KeyPairStore.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.security.keystore;

  23. import java.io.Serializable;
  24. import java.security.PrivateKey;
  25. import java.security.PublicKey;
  26. import java.util.UUID;

  28. import org.openspcoop2.security.SecurityException;
  29. import org.openspcoop2.utils.certificate.JWKPrivateKeyConverter;
  30. import org.openspcoop2.utils.certificate.JWKSet;
  31. import org.openspcoop2.utils.certificate.KeyUtils;
  32. import org.openspcoop2.utils.certificate.byok.BYOKRequestParams;

  34. /**
  35.  * KeyPairStore
  36.  *
  37.  * @author Andrea Poli (apoli@link.it)
  38.  * @author $Author$
  39.  * @version $Rev$, $Date$
  40.  */
  41. public class KeyPairStore implements Serializable {

  43.     /**
  44.      * 
  45.      */
  46.     private static final long serialVersionUID = 1L;
  47.     
  48.     private String privateKeyPath;
  49.     private String publicKeyPath;
  50.     
  51.     private byte[] privateKeyContent;
  52.     private byte[] publicKeyContent;
  53.     private transient PrivateKey privateKey;
  54.     private transient PublicKey publicKey;
  55.     
  56.     private String privateKeyPassword;
  57.     private String algorithm;
  58.     
  59.     private String jwkSetContent;
  60.     private String jwkSetKid;
  61.     private transient JWKSet jwkSet;

  63.     @Override
  64.     public String toString() {
  65.         StringBuilder bf = new StringBuilder();
  66.         bf.append("KeyPairStore (private:").append(this.privateKeyPath).append(" public:").append(this.publicKeyPath).append(")");
  67.         return bf.toString();
  68.     }
  69.     
  70.     public KeyPairStore(String privateKeyPath, String publicKeyPath, String privateKeyPassword, String algorithm) throws SecurityException{
  71.         this(privateKeyPath, publicKeyPath, privateKeyPassword, algorithm, null);
  72.     }
  73.     public KeyPairStore(String privateKeyPath, String publicKeyPath, String privateKeyPassword, String algorithm, BYOKRequestParams requestParams) throws SecurityException{

  75.         this.privateKeyPath = privateKeyPath;
  76.         this.publicKeyPath = publicKeyPath;
  77.                 
  78.         this.privateKeyPassword = privateKeyPassword;
  79.         this.algorithm = algorithm==null ? KeyUtils.ALGO_RSA : algorithm;
  80.         
  81.         this.privateKeyContent = StoreUtils.readContent("PrivateKey", this.privateKeyPath);
  82.         this.privateKeyContent = StoreUtils.unwrapBYOK(this.privateKeyContent, requestParams);
  83.         
  84.         this.publicKeyContent = StoreUtils.readContent("PublicKey", this.publicKeyPath);
  85.         
  86.     }
  87.     
  88.     public KeyPairStore(String privateKeyPath, byte[] publicKey, String privateKeyPassword, String algorithm) throws SecurityException{
  89.         this(privateKeyPath, publicKey, privateKeyPassword, algorithm, null);
  90.     }
  91.     public KeyPairStore(String privateKeyPath, byte[] publicKey, String privateKeyPassword, String algorithm, BYOKRequestParams requestParams) throws SecurityException{

  93.         this.privateKeyPath = privateKeyPath;
  94.         
  95.         if(publicKey==null){
  96.             throw new SecurityException("Store publicKey non indicato");
  97.         }
  98.         this.publicKeyContent = publicKey;
  99.                 
  100.         this.privateKeyPassword = privateKeyPassword;
  101.         this.algorithm = algorithm==null ? KeyUtils.ALGO_RSA : algorithm;
  102.         
  103.         this.privateKeyContent = StoreUtils.readContent("PrivateKey", this.privateKeyPath);
  104.         this.privateKeyContent = StoreUtils.unwrapBYOK(this.privateKeyContent, requestParams);
  105.                 
  106.     }
  107.     
  108.     public KeyPairStore(byte[] privateKey, byte[] publicKey, String privateKeyPassword, String algorithm) throws SecurityException{
  109.         this(privateKey, publicKey, privateKeyPassword, algorithm, null);
  110.     }
  111.     public KeyPairStore(byte[] privateKey, byte[] publicKey, String privateKeyPassword, String algorithm, BYOKRequestParams requestParams) throws SecurityException{

