@Override public PrivateKey getPrivateKey(String tenantDomain) throws IdentityException { PrivateKey privateKey; try { int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { // derive key store name String ksName = tenantDomain.trim().replace(".", "-"); // derive JKS name String jksName = ksName + ".jks"; privateKey = (PrivateKey) keyStoreManager.getPrivateKey(jksName, tenantDomain); } else { privateKey = keyStoreManager.getDefaultPrivateKey(); } } catch (Exception e) { throw new IdentityException("Error retrieving private key for tenant: " + tenantDomain, e); } return privateKey; }
/** * Gets the key store for the tenant. * @return KeyStore */ private KeyStore getKeyStore() throws AxisFault{ //get tenant domain String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); //get tenantId int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); KeyStore keyStore = keyStores.get(tenantId); if(keyStore == null){ //get tenant's key store manager KeyStoreManager tenantKSM = KeyStoreManager.getInstance(tenantId); try { if(!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)){ //derive key store name String ksName = tenantDomain.trim().replace(".", "-"); String jksName = ksName + ".jks"; keyStore = tenantKSM.getKeyStore(jksName); }else{ keyStore = tenantKSM.getPrimaryKeyStore(); } }catch (Exception e) { throw new AxisFault("Error getting keystore"); } } return keyStore; }
protected void readCarbonX509Credentials(int tenantId, String tenantDomain) throws SSOAgentException { KeyStoreManager tenantKSM = KeyStoreManager.getInstance(tenantId); if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { KeyStore keyStore = null; try { keyStore = tenantKSM.getKeyStore(jksName); } catch (Exception e) { throw new SSOAgentException("Error occurred while retrieving " + " of tenant " + tenantDomain, e); privateKey = (PrivateKey) tenantKSM.getPrivateKey(jksName, tenantDomain); } else { try { entityCertificate = tenantKSM.getDefaultPrimaryCertificate(); } catch (Exception e) { throw new SSOAgentException("Error retrieving default primary certificate of " + privateKey = tenantKSM.getDefaultPrivateKey(); } catch (Exception e) { throw new SSOAgentException("Error retrieving default private key of " +
private KeyStore getKeyStore(String keyStoreName) throws Exception { if (isTrustStore(keyStoreName)) { return getTrustStore(); } else { KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); return keyMan.getKeyStore(keyStoreName); } }
/** * get a org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl using RegistryService * * @return created X509Credential */ private X509CredentialImpl getPublicX509CredentialImpl() throws Exception { X509CredentialImpl credentialImpl; KeyStoreManager keyStoreManager; try { keyStoreManager = KeyStoreManager.getInstance(-1234); // load the default pub. cert using the configuration in carbon.xml java.security.cert.X509Certificate cert = keyStoreManager.getDefaultPrimaryCertificate(); credentialImpl = new X509CredentialImpl(cert); return credentialImpl; } catch (Exception e) { log.error("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " + "object for the public cert.", e); throw new Exception("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " + "object for the public cert.", e); } }
public SignKeyDataHolder() throws Exception { try { String keyAlias = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.KeyAlias"); KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias); issuerPK = keyMan.getDefaultPrivateKey(); issuerCerts = new X509Certificate[certificates.length]; int i = 0; for (Certificate certificate : certificates) { issuerCerts[i++] = (X509Certificate) certificate; } signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA; String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm(); if (pubKeyAlgo.equalsIgnoreCase("DSA")) { signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_DSA; } } catch (Exception e) { throw new Exception("Error while reading the key", e); } }
