com.identityx.clientSDK.credentialsProviders.AsymCredentialsProvider Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of IdentityXClientSDK Show documentation
Show all versions of IdentityXClientSDK Show documentation
Client SDK for IdentityX Rest Services
/*
* Copyright Daon.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.identityx.clientSDK.credentialsProviders;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.List;
import java.util.Properties;
import org.apache.commons.codec.binary.Base64;
import com.identityx.auth.impl.keys.PrivateApiKey;
import com.identityx.auth.impl.keys.PublicApiKey;
import com.identityx.auth.util.CertsUtil;
import com.identityx.clientSDK.def.ICredentialsProvider;
import com.identityx.clientSDK.exceptions.ClientInitializationException;
public class AsymCredentialsProvider implements ICredentialsProvider {
public static class AsymCredentialsProviderBuilder {
private X509Certificate serverCACert = null;
private String serverCertDN = null;
private boolean revocationEnabled = false;
private boolean ocspEnabled = false;
private String baseUrl = null, tokenId = null;
private PrivateApiKey apiKey = null;
private String jksPassword = null, keyAlias = null, keyPassword = null;
private InputStream jksInputStream = null;
private InputStream credentialsInputStream = null;
public AsymCredentialsProviderBuilder() { }
public AsymCredentialsProviderBuilder setServerCACert(X509Certificate serverCACert) {
this.serverCACert = serverCACert;
return this;
}
public AsymCredentialsProviderBuilder setRevocationEnabled(boolean revocationEnabled) {
this.revocationEnabled = revocationEnabled;
return this;
}
public AsymCredentialsProviderBuilder setBaseUrl(String baseUrl) {
this.baseUrl = baseUrl;
return this;
}
public AsymCredentialsProviderBuilder setTokenId(String tokenId) {
this.tokenId = tokenId;
return this;
}
public AsymCredentialsProviderBuilder setJksInputStream(InputStream jksInputStream) {
this.jksInputStream = jksInputStream;
return this;
}
/*
public AsymCredentialsProviderBuilder setJksFileName(String jksFileName) {
this.jksFileName = jksFileName;
return this;
}*/
public AsymCredentialsProviderBuilder setJksPassword(String jksPassword) {
this.jksPassword = jksPassword;
return this;
}
public AsymCredentialsProviderBuilder setKeyAlias(String keyAlias) {
this.keyAlias = keyAlias;
return this;
}
public AsymCredentialsProviderBuilder setKeyPassword(String keyPassword) {
this.keyPassword = keyPassword;
return this;
}
/*
public AsymCredentialsProviderBuilder setCredentialsFileName(String credentialsFileName) {
this.credentialsFileName = credentialsFileName;
return this;
}*/
public AsymCredentialsProviderBuilder setCredentialsInputStream(InputStream credentialsInputStream) {
this.credentialsInputStream = credentialsInputStream;
return this;
}
public AsymCredentialsProviderBuilder setApiKey(PrivateApiKey apiKey) {
this.apiKey = apiKey;
return this;
}
public AsymCredentialsProviderBuilder setOCSPEnabled(boolean ocspEnabled) {
if (ocspEnabled) {
this.revocationEnabled = true;
}
this.ocspEnabled = ocspEnabled;
return this;
}
public AsymCredentialsProviderBuilder setServerCertDN(String serverCertDN) {
this.serverCertDN = serverCertDN;
return this;
}
public AsymCredentialsProvider build() {
AsymCredentialsProvider asymCredentialsProvider = null;
try {
Properties properties = new Properties();
if (apiKey == null || tokenId == null || baseUrl == null || serverCACert == null || serverCertDN == null) {
if (credentialsInputStream != null) {
properties.load(credentialsInputStream);
}
}
X509Certificate clientCert = null;
String validationCerts = properties.getProperty("validationCerts");
if (validationCerts != null && !validationCerts.isEmpty()) {
List clientCerts = CertsUtil.certsFromString(validationCerts);
if (clientCerts != null && clientCerts.size() != 0) {
clientCert = clientCerts.get(0);
}
}
if (apiKey == null) {
if (jksInputStream == null) {
throw new IllegalStateException("No api key: an api key is extracted from a file specified by jksInputStream or provided directly by setting the apiKey parameter");
}
Key key = extractKeyFromJksInputStream(jksInputStream, jksPassword, keyAlias, keyPassword);
if (tokenId == null) {
if (credentialsInputStream == null) {
throw new IllegalStateException("No tokenId: a tokenId is extracted from a file specified by credentialsInputStream or provided directly by setting the tokenId parameter");
