/*
* Commons eID Project.
* Copyright (C) 2012-2013 FedICT.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License version
* 3.0 as published by the Free Software Foundation.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, see
* http://www.gnu.org/licenses/.
*/
package be.fedict.commons.eid.jca;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* eID specific {@link X509ExtendedKeyManager}.
*
* @see BeIDKeyManagerFactory
* @author Frank Cornelis
*
*/
public class BeIDX509KeyManager extends X509ExtendedKeyManager {
private static final Log LOG = LogFactory.getLog(BeIDX509KeyManager.class);
private KeyStore keyStore;
public BeIDX509KeyManager() throws KeyStoreException,
NoSuchAlgorithmException, CertificateException, IOException {
this(null);
}
public BeIDX509KeyManager(final BeIDManagerFactoryParameters beIDSpec)
throws KeyStoreException, NoSuchAlgorithmException,
CertificateException, IOException {
LOG.debug("constructor");
this.keyStore = KeyStore.getInstance("BeID");
BeIDKeyStoreParameter beIDKeyStoreParameter;
if (null == beIDSpec) {
beIDKeyStoreParameter = null;
} else {
beIDKeyStoreParameter = new BeIDKeyStoreParameter();
beIDKeyStoreParameter.setLocale(beIDSpec.getLocale());
beIDKeyStoreParameter.setParentComponent(beIDSpec
.getParentComponent());
beIDKeyStoreParameter.setAutoRecovery(beIDSpec.getAutoRecovery());
beIDKeyStoreParameter.setCardReaderStickiness(beIDSpec
.getCardReaderStickiness());
}
this.keyStore.load(beIDKeyStoreParameter);
}
@Override
public String chooseClientAlias(final String[] keyTypes,
final Principal[] issuers, final Socket socket) {
LOG.debug("chooseClientAlias");
for (String keyType : keyTypes) {
LOG.debug("key type: " + keyType);
if ("RSA".equals(keyType)) {
return "beid";
}
}
return null;
}
@Override
public String chooseServerAlias(final String keyType,
final Principal[] issuers, final Socket socket) {
LOG.debug("chooseServerAlias");
return null;
}
@Override
public X509Certificate[] getCertificateChain(final String alias) {
LOG.debug("getCertificateChain: " + alias);
if ("beid".equals(alias)) {
Certificate[] certificateChain;
try {
certificateChain = this.keyStore
.getCertificateChain("Authentication");
} catch (final KeyStoreException e) {
LOG.error("BeID keystore error: " + e.getMessage(), e);
return null;
}
final X509Certificate[] x509CertificateChain = new X509Certificate[certificateChain.length];
for (int idx = 0; idx < certificateChain.length; idx++) {
x509CertificateChain[idx] = (X509Certificate) certificateChain[idx];
}
return x509CertificateChain;
}
return null;
}
@Override
public String[] getClientAliases(final String keyType,
final Principal[] issuers) {
LOG.debug("getClientAliases");
return null;
}
@Override
public PrivateKey getPrivateKey(final String alias) {
LOG.debug("getPrivateKey: " + alias);
if ("beid".equals(alias)) {
PrivateKey privateKey;
try {
privateKey = (PrivateKey) this.keyStore.getKey(
"Authentication", null);
} catch (final Exception e) {
LOG.error("getKey error: " + e.getMessage(), e);
return null;
}
return privateKey;
}
return null;
}
@Override
public String[] getServerAliases(final String keyType,
final Principal[] issuers) {
LOG.debug("getServerAliases");
return null;
}
@Override
public String chooseEngineClientAlias(final String[] keyType,
final Principal[] issuers, final SSLEngine engine) {
LOG.debug("chooseEngineClientAlias");
return super.chooseEngineClientAlias(keyType, issuers, engine);
}
@Override
public String chooseEngineServerAlias(final String keyType,
final Principal[] issuers, final SSLEngine engine) {
LOG.debug("chooseEngineServerAlias");
return super.chooseEngineServerAlias(keyType, issuers, engine);
}
}