001 /*
002 * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.11/src/java/org/apache/commons/ssl/KeyMaterial.java $
003 * $Revision: 138 $
004 * $Date: 2008-03-03 23:50:07 -0800 (Mon, 03 Mar 2008) $
005 *
006 * ====================================================================
007 * Licensed to the Apache Software Foundation (ASF) under one
008 * or more contributor license agreements. See the NOTICE file
009 * distributed with this work for additional information
010 * regarding copyright ownership. The ASF licenses this file
011 * to you under the Apache License, Version 2.0 (the
012 * "License"); you may not use this file except in compliance
013 * with the License. You may obtain a copy of the License at
014 *
015 * http://www.apache.org/licenses/LICENSE-2.0
016 *
017 * Unless required by applicable law or agreed to in writing,
018 * software distributed under the License is distributed on an
019 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
020 * KIND, either express or implied. See the License for the
021 * specific language governing permissions and limitations
022 * under the License.
023 * ====================================================================
024 *
025 * This software consists of voluntary contributions made by many
026 * individuals on behalf of the Apache Software Foundation. For more
027 * information on the Apache Software Foundation, please see
028 * <http://www.apache.org/>.
029 *
030 */
031
032 package org.apache.commons.ssl;
033
034 import java.io.File;
035 import java.io.FileInputStream;
036 import java.io.IOException;
037 import java.io.InputStream;
038 import java.net.URL;
039 import java.security.GeneralSecurityException;
040 import java.security.KeyStore;
041 import java.security.KeyStoreException;
042 import java.security.cert.Certificate;
043 import java.security.cert.CertificateEncodingException;
044 import java.security.cert.X509Certificate;
045 import java.util.Collections;
046 import java.util.Enumeration;
047 import java.util.Iterator;
048 import java.util.LinkedList;
049 import java.util.List;
050
051 /**
052 * @author Credit Union Central of British Columbia
053 * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
054 * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
055 * @since 27-Feb-2006
056 */
057 public class KeyMaterial extends TrustMaterial {
058 private final Object keyManagerFactory;
059 private final List aliases;
060 private final List associatedChains;
061
062 public KeyMaterial(InputStream jks, char[] password)
063 throws GeneralSecurityException, IOException {
064 this(Util.streamToBytes(jks), password);
065 }
066
067 public KeyMaterial(InputStream jks, char[] jksPass, char[] keyPass)
068 throws GeneralSecurityException, IOException {
069 this(Util.streamToBytes(jks), jksPass, keyPass);
070 }
071
072 public KeyMaterial(InputStream jks, InputStream key, char[] password)
073 throws GeneralSecurityException, IOException {
074 this(jks != null ? Util.streamToBytes(jks) : null,
075 key != null ? Util.streamToBytes(key) : null,
076 password);
077 }
078
079 public KeyMaterial(InputStream jks, InputStream key, char[] jksPass,
080 char[] keyPass)
081 throws GeneralSecurityException, IOException {
082 this(jks != null ? Util.streamToBytes(jks) : null,
083 key != null ? Util.streamToBytes(key) : null,
084 jksPass, keyPass);
085 }
086
087 public KeyMaterial(String pathToJksFile, char[] password)
088 throws GeneralSecurityException, IOException {
089 this(new File(pathToJksFile), password);
090 }
091
092 public KeyMaterial(String pathToJksFile, char[] jksPass, char[] keyPass)
093 throws GeneralSecurityException, IOException {
094 this(new File(pathToJksFile), jksPass, keyPass);
095 }
096
097 public KeyMaterial(String pathToCerts, String pathToKey, char[] password)
098 throws GeneralSecurityException, IOException {
099 this(pathToCerts != null ? new File(pathToCerts) : null,
100 pathToKey != null ? new File(pathToKey) : null,
101 password);
102 }
103
104 public KeyMaterial(String pathToCerts, String pathToKey, char[] jksPass,
105 char[] keyPass)
106 throws GeneralSecurityException, IOException {
107 this(pathToCerts != null ? new File(pathToCerts) : null,
108 pathToKey != null ? new File(pathToKey) : null,
109 jksPass, keyPass);
110 }
111
112 public KeyMaterial(File jksFile, char[] password)
113 throws GeneralSecurityException, IOException {
114 this(new FileInputStream(jksFile), password);
115 }
116
117 public KeyMaterial(File jksFile, char[] jksPass, char[] keyPass)
118 throws GeneralSecurityException, IOException {
119 this(new FileInputStream(jksFile), jksPass, keyPass);
120 }
121
122 public KeyMaterial(File certsFile, File keyFile, char[] password)
123 throws GeneralSecurityException, IOException {
124 this(certsFile != null ? new FileInputStream(certsFile) : null,
125 keyFile != null ? new FileInputStream(keyFile) : null,
126 password);
127 }
128
129 public KeyMaterial(File certsFile, File keyFile, char[] jksPass,
130 char[] keyPass)
131 throws GeneralSecurityException, IOException {
132 this(certsFile != null ? new FileInputStream(certsFile) : null,
133 keyFile != null ? new FileInputStream(keyFile) : null,
134 jksPass, keyPass);
135 }
136
137 public KeyMaterial(URL urlToJKS, char[] password)
138 throws GeneralSecurityException, IOException {
139 this(urlToJKS.openStream(), password);
140 }
141
142 public KeyMaterial(URL urlToJKS, char[] jksPass, char[] keyPass)
143 throws GeneralSecurityException, IOException {
144 this(urlToJKS.openStream(), jksPass, keyPass);
145 }
146
147 public KeyMaterial(URL urlToCerts, URL urlToKey, char[] password)
148 throws GeneralSecurityException, IOException {
149 this(urlToCerts.openStream(), urlToKey.openStream(), password);
150 }
151
152 public KeyMaterial(URL urlToCerts, URL urlToKey, char[] jksPass,
153 char[] keyPass)
154 throws GeneralSecurityException, IOException {
155 this(urlToCerts.openStream(), urlToKey.openStream(), jksPass, keyPass);
156 }
157
158 public KeyMaterial(byte[] jks, char[] password)
159 throws GeneralSecurityException, IOException {
160 this(jks, (byte[]) null, password);
161 }
162
163 public KeyMaterial(byte[] jks, char[] jksPass, char[] keyPass)
164 throws GeneralSecurityException, IOException {
165 this(jks, null, jksPass, keyPass);
166 }
167
168 public KeyMaterial(byte[] jksOrCerts, byte[] key, char[] password)
169 throws GeneralSecurityException, IOException {
170 this(jksOrCerts, key, password, password);
171 }
172
173
174 public KeyMaterial(byte[] jksOrCerts, byte[] key, char[] jksPass,
175 char[] keyPass)
176 throws GeneralSecurityException, IOException {
177 // We're not a simple trust type, so set "simpleTrustType" value to 0.
