mirror of
https://github.com/igniterealtime/Spark.git
synced 2026-02-28 20:45:40 +00:00
Merge pull request #376 from Alameyo/create_empty_KeyStores
SPARK-1989 create empty KeyStores
This commit is contained in:
Guus der Kinderen
GitHub
@ -2,7 +2,10 @@ package org.jivesoftware.sparkimpl.certificates;
|
||||
|
||||
import java.awt.HeadlessException;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.KeyStore;
|
||||
import java.security.KeyStoreException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.UnrecoverableKeyException;
|
||||
@ -10,6 +13,7 @@ import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.util.Base64;
|
||||
import java.util.Enumeration;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
@ -21,6 +25,7 @@ import javax.swing.table.DefaultTableModel;
|
||||
|
||||
import org.jivesoftware.resource.Res;
|
||||
import org.jivesoftware.spark.ui.login.CertificateDialog;
|
||||
import org.jivesoftware.spark.util.log.Log;
|
||||
import org.jivesoftware.sparkimpl.settings.local.LocalPreferences;
|
||||
|
||||
/**
|
||||
@ -43,7 +48,6 @@ public abstract class CertManager {
|
||||
|
||||
public abstract void deleteEntry(String alias) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException;
|
||||
public abstract void addOrRemoveFromExceptionList(boolean checked);
|
||||
|
||||
public abstract boolean isOnExceptionList(CertificateModel cert);
|
||||
|
||||
protected abstract void refreshCertTable();
|
||||
@ -148,5 +152,54 @@ public abstract class CertManager {
|
||||
|
||||
new CertificateDialog(localPreferences, certModel, this, reason);
|
||||
}
|
||||
|
||||
protected KeyStore openKeyStore(File file){
|
||||
KeyStore keyStore = null;
|
||||
try {
|
||||
keyStore = KeyStore.getInstance("JKS");
|
||||
// checking if length >0 prevents EOFExceptions
|
||||
if (file.exists() && !file.isDirectory() && file.length() > 0) {
|
||||
try (InputStream inputStream = new FileInputStream(file)) {
|
||||
keyStore.load(inputStream, passwd);
|
||||
} catch (IOException | NoSuchAlgorithmException | CertificateException e) {
|
||||
Log.error("Error at accesing exceptions KeyStore", e);
|
||||
}
|
||||
} else {
|
||||
keyStore.load(null, passwd); // if cannot open KeyStore then new empty one will be created
|
||||
}
|
||||
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
|
||||
Log.warning("Cannot create exceptions KeyStore", e);
|
||||
}
|
||||
return keyStore;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add certificates from keyStore to list. Useful for displaying in certificate table.
|
||||
*
|
||||
* @param KeyStore source keystore.
|
||||
* @param List list which will be filled with certificate models.
|
||||
* @throws KeyStoreException
|
||||
*/
|
||||
|
||||
protected List<CertificateModel> fillTableListWithKeyStoreContent(KeyStore keyStore, List<CertificateModel> list) {
|
||||
if (keyStore != null) {
|
||||
Enumeration<String> store;
|
||||
try {
|
||||
store = keyStore.aliases();
|
||||
|
||||
while (store.hasMoreElements()) {
|
||||
String alias = (String) store.nextElement();
|
||||
X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias);
|
||||
CertificateModel certModel = new CertificateModel(certificate, alias);
|
||||
if (list != null) {
|
||||
list.add(certModel);
|
||||
}
|
||||
allCertificates.add(certModel);
|
||||
}
|
||||
} catch (KeyStoreException e) {
|
||||
Log.error("Cannot read KeyStore", e);
|
||||
}
|
||||
}
|
||||
return list;
|
||||
}
|
||||
}
|
||||
|
||||
@ -69,78 +69,44 @@ public class CertificateController extends CertManager {
|
||||
*/
|
||||
@Override
|
||||
public void loadKeyStores() {
|
||||
try (InputStream inputStram = new FileInputStream(TRUSTED)) {
|
||||
|
||||
trustStore = KeyStore.getInstance("JKS");
|
||||
trustStore.load(inputStram, passwd);
|
||||
trustedCertificates = fillTableListWithKeyStoreContent(trustStore, trustedCertificates);
|
||||
|
||||
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
|
||||
Log.warning("TrustStore couldn't be loaded: maybe empty");
|
||||
try {
|
||||
trustStore.load(null, passwd);
|
||||
} catch (NoSuchAlgorithmException | CertificateException | IOException e1) {
