Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
ebourg committed Nov 14, 2024
1 parent ed82d53 commit f22b49f
Show file tree
Hide file tree
Showing 27 changed files with 1,340 additions and 558 deletions.
85 changes: 85 additions & 0 deletions jsign-crypto/src/main/java/net/jsign/AbstractKeyStoreType.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
/*
* Copyright 2024 Emmanuel Bourg
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package net.jsign;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Objects;
import java.util.function.Function;

abstract class AbstractKeyStoreType implements KeyStoreType {

public KeyStore getKeystore(KeyStoreBuilder params, Provider provider) throws KeyStoreException {
KeyStore ks;
try {
if (provider != null) {
ks = KeyStore.getInstance(name(), provider);
} else {
ks = KeyStore.getInstance(name());
}
} catch (KeyStoreException e) {
throw new KeyStoreException("keystore type '" + name() + "' is not supported" + (provider != null ? " with security provider " + provider.getName() : ""), e);
}

try {
boolean fileBased = this instanceof FileBasedKeyStoreType;
try (FileInputStream in = fileBased ? new FileInputStream(params.createFile(params.keystore())) : null) {
ks.load(in, params.storepass() != null ? params.storepass().toCharArray() : null);
}
} catch (Exception e) {
throw new KeyStoreException("Unable to load the keystore " + params.keystore(), e);
}

return ks;
}

Function<String, Certificate[]> getCertificateStore(KeyStoreBuilder params) {
return alias -> {
if (alias == null || alias.isEmpty()) {
return null;
}

try {
return CertificateUtils.loadCertificateChain(params.certfile());
} catch (IOException | CertificateException e) {
throw new RuntimeException("Failed to load the certificate from " + params.certfile(), e);
}
};
}

@Override
public boolean equals(Object o) {
if (this == o) {
return true;
}
if (!(o instanceof KeyStoreType)) {
return false;
}
KeyStoreType that = (KeyStoreType) o;
return Objects.equals(name(), that.name());
}

@Override
public int hashCode() {
return Objects.hashCode(name());
}
}
66 changes: 66 additions & 0 deletions jsign-crypto/src/main/java/net/jsign/AmazonKeyStoreType.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
/*
* Copyright 2024 Emmanuel Bourg
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package net.jsign;

import java.io.IOException;
import java.net.UnknownServiceException;
import java.security.Provider;

import org.kohsuke.MetaInfServices;

import net.jsign.jca.AmazonCredentials;
import net.jsign.jca.AmazonSigningService;
import net.jsign.jca.SigningServiceJcaProvider;

@MetaInfServices(KeyStoreType.class)
public class AmazonKeyStoreType extends AbstractKeyStoreType {

@Override
public String name() {
return "AWS";
}

@Override
public void validate(KeyStoreBuilder params) {
if (params.keystore() == null) {
throw new IllegalArgumentException("keystore " + params.parameterName() + " must specify the AWS region");
}
if (params.certfile() == null) {
throw new IllegalArgumentException("certfile " + params.parameterName() + " must be set");
}
}

@Override
public Provider getProvider(KeyStoreBuilder params) {
AmazonCredentials credentials;
if (params.storepass() != null) {
credentials = AmazonCredentials.parse(params.storepass());
} else {
try {
credentials = AmazonCredentials.getDefault();
} catch (UnknownServiceException e) {
throw new IllegalArgumentException("storepass " + params.parameterName()
+ " must specify the AWS credentials: <accessKey>|<secretKey>[|<sessionToken>]"
+ ", when not running from an EC2 instance (" + e.getMessage() + ")", e);
} catch (IOException e) {
throw new RuntimeException("An error occurred while fetching temporary credentials from IMDSv2 service", e);
}
}

return new SigningServiceJcaProvider(new AmazonSigningService(params.keystore(), credentials, getCertificateStore(params)));
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
/*
* Copyright 2024 Emmanuel Bourg
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package net.jsign;

import java.security.Provider;

import org.kohsuke.MetaInfServices;

import net.jsign.jca.AzureKeyVaultSigningService;
import net.jsign.jca.SigningServiceJcaProvider;

@MetaInfServices(KeyStoreType.class)
public class AzureKeyVaultKeyStoreType extends AbstractKeyStoreType {

@Override
public String name() {
return "AZUREKEYVAULT";
}

@Override
public void validate(KeyStoreBuilder params) {
if (params.keystore() == null) {
throw new IllegalArgumentException("keystore " + params.parameterName() + " must specify the Azure vault name");
}
if (params.storepass() == null) {
throw new IllegalArgumentException("storepass " + params.parameterName() + " must specify the Azure API access token");
}
}

@Override
public Provider getProvider(KeyStoreBuilder params) {
return new SigningServiceJcaProvider(new AzureKeyVaultSigningService(params.keystore(), params.storepass()));
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
/*
* Copyright 2024 Emmanuel Bourg
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package net.jsign;

import java.security.Provider;

import org.kohsuke.MetaInfServices;

import net.jsign.jca.AzureTrustedSigningService;
import net.jsign.jca.SigningServiceJcaProvider;

@MetaInfServices(KeyStoreType.class)
public class AzureTrustedSigningKeyStoreType extends AbstractKeyStoreType {

@Override
public String name() {
return "TRUSTEDSIGNING";
}

@Override
public void validate(KeyStoreBuilder params) {
if (params.keystore() == null) {
throw new IllegalArgumentException("keystore " + params.parameterName() + " must specify the Azure endpoint (<region>.codesigning.azure.net)");
}
if (params.storepass() == null) {
throw new IllegalArgumentException("storepass " + params.parameterName() + " must specify the Azure API access token");
}
}

@Override
public Provider getProvider(KeyStoreBuilder params) {
return new SigningServiceJcaProvider(new AzureTrustedSigningService(params.keystore(), params.storepass()));
}
}
46 changes: 46 additions & 0 deletions jsign-crypto/src/main/java/net/jsign/DigiCertOneKeyStoreType.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
/*
* Copyright 2024 Emmanuel Bourg
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package net.jsign;

import java.security.Provider;

import org.kohsuke.MetaInfServices;

import net.jsign.jca.DigiCertOneSigningService;
import net.jsign.jca.SigningServiceJcaProvider;

@MetaInfServices(KeyStoreType.class)
public class DigiCertOneKeyStoreType extends AbstractKeyStoreType {

@Override
public String name() {
return "DIGICERTONE";
}

@Override
public void validate(KeyStoreBuilder params) {
if (params.storepass() == null || params.storepass().split("\\|").length != 3) {
throw new IllegalArgumentException("storepass " + params.parameterName() + " must specify the DigiCert ONE API key and the client certificate: <apikey>|<keystore>|<password>");
}
}

@Override
public Provider getProvider(KeyStoreBuilder params) {
String[] elements = params.storepass().split("\\|");
return new SigningServiceJcaProvider(new DigiCertOneSigningService(params.keystore(), elements[0], params.createFile(elements[1]), elements[2]));
}
}
53 changes: 53 additions & 0 deletions jsign-crypto/src/main/java/net/jsign/ESignerKeyStoreType.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
/*
* Copyright 2024 Emmanuel Bourg
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package net.jsign;

import java.io.IOException;
import java.security.Provider;

import org.kohsuke.MetaInfServices;

import net.jsign.jca.ESignerSigningService;
import net.jsign.jca.SigningServiceJcaProvider;

@MetaInfServices(KeyStoreType.class)
public class ESignerKeyStoreType extends AbstractKeyStoreType {

@Override
public String name() {
return "ESIGNER";
}

@Override
public void validate(KeyStoreBuilder params) {
if (params.storepass() == null || !params.storepass().contains("|")) {
throw new IllegalArgumentException("storepass " + params.parameterName() + " must specify the SSL.com username and password: <username>|<password>");
}
}

@Override
public Provider getProvider(KeyStoreBuilder params) {
String[] elements = params.storepass().split("\\|", 2);
String endpoint = params.keystore() != null ? params.keystore() : "https://cs.ssl.com";
try {
return new SigningServiceJcaProvider(new ESignerSigningService(endpoint, elements[0], elements[1]));
} catch (IOException e) {
throw new IllegalStateException("Authentication failed with SSL.com", e);
}
}
}

35 changes: 35 additions & 0 deletions jsign-crypto/src/main/java/net/jsign/ETokenKeyStoreType.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/*
* Copyright 2024 Emmanuel Bourg
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package net.jsign;

import java.security.Provider;

import org.kohsuke.MetaInfServices;

@MetaInfServices(KeyStoreType.class)
public class ETokenKeyStoreType extends AbstractKeyStoreType {

@Override
public String name() {
return "ETOKEN";
}

@Override
public Provider getProvider(KeyStoreBuilder params) {
return SafeNetEToken.getProvider();
}
}
Loading

0 comments on commit f22b49f

Please sign in to comment.