private KeyStoreManager getKeyStoreManager(int tenantId) throws AppManagementException { try { AppManagerUtil.loadTenantRegistry(tenantId); return KeyStoreManager.getInstance(tenantId); } catch (AppManagementException e) { String error = "Error in obtaining key store manager for tenant " + tenantId; log.error(error, e); throw new AppManagementException(error, e); } }
private void updateKeyStore(String name, KeyStore keyStore) throws Exception { FileOutputStream resource1; String outputStream1; String path; if (isTrustStore(name)) { path = (new File(TRUST_STORE_LOCATION)).getAbsolutePath(); resource1 = null; try { resource1 = new FileOutputStream(path); outputStream1 = TRUST_STORE_PASSWORD; keyStore.store(resource1, outputStream1.toCharArray()); } finally { if (resource1 != null) { resource1.close(); } } } else { KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); keyStoreManager.updateKeyStore(name, keyStore); } } }
/** * get a org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl using RegistryService * * @return created X509Credential */ private X509CredentialImpl getPublicX509CredentialImpl() throws Exception { X509CredentialImpl credentialImpl; KeyStoreManager keyStoreManager; try { keyStoreManager = KeyStoreManager.getInstance(-1234); // load the default pub. cert using the configuration in carbon.xml java.security.cert.X509Certificate cert = keyStoreManager.getDefaultPrimaryCertificate(); credentialImpl = new X509CredentialImpl(cert); return credentialImpl; } catch (Exception e) { log.error("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " + "object for the public cert.", e); throw new Exception("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " + "object for the public cert.", e); } }
/** * get a org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl using RegistryService * * @return created X509Credential */ private X509CredentialImpl getPublicX509CredentialImpl() throws Exception { X509CredentialImpl credentialImpl; KeyStoreManager keyStoreManager; try { keyStoreManager = KeyStoreManager.getInstance(-1234); // load the default pub. cert using the configuration in carbon.xml java.security.cert.X509Certificate cert = keyStoreManager.getDefaultPrimaryCertificate(); credentialImpl = new X509CredentialImpl(cert); return credentialImpl; } catch (Exception e) { log.error("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " + "object for the public cert.", e); throw new Exception("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " + "object for the public cert.", e); } }
public SignKeyDataHolder() throws Exception { try { String keyAlias = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.KeyAlias"); KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias); issuerPK = keyMan.getDefaultPrivateKey(); issuerCerts = new X509Certificate[certificates.length]; int i = 0; for (Certificate certificate : certificates) { issuerCerts[i++] = (X509Certificate) certificate; } signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA; String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm(); if (pubKeyAlgo.equalsIgnoreCase("DSA")) { signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_DSA; } } catch (Exception e) { throw new Exception("Error while reading the key", e); } }
public SignKeyDataHolder() throws Exception { try { String keyAlias = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.KeyAlias"); KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias); issuerPK = keyMan.getDefaultPrivateKey(); issuerCerts = new X509Certificate[certificates.length]; int i = 0; for (Certificate certificate : certificates) { issuerCerts[i++] = (X509Certificate) certificate; } signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA; String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm(); if (pubKeyAlgo.equalsIgnoreCase("DSA")) { signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_DSA; } } catch (Exception e) { throw new Exception("Error while reading the key", e); } }
private KeyStore getKeyStore(String keyStoreName) throws Exception { if (isTrustStore(keyStoreName)) { return getTrustStore(); } else { KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); return keyMan.getKeyStore(keyStoreName); } }
