public static KeyPair getPrivateKey(String alias, char[] password)
throws FileNotFoundException, IOException, CertificateException {
try {
KeyStore ks = KeyStore.getInstance("JKS");
char[] passPhrase = "123456".toCharArray();
// BASE64Encoder myB64 = new BASE64Encoder();
File certificateFile = new File("C:\\Temp\\repositorio.jks");
ks.load(new FileInputStream(certificateFile), passPhrase);
// Get private key
Key key = ks.getKey(alias, password);
if (key instanceof PrivateKey) {
// Get certificate of public key
Certificate cert = ks.getCertificate(alias);
// Get public key
PublicKey publicKey = cert.getPublicKey();
// Return a key pair
return new KeyPair(publicKey, (PrivateKey) key);
}
} catch (UnrecoverableKeyException e) {
System.out.print(e.getMessage());
} catch (NoSuchAlgorithmException e) {
System.out.print(e.getMessage());
} catch (KeyStoreException e) {
System.out.print(e.getMessage());
}
return null;
}
/**
* ִ��http���á�true:�ɹ� false:ʧ��
*
* @return boolean
*/
public boolean call() {
boolean isRet = false;
// http
if (null == this.caFile && null == this.certFile) {
try {
this.callHttp();
isRet = true;
} catch (IOException e) {
this.errInfo = e.getMessage();
}
return isRet;
}
// https
try {
this.callHttps();
isRet = true;
} catch (UnrecoverableKeyException e) {
this.errInfo = e.getMessage();
} catch (KeyManagementException e) {
this.errInfo = e.getMessage();
} catch (CertificateException e) {
this.errInfo = e.getMessage();
} catch (KeyStoreException e) {
this.errInfo = e.getMessage();
} catch (NoSuchAlgorithmException e) {
this.errInfo = e.getMessage();
} catch (IOException e) {
this.errInfo = e.getMessage();
}
return isRet;
}
private SSLSocketFactory getSSLSocketFactory(String keyStoreName, String password) {
KeyStore ks = getKeyStore(keyStoreName, password);
KeyManagerFactory keyManagerFactory = null;
try {
keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(ks, password.toCharArray());
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
return context.getSocketFactory();
} catch (NoSuchAlgorithmException e) {
logger.error(e.getMessage(), e);
throw new RuntimeException(e.getMessage(), e);
} catch (KeyStoreException e) {
logger.error(e.getMessage(), e);
throw new RuntimeException(e.getMessage(), e);
} catch (UnrecoverableKeyException e) {
logger.error(e.getMessage(), e);
throw new RuntimeException(e.getMessage(), e);
} catch (KeyManagementException e) {
logger.error(e.getMessage(), e);
throw new RuntimeException(e.getMessage(), e);
}
}
/**
* Performs test signatures for the specified keys or for all if "all" specified.
*
* @param keyStore Loaded keystore to read keys from
* @param alias Alias of key to test or "all" to test all
* @param authCode Key password (if used, ie for JKS only)
* @param signatureProvider Provider for creating the signature
* @return The results for each key found
* @throws CryptoTokenOfflineException In case the key could not be used
*/
public static Collection<KeyTestResult> testKey(
KeyStore keyStore, String alias, char[] authCode, String signatureProvider)
throws CryptoTokenOfflineException {
if (LOG.isDebugEnabled()) {
LOG.debug("testKey for alias: " + alias);
}
final Collection<KeyTestResult> result = new LinkedList<KeyTestResult>();
try {
final Enumeration<String> e = keyStore.aliases();
while (e.hasMoreElements()) {
final String keyAlias = e.nextElement();
if (alias.equalsIgnoreCase(ICryptoToken.ALL_KEYS) || alias.equals(keyAlias)) {
if (LOG.isDebugEnabled()) {
LOG.debug("checking keyAlias: " + keyAlias);
}
if (keyStore.isKeyEntry(keyAlias)) {
String status;
String publicKeyHash = null;
boolean success = false;
try {
final PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, authCode);
final Certificate entryCert = keyStore.getCertificate(keyAlias);
if (entryCert != null) {
