/*
* Copyright (c) 2011-2012 ICM Uniwersytet Warszawski All rights reserved.
* See LICENCE file for licensing information.
*/
package eu.emi.security.authn.x509.impl;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.helpers.AbstractX509Credential;
import eu.emi.security.authn.x509.helpers.CertificateHelpers;
import eu.emi.security.authn.x509.helpers.KeyStoreHelper;
/**
* Wraps a {@link PrivateKey} and {@link X509Certificate} chain as a {@link X509Credential}.
* <p>
* This class is especially useful for quick, in-memory creation of {@link KeyStore} when
* key and certificate are already loaded.
*
* @author K. Benedyczak
*/
public class KeyAndCertCredential extends AbstractX509Credential
{
/**
* Creates a new instance from the provided key and certificates.
* @param privateKey private key to be placed in this {@link X509Credential}'s KeyStore
* @param certificateChain certificates to be placed in this {@link X509Credential}'s KeyStore.
* those certificates must match the provided privateKey. The user's certificate is assumed
* to be the first entry in the chain.
* @throws KeyStoreException if private key is invalid or doesn't match the certificate.
*/
public KeyAndCertCredential(PrivateKey privateKey, X509Certificate[] certificateChain)
throws KeyStoreException
{
try
{
ks = KeyStoreHelper.getInstanceForCredential("JKS");
} catch (KeyStoreException e)
{
throw new RuntimeException("Can't create JKS KeyStore - JDK is misconfgured?", e);
}
try
{
ks.load(null);
} catch (Exception e)
{
throw new RuntimeException("Can't init JKS KeyStore - JDK is misconfgured?", e);
}
try
{
CertificateHelpers.checkKeysMatching(privateKey, certificateChain[0].getPublicKey());
} catch (InvalidKeyException e)
{
throw new KeyStoreException("Provided private key is not matching the certificate", e);
}
ks.setKeyEntry(KeystoreCredential.ALIAS, privateKey,
KeystoreCredential.KEY_PASSWD, certificateChain);
}
}