|
||||
Log.warning("TrustStore couldn't be loaded: other bug");
|
||||
}
|
||||
}
|
||||
try (InputStream inputStram = new FileInputStream(EXCEPTIONS)) {
|
||||
|
||||
exceptionsStore = KeyStore.getInstance("JKS");
|
||||
exceptionsStore.load(inputStram, passwd);
|
||||
exemptedCertificates = fillTableListWithKeyStoreContent(exceptionsStore, exemptedCertificates);
|
||||
|
||||
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
|
||||
Log.warning("ExceptionsStore couldn't be loaded: maybe empty");
|
||||
try {
|
||||
exceptionsStore.load(null, passwd);
|
||||
} catch (NoSuchAlgorithmException | CertificateException | IOException e1) {
|
||||
Log.warning("ExceptionsStore couldn't be loaded: other bug");
|
||||
}
|
||||
}
|
||||
try (InputStream inputStram = new FileInputStream(BLACKLIST)) {
|
||||
|
||||
blackListStore = KeyStore.getInstance("JKS");
|
||||
blackListStore.load(inputStram, passwd);
|
||||
blackListedCertificates = fillTableListWithKeyStoreContent(blackListStore, blackListedCertificates);
|
||||
|
||||
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
|
||||
|
||||
try {
|
||||
Log.warning("BlackListStore couldn't be loaded: maybe empty");
|
||||
blackListStore.load(null, passwd);
|
||||
} catch (NoSuchAlgorithmException | CertificateException | IOException e1) {
|
||||
Log.warning("BlackListStore couldn't be loaded: other bug");
|
||||
}
|
||||
}
|
||||
|
||||
trustStore = openKeyStore(TRUSTED);
|
||||
exceptionsStore = openKeyStore(EXCEPTIONS);
|
||||
blackListStore = openKeyStore(BLACKLIST);
|
||||
trustedCertificates = fillTableListWithKeyStoreContent(trustStore, trustedCertificates);
|
||||
exemptedCertificates = fillTableListWithKeyStoreContent(exceptionsStore, exemptedCertificates);
|
||||
blackListedCertificates = fillTableListWithKeyStoreContent(blackListStore, blackListedCertificates);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public void overWriteKeyStores() {
|
||||
try (OutputStream outputStream = new FileOutputStream(TRUSTED)) {
|
||||
trustStore.store(outputStream, passwd);
|
||||
|
||||
if (trustStore != null) {
|
||||
trustStore.store(outputStream, passwd);
|
||||
}
|
||||
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
|
||||
Log.error("Couldn't save TrustStore");
|
||||
Log.error("Couldn't save TrustStore", e);
|
||||
}
|
||||
|
||||
try (OutputStream outputStream = new FileOutputStream(EXCEPTIONS)) {
|
||||
exceptionsStore.store(outputStream, passwd);
|
||||
|
||||
if (exceptionsStore != null) {
|
||||
exceptionsStore.store(outputStream, passwd);
|
||||
}
|
||||
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
|
||||
Log.error("Couldn't save ExceptionsStore");
|
||||
Log.error("Couldn't save ExceptionsStore", e);
|
||||
}
|
||||
|
||||
try (OutputStream outputStream = new FileOutputStream(BLACKLIST)) {
|
||||
blackListStore.store(outputStream, passwd);
|
||||
|
||||
if (blackListStore != null) {
|
||||
blackListStore.store(outputStream, passwd);
|
||||
}
|
||||
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
|
||||
Log.error("Couldn't save BlackListStore");
|
||||
Log.error("Couldn't save BlackListStore", e);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public void createCertTableModel(){
|
||||
|
||||
public void createCertTableModel(){
|
||||
tableModel = new DefaultTableModel() {
|
||||
// return adequate classes for columns so last column is Boolean
|
||||
// displayed as checkbox
|
||||
@ -165,7 +131,7 @@ public class CertificateController extends CertManager {
|
||||
};
|
||||
|
||||
tableModel.setColumnIdentifiers(COLUMN_NAMES);
|
||||
Object[] certEntry;certEntry = new Object[NUMBER_OF_COLUMNS];
|
||||
Object[] certEntry = new Object[NUMBER_OF_COLUMNS];
|
||||
|
||||
if (trustedCertificates != null) {
|
||||
// put certificate from arrayList into rows with chosen columns
|
||||
@ -238,27 +204,7 @@ public class CertificateController extends CertManager {
|
||||
return blackListedCertificates.contains(cert);
|
||||
}
|
||||
|
||||
/**
|
||||
* Add certificates from keyStore to list. Useful for displaying in certificate table.