final PublicKey publicKey = entryCert.getPublicKey();
publicKeyHash = createKeyHash(publicKey);
testSignAndVerify(privateKey, publicKey, signatureProvider);
success = true;
status = "";
} else {
status = "Not testing keys with alias " + keyAlias + ". No certificate exists.";
}
} catch (ClassCastException ce) {
status = "Not testing keys with alias " + keyAlias + ". Not a private key.";
} catch (InvalidKeyException ex) {
LOG.error("Error testing key: " + keyAlias, ex);
status = ex.getMessage();
} catch (KeyStoreException ex) {
LOG.error("Error testing key: " + keyAlias, ex);
status = ex.getMessage();
} catch (NoSuchAlgorithmException ex) {
LOG.error("Error testing key: " + keyAlias, ex);
status = ex.getMessage();
} catch (NoSuchProviderException ex) {
LOG.error("Error testing key: " + keyAlias, ex);
status = ex.getMessage();
} catch (SignatureException ex) {
LOG.error("Error testing key: " + keyAlias, ex);
status = ex.getMessage();
} catch (UnrecoverableKeyException ex) {
LOG.error("Error testing key: " + keyAlias, ex);
status = ex.getMessage();
}
result.add(new KeyTestResult(keyAlias, success, status, publicKeyHash));
}
}
}
} catch (KeyStoreException ex) {
throw new CryptoTokenOfflineException(ex);
}
if (LOG.isDebugEnabled()) {
LOG.debug("<testKey");
}
return result;
}
@Override
public void contextInitialized(ServletContextEvent arg0) {
final String S_ProcName = "contextInitialized";
Properties props = System.getProperties();
if (null == CFBamSchemaPool.getSchemaPool()) {
try {
Context ctx = new InitialContext();
String poolClassName = (String) ctx.lookup("java:comp/env/CFBam24PoolClass");
if ((poolClassName == null) || (poolClassName.length() <= 0)) {
throw CFLib.getDefaultExceptionFactory()
.newNullArgumentException(
getClass(), S_ProcName, 0, "JNDI lookup for CFBam24PoolClass");
}
Class poolClass = Class.forName(poolClassName);
if (poolClass == null) {
throw CFLib.getDefaultExceptionFactory()
.newNullArgumentException(
getClass(),
S_ProcName,
0,
"CFBam24PoolClass \"" + poolClassName + "\" not found.");
}
Object obj = poolClass.newInstance();
if (obj instanceof CFBamSchemaPool) {
CFBamSchemaPool newPool = (CFBamSchemaPool) obj;
newPool.setConfigurationFile(null);
newPool.setJndiName("java:comp/env/CFBam24Connection");
CFBamSchemaPool.setSchemaPool(newPool);
} else {
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(), S_ProcName, "Problems constructing an instance of " + poolClassName);
}
String smtpHost = (String) ctx.lookup("java:comp/env/CFBam24SmtpHost");
if ((smtpHost == null) || (smtpHost.length() <= 0)) {
throw CFLib.getDefaultExceptionFactory()
.newNullArgumentException(
getClass(), S_ProcName, 0, "JNDI lookup for CFBam24SmtpHost");
}
props.setProperty("mail.smtp.host", smtpHost);
String smtpStartTLS = (String) ctx.lookup("java:comp/env/CFBam24SmtpStartTLS");
if ((smtpHost == null) || (smtpHost.length() <= 0)) {
throw CFLib.getDefaultExceptionFactory()
.newNullArgumentException(
getClass(), S_ProcName, 0, "JNDI lookup for CFBam24SmtpStartTLS");
}
props.setProperty("mail.smtp.starttls.enable", smtpStartTLS);
String smtpSocketFactoryClass =
(String) ctx.lookup("java:comp/env/CFBam24SmtpSocketFactoryClass");
if ((smtpSocketFactoryClass == null) || (smtpSocketFactoryClass.length() <= 0)) {
throw CFLib.getDefaultExceptionFactory()
.newNullArgumentException(
getClass(), S_ProcName, 0, "JNDI lookup for CFBam24SmtpSocketFactoryClass");
}
props.setProperty("mail.smtp.socketFactory.class", smtpSocketFactoryClass);
props.setProperty("mail.smtp.socketFactory.fallback", "false");
String smtpPort = (String) ctx.lookup("java:comp/env/CFBam24SmtpPort");
if ((smtpPort == null) || (smtpPort.length() <= 0)) {
throw CFLib.getDefaultExceptionFactory()
.newNullArgumentException(
getClass(), S_ProcName, 0, "JNDI lookup for CFBam24SmtpPort");
}
props.setProperty("mail.smtp.port", smtpPort);