private static Certificate getCertificate(String tenantDomain, int tenantId) throws Exception { Certificate publicCert = null; if (!(publicCerts.containsKey(tenantId))) { try { IdentityTenantUtil.initializeRegistry(tenantId, tenantDomain); } catch (IdentityException e) { throw new IdentityOAuth2Exception("Error occurred while loading registry for tenant " + tenantDomain, e); } // get tenant's key store manager KeyStoreManager tenantKSM = KeyStoreManager.getInstance(tenantId); KeyStore keyStore = null; if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { // derive key store name String ksName = tenantDomain.trim().replace(".", "-"); String jksName = ksName + ".jks"; keyStore = tenantKSM.getKeyStore(jksName); publicCert = keyStore.getCertificate(tenantDomain); } else { publicCert = tenantKSM.getDefaultPrimaryCertificate(); } if (publicCert != null) { publicCerts.put(tenantId, publicCert); } } else { publicCert = publicCerts.get(tenantId); } return publicCert; }
/** * Set parameters needed for build Sign Key from the Sign KeyStore which is defined under Security.KeyStore in * carbon.xml * * @throws Exception */ private void initializeKeyDataForSuperTenantFromSystemKeyStore() throws Exception { if (log.isDebugEnabled()) { log.debug("Initializing Key Data for super tenant using system key store"); } String keyAlias = ServerConfiguration.getInstance().getFirstProperty(SECURITY_KEY_STORE_KEY_ALIAS); if (StringUtils.isBlank(keyAlias)) { throw new IdentityException("Invalid file configurations. The key alias is not found."); } KeyStoreAdmin keyAdmin = new KeyStoreAdmin(MultitenantConstants.SUPER_TENANT_ID, SAMLSSOUtil.getRegistryService().getGovernanceSystemRegistry()); KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); issuerPrivateKey = (PrivateKey) keyAdmin.getPrivateKey(keyAlias, true); Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias); issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class); publicKey = issuerCerts[0].getPublicKey(); signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA; String pubKeyAlgo = publicKey.getAlgorithm(); if (DSA_ENCRYPTION_ALGORITHM.equalsIgnoreCase(pubKeyAlgo)) { signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_DSA; } }
String keyStoreName = userTenantDomain.trim().replace(".", "-") + ".jks"; keyAlias = userTenantDomain; keyMan = KeyStoreManager.getInstance(tenantID); File f; KeyStore keyStore = keyMan.getKeyStore(keyStoreName); issuerPK = (PrivateKey) keyMan.getPrivateKey(keyStoreName, userTenantDomain); certificates = keyStore.getCertificateChain(keyAlias); issuerCerts = new X509Certificate[certificates.length]; keyMan = KeyStoreManager.getInstance(tenantID); certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias); issuerCerts = new X509Certificate[certificates.length];
getGovernanceSystemRegistry(tenantId); try { KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); if (govRegistry.resourceExists(SecurityConstants.KEY_STORES)) { Collection collection = (Collection) govRegistry.get(SecurityConstants.KEY_STORES); KeyStore store = keyMan.getPrimaryKeyStore(); if (store.containsAlias(username)) { password = keyMan.getPrimaryPrivateKeyPasssword(); break; KeyStore store = null; store = keyMan.getKeyStore(name); if (log.isDebugEnabled()) { log.debug("Load the keystore " + name);
keyStoreManager = KeyStoreManager.getInstance(tenantID); KeyStore keystore = keyStoreManager.getKeyStore(generateKSNameFromDomainName(domainName)); java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) keystore.getCertificate(domainName); java.security.cert.X509Certificate cert = null; if (alias != null) { cert = (X509Certificate) keyStoreManager.getPrimaryKeyStore().getCertificate(alias); if (cert == null) { String errorMsg = "Cannot find a certificate with the alias " + alias + cert = keyStoreManager.getDefaultPrimaryCertificate();
/** * Create basic credentials needed to generate signature using EntitlementServiceComponent * * @return basicX509Credential */ private static BasicX509Credential createBasicCredentials() { Certificate certificate = null; PrivateKey issuerPK = null; KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234); try { certificate = keyMan.getDefaultPrimaryCertificate(); issuerPK = keyMan.getDefaultPrivateKey(); } catch (Exception e) { log.error("Error occurred while getting the KeyStore from KeyManger.", e); } BasicX509Credential basicCredential = new BasicX509Credential(); basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate); basicCredential.setPrivateKey(issuerPK); return basicCredential; }
