List of usage examples for java.security.cert CertificateFactory generateCertificates
public final Collection<? extends Certificate> generateCertificates(InputStream inStream) throws CertificateException
From source file:net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl.java
/** * Delete the old revoked or unnecessary BioCatalogue, BiodiversityCatalogue * and heater's certificates, if present *///from w w w.ja v a 2 s . co m public void deleteRevokedCertificates() { if (truststore == null) return; if (certificatesRevokedIndicatorFile == null) certificatesRevokedIndicatorFile = new File(credentialManagerDirectory, CERTIFICATES_REVOKED_INDICATOR_FILE_NAME); boolean saveFile = false; if (!certificatesRevokedIndicatorFile.exists()) { List<URL> certURLsToDelete = new ArrayList<>(); Class<?> c = CredentialManager.class; certURLsToDelete.add(c.getResource("/trusted-certificates/www.biocatalogue.org-revoked.pem")); certURLsToDelete.add(c.getResource("/trusted-certificates/www.biodiversitycatalogue.org-revoked.pem")); certURLsToDelete.add(c.getResource("/trusted-certificates/heater.cs.man.ac.uk-not-needed.pem")); for (URL certURLToDelete : certURLsToDelete) { try (InputStream certStreamToDelete = certURLToDelete.openStream()) { // We know there will be only one cert in the chain CertificateFactory cf = CertificateFactory.getInstance("X.509"); Certificate certToDelete = cf.generateCertificates(certStreamToDelete) .toArray(new Certificate[0])[0]; String aliasToDelete = truststore.getCertificateAlias(certToDelete); if (aliasToDelete != null) { truststore.deleteEntry(aliasToDelete); logger.warn("Deleting revoked/unnecessary certificate " + aliasToDelete); saveFile = true; } } catch (Exception ex) { logger.info("Can't delete revoked certificate " + certURLToDelete, ex); } } // Touch the file try { touch(certificatesRevokedIndicatorFile); } catch (IOException ioex) { // Hmmm, ignore this? logger.error("Failed to touch " + certificatesRevokedIndicatorFile.getAbsolutePath(), ioex); } } if (saveFile) { // Save changes try (FileOutputStream fos = new FileOutputStream(truststoreFile)) { truststore.store(fos, masterPassword.toCharArray()); } catch (Exception ex) { logger.error("Failed to save Truststore after deleting revoked certificates.", ex); } } }
From source file:org.apache.taverna.security.credentialmanager.impl.CredentialManagerImpl.java
/** * Load Taverna's Truststore from a file on a disk. If the Truststore does * not already exist, a new empty one will be created and contents of Java's * truststore located in <JAVA_HOME>/lib/security/cacerts will be copied * over to the Truststore.//from ww w . j a va2 s . com */ private void loadTruststore() throws CMException { if (truststore == null) { try { // Try to create Taverna's Truststore as Bouncy Castle UBER-type // keystore. truststore = KeyStore.getInstance("UBER", "BC"); } catch (Exception ex) { // The requested keystore type is not available from security // providers. throw new CMException("Failed to instantiate Taverna's Truststore", ex); } if (truststoreFile.exists()) { // If the Truststore file already exists, open it and load the // Truststore try (FileInputStream fis = new FileInputStream(truststoreFile)) { // Load the Truststore from the file truststore.load(fis, masterPassword.toCharArray()); // Delete the old revoked or unnecessary BioCatalogue, // BiodiversityCatalogue and heater's certificates, if present deleteRevokedCertificates(); } catch (Exception ex) { /* Clear out things that are useless/hindering now */ truststore = null; masterPassword = null; String exMessage = "Failed to load Taverna's Truststore from " + truststoreFile.getAbsolutePath() + ". Possible reason: incorrect password or corrupted file."; logger.error(exMessage, ex); throw new CMException(exMessage, ex); } } else { /* * Otherwise create a new empty Truststore and load it with * certs from Java's truststore. */ File javaTruststoreFile = new File(System.getProperty("java.home"), "lib/security/cacerts"); KeyStore javaTruststore = null; // Java's truststore is of type "JKS" - try to load it try { javaTruststore = KeyStore.getInstance("JKS"); } catch (Exception ex) { // The requested keystore type is not available from the // provider throw new CMException( "Failed to instantiate a 'JKS'-type keystore " + "for reading Java's truststore.", ex); } boolean loadedJavaTruststore = false; /* * Load Java's truststore from the file - try with the default * Java truststore passwords. */ for (String password : defaultTrustStorePasswords) { logger.info("Trying to load Java truststore using password: " + password); try (FileInputStream fis = new FileInputStream(javaTruststoreFile)) { javaTruststore.load(fis, password.toCharArray()); loadedJavaTruststore = true; break; } catch (IOException ioex) { /* * If there is an I/O or format problem with the * keystore data, or if the given password was incorrect * (Thank you Sun, now I can't know if it is the file or * the password..) */ logger.info(String.format( "Failed to load the Java truststore to copy " + "over certificates using default password: " + "%s from %s", password, javaTruststoreFile)); } catch (NoSuchAlgorithmException e) { logger.error("Unknown encryption algorithm " + "while loading Java truststore from " + javaTruststoreFile, e); break; } catch (CertificateException e) { logger.error( "Certificate error while " + "loading Java truststore from " + javaTruststoreFile, e); break; } } /* * Default Java truststore passwords failed - possibly the user * has changed it. Ask the Java truststore password providers if * they can help - this will typically pop up a dialog to ask * the user if we are in a graphical environment. If not, we * will simply not copy the default truststore certificates into * Credential Manager's Truststore. */ if (!loadedJavaTruststore) if (!