CertificateLoader.java

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this
 * file except in compliance with the License. You may obtain
 * a copy of the License at http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an
 * "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
 * or implied. See the License for the specific language governing
 * rights and limitations under the License.
 *
 *
 * The Original Code is Java RASP toolkit.
 *
 * The Initial Developer of the Original Code is Lenio. Portions
 * created by Lenio are Copyright (C) 2007 Danish National IT and
 * Telecom Agency (http://www.itst.dk). All Rights Reserved.
 */

package dk.gov.oiosi.security.lookup;

import dk.gov.oiosi.security.RootCertificateConfig;
import org.apache.commons.configuration.ConfigurationUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import java.io.File;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;

public class CertificateLoader {

    private static final Log log = LogFactory.getLog(CertificateLoader.class);

    /*
     * Tries to load the root certificate by searching the user home directory, the current classpath and the system classpath.
     *
     */
    public static X509Certificate GetCertificateFromCertificateStoreInformation(RootCertificateConfig rootCertConfig) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        X509Certificate cert = null;
        // define receiver certificate
        KeyStore ks = KeyStore.getInstance("JKS");
        URL rootCertLocation = ConfigurationUtils.locate(rootCertConfig.getKeyStoreLocation());
        if (rootCertLocation != null) {
            ks.load(rootCertLocation.openStream(), rootCertConfig.getKeyStorePassword().toCharArray());
            cert = (X509Certificate) ks.getCertificate(rootCertConfig.getKeyLabel());
        } else {
            if (log.isWarnEnabled()) {
                String fileCanonicalPath = rootCertConfig.getKeyStoreLocation();
                try {
                    File file = new File(rootCertConfig.getKeyStoreLocation());
                    fileCanonicalPath = file.getCanonicalPath();
                } catch (Exception e) {
                    // Hide exception
                }
                log.warn("CertificateLoader: cannot locate key store by location " + rootCertConfig.getKeyStoreLocation() + ", among others tried file path " + fileCanonicalPath);
            }
        }

        if (log.isWarnEnabled() && rootCertLocation != null && cert == null) {
            log.warn("CertificateLoader: No certificate with label '" + rootCertConfig.getKeyLabel() + "' is found at key store at " + rootCertLocation);
        }

        return cert;
    }


    public static List<X509Certificate> GetCertificateListFromCertificateStoreInformation(RootCertificateConfig rootCertConfig) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        X509Certificate x509Certificate;
        String aliasLabelPrefix = rootCertConfig.getKeyLabel();
        String alias;
        List<X509Certificate> x509RootCertificateList = new ArrayList<>();
        // define receiver certificate.
        KeyStore keyStore = KeyStore.getInstance("JKS");
        URL rootCertLocation = ConfigurationUtils.locate(rootCertConfig.getKeyStoreLocation());
        if (rootCertLocation != null) {
            if (log.isInfoEnabled()) {
                try {
                    log.info("Loading root certs from JKS=" + new File(rootCertLocation.toURI()).getAbsolutePath());
                } catch (URISyntaxException e) {
                    log.warn("Exception for JKS=" + rootCertConfig.getKeyStoreLocation() + ": " + e.getMessage(), e);
                }
            }
            keyStore.load(rootCertLocation.openStream(), rootCertConfig.getKeyStorePassword().toCharArray());
            Enumeration<String> enumeration = keyStore.aliases();
            while (enumeration.hasMoreElements()) {
                alias = enumeration.nextElement();
                if (alias.startsWith(aliasLabelPrefix)) {
                    x509Certificate = (X509Certificate) keyStore.getCertificate(alias);
                    if (x509Certificate != null) {
                        x509RootCertificateList.add(x509Certificate);
                    }
//                } else {
                    // certificate alias does not start with the desired prefix
                }
            }
        } else {
            log.error("Keystore not found at location=" + rootCertConfig.getKeyStoreLocation());
        }
        if (x509RootCertificateList.isEmpty()) {
            log.error("No certificates found based on: " + rootCertConfig);
        } else {
            log.info(x509RootCertificateList.size() + " certificates found based on: " + rootCertConfig);
        }
        return x509RootCertificateList;
    }
}