Java tutorial
/* * HSM Proxy Project. * Copyright (C) 2013 FedICT. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License version * 3.0 as published by the Free Software Foundation. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, see * http://www.gnu.org/licenses/. */ package be.fedict.hsm.model; import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.security.cert.Certificate; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; import javax.annotation.Resource; import javax.annotation.security.RolesAllowed; import javax.ejb.EJB; import javax.ejb.Local; import javax.ejb.SessionContext; import javax.ejb.Stateless; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import org.apache.commons.codec.binary.Hex; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.jboss.ejb3.annotation.SecurityDomain; import be.fedict.hsm.entity.ApplicationEntity; import be.fedict.hsm.entity.ApplicationKeyEntity; import be.fedict.hsm.entity.ApplicationKeyId; import be.fedict.hsm.entity.AuditEntity; import be.fedict.hsm.model.security.ApplicationRoles; import be.fedict.hsm.model.security.ApplicationSecurityDomain; @Stateless @SecurityDomain(ApplicationSecurityDomain.NAME) @RolesAllowed(ApplicationRoles.APPLICATION) @Local(SignatureService.class) public class SignatureServiceBean implements SignatureService { private static final Log LOG = LogFactory.getLog(SignatureServiceBean.class); private static final Map<String, String> digestMethodToDigestAlgo; static { digestMethodToDigestAlgo = new HashMap<String, String>(); digestMethodToDigestAlgo.put("http://www.w3.org/2000/09/xmldsig#sha1", "SHA-1"); digestMethodToDigestAlgo.put("http://www.w3.org/2001/04/xmlenc#sha256", "SHA-256"); digestMethodToDigestAlgo.put("http://www.w3.org/2001/04/xmlenc#sha512", "SHA-512"); } @Resource private SessionContext sessionContext; @PersistenceContext private EntityManager entityManager; @EJB private KeyStoreSingletonBean keyStoreSingletonBean; @Override public byte[] sign(String digestMethodAlgorithm, byte[] digestValue, String keyAlias) throws NoSuchAlgorithmException { LOG.debug("digest method algorithm: " + digestMethodAlgorithm); LOG.debug("key alias: " + keyAlias); Principal callerPrincipal = this.sessionContext.getCallerPrincipal(); LOG.debug("caller principal: " + callerPrincipal.getName()); LOG.debug( "caller in role application: " + this.sessionContext.isCallerInRole(ApplicationRoles.APPLICATION)); long appId = Long.parseLong(callerPrincipal.getName()); ApplicationKeyEntity applicationKeyEntity = this.entityManager.find(ApplicationKeyEntity.class, new ApplicationKeyId(appId, keyAlias)); if (null == applicationKeyEntity) { throw new NoSuchAlgorithmException("unknown key alias: " + keyAlias); } String keyStoreAlias = applicationKeyEntity.getKeyStoreKeyAlias(); long keyStoreId = applicationKeyEntity.getKeyStore().getId(); String digestAlgo = digestMethodToDigestAlgo.get(digestMethodAlgorithm); if (null == digestAlgo) { throw new IllegalArgumentException("unsupported digest method algo: " + digestMethodAlgorithm); } byte[] signatureValue; try { signatureValue = this.keyStoreSingletonBean.sign(keyStoreId, keyStoreAlias, digestAlgo, digestValue); } catch (Exception e) { LOG.error("signature error: " + e.getMessage()); return null; } AuditEntity auditEntity = new AuditEntity(applicationKeyEntity.getApplication().getName(), keyAlias, applicationKeyEntity.getKeyStore().getName(), keyStoreAlias, new String(Hex.encodeHex(digestValue))); this.entityManager.persist(auditEntity); return signatureValue; } @Override public Set<String> getAliases() { Principal callerPrincipal = this.sessionContext.getCallerPrincipal(); LOG.debug("caller principal: " + callerPrincipal.getName()); long appId = Long.parseLong(callerPrincipal.getName()); LOG.debug("getAliases for app id: " + appId); ApplicationEntity applicationEntity = this.entityManager.find(ApplicationEntity.class, appId); List<ApplicationKeyEntity> applicationKeys = ApplicationKeyEntity.getApplicationKeys(this.entityManager, applicationEntity); LOG.debug("number of aliases: " + applicationKeys.size()); Set<String> aliases = new HashSet<String>(); for (ApplicationKeyEntity applicationKey : applicationKeys) { String alias = applicationKey.getName(); LOG.debug("alias: " + alias); aliases.add(alias); } LOG.debug("aliases: " + aliases); return aliases; } @Override public Certificate[] getCertificateChain(String alias) throws NoSuchAlgorithmException { Principal callerPrincipal = this.sessionContext.getCallerPrincipal(); LOG.debug("caller principal: " + callerPrincipal.getName()); long appId = Long.parseLong(callerPrincipal.getName()); ApplicationKeyId applicationKeyId = new ApplicationKeyId(appId, alias); ApplicationKeyEntity applicationKeyEntity = this.entityManager.find(ApplicationKeyEntity.class, applicationKeyId); if (null == applicationKeyEntity) { throw new NoSuchAlgorithmException("unknown key alias: " + alias); } String keyStoreAlias = applicationKeyEntity.getKeyStoreKeyAlias(); long keyStoreId = applicationKeyEntity.getKeyStore().getId(); Certificate[] certificateChain = this.keyStoreSingletonBean.getCertificateChain(keyStoreId, keyStoreAlias); return certificateChain; } }