(loadJavaTruststoreUsingPasswordProviders(javaTruststore, javaTruststoreFile))) { String error = "Credential manager failed to load" + " certificates from Java's truststore."; String help = "Try using the system property -D" + PROPERTY_TRUSTSTORE_PASSWORD + "=TheTrustStorePassword"; logger.error(error + " " + help); // FIXME Writes to standard error! System.err.println(error); System.err.println(help); } // Create a new empty Truststore for Taverna try (FileOutputStream fos = new FileOutputStream(truststoreFile)) { truststore.load(null, null); if (loadedJavaTruststore) { // Copy certificates into Taverna's Truststore from // Java's truststore. Enumeration<String> aliases = javaTruststore.aliases(); while (aliases.hasMoreElements()) { Certificate certificate = javaTruststore.getCertificate(aliases.nextElement()); if (certificate instanceof X509Certificate) truststore.setCertificateEntry( createTrustedCertificateAlias((X509Certificate) certificate), certificate); } } // Insert special trusted CA certificates logger.info( "Loading certificates of trusted CAs so as to establish trust into our services such as BioCatalogue, BiodiversityCatalogue, heater, etc."); CertificateFactory cf = CertificateFactory.getInstance("X.509"); for (URL trustedCertURL : getSpecialTrustedCertificates()) // Load the certificate (possibly a chain) from the // stream try (InputStream stream = trustedCertURL.openStream()) { for (Certificate c : cf.generateCertificates(stream)) truststore.setCertificateEntry(createTrustedCertificateAlias((X509Certificate) c), c); } catch (Exception cex) { logger.error("Failed to insert trusted certificate entry in the Truststore", cex); } // Immediately save the new Truststore to the file truststore.store(fos, masterPassword.toCharArray()); } catch (Exception ex) { /* * make truststore null as it was just created but failed to * save so we should retry next time */ truststore = null; throw new CMException("Failed to generate new empty Taverna's Truststore", ex); } } /* * Taverna distro for MAC contains info.plist file with some Java * system properties set to use the Keychain which clashes with what * we are setting here so we need to clear them. */ System.clearProperty(PROPERTY_TRUSTSTORE_TYPE); System.clearProperty(PROPERTY_TRUSTSTORE_PROVIDER); /* * Not quite sure why we still need to set these two properties * since we are creating our own SSLSocketFactory with our own * TrustManager that uses Taverna's Truststore, but seem like after * Taverna starts up and the first time it needs SSLSocketFactory * for HTTPS connection it is still using the default Java's * truststore unless these properties are set. Set the system * property "javax.net.ssl.Truststore" to use Taverna's truststore. */ /* * Axis 1 likes reading from these properties but seems to work as * well with Taverna's SSLSocetFactory as well. We do not want to * expose these as they can be read from Beanshells. */ // System.setProperty(PROPERTY_TRUSTSTORE, truststoreFile.getAbsolutePath()); // System.setProperty(PROPERTY_TRUSTSTORE_PASSWORD, masterPassword); System.clearProperty(PROPERTY_TRUSTSTORE); System.clearProperty(PROPERTY_TRUSTSTORE_PASSWORD); } }
From source file:net.sf.taverna.t2.security.credentialmanager.impl.CredentialManagerImpl.java
/** * Load Taverna's Truststore from a file on a disk. If the Truststore does * not already exist, a new empty one will be created and contents of Java's * truststore located in <JAVA_HOME>/lib/security/cacerts will be copied * over to the Truststore.//from w ww. jav a2 s . c o m */ private void loadTruststore() throws CMException { if (truststore != null) return; try { /* * Try to create Taverna's Truststore as Bouncy Castle UBER-type * keystore. */ truststore = KeyStore.getInstance("UBER", "BC"); } catch (Exception ex) { /* * The requested keystore type is not available from security * providers. */ throw new CMException("Failed to instantiate Taverna's Truststore", ex); } if (truststoreFile.exists()) { /* * If the Truststore file already exists, open it and load the * Truststore */ try (FileInputStream fis = new FileInputStream(truststoreFile)) { // Load the Truststore from the file truststore.load(fis, masterPassword.toCharArray()); } catch (Exception ex) { /* Clear out things that are useless/hindering now */ truststore = null; masterPassword = null; String exMessage = "Failed to load Taverna's Truststore from " + truststoreFile.getAbsolutePath() + ". Possible reason: incorrect password or corrupted file."; logger.error(exMessage, ex); throw new CMException(exMessage, ex); } deleteRevokedCertificates(); } else { /* * Otherwise create a new empty Truststore and load it with certs * from Java's truststore. */ File javaTruststoreFile = new File(System.getProperty("java.home"), "lib/security/cacerts"); KeyStore javaTruststore = null; // Java's truststore is of type "JKS" - try to load it try { javaTruststore = KeyStore.getInstance("JKS"); } catch (Exception ex) { // The requested keystore type is not available from the // provider throw new CMException( "Failed to instantiate a 'JKS'-type keystore " + "for reading Java's truststore.", ex); } boolean loadedJavaTruststore = false; /* * Load Java's truststore from the file - try with the default Java * truststore passwords. */ for (String password : defaultTrustStorePasswords) { logger.info("Trying to load Java truststore using password: " + password); try (FileInputStream fis = new FileInputStream(javaTruststoreFile)) { javaTruststore.load(fis, password.toCharArray()); loadedJavaTruststore = true; break; } catch (IOException ioex) { /* * If there is an I/O or format problem with the keystore * data, or if the given password was incorrect. (Thank you * Sun, now I can't know if it is the file or the * password..) */ logger.info(String.format( "Failed to load the Java truststore to copy " + "over certificates using default password: " + "%s from %s", password, javaTruststoreFile)); } catch (NoSuchAlgorithmException e) { logger.error("Unknown encryption algorithm " + "while loading Java truststore from " + javaTruststoreFile, e); break; } catch (CertificateException e) { logger.error("Certificate error while " + "loading Java truststore from " + javaTruststoreFile, e); break; } } /* * Default Java truststore passwords failed - possibly the user has * changed it. Ask the Java truststore password providers if they * can help - this will typically pop up a dialog to ask the user if * we are in a graphical environment. If not, we will simply not * copy the default truststore certificates into Credential * Manager's Truststore. */ if (!loadedJavaTruststore && !loadJavaTruststoreUsingPasswordProviders(javaTruststore, javaTruststoreFile)) { String error = "Credential manager failed to load" + " certificates from Java's truststore."; String help = "Try using the system property -D" + PROPERTY_TRUSTSTORE_PASSWORD + "=TheTrustStorePassword"; logger.error(error + " " + help); // FIXME Writes to standard error! System.err.println(error); System.err.println(help); } // Create a new empty Truststore for Taverna try (FileOutputStream fos = new FileOutputStream(truststoreFile)) { truststore.load(null, null); if (loadedJavaTruststore) { // Copy certificates into Taverna's Truststore from // Java's truststore. Enumeration<String> aliases = javaTruststore.aliases(); while (aliases.hasMoreElements()) { Certificate certificate = javaTruststore.getCertificate(aliases.nextElement()); if (certificate instanceof X509Certificate) truststore.setCertificateEntry( createTrustedCertificateAlias((X509Certificate) certificate), certificate); } } // Insert special trusted CA certificates logger.info( "Loading certificates of trusted CAs so as to establish trust into our services such as BioCatalogue, BiodiversityCatalogue, heater, etc."); CertificateFactory cf = CertificateFactory.getInstance("X.509"); for (URL trustedCertURL : getSpecialTrustedCertificates()) // Load the certificate (possibly a chain) from the // stream try (InputStream stream = trustedCertURL.openStream()) { for (Certificate c : cf.generateCertificates(stream)) truststore.setCertificateEntry(createTrustedCertificateAlias((X509Certificate) c), c); } catch (Exception cex) { logger.error("Failed to insert trusted certificate entry in the Truststore", cex); } // Immediately save the new Truststore to the file truststore.store(fos, masterPassword.toCharArray()); } catch (Exception ex) { /* * make truststore null as it was just created but failed to * save so we should retry next time */ truststore = null; throw new CMException("Failed to generate new empty Taverna's Truststore", ex); } } /* * Taverna distro for MAC contains info.plist file with some Java system * properties set to use the Keychain which clashes with what we are * setting here so we need to clear them. */ System.clearProperty(PROPERTY_TRUSTSTORE_TYPE); System.clearProperty(PROPERTY_TRUSTSTORE_PROVIDER); /* * Not quite sure why we still need to set these two properties since we * are creating our own SSLSocketFactory with our own TrustManager that * uses Taverna's Truststore, but seem like after Taverna starts up and * the first time it needs SSLSocketFactory for HTTPS connection it is * still using the default Java's truststore unless these properties are * set. Set the system property "javax.net.ssl.Truststore" to use * Taverna's truststore. */ /* * Axis 1 likes reading from these properties but seems to work as well * with Taverna's SSLSocetFactory as well. We do not want to expose * these as they can be read from Beanshells. */ // System.setProperty(PROPERTY_TRUSTSTORE, truststoreFile.getAbsolutePath()); // System.setProperty(PROPERTY_TRUSTSTORE_PASSWORD, masterPassword); System.clearProperty(PROPERTY_TRUSTSTORE); System.clearProperty(PROPERTY_TRUSTSTORE_PASSWORD); }