public void removeCertFromStore(String alias, String keyStoreName) throws SecurityConfigException { try { if (keyStoreName == null) { throw new SecurityConfigException("Key Store name can't be null"); } KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); KeyStore ks = keyMan.getKeyStore(keyStoreName); if (ks.getCertificate(alias) == null) { return; } ks.deleteEntry(alias); keyMan.updateKeyStore(keyStoreName, ks); } catch (SecurityConfigException e) { throw e; } catch (Exception e) { String msg = "Error when removing cert from store"; log.error(msg, e); throw new SecurityConfigException(msg); } }
/** * Set parameters needed for build Sign Key from the tenant KeyStore * * @param tenantID * @param tenantDomain * @throws Exception */ private void initializeKeyDataForTenant(int tenantID, String tenantDomain) throws Exception { if (log.isDebugEnabled()) { log.debug("Initializing Key Data for tenant: " + tenantDomain); } String keyStoreName = SAMLSSOUtil.generateKSNameFromDomainName(tenantDomain); String keyAlias = tenantDomain; KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantID); KeyStore keyStore = keyMan.getKeyStore(keyStoreName); issuerPrivateKey = (PrivateKey) keyMan.getPrivateKey(keyStoreName, tenantDomain); Certificate[] certificates = keyStore.getCertificateChain(keyAlias); issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class); publicKey = issuerCerts[0].getPublicKey(); signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA; String pubKeyAlgo = publicKey.getAlgorithm(); if (DSA_ENCRYPTION_ALGORITHM.equalsIgnoreCase(pubKeyAlgo)) { signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_DSA; } }
if (superTenant && KeyStoreUtil.isPrimaryStore(keystores[i].getKeyStoreName())) { keyStoreName = keystores[i].getKeyStoreName(); privateKeyAlias = KeyStoreUtil.getPrivateKeyAlias(KeyStoreManager.getInstance( MultitenantConstants.SUPER_TENANT_ID).getKeyStore(keyStoreName)); break; } else if (!superTenant && generateKSNameFromDomainName(tenantDomain) keyStoreName = keystores[i].getKeyStoreName(); privateKeyAlias = tenantDomain; keyPassword = KeyStoreManager.getInstance(tenantId).getKeyStorePassword(keyStoreName); keyAlias = tenantDomain; break;
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); publicKey = (RSAPublicKey) keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain) .getPublicKey(); } else { publicKey = (RSAPublicKey) keyStoreManager.getDefaultPublicKey();
private KeyStoreManager getKeyStoreManager(int tenantId) throws AppManagementException { try { AppManagerUtil.loadTenantRegistry(tenantId); return KeyStoreManager.getInstance(tenantId); } catch (AppManagementException e) { String error = "Error in obtaining key store manager for tenant " + tenantId; log.error(error, e); throw new AppManagementException(error, e); } }
try { KeyStoreManager keyStoreManager = KeyStoreManager.getInstance( MultitenantConstants.SUPER_TENANT_ID); keyStoreManager.getDefaultPrimaryCertificate(); new RSASSAVerifier((RSAPublicKey) keyStoreManager.getDefaultPublicKey()); SignedJWT jwsObject = SignedJWT.parse(headerData);
private void updateKeyStore(String name, KeyStore keyStore) throws Exception { FileOutputStream resource1; String outputStream1; String path; if (isTrustStore(name)) { path = (new File(TRUST_STORE_LOCATION)).getAbsolutePath(); resource1 = null; try { resource1 = new FileOutputStream(path); outputStream1 = TRUST_STORE_PASSWORD; keyStore.store(resource1, outputStream1.toCharArray()); } finally { if (resource1 != null) { resource1.close(); } } } else { KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); keyStoreManager.updateKeyStore(name, keyStore); } } }
keyStore = tenantKSM.getKeyStore(jksName); publicCert = keyStore.getCertificate(tenantDomain); } else { publicCert = tenantKSM.getDefaultPrimaryCertificate();