Newer
Older
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this
* file except in compliance with the License. You may obtain
* a copy of the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an
* "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
* or implied. See the License for the specific language governing
* rights and limitations under the License.
*
*
* The Original Code is Java RASP toolkit.
*
* The Initial Developer of the Original Code is Lenio. Portions
* created by Lenio are Copyright (C) 2007 Danish National IT and
* Telecom Agency (http://www.itst.dk). All Rights Reserved.
*/
package dk.gov.oiosi.security.lookup;
import dk.gov.oiosi.security.RootCertificateConfig;
import org.apache.commons.configuration.ConfigurationUtils;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import java.io.FileNotFoundException;
import java.io.IOException;
pjohansson
committed
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
public class CertificateLoader {
pjohansson
committed
private static final Logger log = Logger.getLogger(CertificateLoader.class);
/*
* Tries to load the root certificate by searching the user home directory, the current classpath and the system classpath.
*
*/
public static X509Certificate GetCertificateFromCertificateStoreInformation(RootCertificateConfig rootCertConfig) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
X509Certificate cert = null;
// define receiver certificate
KeyStore ks = KeyStore.getInstance("JKS");
pjohansson
committed
URL rootCertLocation = ConfigurationUtils.locate(rootCertConfig.getKeyStoreLocation());
if (rootCertLocation != null) {
ks.load(rootCertLocation.openStream(), rootCertConfig.getKeyStorePassword().toCharArray());
cert = (X509Certificate) ks.getCertificate(rootCertConfig.getKeyLabel());
if (log.isEnabledFor(Level.WARN)) {
String fileCanonicalPath = rootCertConfig.getKeyStoreLocation();
try {
File file = new File(rootCertConfig.getKeyStoreLocation());
fileCanonicalPath = file.getCanonicalPath();
} catch (Exception e) {
/*
* Hide exception
*/
}
log.warn("CertificateLoader: cannot locate key store by location " + rootCertConfig.getKeyStoreLocation() + ", among others tried file path " + fileCanonicalPath);
}
if (rootCertLocation != null && cert == null) {
log.warn("CertificateLoader: no certificate with label '" + rootCertConfig.getKeyLabel() + "' is found at key store at " + rootCertLocation);
}
return cert;
}
public static List<X509Certificate> GetCertificateListFromCertificateStoreInformation(RootCertificateConfig rootCertConfig) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
List<X509Certificate> x509Certificates = null;
X509Certificate x509Certificate = null;
String aliasLabelPrefix = rootCertConfig.getKeyLabel();
String alias;
x509Certificates = new LinkedList<X509Certificate>();
// define receiver certificate
KeyStore ks = KeyStore.getInstance("JKS");
URL rootCertLocation = ConfigurationUtils.locate(rootCertConfig.getKeyStoreLocation());
if (rootCertLocation != null) {
ks.load(rootCertLocation.openStream(), rootCertConfig.getKeyStorePassword().toCharArray());
Enumeration<String> enumeration = ks.aliases();
while (enumeration.hasMoreElements()) {
if (alias.startsWith(aliasLabelPrefix)) {
x509Certificate = (X509Certificate) ks.getCertificate(alias);
if (x509Certificate != null) {
} else {
// certificate alias does not start with the desired prefix
}
}
} else {
log.error("Keystore not found at location=" + rootCertConfig.getKeyStoreLocation());