SSOAgentKeyStoreCredential.java

/*
 * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 * WSO2 Inc. licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 *
 *
 */

package org.wso2.carbon.identity.sso.agent.saml;

import org.wso2.carbon.identity.sso.agent.exception.SSOAgentException;
import org.wso2.carbon.identity.sso.agent.util.SSOAgentConfigs;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;

public class SSOAgentKeyStoreCredential implements SSOAgentCredential {

    private static PublicKey publicKey = null;
    private static PrivateKey privateKey = null;
    private static X509Certificate entityCertificate = null;

    private static void readX509Credentials() throws SSOAgentException {

        String privateKeyAlias = SSOAgentConfigs.getPrivateKeyAlias();
        String privateKeyPassword = SSOAgentConfigs.getPrivateKeyPassword();
        String idpCertAlias = SSOAgentConfigs.getIdPCertAlias();

        KeyStore keyStore = SSOAgentConfigs.getKeyStore();
        X509Certificate cert = null;
        PrivateKey privateKey = null;

        try {

            if (privateKeyAlias != null && SSOAgentConfigs.isRequestSigned()) {
                privateKey = (PrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray());

                if (privateKey == null) {
                    throw new SSOAgentException("RequestSigning is enabled, but cannot find private key with the alias " +
                            privateKeyAlias + " in the key store");
                }
            }


            cert = (X509Certificate) keyStore.getCertificate(idpCertAlias);
            if (cert == null) {
                throw new SSOAgentException("Cannot find IDP certificate with the alias " + idpCertAlias + " in the trust store");
            }
        } catch (KeyStoreException e) {
            throw new SSOAgentException("Error when reading keystore", e);
        } catch (UnrecoverableKeyException e) {
            throw new SSOAgentException("Error when reading keystore", e);
        } catch (NoSuchAlgorithmException e) {
            throw new SSOAgentException("Error when reading keystore", e);
        }

        publicKey = cert.getPublicKey();
        SSOAgentKeyStoreCredential.privateKey = privateKey;
        entityCertificate = cert;
    }

    @Override
    public void init() throws SSOAgentException {
        readX509Credentials();
    }

    @Override
    public PublicKey getPublicKey() {
        return publicKey;
    }

    @Override
    public PrivateKey getPrivateKey() {
        return privateKey;
    }

    @Override
    public X509Certificate getEntityCertificate() {
        return entityCertificate;
    }
}