org.apache.felix.karaf.jaas.config.impl.ResourceKeystoreInstance.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.felix.karaf.jaas.config.impl.ResourceKeystoreInstance.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.felix.karaf.jaas.config.impl;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.net.URL;
import java.net.URI;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.felix.karaf.jaas.config.KeystoreInstance;
import org.apache.felix.karaf.jaas.config.KeystoreIsLocked;

/**
 *
 */
public class ResourceKeystoreInstance implements KeystoreInstance {

    private static final Log LOG = LogFactory.getLog(ResourceKeystoreInstance.class);
    private static final String JKS = "JKS";

    private String name;
    private int rank;
    private URL path;
    private String keystorePassword;
    private Map keyPasswords = new HashMap();
    private File keystoreFile; // Only valid after startup and if the resource points to a file

    // The following variables are the state of the keystore, which should be chucked if the file on disk changes
    private List privateKeys = new ArrayList();
    private List trustCerts = new ArrayList();
    private KeyStore keystore;
    private long keystoreReadDate = Long.MIN_VALUE;

    /**
     * @return the keystoreName
     */
    public String getName() {
        return name;
    }

    /**
     * @param keystoreName the keystoreName to set
     */
    public void setName(String keystoreName) {
        this.name = keystoreName;
    }

    /**
     * @return the rank
     */
    public int getRank() {
        return rank;
    }

    /**
     * @param rank the rank to set
     */
    public void setRank(int rank) {
        this.rank = rank;
    }

    /**
     * @return the keystorePath
     */
    public URL getPath() {
        return path;
    }

    /**
     * @param keystorePath the keystorePath to set
     */
    public void setPath(URL keystorePath) throws IOException {
        this.path = keystorePath;
        if (keystorePath.getProtocol().equals("file")) {
            URI uri = URI.create(keystorePath.toString().replace(" ", "%20"));
            this.keystoreFile = new File(uri.getSchemeSpecificPart());
        }
    }

    /**
     * @param keystorePassword the keystorePassword to set
     */
    public void setKeystorePassword(String keystorePassword) {
        this.keystorePassword = keystorePassword;
    }

    /**
     * @param keyPasswords the keyPasswords to set
     */
    public void setKeyPasswords(String keyPasswords) {
        if (keyPasswords != null) {
            String[] keys = keyPasswords.split("\\]\\!\\[");
            for (int i = 0; i < keys.length; i++) {
                String key = keys[i];
                int pos = key.indexOf('=');
                this.keyPasswords.put(key.substring(0, pos), key.substring(pos + 1).toCharArray());
            }
        }
    }

    public Certificate getCertificate(String alias) {
        if (!loadKeystoreData()) {
            return null;
        }
        try {
            return keystore.getCertificate(alias);
        } catch (KeyStoreException e) {
            LOG.error("Unable to read certificate from keystore", e);
        }
        return null;
    }

    public String getCertificateAlias(Certificate cert) {
        if (!loadKeystoreData()) {
            return null;
        }
        try {
            return keystore.getCertificateAlias(cert);
        } catch (KeyStoreException e) {
            LOG.error("Unable to read retrieve alias for given certificate from keystore", e);
        }
        return null;
    }

    public Certificate[] getCertificateChain(String alias) {
        if (!loadKeystoreData()) {
            return null;
        }
        try {
            return keystore.getCertificateChain(alias);
        } catch (KeyStoreException e) {
            LOG.error("Unable to read certificate chain from keystore", e);
        }
        return null;
    }

    public KeyManager[] getKeyManager(String algorithm, String keyAlias)
            throws KeystoreIsLocked, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        if (isKeystoreLocked()) {
            throw new KeystoreIsLocked("Keystore '" + name + "' is locked.");
        }
        if (!loadKeystoreData()) {
            return null;
        }
        KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(algorithm);
        keyFactory.init(keystore, (char[]) keyPasswords.get(keyAlias));
        return keyFactory.getKeyManagers();
    }

    public PrivateKey getPrivateKey(String alias) {
        if (!loadKeystoreData()) {
            return null;
        }
        try {
            if (isKeyLocked(alias)) {
                return null;
            }
            Key key = keystore.getKey(alias, (char[]) keyPasswords.get(alias));
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
        } catch (KeyStoreException e) {
            LOG.error("Unable to read private key from keystore", e);
        } catch (NoSuchAlgorithmException e) {
            LOG.error("Unable to read private key from keystore", e);
        } catch (UnrecoverableKeyException e) {
            LOG.error("Unable to read private key from keystore", e);
        }
        return null;
    }

    public TrustManager[] getTrustManager(String algorithm)
            throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked {
        if (isKeystoreLocked()) {
            throw new KeystoreIsLocked("Keystore '" + name + "' is locked.");
        }
        if (!loadKeystoreData()) {
            return null;
        }
        TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(algorithm);
        trustFactory.init(keystore);
        return trustFactory.getTrustManagers();
    }

    public boolean isKeyLocked(String keyAlias) {
        return keyPasswords.get(keyAlias) == null;
    }

    public boolean isKeystoreLocked() {
        return keystorePassword == null;
    }

    public String[] listPrivateKeys() {
        if (!loadKeystoreData()) {
            return null;
        }
        return (String[]) privateKeys.toArray(new String[privateKeys.size()]);
    }

    public String[] listTrustCertificates() {
        if (!loadKeystoreData()) {
            return null;
        }
        return (String[]) trustCerts.toArray(new String[trustCerts.size()]);
    }

    // ==================== Internals =====================

    private boolean loadKeystoreData() {
        // Check to reload the data if needed
        if (keystoreFile != null && keystoreReadDate >= keystoreFile.lastModified()) {
            return true;
        }
        // If not a file, just not reload the data if it has already been loaded
        if (keystoreFile == null && keystore != null) {
            return true;
        }
        // Check if the file is invalid
        if (keystoreFile != null && (!keystoreFile.exists() || !keystoreFile.canRead())) {
            throw new IllegalArgumentException(
                    "Invalid keystore file (" + path + " = " + keystoreFile.getAbsolutePath() + ")");
        }
        // Load the keystore data
        try {
            keystoreReadDate = System.currentTimeMillis();
            privateKeys.clear();
            trustCerts.clear();
            if (keystore == null) {
                keystore = KeyStore.getInstance(JKS);
            }
            InputStream in = new BufferedInputStream(path.openStream());
            keystore.load(in, keystorePassword == null ? new char[0] : keystorePassword.toCharArray());
            in.close();
            Enumeration aliases = keystore.aliases();
            while (aliases.hasMoreElements()) {
                String alias = (String) aliases.nextElement();
                if (keystore.isKeyEntry(alias)) {
                    privateKeys.add(alias);
                } else if (keystore.isCertificateEntry(alias)) {
                    trustCerts.add(alias);
                }
            }
            return true;
        } catch (KeyStoreException e) {
            LOG.error("Unable to open keystore with provided password", e);
        } catch (IOException e) {
            LOG.error("Unable to open keystore with provided password", e);
        } catch (NoSuchAlgorithmException e) {
            LOG.error("Unable to open keystore with provided password", e);
        } catch (CertificateException e) {
            LOG.error("Unable to open keystore with provided password", e);
        }
        return false;
    }

}