diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/CertManager.java b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/CertManager.java index c6d72eb2a..fb6ae6b90 100644 --- a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/CertManager.java +++ b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/CertManager.java @@ -2,7 +2,10 @@ package org.jivesoftware.sparkimpl.certificates; import java.awt.HeadlessException; import java.io.File; +import java.io.FileInputStream; import java.io.IOException; +import java.io.InputStream; +import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; @@ -10,6 +13,7 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.spec.InvalidKeySpecException; import java.util.Base64; +import java.util.Enumeration; import java.util.LinkedList; import java.util.List; @@ -21,6 +25,7 @@ import javax.swing.table.DefaultTableModel; import org.jivesoftware.resource.Res; import org.jivesoftware.spark.ui.login.CertificateDialog; +import org.jivesoftware.spark.util.log.Log; import org.jivesoftware.sparkimpl.settings.local.LocalPreferences; /** @@ -43,7 +48,6 @@ public abstract class CertManager { public abstract void deleteEntry(String alias) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException; public abstract void addOrRemoveFromExceptionList(boolean checked); - public abstract boolean isOnExceptionList(CertificateModel cert); protected abstract void refreshCertTable(); @@ -148,5 +152,54 @@ public abstract class CertManager { new CertificateDialog(localPreferences, certModel, this, reason); } + + protected KeyStore openKeyStore(File file){ + KeyStore keyStore = null; + try { + keyStore = KeyStore.getInstance("JKS"); + // checking if length >0 prevents EOFExceptions + if (file.exists() && !file.isDirectory() && file.length() > 0) { + try (InputStream inputStream = new FileInputStream(file)) { + keyStore.load(inputStream, passwd); + } catch (IOException | NoSuchAlgorithmException | CertificateException e) { + Log.error("Error at accesing exceptions KeyStore", e); + } + } else { + keyStore.load(null, passwd); // if cannot open KeyStore then new empty one will be created + } + } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { + Log.warning("Cannot create exceptions KeyStore", e); + } + return keyStore; + } + + /** + * Add certificates from keyStore to list. Useful for displaying in certificate table. + * + * @param KeyStore source keystore. + * @param List list which will be filled with certificate models. + * @throws KeyStoreException + */ + protected List fillTableListWithKeyStoreContent(KeyStore keyStore, List list) { + if (keyStore != null) { + Enumeration store; + try { + store = keyStore.aliases(); + + while (store.hasMoreElements()) { + String alias = (String) store.nextElement(); + X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); + CertificateModel certModel = new CertificateModel(certificate, alias); + if (list != null) { + list.add(certModel); + } + allCertificates.add(certModel); + } + } catch (KeyStoreException e) { + Log.error("Cannot read KeyStore", e); + } + } + return list; + } } diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/CertificateController.java b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/CertificateController.java index 379663b40..5ed690c04 100644 --- a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/CertificateController.java +++ b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/CertificateController.java @@ -69,78 +69,44 @@ public class CertificateController extends CertManager { */ @Override public void loadKeyStores() { - try (InputStream inputStram = new FileInputStream(TRUSTED)) { - - trustStore = KeyStore.getInstance("JKS"); - trustStore.load(inputStram, passwd); - trustedCertificates = fillTableListWithKeyStoreContent(trustStore, trustedCertificates); - - } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) { - Log.warning("TrustStore couldn't be loaded: maybe empty"); - try { - trustStore.load(null, passwd); - } catch (NoSuchAlgorithmException | CertificateException | IOException e1) { - Log.warning("TrustStore couldn't be loaded: other bug"); - } - } - try (InputStream inputStram = new FileInputStream(EXCEPTIONS)) { - - exceptionsStore = KeyStore.getInstance("JKS"); - exceptionsStore.load(inputStram, passwd); - exemptedCertificates = fillTableListWithKeyStoreContent(exceptionsStore, exemptedCertificates); - - } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) { - Log.warning("ExceptionsStore couldn't be loaded: maybe empty"); - try { - exceptionsStore.load(null, passwd); - } catch (NoSuchAlgorithmException | CertificateException | IOException e1) { - Log.warning("ExceptionsStore couldn't be loaded: other bug"); - } - } - try (InputStream inputStram = new FileInputStream(BLACKLIST)) { - - blackListStore = KeyStore.getInstance("JKS"); - blackListStore.load(inputStram, passwd); - blackListedCertificates = fillTableListWithKeyStoreContent(blackListStore, blackListedCertificates); - - } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) { - - try { - Log.warning("BlackListStore couldn't be loaded: maybe empty"); - blackListStore.load(null, passwd); - } catch (NoSuchAlgorithmException | CertificateException | IOException e1) { - Log.warning("BlackListStore couldn't be loaded: other bug"); - } - } - + trustStore = openKeyStore(TRUSTED); + exceptionsStore = openKeyStore(EXCEPTIONS); + blackListStore = openKeyStore(BLACKLIST); + trustedCertificates = fillTableListWithKeyStoreContent(trustStore, trustedCertificates); + exemptedCertificates = fillTableListWithKeyStoreContent(exceptionsStore, exemptedCertificates); + blackListedCertificates = fillTableListWithKeyStoreContent(blackListStore, blackListedCertificates); + } - + @Override public void overWriteKeyStores() { try (OutputStream outputStream = new FileOutputStream(TRUSTED)) { - trustStore.store(outputStream, passwd); - + if (trustStore != null) { + trustStore.store(outputStream, passwd); + } } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) { - Log.error("Couldn't save TrustStore"); + Log.error("Couldn't save TrustStore", e); } try (OutputStream outputStream = new FileOutputStream(EXCEPTIONS)) { - exceptionsStore.store(outputStream, passwd); - + if (exceptionsStore != null) { + exceptionsStore.store(outputStream, passwd); + } } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) { - Log.error("Couldn't save ExceptionsStore"); + Log.error("Couldn't save ExceptionsStore", e); } try (OutputStream outputStream = new FileOutputStream(BLACKLIST)) { - blackListStore.store(outputStream, passwd); - + if (blackListStore != null) { + blackListStore.store(outputStream, passwd); + } } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) { - Log.error("Couldn't save BlackListStore"); + Log.error("Couldn't save BlackListStore", e); } } - - public void createCertTableModel(){ + + public void createCertTableModel(){ tableModel = new DefaultTableModel() { // return adequate classes for columns so last column is Boolean // displayed as checkbox @@ -165,7 +131,7 @@ public class CertificateController extends CertManager { }; tableModel.setColumnIdentifiers(COLUMN_NAMES); - Object[] certEntry;certEntry = new Object[NUMBER_OF_COLUMNS]; + Object[] certEntry = new Object[NUMBER_OF_COLUMNS]; if (trustedCertificates != null) { // put certificate from arrayList into rows with chosen columns @@ -238,27 +204,7 @@ public class CertificateController extends CertManager { return blackListedCertificates.contains(cert); } - /** - * Add certificates from keyStore to list. Useful for displaying in certificate table. - * - * @param KeyStore source keystore. - * @param List list which will be filled with certificate models. - * @throws KeyStoreException - */ - - private List fillTableListWithKeyStoreContent(KeyStore keyStore, List list) throws KeyStoreException { - Enumeration store = keyStore.aliases(); - while (store.hasMoreElements()) { - String alias = (String) store.nextElement(); - X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); - CertificateModel certModel = new CertificateModel(certificate, alias); - list.add(certModel); - allCertificates.add(certModel); - } - - return list; - } /** * Return file path which contains certificate with given alias; diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/IdentityController.java b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/IdentityController.java index e8d1863ee..461d54bd6 100644 --- a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/IdentityController.java +++ b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/IdentityController.java @@ -2,7 +2,6 @@ package org.jivesoftware.sparkimpl.certificates; import java.awt.HeadlessException; import java.io.File; -import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; @@ -65,7 +64,7 @@ public class IdentityController extends CertManager { */ private static String commonName, organizationUnit, organization,city, country; - public final static File IDENTITY = new File( Spark.getSparkUserHome() + File.separator + "security" + File.separator + "identitystore.jks"); + public final static File IDENTITY = new File( Spark.getSparkUserHome() + File.separator + "security" + File.separator + "identitystore"); public final static File SECURITY_DIRECTORY = new File( Spark.getSparkUserHome() + File.separator + "security"); public static File CSR_FILE = new File( Spark.getSparkUserHome() + File.separator + "security" + File.separator + commonName + "_csr.pem"); public static File KEY_FILE = new File( Spark.getSparkUserHome() + File.separator + "security" + File.separator + commonName + "_key.pem"); @@ -85,45 +84,26 @@ public class IdentityController extends CertManager { } this.localPreferences = localPreferences; - try { - fillTableListWithKeyStoreContent(idStore, allCertificates); - } catch (KeyStoreException e) { - Log.error("Couldn't fill identity certificates list", e); - } + createTableModel(); } public void loadKeyStores() { - if (IDENTITY.exists() && IDENTITY.isFile()) { - try (final FileInputStream inputStream = new FileInputStream(IDENTITY)) { - - idStore = KeyStore.getInstance("JKS"); - idStore.load(inputStream, passwd); - - } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { - Log.error("Couldn't open idetity store", e); - } - } else { - try { - - idStore = KeyStore.getInstance("JKS"); - idStore.load(null, passwd); - - } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) { - Log.error("Couldn't create identity store", e); - } - } + idStore = openKeyStore(IDENTITY); + fillTableListWithKeyStoreContent(idStore, null); + } @Override public void overWriteKeyStores() { try (OutputStream outputStream = new FileOutputStream(IDENTITY)) { - idStore.store(outputStream, passwd); - + if (idStore != null) { + idStore.store(outputStream, passwd); + } } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) { - Log.error("Couldn't save TrustStore"); + Log.error("Couldn't save TrustStore" , e); } } @@ -165,20 +145,6 @@ public class IdentityController extends CertManager { } } - private List fillTableListWithKeyStoreContent(KeyStore keyStore, List list) - throws KeyStoreException { - - Enumeration store = keyStore.aliases(); - while (store.hasMoreElements()) { - String