org.italiangrid.voms.credential.impl.AbstractLoadCredentialsStrategy Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of voms-api-java Show documentation
Java APIs to validate and request VOMS attribute certificates
There is a newer version: 3.3.2
/**
 * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2006-2014.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.italiangrid.voms.credential.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;

import org.bouncycastle.openssl.PasswordFinder;
import org.italiangrid.voms.credential.LoadCredentialsEventListener;
import org.italiangrid.voms.credential.LoadCredentialsStrategy;
import org.italiangrid.voms.credential.VOMSEnvironmentVariables;
import org.italiangrid.voms.util.FilePermissionHelper;

import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.KeystoreCredential;
import eu.emi.security.authn.x509.impl.PEMCredential;

/**
 * Base class for load credentials strategy providing utility classes for
 * loading credentials from the filesystem and notifying the results of load
 * operations to interested listeners (via {@link LoadCredentialsEventListener}
 * ).
 * 
 * @author andreaceccanti
 *
 */
public abstract class AbstractLoadCredentialsStrategy implements
  LoadCredentialsStrategy, VOMSEnvironmentVariables {

  /**
   * The {@link LoadCredentialsEventListener} that is notified of load
   * credentials outcome.
   */
  LoadCredentialsEventListener listener;

  /**
   * Constructor that let client pass in a {@link LoadCredentialsEventListener}.
   * 
   * @param listener
   *          the listener that is notified of load credential events from this
   *          {@link AbstractLoadCredentialsStrategy}.
   */
  protected AbstractLoadCredentialsStrategy(
    LoadCredentialsEventListener listener) {

    this.listener = listener;
  }

  /**
   * Convenience method to check if a file exists and is readable
   * 
   * @param filename
   *          the file to be checked
   * @return true if the file exists and is readable,
   *         false otherwise
   */
  protected boolean fileExistsAndIsReadable(String filename) {

    File f = new File(filename);
    return f.exists() && f.isFile() && f.canRead();
  }

  /**
   * Loads a PEM X.509 credential and notifies the registered
   * {@link LoadCredentialsEventListener} of the load operation outcome.
   * 
   * @param privateKeyPath
   *          the path to the private key
   * @param certificatePath
   *          the path to the certificate
   * @param pf
   *          a {@link PasswordFinder} used to resolve the private key password
   *          when needed
   * @return the loaded {@link X509Credential}, or null if the
   *         credential couldn't be loaded
   */
  protected X509Credential loadPEMCredential(String privateKeyPath,
    String certificatePath, PasswordFinder pf) {

    PEMCredential cred = null;

    listener.notifyCredentialLookup(privateKeyPath, certificatePath);

    try {

      FilePermissionHelper.checkPrivateKeyPermissions(privateKeyPath);

      cred = new PEMCredential(new FileInputStream(privateKeyPath),
        new FileInputStream(certificatePath), pf);

      listener.notifyLoadCredentialSuccess(privateKeyPath, certificatePath);

    } catch (Throwable t) {

      listener.notifyLoadCredentialFailure(t, privateKeyPath, certificatePath);
    }

    return cred;

  }

  /**
   * Loads a PCKS12 X.509 credential and notifies the registered
   * {@link LoadCredentialsEventListener} of the load operation outcome.
   * 
   * @param pkcs12FilePath
   *          the path to the pkcs12 credential
   * @param pf
   *          a {@link PasswordFinder} used to resolve the private key password
   * @return the loaded {@link X509Credential}, or null if the
   *         credential couldn't be loaded
   */
  protected X509Credential loadPKCS12Credential(String pkcs12FilePath,
    PasswordFinder pf) {

    KeystoreCredential cred = null;

    listener.notifyCredentialLookup(pkcs12FilePath);

    if (fileExistsAndIsReadable(pkcs12FilePath)) {

      char[] keyPassword = pf.getPassword();
      try {

        FilePermissionHelper.checkPKCS12Permissions(pkcs12FilePath);

        cred = new KeystoreCredential(pkcs12FilePath, keyPassword, keyPassword,
          null, "PKCS12");
        listener.notifyLoadCredentialSuccess(pkcs12FilePath);

      } catch (Throwable t) {

        listener.notifyLoadCredentialFailure(t, pkcs12FilePath);
      }

    } else
      listener.notifyLoadCredentialFailure(new FileNotFoundException(
        pkcs12FilePath + " (cannot read file)"), pkcs12FilePath);

    return cred;
  }

  /**
   * Loads an X.509 proxy credential and notifies the registered
   * {@link LoadCredentialsEventListener} of the load operation outcome.
   * 
   * @param proxyPath
   *          the path to the proxy credential
   * @return the loaded {@link X509Credential}, or null if the
   *         credential couldn't be loaded
   */
  protected X509Credential loadProxyCredential(String proxyPath) {

    PEMCredential cred = null;

    listener.notifyCredentialLookup(proxyPath);

    try {

      FilePermissionHelper.checkProxyPermissions(proxyPath);
      cred = new PEMCredential(new FileInputStream(proxyPath), (char[]) null);
      listener.notifyLoadCredentialSuccess(proxyPath);

    } catch (Throwable t) {

      listener.notifyLoadCredentialFailure(t, proxyPath);
    }

    return cred;
  }
}