001/* 002 * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.9/src/java/org/apache/commons/ssl/KeyMaterial.java $ 003 * $Revision: 121 $ 004 * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $ 005 * 006 * ==================================================================== 007 * Licensed to the Apache Software Foundation (ASF) under one 008 * or more contributor license agreements. See the NOTICE file 009 * distributed with this work for additional information 010 * regarding copyright ownership. The ASF licenses this file 011 * to you under the Apache License, Version 2.0 (the 012 * "License"); you may not use this file except in compliance 013 * with the License. You may obtain a copy of the License at 014 * 015 * http://www.apache.org/licenses/LICENSE-2.0 016 * 017 * Unless required by applicable law or agreed to in writing, 018 * software distributed under the License is distributed on an 019 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 020 * KIND, either express or implied. See the License for the 021 * specific language governing permissions and limitations 022 * under the License. 023 * ==================================================================== 024 * 025 * This software consists of voluntary contributions made by many 026 * individuals on behalf of the Apache Software Foundation. For more 027 * information on the Apache Software Foundation, please see 028 * <http://www.apache.org/>. 029 * 030 */ 031 032package org.apache.commons.ssl; 033 034import java.io.File; 035import java.io.FileInputStream; 036import java.io.IOException; 037import java.io.InputStream; 038import java.net.URL; 039import java.security.GeneralSecurityException; 040import java.security.KeyStore; 041import java.security.KeyStoreException; 042import java.security.cert.Certificate; 043import java.security.cert.CertificateEncodingException; 044import java.security.cert.X509Certificate; 045import java.util.Enumeration; 046 047/** 048 * @author Credit Union Central of British Columbia 049 * @author <a href="http://www.cucbc.com/">www.cucbc.com</a> 050 * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a> 051 * @since 27-Feb-2006 052 */ 053public class KeyMaterial extends TrustMaterial { 054 private final Object keyManagerFactory; 055 private final String alias; 056 private final X509Certificate[] associatedChain; 057 058 public KeyMaterial(InputStream jks, char[] password) 059 throws GeneralSecurityException, IOException { 060 this(Util.streamToBytes(jks), password); 061 } 062 063 public KeyMaterial(InputStream jks, InputStream key, char[] password) 064 throws GeneralSecurityException, IOException { 065 this(jks != null ? Util.streamToBytes(jks) : null, 066 key != null ? Util.streamToBytes(key) : null, 067 password); 068 } 069 070 public KeyMaterial(String pathToJksFile, char[] password) 071 throws GeneralSecurityException, IOException { 072 this(new File(pathToJksFile), password); 073 } 074 075 public KeyMaterial(String pathToCerts, String pathToKey, char[] password) 076 throws GeneralSecurityException, IOException { 077 this(pathToCerts != null ? new File(pathToCerts) : null, 078 pathToKey != null ? new File(pathToKey) : null, 079 password); 080 } 081 082 public KeyMaterial(File jksFile, char[] password) 083 throws GeneralSecurityException, IOException { 084 this(new FileInputStream(jksFile), password); 085 } 086 087 public KeyMaterial(File certsFile, File keyFile, char[] password) 088 throws GeneralSecurityException, IOException { 089 this(certsFile != null ? new FileInputStream(certsFile) : null, 090 keyFile != null ? new FileInputStream(keyFile) : null, 091 password); 092 } 093 094 095 public KeyMaterial(URL urlToJKS, char[] password) 096 throws GeneralSecurityException, IOException { 097 this(urlToJKS.openStream(), password); 098 } 099 100 public KeyMaterial(URL urlToCerts, URL urlToKey, char[] password) 101 throws GeneralSecurityException, IOException { 102 this(urlToCerts.openStream(), urlToKey.openStream(), password); 103 } 104 105 public KeyMaterial(byte[] jks, char[] password) 106 throws GeneralSecurityException, IOException { 107 this(jks, null, password); 108 } 109 110 public KeyMaterial(byte[] jksOrCerts, byte[] key, char[] password) 111 throws GeneralSecurityException, IOException { 112 // We're not a simple trust type, so set "simpleTrustType" value to 0. 113 // Only TRUST_ALL and TRUST_THIS_JVM are simple trust types. 114 super(KeyStoreBuilder.build(jksOrCerts, key, password), 0); 115 KeyStore ks = getKeyStore(); 116 Enumeration en = ks.aliases(); 117 String myAlias = null; 118 X509Certificate[] myChain; 119 while (en.hasMoreElements()) { 120 String alias = (String) en.nextElement(); 121 if (ks.isKeyEntry(alias)) { 122 if (myAlias != null) { 123 throw new KeyStoreException("commons-ssl KeyMaterial only supports keystores with a single private key."); 124 } 125 myAlias = alias; 126 } 127 } 128 if (myAlias != null) { 129 Certificate[] chain = ks.getCertificateChain(myAlias); 130 if (chain != null) { 131 myChain = Certificates.x509ifyChain(chain); 132 } else { 133 // is password wrong? 134 throw new KeyStoreException("Could not find KeyMaterial's associated certificate chain!"); 135 } 136 } else { 137 throw new KeyStoreException("KeyMaterial provided does not contain any keys!"); 138 } 139 this.alias = myAlias; 140 // Cleanup chain to remove any spurious entries. 141 if (myChain != null) { 142 myChain = X509CertificateChainBuilder.buildPath(myChain[0], myChain); 143 } 144 this.associatedChain = myChain; 145 this.keyManagerFactory = JavaImpl.newKeyManagerFactory(ks, password); 146 } 147 148 public Object[] getKeyManagers() { 149 return JavaImpl.getKeyManagers(keyManagerFactory); 150 } 151 152 public X509Certificate[] getAssociatedCertificateChain() { 153 return associatedChain; 154 } 155 156 public KeyStore getKeyStore() { 157 return super.getKeyStore(); 158 } 159 160 public String getAlias() { 161 return alias; 162 } 163 164 public static void main(String[] args) throws Exception { 165 if (args.length < 2) { 166 System.out.println("Usage1: java org.apache.commons.ssl.KeyMaterial [password] [pkcs12 or jks]"); 167 System.out.println("Usage2: java org.apache.commons.ssl.KeyMaterial [password] [private-key] [cert-chain]"); 168 System.exit(1); 169 } 170 char[] password = args[0].toCharArray(); 171 String path1 = args[1]; 172 String path2 = null; 173 if (args.length >= 3) { 174 path2 = args[2]; 175 } 176 177 KeyMaterial km = new KeyMaterial(path1, path2, password); 178 System.out.println(km); 179 } 180 181 public String toString() { 182 X509Certificate[] certs = getAssociatedCertificateChain(); 183 StringBuffer buf = new StringBuffer(1024); 184 buf.append("Alias: "); 185 buf.append(alias); 186 buf.append('\n'); 187 if (certs != null) { 188 for (int i = 0; i < certs.length; i++) { 189 buf.append(Certificates.toString(certs[i])); 190 try { 191 buf.append(Certificates.toPEMString(certs[i])); 192 } 193 catch (CertificateEncodingException cee) { 194 buf.append(cee.toString()); 195 buf.append('\n'); 196 } 197 } 198 } 199 return buf.toString(); 200 } 201}