CRLCertstore.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.utils.certificate;

  23. import java.io.ByteArrayInputStream;
  24. import java.io.File;
  25. import java.io.FileInputStream;
  26. import java.io.IOException;
  27. import java.io.InputStream;
  28. import java.io.Serializable;
  29. import java.security.cert.CertStore;
  30. import java.security.cert.CertificateFactory;
  31. import java.security.cert.CollectionCertStoreParameters;
  32. import java.security.cert.X509CRL;
  33. import java.util.ArrayList;
  34. import java.util.List;
  35. import java.util.Map;

  37. import org.apache.commons.lang.StringUtils;
  38. import org.openspcoop2.utils.Utilities;
  39. import org.openspcoop2.utils.UtilsException;

  41. /**
  42.  * CRLCertstore
  43.  *
  44.  * @author Andrea Poli (apoli@link.it)
  45.  * @author $Author$
  46.  * @version $Rev$, $Date$
  47.  */
  48. public class CRLCertstore implements Serializable {

  50.     /**
  51.      * 
  52.      */
  53.     private static final long serialVersionUID = 1L;

  55.     private List<byte []> crlBytes = null;
  56.     private List<String> crlPaths = null;
  57.     
  58.     private transient CertificateFactory certFactory = null;
  59.     private transient List<X509CRL> caCrls = null;
  60.     private transient CertStore certStore = null;
  61.     
  62.     @Override
  63.     public String toString() {
  64.         StringBuilder bf = new StringBuilder();
  65.         bf.append("CRLCertstore (");
  66.         boolean first = true;
  67.         if(this.crlPaths!=null) {
  68.             for (String crlPath : this.crlPaths) {
  69.                 if(!first) {
  70.                     bf.append(", ");
  71.                 }
  72.                 bf.append(crlPath); 
  73.                 first=false;
  74.             }
  75.         }
  76.         else {
  77.             bf.append("Nessuna crl definita");
  78.         }
  79.         bf.append(")");
  80.         return bf.toString();
  81.     }
  82.     
  83.     public static List<String> readCrlPaths(String crlPaths){
  84.         List<String> crlPathsList = new ArrayList<>();
  85.         if(crlPaths!=null && StringUtils.isNotEmpty(crlPaths)) {
  86.             if(crlPaths.contains(",")) {
  87.                 String [] tmp = crlPaths.split(",");
  88.                 for (String crlPath : tmp) {
  89.                     crlPathsList.add(crlPath.trim());
  90.                 }
  91.             }
  92.             else {
  93.                 crlPathsList.add(crlPaths.trim());
  94.             }
  95.         }
  96.         return crlPathsList;
  97.     }
  98.     
  99.     public static String convertToCrlPaths(List<String> crlPathsList) {
  100.         StringBuilder sb = new StringBuilder();
  101.         if(crlPathsList==null || crlPathsList.isEmpty()) {
  102.             return null;
  103.         }
  104.         for (String path : crlPathsList) {
  105.             if(sb.length()>0) {
  106.                 sb.append(",");
  107.             }
  108.             sb.append(path);
  109.         }
  110.         return sb.toString();
  111.     }
  112.     
  113.     public CRLCertstore(String crlPaths) throws UtilsException {
  114.         this(crlPaths, null);
  115.     }
  116.     public CRLCertstore(String crlPaths, Map<String, byte[]> localResources) throws UtilsException {
  117.         List<String> crlPathsList = readCrlPaths(crlPaths);
  118.         this.initEngine(crlPathsList, localResources);
  119.     }
  120.     
  121.     public CRLCertstore(List<String> crlPaths) throws UtilsException{
  122.         this(crlPaths, null);
  123.     }
  124.     public CRLCertstore(List<String> crlPaths, Map<String, byte[]> localResources) throws UtilsException{
  125.         this.initEngine(crlPaths, localResources);
  126.     }
  127.     
  128.     private void initEngine(List<String> crlPaths, Map<String, byte[]> localResources) throws UtilsException{
  129.         
  130.         try{
  131.             if(crlPaths==null || crlPaths.isEmpty()){
  132.                 throw new UtilsException("crlPaths non indicato");
  133.             }
  134.         
  135.             this.crlPaths = crlPaths;
  136.             this.crlBytes = new ArrayList<>();
  137.             
  138.             for (String crlPath : crlPaths) {

  140.                 if(localResources!=null && !localResources.isEmpty() && localResources.containsKey(crlPath)) {
  141.                     
  142.                     byte[] r = localResources.get(crlPath);
  143.                     if(r!=null && r.length>0) {
  144.                         this.crlBytes.add(r);
  145.                     }
  146.                     
  147.                     continue;
  148.                 }
  149.                 
  150.                 initEngineCrl(crlPath);
  151.             }
  152.             

