de.dentrassi.crypto.pem.AbstractPemKeyStore Maven / Gradle / Ivy
Go to download
This artifact provides a single jar that contains all classes required to use remote EJB and JMS, including
all dependencies. It is intended for use by those not using maven, maven users should just import the EJB and
JMS BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up
with different versions on classes on the class path).
The newest version!
/*
* Copyright (c) 2018, 2022 Red Hat Inc and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Jens Reimann - initial API and implementation
*/
package de.dentrassi.crypto.pem;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
/**
* An abstract base class, helping to implement key stores which are read-only and have some kind of "load" method.
*/
public abstract class AbstractPemKeyStore extends KeyStoreSpi {
public static final class Entry {
private final Key key;
private final Certificate[] certificateChain;
public Entry() {
this(null, null);
}
public Entry(final Key key, final Certificate[] certificateChain) {
this.key = key;
if (certificateChain != null && certificateChain.length > 0) {
this.certificateChain = certificateChain;
} else {
this.certificateChain = null;
}
}
public Key getKey() {
return this.key;
}
public boolean isKey() {
return this.key != null;
}
public Certificate[] getCertificateChain() {
if (this.certificateChain == null) {
return null;
}
return this.certificateChain.clone();
}
public Certificate getCertificate() {
if (this.certificateChain == null) {
return null;
}
return this.certificateChain[0];
}
public boolean isCertificate() {
return this.certificateChain != null;
}
public Entry merge(final Entry other) {
if (other == null) {
return this;
}
Key key = other.key;
Certificate[] certificateChain = other.certificateChain;
if (key == null) {
key = this.key;
}
if (certificateChain == null) {
certificateChain = this.certificateChain;
}
return new Entry(key, certificateChain);
}
}
protected Map entries = Collections.emptyMap();
protected abstract Map load(InputStream stream)
throws IOException, NoSuchAlgorithmException, CertificateException;
protected abstract Map initializeEmpty();
protected Optional getEntry(final String alias) {
return Optional.ofNullable(this.entries.get(alias));
}
@Override
public Key engineGetKey(final String alias, final char[] password) {
return getEntry(alias)
.map(Entry::getKey)
.orElse(null);
}
@Override
public boolean engineIsKeyEntry(final String alias) {
return getEntry(alias)
.map(Entry::isKey)
.orElse(false);
}
@Override
public Certificate[] engineGetCertificateChain(final String alias) {
return getEntry(alias)
.map(Entry::getCertificateChain)
.orElse(null);
}
@Override
public Certificate engineGetCertificate(final String alias) {
return getEntry(alias)
.map(Entry::getCertificate)
.orElse(null);
}
@Override
public Date engineGetCreationDate(final String alias) {
return getEntry(alias)
.map(Entry::getCertificate)
.map(cert -> cert instanceof X509Certificate ? (X509Certificate) cert : null)
.map(X509Certificate::getNotBefore)
.orElse(null);
}
@Override
public Enumeration engineAliases() {
final Iterator keys = this.entries.keySet().iterator();
return new Enumeration() {
@Override
public String nextElement() {
return keys.next();
}
@Override
public boolean hasMoreElements() {
return keys.hasNext();
}
};
}
@Override
public boolean engineContainsAlias(final String alias) {
return this.entries.containsKey(alias);
}
@Override
public int engineSize() {
return this.entries.size();
}
@Override
public boolean engineIsCertificateEntry(final String alias) {
return getEntry(alias)
.map(Entry::isCertificate)
.orElse(false);
}
@Override
public String engineGetCertificateAlias(final Certificate cert) {
if (!(cert instanceof Certificate)) {
return null;
}
for (final Map.Entry entry : this.entries.entrySet()) {
if (cert == entry.getValue().getCertificate()) {
return entry.getKey();
}
}
return null;
}
@Override
public void engineLoad(final InputStream stream, final char[] password)
throws IOException, NoSuchAlgorithmException, CertificateException {
if (stream != null) {
this.entries = load(stream);
} else {
this.entries = initializeEmpty();
}
}
}