Newer
Older
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this
* file except in compliance with the License. You may obtain
* a copy of the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an
* "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
* or implied. See the License for the specific language governing
* rights and limitations under the License.
*
*
* The Original Code is Java RASP toolkit.
*
* The Initial Developer of the Original Code is Lenio. Portions
* created by Lenio are Copyright (C) 2007 Danish National IT and
* Telecom Agency (http://www.itst.dk). All Rights Reserved.
*/
package dk.gov.oiosi.security.lookup;
import dk.gov.oiosi.security.RootCertificateConfig;
import org.apache.commons.configuration.ConfigurationUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.io.IOException;
pjohansson
committed
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.List;
public class CertificateLoader {
pjohansson
committed
private static final Log log = LogFactory.getLog(CertificateLoader.class);
* Tries to load the root certificate by searching the user home directory, the current classpath and the system classpath.
*
*/
public static X509Certificate GetCertificateFromCertificateStoreInformation(RootCertificateConfig rootCertConfig) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
X509Certificate cert = null;
// define receiver certificate
KeyStore ks = KeyStore.getInstance("JKS");
pjohansson
committed
URL rootCertLocation = ConfigurationUtils.locate(rootCertConfig.getKeyStoreLocation());
if (rootCertLocation != null) {
ks.load(rootCertLocation.openStream(), rootCertConfig.getKeyStorePassword().toCharArray());
cert = (X509Certificate) ks.getCertificate(rootCertConfig.getKeyLabel());
String fileCanonicalPath = rootCertConfig.getKeyStoreLocation();
try {
File file = new File(rootCertConfig.getKeyStoreLocation());
fileCanonicalPath = file.getCanonicalPath();
} catch (Exception e) {
}
log.warn("CertificateLoader: cannot locate key store by location " + rootCertConfig.getKeyStoreLocation() + ", among others tried file path " + fileCanonicalPath);
}
if (log.isWarnEnabled() && rootCertLocation != null && cert == null) {
log.warn("CertificateLoader: No certificate with label '" + rootCertConfig.getKeyLabel() + "' is found at key store at " + rootCertLocation);
return cert;
}
public static List<X509Certificate> GetCertificateListFromCertificateStoreInformation(RootCertificateConfig rootCertConfig) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
String aliasLabelPrefix = rootCertConfig.getKeyLabel();
String alias;
List<X509Certificate> x509RootCertificateList = new ArrayList<>();
KeyStore keyStore = KeyStore.getInstance("JKS");
URL rootCertLocation = ConfigurationUtils.locate(rootCertConfig.getKeyStoreLocation());
if (rootCertLocation != null) {
if (log.isInfoEnabled()) {
try {
log.info("Loading root certs from JKS=" + new File(rootCertLocation.toURI()).getAbsolutePath());
} catch (URISyntaxException e) {
log.warn("Exception for JKS=" + rootCertConfig.getKeyStoreLocation() + ": " + e.getMessage(), e);
}
}
keyStore.load(rootCertLocation.openStream(), rootCertConfig.getKeyStorePassword().toCharArray());
Enumeration<String> enumeration = keyStore.aliases();
while (enumeration.hasMoreElements()) {
if (alias.startsWith(aliasLabelPrefix)) {
x509Certificate = (X509Certificate) keyStore.getCertificate(alias);
if (x509Certificate != null) {
x509RootCertificateList.add(x509Certificate);
// certificate alias does not start with the desired prefix
}
}
} else {
log.error("Keystore not found at location=" + rootCertConfig.getKeyStoreLocation());
if (x509RootCertificateList.isEmpty()) {
log.error("No certificates found based on: " + rootCertConfig);
} else {
log.info(x509RootCertificateList.size() + " certificates found based on: " + rootCertConfig);
return x509RootCertificateList;