/**
* NOTE: This copyright does *not* cover user programs that use Hyperic
* program services by normal system calls through the application
* program interfaces provided as part of the Hyperic Plug-in Development
* Kit or the Hyperic Client Development Kit - this is merely considered
* normal use of the program, and does *not* fall under the heading of
* "derived work".
*
* Copyright (C) [2011], VMware, Inc.
* This file is part of Hyperic.
*
* Hyperic is free software; you can redistribute it and/or modify
* it under the terms version 2 of the GNU General Public License as
* published by the Free Software Foundation. This program is distributed
* in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A
* PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA.
*
*/
package org.hyperic.util.security;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class DbKeyStoreSpi extends KeyStoreSpi {
private final Log log = LogFactory.getLog(DbKeyStoreSpi.class);
public static final String PRIVATE_KEY_ENTRY = "PrivateKeyEntry";
public static final String TRUSTED_CERT_ENTRY = "trustedCertEntry";
public static final String SECRET_KEY_ENTRY = "SecretKeyEntry";
private final DbKeystoreManager dbKeystoreManager;
private final Map<String, Object[]> engineAliases = new HashMap<String, Object[]>();
public DbKeyStoreSpi(DbKeystoreManager dbKeystoreManager) {
this.dbKeystoreManager = dbKeystoreManager;
}
@Override
public Key engineGetKey(String alias, char[] password)
throws NoSuchAlgorithmException, UnrecoverableKeyException {
Object[] objs = engineAliases.get(alias);
if (objs == null) {
log.warn("alias=" + alias + " has no associated certificate");
return null;
}
Certificate cert = (Certificate) objs[1];
return cert.getPublicKey();
}
@Override
public Certificate[] engineGetCertificateChain(String alias) {
Object[] objs = engineAliases.get(alias);
return (Certificate[]) objs[2];
}
@Override
public Certificate engineGetCertificate(String alias) {
Object[] objs = engineAliases.get(alias);
return (Certificate) objs[1];
}
@Override
public Date engineGetCreationDate(String alias) {
throw new UnsupportedOperationException("engineGetCreationDate() is not supported");
}
@Override
public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain)
throws KeyStoreException {
throw new UnsupportedOperationException("engineSetKeyEntry() is not supported");
}
@Override
public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain)
throws KeyStoreException {
throw new UnsupportedOperationException("engineSetKeyEntry() is not supported");
}
@Override
public void engineSetCertificateEntry(String alias, Certificate cert)
throws KeyStoreException {
dbKeystoreManager.create(alias, TRUSTED_CERT_ENTRY, cert, null);
}
@Override
public void engineDeleteEntry(String alias) throws KeyStoreException {
throw new UnsupportedOperationException("engineDeleteEntry() is not supported");
}
@Override
public Enumeration<String> engineAliases() {
return new Vector<String>(engineAliases.keySet()).elements();
}
@Override
public boolean engineContainsAlias(String alias) {
return engineAliases.containsKey(alias);
}
@Override
public int engineSize() {
return engineAliases.size();
}
@Override
public boolean engineIsKeyEntry(String alias) {
Object[] objs = engineAliases.get(alias);
if (objs == null) {
return false;
}
String type = (String) objs[0];
return (type.equals(PRIVATE_KEY_ENTRY) || type.equals(SECRET_KEY_ENTRY));
}
@Override
public boolean engineIsCertificateEntry(String alias) {
Object[] objs = engineAliases.get(alias);
if (objs == null) {
return false;
}
String type = (String) objs[0];
return type.equals(TRUSTED_CERT_ENTRY);
}
@Override
public String engineGetCertificateAlias(Certificate cert) {
throw new UnsupportedOperationException("engineGetCertificateAlias() is not supported");
}
@Override
public void engineStore(OutputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException {
throw new UnsupportedOperationException("engineStore() is not supported");
}
@Override
public void engineLoad(InputStream stream, char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException {
final Collection<? extends KeystoreEntry> entries = dbKeystoreManager.getKeystore();
final boolean debug = log.isDebugEnabled();
for (final KeystoreEntry entry : entries) {
final String alias = entry.getAlias();
final String type = entry.getType();
final Certificate cert = entry.getCertificate();
final Certificate[] chain = entry.getCertificateChain();
Object[] objs = engineAliases.get(alias);
if (objs == null) {
objs = new Object[3];
objs[0] = type;
objs[1] = cert;
objs[2] = chain;
engineAliases.put(alias, objs);
}
if (debug) log.debug("adding alias=" + alias + ",type=" + type);
}
}
}