  113.         try{
  114.             if(privateKey==null){
  115.                 throw new SecurityException("Store privateKey non indicato");
  116.             }
  117.             this.privateKeyContent = privateKey;
  118.             this.privateKeyContent = StoreUtils.unwrapBYOK(this.privateKeyContent, requestParams);
  119.             
  120.             if(publicKey==null){
  121.                 throw new SecurityException("Store publicKey non indicato");
  122.             }
  123.             this.publicKeyContent = publicKey;
  124.             
  125.             this.privateKeyPassword = privateKeyPassword;
  126.             this.algorithm = algorithm==null ? KeyUtils.ALGO_RSA : algorithm;
  127.             
  128.         }catch(Exception e){
  129.             throw new SecurityException(e.getMessage(),e);
  130.         }
  131.         
  132.     }
  133.     
  134.     public KeyPairStore(byte[] privateKey, String publicKeyPath, String privateKeyPassword, String algorithm) throws SecurityException{
  135.         this(privateKey, publicKeyPath, privateKeyPassword, algorithm, null);
  136.     }
  137.     public KeyPairStore(byte[] privateKey, String publicKeyPath, String privateKeyPassword, String algorithm, BYOKRequestParams requestParams) throws SecurityException{

  139.         try{
  140.             if(privateKey==null){
  141.                 throw new SecurityException("Store privateKey non indicato");
  142.             }
  143.             this.privateKeyContent = privateKey;
  144.             this.privateKeyContent = StoreUtils.unwrapBYOK(this.privateKeyContent, requestParams);
  145.             
  146.             this.publicKeyPath = publicKeyPath;
  147.             
  148.             this.privateKeyPassword = privateKeyPassword;
  149.             this.algorithm = algorithm==null ? KeyUtils.ALGO_RSA : algorithm;
  150.     
  151.             this.publicKeyContent = StoreUtils.readContent("PublicKey", this.publicKeyPath);
  152.             
  153.         }catch(Exception e){
  154.             throw new SecurityException(e.getMessage(),e);
  155.         }
  156.         
  157.     }

  159.     
  160.     public PrivateKey getPrivateKey() throws SecurityException {
  161.         if(this.privateKey==null) {
  162.             initializePrivateKey();
  163.         }
  164.         return this.privateKey;
  165.     }
  166.     private synchronized void initializePrivateKey() throws SecurityException {
  167.         if(this.privateKey==null) {
  168.             try {
  169.                 if(this.privateKeyPassword==null) {
  170.                     this.privateKey = KeyUtils.getInstance(this.algorithm).getPrivateKey(this.privateKeyContent);
  171.                 }
  172.                 else {
  173.                     this.privateKey = KeyUtils.getInstance(this.algorithm).getPrivateKey(this.privateKeyContent, this.privateKeyPassword);
  174.                 }
  175.             }catch(Exception e){
  176.                 if(this.privateKeyPassword==null && e.getMessage().contains("org.bouncycastle.openssl.PEMEncryptedKeyPair cannot be cast to class org.bouncycastle.openssl.PEMKeyPair")) {
  177.                     throw new SecurityException("Load private key failed: encrypted key require key password",e);
  178.                 }
  179.                 else {
  180.                     throw new SecurityException("Load private key failed: "+e.getMessage(),e);
  181.                 }
  182.             }
  183.         }
  184.     }
  185.     
  186.     
  187.     public PublicKey getPublicKey() throws SecurityException {
  188.         if(this.publicKey==null) {
  189.             initializePublicKey();
  190.         }
  191.         return this.publicKey;
  192.     }
  193.     private synchronized void initializePublicKey() throws SecurityException {
  194.         if(this.publicKey==null) {
  195.             try {
  196.                 this.publicKey = KeyUtils.getInstance(this.algorithm).getPublicKey(this.publicKeyContent);
  197.             }catch(Exception e){
  198.                 throw new SecurityException("Load public key failed: "+e.getMessage(),e);
  199.             }
  200.         }
  201.     }
  202.     
  203.     
  204.     public JWKSet getJwkSet() throws SecurityException {
  205.         if(this.jwkSet==null) {
  206.             initializeJwkSet();
  207.         }
  208.         return this.jwkSet;
  209.     }
  210.     private synchronized void initializeJwkSet() throws SecurityException {
  211.         if(this.jwkSet==null) {
  212.             if(this.jwkSetContent==null) {
  213.                 this.jwkSetKid = UUID.randomUUID().toString();
  214.                 try {
  215.                     this.jwkSetContent = JWKPrivateKeyConverter.convert(this.getPublicKey(), this.getPrivateKey(), this.jwkSetKid, true, false);
  216.                 }catch(Exception e){
  217.                     throw new SecurityException(e.getMessage(),e);
  218.                 }
  219.             }
  220.                         
  221.             this.jwkSet = new JWKSet(this.jwkSetContent);
  222.         }
  223.     }
  224.     
  225.     public String getJwkSetKid() {
  226.         return this.jwkSetKid;
  227.     }
  228. }
Created with JaCoCo 0.8.8.202204050719