/*
* Copyright (c) 2014 EMC Corporation
* All Rights Reserved
*/
package com.emc.storageos.zkutils;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import com.emc.storageos.security.helpers.SecurityUtil;
import com.emc.storageos.security.keystore.KeyStoreExporter;
import com.emc.storageos.security.keystore.impl.*;
import com.emc.storageos.security.ssh.PEMUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.emc.storageos.coordinator.client.service.CoordinatorClient;
import org.springframework.context.support.GenericXmlApplicationContext;
/**
* Handle keystore commands
*/
public class KeystoreCmdHandler {
private static final Logger log = LoggerFactory.getLogger(KeystoreCmdHandler.class);
private final KeyStore keystore; // the keystore for RSA only.
private final CoordinatorClient coordinator;
private GenericXmlApplicationContext ctx;
public KeystoreCmdHandler() throws KeyStoreException, NoSuchAlgorithmException,
CertificateException, IOException, InterruptedException {
try {
// To using Spring profile feature
ctx = new GenericXmlApplicationContext();
ctx.getEnvironment().setActiveProfiles(System.getProperty("buildType"));
ctx.load(getContextFiles());
ctx.refresh();
coordinator = (CoordinatorClient) ctx.getBean(ZKUtil.COORDINATOR_BEAN);
keystore = KeyStoreUtil.getViPRKeystore(coordinator);
} catch (Exception e) {
log.error("Failed to load the ViPR keystore", e);
throw e;
}
}
private String[] getContextFiles() {
return new String[] { ZKUtil.ZKUTI_CONF, "zkutil-oss-conf.xml", "zkutil-emc-conf.xml" };
}
public void getViPRKey() {
Key viprKey = null;
try {
viprKey =
keystore.getKey(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS, null);
System.out.print(PEMUtil.encodePrivateKey(viprKey.getEncoded()));
} catch (Exception e) {
log.error("Failed to get the ViPR key", e);
} finally {
SecurityUtil.clearSensitiveData(viprKey);
}
}
public void getViPRCertificate() {
Certificate[] viprCertificateChain = null;
try {
viprCertificateChain =
keystore.getCertificateChain(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS);
System.out.print(KeyCertificatePairGenerator
.getCertificateChainAsString(viprCertificateChain));
} catch (Exception e) {
log.error("Failed to get the ViPR certificate chain", e);
} finally {
// clear sensitive data
for (int i = 0; i < viprCertificateChain.length; i++) {
SecurityUtil.clearSensitiveData(viprCertificateChain[i].getPublicKey());
}
}
}
/**
* Export the ViPR keystore to local file in JKS format
*/
public void exportKeystore() throws Exception {
KeyStoreExporter exporter = (KeyStoreExporter) ctx.getBean("keystoreExporter");
exporter.export();
}
}