Skip to content

Commit

Permalink
Refactored KeystoreRemoteService
Browse files Browse the repository at this point in the history
Signed-off-by: pierantoniomerlino <[email protected]>
  • Loading branch information
pierantoniomerlino committed Aug 29, 2024
1 parent b67d8a5 commit 3c44f27
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 292 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,7 @@
*******************************************************************************/
package org.eclipse.kura.internal.rest.keystore.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
Expand All @@ -23,12 +21,9 @@
import java.security.KeyStore.PrivateKeyEntry;
import java.security.KeyStore.TrustedCertificateEntry;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
Expand All @@ -38,7 +33,6 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
Expand All @@ -48,15 +42,13 @@
import javax.security.auth.x500.X500Principal;
import javax.ws.rs.WebApplicationException;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.eclipse.kura.KuraErrorCode;
import org.eclipse.kura.KuraException;
import org.eclipse.kura.core.keystore.util.CertificateInfo;
import org.eclipse.kura.core.keystore.util.CsrInfo;
import org.eclipse.kura.core.keystore.util.EntryInfo;
import org.eclipse.kura.core.keystore.util.KeyPairInfo;
import org.eclipse.kura.core.keystore.util.KeystoreUtils;
import org.eclipse.kura.core.keystore.util.PrivateKeyInfo;
import org.eclipse.kura.internal.rest.keystore.request.CsrReadRequest;
import org.eclipse.kura.security.keystore.KeystoreInfo;
Expand Down Expand Up @@ -97,55 +89,6 @@ public void deactivate(ComponentContext componentContext) {
}
}

public static TrustedCertificateEntry createCertificateEntry(String certificate) throws CertificateException {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = new ByteArrayInputStream(certificate.getBytes(StandardCharsets.UTF_8));
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(is);
return new TrustedCertificateEntry(cert);
}

public static PrivateKeyEntry createPrivateKey(String privateKey, String publicKey)
throws IOException, GeneralSecurityException {
// Works with RSA and DSA. EC is not supported since the certificate is encoded
// with ECDSA while the corresponding private key with EC.
// This cause an error when the PrivateKeyEntry is generated.
Certificate[] certs = parsePublicCertificates(publicKey);

Security.addProvider(new BouncyCastleProvider());
PEMParser pemParser = new PEMParser(new StringReader(privateKey));
Object object = pemParser.readObject();
pemParser.close();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
PrivateKey privkey = null;
if (object instanceof org.bouncycastle.asn1.pkcs.PrivateKeyInfo) {
privkey = converter.getPrivateKey((org.bouncycastle.asn1.pkcs.PrivateKeyInfo) object);
} else if (object instanceof org.bouncycastle.openssl.PEMKeyPair) {
privkey = converter.getKeyPair((org.bouncycastle.openssl.PEMKeyPair) object).getPrivate();
} else {
throw new IOException("PrivateKey not recognized.");
}
return new PrivateKeyEntry(privkey, certs);
}

public static X509Certificate[] parsePublicCertificates(String certificates) throws CertificateException {
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream is = new ByteArrayInputStream(certificates.getBytes(StandardCharsets.UTF_8));

final Collection<? extends Certificate> decodedCertificates = certFactory.generateCertificates(is);

final ArrayList<X509Certificate> result = new ArrayList<>();

for (final Certificate cert : decodedCertificates) {
if (!(cert instanceof X509Certificate)) {
throw new CertificateException("Provided certificate is not a X509Certificate");
}

result.add((X509Certificate) cert);
}

return result.toArray(new X509Certificate[result.size()]);
}

protected List<KeystoreInfo> listKeystoresInternal() {
List<KeystoreInfo> keystores = new ArrayList<>();
this.keystoreServices.entrySet().stream().forEach(entry -> {
Expand Down Expand Up @@ -278,7 +221,7 @@ protected String getCSRInternal(final CsrReadRequest request) {
protected void storeTrustedCertificateEntryInternal(final CertificateInfo writeRequest) {
try {
this.keystoreServices.get(writeRequest.getKeystoreServicePid()).setEntry(writeRequest.getAlias(),
createCertificateEntry(writeRequest.getCertificate()));
KeystoreUtils.createCertificateEntry(writeRequest.getCertificate()));
} catch (GeneralSecurityException | KuraException e) {
throw new WebApplicationException(e);
}
Expand Down Expand Up @@ -319,7 +262,7 @@ private void updatePrivateKeyEntryCertificateChain(final KeystoreService targetK

final PrivateKeyEntry existingPrivateKeyEntry = (PrivateKeyEntry) targetEntry;

final Certificate[] certificateChain = parsePublicCertificates(
final Certificate[] certificateChain = KeystoreUtils.parsePublicCertificates(
Arrays.stream(writeRequest.getCertificateChain()).collect(Collectors.joining("\n")));

final PrivateKeyEntry result = new PrivateKeyEntry(existingPrivateKeyEntry.getPrivateKey(), certificateChain);
Expand All @@ -329,7 +272,7 @@ private void updatePrivateKeyEntryCertificateChain(final KeystoreService targetK

private void createPrivateKeyEntry(final KeystoreService targetKeystore, final PrivateKeyInfo writeRequest)
throws IOException, GeneralSecurityException, KuraException {
final PrivateKeyEntry privateKeyEntry = createPrivateKey(writeRequest.getPrivateKey(),
final PrivateKeyEntry privateKeyEntry = KeystoreUtils.createPrivateKey(writeRequest.getPrivateKey(),
Arrays.stream(writeRequest.getCertificateChain()).collect(Collectors.joining("\n")));

targetKeystore.setEntry(writeRequest.getAlias(), privateKeyEntry);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
import org.eclipse.kura.certificate.CertificatesService;
import org.eclipse.kura.certificate.KuraCertificateEntry;
import org.eclipse.kura.core.keystore.util.CertificateUtil;
import org.eclipse.kura.core.keystore.util.KeystoreRemoteService;
import org.eclipse.kura.core.keystore.util.KeystoreUtils;
import org.eclipse.kura.security.keystore.KeystoreService;
import org.eclipse.kura.web.server.util.ServiceLocator;
import org.eclipse.kura.web.shared.GwtKuraErrorCode;
Expand Down Expand Up @@ -62,7 +62,7 @@ public void storeKeyPair(GwtXSRFToken xsrfToken, String keyStorePid, String priv
checkXSRFToken(xsrfToken);

try {
PrivateKeyEntry entry = KeystoreRemoteService.createPrivateKey(privateKey, publicCert);
PrivateKeyEntry entry = KeystoreUtils.createPrivateKey(privateKey, publicCert);

if (entry == null) {
throw new GwtKuraException(GwtKuraErrorCode.ILLEGAL_ARGUMENT);
Expand Down Expand Up @@ -91,7 +91,7 @@ public void storeCertificate(GwtXSRFToken xsrfToken, String keyStorePid, String
checkXSRFToken(xsrfToken);

try {
X509Certificate[] certs = KeystoreRemoteService.parsePublicCertificates(certificate);
X509Certificate[] certs = KeystoreUtils.parsePublicCertificates(certificate);

if (certs.length == 0) {
throw new GwtKuraException(GwtKuraErrorCode.ILLEGAL_ARGUMENT);
Expand Down
Loading

0 comments on commit 3c44f27

Please sign in to comment.