alias = (String) store.nextElement(); - X509Certificate certificate = (X509Certificate) keyStore.getCertificate(alias); - CertificateModel certModel = new CertificateModel(certificate, alias); - list.add(certModel); - } - - return list; - } - @Override public void showCertificate() { CertificateDialog certDialog = new CertificateDialog(localPreferences, @@ -327,7 +293,6 @@ public class IdentityController extends CertManager { X509Certificate[] chain = {addedCert}; idStore.setKeyEntry(alias, key, passwd, chain); - idStore.setCertificateEntry(alias, addedCert); allCertificates.add(new CertificateModel(addedCert)); refreshCertTable(); JOptionPane.showMessageDialog(null, Res.getString("dialog.certificate.has.been.added")); diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkExceptionsTrustManager.java b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkExceptionsTrustManager.java index 061ec0b26..01a6552ae 100644 --- a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkExceptionsTrustManager.java +++ b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkExceptionsTrustManager.java @@ -25,20 +25,18 @@ import javax.net.ssl.X509TrustManager; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jivesoftware.spark.util.log.Log; +import org.jivesoftware.sparkimpl.settings.local.LocalPreferences; +import org.jivesoftware.sparkimpl.settings.local.SettingsManager; public class SparkExceptionsTrustManager implements X509TrustManager { KeyStore exceptionsStore; private Provider bcProvider = new BouncyCastleProvider(); // bc provider for path validation - + private LocalPreferences localPref = SettingsManager.getLocalPreferences(); public SparkExceptionsTrustManager() { - try (InputStream inputStream = new FileInputStream(CertificateController.EXCEPTIONS)) { - this.exceptionsStore = KeyStore.getInstance("JKS"); - exceptionsStore.load(inputStream, CertificateController.passwd); - } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) { - Log.error("Couldn't load keystore for certificate exceptions authentication", e); - ; - } + CertificateController certControll = new CertificateController(localPref); + exceptionsStore = certControll.openKeyStore(CertificateController.EXCEPTIONS); + } @Override diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkSSLContext.java b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkSSLContext.java index aa85e5d6b..b67c7ad39 100644 --- a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkSSLContext.java +++ b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkSSLContext.java @@ -46,10 +46,8 @@ public class SparkSSLContext extends SSLContext { } else if (options == options.BOTH) { IdentityController identityController = new IdentityController(SettingsManager.getLocalPreferences()); - //X509ExtendedKeyManager[] km= (X509ExtendedKeyManager[]) identityController.initKeyManagerFactory().getKeyManagers(); - context.init(identityController.initKeyManagerFactory().getKeyManagers(), SparkTrustManager.getTrustManagerList(), new SecureRandom()); - + } else if (options == options.ONLY_CLIENT_SIDE){ IdentityController identityController = new IdentityController(SettingsManager.getLocalPreferences()); context.init(identityController.initKeyManagerFactory().getKeyManagers(), null, new SecureRandom()); diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkTrustManager.java b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkTrustManager.java index fcf32f600..43e653275 100644 --- a/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkTrustManager.java +++ b/core/src/main/java/org/jivesoftware/sparkimpl/certificates/SparkTrustManager.java @@ -341,21 +341,12 @@ public class SparkTrustManager implements X509TrustManager { * loads truststore and potentially (depending on settings) blacklist */ private void loadTrustStore() { - try (FileInputStream inputStream = new FileInputStream(CertificateController.TRUSTED)) { - trustStore = KeyStore.getInstance("JKS"); - trustStore.load(inputStream, CertificateController.passwd); - } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) { - Log.error("Error at accesing Truststore", e); + trustStore = certControll.openKeyStore(CertificateController.TRUSTED); + + if (acceptRevoked) { + blackStore = certControll.openKeyStore(CertificateController.BLACKLIST); } - if(acceptRevoked){ - try (FileInputStream inputStream = new FileInputStream(CertificateController.BLACKLIST)) { - blackStore = KeyStore.getInstance("JKS"); - blackStore.load(inputStream, CertificateController.passwd); - } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException e) { - Log.error("Error at accesing blacklist Keystore", e); - } - } - + } private void loadCRL(X509Certificate[] chain) throws IOException, InvalidAlgorithmParameterException, diff --git a/core/src/main/security/blacklist b/core/src/main/security/blacklist deleted file mode 100644 index c0b5f90fc..000000000 Binary files a/core/src/main/security/blacklist and /dev/null differ diff --git a/core/src/main/security/exceptions b/core/src/main/security/exceptions deleted file mode 100644 index f314364fc..000000000 Binary files a/core/src/main/security/exceptions and /dev/null differ diff --git a/core/src/main/security/identitystore.jks b/core/src/main/security/identitystore.jks deleted file mode 100644 index c40846550..000000000 Binary files a/core/src/main/security/identitystore.jks and /dev/null differ diff --git a/core/src/main/security/truststore b/core/src/main/security/truststore deleted file mode 100644 index f4de542f8..000000000 Binary files a/core/src/main/security/truststore and /dev/null differ