/*
* Returns a keystore entry alias and a single target keystore.
* An alias prefix must be supplied.
*/
private AbstractMap.SimpleEntry<String, AbstractMap.SimpleEntry<String, KeyStore>>
getKeystoreForWriting(String alias) {
String[] splits = alias.split(this.entryNameSeparator, 2);
if (splits.length == 2) { // prefixed alias
KeyStore keystore = keystores.get(splits[0]);
if (keystore != null) {
return new AbstractMap.SimpleEntry<>(
splits[1], new AbstractMap.SimpleEntry<>(splits[0], keystore));
}
}
return null;
}
/*
* Returns a keystore entry alias and a list of target keystores.
* When the supplied alias prefix identifies a keystore then that single
* keystore is returned. When no alias prefix is supplied then all the
* keystores are returned.
*/
private AbstractMap.SimpleEntry<String, Collection<KeyStore>> getKeystoresForReading(
String alias) {
String[] splits = alias.split(this.entryNameSeparatorRegEx, 2);
if (splits.length == 2) { // prefixed alias
KeyStore keystore = keystores.get(splits[0]);
if (keystore != null) {
return new AbstractMap.SimpleEntry<>(
splits[1], (Collection<KeyStore>) Collections.singleton(keystore));
}
} else if (splits.length == 1) { // unprefixed alias
// Check all keystores for the first occurrence of the alias
return new AbstractMap.SimpleEntry<>(alias, keystores.values());
}
return new AbstractMap.SimpleEntry<>(
"", (Collection<KeyStore>) Collections.<KeyStore>emptyList());
}
@Override
public void engineStore(KeyStore.LoadStoreParameter param)
throws IOException, NoSuchAlgorithmException, CertificateException {
if (param instanceof DomainLoadStoreParameter) {
DomainLoadStoreParameter domainParameter = (DomainLoadStoreParameter) param;
List<KeyStoreBuilderComponents> builders =
getBuilders(domainParameter.getConfiguration(), domainParameter.getProtectionParams());
for (KeyStoreBuilderComponents builder : builders) {
try {
KeyStore.ProtectionParameter pp = builder.protection;
if (!(pp instanceof KeyStore.PasswordProtection)) {
throw new KeyStoreException(
new IllegalArgumentException(
"ProtectionParameter" + " must be a KeyStore.PasswordProtection"));
}
char[] password = ((KeyStore.PasswordProtection) builder.protection).getPassword();
// Store the keystores
KeyStore keystore = keystores.get(builder.name);
try (FileOutputStream stream = new FileOutputStream(builder.file)) {
keystore.store(stream, password);
}
} catch (KeyStoreException e) {
throw new IOException(e);
}
}
} else {
throw new UnsupportedOperationException(
"This keystore must be stored using a " + "DomainLoadStoreParameter");
}
}
/*
* Parse a keystore domain configuration file and associated collection
* of keystore passwords to create a collection of KeyStore.Builder.
*/
private List<KeyStoreBuilderComponents> getBuilders(
URI configuration, Map<String, KeyStore.ProtectionParameter> passwords) throws IOException {
PolicyParser parser = new PolicyParser(true); // expand properties
Collection<PolicyParser.DomainEntry> domains = null;
List<KeyStoreBuilderComponents> builders = new ArrayList<>();
String uriDomain = configuration.getFragment();
try (InputStreamReader configurationReader =
new InputStreamReader(PolicyUtil.getInputStream(configuration.toURL()), "UTF-8")) {
parser.read(configurationReader);
domains = parser.getDomainEntries();
} catch (MalformedURLException mue) {
throw new IOException(mue);
} catch (PolicyParser.ParsingException pe) {
throw new IOException(pe);
}
for (PolicyParser.DomainEntry domain : domains) {
Map<String, String> domainProperties = domain.getProperties();
if (uriDomain != null && (!uriDomain.equalsIgnoreCase(domain.getName()))) {
continue; // skip this domain
}
if (domainProperties.containsKey(ENTRY_NAME_SEPARATOR)) {
this.entryNameSeparator = domainProperties.get(ENTRY_NAME_SEPARATOR);
// escape any regex meta characters
char ch = 0;
StringBuilder s = new StringBuilder();
for (int i = 0; i < this.entryNameSeparator.length(); i++) {
ch = this.entryNameSeparator.charAt(i);
if (REGEX_META.indexOf(ch) != -1) {
s.append('\\');
}
s.append(ch);
}
this.entryNameSeparatorRegEx = s.toString();
}
Collection<PolicyParser.KeyStoreEntry> keystores = domain.getEntries();
for (PolicyParser.KeyStoreEntry keystore : keystores) {
String keystoreName = keystore.getName();
Map<String, String> properties = new HashMap<>(domainProperties);
properties.putAll(keystore.getProperties());
String keystoreType = DEFAULT_KEYSTORE_TYPE;
if (properties.containsKey(KEYSTORE_TYPE)) {
keystoreType = properties.get(KEYSTORE_TYPE);
}
Provider keystoreProvider = null;
if (properties.containsKey(KEYSTORE_PROVIDER_NAME)) {
String keystoreProviderName = properties.get(KEYSTORE_PROVIDER_NAME);
keystoreProvider = Security.getProvider(keystoreProviderName);
if (keystoreProvider == null) {
throw new IOException("Error locating JCE provider: " + keystoreProviderName);
}
}
File keystoreFile = null;
if (properties.containsKey(KEYSTORE_URI)) {
String uri = properties.get(KEYSTORE_URI);
try {
if (uri.startsWith("file://")) {
keystoreFile = new File(new URI(uri));
} else {
keystoreFile = new File(uri);
}
} catch (URISyntaxException | IllegalArgumentException e) {
throw new IOException(
"Error processing keystore property: " + "keystoreURI=\"" + uri + "\"", e);
}
}
KeyStore.ProtectionParameter keystoreProtection = null;
if (passwords.containsKey(keystoreName)) {
keystoreProtection = passwords.get(keystoreName);
} else if (properties.containsKey(KEYSTORE_PASSWORD_ENV)) {
String env = properties.get(KEYSTORE_PASSWORD_ENV);
String pwd = System.getenv(env);
if (pwd != null) {
keystoreProtection = new KeyStore.PasswordProtection(pwd.toCharArray());
} else {
throw new IOException(
"Error processing keystore property: " + "keystorePasswordEnv=\"" + env + "\"");
}
} else {
keystoreProtection = new KeyStore.PasswordProtection(null);
}
builders.add(
new KeyStoreBuilderComponents(
keystoreName, keystoreType, keystoreProvider, keystoreFile, keystoreProtection));
}
break; // skip other domains
}
if (builders.isEmpty()) {
throw new IOException("Error locating domain configuration data " + "for: " + configuration);
}
return builders;
}
