Java tutorial
/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2013-2015 ForgeRock AS. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * http://forgerock.org/license/CDDLv1.0.html * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at http://forgerock.org/license/CDDLv1.0.html * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" */ package org.forgerock.openidm.security.impl; import java.security.Key; import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStore.PrivateKeyEntry; import java.security.PrivateKey; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.List; import org.apache.commons.lang3.tuple.Pair; import org.forgerock.json.JsonValue; import org.forgerock.json.resource.NotFoundException; import org.forgerock.openidm.repo.RepositoryService; import org.forgerock.openidm.security.KeyStoreHandler; import org.forgerock.openidm.security.KeyStoreManager; import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** * A collection resource provider servicing requests on private key entries in a keystore */ public class PrivateKeyResourceProvider extends EntryResourceProvider { private final static Logger logger = LoggerFactory.getLogger(PrivateKeyResourceProvider.class); public PrivateKeyResourceProvider(String resourceName, KeyStoreHandler store, KeyStoreManager manager, RepositoryService repoService) { super(resourceName, store, manager, repoService); } @Override protected void storeEntry(JsonValue value, String alias) throws Exception { String type = value.get("type").defaultTo(DEFAULT_CERTIFICATE_TYPE).asString(); PrivateKey privateKey = null; String privateKeyPem = value.get("privateKey").asString(); if (privateKeyPem == null) { privateKey = getKeyPair(alias).getPrivate(); } else { privateKey = ((KeyPair) fromPem(privateKeyPem)).getPrivate(); } if (privateKey == null) { throw new NotFoundException("No private key exists for the supplied signed certificate"); } List<String> certStringChain = value.get("certs").required().asList(String.class); Certificate[] certChain = readCertificateChain(certStringChain, type); verify(privateKey, certChain[0]); store.getStore().setEntry(alias, new PrivateKeyEntry(privateKey, certChain), new KeyStore.PasswordProtection(store.getPassword().toCharArray())); store.store(); } @Override protected JsonValue readEntry(String alias) throws Exception { Key key = store.getStore().getKey(alias, store.getPassword().toCharArray()); if (key == null) { throw new NotFoundException("Alias does not correspond to a key entry in " + resourceName); } else { return returnKey(alias, key); } } @Override public void createDefaultEntry(String alias) throws Exception { Pair<X509Certificate, PrivateKey> pair = generateCertificate("localhost", "OpenIDM Self-Signed Certificate", "None", "None", "None", "None", DEFAULT_ALGORITHM, DEFAULT_KEY_SIZE, DEFAULT_SIGNATURE_ALGORITHM, null, null); Certificate cert = pair.getKey(); PrivateKey key = pair.getValue(); store.getStore().setEntry(alias, new PrivateKeyEntry(key, new Certificate[] { cert }), new KeyStore.PasswordProtection(store.getPassword().toCharArray())); store.store(); } }