MerlinDevice xref

View Javadoc

1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.components.crypto;
21  
22  import java.io.FileInputStream;
23  import java.io.IOException;
24  import java.io.InputStream;
25  import java.security.KeyStore;
26  import java.security.cert.CertStore;
27  import java.security.cert.CertificateFactory;
28  import java.security.cert.CollectionCertStoreParameters;
29  import java.security.cert.X509CRL;
30  import java.util.Collections;
31  import java.util.Properties;
32  
33  /**
34   * A Crypto implementation based on two Java KeyStore objects, one being the keystore, and one
35   * being the truststore. This Crypto implementation extends the default Merlin implementation by
36   * allowing loading of keystores using a null InputStream - for example on a smart-card device.
37   */
38  public class MerlinDevice extends Merlin {
39      
40      private static final org.apache.commons.logging.Log LOG = 
41          org.apache.commons.logging.LogFactory.getLog(MerlinDevice.class);
42      private static final boolean DO_DEBUG = LOG.isDebugEnabled();
43  
44      
45      @Override
46      public void loadProperties(Properties properties, ClassLoader loader) 
47          throws CredentialException, IOException {
48          if (properties == null) {
49              return;
50          }
51          this.properties = properties;
52          //
53          // Load the provider(s)
54          //
55          String provider = properties.getProperty(CRYPTO_KEYSTORE_PROVIDER);
56          if (provider != null) {
57              provider = provider.trim();
58          }
59          String certProvider = properties.getProperty(CRYPTO_CERT_PROVIDER);
60          if (certProvider != null) {
61              setCryptoProvider(certProvider);
62          }
63          //
64          // Load the KeyStore
65          //
66          String alias = properties.getProperty(KEYSTORE_ALIAS);
67          if (alias != null) {
68              alias = alias.trim();
69              defaultAlias = alias;
70          }
71          String keyStoreLocation = properties.getProperty(KEYSTORE_FILE);
72          if (keyStoreLocation == null) {
73              keyStoreLocation = properties.getProperty(OLD_KEYSTORE_FILE);
74          }
75          String keyStorePassword = properties.getProperty(KEYSTORE_PASSWORD, "security");
76          if (keyStorePassword != null) {
77              keyStorePassword = keyStorePassword.trim();
78          }
79          String keyStoreType = properties.getProperty(KEYSTORE_TYPE, KeyStore.getDefaultType());
80          if (keyStoreType != null) {
81              keyStoreType = keyStoreType.trim();
82          }
83          if (keyStoreLocation != null) {
84              keyStoreLocation = keyStoreLocation.trim();
85              InputStream is = loadInputStream(loader, keyStoreLocation);
86  
87              try {
88                  keystore = load(is, keyStorePassword, provider, keyStoreType);
89                  if (DO_DEBUG) {
90                      LOG.debug(
91                          "The KeyStore " + keyStoreLocation + " of type " + keyStoreType 
92                          + " has been loaded"
93                      );
94                  }
95              } finally {
96                  if (is != null) {
97                      is.close();
98                  }
99              }
100         } else {
101             keystore = load(null, keyStorePassword, provider, keyStoreType);
102         }
103         
104         //
105         // Load the TrustStore
106         //
107         String trustStorePassword = properties.getProperty(TRUSTSTORE_PASSWORD, "changeit");
108         if (trustStorePassword != null) {
109             trustStorePassword = trustStorePassword.trim();
110         }
111         String trustStoreType = properties.getProperty(TRUSTSTORE_TYPE, KeyStore.getDefaultType());
112         if (trustStoreType != null) {
113             trustStoreType = trustStoreType.trim();
114         }
115         String loadCacerts = properties.getProperty(LOAD_CA_CERTS, "false");
116         if (loadCacerts != null) {
117             loadCacerts = loadCacerts.trim();
118         }
119         String trustStoreLocation = properties.getProperty(TRUSTSTORE_FILE);
120         if (trustStoreLocation != null) {
121             trustStoreLocation = trustStoreLocation.trim();
122             InputStream is = loadInputStream(loader, trustStoreLocation);
123 
124             try {
125                 truststore = load(is, trustStorePassword, provider, trustStoreType);
126                 if (DO_DEBUG) {
127                     LOG.debug(
128                         "The TrustStore " + trustStoreLocation + " of type " + trustStoreType 
129                         + " has been loaded"
130                     );
131                 }
132                 loadCACerts = false;
133             } finally {
134                 if (is != null) {
135                     is.close();
136                 }
137             }
138         } else if (Boolean.valueOf(loadCacerts).booleanValue()) {
139             String cacertsPath = System.getProperty("java.home") + "/lib/security/cacerts";
140             if (cacertsPath != null) {
141                 cacertsPath = cacertsPath.trim();
142             }
143             InputStream is = new FileInputStream(cacertsPath);
144             try {
145                 String cacertsPasswd = properties.getProperty(TRUSTSTORE_PASSWORD, "changeit");
146                 if (cacertsPasswd != null) {
147                     cacertsPasswd = cacertsPasswd.trim();
148                 }
149                 truststore = load(is, cacertsPasswd, null, KeyStore.getDefaultType());
150                 if (DO_DEBUG) {
151                     LOG.debug("CA certs have been loaded");
152                 }
153                 loadCACerts = true;
154             } finally {
155                 if (is != null) {
156                     is.close();
157                 }
158             }
159         } else {
160             truststore = load(null, trustStorePassword, provider, trustStoreType);
161         }
162         //
163         // Load the CRL file
164         //
165         String crlLocation = properties.getProperty(X509_CRL_FILE);
166         if (crlLocation != null) {
167             crlLocation = crlLocation.trim();
168             InputStream is = loadInputStream(loader, crlLocation);
169 
170             try {
171                 CertificateFactory cf = getCertificateFactory();
172                 X509CRL crl = (X509CRL)cf.generateCRL(is);
173                 
174                 if (provider == null || provider.length() == 0) {
175                     crlCertStore = 
176                         CertStore.getInstance(
177                             "Collection",
178                             new CollectionCertStoreParameters(Collections.singletonList(crl))
179                         );
180                 } else {
181                     crlCertStore = 
182                         CertStore.getInstance(
183                             "Collection",
184                             new CollectionCertStoreParameters(Collections.singletonList(crl)),
185                             provider
186                         );
187                 }
188                 if (DO_DEBUG) {
189                     LOG.debug(
190                         "The CRL " + crlLocation + " has been loaded"
191                     );
192                 }
193             } catch (Exception e) {
194                 if (DO_DEBUG) {
195                     LOG.debug(e.getMessage(), e);
196                 }
197                 throw new CredentialException(CredentialException.IO_ERROR, "ioError00", e);
198             } finally {
199                 if (is != null) {
200                     is.close();
201                 }
202             }
203         }
204     }
205 
206 }