private PublicKey getPublicKey(String tenantDomain, KeyStoreManager keyStoreManager, String jksName) throws Exception { return keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey(); }
public String[] getStoreEntries(String keyStoreName) throws SecurityConfigException { String[] names; try { if (keyStoreName == null) { throw new Exception("keystore name cannot be null"); } KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); KeyStore ks = keyMan.getKeyStore(keyStoreName); Enumeration<String> enm = ks.aliases(); List<String> lst = new ArrayList<>(); while (enm.hasMoreElements()) { lst.add(enm.nextElement()); } names = lst.toArray(new String[lst.size()]); } catch (SecurityConfigException e) { throw e; } catch (Exception e) { String msg = "Error when getting store entries"; log.error(msg, e); throw new SecurityConfigException(msg); } return names; }
public Properties getServerCryptoProperties(String privateStore, String[] trustedCertStores) throws Exception { Properties props = new Properties(); int tenantId = ((UserRegistry) registry).getTenantId(); if (trustedCertStores != null && trustedCertStores.length > 0) { StringBuilder trustString = new StringBuilder(); for (String trustedCertStore : trustedCertStores) { if (trustString.length() > 0) { trustString.append(","); } trustString.append(trustedCertStore); } props.setProperty(ServerCrypto.PROP_ID_TRUST_STORES, trustString.toString()); } if (privateStore != null) { props.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, privateStore); KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); KeyStore ks = keyMan.getKeyStore(privateStore); String privKeyAlias = KeyStoreUtil.getPrivateKeyAlias(ks); props.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, privKeyAlias); props.setProperty(USER, privKeyAlias); } if (privateStore != null || (trustedCertStores != null && trustedCertStores.length > 0)) { //Set the tenant-ID in the properties props.setProperty(ServerCrypto.PROP_ID_TENANT_ID, Integer.toString(tenantId)); } return props; }
/** * Set parameters needed for build Sign Key from the tenant KeyStore * * @param tenantID * @param tenantDomain * @throws Exception */ private void initializeKeyDataForTenant(int tenantID, String tenantDomain) throws Exception { if (log.isDebugEnabled()) { log.debug("Initializing Key Data for tenant: " + tenantDomain); } String keyStoreName = SAMLSSOUtil.generateKSNameFromDomainName(tenantDomain); String keyAlias = tenantDomain; KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantID); KeyStore keyStore = keyMan.getKeyStore(keyStoreName); issuerPrivateKey = (PrivateKey) keyMan.getPrivateKey(keyStoreName, tenantDomain); Certificate[] certificates = keyStore.getCertificateChain(keyAlias); issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class); publicKey = issuerCerts[0].getPublicKey(); signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA; String pubKeyAlgo = publicKey.getAlgorithm(); if (DSA_ENCRYPTION_ALGORITHM.equalsIgnoreCase(pubKeyAlgo)) { signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_DSA; } }
public Properties getServerCryptoProperties(String privateStore, String[] trustedCertStores) throws Exception { Properties props = new Properties(); int tenantId = ((UserRegistry) registry).getTenantId(); if (trustedCertStores != null && trustedCertStores.length > 0) { StringBuilder trustString = new StringBuilder(); for (String trustedCertStore : trustedCertStores) { if (trustString.length() > 0) { trustString.append(","); } trustString.append(trustedCertStore); } props.setProperty(ServerCrypto.PROP_ID_TRUST_STORES, trustString.toString()); } if (privateStore != null) { props.setProperty(ServerCrypto.PROP_ID_PRIVATE_STORE, privateStore); KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); KeyStore ks = keyMan.getKeyStore(privateStore); String privKeyAlias = KeyStoreUtil.getPrivateKeyAlias(ks); props.setProperty(ServerCrypto.PROP_ID_DEFAULT_ALIAS, privKeyAlias); props.setProperty(USER, privKeyAlias); } if (privateStore != null || (trustedCertStores != null && trustedCertStores.length > 0)) { //Set the tenant-ID in the properties props.setProperty(ServerCrypto.PROP_ID_TENANT_ID, Integer.toString(tenantId)); } return props; }
KeyStore ks = keyMan.getKeyStore(privateStore);
private static Certificate getCertificate(String tenantDomain, int tenantId) throws Exception { Certificate publicCert = null; if (!(publicCerts.containsKey(tenantId))) { try { IdentityTenantUtil.initializeRegistry(tenantId, tenantDomain); } catch (IdentityException e) { throw new IdentityOAuth2Exception("Error occurred while loading registry for tenant " + tenantDomain, e); } // get tenant's key store manager KeyStoreManager tenantKSM = KeyStoreManager.getInstance(tenantId); KeyStore keyStore = null; if (!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { // derive key store name String ksName = tenantDomain.trim().replace(".", "-"); String jksName = ksName + ".jks"; keyStore = tenantKSM.getKeyStore(jksName); publicCert = keyStore.getCertificate(tenantDomain); } else { publicCert = tenantKSM.getDefaultPrimaryCertificate(); } if (publicCert != null) { publicCerts.put(tenantId, publicCert); } } else { publicCert = publicCerts.get(tenantId); } return publicCert; }
