View Javadoc

1   package ca.uhn.hl7v2.hoh.util;
2   
3   import java.io.BufferedInputStream;
4   import java.io.File;
5   import java.io.FileInputStream;
6   import java.io.FileNotFoundException;
7   import java.io.IOException;
8   import java.security.Key;
9   import java.security.KeyStore;
10  import java.security.KeyStoreException;
11  import java.security.NoSuchAlgorithmException;
12  import java.security.PrivateKey;
13  import java.security.UnrecoverableKeyException;
14  import java.security.cert.CertificateException;
15  import java.util.Enumeration;
16  
17  public class KeystoreUtils {
18  
19  	private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(KeystoreUtils.class);
20  
21  	/** non instantiable */
22  	private KeystoreUtils() {
23  		// nothing
24  	}
25  
26  	public static KeyStore loadKeystore(File theFile, char[] thePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
27  		KeyStore keystore = KeyStore.getInstance("JKS");
28  		keystore.load(new BufferedInputStream(new FileInputStream(theFile)), thePassword);
29  		return keystore;
30  	}
31  
32  	public static KeyStore loadKeystore(String theFile, String theKeystorePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
33  		char[] pass = theKeystorePassword != null ? theKeystorePassword.toCharArray() : null;
34  		return loadKeystore(new File(theFile), pass);
35  	}
36  
37  	public static boolean validateKeystoreForTlsReceiving(KeyStore theKs) throws KeyStoreException {
38  
39  		Enumeration<String> aliases = theKs.aliases();
40  		boolean foundPrivateKey = false;
41  		while (aliases.hasMoreElements()) {
42  			String nextAlias = aliases.nextElement();
43  
44  			ourLog.debug("Checking keystore alias: {}", nextAlias);
45  
46  			if (theKs.isKeyEntry(nextAlias)) {
47  				ourLog.debug("Found private key: " + nextAlias);
48  				foundPrivateKey = true;
49  			}
50  
51  		}
52  
53  		return foundPrivateKey;
54  	}
55  
56  	public static boolean validateKeystoreForSignatureSigning(KeyStore theKs) throws KeyStoreException {
57  
58  		Enumeration<String> aliases = theKs.aliases();
59  		boolean foundPrivateKey = false;
60  		while (aliases.hasMoreElements()) {
61  			String nextAlias = aliases.nextElement();
62  
63  			ourLog.debug("Checking keystore alias: {}", nextAlias);
64  
65  			if (theKs.isKeyEntry(nextAlias)) {
66  				ourLog.debug("Found private key: " + nextAlias);
67  				foundPrivateKey = true;
68  			}
69  
70  		}
71  
72  		return foundPrivateKey;
73  	}
74  
75  	public static boolean validateKeystoreForTlsSending(KeyStore theKs) throws KeyStoreException {
76  
77  		Enumeration<String> aliases = theKs.aliases();
78  		boolean foundPublicKey = false;
79  		while (aliases.hasMoreElements()) {
80  			String nextAlias = aliases.nextElement();
81  
82  			ourLog.debug("Checking keystore alias: {}", nextAlias);
83  
84  			if (theKs.isCertificateEntry(nextAlias)) {
85  				ourLog.debug("Found public key: " + nextAlias);
86  				foundPublicKey = true;
87  			}
88  
89  		}
90  
91  		return foundPublicKey;
92  	}
93  
94  	public static boolean validateKeystoreForSignatureVerifying(KeyStore theKs) throws KeyStoreException {
95  
96  		Enumeration<String> aliases = theKs.aliases();
97  		boolean foundPublicKey = false;
98  		while (aliases.hasMoreElements()) {
99  			String nextAlias = aliases.nextElement();
100 
101 			ourLog.debug("Checking keystore alias: {}", nextAlias);
102 
103 			if (theKs.isCertificateEntry(nextAlias)) {
104 				ourLog.debug("Found public key: " + nextAlias);
105 				foundPublicKey = true;
106 			}
107 
108 		}
109 
110 		return foundPublicKey;
111 	}
112 
113 
114 	public static boolean validateKeyForSignatureSigning(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) {
115 		Validate.notNull(theKeystore, "Keystore");
116 		Validate.notBlank(theKeyAlias, "Key Alias");
117 		Validate.notNull(theKeyPassword, "Key Password");
118 		
119 		Key key;
120 		try {
121 			key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray());
122 		} catch (UnrecoverableKeyException e) {
123 			ourLog.debug("Failed to recover key", e);
124 			return false;
125 		} catch (KeyStoreException e) {
126 			ourLog.debug("Failed to recover key", e);
127 			return false;
128 		} catch (NoSuchAlgorithmException e) {
129 			ourLog.debug("Failed to recover key", e);
130 			return false;
131 		}
132 		
133 		if (key == null) {
134 			ourLog.debug("Key is null");
135 			return false;
136 		} else if (!(key instanceof PrivateKey)) {
137 			ourLog.debug("Key is of type: {}", key.getClass());
138 			return false;
139 		}
140 		
141 		return true;
142 	}
143 
144 	/**
145 	 * Returns <code>true</code> if the key can be recovered using the given password
146 	 */
147 	public static boolean canRecoverKey(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) {
148 		Validate.notNull(theKeystore, "Keystore");
149 		Validate.notBlank(theKeyAlias, "Key Alias");
150 		Validate.notNull(theKeyPassword, "Key Password");
151 
152 		try {
153 			Key key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray());
154 			return key != null;
155 		} catch (UnrecoverableKeyException e) {
156 			ourLog.debug("Failed to recover key", e);
157 			return false;
158 		} catch (KeyStoreException e) {
159 			ourLog.debug("Failed to recover key", e);
160 			return false;
161 		} catch (NoSuchAlgorithmException e) {
162 			ourLog.debug("Failed to recover key", e);
163 			return false;
164 		}
165 		
166 	}
167 
168 }