@Override public Certificate getCertificateForGateway(String alias) { Certificate cert = null; try { cert = this.keystoreService.getKeystoreForGateway().getCertificate(alias); } catch (KeyStoreException | KeystoreServiceException e) { LOG.unableToRetrieveCertificateForGateway(e); // should we throw an exception? } return cert; }
@Override public void addAliasForCluster(String clusterName, String alias, String value) { try { keystoreService.addCredentialForCluster(clusterName, alias, value); } catch (KeystoreServiceException e) { LOG.failedToAddCredentialForCluster(clusterName, e); } }
@Override public char[] getPasswordFromAliasForCluster(String clusterName, String alias, boolean generate) throws AliasServiceException { char[] credential = null; try { credential = keystoreService.getCredentialForCluster(clusterName, alias); if (credential == null) { if (generate) { generateAliasForCluster(clusterName, alias); credential = keystoreService.getCredentialForCluster(clusterName, alias); } } } catch (KeystoreServiceException e) { LOG.failedToGetCredentialForCluster(clusterName, e); throw new AliasServiceException(e); } return credential; }
if (!ks.isCredentialStoreForClusterAvailable(GATEWAY_CREDENTIAL_STORE_NAME)) { ks.createCredentialStoreForCluster(GATEWAY_CREDENTIAL_STORE_NAME); if (!ks.isKeystoreForGatewayAvailable()) { ks.createKeystoreForGateway(); passphrase = ms.getMasterSecret(); ks.addSelfSignedCertForGateway("gateway-identity", passphrase, hostname);
if (!ks.isKeystoreForGatewayAvailable()) { out.println("No keystore has been created for the gateway. Please use the create-cert command or populate with a CA signed cert of your own."); Certificate cert = ks.getKeystoreForGateway().getCertificate("gateway-identity"); String keyStoreDir = getGatewayConfig().getGatewaySecurityDir() + File.separator + "keystores" + File.separator; File ksd = new File(keyStoreDir);
KeystoreService ks = services.getService(GatewayServices.KEYSTORE_SERVICE); if (ks != null) { if (!ks.isCredentialStoreForClusterAvailable(topologyName)) { ks.createCredentialStoreForCluster(topologyName); if (ks.getCredentialStoreForCluster(topologyName) != null) { AliasService aliasService = services.getService(GatewayServices.ALIAS_SERVICE); if (aliasService != null) {
@Override public List<String> getAliasesForCluster(String clusterName) { ArrayList<String> list = new ArrayList<>(); KeyStore keyStore; try { keyStore = keystoreService.getCredentialStoreForCluster(clusterName); if (keyStore != null) { String alias = null; try { Enumeration<String> e = keyStore.aliases(); while (e.hasMoreElements()) { alias = e.nextElement(); // only include the metadata key names in the list of names if (!alias.contains("@")) { list.add(alias); } } } catch (KeyStoreException e) { LOG.failedToGetCredentialForCluster(clusterName, e); } } } catch (KeystoreServiceException kse) { LOG.failedToGetCredentialForCluster(clusterName, kse); } return list; } }
@Override public byte[] sign(String algorithm, String alias, String payloadToSign) { try { char[] passphrase; passphrase = as.getGatewayIdentityPassphrase(); PrivateKey privateKey = (PrivateKey) ks.getKeyForGateway(alias, passphrase); Signature signature = Signature.getInstance(algorithm); signature.initSign(privateKey); signature.update(payloadToSign.getBytes(StandardCharsets.UTF_8)); return signature.sign(); } catch (NoSuchAlgorithmException | AliasServiceException | KeystoreServiceException | SignatureException | InvalidKeyException e) { LOG.failedToSignData( e ); } return null; }
private void addDefaultConfig(String clientNameParameter, Map<String, String> properties) { // add default saml params if (clientNameParameter.contains("SAML2Client")) { properties.put(PropertiesConfigFactory.SAML_KEYSTORE_PATH, keystoreService.getKeystorePath()); properties.put(PropertiesConfigFactory.SAML_KEYSTORE_PASSWORD, new String(masterService.getMasterSecret())); // check for provisioned alias for private key char[] gip = null; try { gip = aliasService.getGatewayIdentityPassphrase(); } catch(AliasServiceException ase) { log.noPrivateKeyPasshraseProvisioned(ase); } if (gip != null) { properties.put(PropertiesConfigFactory.SAML_PRIVATE_KEY_PASSWORD, new String(gip)); } else { // no alias provisioned then use the master properties.put(PropertiesConfigFactory.SAML_PRIVATE_KEY_PASSWORD, new String(masterService.getMasterSecret())); } } }
if (!ks.isCredentialStoreForClusterAvailable(GATEWAY_CREDENTIAL_STORE_NAME)) { ks.createCredentialStoreForCluster(GATEWAY_CREDENTIAL_STORE_NAME); if (!ks.isKeystoreForGatewayAvailable()) { ks.createKeystoreForGateway(); passphrase = ms.getMasterSecret(); ks.addSelfSignedCertForGateway("gateway-identity", passphrase, hostname);
if (!ks.isKeystoreForGatewayAvailable()) { out.println("No keystore has been created for the gateway. Please use the create-cert command or populate with a CA signed cert of your own."); passphrase = ms.getMasterSecret(); Certificate cert = ks.getKeystoreForGateway().getCertificate("gateway-identity"); String keyStoreDir = getGatewayConfig().getGatewaySecurityDir() + File.separator + "keystores" + File.separator; File ksd = new File(keyStoreDir);
