Newer
Older
/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this
* file except in compliance with the License. You may obtain
* a copy of the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an
* "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
* or implied. See the License for the specific language governing
* rights and limitations under the License.
*
*
* The Original Code is Java RASP toolkit.
*
* The Initial Developer of the Original Code is Lenio. Portions
* created by Lenio are Copyright (C) 2007 Danish National IT and
* Telecom Agency (http://www.itst.dk). All Rights Reserved.
*/
package dk.gov.oiosi.security.lookup;
import java.io.FileNotFoundException;
import java.io.IOException;
pjohansson
committed
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
pjohansson
committed
import org.apache.commons.configuration.ConfigurationUtils;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
pjohansson
committed
import dk.gov.oiosi.security.RootCertificateConfig;
public class CertificateLoader {
private static final Logger log = Logger.getLogger(CertificateLoader.class);
/*
* Tries to load the root certificate by searching the user home directory, the current classpath and the system classpath.
*
*/
public static X509Certificate GetCertificateFromCertificateStoreInformation(RootCertificateConfig rootCertConfig) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException
{
X509Certificate cert = null;
// define receiver certificate
KeyStore ks = KeyStore.getInstance("JKS");
pjohansson
committed
URL rootCertLocation = ConfigurationUtils.locate(rootCertConfig.getKeyStoreLocation());
if(rootCertLocation != null)
{
ks.load(rootCertLocation.openStream(), rootCertConfig.getKeyStorePassword().toCharArray());
cert = (X509Certificate) ks.getCertificate(rootCertConfig.getKeyLabel());
String fileCanonicalPath = rootCertConfig.getKeyStoreLocation();
try {
File file = new File(rootCertConfig.getKeyStoreLocation());
fileCanonicalPath = file.getCanonicalPath();
} catch (Exception e) {
/*
* Hide exception
*/
}
log.warn("CertificateLoader: cannot locate key store by location "+rootCertConfig.getKeyStoreLocation()+", among others tried file path "+fileCanonicalPath);
}
}
if (log.isEnabledFor(Level.WARN)) {
if (rootCertLocation != null && cert == null) {
log.warn("CertificateLoader: no certificate with label '"+rootCertConfig.getKeyLabel()+"' is found at key store at "+rootCertLocation);
}
return cert;
}
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
public static List<X509Certificate> GetCertificateListFromCertificateStoreInformation(RootCertificateConfig rootCertConfig) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException
{
List<X509Certificate> x509Certificates = null;
X509Certificate x509Certificate = null;
String aliasLabelPrefix = rootCertConfig.getKeyLabel();
String alias;
x509Certificates = new LinkedList<X509Certificate>();
// define receiver certificate
KeyStore ks = KeyStore.getInstance("JKS");
URL rootCertLocation = ConfigurationUtils.locate(rootCertConfig.getKeyStoreLocation());
if(rootCertLocation != null)
{
ks.load(rootCertLocation.openStream(), rootCertConfig.getKeyStorePassword().toCharArray());
Enumeration<String> enumeration = ks.aliases();
while(enumeration.hasMoreElements()){
alias = enumeration.nextElement();
if(alias.startsWith(aliasLabelPrefix))
{
x509Certificate = (X509Certificate) ks.getCertificate(alias);
if(x509Certificate != null)
{
x509Certificates.add(x509Certificate);
}
}
else
{
// certificate alias does not start with the desired prefix
}
}
}
return x509Certificates;
}