be.fedict.commons.eid.jca.BeIDX509KeyManager.java Source code

Java tutorial

Introduction

Here is the source code for be.fedict.commons.eid.jca.BeIDX509KeyManager.java

Source

/*
 * Commons eID Project.
 * Copyright (C) 2012-2013 FedICT.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License version
 * 3.0 as published by the Free Software Foundation.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, see 
 * http://www.gnu.org/licenses/.
 */

package be.fedict.commons.eid.jca;

import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * eID specific {@link X509ExtendedKeyManager}.
 * 
 * @see BeIDKeyManagerFactory
 * @author Frank Cornelis
 * 
 */
public class BeIDX509KeyManager extends X509ExtendedKeyManager {

    private static final Log LOG = LogFactory.getLog(BeIDX509KeyManager.class);

    private KeyStore keyStore;

    public BeIDX509KeyManager()
            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        this(null);
    }

    public BeIDX509KeyManager(final BeIDManagerFactoryParameters beIDSpec)
            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        LOG.debug("constructor");
        this.keyStore = KeyStore.getInstance("BeID");
        BeIDKeyStoreParameter beIDKeyStoreParameter;
        if (null == beIDSpec) {
            beIDKeyStoreParameter = null;
        } else {
            beIDKeyStoreParameter = new BeIDKeyStoreParameter();
            beIDKeyStoreParameter.setLocale(beIDSpec.getLocale());
            beIDKeyStoreParameter.setParentComponent(beIDSpec.getParentComponent());
            beIDKeyStoreParameter.setAutoRecovery(beIDSpec.getAutoRecovery());
            beIDKeyStoreParameter.setCardReaderStickiness(beIDSpec.getCardReaderStickiness());
        }
        this.keyStore.load(beIDKeyStoreParameter);
    }

    @Override
    public String chooseClientAlias(final String[] keyTypes, final Principal[] issuers, final Socket socket) {
        LOG.debug("chooseClientAlias");
        for (String keyType : keyTypes) {
            LOG.debug("key type: " + keyType);
            if ("RSA".equals(keyType)) {
                return "beid";
            }
        }
        return null;
    }

    @Override
    public String chooseServerAlias(final String keyType, final Principal[] issuers, final Socket socket) {
        LOG.debug("chooseServerAlias");
        return null;
    }

    @Override
    public X509Certificate[] getCertificateChain(final String alias) {
        LOG.debug("getCertificateChain: " + alias);
        if ("beid".equals(alias)) {
            Certificate[] certificateChain;
            try {
                certificateChain = this.keyStore.getCertificateChain("Authentication");
            } catch (final KeyStoreException e) {
                LOG.error("BeID keystore error: " + e.getMessage(), e);
                return null;
            }
            final X509Certificate[] x509CertificateChain = new X509Certificate[certificateChain.length];
            for (int idx = 0; idx < certificateChain.length; idx++) {
                x509CertificateChain[idx] = (X509Certificate) certificateChain[idx];
            }
            return x509CertificateChain;
        }
        return null;
    }

    @Override
    public String[] getClientAliases(final String keyType, final Principal[] issuers) {
        LOG.debug("getClientAliases");
        return null;
    }

    @Override
    public PrivateKey getPrivateKey(final String alias) {
        LOG.debug("getPrivateKey: " + alias);
        if ("beid".equals(alias)) {
            PrivateKey privateKey;
            try {
                privateKey = (PrivateKey) this.keyStore.getKey("Authentication", null);
            } catch (final Exception e) {
                LOG.error("getKey error: " + e.getMessage(), e);
                return null;
            }
            return privateKey;
        }
        return null;
    }

    @Override
    public String[] getServerAliases(final String keyType, final Principal[] issuers) {
        LOG.debug("getServerAliases");
        return null;
    }

    @Override
    public String chooseEngineClientAlias(final String[] keyType, final Principal[] issuers,
            final SSLEngine engine) {
        LOG.debug("chooseEngineClientAlias");
        return super.chooseEngineClientAlias(keyType, issuers, engine);
    }

    @Override
    public String chooseEngineServerAlias(final String keyType, final Principal[] issuers, final SSLEngine engine) {
        LOG.debug("chooseEngineServerAlias");
        return super.chooseEngineServerAlias(keyType, issuers, engine);
    }
}