private KeyStore getKeyStore(String keyStoreName) throws Exception { if (isTrustStore(keyStoreName)) { return getTrustStore(); } else { KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); return keyMan.getKeyStore(keyStoreName); } }
@Override public PrivateKey getPrivateKey(String tenantDomain) throws IdentityException { PrivateKey privateKey; try { int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { // derive key store name String ksName = tenantDomain.trim().replace(".", "-"); // derive JKS name String jksName = ksName + ".jks"; privateKey = (PrivateKey) keyStoreManager.getPrivateKey(jksName, tenantDomain); } else { privateKey = keyStoreManager.getDefaultPrivateKey(); } } catch (Exception e) { throw new IdentityException("Error retrieving private key for tenant: " + tenantDomain, e); } return privateKey; }
@Override public PrivateKey getPrivateKey(String tenantDomain) throws IdentityException { PrivateKey privateKey; try { int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { // derive key store name String ksName = tenantDomain.trim().replace(".", "-"); // derive JKS name String jksName = ksName + ".jks"; privateKey = (PrivateKey) keyStoreManager.getPrivateKey(jksName, tenantDomain); } else { privateKey = keyStoreManager.getDefaultPrivateKey(); } } catch (Exception e) { throw new IdentityException("Error retrieving private key for tenant: " + tenantDomain, e); } return privateKey; }
public void removeCertFromStore(String alias, String keyStoreName) throws SecurityConfigException { try { if (keyStoreName == null) { throw new SecurityConfigException("Key Store name can't be null"); } KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); KeyStore ks = keyMan.getKeyStore(keyStoreName); if (ks.getCertificate(alias) == null) { return; } ks.deleteEntry(alias); keyMan.updateKeyStore(keyStoreName, ks); } catch (SecurityConfigException e) { throw e; } catch (Exception e) { String msg = "Error when removing cert from store"; log.error(msg, e); throw new SecurityConfigException(msg); } }
public Key getPrivateKey(String alias, boolean isSuperTenant) throws SecurityConfigException { KeyStoreData[] keystores = getKeyStores(isSuperTenant); KeyStore keyStore = null; String privateKeyPassowrd = null; try { for (int i = 0; i < keystores.length; i++) { if (KeyStoreUtil.isPrimaryStore(keystores[i].getKeyStoreName())) { KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); keyStore = keyMan.getPrimaryKeyStore(); ServerConfiguration serverConfig = ServerConfiguration.getInstance(); privateKeyPassowrd = serverConfig .getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD); return keyStore.getKey(alias, privateKeyPassowrd.toCharArray()); } } } catch (Exception e) { String msg = "Error has encounted while loading the key for the given alias " + alias; log.error(msg, e); throw new SecurityConfigException(msg); } return null; }
public Key getPrivateKey(String alias, boolean isSuperTenant) throws SecurityConfigException { KeyStoreData[] keystores = getKeyStores(isSuperTenant); KeyStore keyStore = null; String privateKeyPassowrd = null; try { for (int i = 0; i < keystores.length; i++) { if (KeyStoreUtil.isPrimaryStore(keystores[i].getKeyStoreName())) { KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); keyStore = keyMan.getPrimaryKeyStore(); ServerConfiguration serverConfig = ServerConfiguration.getInstance(); privateKeyPassowrd = serverConfig .getFirstProperty(RegistryResources.SecurityManagement.SERVER_PRIVATE_KEY_PASSWORD); return keyStore.getKey(alias, privateKeyPassowrd.toCharArray()); } } } catch (Exception e) { String msg = "Error has encounted while loading the key for the given alias " + alias; log.error(msg, e); throw new SecurityConfigException(msg); } return null; }
/** * Create basic credentials needed to generate signature using EntitlementServiceComponent * * @return basicX509Credential */ private static BasicX509Credential createBasicCredentials() { Certificate certificate = null; PrivateKey issuerPK = null; KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234); try { certificate = keyMan.getDefaultPrimaryCertificate(); issuerPK = keyMan.getDefaultPrivateKey(); } catch (Exception e) { log.error("Error occurred while getting the KeyStore from KeyManger.", e); } BasicX509Credential basicCredential = new BasicX509Credential(); basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate); basicCredential.setPrivateKey(issuerPK); return basicCredential; }
