ArchiveLoader.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.utils.certificate;

  23. import java.io.ByteArrayInputStream;
  24. import java.security.KeyStore;
  25. import java.security.cert.CertificateFactory;
  26. import java.security.cert.X509Certificate;
  27. import java.util.ArrayList;
  28. import java.util.Collection;
  29. import java.util.Enumeration;
  30. import java.util.List;

  32. import org.openspcoop2.utils.UtilsException;

  34. /**
  35.  * Certificate
  36.  *
  37.  * @author Poli Andrea (apoli@link.it)
  38.  * @author $Author$
  39.  * @version $Rev$, $Date$
  40.  */
  41. public class ArchiveLoader {
  42.     
  43.     private ArchiveLoader() {}

  45.     public static Certificate load(byte[] content) throws UtilsException {
  46.         return loadEngine(ArchiveType.CER, content, -1, null, null, false);
  47.     }
  48.     public static Certificate loadChain(byte[] content) throws UtilsException {
  49.         return loadEngine(ArchiveType.CER, content, -1, null, null, true);
  50.     }
  51.     public static Certificate load(byte[] content, boolean chain) throws UtilsException {
  52.         return loadEngine(ArchiveType.CER, content, -1, null, null, chain);
  53.     }
  54.     
  55.     public static Certificate loadFromKeystorePKCS12(byte[] content, int position, String password) throws UtilsException {
  56.         return loadEngine(ArchiveType.PKCS12, content, position, null, password, false);
  57.     }
  58.     public static Certificate loadFromKeystorePKCS12(byte[] content, String alias, String password) throws UtilsException {
  59.         return loadEngine(ArchiveType.PKCS12, content, -1, alias, password, false);
  60.     }
  61.     
  62.     public static Certificate loadFromKeystoreJKS(byte[] content, int position, String password) throws UtilsException {
  63.         return loadEngine(ArchiveType.JKS, content, position, null, password, false);
  64.     }
  65.     public static Certificate loadFromKeystoreJKS(byte[] content, String alias, String password) throws UtilsException {
  66.         return loadEngine(ArchiveType.JKS, content, -1, alias, password, false);
  67.     }
  68.     
  69.     public static Certificate load(ArchiveType type, byte[] content, int position, String password) throws UtilsException {
  70.         return loadEngine(type, content, position, null, password, false);
  71.     }
  72.     public static Certificate load(ArchiveType type, byte[] content, String alias, String password) throws UtilsException {
  73.         return loadEngine(type, content, -1, alias, password, false);
  74.     }
  75.     private static Certificate loadEngine(ArchiveType type, byte[] content, int position, String alias, String password, boolean chain) throws UtilsException {
  76.         
  77.         try {
  78.         
  79.             switch (type) {
  80.             case JKS:
  81.             case PKCS12:
  82.                 return buildCertificateFromKeyStore(type, content, position, alias, password);
  83.             case CER:
  84.                 return buildCertificateFromCER(content, alias, chain);
  85.             default:
  86.                 break;
  87.             }
  88.             
  89.             throw new UtilsException("Certificate not found in archive (type: "+type+")");
  90.             
  91.         }catch(Exception e) {
  92.             throw new UtilsException(e.getMessage(),e);
  93.         }
  94.     }
  95.     private static Certificate buildCertificateFromKeyStore(ArchiveType type, byte[] content, int position, String alias, String password) throws UtilsException {
  96.         try {
  97.             KeyStore ks = KeystoreUtils.readKeystore(content, type.name(), password);
  98.             
  99.             Enumeration<String> en = ks.aliases();
  100.             int index = -1;
  101.             while (en.hasMoreElements()) {
  102.                 index ++;
  103.                 String aliasCheck = en.nextElement();
  104.                 java.security.cert.Certificate baseCert = ks.getCertificate(aliasCheck);
  105.                 if(!(baseCert instanceof X509Certificate)) {
  106.                     if(aliasCheck.equalsIgnoreCase(alias)) {
  107.                         throw new UtilsException("Certificate ["+alias+"] isn't X509");
  108.                     }else {
  109.                         continue;
  110.                     }
  111.                 }
  112.                 X509Certificate cert = (X509Certificate) baseCert;
  113.                 java.security.cert.Certificate[] baseCertChain = ks.getCertificateChain(aliasCheck);
  114.                 List<java.security.cert.X509Certificate> certChain = readCertificateChain(baseCertChain);
  115.                     
  116.                 if( 
  117.                     (aliasCheck.equalsIgnoreCase(alias))
  118.                     ||
  119.                     (position>=0 && index==position)
  120.                     ) {
  121.                     return new Certificate(aliasCheck, cert, certChain);
  122.                 }
  123.             }
  124.             
  125.             if(alias!=null) {
  126.                 throw new UtilsException("Certificate ["+alias+"] not found");
  127.             }
  128.             else {
  129.                 throw new UtilsException("Certificate at position ["+position+"] not found");
  130.             }
  131.         }catch(Exception e) {
  132.             throw new UtilsException(e.getMessage(),e);
  133.         }
  134.     }
  135.     private static List<java.security.cert.X509Certificate> readCertificateChain(java.security.cert.Certificate[] baseCertChain) throws UtilsException {
  136.         try {
  137.             List<java.security.cert.X509Certificate> certChain = null;
  138.             if(baseCertChain!=null && baseCertChain.length>0) {
  139.                 for (int i = 0; i < baseCertChain.length; i++) {
  140.                     java.security.cert.Certificate check = baseCertChain[i];