|
||||
*
|
||||
* @param KeyStore source keystore.
|
||||
* @param List list which will be filled with certificate models.
|
||||
* @throws KeyStoreException
|
||||
*/
|
||||
|
||||
private List<CertificateModel> fillTableListWithKeyStoreContent(KeyStore keyStore, List<CertificateModel> list) throws KeyStoreException {
|
||||
|
||||
Enumeration<String> store = keyStore.aliases();
|
||||
while (store.hasMoreElements()) {
|
||||
String alias = (String) store.nextElement();
|
||||
X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias);
|
||||
CertificateModel certModel = new CertificateModel(certificate, alias);
|
||||
list.add(certModel);
|
||||
allCertificates.add(certModel);
|
||||
}
|
||||
|
||||
return list;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return file path which contains certificate with given alias;
|
||||
|
||||
@ -2,7 +2,6 @@ package org.jivesoftware.sparkimpl.certificates;
|
||||
|
||||
import java.awt.HeadlessException;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
@ -65,7 +64,7 @@ public class IdentityController extends CertManager {
|
||||
*/
|
||||
|
||||
private static String commonName, organizationUnit, organization,city, country;
|
||||
public final static File IDENTITY = new File( Spark.getSparkUserHome() + File.separator + "security" + File.separator + "identitystore.jks");
|
||||
public final static File IDENTITY = new File( Spark.getSparkUserHome() + File.separator + "security" + File.separator + "identitystore");
|
||||
public final static File SECURITY_DIRECTORY = new File( Spark.getSparkUserHome() + File.separator + "security");
|
||||
public static File CSR_FILE = new File( Spark.getSparkUserHome() + File.separator + "security" + File.separator + commonName + "_csr.pem");
|
||||
public static File KEY_FILE = new File( Spark.getSparkUserHome() + File.separator + "security" + File.separator + commonName + "_key.pem");
|
||||
@ -85,45 +84,26 @@ public class IdentityController extends CertManager {
|
||||
}
|
||||
this.localPreferences = localPreferences;
|
||||
|
||||
try {
|
||||
fillTableListWithKeyStoreContent(idStore, allCertificates);
|
||||
} catch (KeyStoreException e) {
|
||||
Log.error("Couldn't fill identity certificates list", e);
|
||||
}
|
||||
|
||||
createTableModel();
|
||||
|
||||
}
|
||||
|
||||
public void loadKeyStores() {
|
||||
if (IDENTITY.exists() && IDENTITY.isFile()) {
|
||||
|
||||
try (final FileInputStream inputStream = new FileInputStream(IDENTITY)) {
|
||||
|
||||
idStore = KeyStore.getInstance("JKS");
|
||||
idStore.load(inputStream, passwd);
|
||||
|
||||
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
|
||||
Log.error("Couldn't open idetity store", e);
|
||||
}
|
||||
} else {
|
||||
try {
|
||||
|
||||
idStore = KeyStore.getInstance("JKS");
|
||||
idStore.load(null, passwd);
|
||||
|
||||
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
|
||||
Log.error("Couldn't create identity store", e);
|
||||
}
|
||||
}
|
||||
idStore = openKeyStore(IDENTITY);
|
||||
fillTableListWithKeyStoreContent(idStore, null);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void overWriteKeyStores() {
|
||||
try (OutputStream outputStream = new FileOutputStream(IDENTITY)) {
|
||||
idStore.store(outputStream, passwd);
|
||||
|
||||
if (idStore != null) {
|
||||
idStore.store(outputStream, passwd);
|
||||
}
|
||||
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
|
||||
Log.error("Couldn't save TrustStore");
|
||||
Log.error("Couldn't save TrustStore" , e);
|
||||
}
|
||||
|
||||
}
|
||||
@ -165,20 +145,6 @@ public class IdentityController extends CertManager {
|
||||
}
|
||||
}
|
||||
|
||||
private List<CertificateModel> fillTableListWithKeyStoreContent(KeyStore keyStore, List<CertificateModel> list)
|
||||
throws KeyStoreException {
|
||||
|
||||
Enumeration<String> store = keyStore.aliases();
|
||||
while (store.hasMoreElements()) {
|
||||
String alias = (String) store.nextElement();
|
||||
X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias);
|
||||
CertificateModel certModel = new CertificateModel(certificate, alias);
|
||||
