensureTenantExists(idmClient, _impTenantName); //get the certificates in order and key to setup the tenant's credentials String password = props.getProperty(CFG_KEY_STS_KEYSTORE_PASSWORD); KeyStore ks = loadKeyStore(CFG_KEY_STS_KEYSTORE, CFG_KEY_STS_KEYSTORE_PASSWORD); Certificate certForPrivKeyEntry = ks.getCertificate(props.getProperty(CFG_KEY_STS_KEY_ALIAS)); Certificate certAlias1 = ks.getCertificate(props.getProperty(CFG_KEY_STS_KEY_ALIAS1)); PrivateKey key = (PrivateKey) ks.getKey(props.getProperty(CFG_KEY_STS_KEY_ALIAS), password.toCharArray()); idmClient.setTenantCredentials(_impTenantName, Arrays.asList(certForPrivKeyEntry, certAlias1), key); String importedEntityId = null; try { //import importedEntityId = idmClient.importExternalIDPConfiguration(_impTenantName, externalIDPNoSLODoc); importedEntityId = idmClient.importExternalIDPConfiguration(_impTenantName, externalIDPDoc); Collection<IDPConfig> idpConfigs = idmClient.getAllExternalIdpConfig(_impTenantName); Assert.assertEquals(idpConfigs.size(), 1); //export // include optional data for external IDPs Document castleAsSPProfileDoc = idmClient.exportExternalIDPFederation(_impTenantName, true); persistDoc(castleAsSPProfileDoc, _expCastleAsSPProfileFile); loadFileAndvalidate(idmClient, _expCastleAsSPProfileFile); // w/o optional data castleAsSPProfileDoc = idmClient.exportExternalIDPFederation(_impTenantName, false); persistDoc(castleAsSPProfileDoc, _expCastleAsSPProfileFileNoOptionalExternalIDPData); loadFileAndvalidate(idmClient, _expCastleAsSPProfileFileNoOptionalExternalIDPData); } finally { //cleanup, note that any partial import has been clean up by the import API if (null != importedEntityId) { idmClient.removeExternalIdpConfig(_impTenantName, importedEntityId); } } }
From source file:com.vmware.identity.idm.client.TenantManagementTest.java
@TestOrderAnnotation(order = 16) @Test/*from www .j a v a 2s .c o m*/ public void testAddRelyingParty() throws Exception, IDMException { CasIdmClient idmClient = getIdmClient(); Properties props = getTestProperties(); String tenantName = props.getProperty(CFG_KEY_IDM_TENANT_1_NAME); Assert.assertNotNull(tenantName); Tenant tenant = IdmClientTestUtil.ensureTenantExists(idmClient, tenantName); Assert.assertNotNull(tenant); String rpName = "coke"; String assertionServiceName = "Assertion0"; String attributeServiceName = "Attribute0"; String sampleUrl = "http://localhost:8080"; List<SignatureAlgorithm> algorithmList = new ArrayList<SignatureAlgorithm>(); List<AssertionConsumerService> assertSvcList = new ArrayList<AssertionConsumerService>(); List<AttributeConsumerService> attrSvcList = new ArrayList<AttributeConsumerService>(); List<Attribute> attrList = new ArrayList<Attribute>(); RelyingParty rp = new RelyingParty(rpName); rp.setUrl(sampleUrl); SignatureAlgorithm algorithm = new SignatureAlgorithm(); algorithm.setMaximumKeySize(256); algorithm.setMinimumKeySize(10); algorithmList.add(algorithm); rp.setSignatureAlgorithms(algorithmList); AssertionConsumerService assertSvc = new AssertionConsumerService(assertionServiceName); String binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"; assertSvc.setBinding(binding); assertSvc.setEndpoint(sampleUrl); assertSvcList.add(assertSvc); rp.setDefaultAssertionConsumerService(assertionServiceName); rp.setAssertionConsumerServices(assertSvcList); Attribute attr = new Attribute("Group"); attr.setFriendlyName("Group"); attr.setNameFormat("urn:oasis:names:tc:SAML:20.blah"); attrList.add(attr); attr = new Attribute("FirstName"); attr.setFriendlyName("First Name"); attr.setNameFormat("urn:oasis:names:tc:SAML:20.blah"); attrList.add(attr); attr = new Attribute("LastName"); attr.setFriendlyName("Last Name"); attr.setNameFormat("urn:oasis:names:tc:SAML:20.blah"); attrList.add(attr); AttributeConsumerService attrSvc = new AttributeConsumerService(attributeServiceName); attrSvc.setAttributes(attrList); attrSvcList.add(attrSvc); rp.setDefaultAttributeConsumerService(attributeServiceName); rp.setAttributeConsumerServices(attrSvcList); KeyStore ks = loadKeyStore(CFG_KEY_STS_KEYSTORE, CFG_KEY_STS_KEYSTORE_PASSWORD); rp.setCertificate(ks.getCertificate(props.getProperty(CFG_KEY_STS_KEY_ALIAS))); idmClient.addRelyingParty(tenantName, rp); RelyingParty rp2 = idmClient.getRelyingParty(tenantName, rpName); Assert.assertNotNull(rp2 != null); RelyingParty rp3 = idmClient.getRelyingPartyByUrl(tenantName, sampleUrl); Assert.assertNotNull(rp3 != null); // Check parameters }
