/**
* Creates trust managers using the receiver's trust store configuration.
*
* @param context context for status messages
* @return an array of trust managers or {@code null} if no trust store configuration was provided
* @throws NoSuchProviderException if a provider specified for one of the trust manager components
* is not known to the platform
* @throws NoSuchAlgorithmException if an algorithm specified for one of the trust manager
* components is not known to the relevant provider
* @throws KeyStoreException if an error occurs in reading a key store containing trust anchors
*/
private TrustManager[] createTrustManagers(ContextAware context)
throws NoSuchProviderException, NoSuchAlgorithmException, KeyStoreException {
if (getTrustStore() == null) return null;
KeyStore trustStore = getTrustStore().createKeyStore();
context.addInfo(
"trust store of type '"
+ trustStore.getType()
+ "' provider '"
+ trustStore.getProvider()
+ "': "
+ getTrustStore().getLocation());
TrustManagerFactory tmf = getTrustManagerFactory().createTrustManagerFactory();
context.addInfo(
"trust manager algorithm '"
+ tmf.getAlgorithm()
+ "' provider '"
+ tmf.getProvider()
+ "'");
tmf.init(trustStore);
return tmf.getTrustManagers();
}
@SuppressWarnings("unchecked")
private static void printKeyStoreInfo(KeyStore keystore) throws KeyStoreException {
log.debug("Provider : " + keystore.getProvider().getName());
log.debug("Type : " + keystore.getType());
log.debug("Size : " + keystore.size());
Enumeration en = keystore.aliases();
while (en.hasMoreElements()) {
System.out.println("Alias: " + en.nextElement());
}
}
protected CamelContext createPropertiesPlaceholderAwareContext() throws Exception {
Properties supplementalProperties = new Properties();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
SecureRandom sr = null;
try {
sr = SecureRandom.getInstance("SHA1PRNG");
} catch (NoSuchAlgorithmException e) {
// Ignore
}
SSLContext sslc = SSLContext.getInstance("TLS");
sslc.init(null, null, null);
SSLSocket socket = (SSLSocket) sslc.getSocketFactory().createSocket();
supplementalProperties.setProperty("keyStoreParameters.type", KeyStore.getDefaultType());
supplementalProperties.setProperty("keyStoreParameters.provider", ks.getProvider().getName());
supplementalProperties.setProperty(
"keyManagersParameters.algorithm", KeyManagerFactory.getDefaultAlgorithm());
supplementalProperties.setProperty(
"keyManagersParameters.provider", kmf.getProvider().getName());
supplementalProperties.setProperty(
"trustManagersParameters.algorithm", TrustManagerFactory.getDefaultAlgorithm());
supplementalProperties.setProperty(
"trustManagersParameters.provider", tmf.getProvider().getName());
if (sr != null) {
supplementalProperties.setProperty("secureRandomParameters.algorithm", "SHA1PRNG");
supplementalProperties.setProperty(
"secureRandomParameters.provider", sr.getProvider().getName());
}
supplementalProperties.setProperty(
"sslContextParameters.provider", sslc.getProvider().getName());
supplementalProperties.setProperty("cipherSuite.0", socket.getSupportedCipherSuites()[0]);
// Have to skip this guy because he doesn't work with TLS as the SSLContext protocol
String ssp = "";
for (String protocol : socket.getSupportedProtocols()) {
if (!"SSLv2Hello".equals(protocol)) {
ssp = protocol;
break;
}
}
supplementalProperties.setProperty("secureSocketProtocol.0", ssp);
return this.createPropertiesPlaceholderAwareContext(supplementalProperties);
}
protected void execute() throws CertificateException, IOException {
KeyStore keyStore = getKeyStore();
if (keyStore == null) {
throw new IOException("No se pudo obtener almacen de firma.");
}
String alias = getAlias(keyStore);
X509Certificate certificate = null;