props.setProperty("mail.smtp.socketFactory.port", smtpPort);
props.setProperty("mail.smtps.auth", "true");
props.put("mail.smtps.quitwait", "false");
String smtpEmailFrom = (String) ctx.lookup("java:comp/env/CFBam24SmtpEmailFrom");
if ((smtpEmailFrom == null) || (smtpEmailFrom.length() <= 0)) {
throw CFLib.getDefaultExceptionFactory()
.newNullArgumentException(
getClass(), S_ProcName, 0, "JNDI lookup for CFBam24SmtpEmailFrom");
}
smtpUsername = (String) ctx.lookup("java:comp/env/CFBam24SmtpUsername");
if ((smtpUsername == null) || (smtpUsername.length() <= 0)) {
throw CFLib.getDefaultExceptionFactory()
.newNullArgumentException(
getClass(), S_ProcName, 0, "JNDI lookup for CFBam24SmtpUsername");
}
smtpPassword = (String) ctx.lookup("java:comp/env/CFBam24SmtpPassword");
if ((smtpPassword == null) || (smtpPassword.length() <= 0)) {
throw CFLib.getDefaultExceptionFactory()
.newNullArgumentException(
getClass(), S_ProcName, 0, "JNDI lookup for CFBam24SmtpPassword");
}
String serverKeyStore;
try {
serverKeyStore = (String) ctx.lookup("java:comp/env/CFBam24ServerKeyStore");
} catch (NamingException e) {
serverKeyStore = null;
}
String keyStorePassword;
try {
keyStorePassword = (String) ctx.lookup("java:comp/env/CFBam24KeyStorePassword");
} catch (NamingException e) {
keyStorePassword = null;
}
String keyName;
try {
keyName = (String) ctx.lookup("java:comp/env/CFBam24KeyName");
} catch (NamingException e) {
keyName = null;
}
String keyPassword;
try {
keyPassword = (String) ctx.lookup("java:comp/env/CFBam24KeyPassword");
} catch (NamingException e) {
keyPassword = null;
}
if (((serverKeyStore != null) && (serverKeyStore.length() > 0))
&& (keyStorePassword != null)
&& ((keyName != null) && (keyName.length() > 0))
&& (keyPassword != null)) {
KeyStore keyStore = null;
File keystoreFile = new File(serverKeyStore);
if (!keystoreFile.exists()) {
throw CFLib.getDefaultExceptionFactory()
.newUsageException(
getClass(),
S_ProcName,
"CFBam24ServerKeyStore file \"" + serverKeyStore + "\" does not exist.");
} else if (!keystoreFile.isFile()) {
throw CFLib.getDefaultExceptionFactory()
.newUsageException(
getClass(),
S_ProcName,
"CFBam24ServerKeyStore file \"" + serverKeyStore + "\" is not a file.");
} else if (!keystoreFile.canRead()) {
throw CFLib.getDefaultExceptionFactory()
.newUsageException(
getClass(),
S_ProcName,
"Permission denied attempting to read CFBam24ServerKeyStore file \""
+ serverKeyStore
+ "\".");
}
try {
keyStore = KeyStore.getInstance("jceks");
char[] caPassword = keyStorePassword.toCharArray();
FileInputStream input = new FileInputStream(serverKeyStore);
keyStore.load(input, caPassword);
input.close();
Certificate publicKeyCertificate = keyStore.getCertificate(keyName);
if (publicKeyCertificate == null) {
throw CFLib.getDefaultExceptionFactory()
.newUsageException(
getClass(),
S_ProcName,
"Could not read CFBam24KeyName \""
+ keyName
+ "\" from CFBam24ServerKeyStore file \""
+ serverKeyStore
+ "\".");
}
publicKey = publicKeyCertificate.getPublicKey();
char[] caKeyPassword = keyPassword.toCharArray();
Key key = keyStore.getKey(keyName, caKeyPassword);
if (key instanceof PrivateKey) {
privateKey = (PrivateKey) key;
} else {
throw CFLib.getDefaultExceptionFactory()
.newUnsupportedClassException(getClass(), S_ProcName, "key", key, "PrivateKey");
}
getServerInfo();
} catch (CertificateException x) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(),
S_ProcName,
"Could not open keystore due to CertificateException -- " + x.getMessage(),
x);
} catch (IOException x) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(),
S_ProcName,
"Could not open keystore due to IOException -- " + x.getMessage(),
x);
} catch (KeyStoreException x) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(),
S_ProcName,
"Could not open keystore due to KeyStoreException -- " + x.getMessage(),
