View Javadoc
1   package ca.uhn.hl7v2.hoh.util;
2   
3   import java.io.BufferedInputStream;
4   import java.io.File;
5   import java.io.FileInputStream;
6   import java.io.IOException;
7   import java.security.Key;
8   import java.security.KeyStore;
9   import java.security.KeyStoreException;
10  import java.security.NoSuchAlgorithmException;
11  import java.security.PrivateKey;
12  import java.security.UnrecoverableKeyException;
13  import java.security.cert.CertificateException;
14  import java.util.Enumeration;
15  
16  public class KeystoreUtils {
17  
18  	private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(KeystoreUtils.class);
19  
20  	/** non instantiable */
21  	private KeystoreUtils() {
22  		// nothing
23  	}
24  
25  	public static KeyStore loadKeystore(File theFile, char[] thePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
26  		KeyStore keystore = KeyStore.getInstance("JKS");
27  		keystore.load(new BufferedInputStream(new FileInputStream(theFile)), thePassword);
28  		return keystore;
29  	}
30  
31  	public static KeyStore loadKeystore(String theFile, String theKeystorePassword) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
32  		char[] pass = theKeystorePassword != null ? theKeystorePassword.toCharArray() : null;
33  		return loadKeystore(new File(theFile), pass);
34  	}
35  
36  	public static boolean validateKeystoreForTlsReceiving(KeyStore theKs) throws KeyStoreException {
37  
38  		Enumeration<String> aliases = theKs.aliases();
39  		boolean foundPrivateKey = false;
40  		while (aliases.hasMoreElements()) {
41  			String nextAlias = aliases.nextElement();
42  
43  			ourLog.debug("Checking keystore alias: {}", nextAlias);
44  
45  			if (theKs.isKeyEntry(nextAlias)) {
46  				ourLog.debug("Found private key: " + nextAlias);
47  				foundPrivateKey = true;
48  			}
49  
50  		}
51  
52  		return foundPrivateKey;
53  	}
54  
55  	public static boolean validateKeystoreForSignatureSigning(KeyStore theKs) throws KeyStoreException {
56  
57  		Enumeration<String> aliases = theKs.aliases();
58  		boolean foundPrivateKey = false;
59  		while (aliases.hasMoreElements()) {
60  			String nextAlias = aliases.nextElement();
61  
62  			ourLog.debug("Checking keystore alias: {}", nextAlias);
63  
64  			if (theKs.isKeyEntry(nextAlias)) {
65  				ourLog.debug("Found private key: " + nextAlias);
66  				foundPrivateKey = true;
67  			}
68  
69  		}
70  
71  		return foundPrivateKey;
72  	}
73  
74  	public static boolean validateKeystoreForTlsSending(KeyStore theKs) throws KeyStoreException {
75  
76  		Enumeration<String> aliases = theKs.aliases();
77  		boolean foundPublicKey = false;
78  		while (aliases.hasMoreElements()) {
79  			String nextAlias = aliases.nextElement();
80  
81  			ourLog.debug("Checking keystore alias: {}", nextAlias);
82  
83  			if (theKs.isCertificateEntry(nextAlias)) {
84  				ourLog.debug("Found public key: " + nextAlias);
85  				foundPublicKey = true;
86  			}
87  
88  		}
89  
90  		return foundPublicKey;
91  	}
92  
93  	public static boolean validateKeystoreForSignatureVerifying(KeyStore theKs) throws KeyStoreException {
94  
95  		Enumeration<String> aliases = theKs.aliases();
96  		boolean foundPublicKey = false;
97  		while (aliases.hasMoreElements()) {
98  			String nextAlias = aliases.nextElement();
99  
100 			ourLog.debug("Checking keystore alias: {}", nextAlias);
101 
102 			if (theKs.isCertificateEntry(nextAlias)) {
103 				ourLog.debug("Found public key: " + nextAlias);
104 				foundPublicKey = true;
105 			}
106 
107 		}
108 
109 		return foundPublicKey;
110 	}
111 
112 
113 	public static boolean validateKeyForSignatureSigning(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) {
114 		Validate.notNull(theKeystore, "Keystore");
115 		Validate.notBlank(theKeyAlias, "Key Alias");
116 		Validate.notNull(theKeyPassword, "Key Password");
117 		
118 		Key key;
119 		try {
120 			key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray());
121 		} catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
122 			ourLog.debug("Failed to recover key", e);
123 			return false;
124 		}
125 
126 		if (key == null) {
127 			ourLog.debug("Key is null");
128 			return false;
129 		} else if (!(key instanceof PrivateKey)) {
130 			ourLog.debug("Key is of type: {}", key.getClass());
131 			return false;
132 		}
133 		
134 		return true;
135 	}
136 
137 	/**
138 	 * Returns <code>true</code> if the key can be recovered using the given password
139 	 */
140 	public static boolean canRecoverKey(KeyStore theKeystore, String theKeyAlias, String theKeyPassword) {
141 		Validate.notNull(theKeystore, "Keystore");
142 		Validate.notBlank(theKeyAlias, "Key Alias");
143 		Validate.notNull(theKeyPassword, "Key Password");
144 
145 		try {
146 			Key key = theKeystore.getKey(theKeyAlias, theKeyPassword.toCharArray());
147 			return key != null;
148 		} catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
149 			ourLog.debug("Failed to recover key", e);
150 			return false;
151 		}
152 
153 	}
154 
155 }