/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.saml.processing.core.util;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
/**
* Utility to handle Java Keystore
*
* @author Anil.Saldhana@redhat.com
* @since Jan 12, 2009
*/
public class KeyStoreUtil {
private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
/**
* Get the KeyStore
*
* @param keyStoreFile
* @param storePass
*
* @return
*
* @throws GeneralSecurityException
* @throws IOException
*/
public static KeyStore getKeyStore(File keyStoreFile, char[] storePass) throws GeneralSecurityException, IOException {
FileInputStream fis = new FileInputStream(keyStoreFile);
return getKeyStore(fis, storePass);
}
/**
* Get the Keystore given the url to the keystore file as a string
*
* @param fileURL
* @param storePass
*
* @return
*
* @throws GeneralSecurityException
* @throws IOException
*/
public static KeyStore getKeyStore(String fileURL, char[] storePass) throws GeneralSecurityException, IOException {
if (fileURL == null)
throw logger.nullArgumentError("fileURL");
File file = new File(fileURL);
FileInputStream fis = new FileInputStream(file);
return getKeyStore(fis, storePass);
}
/**
* Get the Keystore given the URL to the keystore
*
* @param url
* @param storePass
*
* @return
*
* @throws GeneralSecurityException
* @throws IOException
*/
public static KeyStore getKeyStore(URL url, char[] storePass) throws GeneralSecurityException, IOException {
if (url == null)
throw logger.nullArgumentError("url");
return getKeyStore(url.openStream(), storePass);
}
/**
* Get the Key Store <b>Note:</b> This method wants the InputStream to be not null.
*
* @param ksStream
* @param storePass
*
* @return
*
* @throws GeneralSecurityException
* @throws IOException
* @throws IllegalArgumentException if ksStream is null
*/
public static KeyStore getKeyStore(InputStream ksStream, char[] storePass) throws GeneralSecurityException, IOException {
if (ksStream == null)
throw logger.nullArgumentError("InputStream for the KeyStore");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(ksStream, storePass);
return ks;
}
/**
* Get the Public Key from the keystore
*
* @param ks
* @param alias
* @param password
*
* @return
*
* @throws GeneralSecurityException
*/
public static PublicKey getPublicKey(KeyStore ks, String alias, char[] password) throws GeneralSecurityException {
PublicKey publicKey = null;
// Get private key
Key key = ks.getKey(alias, password);
if (key instanceof PrivateKey) {
// Get certificate of public key
Certificate cert = ks.getCertificate(alias);
// Get public key
publicKey = cert.getPublicKey();
}
// if alias is a certificate alias, get the public key from the certificate.
if (publicKey == null) {
Certificate cert = ks.getCertificate(alias);
if (cert != null)
publicKey = cert.getPublicKey();
}
return publicKey;
}
/**
* Add a certificate to the KeyStore
*
* @param keystoreFile
* @param storePass
* @param alias
* @param cert
*
* @throws GeneralSecurityException
* @throws IOException
*/
public static void addCertificate(File keystoreFile, char[] storePass, String alias, Certificate cert)
throws GeneralSecurityException, IOException {
KeyStore keystore = getKeyStore(keystoreFile, storePass);
// Add the certificate
keystore.setCertificateEntry(alias, cert);
// Save the new keystore contents
FileOutputStream out = null;
try {
out = new FileOutputStream(keystoreFile);
keystore.store(out, storePass);
} finally {
if (out != null) {
try {
out.close();
} catch (IOException ioe) {
// Ignore
}
}
}
}
}