001    /*
002     * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.9/src/java/org/apache/commons/ssl/KeyMaterial.java $
003     * $Revision: 121 $
004     * $Date: 2007-11-13 21:26:57 -0800 (Tue, 13 Nov 2007) $
005     *
006     * ====================================================================
007     * Licensed to the Apache Software Foundation (ASF) under one
008     * or more contributor license agreements.  See the NOTICE file
009     * distributed with this work for additional information
010     * regarding copyright ownership.  The ASF licenses this file
011     * to you under the Apache License, Version 2.0 (the
012     * "License"); you may not use this file except in compliance
013     * with the License.  You may obtain a copy of the License at
014     *
015     *   http://www.apache.org/licenses/LICENSE-2.0
016     *
017     * Unless required by applicable law or agreed to in writing,
018     * software distributed under the License is distributed on an
019     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
020     * KIND, either express or implied.  See the License for the
021     * specific language governing permissions and limitations
022     * under the License.
023     * ====================================================================
024     *
025     * This software consists of voluntary contributions made by many
026     * individuals on behalf of the Apache Software Foundation.  For more
027     * information on the Apache Software Foundation, please see
028     * <http://www.apache.org/>.
029     *
030     */
031    
032    package org.apache.commons.ssl;
033    
034    import java.io.File;
035    import java.io.FileInputStream;
036    import java.io.IOException;
037    import java.io.InputStream;
038    import java.net.URL;
039    import java.security.GeneralSecurityException;
040    import java.security.KeyStore;
041    import java.security.KeyStoreException;
042    import java.security.cert.Certificate;
043    import java.security.cert.CertificateEncodingException;
044    import java.security.cert.X509Certificate;
045    import java.util.Enumeration;
046    
047    /**
048     * @author Credit Union Central of British Columbia
049     * @author <a href="http://www.cucbc.com/">www.cucbc.com</a>
050     * @author <a href="mailto:juliusdavies@cucbc.com">juliusdavies@cucbc.com</a>
051     * @since 27-Feb-2006
052     */
053    public class KeyMaterial extends TrustMaterial {
054        private final Object keyManagerFactory;
055        private final String alias;
056        private final X509Certificate[] associatedChain;
057    
058        public KeyMaterial(InputStream jks, char[] password)
059            throws GeneralSecurityException, IOException {
060            this(Util.streamToBytes(jks), password);
061        }
062    
063        public KeyMaterial(InputStream jks, InputStream key, char[] password)
064            throws GeneralSecurityException, IOException {
065            this(jks != null ? Util.streamToBytes(jks) : null,
066                key != null ? Util.streamToBytes(key) : null,
067                password);
068        }
069    
070        public KeyMaterial(String pathToJksFile, char[] password)
071            throws GeneralSecurityException, IOException {
072            this(new File(pathToJksFile), password);
073        }
074    
075        public KeyMaterial(String pathToCerts, String pathToKey, char[] password)
076            throws GeneralSecurityException, IOException {
077            this(pathToCerts != null ? new File(pathToCerts) : null,
078                pathToKey != null ? new File(pathToKey) : null,
079                password);
080        }
081    
082        public KeyMaterial(File jksFile, char[] password)
083            throws GeneralSecurityException, IOException {
084            this(new FileInputStream(jksFile), password);
085        }
086    
087        public KeyMaterial(File certsFile, File keyFile, char[] password)
088            throws GeneralSecurityException, IOException {
089            this(certsFile != null ? new FileInputStream(certsFile) : null,
090                keyFile != null ? new FileInputStream(keyFile) : null,
091                password);
092        }
093    
094    
095        public KeyMaterial(URL urlToJKS, char[] password)
096            throws GeneralSecurityException, IOException {
097            this(urlToJKS.openStream(), password);
098        }
099    
100        public KeyMaterial(URL urlToCerts, URL urlToKey, char[] password)
101            throws GeneralSecurityException, IOException {
102            this(urlToCerts.openStream(), urlToKey.openStream(), password);
103        }
104    
105        public KeyMaterial(byte[] jks, char[] password)
106            throws GeneralSecurityException, IOException {
107            this(jks, null, password);
108        }
109    
110        public KeyMaterial(byte[] jksOrCerts, byte[] key, char[] password)
111            throws GeneralSecurityException, IOException {
112            // We're not a simple trust type, so set "simpleTrustType" value to 0.
113            // Only TRUST_ALL and TRUST_THIS_JVM are simple trust types.
114            super(KeyStoreBuilder.build(jksOrCerts, key, password), 0);
115            KeyStore ks = getKeyStore();
116            Enumeration en = ks.aliases();
117            String myAlias = null;
118            X509Certificate[] myChain;
119            while (en.hasMoreElements()) {
120                String alias = (String) en.nextElement();
121                if (ks.isKeyEntry(alias)) {
122                    if (myAlias != null) {
123                        throw new KeyStoreException("commons-ssl KeyMaterial only supports keystores with a single private key.");
124                    }
125                    myAlias = alias;
126                }
127            }
128            if (myAlias != null) {
129                Certificate[] chain = ks.getCertificateChain(myAlias);
130                if (chain != null) {
131                    myChain = Certificates.x509ifyChain(chain);
132                } else {
133                    // is password wrong?
134                    throw new KeyStoreException("Could not find KeyMaterial's associated certificate chain!");
135                }
136            } else {
137                throw new KeyStoreException("KeyMaterial provided does not contain any keys!");
138            }
139            this.alias = myAlias;
140            // Cleanup chain to remove any spurious entries.
141            if (myChain != null) {
142                myChain = X509CertificateChainBuilder.buildPath(myChain[0], myChain);
143            }
144            this.associatedChain = myChain;
145            this.keyManagerFactory = JavaImpl.newKeyManagerFactory(ks, password);
146        }
147    
148        public Object[] getKeyManagers() {
149            return JavaImpl.getKeyManagers(keyManagerFactory);
150        }
151    
152        public X509Certificate[] getAssociatedCertificateChain() {
153            return associatedChain;
154        }
155    
156        public KeyStore getKeyStore() {
157            return super.getKeyStore();
158        }
159    
160        public String getAlias() {
161            return alias;
162        }
163    
164        public static void main(String[] args) throws Exception {
165            if (args.length < 2) {
166                System.out.println("Usage1:  java org.apache.commons.ssl.KeyMaterial [password] [pkcs12 or jks]");
167                System.out.println("Usage2:  java org.apache.commons.ssl.KeyMaterial [password] [private-key] [cert-chain]");
168                System.exit(1);
169            }
170            char[] password = args[0].toCharArray();
171            String path1 = args[1];
172            String path2 = null;
173            if (args.length >= 3) {
174                path2 = args[2];
175            }
176    
177            KeyMaterial km = new KeyMaterial(path1, path2, password);
178            System.out.println(km);
179        }
180    
181        public String toString() {
182            X509Certificate[] certs = getAssociatedCertificateChain();
183            StringBuffer buf = new StringBuffer(1024);
184            buf.append("Alias: ");
185            buf.append(alias);
186            buf.append('\n');
187            if (certs != null) {
188                for (int i = 0; i < certs.length; i++) {
189                    buf.append(Certificates.toString(certs[i]));
190                    try {
191                        buf.append(Certificates.toPEMString(certs[i]));
192                    }
193                    catch (CertificateEncodingException cee) {
194                        buf.append(cee.toString());
195                        buf.append('\n');
196                    }
197                }
198            }
199            return buf.toString();
200        }
201    }