}
tokenId = properties.getProperty("tokenId");
}
// test clientCert matches the key
if (clientCert != null) {
RSAPublicKey rsaPublicKey = (RSAPublicKey) clientCert.getPublicKey();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) key;
boolean match = rsaPublicKey.getModulus().equals( rsaPrivateKey.getModulus())
&& BigInteger.valueOf(2).modPow(rsaPublicKey.getPublicExponent().multiply(rsaPrivateKey.getPrivateExponent()).subtract(BigInteger.ONE),
rsaPublicKey.getModulus()).equals(BigInteger.ONE);
if (!match) {
throw new IllegalStateException("The client cert specified by credentialsInputStream does not match the private key");
}
}
apiKey = new PrivateApiKey(tokenId, key);
}
if (baseUrl == null) {
if (credentialsInputStream == null) {
throw new IllegalStateException("No baseUrl: baseUrl is extracted from a file specified by credentialsInputStream or provided directly by setting the baseUrl parameter");
}
baseUrl = properties.getProperty("serviceUrl");
}
if (serverCACert == null) {
if (credentialsInputStream == null) {
throw new IllegalStateException("No serverCACert: serverCACert is extracted from a file specified by credentialsInputStream or provided directly by setting the serverCACert parameter");
}
String serverCACertString = properties.getProperty("serverCACert");
if (serverCACertString == null) {
throw new IllegalStateException("No serverCACert: serverCACert cannot be extracted from the file specified by credentialsInputStream and is not provided directly by setting the serverCACert parameter");
}
byte[] certBytes = Base64.decodeBase64(serverCACertString);
CertificateFactory fact = CertificateFactory.getInstance("X.509");
serverCACert = (X509Certificate) fact.generateCertificate(new ByteArrayInputStream(certBytes));
}
if (serverCertDN == null) {
if (credentialsInputStream == null) {
throw new IllegalStateException("No serverCertDN: serverCertDN is extracted from a file specified by credentialsInputStream or provided directly by setting the serverCertDN parameter");
}
serverCertDN = properties.getProperty("serverCertDN").trim();
}
asymCredentialsProvider = new AsymCredentialsProvider(baseUrl, apiKey, serverCACert, serverCertDN);
asymCredentialsProvider.setRevocationEnabled(revocationEnabled);
asymCredentialsProvider.setOcspEnabled(ocspEnabled);
}
catch (Exception ex) {
throw new RuntimeException("An error has occurred while trying to build the AsymCredentialsProvider object", ex);
}
return asymCredentialsProvider;
}
}
protected static String defaultCredentialsFileName = "credentials.properties";
private String baseUrl;
private PrivateApiKey apiKey;
private PublicApiKey responseApiKey;
private X509Certificate serverCACert;
private String serverCertDN;
private boolean revocationEnabled = true;
private boolean ocspEnabled = true;
public AsymCredentialsProvider(String baseUrl, PrivateApiKey apiKey, X509Certificate serverCACert, String serverCertDN) {
this.baseUrl = baseUrl;
this.apiKey = apiKey;
if (serverCACert != null) {
this.setServerCACert(serverCACert);
}
if (serverCertDN != null) {
this.serverCertDN = serverCertDN;
}
}
/*
public AsymCredentialsProvider(String jksFileName, String jksPassword, String keyAlias, String keyPassword, String credentialsFileName, X509Certificate serverCACert) throws ClientInitializationException {
this.setServerCACert(serverCACert);
init(jksFileName, jksPassword, keyAlias, keyPassword, credentialsFileName);
}
*/
public AsymCredentialsProvider(InputStream jksInputStream, String jksPassword, String keyAlias,
String keyPassword, InputStream credentialsInputStream, X509Certificate serverCACert, String serverCertDN) throws ClientInitializationException {
init(jksInputStream, jksPassword, keyAlias, keyPassword, credentialsInputStream);
if (serverCACert != null) {
this.setServerCACert(serverCACert);
}
if (serverCertDN != null) {
this.serverCertDN = serverCertDN;
}
}
/*
protected void init(String jksFileName, String jksPassword, String keyAlias, String keyPassword, String credentialsFileName) throws ClientInitializationException {
if (jksFileName == null) throw new IllegalArgumentException("Param jksFileName cannot be null");
if (jksPassword == null) throw new IllegalArgumentException("Param password cannot be null");
InputStream credentialsInputStream = null;
