org.apache.safe.service.KeyStoreBasedKeyService.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.safe.service.KeyStoreBasedKeyService.java

Source

/**
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License. See accompanying LICENSE file.
 */
package org.apache.safe.service;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStore.PasswordProtection;
import java.security.KeyStore.PrivateKeyEntry;
import java.security.KeyStore.SecretKeyEntry;
import java.security.KeyStore.TrustedCertificateEntry;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.Properties;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

public class KeyStoreBasedKeyService implements KeyService {

    private static final Log LOG = LogFactory.getLog(KeyStoreBasedKeyService.class);

    private PasswordProtection keyStorePP;

    private KeyStore keystore;

    void initialize(InputStream ksfs, InputStream pwdfs) throws IOException {
        Properties passwords = null;
        try {
            if (pwdfs != null) {
                passwords = new Properties();
                passwords.load(pwdfs);
            }
            char[] keyStorePassword = null;
            if (passwords != null) {
                String strPassword = passwords.getProperty("keystore.password");
                if (strPassword != null) {
                    keyStorePassword = strPassword.toCharArray();
                } else {
                    LOG.error("Canot obtain password for keystore");
                    throw new IOException("Could not read secrets from keystore");
                }
            } else {
                System.out.println("Enter KeyStore Password: ");
                keyStorePassword = System.console().readPassword();
            }

            keystore = KeyStore.getInstance("JCEKS");
            keystore.load(ksfs, // InputStream to keystore
                    keyStorePassword);
            keyStorePP = new PasswordProtection(keyStorePassword);
        } catch (FileNotFoundException e) {
            throw new IOException(e);
        } catch (IOException e) {
            throw new IOException(e);
        } catch (KeyStoreException e) {
            throw new IOException(e);
        } catch (NoSuchAlgorithmException e) {
            throw new IOException(e);
        } catch (CertificateException e) {
            throw new IOException(e);
        }
    }

    @Override
    public byte[] getKey(String keyId) throws IOException {

        KeyStore.Entry entry;
        String realKeyId = keyId;
        if (keyId.endsWith(".publickey")) {
            realKeyId = keyId.substring(0, keyId.length() - 10);
        }
        try {
            entry = keystore.getEntry(realKeyId, keyStorePP);

            if (entry != null) {
                // is it a secret key
                byte[] value;
                if (entry instanceof SecretKeyEntry) {
                    SecretKeyEntry ske = (SecretKeyEntry) entry;
                    value = ske.getSecretKey().getEncoded();
                    // is it a key pair
                } else if (entry instanceof PrivateKeyEntry) {
                    PrivateKeyEntry pke = (PrivateKeyEntry) entry;
                    if (keyId.endsWith(".publickey")) {
                        value = pke.getCertificate().getPublicKey().getEncoded();
                    } else {
                        value = pke.getPrivateKey().getEncoded();
                    }
                    // is it a certificate
                } else if (entry instanceof TrustedCertificateEntry) {
                    TrustedCertificateEntry tce = (TrustedCertificateEntry) entry;
                    value = tce.getTrustedCertificate().getEncoded();
                } else {
                    throw new IOException("Unknown Key type");
                }
                return value;
            } else {
                throw new IOException("Key not found");
            }
        } catch (NoSuchAlgorithmException e) {
            throw new IOException(e);
        } catch (UnrecoverableEntryException e) {
            throw new IOException(e);
        } catch (KeyStoreException e) {
            throw new IOException(e);
        } catch (CertificateEncodingException e) {
            throw new IOException(e);
        }
    }

    @Override
    public void init(Configuration conf) throws IOException {
        try {
            String ksFileName = conf.get("keystore.file");
            if (ksFileName == null) {
                LOG.error("keystore.file is not set");
                throw new IOException("keystore.file is not set");
            }
            File ksFile = new File(ksFileName);
            if (!ksFile.exists()) {
                LOG.error("The file - " + ksFileName + " does not exist.");
                throw new IOException("The file - " + ksFileName + " does not exist.");
            }
            FileInputStream ksfs = new FileInputStream(ksFile);

            FileInputStream pwdfs = null;
            String pwdFileName = conf.get("keystore.password.file");
            if (pwdFileName != null) {
                File pwdFile = new File(pwdFileName);
                if (!pwdFile.exists()) {
                    LOG.error("The file - " + pwdFileName + " does not exist.");
                    throw new IOException("The file - " + pwdFileName + " does not exist.");
                }
                pwdfs = new FileInputStream(pwdFile);
            }
            initialize(ksfs, pwdfs);
        } catch (FileNotFoundException e) {
            //ignore
        }

    }
}