list.add(certModel);
|
||||
}
|
||||
|
||||
return list;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void showCertificate() {
|
||||
CertificateDialog certDialog = new CertificateDialog(localPreferences,
|
||||
@ -327,7 +293,6 @@ public class IdentityController extends CertManager {
|
||||
X509Certificate[] chain = {addedCert};
|
||||
|
||||
idStore.setKeyEntry(alias, key, passwd, chain);
|
||||
idStore.setCertificateEntry(alias, addedCert);
|
||||
allCertificates.add(new CertificateModel(addedCert));
|
||||
refreshCertTable();
|
||||
JOptionPane.showMessageDialog(null, Res.getString("dialog.certificate.has.been.added"));
|
||||
|
||||
@ -25,20 +25,18 @@ import javax.net.ssl.X509TrustManager;
|
||||
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.jivesoftware.spark.util.log.Log;
|
||||
import org.jivesoftware.sparkimpl.settings.local.LocalPreferences;
|
||||
import org.jivesoftware.sparkimpl.settings.local.SettingsManager;
|
||||
|
||||
public class SparkExceptionsTrustManager implements X509TrustManager {
|
||||
|
||||
KeyStore exceptionsStore;
|
||||
private Provider bcProvider = new BouncyCastleProvider(); // bc provider for path validation
|
||||
|
||||
private LocalPreferences localPref = SettingsManager.getLocalPreferences();
|
||||
public SparkExceptionsTrustManager() {
|
||||
try (InputStream inputStream = new FileInputStream(CertificateController.EXCEPTIONS)) {
|
||||
this.exceptionsStore = KeyStore.getInstance("JKS");
|
||||
exceptionsStore.load(inputStream, CertificateController.passwd);
|
||||
} catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) {
|
||||
Log.error("Couldn't load keystore for certificate exceptions authentication", e);
|
||||
;
|
||||
}
|
||||
CertificateController certControll = new CertificateController(localPref);
|
||||
exceptionsStore = certControll.openKeyStore(CertificateController.EXCEPTIONS);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -46,10 +46,8 @@ public class SparkSSLContext extends SSLContext {
|
||||
} else if (options == options.BOTH) {
|
||||
|
||||
IdentityController identityController = new IdentityController(SettingsManager.getLocalPreferences());
|
||||
//X509ExtendedKeyManager[] km= (X509ExtendedKeyManager[]) identityController.initKeyManagerFactory().getKeyManagers();
|
||||
|
||||
context.init(identityController.initKeyManagerFactory().getKeyManagers(), SparkTrustManager.getTrustManagerList(), new SecureRandom());
|
||||
|
||||
|
||||
} else if (options == options.ONLY_CLIENT_SIDE){
|
||||
IdentityController identityController = new IdentityController(SettingsManager.getLocalPreferences());
|
||||
context.init(identityController.initKeyManagerFactory().getKeyManagers(), null, new SecureRandom());
|
||||
|
||||
@ -341,21 +341,12 @@ public class SparkTrustManager implements X509TrustManager {
|
||||
* loads truststore and potentially (depending on settings) blacklist
|
||||
*/
|
||||
private void loadTrustStore() {
|
||||
try (FileInputStream inputStream = new FileInputStream(CertificateController.TRUSTED)) {
|
||||
trustStore = KeyStore.getInstance("JKS");
|
||||
trustStore.load(inputStream, CertificateController.passwd);
|
||||
} catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) {
|
||||
Log.error("Error at accesing Truststore", e);
|
||||
trustStore = certControll.openKeyStore(CertificateController.TRUSTED);
|
||||
|
||||
if (acceptRevoked) {
|
||||
blackStore = certControll.openKeyStore(CertificateController.BLACKLIST);
|
||||
}
|
||||
if(acceptRevoked){
|
||||
try (FileInputStream inputStream = new FileInputStream(CertificateController.BLACKLIST)) {
|
||||
blackStore = KeyStore.getInstance("JKS");
|
||||
blackStore.load(inputStream, CertificateController.passwd);
|
||||
} catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) {
|
||||
Log.error("Error at accesing blacklist Keystore", e);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
private void loadCRL(X509Certificate[] chain) throws IOException, InvalidAlgorithmParameterException,
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Reference in New Issue
Block a user