1 | |
package ca.uhn.hl7v2.hoh.util; |
2 | |
|
3 | |
import java.io.BufferedInputStream; |
4 | |
import java.io.File; |
5 | |
import java.io.FileInputStream; |
6 | |
import java.io.FileNotFoundException; |
7 | |
import java.io.IOException; |
8 | |
import java.security.Key; |
9 | |
import java.security.KeyStore; |
10 | |
import java.security.KeyStoreException; |
11 | |
import java.security.NoSuchAlgorithmException; |
12 | |
import java.security.PrivateKey; |
13 | |
import java.security.UnrecoverableKeyException; |
14 | |
import java.security.cert.CertificateException; |
15 | |
import java.util.Enumeration; |
16 | |
|
17 | |
public class KeystoreUtils { |
18 | |
|
19 | 5 | private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(KeystoreUtils.class); |
20 | |
|
21 | |
|
22 | 0 | private KeystoreUtils() { |
23 | |
|
24 | 0 | } |
25 | |
|
26 | |
public static KeyStore loadKeystore(File theFile, char[] thePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException { |
27 | 10 | KeyStore keystore = KeyStore.getInstance("JKS"); |
28 | 10 | keystore.load(new BufferedInputStream(new FileInputStream(theFile)), thePassword); |
29 | 10 | return keystore; |
30 | |
} |
31 | |
|
32 | |
public static KeyStore loadKeystore(String theFile, String theKeystorePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException { |
33 | 10 | char[] pass = theKeystorePassword != null ? theKeystorePassword.toCharArray() : null; |
34 | 10 | return loadKeystore(new File(theFile), pass); |
35 | |
} |
36 | |
|
37 | |
public static boolean validateKeystoreForTlsReceiving(KeyStore theKs) throws KeyStoreException { |
38 | |
|
39 | 10 | Enumeration<String> aliases = theKs.aliases(); |
40 | 10 | boolean foundPrivateKey = false; |
41 | 20 | while (aliases.hasMoreElements()) { |
42 | 10 | String nextAlias = aliases.nextElement(); |
43 | |
|
44 | 10 | ourLog.debug("Checking keystore alias: {}", nextAlias); |
45 | |
|
46 | 10 | if (theKs.isKeyEntry(nextAlias)) { |
47 | 5 | ourLog.debug("Found private key: " + nextAlias); |
48 | 5 | foundPrivateKey = true; |
49 | |
} |
50 | |
|
51 | 10 | } |
52 | |
|
53 | 10 | return foundPrivateKey; |
54 | |
} |
55 | |
|
56 | |
public static boolean validateKeystoreForSignatureSigning(KeyStore theKs) throws KeyStoreException { |
57 | |
|
58 | 0 | Enumeration<String> aliases = theKs.aliases(); |
59 | 0 | boolean foundPrivateKey = false; |
60 | 0 | while (aliases.hasMoreElements()) { |
61 | 0 | String nextAlias = aliases.nextElement(); |
62 | |
|
63 | 0 | ourLog.debug("Checking keystore alias: {}", nextAlias); |
64 | |
|
65 | 0 | if (theKs.isKeyEntry(nextAlias)) { |
66 | 0 | ourLog.debug("Found private key: " + nextAlias); |
67 | 0 | foundPrivateKey = true; |
68 | |
} |
69 | |
|
70 | 0 | } |
71 | |
|
72 | 0 | return foundPrivateKey; |
73 | |
} |
74 | |
|
75 | |
public static boolean validateKeystoreForTlsSending(KeyStore theKs) throws KeyStoreException { |
76 | |
|
77 | 0 | Enumeration<String> aliases = theKs.aliases(); |
78 | 0 | boolean foundPublicKey = false; |
79 | 0 | while (aliases.hasMoreElements()) { |
80 | 0 | String nextAlias = aliases.nextElement(); |
81 | |
|
82 | 0 | ourLog.debug("Checking keystore alias: {}", nextAlias); |
83 | |
|
84 | 0 | if (theKs.isCertificateEntry(nextAlias)) { |
85 | 0 | ourLog.debug("Found public key: " + nextAlias); |
86 | 0 | foundPublicKey = true; |
87 | |
} |
88 | |
|
89 | 0 | } |
90 | |
|
91 | 0 | return foundPublicKey; |
92 | |
} |
93 | |
|
94 | |
public static boolean validateKeystoreForSignatureVerifying(KeyStore theKs) throws KeyStoreException { |
95 | |
|
96 | 0 | Enumeration<String> aliases = theKs.aliases(); |
97 | 0 | boolean foundPublicKey = false; |
98 | 0 | while (aliases.hasMoreElements()) { |
99 | 0 | String nextAlias = aliases.nextElement(); |
100 | |
|
101 | 0 | ourLog.debug("Checking keystore alias: {}", nextAlias); |
102 | |
|
103 | 0 | if (theKs.isCertificateEntry(nextAlias)) { |
104 | 0 | ourLog.debug("Found public key: " + nextAlias); |
105 | 0 | foundPublicKey = true; |
106 | |
} |
107 | |
|
108 | 0 | } |
109 | |
|
110 | 0 | return foundPublicKey; |
111 | |
} |
112 | |
|
113 | |
|
114 | |
public static boolean validateKeyForSignatureSigning(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) { |
115 | 0 | Validate.notNull(theKeystore, "Keystore"); |
116 | 0 | Validate.notBlank(theKeyAlias, "Key Alias"); |
117 | 0 | Validate.notNull(theKeyPassword, "Key Password"); |
118 | |
|
119 | |
Key key; |
120 | |
try { |
121 | 0 | key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray()); |
122 | 0 | } catch (UnrecoverableKeyException e) { |
123 | 0 | ourLog.debug("Failed to recover key", e); |
124 | 0 | return false; |
125 | 0 | } catch (KeyStoreException e) { |
126 | 0 | ourLog.debug("Failed to recover key", e); |
127 | 0 | return false; |
128 | 0 | } catch (NoSuchAlgorithmException e) { |
129 | 0 | ourLog.debug("Failed to recover key", e); |
130 | 0 | return false; |
131 | 0 | } |
132 | |
|
133 | 0 | if (key == null) { |
134 | 0 | ourLog.debug("Key is null"); |
135 | 0 | return false; |
136 | 0 | } else if (!(key instanceof PrivateKey)) { |
137 | 0 | ourLog.debug("Key is of type: {}", key.getClass()); |
138 | 0 | return false; |
139 | |
} |
140 | |
|
141 | 0 | return true; |
142 | |
} |
143 | |
|
144 | |
|
145 | |
|
146 | |
|
147 | |
public static boolean canRecoverKey(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) { |
148 | 0 | Validate.notNull(theKeystore, "Keystore"); |
149 | 0 | Validate.notBlank(theKeyAlias, "Key Alias"); |
150 | 0 | Validate.notNull(theKeyPassword, "Key Password"); |
151 | |
|
152 | |
try { |
153 | 0 | Key key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray()); |
154 | 0 | return key != null; |
155 | 0 | } catch (UnrecoverableKeyException e) { |
156 | 0 | ourLog.debug("Failed to recover key", e); |
157 | 0 | return false; |
158 | 0 | } catch (KeyStoreException e) { |
159 | 0 | ourLog.debug("Failed to recover key", e); |
160 | 0 | return false; |
161 | 0 | } catch (NoSuchAlgorithmException e) { |
162 | 0 | ourLog.debug("Failed to recover key", e); |
163 | 0 | return false; |
164 | |
} |
165 | |
|
166 | |
} |
167 | |
|
168 | |
} |