1 package ca.uhn.hl7v2.hoh.util;
2
3 import java.io.BufferedInputStream;
4 import java.io.File;
5 import java.io.FileInputStream;
6 import java.io.IOException;
7 import java.security.Key;
8 import java.security.KeyStore;
9 import java.security.KeyStoreException;
10 import java.security.NoSuchAlgorithmException;
11 import java.security.PrivateKey;
12 import java.security.UnrecoverableKeyException;
13 import java.security.cert.CertificateException;
14 import java.util.Enumeration;
15
16 public class KeystoreUtils {
17
18 private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(KeystoreUtils.class);
19
20
21 private KeystoreUtils() {
22
23 }
24
25 public static KeyStore loadKeystore(File theFile, char[] thePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
26 KeyStore keystore = KeyStore.getInstance("JKS");
27 keystore.load(new BufferedInputStream(new FileInputStream(theFile)), thePassword);
28 return keystore;
29 }
30
31 public static KeyStore loadKeystore(String theFile, String theKeystorePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
32 char[] pass = theKeystorePassword != null ? theKeystorePassword.toCharArray() : null;
33 return loadKeystore(new File(theFile), pass);
34 }
35
36 public static boolean validateKeystoreForTlsReceiving(KeyStore theKs) throws KeyStoreException {
37
38 Enumeration<String> aliases = theKs.aliases();
39 boolean foundPrivateKey = false;
40 while (aliases.hasMoreElements()) {
41 String nextAlias = aliases.nextElement();
42
43 ourLog.debug("Checking keystore alias: {}", nextAlias);
44
45 if (theKs.isKeyEntry(nextAlias)) {
46 ourLog.debug("Found private key: " + nextAlias);
47 foundPrivateKey = true;
48 }
49
50 }
51
52 return foundPrivateKey;
53 }
54
55 public static boolean validateKeystoreForSignatureSigning(KeyStore theKs) throws KeyStoreException {
56
57 Enumeration<String> aliases = theKs.aliases();
58 boolean foundPrivateKey = false;
59 while (aliases.hasMoreElements()) {
60 String nextAlias = aliases.nextElement();
61
62 ourLog.debug("Checking keystore alias: {}", nextAlias);
63
64 if (theKs.isKeyEntry(nextAlias)) {
65 ourLog.debug("Found private key: " + nextAlias);
66 foundPrivateKey = true;
67 }
68
69 }
70
71 return foundPrivateKey;
72 }
73
74 public static boolean validateKeystoreForTlsSending(KeyStore theKs) throws KeyStoreException {
75
76 Enumeration<String> aliases = theKs.aliases();
77 boolean foundPublicKey = false;
78 while (aliases.hasMoreElements()) {
79 String nextAlias = aliases.nextElement();
80
81 ourLog.debug("Checking keystore alias: {}", nextAlias);
82
83 if (theKs.isCertificateEntry(nextAlias)) {
84 ourLog.debug("Found public key: " + nextAlias);
85 foundPublicKey = true;
86 }
87
88 }
89
90 return foundPublicKey;
91 }
92
93 public static boolean validateKeystoreForSignatureVerifying(KeyStore theKs) throws KeyStoreException {
94
95 Enumeration<String> aliases = theKs.aliases();
96 boolean foundPublicKey = false;
97 while (aliases.hasMoreElements()) {
98 String nextAlias = aliases.nextElement();
99
100 ourLog.debug("Checking keystore alias: {}", nextAlias);
101
102 if (theKs.isCertificateEntry(nextAlias)) {
103 ourLog.debug("Found public key: " + nextAlias);
104 foundPublicKey = true;
105 }
106
107 }
108
109 return foundPublicKey;
110 }
111
112
113 public static boolean validateKeyForSignatureSigning(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) {
114 Validate.notNull(theKeystore, "Keystore");
115 Validate.notBlank(theKeyAlias, "Key Alias");
116 Validate.notNull(theKeyPassword, "Key Password");
117
118 Key key;
119 try {
120 key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray());
121 } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
122 ourLog.debug("Failed to recover key", e);
123 return false;
124 }
125
126 if (key == null) {
127 ourLog.debug("Key is null");
128 return false;
129 } else if (!(key instanceof PrivateKey)) {
130 ourLog.debug("Key is of type: {}", key.getClass());
131 return false;
132 }
133
134 return true;
135 }
136
137
138
139
140 public static boolean canRecoverKey(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) {
141 Validate.notNull(theKeystore, "Keystore");
142 Validate.notBlank(theKeyAlias, "Key Alias");
143 Validate.notNull(theKeyPassword, "Key Password");
144
145 try {
146 Key key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray());
147 return key != null;
148 } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
149 ourLog.debug("Failed to recover key", e);
150 return false;
151 }
152
153 }
154
155 }