  154.             this.initCRL();
  155.             
  156.         }catch(Exception e){
  157.             throw new UtilsException(e.getMessage(),e);
  158.         }
  159.         
  160.     }
  161.     private void initEngineCrl(String crlPath) throws UtilsException, IOException {
  162.         
  163.         byte[] crlBytesAdd = null;
  164.         File fStore = new File(crlPath);
  165.         boolean fStoreExists = fStore.exists();
  166.         try(InputStream isStore = fStoreExists ? new FileInputStream(fStore) : CRLCertstore.class.getResourceAsStream(crlPath);){
  167.             if(isStore!=null) {
  168.                 crlBytesAdd = Utilities.getAsByteArray(isStore);
  169.             }
  170.         }
  171.         if(crlBytesAdd==null && !fStoreExists) {
  172.             try(InputStream isStore = CRLCertstore.class.getResourceAsStream("/"+crlPath);){
  173.                 if(isStore!=null) {
  174.                     crlBytesAdd = Utilities.getAsByteArray(isStore);
  175.                 }
  176.             }
  177.         }
  178.         if(crlBytesAdd==null) {
  179.             throw new UtilsException("Store ["+crlPath+"] not found");
  180.         }
  181.         this.crlBytes.add(crlBytesAdd);
  182.     }
  183.     
  184.     
  185.     private void checkInit() throws UtilsException{
  186.         if(this.caCrls==null) {
  187.             this.initCRL();
  188.         }
  189.     }
  190.     private synchronized void initCRL() throws UtilsException{
  191.         if(this.caCrls==null) {
  192.             
  193.             // create a X509 certificate factory for later use
  194.             try {
  195.                 this.certFactory = org.openspcoop2.utils.certificate.CertificateFactory.getCertificateFactory();
  196.             }catch(Exception e){
  197.                 throw new UtilsException("Error getInstance CertificateFactory: "+e.getMessage(),e);
  198.             }
  199.             
  200.             this.caCrls = new ArrayList<>();
  201.             for (int i = 0; i < this.crlBytes.size(); i++) {
  202.                 byte [] crl = this.crlBytes.get(i);
  203.                 try(ByteArrayInputStream bin = new ByteArrayInputStream(crl)){
  204.                     X509CRL caCrl = (X509CRL) this.certFactory.generateCRL(bin); 
  205.                     this.caCrls.add(caCrl);
  206.                 }
  207.                 catch(Exception e){
  208.                     throw new UtilsException("Error loading CRL '"+this.crlPaths.get(i)+"': "+e.getMessage(),e);
  209.                 }
  210.             }
  211.             
  212.             try {
  213.                 CollectionCertStoreParameters certStoreParams =
  214.                             new CollectionCertStoreParameters(this.caCrls);
  215.                 this.certStore =
  216.                             CertStore.getInstance("Collection", certStoreParams);
  217.             }catch(Exception e){
  218.                 throw new UtilsException("Build CertStore failed: "+e.getMessage(),e);
  219.             }
  220.         }
  221.     }
  222.     

  224.     public CertificateFactory getCertFactory() throws UtilsException {
  225.         this.checkInit(); // per ripristino da Serializable
  226.         return this.certFactory;
  227.     }

  229.     public List<X509CRL> getCaCrls() throws UtilsException {
  230.         this.checkInit(); // per ripristino da Serializable
  231.         return this.caCrls;
  232.     }

  234.     public CertStore getCertStore() throws UtilsException {
  235.         this.checkInit(); // per ripristino da Serializable
  236.         return this.certStore;
  237.     }
  238.     
  239.     public int countCrls() {
  240.         return this.crlBytes!=null ? this.crlBytes.size() : 0;
  241.     }
  242.     
  243. }
Created with JaCoCo 0.8.8.202204050719