1 package ca.uhn.hl7v2.hoh.util;
2
3 import java.io.BufferedInputStream;
4 import java.io.File;
5 import java.io.FileInputStream;
6 import java.io.FileNotFoundException;
7 import java.io.IOException;
8 import java.security.Key;
9 import java.security.KeyStore;
10 import java.security.KeyStoreException;
11 import java.security.NoSuchAlgorithmException;
12 import java.security.PrivateKey;
13 import java.security.UnrecoverableKeyException;
14 import java.security.cert.CertificateException;
15 import java.util.Enumeration;
16
17 public class KeystoreUtils {
18
19 private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(KeystoreUtils.class);
20
21
22 private KeystoreUtils() {
23
24 }
25
26 public static KeyStore loadKeystore(File theFile, char[] thePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
27 KeyStore keystore = KeyStore.getInstance("JKS");
28 keystore.load(new BufferedInputStream(new FileInputStream(theFile)), thePassword);
29 return keystore;
30 }
31
32 public static KeyStore loadKeystore(String theFile, String theKeystorePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
33 char[] pass = theKeystorePassword != null ? theKeystorePassword.toCharArray() : null;
34 return loadKeystore(new File(theFile), pass);
35 }
36
37 public static boolean validateKeystoreForTlsReceiving(KeyStore theKs) throws KeyStoreException {
38
39 Enumeration<String> aliases = theKs.aliases();
40 boolean foundPrivateKey = false;
41 while (aliases.hasMoreElements()) {
42 String nextAlias = aliases.nextElement();
43
44 ourLog.debug("Checking keystore alias: {}", nextAlias);
45
46 if (theKs.isKeyEntry(nextAlias)) {
47 ourLog.debug("Found private key: " + nextAlias);
48 foundPrivateKey = true;
49 }
50
51 }
52
53 return foundPrivateKey;
54 }
55
56 public static boolean validateKeystoreForSignatureSigning(KeyStore theKs) throws KeyStoreException {
57
58 Enumeration<String> aliases = theKs.aliases();
59 boolean foundPrivateKey = false;
60 while (aliases.hasMoreElements()) {
61 String nextAlias = aliases.nextElement();
62
63 ourLog.debug("Checking keystore alias: {}", nextAlias);
64
65 if (theKs.isKeyEntry(nextAlias)) {
66 ourLog.debug("Found private key: " + nextAlias);
67 foundPrivateKey = true;
68 }
69
70 }
71
72 return foundPrivateKey;
73 }
74
75 public static boolean validateKeystoreForTlsSending(KeyStore theKs) throws KeyStoreException {
76
77 Enumeration<String> aliases = theKs.aliases();
78 boolean foundPublicKey = false;
79 while (aliases.hasMoreElements()) {
80 String nextAlias = aliases.nextElement();
81
82 ourLog.debug("Checking keystore alias: {}", nextAlias);
83
84 if (theKs.isCertificateEntry(nextAlias)) {
85 ourLog.debug("Found public key: " + nextAlias);
86 foundPublicKey = true;
87 }
88
89 }
90
91 return foundPublicKey;
92 }
93
94 public static boolean validateKeystoreForSignatureVerifying(KeyStore theKs) throws KeyStoreException {
95
96 Enumeration<String> aliases = theKs.aliases();
97 boolean foundPublicKey = false;
98 while (aliases.hasMoreElements()) {
99 String nextAlias = aliases.nextElement();
100
101 ourLog.debug("Checking keystore alias: {}", nextAlias);
102
103 if (theKs.isCertificateEntry(nextAlias)) {
104 ourLog.debug("Found public key: " + nextAlias);
105 foundPublicKey = true;
106 }
107
108 }
109
110 return foundPublicKey;
111 }
112
113
114 public static boolean validateKeyForSignatureSigning(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) {
115 Validate.notNull(theKeystore, "Keystore");
116 Validate.notBlank(theKeyAlias, "Key Alias");
117 Validate.notNull(theKeyPassword, "Key Password");
118
119 Key key;
120 try {
121 key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray());
122 } catch (UnrecoverableKeyException e) {
123 ourLog.debug("Failed to recover key", e);
124 return false;
125 } catch (KeyStoreException e) {
126 ourLog.debug("Failed to recover key", e);
127 return false;
128 } catch (NoSuchAlgorithmException e) {
129 ourLog.debug("Failed to recover key", e);
130 return false;
131 }
132
133 if (key == null) {
134 ourLog.debug("Key is null");
135 return false;
136 } else if (!(key instanceof PrivateKey)) {
137 ourLog.debug("Key is of type: {}", key.getClass());
138 return false;
139 }
140
141 return true;
142 }
143
144
145
146
147 public static boolean canRecoverKey(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) {
148 Validate.notNull(theKeystore, "Keystore");
149 Validate.notBlank(theKeyAlias, "Key Alias");
150 Validate.notNull(theKeyPassword, "Key Password");
151
152 try {
153 Key key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray());
154 return key != null;
155 } catch (UnrecoverableKeyException e) {
156 ourLog.debug("Failed to recover key", e);
157 return false;
158 } catch (KeyStoreException e) {
159 ourLog.debug("Failed to recover key", e);
160 return false;
161 } catch (NoSuchAlgorithmException e) {
162 ourLog.debug("Failed to recover key", e);
163 return false;
164 }
165
166 }
167
168 }