CredentialManager.java example

Explorer
cagrid2-master
package org.cagrid.dorian.service.core;

import org.apache.cxf.configuration.security.KeyStoreType;
import org.cagrid.core.common.security.KeyStoreUtil;
import org.cagrid.core.common.security.X509Credential;
import org.cagrid.gts.ws.client.GTSClient;
import org.cagrid.trust.service.TrustService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.net.ssl.TrustManager;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;

public class CredentialManager {

    private Logger log = LoggerFactory.getLogger(CredentialManager.class);

    private String keystoreFile;
    private String keystorePassword;
    private String keyAlias;
    private String keyPassword;
    private String truststoreFile;
    private String truststorePassword;
    private TrustService trustService;
    private boolean useTrustService = false;


    public GTSClient getGTSClient(String url) {
        GTSClient client = new GTSClient(url);
        client.setCredential(getCredential());


        boolean trustServiceConfigured = false;
        if(useTrustService()){
            log.debug("Getting trust service...");
        TrustService ts = getTrustService();

            log.debug("Got trust service...." + ts.getClass().getName());
            try {
                log.debug("Getting trust manager...");
                TrustManager tm = ts.getTrustManager();
                log.debug("Got trust manager!!!!");
                client.setTrustManagers(new TrustManager[]{tm});
                trustServiceConfigured = true;
                log.debug("The GTS client is configured to use the trust service.");
            } catch (Exception e) {
                log.debug(e.getMessage(), e);
            }
        }
        if (!trustServiceConfigured) {
            client.setTruststore(getTruststore());
            log.debug("The GTS client is configured to use a trust store.");
        }
        return client;
    }

    public X509Credential getCredential() {
        X509Credential cred = null;
        try {
            KeyStore keystore = KeyStoreUtil.getKeyStore(getKeystoreFile(), getKeyPassword().toCharArray());

            if (keyAlias == null) {
                Enumeration<String> aliases = keystore.aliases();
                while (aliases.hasMoreElements()) {
                    String alias = aliases.nextElement();
                    if (keystore.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
                        keyAlias = alias;
                        break;
                    }
                }
            }

            Key key = keystore.getKey(keyAlias, keyPassword.toCharArray());
            Certificate[] certAry = keystore.getCertificateChain(keyAlias);
            if (certAry == null) {
                throw new GeneralSecurityException("A credential with the alias " + keyAlias + " could not be found in the keystore " + getKeystoreFile() + ".");
            }
            X509Certificate[] chain = new X509Certificate[certAry.length];
            for (int i = 0; i < certAry.length; i++) {
                chain[i] = (X509Certificate) certAry[i];
            }
            cred = new X509Credential(chain, (PrivateKey) key);
        } catch (IOException e) {
            log.error("IOException while getting credential", e);
        } catch (GeneralSecurityException e) {
            log.error("GeneralSecurityException while getting credential", e);
        }
        return cred;
    }


    public KeyStoreType getTruststore() {
        KeyStoreType ks = new KeyStoreType();
        ks.setPassword(this.getTruststorePassword());
        ks.setFile(getTruststoreFile());
        return ks;
    }

    public String getKeystoreFile() {
        return keystoreFile;
    }

    public void setKeystoreFile(String keystoreFile) {
        this.keystoreFile = keystoreFile;
    }

    public String getKeystorePassword() {
        return keystorePassword;
    }

    public void setKeystorePassword(String keystorePassword) {
        this.keystorePassword = keystorePassword;
    }

    public String getKeyAlias() {
        return keyAlias;
    }

    public void setKeyAlias(String keyAlias) {
        this.keyAlias = keyAlias;
    }

    public String getKeyPassword() {
        return keyPassword;
    }

    public void setKeyPassword(String keyPassword) {
        this.keyPassword = keyPassword;
    }

    public String getTruststoreFile() {
        return truststoreFile;
    }

    public void setTruststoreFile(String truststoreFile) {
        this.truststoreFile = truststoreFile;
    }

    public String getTruststorePassword() {
        return truststorePassword;
    }

    public void setTruststorePassword(String truststorePassword) {
        this.truststorePassword = truststorePassword;
    }

    public TrustService getTrustService() {
        return trustService;
    }

    public void setTrustService(TrustService trustService) {
        this.trustService = trustService;
    }

    public boolean useTrustService() {
        return useTrustService;
    }

    public void setUseTrustService(boolean useTrustService) {
        this.useTrustService = useTrustService;
    }
}