try {
certificate = (X509Certificate) keyStore.getCertificate(alias);
if (certificate == null) {
throw new IOException("No existe ningún certificado para firmar.");
}
} catch (KeyStoreException e1) {
throw new IOException("Error: " + e1.getMessage());
}
PrivateKey privateKey = null;
KeyStore tmpKs = keyStore;
try {
privateKey = (PrivateKey) tmpKs.getKey(alias, this.passSignature.toCharArray());
} catch (UnrecoverableKeyException e) {
throw new IOException("No existe clave privada para firmar.");
} catch (KeyStoreException e) {
throw new IOException("No existe clave privada para firmar.");
} catch (NoSuchAlgorithmException e) {
throw new IOException("No existe clave privada para firmar.");
}
Provider provider = keyStore.getProvider();
DataToSign dataToSign = createDataToSign();
FirmaXML firma = new FirmaXML();
Document docSigned = null;
try {
Object[] res = firma.signFile(certificate, dataToSign, privateKey, provider);
docSigned = (Document) res[0];
} catch (Exception ex) {
throw new IOException("Error realizando la firma: " + ex.getMessage());
}
String filePath = getPathOut() + File.separatorChar + getSignatureFileName();
saveDocumenteDisk(docSigned, filePath);
}
/**
* Creates key managers using the receiver's key store configuration.
*
* @param context context for status messages
* @return an array of key managers or {@code null} if no key store configuration was provided
* @throws NoSuchProviderException if a provider specified for one of the key manager components
* is not known to the platform
* @throws NoSuchAlgorithmException if an algorithm specified for one of the key manager
* components is not known to the relevant provider
* @throws KeyStoreException if an error occurs in reading a key store
*/
private KeyManager[] createKeyManagers(ContextAware context)
throws NoSuchProviderException, NoSuchAlgorithmException, UnrecoverableKeyException,
KeyStoreException {
if (getKeyStore() == null) return null;
KeyStore keyStore = getKeyStore().createKeyStore();
context.addInfo(
"key store of type '"
+ keyStore.getType()
+ "' provider '"
+ keyStore.getProvider()
+ "': "
+ getKeyStore().getLocation());
KeyManagerFactory kmf = getKeyManagerFactory().createKeyManagerFactory();
context.addInfo(
"key manager algorithm '" + kmf.getAlgorithm() + "' provider '" + kmf.getProvider() + "'");
char[] passphrase = getKeyStore().getPassword().toCharArray();
kmf.init(keyStore, passphrase);
return kmf.getKeyManagers();
}
public void runTest(String provider) throws Exception {
// load private key
// all keystore types should support private keys
KeySpec spec =
new PKCS8EncodedKeySpec(Base64.getMimeDecoder().decode(PRIVATE_KEY_PKCS8_BASE64));
PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(spec);
// load x509 certificate
Certificate cert;
try (InputStream is =
new BufferedInputStream(new ByteArrayInputStream(CERTIFICATE.getBytes()))) {
cert = CertificateFactory.getInstance("X.509").generateCertificate(is);
}
int numEntries = 5;
String type = null;
for (int i = 0; i < PROVIDERS.length; i++) {
if (provider.compareTo(PROVIDERS[i]) == 0) {
type = KS_Type[i];
break;
}
}
System.out.printf("Test %s provider and %s keystore%n", provider, type);
KeyStore ks = KeyStore.getInstance(type, provider);
KeyStore ks2 = KeyStore.getInstance(type, ks.getProvider().getName());
// create an empty key store
ks.load(null, null);
// store the secret keys
for (int j = 0; j < numEntries; j++) {
ks.setKeyEntry(ALIAS_HEAD + j, privateKey, PASSWDK, new Certificate[] {cert});
}
// initialize the 2nd key store object with the 1st one
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ks.store(baos, PASSWDK);
byte[] bArr = baos.toByteArray();
