private static boolean matches(TokenEntry entry, Term term) throws QueryException {
final boolean result;
final Object actualValue;
switch (TokenEntryFields.valueOf(term.getName())) {
case alias:
{
actualValue = entry.getAlias();
break;
}
default:
{
throw new QueryException(
"Unsupported token entry field in query terms: " + term.getName());
}
}
switch (term.getOperator()) {
case EQ:
{
result = term.getValue().equals(actualValue);
break;
}
case NEQ:
{
result = !term.getValue().equals(actualValue);
break;
}
case NULL:
{
result = term.getValue() == null;
break;
}
case NOTNULL:
{
result = term.getValue() != null;
break;
}
case LIKE:
{
if (term.getValue() instanceof String && actualValue != null) {
final String value = (String) term.getValue();
// TODO: At the moment we only support '%' and only in beginning and/or end of value
final boolean wildcardInBeginning = value.startsWith("%");
final boolean wildcardAtEnd = value.endsWith("%");
if (!wildcardInBeginning && !wildcardAtEnd) {
result = value.equals(actualValue);
} else {
final String content =
value.substring(
wildcardInBeginning ? 1 : 0,
wildcardAtEnd ? value.length() - 1 : value.length());
if (wildcardInBeginning && wildcardAtEnd) {
result = actualValue.toString().contains(content);
} else if (wildcardInBeginning) {
result = actualValue.toString().endsWith(content);
} else {
result = actualValue.toString().startsWith(content);
}
}
} else {
result = false;
}
break;
}
default:
{
throw new QueryException(
"Operator not yet supported in query terms: " + term.getOperator().name());
}
}
return result;
}
public static TokenSearchResults searchTokenEntries(
final KeyStore keyStore,
final int startIndex,
final int max,
final QueryCriteria qc,
final boolean includeData)
throws CryptoTokenOfflineException, QueryException {
final TokenSearchResults result;
try {
final ArrayList<TokenEntry> tokenEntries = new ArrayList<TokenEntry>();
final Enumeration<String> e =
keyStore
.aliases(); // We assume the order is the same for every call unless entries has been
// added or removed
final long maxIndex = (long) startIndex + max;
for (int i = 0; i < maxIndex && e.hasMoreElements(); ) {
final String keyAlias = e.nextElement();
final String type;
if (keyStore.entryInstanceOf(keyAlias, KeyStore.PrivateKeyEntry.class)) {
type = TokenEntry.TYPE_PRIVATEKEY_ENTRY;
} else if (keyStore.entryInstanceOf(keyAlias, KeyStore.SecretKeyEntry.class)) {
type = TokenEntry.TYPE_SECRETKEY_ENTRY;
} else if (keyStore.entryInstanceOf(keyAlias, KeyStore.TrustedCertificateEntry.class)) {
type = TokenEntry.TYPE_TRUSTED_ENTRY;
} else {
type = null;
}
TokenEntry entry = new TokenEntry(keyAlias, type);
if (shouldBeIncluded(entry, qc)) {
if (i < startIndex) {
i++;
continue;
}
if (LOG.isDebugEnabled()) {
LOG.debug("checking keyAlias: " + keyAlias);
}
// Add additional data
if (includeData) {
Map<String, String> info = new HashMap<String, String>();
try {
Date creationDate = keyStore.getCreationDate(keyAlias);
entry.setCreationDate(creationDate);
} catch (ProviderException ex) {
} // NOPMD: We ignore if it is not supported
if (TokenEntry.TYPE_PRIVATEKEY_ENTRY.equals(type)) {
final Certificate[] chain = keyStore.getCertificateChain(keyAlias);
if (chain.length > 0) {
info.put(
INFO_KEY_ALGORITHM, AlgorithmTools.getKeyAlgorithm(chain[0].getPublicKey()));
info.put(
INFO_KEY_SPECIFICATION,
AlgorithmTools.getKeySpecification(chain[0].getPublicKey()));
}
try {
entry.setParsedChain(chain);
} catch (CertificateEncodingException ex) {
info.put("Error", ex.getMessage());
LOG.error("Certificate could not be encoded for alias: " + keyAlias, ex);
}
} else if (TokenEntry.TYPE_TRUSTED_ENTRY.equals(type)) {
Certificate certificate = keyStore.getCertificate(keyAlias);
try {
entry.setParsedTrustedCertificate(certificate);
} catch (CertificateEncodingException ex) {
info.put("Error", ex.getMessage());
LOG.error("Certificate could not be encoded for alias: " + keyAlias, ex);
}
} else if (TokenEntry.TYPE_SECRETKEY_ENTRY.equals(type)) {
try {
KeyStore.Entry entry1 = keyStore.getEntry(keyAlias, null);
SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry1).getSecretKey();
info.put(INFO_KEY_ALGORITHM, secretKey.getAlgorithm());
// info.put(INFO_KEY_SPECIFICATION,
// AlgorithmTools.getKeySpecification(chain[0].getPublicKey())); // TODO: Key
// specification support for secret keys
} catch (NoSuchAlgorithmException ex) {
info.put("Error", ex.getMessage());
LOG.error("Unable to get secret key for alias: " + keyAlias, ex);
} catch (UnrecoverableEntryException ex) {
info.put("Error", ex.getMessage());
LOG.error("Unable to get secret key for alias: " + keyAlias, ex);
}
}
entry.setInfo(info);
}
tokenEntries.add(entry);
// Increase index
i++;
}
}
result = new TokenSearchResults(tokenEntries, e.hasMoreElements());
} catch (KeyStoreException ex) {
throw new CryptoTokenOfflineException(ex);
}
return result;
}
