package org.jboss.seam.security.external.saml;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* @author Marcel Kolsteren
*/
public class SamlSigningKey {
private PrivateKey privateKey;
private X509Certificate certificate;
public SamlSigningKey(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass) {
if (signingKeyPass == null) {
signingKeyPass = keyStorePass;
}
getSigningKeyPair(keyStoreUrl, keyStorePass, signingKeyAlias, signingKeyPass);
}
private void getSigningKeyPair(String keyStoreUrl, String keyStorePass, String signingKeyAlias, String signingKeyPass) {
final String classPathPrefix = "classpath:";
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream keyStoreStream;
if (keyStoreUrl.startsWith(classPathPrefix)) {
keyStoreStream = getClass().getResourceAsStream(keyStoreUrl.substring(classPathPrefix.length()));
if (keyStoreStream == null) {
throw new RuntimeException("Keystore " + keyStoreUrl + " could not be loaded from the classpath.");
}
} else {
keyStoreStream = new URL(keyStoreUrl).openStream();
}
char[] keyStorePwd = keyStorePass != null ? keyStorePass.toCharArray() : null;
keyStore.load(keyStoreStream, keyStorePwd);
certificate = (X509Certificate) keyStore.getCertificate(signingKeyAlias);
char[] signingKeyPwd = signingKeyPass != null ? signingKeyPass.toCharArray() : null;
privateKey = (PrivateKey) keyStore.getKey(signingKeyAlias, signingKeyPwd);
if (privateKey == null) {
throw new RuntimeException("Key with alias " + signingKeyAlias + " was not found in keystore " + keyStoreUrl);
}
} catch (KeyStoreException e) {
throw new RuntimeException(e);
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
} catch (CertificateException e) {
throw new RuntimeException(e);
} catch (MalformedURLException e) {
throw new RuntimeException(e);
} catch (IOException e) {
throw new RuntimeException(e);
} catch (UnrecoverableKeyException e) {
throw new RuntimeException(e);
}
}
public PrivateKey getPrivateKey() {
return privateKey;
}
public X509Certificate getCertificate() {
return certificate;
}
}