x);
} catch (NoSuchAlgorithmException x) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(),
S_ProcName,
"Could not open keystore due to NoSuchAlgorithmException -- " + x.getMessage(),
x);
} catch (UnrecoverableKeyException x) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(),
S_ProcName,
"Could not access key due to UnrecoverableKeyException -- " + x.getMessage(),
x);
} catch (RuntimeException x) {
publicKey = null;
privateKey = null;
throw x;
}
} else if ((serverKeyStore != null)
|| (keyStorePassword != null)
|| (keyName != null)
|| (keyPassword != null)) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newUsageException(
getClass(),
S_ProcName,
"All or none of CFBam24ServerKeyStore, "
+ "CFBam24KeyStorePassword, "
+ "CFBam24KeyName, and "
+ "CFBam24KeyPassword must be configured");
} else {
getServerInfo();
try {
serverInfo.initServerKeys();
} catch (Exception x) {
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(),
S_ProcName,
"Caught "
+ x.getClass().getName()
+ " during initServerKeys() -- "
+ x.getMessage(),
x);
}
}
} catch (ClassNotFoundException e) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(), S_ProcName, "Caught ClassNotFoundException -- " + e.getMessage(), e);
} catch (IllegalAccessException e) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(),
S_ProcName,
"Caught IllegalAccessException trying to construct newInstance() -- "
+ e.getMessage(),
e);
} catch (InstantiationException e) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(),
S_ProcName,
"Caught InstantiationException trying to construct newInstance() -- "
+ e.getMessage(),
e);
} catch (NamingException e) {
publicKey = null;
privateKey = null;
throw CFLib.getDefaultExceptionFactory()
.newRuntimeException(
getClass(), S_ProcName, "Caught NamingException -- " + e.getMessage(), e);
}
}
}
/**
* Sign file.
*
* @param signingDTO sign informations
* @param pdfSignedFile signed pdf returned
*/
public void sign(final DigitalSigningDTO signingDTO) {
if (signingDTO != null) {
try {
Security.addProvider(new BouncyCastleProvider());
final File alfTempDir = TempFileProvider.getTempDir();
if (alfTempDir != null) {
final String keyType =
(String) nodeService.getProperty(signingDTO.getKeyFile(), SigningModel.PROP_KEYTYPE);
if (SigningConstants.KEY_TYPE_X509.equals(keyType)) {
// Sign the file
final KeyStore ks = KeyStore.getInstance("pkcs12");
final ContentReader keyContentReader = getReader(signingDTO.getKeyFile());
if (keyContentReader != null && ks != null && signingDTO.getKeyPassword() != null) {
final List<AlfrescoRuntimeException> errors =
new ArrayList<AlfrescoRuntimeException>();
// Get crypted secret key and decrypt it
final Serializable encryptedPropertyValue =
nodeService.getProperty(
signingDTO.getKeyFile(), SigningModel.PROP_KEYCRYPTSECRET);
final Serializable decryptedPropertyValue =
metadataEncryptor.decrypt(
SigningModel.PROP_KEYCRYPTSECRET, encryptedPropertyValue);
// Decrypt key content
InputStream decryptedKeyContent;
try {
decryptedKeyContent =
CryptUtils.decrypt(
decryptedPropertyValue.toString(),
keyContentReader.getContentInputStream());
} catch (Throwable e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
}
ks.load(
new ByteArrayInputStream(IOUtils.toByteArray(decryptedKeyContent)),
signingDTO.getKeyPassword().toCharArray());
final String alias =
(String)
nodeService.getProperty(signingDTO.getKeyFile(), SigningModel.PROP_KEYALIAS);
final PrivateKey key =
(PrivateKey) ks.getKey(alias, signingDTO.getKeyPassword().toCharArray());
final Certificate[] chain = ks.getCertificateChain(alias);
final Iterator<NodeRef> itFilesToSign = signingDTO.getFilesToSign().iterator();
while (itFilesToSign.hasNext()) {
final NodeRef nodeRefToSign = itFilesToSign.next();
final AlfrescoRuntimeException exception =