private KeyStore getKeyStore(String keyStoreName) throws Exception { if (isTrustStore(keyStoreName)) { return getTrustStore(); } else { KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); return keyMan.getKeyStore(keyStoreName); } }
private KeyStore getKeyStore(String keyStoreName) throws Exception { if (isTrustStore(keyStoreName)) { return getTrustStore(); } else { KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); return keyMan.getKeyStore(keyStoreName); } }
keyStore = tenantKSM.getKeyStore(jksName); publicCert = keyStore.getCertificate(tenantDomain); } else {
keyStore = tenantKSM.getKeyStore(jksName); publicCert = keyStore.getCertificate(tenantDomain); } else {
keyStore = tenantKSM.getKeyStore(jksName); publicCert = keyStore.getCertificate(tenantDomain); } else {
/** * Gets the key store for the tenant. * @return KeyStore */ private KeyStore getKeyStore() throws AxisFault{ //get tenant domain String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain(); //get tenantId int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId(); KeyStore keyStore = keyStores.get(tenantId); if(keyStore == null){ //get tenant's key store manager KeyStoreManager tenantKSM = KeyStoreManager.getInstance(tenantId); try { if(!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)){ //derive key store name String ksName = tenantDomain.trim().replace(".", "-"); String jksName = ksName + ".jks"; keyStore = tenantKSM.getKeyStore(jksName); }else{ keyStore = tenantKSM.getPrimaryKeyStore(); } }catch (Exception e) { throw new AxisFault("Error getting keystore"); } } return keyStore; }
KeyStore ks = keyMan.getKeyStore(keyStoreName);
public void removeCertFromStore(String alias, String keyStoreName) throws SecurityConfigException { try { if (keyStoreName == null) { throw new SecurityConfigException("Key Store name can't be null"); } KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantId); KeyStore ks = keyMan.getKeyStore(keyStoreName); if (ks.getCertificate(alias) == null) { return; } ks.deleteEntry(alias); keyMan.updateKeyStore(keyStoreName, ks); } catch (SecurityConfigException e) { throw e; } catch (Exception e) { String msg = "Error when removing cert from store"; log.error(msg, e); throw new SecurityConfigException(msg); } }
keyStore = tenantKSM.getKeyStore(jksName); publicCert = keyStore.getCertificate(tenantDomain); } else {
KeyStore ks = keyMan.getKeyStore(keyStoreName);
String ksName = tenantDomain.trim().replace(".", "-"); String jksName = ksName + ".jks"; publicKey = (RSAPublicKey) keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain) .getPublicKey(); } else {
/** * @param certificateId Alias of the certificate to be retrieved. * @param tenant The tenant where the key store file should be loaded from. * If the tenant is the super tenant, the primary key store will be used. * @return The certificate for the given alias */ @Override public X509Certificate getCertificate(String certificateId, Tenant tenant) throws CertificateRetrievingException { KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenant.getId()); KeyStore keyStore; try { if (tenant.getId() != MultitenantConstants.SUPER_TENANT_ID) { // This is a tenant. So load the tenant key store. keyStore = keyStoreManager.getKeyStore(getKeyStoreName(tenant.getDomain())); } else { // This is the super tenant. So load the primary key store. keyStore = keyStoreManager.getPrimaryKeyStore(); } X509Certificate certificate = (X509Certificate) keyStore.getCertificate(certificateId); return certificate; } catch (Exception e) { String errorMsg = String.format("Error occurred while retrieving the certificate for the alias '%s' " + "of the tenant domain '%s'." + certificateId, tenant.getDomain()); throw new CertificateRetrievingException(errorMsg, e); } }
/** * @param certificateId Alias of the certificate to be retrieved. * @param tenant The tenant where the key store file should be loaded from. * If the tenant is the super tenant, the primary key store will be used. * @return The certificate for the given alias */ @Override public X509Certificate getCertificate(String certificateId, Tenant tenant) throws CertificateRetrievingException { KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenant.getId()); KeyStore keyStore; try { if (tenant.getId() != MultitenantConstants.SUPER_TENANT_ID) { // This is a tenant. So load the tenant key store. keyStore = keyStoreManager.getKeyStore(getKeyStoreName(tenant.getDomain())); } else { // This is the super tenant. So load the primary key store. keyStore = keyStoreManager.getPrimaryKeyStore(); } X509Certificate certificate = (X509Certificate) keyStore.getCertificate(certificateId); return certificate; } catch (Exception e) { String errorMsg = String.format("Error occurred while retrieving the certificate for the alias '%s' " + "of the tenant domain '%s'." + certificateId, tenant.getDomain()); throw new CertificateRetrievingException(errorMsg, e); } }