InputStream jksInputStream = null;
//if (credentialsFileName == null) credentialsFileName = defaultCredentialsFileName;
try {
ClassLoader loader = Thread.currentThread().getContextClassLoader();
credentialsInputStream = loader.getResourceAsStream(credentialsFileName);
if (credentialsInputStream == null) throw new IOException("Cannot open the file " + credentialsFileName);
jksInputStream = loader.getResourceAsStream(jksFileName);
init(jksInputStream, jksPassword, keyAlias, keyPassword, credentialsInputStream);
} catch (Exception ex) {
throw new ClientInitializationException("Failed to initialize the Credential Provider", ex);
} finally {
if (jksInputStream != null) {
try {
jksInputStream.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (credentialsInputStream != null) {
try {
credentialsInputStream.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
*/
protected void init(InputStream jksInputStream, String jksPassword, String keyAlias, String keyPassword, InputStream credentialsInputStream) throws ClientInitializationException {
if (jksInputStream == null) throw new IllegalArgumentException("Param jksInputStream cannot be null");
if (credentialsInputStream == null) throw new IllegalArgumentException("Param credentialsInputStream cannot be null");
if (jksPassword == null) throw new IllegalArgumentException("Param password cannot be null");
Properties properties = new Properties();
try {
properties.load(credentialsInputStream);
String tokenId = properties.getProperty("tokenId");
baseUrl = properties.getProperty("serviceUrl");
this.serverCertDN = properties.getProperty("serverCertDN");
Key key = extractKeyFromJksInputStream(jksInputStream, jksPassword, keyAlias, keyPassword);
apiKey = new PrivateApiKey(tokenId, key);
} catch (Exception ex) {
throw new ClientInitializationException("Failed to initialize the Credential Provider", ex);
}
}
protected static Key extractKeyFromJksInputStream(InputStream jksInputStream, String jksPassword, String keyAlias, String keyPassword) {
try {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(jksInputStream, jksPassword.toCharArray());
// List the aliases
boolean foundPrivateKey = false;
String alias = keyAlias;
if (alias == null) {
for (; ks.aliases().hasMoreElements(); ) {
String ialias = (String)ks.aliases().nextElement();
foundPrivateKey = ks.isKeyEntry(ialias);
if (foundPrivateKey) {
alias = ialias;
break;
}
}
}
if (alias != null) {
if (keyPassword == null) keyPassword = jksPassword;
Key key = ks.getKey(alias, keyPassword.toCharArray());
return key;
}
else {
throw new Exception("Failed to find a private key in the supplied jks file");
}
}
catch (Exception ex) {
throw new RuntimeException("An error has occurred while extracting the key from the provided stream", ex);
}
}
@Override
public PrivateApiKey getApiKey() {
return apiKey;
}
public void setApiKey(PrivateApiKey apiKey) {
this.apiKey = apiKey;
}
@Override
public String getBaseUrl() {
return baseUrl;
}
public void setBaseUrl(String baseUrl) {
this.baseUrl = baseUrl;
}
public PublicApiKey getResponseApiKey() {
if (responseApiKey == null) {
responseApiKey = new PublicApiKey(null, serverCACert, serverCertDN);
responseApiKey.setRevocationEnabled(revocationEnabled);
// Also sets revocationEnabled = true since this needs to be true for the OCSP verification to happen
if (ocspEnabled) {
responseApiKey.setOcspEnabled(ocspEnabled);
responseApiKey.setRevocationEnabled(true);
}
}
return responseApiKey;
}
/*
public void setResponseApiKey(AsymApiKey responseApiKey) {
this.responseApiKey = responseApiKey;
}*/
public X509Certificate getServerCert() {
return serverCACert;
}
public void setServerCACert(X509Certificate serverCACert) {
this.serverCACert = serverCACert;
}
public boolean isRevocationEnabled() {
return revocationEnabled;
}
public void setRevocationEnabled(boolean revocationEnabled) {
this.revocationEnabled = revocationEnabled;
if (!revocationEnabled) {
this.ocspEnabled = false;
}
}
public boolean isOcspEnabled() {
return ocspEnabled;
}
/**
* Also sets revocationEnabled = true since this needs to be true for the OCSP verification to happen
* @param ocspEnabled
*/
public void setOcspEnabled(boolean ocspEnabled) {
this.ocspEnabled = ocspEnabled;
if (ocspEnabled) {
this.revocationEnabled = true;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy