001/*
002 * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.9/src/java/org/apache/commons/ssl/KeyMaterial.java $
003 * $Revision: 121 $
004 * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
005 *
006 * ====================================================================
007 * Licensed to the Apache Software Foundation (ASF) under one
008 * or more contributor license agreements.  See the NOTICE file
009 * distributed with this work for additional information
010 * regarding copyright ownership.  The ASF licenses this file
011 * to you under the Apache License, Version 2.0 (the
012 * "License"); you may not use this file except in compliance
013 * with the License.  You may obtain a copy of the License at
014 *
015 *   http://www.apache.org/licenses/LICENSE-2.0
016 *
017 * Unless required by applicable law or agreed to in writing,
018 * software distributed under the License is distributed on an
019 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
020 * KIND, either express or implied.  See the License for the
021 * specific language governing permissions and limitations
022 * under the License.
023 * ====================================================================
024 *
025 * This software consists of voluntary contributions made by many
026 * individuals on behalf of the Apache Software Foundation.  For more
027 * information on the Apache Software Foundation, please see
028 * <http://www.apache.org/>.
029 *
030 */
031
032package org.apache.commons.ssl;
033
034import java.io.File;
035import java.io.FileInputStream;
036import java.io.IOException;
037import java.io.InputStream;
038import java.net.URL;
039import java.security.GeneralSecurityException;
040import java.security.KeyStore;
041import java.security.KeyStoreException;
042import java.security.cert.Certificate;
043import java.security.cert.CertificateEncodingException;
044import java.security.cert.X509Certificate;
045import java.util.Enumeration;
046
047/**
048 * @author Credit Union Central of British Columbia
049 * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
050 * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
051 * @since 27-Feb-2006
052 */
053public class KeyMaterial extends TrustMaterial {
054    private final Object keyManagerFactory;
055    private final String alias;
056    private final X509Certificate[] associatedChain;
057
058    public KeyMaterial(InputStream jks, char[] password)
059        throws GeneralSecurityException, IOException {
060        this(Util.streamToBytes(jks), password);
061    }
062
063    public KeyMaterial(InputStream jks, InputStream key, char[] password)
064        throws GeneralSecurityException, IOException {
065        this(jks != null ? Util.streamToBytes(jks) : null,
066            key != null ? Util.streamToBytes(key) : null,
067            password);
068    }
069
070    public KeyMaterial(String pathToJksFile, char[] password)
071        throws GeneralSecurityException, IOException {
072        this(new File(pathToJksFile), password);
073    }
074
075    public KeyMaterial(String pathToCerts, String pathToKey, char[] password)
076        throws GeneralSecurityException, IOException {
077        this(pathToCerts != null ? new File(pathToCerts) : null,
078            pathToKey != null ? new File(pathToKey) : null,
079            password);
080    }
081
082    public KeyMaterial(File jksFile, char[] password)
083        throws GeneralSecurityException, IOException {
084        this(new FileInputStream(jksFile), password);
085    }
086
087    public KeyMaterial(File certsFile, File keyFile, char[] password)
088        throws GeneralSecurityException, IOException {
089        this(certsFile != null ? new FileInputStream(certsFile) : null,
090            keyFile != null ? new FileInputStream(keyFile) : null,
091            password);
092    }
093
094
095    public KeyMaterial(URL urlToJKS, char[] password)
096        throws GeneralSecurityException, IOException {
097        this(urlToJKS.openStream(), password);
098    }
099
100    public KeyMaterial(URL urlToCerts, URL urlToKey, char[] password)
101        throws GeneralSecurityException, IOException {
102        this(urlToCerts.openStream(), urlToKey.openStream(), password);
103    }
104
105    public KeyMaterial(byte[] jks, char[] password)
106        throws GeneralSecurityException, IOException {
107        this(jks, null, password);
108    }
109
110    public KeyMaterial(byte[] jksOrCerts, byte[] key, char[] password)
111        throws GeneralSecurityException, IOException {
112        // We're not a simple trust type, so set "simpleTrustType" value to 0.
113        // Only TRUST_ALL and TRUST_THIS_JVM are simple trust types.
114        super(KeyStoreBuilder.build(jksOrCerts, key, password), 0);
115        KeyStore ks = getKeyStore();
116        Enumeration en = ks.aliases();
117        String myAlias = null;
118        X509Certificate[] myChain;
119        while (en.hasMoreElements()) {
120            String alias = (String) en.nextElement();
121            if (ks.isKeyEntry(alias)) {
122                if (myAlias != null) {
123                    throw new KeyStoreException("commons-ssl KeyMaterial only supports keystores with a single private key.");
124                }
125                myAlias = alias;
126            }
127        }
128        if (myAlias != null) {
129            Certificate[] chain = ks.getCertificateChain(myAlias);
130            if (chain != null) {
131                myChain = Certificates.x509ifyChain(chain);
132            } else {
133                // is password wrong?
134                throw new KeyStoreException("Could not find KeyMaterial's associated certificate chain!");
135            }
136        } else {
137            throw new KeyStoreException("KeyMaterial provided does not contain any keys!");
138        }
139        this.alias = myAlias;
140        // Cleanup chain to remove any spurious entries.
141        if (myChain != null) {
142            myChain = X509CertificateChainBuilder.buildPath(myChain[0], myChain);
143        }
144        this.associatedChain = myChain;
145        this.keyManagerFactory = JavaImpl.newKeyManagerFactory(ks, password);
146    }
147
148    public Object[] getKeyManagers() {
149        return JavaImpl.getKeyManagers(keyManagerFactory);
150    }
151
152    public X509Certificate[] getAssociatedCertificateChain() {
153        return associatedChain;
154    }
155
156    public KeyStore getKeyStore() {
157        return super.getKeyStore();
158    }
159
160    public String getAlias() {
161        return alias;
162    }
163
164    public static void main(String[] args) throws Exception {
165        if (args.length < 2) {
166            System.out.println("Usage1:  java org.apache.commons.ssl.KeyMaterial [password] [pkcs12 or jks]");
167            System.out.println("Usage2:  java org.apache.commons.ssl.KeyMaterial [password] [private-key] [cert-chain]");
168            System.exit(1);
169        }
170        char[] password = args[0].toCharArray();
171        String path1 = args[1];
172        String path2 = null;
173        if (args.length >= 3) {
174            path2 = args[2];
175        }
176
177        KeyMaterial km = new KeyMaterial(path1, path2, password);
178        System.out.println(km);
179    }
180
181    public String toString() {
182        X509Certificate[] certs = getAssociatedCertificateChain();
183        StringBuffer buf = new StringBuffer(1024);
184        buf.append("Alias: ");
185        buf.append(alias);
186        buf.append('\n');
187        if (certs != null) {
188            for (int i = 0; i < certs.length; i++) {
189                buf.append(Certificates.toString(certs[i]));
190                try {
191                    buf.append(Certificates.toPEMString(certs[i]));
192                }
193                catch (CertificateEncodingException cee) {
194                    buf.append(cee.toString());
195                    buf.append('\n');
196                }
197            }
198        }
199        return buf.toString();
200    }
201}