SamlSigningKey.java

package org.jboss.seam.security.external.saml;

import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * @author Marcel Kolsteren
 */
public class SamlSigningKey {
    private PrivateKey privateKey;

    private X509Certificate certificate;

    public SamlSigningKey(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass) {
        if (signingKeyPass == null) {
            signingKeyPass = keyStorePass;
        }
        getSigningKeyPair(keyStoreUrl, keyStorePass, signingKeyAlias, signingKeyPass);
    }

    private void getSigningKeyPair(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass) {
        final String classPathPrefix = "classpath:";

        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            InputStream keyStoreStream;
            if (keyStoreUrl.startsWith(classPathPrefix)) {
                keyStoreStream = getClass().getResourceAsStream(keyStoreUrl.substring(classPathPrefix.length()));
                if (keyStoreStream == null) {
                    throw new RuntimeException("Keystore " + keyStoreUrl + " could not be loaded from the classpath.");
                }
            } else {
                keyStoreStream = new URL(keyStoreUrl).openStream();
            }
            char[] keyStorePwd = keyStorePass != null ? keyStorePass.toCharArray() : null;
            keyStore.load(keyStoreStream, keyStorePwd);

            certificate = (X509Certificate) keyStore.getCertificate(signingKeyAlias);

            char[] signingKeyPwd = signingKeyPass != null ? signingKeyPass.toCharArray() : null;

            privateKey = (PrivateKey) keyStore.getKey(signingKeyAlias, signingKeyPwd);

            if (privateKey == null) {
                throw new RuntimeException("Key with alias " + signingKeyAlias + " was not found in keystore " + keyStoreUrl);
            }
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        } catch (CertificateException e) {
            throw new RuntimeException(e);
        } catch (MalformedURLException e) {
            throw new RuntimeException(e);
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (UnrecoverableKeyException e) {
            throw new RuntimeException(e);
        }
    }

    public PrivateKey getPrivateKey() {
        return privateKey;
    }

    public X509Certificate getCertificate() {
        return certificate;
    }
}