/** * Create basic credentials needed to generate signature using EntitlementServiceComponent * * @return basicX509Credential */ private static BasicX509Credential createBasicCredentials() { Certificate certificate = null; PrivateKey issuerPK = null; KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234); try { certificate = keyMan.getDefaultPrimaryCertificate(); issuerPK = keyMan.getDefaultPrivateKey(); } catch (Exception e) { log.error("Error occurred while getting the KeyStore from KeyManger.", e); } BasicX509Credential basicCredential = new BasicX509Credential(); basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate); basicCredential.setPrivateKey(issuerPK); return basicCredential; }
/** * Create basic credentials needed to generate signature using EntitlementServiceComponent * * @return basicX509Credential */ private static BasicX509Credential createBasicCredentials() { Certificate certificate = null; PrivateKey issuerPK = null; KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234); try { certificate = keyMan.getDefaultPrimaryCertificate(); issuerPK = keyMan.getDefaultPrivateKey(); } catch (Exception e) { log.error("Error occurred while getting the KeyStore from KeyManger.", e); } BasicX509Credential basicCredential = new BasicX509Credential(); basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate); basicCredential.setPrivateKey(issuerPK); return basicCredential; }
private void createKeyStore(Class realClass, WithKeyStore withKeyStore) { try { RegistryService registryService = createRegistryService(realClass, withKeyStore.tenantId(), withKeyStore.tenantDomain()); ServerConfiguration serverConfigurationService = ServerConfiguration.getInstance(); serverConfigurationService.init(realClass.getResourceAsStream("/repository/conf/carbon.xml")); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(withKeyStore.tenantId(), serverConfigurationService, registryService); if (!Proxy.isProxyClass(keyStoreManager.getClass()) && !keyStoreManager.getClass().getName().contains("EnhancerByMockitoWithCGLIB") ) { KeyStore keyStore = ReadCertStoreSampleUtil.createKeyStore(getClass()); org.wso2.carbon.identity.testutil.Whitebox.setInternalState(keyStoreManager, "primaryKeyStore", keyStore); org.wso2.carbon.identity.testutil.Whitebox.setInternalState(keyStoreManager, "registryKeyStore", keyStore); } CarbonCoreDataHolder.getInstance().setRegistryService(registryService); CarbonCoreDataHolder.getInstance().setServerConfigurationService(serverConfigurationService); } catch (Exception e) { throw new TestCreationException( "Unhandled error while reading cert for test class: " + realClass.getName(), e); } }
@Override public Certificate getCertificate(String tenantDomain) throws IdentityException { try { int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); return keyStoreManager.getDefaultPrimaryCertificate(); } catch (UserStoreException e) { throw new IdentityException("Error retrieving the tenant ID for tenant: " + tenantDomain, e); } catch (Exception e) { throw new IdentityException( "Error retrieving the primary certificate of the server, the tenant is: " + tenantDomain, e); } } }
@Override public Certificate getCertificate(String tenantDomain) throws IdentityException { try { int tenantId = realmService.getTenantManager().getTenantId(tenantDomain); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); return keyStoreManager.getDefaultPrimaryCertificate(); } catch (UserStoreException e) { throw new IdentityException("Error retrieving the tenant ID for tenant: " + tenantDomain, e); } catch (Exception e) { throw new IdentityException( "Error retrieving the primary certificate of the server, the tenant is: " + tenantDomain, e); } } }
private String getPublicKey(String tenantDomain) throws ConsentManagementException { PublicKey publicKey; int tenantId = ConsentUtils.getTenantId(realmService, tenantDomain); try { KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (isNotSuperTenant(tenantDomain)) { String jksName = getJKSName(tenantDomain); publicKey = getPublicKey(tenantDomain, keyStoreManager, jksName); } else { publicKey = keyStoreManager.getDefaultPublicKey(); } byte[] data = publicKey.getEncoded(); return Base64.encode(data); } catch (Exception e) { throw handleServerException(ERROR_CODE_GETTING_PUBLIC_CERT, tenantDomain); } }