178 // Only TRUST_ALL and TRUST_THIS_JVM are simple trust types.
179 super(KeyStoreBuilder.build(jksOrCerts, key, jksPass, keyPass), 0);
180 KeyStore ks = getKeyStore();
181 Enumeration en = ks.aliases();
182 List myAliases = new LinkedList();
183 List myChains = new LinkedList();
184 while (en.hasMoreElements()) {
185 X509Certificate[] c; // chain
186 String alias = (String) en.nextElement();
187 if (ks.isKeyEntry(alias)) {
188 try {
189 ks.getKey(alias, keyPass);
190 // No Exception thrown, so we're good!
191 myAliases.add(alias);
192 Certificate[] chain = ks.getCertificateChain(alias);
193 if (chain != null) {
194 c = Certificates.x509ifyChain(chain);
195 // Cleanup chain to remove any spurious entries.
196 if (c != null) {
197 X509Certificate l = c[0]; // The leaf node.
198 c = X509CertificateChainBuilder.buildPath(l, c);
199 }
200 myChains.add(c);
201 } else {
202 throw new KeyStoreException("Could not find KeyMaterial's associated certificate chain with alis=[" + alias + "]");
203 }
204
205 } catch (GeneralSecurityException gse) {
206 // oh well, we can't use that KeyStore alias.
207 }
208 }
209 }
210 if (myAliases.isEmpty()) {
211 throw new KeyStoreException("KeyMaterial provided does not contain any keys!");
212 }
213 this.aliases = Collections.unmodifiableList(myAliases);
214 this.associatedChains = Collections.unmodifiableList(myChains);
215 this.keyManagerFactory = JavaImpl.newKeyManagerFactory(ks, keyPass);
216 }
217
218 public Object[] getKeyManagers() {
219 return JavaImpl.getKeyManagers(keyManagerFactory);
220 }
221
222 public List getAssociatedCertificateChains() {
223 return associatedChains;
224 }
225
226 public KeyStore getKeyStore() {
227 return super.getKeyStore();
228 }
229
230 public List getAliases() {
231 return aliases;
232 }
233
234 public static void main(String[] args) throws Exception {
235 if (args.length < 2) {
236 System.out.println("Usage1: java org.apache.commons.ssl.KeyMaterial [password] [pkcs12 or jks]");
237 System.out.println("Usage2: java org.apache.commons.ssl.KeyMaterial [password] [private-key] [cert-chain]");
238 System.exit(1);
239 }
240 char[] jksPass = args[0].toCharArray();
241 char[] keyPass = jksPass;
242 String path1 = args[1];
243 String path2 = null;
244 if (args.length >= 3) {
245 path2 = args[2];
246 }
247 if (args.length >= 4) {
248 keyPass = args[3].toCharArray();
249 } else if (path2 != null) {
250 File f = new File(path2);
251 if (!f.exists()) {
252 // Hmmm... maybe it's a password.
253 keyPass = path2.toCharArray();
254 path2 = null;
255 }
256 }
257
258 KeyMaterial km = new KeyMaterial(path1, path2, jksPass, keyPass);
259 System.out.println(km);
260 }
261
262 public String toString() {
263 List chains = getAssociatedCertificateChains();
264 List aliases = getAliases();
265 Iterator it = chains.iterator();
266 Iterator aliasesIt = aliases.iterator();
267 StringBuffer buf = new StringBuffer(8192);
268 while (it.hasNext()) {
269 X509Certificate[] certs = (X509Certificate[]) it.next();
270 String alias = (String) aliasesIt.next();
271 buf.append("Alias: ");
272 buf.append(alias);
273 buf.append('\n');
274 if (certs != null) {
275 for (int i = 0; i < certs.length; i++) {
276 buf.append(Certificates.toString(certs[i]));
277 try {
278 buf.append(Certificates.toPEMString(certs[i]));
279 }
280 catch (CertificateEncodingException cee) {
281 buf.append(cee.toString());
282 buf.append('\n');
283 }
284 }
285 }
286 }
287 return buf.toString();
288 }
289 }