CertificateModule.java

/*
 * Copyright 2010-2017 Norwegian Agency for Public Management and eGovernment (Difi)
 *
 * Licensed under the EUPL, Version 1.1 or – as soon they
 * will be approved by the European Commission - subsequent
 * versions of the EUPL (the "Licence");
 *
 * You may not use this work except in compliance with the Licence.
 *
 * You may obtain a copy of the Licence at:
 *
 * https://joinup.ec.europa.eu/community/eupl/og_page/eupl
 *
 * Unless required by applicable law or agreed to in
 * writing, software distributed under the Licence is
 * distributed on an "AS IS" basis,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied.
 * See the Licence for the specific language governing
 * permissions and limitations under the Licence.
 */

package no.difi.oxalis.commons.security;

import com.google.inject.AbstractModule;
import com.google.inject.Provides;
import com.google.inject.Singleton;
import com.google.inject.name.Named;
import no.difi.oxalis.api.model.AccessPointIdentifier;
import no.difi.oxalis.api.lang.OxalisLoadingException;
import no.difi.oxalis.api.settings.Settings;
import no.difi.oxalis.commons.settings.SettingsBuilder;

import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

/**
 * @author erlend
 * @since 4.0.0
 */
public class CertificateModule extends AbstractModule {

    @Override
    protected void configure() {
        SettingsBuilder.with(binder(), KeyStoreConf.class);
    }

    @Provides
    @Singleton
    protected KeyStore getKeyStore(Settings<KeyStoreConf> settings, @Named("conf") Path confFolder) throws Exception {
        KeyStore keystore = KeyStore.getInstance("JKS");
        try (InputStream inputStream = Files.newInputStream(settings.getPath(KeyStoreConf.PATH, confFolder))) {
            keystore.load(inputStream, settings.getString(KeyStoreConf.PASSWORD).toCharArray());
        }
        return keystore;
    }

    @Provides
    @Singleton
    protected PrivateKey getPrivateKeyEntry(KeyStore keyStore, Settings<KeyStoreConf> settings) throws Exception {
        return notNull("private key", (PrivateKey) keyStore.getKey(
                settings.getString(KeyStoreConf.KEY_ALIAS),
                settings.getString(KeyStoreConf.KEY_PASSWORD).toCharArray()));
    }

    @Provides
    @Singleton
    protected X509Certificate getCertificate(KeyStore keyStore, Settings<KeyStoreConf> settings) throws Exception {
        return notNull("certificate",
                (X509Certificate) keyStore.getCertificate(settings.getString(KeyStoreConf.KEY_ALIAS)));
    }

    @Provides
    @Singleton
    protected AccessPointIdentifier provideOurAccessPointIdentifier(X509Certificate certificate) {
        return new AccessPointIdentifier(CertificateUtils.extractCommonName(certificate));
    }

    @Provides
    @Singleton
    protected KeyStore.PrivateKeyEntry getPrivateKey(PrivateKey privateKey, X509Certificate certificate)
            throws Exception {
        return notNull("private key entry", new KeyStore.PrivateKeyEntry(
                privateKey,
                new Certificate[]{certificate}
        ));
    }

    private static <T> T notNull(String type, T obj) {
        if (obj == null)
            throw new OxalisLoadingException(String.format(
                    "Unable to load security settings due to lacking %s. Is configuration correct?", type));

        return obj;
    }
}