signFile(nodeRefToSign, signingDTO, alfTempDir, alias, ks, key, chain);
if (exception != null) {
// Error on the file process
errors.add(exception);
}
}
if (errors != null && errors.size() > 0) {
final StringBuffer allErrors = new StringBuffer();
final Iterator<AlfrescoRuntimeException> itErrors = errors.iterator();
if (errors.size() > 1) {
allErrors.append("\n");
}
while (itErrors.hasNext()) {
final AlfrescoRuntimeException alfrescoRuntimeException = itErrors.next();
allErrors.append(alfrescoRuntimeException.getMessage());
if (itErrors.hasNext()) {
allErrors.append("\n");
}
}
throw new RuntimeException(allErrors.toString());
}
} else {
log.error("Unable to get key content, key type or key password.");
throw new AlfrescoRuntimeException(
"Unable to get key content, key type or key password.");
}
}
} else {
log.error("Unable to get temporary directory.");
throw new AlfrescoRuntimeException("Unable to get temporary directory.");
}
} catch (KeyStoreException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (CertificateException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (IOException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
} catch (UnrecoverableKeyException e) {
log.error(e);
throw new AlfrescoRuntimeException(e.getMessage(), e);
}
} else {
log.error("No object with signing informations.");
throw new AlfrescoRuntimeException("No object with signing informations.");
}
}
public PushManager get(Product product) {
if (StringUtils.isBlank(product.getDevCertPath())
|| StringUtils.isBlank(product.getDevCertPass())
|| StringUtils.isBlank(product.getCertPath())
|| StringUtils.isBlank(product.getCertPass())) {
logger.error("Product iOS Push Service Miss Cert Path and Password. {}", product);
return null;
}
PushManager service = mapping.get(product.getId());
if (service == null) {
ApnsEnvironment apnsEnvironment = null;
SSLContext sslContext = null;
try {
if (sandBox) {
apnsEnvironment = ApnsEnvironment.getSandboxEnvironment();
sslContext =
SSLContextUtil.createDefaultSSLContext(
product.getDevCertPath(), product.getDevCertPass());
} else {
apnsEnvironment = ApnsEnvironment.getProductionEnvironment();
sslContext =
SSLContextUtil.createDefaultSSLContext(product.getCertPath(), product.getCertPass());
}
} catch (KeyStoreException e) {
logger.error(e.getMessage(), e);
} catch (NoSuchAlgorithmException e) {
logger.error(e.getMessage(), e);
} catch (CertificateException e) {
logger.error(e.getMessage(), e);
} catch (UnrecoverableKeyException e) {
logger.error(e.getMessage(), e);
} catch (KeyManagementException e) {
logger.error(e.getMessage(), e);
} catch (IOException e) {
logger.error(e.getMessage(), e);
}
PushManagerConfiguration configuration = new PushManagerConfiguration();
configuration.setConcurrentConnectionCount(1);
final PushManager<SimpleApnsPushNotification> pushManager =
new PushManager<SimpleApnsPushNotification>(
apnsEnvironment,
sslContext,
null, // Optional: custom event loop group
null, // Optional: custom ExecutorService for calling listeners
null, // Optional: custom BlockingQueue implementation
configuration,
"ApnsPushManager-" + product.getId());
pushManager.registerRejectedNotificationListener(new PushRejectedNotificationListener());
pushManager.registerFailedConnectionListener(new PushFailedConnectionListener());
pushManager.start();
// ApnsServiceBuilder builder = APNS.newService();
// if (sandBox){
// builder.withCert(product.getDevCertPath(), product.getDevCertPass());
// builder.withSandboxDestination();
// }else{
// builder.withCert(product.getCertPath(), product.getCertPass());
// builder.withProductionDestination();
// }
// service =
// builder.asPool(10).withCacheLength(Integer.MAX_VALUE).withDelegate(delegateAdapter).asQueued().build();
mapping.put(product.getId(), pushManager);
service = pushManager;
}
return service;
}
