Beispiel #1
0
  /*
   * Returns a keystore entry alias and a single target keystore.
   * An alias prefix must be supplied.
   */
  private AbstractMap.SimpleEntry<String, AbstractMap.SimpleEntry<String, KeyStore>>
      getKeystoreForWriting(String alias) {

    String[] splits = alias.split(this.entryNameSeparator, 2);
    if (splits.length == 2) { // prefixed alias
      KeyStore keystore = keystores.get(splits[0]);
      if (keystore != null) {
        return new AbstractMap.SimpleEntry<>(
            splits[1], new AbstractMap.SimpleEntry<>(splits[0], keystore));
      }
    }
    return null;
  }
Beispiel #2
0
  /*
   * Returns a keystore entry alias and a list of target keystores.
   * When the supplied alias prefix identifies a keystore then that single
   * keystore is returned. When no alias prefix is supplied then all the
   * keystores are returned.
   */
  private AbstractMap.SimpleEntry<String, Collection<KeyStore>> getKeystoresForReading(
      String alias) {

    String[] splits = alias.split(this.entryNameSeparatorRegEx, 2);
    if (splits.length == 2) { // prefixed alias
      KeyStore keystore = keystores.get(splits[0]);
      if (keystore != null) {
        return new AbstractMap.SimpleEntry<>(
            splits[1], (Collection<KeyStore>) Collections.singleton(keystore));
      }
    } else if (splits.length == 1) { // unprefixed alias
      // Check all keystores for the first occurrence of the alias
      return new AbstractMap.SimpleEntry<>(alias, keystores.values());
    }
    return new AbstractMap.SimpleEntry<>(
        "", (Collection<KeyStore>) Collections.<KeyStore>emptyList());
  }
Beispiel #3
0
  @Override
  public void engineStore(KeyStore.LoadStoreParameter param)
      throws IOException, NoSuchAlgorithmException, CertificateException {
    if (param instanceof DomainLoadStoreParameter) {
      DomainLoadStoreParameter domainParameter = (DomainLoadStoreParameter) param;
      List<KeyStoreBuilderComponents> builders =
          getBuilders(domainParameter.getConfiguration(), domainParameter.getProtectionParams());

      for (KeyStoreBuilderComponents builder : builders) {

        try {

          KeyStore.ProtectionParameter pp = builder.protection;
          if (!(pp instanceof KeyStore.PasswordProtection)) {
            throw new KeyStoreException(
                new IllegalArgumentException(
                    "ProtectionParameter" + " must be a KeyStore.PasswordProtection"));
          }
          char[] password = ((KeyStore.PasswordProtection) builder.protection).getPassword();

          // Store the keystores
          KeyStore keystore = keystores.get(builder.name);

          try (FileOutputStream stream = new FileOutputStream(builder.file)) {

            keystore.store(stream, password);
          }
        } catch (KeyStoreException e) {
          throw new IOException(e);
        }
      }
    } else {
      throw new UnsupportedOperationException(
          "This keystore must be stored using a " + "DomainLoadStoreParameter");
    }
  }
Beispiel #4
0
  /*
   * Parse a keystore domain configuration file and associated collection
   * of keystore passwords to create a collection of KeyStore.Builder.
   */
  private List<KeyStoreBuilderComponents> getBuilders(
      URI configuration, Map<String, KeyStore.ProtectionParameter> passwords) throws IOException {

    PolicyParser parser = new PolicyParser(true); // expand properties
    Collection<PolicyParser.DomainEntry> domains = null;
    List<KeyStoreBuilderComponents> builders = new ArrayList<>();
    String uriDomain = configuration.getFragment();

    try (InputStreamReader configurationReader =
        new InputStreamReader(PolicyUtil.getInputStream(configuration.toURL()), "UTF-8")) {
      parser.read(configurationReader);
      domains = parser.getDomainEntries();

    } catch (MalformedURLException mue) {
      throw new IOException(mue);

    } catch (PolicyParser.ParsingException pe) {
      throw new IOException(pe);
    }

    for (PolicyParser.DomainEntry domain : domains) {
      Map<String, String> domainProperties = domain.getProperties();

      if (uriDomain != null && (!uriDomain.equalsIgnoreCase(domain.getName()))) {
        continue; // skip this domain
      }

      if (domainProperties.containsKey(ENTRY_NAME_SEPARATOR)) {
        this.entryNameSeparator = domainProperties.get(ENTRY_NAME_SEPARATOR);
        // escape any regex meta characters
        char ch = 0;
        StringBuilder s = new StringBuilder();
        for (int i = 0; i < this.entryNameSeparator.length(); i++) {
          ch = this.entryNameSeparator.charAt(i);
          if (REGEX_META.indexOf(ch) != -1) {
            s.append('\\');
          }
          s.append(ch);
        }
        this.entryNameSeparatorRegEx = s.toString();
      }

      Collection<PolicyParser.KeyStoreEntry> keystores = domain.getEntries();
      for (PolicyParser.KeyStoreEntry keystore : keystores) {
        String keystoreName = keystore.getName();
        Map<String, String> properties = new HashMap<>(domainProperties);
        properties.putAll(keystore.getProperties());

        String keystoreType = DEFAULT_KEYSTORE_TYPE;
        if (properties.containsKey(KEYSTORE_TYPE)) {
          keystoreType = properties.get(KEYSTORE_TYPE);
        }

        Provider keystoreProvider = null;
        if (properties.containsKey(KEYSTORE_PROVIDER_NAME)) {
          String keystoreProviderName = properties.get(KEYSTORE_PROVIDER_NAME);
          keystoreProvider = Security.getProvider(keystoreProviderName);
          if (keystoreProvider == null) {
            throw new IOException("Error locating JCE provider: " + keystoreProviderName);
          }
        }

        File keystoreFile = null;
        if (properties.containsKey(KEYSTORE_URI)) {
          String uri = properties.get(KEYSTORE_URI);

          try {
            if (uri.startsWith("file://")) {
              keystoreFile = new File(new URI(uri));
            } else {
              keystoreFile = new File(uri);
            }

          } catch (URISyntaxException | IllegalArgumentException e) {
            throw new IOException(
                "Error processing keystore property: " + "keystoreURI=\"" + uri + "\"", e);
          }
        }

        KeyStore.ProtectionParameter keystoreProtection = null;
        if (passwords.containsKey(keystoreName)) {
          keystoreProtection = passwords.get(keystoreName);

        } else if (properties.containsKey(KEYSTORE_PASSWORD_ENV)) {
          String env = properties.get(KEYSTORE_PASSWORD_ENV);
          String pwd = System.getenv(env);
          if (pwd != null) {
            keystoreProtection = new KeyStore.PasswordProtection(pwd.toCharArray());
          } else {
            throw new IOException(
                "Error processing keystore property: " + "keystorePasswordEnv=\"" + env + "\"");
          }
        } else {
          keystoreProtection = new KeyStore.PasswordProtection(null);
        }

        builders.add(
            new KeyStoreBuilderComponents(
                keystoreName, keystoreType, keystoreProvider, keystoreFile, keystoreProtection));
      }
      break; // skip other domains
    }
    if (builders.isEmpty()) {
      throw new IOException("Error locating domain configuration data " + "for: " + configuration);
    }

    return builders;
  }