KeystoreService ks = services.getService(GatewayServices.KEYSTORE_SERVICE); if (ks != null) { if (!ks.isCredentialStoreForClusterAvailable(topologyName)) { ks.createCredentialStoreForCluster(topologyName); if (ks.getCredentialStoreForCluster(topologyName) != null) { AliasService aliasService = services.getService(GatewayServices.ALIAS_SERVICE); if (aliasService != null) {
@Override public List<String> getAliasesForCluster(String clusterName) { ArrayList<String> list = new ArrayList<>(); KeyStore keyStore; try { keyStore = keystoreService.getCredentialStoreForCluster(clusterName); if (keyStore != null) { String alias; try { Enumeration<String> e = keyStore.aliases(); while (e.hasMoreElements()) { alias = e.nextElement(); // only include the metadata key names in the list of names if (!alias.contains("@")) { list.add(alias); } } } catch (KeyStoreException e) { LOG.failedToGetCredentialForCluster(clusterName, e); } } } catch (KeystoreServiceException kse) { LOG.failedToGetCredentialForCluster(clusterName, kse); } return list; } }
@Override public byte[] sign(String algorithm, String alias, String payloadToSign) { try { char[] passphrase = null; passphrase = as.getGatewayIdentityPassphrase(); PrivateKey privateKey = (PrivateKey) ks.getKeyForGateway(alias, passphrase); Signature signature = Signature.getInstance(algorithm); signature.initSign(privateKey); signature.update(payloadToSign.getBytes(StandardCharsets.UTF_8)); return signature.sign(); } catch (NoSuchAlgorithmException e) { LOG.failedToSignData( e ); } catch (InvalidKeyException e) { LOG.failedToSignData( e ); } catch (SignatureException e) { LOG.failedToSignData( e ); } catch (KeystoreServiceException e) { LOG.failedToSignData( e ); } catch (AliasServiceException e) { LOG.failedToSignData( e ); } return null; }
private void addDefaultConfig(String clientNameParameter, Map<String, String> properties) { // add default saml params if (clientNameParameter.contains("SAML2Client")) { properties.put(PropertiesConfigFactory.SAML_KEYSTORE_PATH, keystoreService.getKeystorePath()); properties.put(PropertiesConfigFactory.SAML_KEYSTORE_PASSWORD, new String(masterService.getMasterSecret())); // check for provisioned alias for private key char[] gip = null; try { gip = aliasService.getGatewayIdentityPassphrase(); } catch(AliasServiceException ase) { log.noPrivateKeyPasshraseProvisioned(ase); } if (gip != null) { properties.put(PropertiesConfigFactory.SAML_PRIVATE_KEY_PASSWORD, new String(gip)); } else { // no alias provisioned then use the master properties.put(PropertiesConfigFactory.SAML_PRIVATE_KEY_PASSWORD, new String(masterService.getMasterSecret())); } } }
if (!ks.isCredentialStoreForClusterAvailable(GATEWAY_CREDENTIAL_STORE_NAME)) { log.creatingCredentialStoreForGateway(); ks.createCredentialStoreForCluster(GATEWAY_CREDENTIAL_STORE_NAME); if (!ks.isKeystoreForGatewayAvailable()) { log.creatingKeyStoreForGateway(); ks.createKeystoreForGateway(); char[] passphrase = null; try { passphrase = ms.getMasterSecret(); ks.addSelfSignedCertForGateway("gateway-identity", passphrase);
@Override public boolean verify(String algorithm, String alias, String signed, byte[] signature) { boolean verified = false; try { Signature sig=Signature.getInstance(algorithm); sig.initVerify(ks.getKeystoreForGateway().getCertificate(alias).getPublicKey()); sig.update(signed.getBytes(StandardCharsets.UTF_8)); verified = sig.verify(signature); } catch (SignatureException | KeystoreServiceException | KeyStoreException | InvalidKeyException | NoSuchAlgorithmException e) { LOG.failedToVerifySignature( e ); } LOG.signatureVerified( verified ); return verified; }
@Override public void generateAliasForCluster(String clusterName, String alias) throws AliasServiceException { try { keystoreService.getCredentialStoreForCluster(clusterName); } catch (KeystoreServiceException e) { LOG.failedToGenerateAliasForCluster(clusterName, e); throw new AliasServiceException(e); } String passwordString = generatePassword(16); addAliasForCluster(clusterName, alias, passwordString); }
@Override public void addAliasForCluster(String clusterName, String alias, String value) { try { keystoreService.addCredentialForCluster(clusterName, alias, value); } catch (KeystoreServiceException e) { LOG.failedToAddCredentialForCluster(clusterName, e); } }
@Override public char[] getPasswordFromAliasForCluster(String clusterName, String alias, boolean generate) throws AliasServiceException { char[] credential; try { credential = keystoreService.getCredentialForCluster(clusterName, alias); if (credential == null) { if (generate) { generateAliasForCluster(clusterName, alias); credential = keystoreService.getCredentialForCluster(clusterName, alias); } } } catch (KeystoreServiceException e) { LOG.failedToGetCredentialForCluster(clusterName, e); throw new AliasServiceException(e); } return credential; }