/**
* Copyright (c) Codice Foundation
* <p>
* This is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser
* General Public License as published by the Free Software Foundation, either version 3 of the
* License, or any later version.
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details. A copy of the GNU Lesser General Public License
* is distributed along with this program and can be found at
* <http://www.gnu.org/licenses/lgpl.html>.
*/
package ddf.security.samlp;
import java.util.Properties;
import org.apache.commons.lang.StringUtils;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import ddf.security.PropertiesLoader;
public class SystemCrypto {
private static final Logger LOGGER = LoggerFactory.getLogger(SystemCrypto.class);
private final PasswordEncryptor passwordEncryption;
private final Crypto signatureCrypto;
private final String signaturePassword;
private final String signatureAlias;
private final Crypto encryptionCrypto;
private final String encryptionPassword;
private final String encryptionAlias;
public SystemCrypto(String encryptionPropertiesPath, String signaturePropertiesPath,
PasswordEncryptor passwordEncryption) {
this.passwordEncryption = passwordEncryption;
Properties sigProperties = PropertiesLoader.loadProperties(signaturePropertiesPath);
signatureCrypto = createCrypto(sigProperties);
signaturePassword = getPassword(sigProperties);
signatureAlias = getAlias(signatureCrypto, sigProperties);
Properties encProperties = PropertiesLoader.loadProperties(encryptionPropertiesPath);
encryptionCrypto = createCrypto(encProperties);
encryptionPassword = getPassword(encProperties);
encryptionAlias = getAlias(encryptionCrypto, encProperties);
}
private String getAlias(Crypto crypto, Properties cryptoProperties) {
String user = cryptoProperties.getProperty(Merlin.PREFIX + Merlin.KEYSTORE_ALIAS);
if (user == null) {
try {
user = crypto.getDefaultX509Identifier();
} catch (WSSecurityException e) {
LOGGER.debug("Error in getting Crypto user: ", e);
}
}
return user;
}
private Crypto createCrypto(Properties cryptoProperties) {
Crypto crypto = null;
try {
crypto = CryptoFactory.getInstance(cryptoProperties,
SystemCrypto.class.getClassLoader(),
passwordEncryption);
} catch (WSSecurityException e) {
LOGGER.debug("Error in loading the Crypto object: ", e);
}
return crypto;
}
private String getPassword(Properties cryptoProperties) {
String password = cryptoProperties.getProperty(
Merlin.PREFIX + Merlin.KEYSTORE_PRIVATE_PASSWORD);
if (password == null) {
password = cryptoProperties.getProperty(
Merlin.OLD_PREFIX + Merlin.KEYSTORE_PRIVATE_PASSWORD);
}
if (password != null) {
password = decryptPassword(password.trim());
}
return password;
}
private String decryptPassword(String password) {
if (password.startsWith(Merlin.ENCRYPTED_PASSWORD_PREFIX)
&& password.endsWith(Merlin.ENCRYPTED_PASSWORD_SUFFIX)) {
return passwordEncryption.decrypt(StringUtils.substringBetween(password,
Merlin.ENCRYPTED_PASSWORD_PREFIX,
Merlin.ENCRYPTED_PASSWORD_SUFFIX));
}
return password;
}
public Crypto getSignatureCrypto() {
return signatureCrypto;
}
public String getSignaturePassword() {
return signaturePassword;
}
public Crypto getEncryptionCrypto() {
return encryptionCrypto;
}
public String getEncryptionPassword() {
return encryptionPassword;
}
public String getSignatureAlias() {
return signatureAlias;
}
public String getEncryptionAlias() {
return encryptionAlias;
}
}