  141.                     if(check instanceof X509Certificate) {
  142.                         if(certChain==null) {
  143.                             certChain = new ArrayList<>();
  144.                         }
  145.                         certChain.add((X509Certificate) check);
  146.                     }
  147.                 }
  148.             }
  149.             return certChain;
  150.         }catch(Exception e) {
  151.             throw new UtilsException(e.getMessage(),e);
  152.         }
  153.     }
  154.     private static Certificate buildCertificateFromCER( byte[] content, String alias, boolean chain) throws UtilsException {
  155.         try {
  156.             if(alias==null) {
  157.                 alias = "cert";
  158.             }
  159.             
  160.             CertificateFactory fact = org.openspcoop2.utils.certificate.CertificateFactory.getCertificateFactory();
  161.             if(chain) {
  162.                 try(ByteArrayInputStream bin = new ByteArrayInputStream(content)){
  163.                     Collection<? extends java.security.cert.Certificate> certs = fact.generateCertificates(bin);
  164.                     return loadCertificateChain(certs, alias);
  165.                 }
  166.             }
  167.             else {
  168.                 // provo prima a caricarlo come chain
  169.                 // I formati pkcs7 devono ad esempio essere caricati tramite la primitiva generateCertificates
  170.                 Collection<? extends java.security.cert.Certificate> certs = buildCollectionCertificate(fact, content);
  171.                 
  172.                 if(certs==null || certs.isEmpty()) {
  173.                     try(ByteArrayInputStream bin = new ByteArrayInputStream(content)){
  174.                         X509Certificate cer = (X509Certificate) fact.generateCertificate(bin);
  175.                         return new Certificate(alias, cer);
  176.                     }
  177.                 }
  178.                 else {
  179.                     return loadCertificateChain(certs, alias);
  180.                 }
  181.             }
  182.         }catch(Exception e) {
  183.             throw new UtilsException(e.getMessage(),e);
  184.         }
  185.     }
  186.     private static Collection<? extends java.security.cert.Certificate> buildCollectionCertificate(CertificateFactory fact, byte[]content){
  187.         Collection<? extends java.security.cert.Certificate> certs = null;
  188.         try(ByteArrayInputStream bin = new ByteArrayInputStream(content)){
  189.             certs = fact.generateCertificates(bin);
  190.         }catch(Exception t) {
  191.             // ignore
  192.         }
  193.         return certs;
  194.     }
  195.     
  196.     private static Certificate loadCertificateChain(Collection<? extends java.security.cert.Certificate> certs, String alias) throws UtilsException {
  197.         if(certs==null || certs.isEmpty()) {
  198.             throw new UtilsException("Certificates not found");
  199.         }
  200.         int cList = 0;
  201.         X509Certificate cer = null;
  202.         List<X509Certificate> listChain = null;
  203.         for (java.security.cert.Certificate c : certs) {
  204.             if(c instanceof X509Certificate) {
  205.                 X509Certificate tmp = (X509Certificate) c;
  206.                 if(cList==0) {
  207.                     cer = tmp;
  208.                 }
  209.                 else {
  210.                     if(listChain==null) {
  211.                         listChain = new ArrayList<>();
  212.                     }
  213.                     listChain.add(tmp);
  214.                 }
  215.                 cList++;
  216.             }
  217.         }
  218.         if(listChain!=null) {
  219.             return new Certificate(alias, cer, listChain);
  220.         }
  221.         else {
  222.             return new Certificate(alias, cer);
  223.         }
  224.     }
  225.     
  226.     public static List<String> readAliasesInKeystorePKCS12(byte[] content, String password) throws UtilsException {
  227.         return readAliasesEngine(ArchiveType.PKCS12, content, password);
  228.     }
  229.     public static List<String> readAliasesInKeystoreJKS(byte[] content, String password) throws UtilsException {
  230.         return readAliasesEngine(ArchiveType.JKS, content, password);
  231.     }
  232.     public static List<String> readAliases(ArchiveType type, byte[] content, String password) throws UtilsException {
  233.         return readAliasesEngine(type, content, password);
  234.     }
  235.     private static List<String> readAliasesEngine(ArchiveType type, byte[] content, String password) throws UtilsException {
  236.         
  237.         try {
  238.         
  239.             switch (type) {
  240.             case JKS:
  241.             case PKCS12:
  242.             
  243.                 KeyStore ks = KeystoreUtils.readKeystore(content, type.name(), password);
  244.                 
  245.                 Enumeration<String> en = ks.aliases();
  246.                 List<String> list = new ArrayList<>();
  247.                 while (en.hasMoreElements()) {
  248.                     String alias = en.nextElement();
  249.                     list.add(alias);
  250.                 }
  251.                 return list;
  252.     
  253.             case CER:
  254.                 
  255.                 throw new UtilsException("Type '"+type+"' hasn't alias");
  256.                 
  257.             default:
  258.                 break;
  259.             }
  260.             
  261.             throw new UtilsException("Certificate not found in archive (type: "+type+")");
  262.             
  263.         }catch(Exception e) {
  264.             throw new UtilsException(e.getMessage(),e);
  265.         }
  266.     }   
  267. }
Created with JaCoCo 0.8.8.202204050719