public SamlLoginServerKeyManager(String key, String password, String certificate) {
Security.addProvider(new BouncyCastleProvider());
if (null == password) {
password = "";
}
try {
PEMReader reader =
new PEMReader(new InputStreamReader(new ByteArrayInputStream(certificate.getBytes())));
X509Certificate cert = (X509Certificate) reader.readObject();
reader =
new PEMReader(
new InputStreamReader(new ByteArrayInputStream(key.getBytes())),
new StringPasswordFinder(password));
KeyPair pkey = (KeyPair) reader.readObject();
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(null);
keystore.setCertificateEntry("service-provider-cert", cert);
keystore.setKeyEntry(
"service-provider-cert",
pkey.getPrivate(),
password.toCharArray(),
new Certificate[] {cert});
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, password.toCharArray());
keyManager =
new JKSKeyManager(
keystore,
Collections.singletonMap("service-provider-cert", password),
"service-provider-cert");
if (null == keyManager) {
throw new IllegalArgumentException(
"Could not load service provider certificate. Check serviceProviderKey and certificate parameters");
}
logger.info("Loaded service provider certificate " + keyManager.getDefaultCredentialName());
} catch (Throwable t) {
logger.error("Could not load certificate", t);
throw new IllegalArgumentException(
"Could not load service provider certificate. Check serviceProviderKey and certificate parameters",
t);
}
}
@Override
public Set<String> getAvailableCredentials() {
return keyManager.getAvailableCredentials();
}
@Override
public X509Certificate getCertificate(String alias) {
return keyManager.getCertificate(alias);
}
@Override
public String getDefaultCredentialName() {
return keyManager.getDefaultCredentialName();
}
@Override
public Credential getDefaultCredential() {
return keyManager.getDefaultCredential();
}
@Override
public Credential getCredential(String keyName) {
return keyManager.getCredential(keyName);
}
@Override
public Credential resolveSingle(CriteriaSet criteria) throws SecurityException {
return keyManager.resolveSingle(criteria);
}
@Override
public Iterable<Credential> resolve(CriteriaSet criteria) throws SecurityException {
return keyManager.resolve(criteria);
}