ByteArrayInputStream bais = new ByteArrayInputStream(bArr);
ks2.load(bais, null);
// check 2nd key store type
checkType(ks2, type);
// check the existing aliases for the 2nd key store
checkAlias(ks2, numEntries);
// compare the creation date of the 2 key stores for all aliases
compareCreationDate(ks, ks2, numEntries);
// remove the last entry from the 2nd key store
numEntries--;
ks2.deleteEntry(ALIAS_HEAD + numEntries);
// re-initialize the 1st key store with the 2nd key store
baos.reset();
ks2.store(baos, PASSWD2);
bais = new ByteArrayInputStream(baos.toByteArray());
try {
// expect an exception since the password is incorrect
ks.load(bais, PASSWDK);
throw new RuntimeException("ERROR: passed the loading with incorrect password");
} catch (IOException ex) {
System.out.println("Expected exception: " + ex);
if (!causedBy(ex, UnrecoverableKeyException.class)) {
ex.printStackTrace(System.out);
throw new RuntimeException("Unexpected cause");
}
System.out.println("Expected cause: " + UnrecoverableKeyException.class.getName());
bais.reset();
ks.load(bais, PASSWD2);
bais.reset();
ks.load(bais, null);
}
// check key store type
checkType(ks, type);
// check the existing aliases
checkAlias(ks, numEntries);
// compare the creation date of the 2 key stores for all aliases
compareCreationDate(ks, ks2, numEntries);
}
private void readTest(String inKeyStore) throws Exception {
KeyStore inputKeyStore;
// Initialize KeyStore
String dir = System.getProperty("test.src", ".");
String keystorePath = dir + File.separator + "certs" + File.separator + "readP12";
inputKeyStore = KeyStore.getInstance(IN_KEYSTORE_TYPE);
// KeyStore have encoded by Base64.getMimeEncoder().encode(),need decode
// first.
byte[] input = Files.readAllBytes(Paths.get(keystorePath, inKeyStore));
ByteArrayInputStream arrayIn = new ByteArrayInputStream(Base64.getMimeDecoder().decode(input));
inputKeyStore.load(arrayIn, IN_STORE_PASS.toCharArray());
out.println("Initialize KeyStore : " + inKeyStore + " success");
out.println("getProvider : " + inputKeyStore.getProvider());
out.println("getType : " + inputKeyStore.getType());
out.println("getDefaultType : " + KeyStore.getDefaultType());
int idx = 0;
Enumeration<String> e = inputKeyStore.aliases();
String alias;
while (e.hasMoreElements()) {
alias = e.nextElement();
out.println("Alias " + idx + " : " + alias);
if (inputKeyStore.containsAlias(alias) == false) {
throw new RuntimeException("Alias not found");
}
out.println("getCreationDate : " + inputKeyStore.getCreationDate(alias));
X509Certificate cert = (X509Certificate) inputKeyStore.getCertificate(alias);
out.println("getCertificate : " + cert.getSubjectDN());
String retAlias = inputKeyStore.getCertificateAlias(cert);
if (!retAlias.equals(alias)) {
throw new RuntimeException("Alias mismatch");
}
out.println("getCertificateAlias : " + retAlias);
Certificate[] certs = inputKeyStore.getCertificateChain(alias);
for (int i = 0; i < certs.length; i++) {
out.println(
"getCertificateChain " + i + " : " + ((X509Certificate) certs[i]).getSubjectDN());
}
boolean isCertEntry = inputKeyStore.isCertificateEntry(alias);
// test KeyStore only contain key pair entries.
if (isCertEntry == true) {
throw new RuntimeException(
"inputKeystore should not be certEntry because test keystore only contain key pair entries.");
}
boolean isKeyEntry = inputKeyStore.isKeyEntry(alias);
if (isKeyEntry) {
Key key = inputKeyStore.getKey(alias, IN_STORE_PASS.toCharArray());
out.println("Key : " + key.toString());
} else {
throw new RuntimeException("Entry type unknown\n");
}
idx++;
}
int size = inputKeyStore.size();
if (idx != size) {
throw new RuntimeException("Size not match");
}
}
public Provider getProvider() {
return _mscapi.getProvider();
}
