All Downloads are FREE. Search and download functionalities are using the official Maven repository.

de.gematik.bbriccs.smartcards.SmartcardCertificateP12 Maven / Gradle / Ivy

The newest version!
/*
 * Copyright 2024 gematik GmbH
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package de.gematik.bbriccs.smartcards;

import static java.text.MessageFormat.format;

import de.gematik.bbriccs.crypto.CryptoSystem;
import de.gematik.bbriccs.crypto.certificate.Oid;
import de.gematik.bbriccs.crypto.certificate.X509CertificateWrapper;
import de.gematik.bbriccs.smartcards.exceptions.InvalidCertificateException;
import java.io.*;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.function.Supplier;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import lombok.val;
import org.bouncycastle.cert.X509CertificateHolder;

@EqualsAndHashCode
@Slf4j
@Getter
public class SmartcardCertificateP12 implements SmartcardCertificate {

  private final Supplier certificateStreamSupplier;
  private final X509CertificateWrapper certWrapper;
  private final PrivateKey privateKey;
  private final CryptoSystem cryptoSystem;

  @SneakyThrows
  public SmartcardCertificateP12(String filePath, Supplier certificateStreamSupplier) {
    try (val is = certificateStreamSupplier.get()) {
      val privateKeyEntry = loadEntryFromKeystore(is);

      this.certificateStreamSupplier = certificateStreamSupplier;
      this.privateKey = privateKeyEntry.getPrivateKey();
      this.certWrapper =
          new X509CertificateWrapper((X509Certificate) privateKeyEntry.getCertificate());
      this.cryptoSystem =
          CryptoSystem.fromOid(
              certWrapper.toCertificateHolder().getSignatureAlgorithm().getAlgorithm());
    } catch (Throwable t) {
      throw new InvalidCertificateException(
          format(
              "Something bad happened while loading the certificate from {0}\n{1}",
              filePath, t.getMessage()),
          t);
    }
  }

  @Override
  public X509Certificate getX509Certificate() {
    return this.certWrapper.toCertificate();
  }

  @Override
  public X509CertificateHolder getX509CertificateHolder() {
    return certWrapper.toCertificateHolder();
  }

  @Override
  public Oid getOid() {
    val oid = certWrapper.getCertificateTypeOid();
    return oid.orElseThrow(() -> new InvalidCertificateException(certWrapper));
  }

  @Override
  public Supplier getCertificateStream() {
    return certificateStreamSupplier;
  }

  @SneakyThrows
  private KeyStore.PrivateKeyEntry loadEntryFromKeystore(InputStream is) {
    val ks = KeyStore.getInstance(KeystoreType.P12.getName());
    ks.load(is, getP12KeyStorePassword());
    val alias =
        ks.aliases()
            .nextElement(); // use only the first element as each file has only a single alias
    return (KeyStore.PrivateKeyEntry)
        ks.getEntry(alias, new KeyStore.PasswordProtection(getP12KeyStorePassword()));
  }

  @Override
  public char[] getP12KeyStorePassword() {
    return "00".toCharArray();
  }

  @Override
  public KeyStore.PasswordProtection getP12KeyStoreProtection() {
    return new KeyStore.PasswordProtection(this.getP12KeyStorePassword());
  }

  @Override
  public String toString() {
    return format("SmartcardKey with algorithm={0}", cryptoSystem);
  }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy