CreateKeystorePassword.java

/*
 * Copyright (C) 2014 Intel Corporation
 * All rights reserved.
 */
package com.intel.mtwilson.trustagent.setup;

import com.intel.dcsg.cpg.crypto.RandomUtil;
import com.intel.dcsg.cpg.crypto.SimpleKeystore;
import com.intel.dcsg.cpg.io.FileResource;
import com.intel.mtwilson.setup.AbstractSetupTask;
import com.intel.mtwilson.trustagent.TrustagentConfiguration;
import java.io.File;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;

/**
 *
 * @author jbuhacoff
 */
public class CreateKeystorePassword extends AbstractSetupTask {
    private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(CreateKeystorePassword.class);
    private TrustagentConfiguration trustagentConfiguration;
    
    @Override
    protected void configure() throws Exception {
        trustagentConfiguration = new TrustagentConfiguration(getConfiguration());
    }

    @Override
    protected void validate() throws Exception {
        String keystorePassword = trustagentConfiguration.getTrustagentKeystorePassword();
        if( keystorePassword == null || keystorePassword.isEmpty() ) {
            validation("Keystore password is not set");
        }
    }

    @Override
    protected void execute() throws Exception {
        String keystorePassword = RandomUtil.randomBase64String(8).replace("=","_");
        log.info("Generated random keystore password"); 
        File keystoreFile = trustagentConfiguration.getTrustagentKeystoreFile();
        if( keystoreFile.exists() ) {
            // load it and if we already have a password set then change it, otherwise we create a new keystore
            String existingKeystorePassword = trustagentConfiguration.getTrustagentKeystorePassword();
            try {
                SimpleKeystore keystore = new SimpleKeystore(new FileResource(keystoreFile), existingKeystorePassword);
                String[] aliases = keystore.aliases();
                log.debug("Keystore exists, changing password", aliases.length);
                keystore.save(keystoreFile, keystorePassword);
            }
            catch(KeyManagementException | KeyStoreException e) {
                log.debug("Cannot open keystore, deleting it", e);
                keystoreFile.delete();
            }
        }
        // store the new password
        getConfiguration().setString(TrustagentConfiguration.TRUSTAGENT_KEYSTORE_PASSWORD, keystorePassword);
    }
    
}