From source file:com.vmware.identity.idm.client.TenantManagementTest.java
/** * Place this after set testings so the properties are available * * @throws Exception//from w w w . j a v a2 s .c o m * @throws IDMException */ @TestOrderAnnotation(order = 31) @Test public void testExportTenantConfiguration() throws Exception, IDMException { CasIdmClient idmClient = getIdmClient(); Properties props = getTestProperties(); String tenantName = _expTenantName; Tenant tenant = IdmClientTestUtil.ensureTenantExists(idmClient, tenantName); Assert.assertNotNull(tenant); List<Certificate> certList = new ArrayList<Certificate>(); KeyStore ks = loadKeyStore(CFG_KEY_STS_KEYSTORE, CFG_KEY_STS_KEYSTORE_PASSWORD); String alias = props.getProperty(CFG_KEY_STS_KEY_ALIAS); Assert.assertNotNull(alias); certList.add(ks.getCertificate(alias)); String alias1 = props.getProperty(CFG_KEY_STS_KEY_ALIAS1); Assert.assertNotNull(alias1); certList.add(ks.getCertificate(alias1)); String password = props.getProperty(CFG_KEY_STS_KEYSTORE_PASSWORD); PrivateKey key = (PrivateKey) ks.getKey(alias, password.toCharArray()); idmClient.setTenantCredentials(tenantName, certList, key); try { exportTest(idmClient, true); exportTest(idmClient, false); } catch (Exception e) { throw new AssertionError(e); } }
From source file:com.vmware.identity.idm.client.TenantManagementTest.java
@TestOrderAnnotation(order = 13) @Test/*from ww w . j a v a 2 s.c o m*/ public void testSetTenantCredentials() throws Exception, IDMException { CasIdmClient idmClient = getIdmClient(); Properties props = getTestProperties(); String tenantName = props.getProperty(CFG_KEY_IDM_TENANT_1_NAME); Assert.assertNotNull(tenantName); Tenant tenant = IdmClientTestUtil.ensureTenantExists(idmClient, tenantName); Assert.assertNotNull(tenant); List<Certificate> certList = new ArrayList<Certificate>(); KeyStore ks = loadKeyStore(CFG_KEY_STS_KEYSTORE, CFG_KEY_STS_KEYSTORE_PASSWORD); String alias = props.getProperty(CFG_KEY_STS_KEY_ALIAS); Assert.assertNotNull(alias); certList.add(ks.getCertificate(alias)); String alias1 = props.getProperty(CFG_KEY_STS_KEY_ALIAS1); Assert.assertNotNull(alias1); Certificate trustedRootCert = ks.getCertificate(alias1); certList.add(trustedRootCert); String password = props.getProperty(CFG_KEY_STS_KEYSTORE_PASSWORD); PrivateKey key = (PrivateKey) ks.getKey(alias, password.toCharArray()); idmClient.setTenantCredentials(tenantName, certList, key); List<Certificate> certList2 = idmClient.getTenantCertificate(tenantName); Assert.assertNotNull(certList2); Assert.assertEquals(2, certList2.size()); PrivateKey key2 = idmClient.getTenantPrivateKey(tenantName); Assert.assertNotNull(key2); // Attempt to delete trusted Root certificate that is the active signerIdentity try { idmClient.deleteCertificate(tenantName, CertificateUtil.generateFingerprint((X509Certificate) trustedRootCert), CertificateType.STS_TRUST_CERT); } catch (CertificateInUseException e) { //Expect to reach here try { idmClient.deleteCertificate(tenantName, CertificateUtil.generateFingerprint((X509Certificate) trustedRootCert), CertificateType.LDAP_TRUSTED_CERT); } catch (NoSuchCertificateException e1) { //Expect to reach here return; } Assert.fail("Should not reach here, " + "attempting to remove an in-existing trusted Root Certificate should fail."); } Assert.fail("Should not reach here, " + "attempting to remove a trusted Root Certificate that is the root of active signerIdentity should be denied."); }