-
-
Notifications
You must be signed in to change notification settings - Fork 113
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
27 changed files
with
1,340 additions
and
558 deletions.
There are no files selected for viewing
85 changes: 85 additions & 0 deletions
85
jsign-crypto/src/main/java/net/jsign/AbstractKeyStoreType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
/* | ||
* Copyright 2024 Emmanuel Bourg | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package net.jsign; | ||
|
||
import java.io.FileInputStream; | ||
import java.io.IOException; | ||
import java.security.KeyStore; | ||
import java.security.KeyStoreException; | ||
import java.security.Provider; | ||
import java.security.cert.Certificate; | ||
import java.security.cert.CertificateException; | ||
import java.util.Objects; | ||
import java.util.function.Function; | ||
|
||
abstract class AbstractKeyStoreType implements KeyStoreType { | ||
|
||
public KeyStore getKeystore(KeyStoreBuilder params, Provider provider) throws KeyStoreException { | ||
KeyStore ks; | ||
try { | ||
if (provider != null) { | ||
ks = KeyStore.getInstance(name(), provider); | ||
} else { | ||
ks = KeyStore.getInstance(name()); | ||
} | ||
} catch (KeyStoreException e) { | ||
throw new KeyStoreException("keystore type '" + name() + "' is not supported" + (provider != null ? " with security provider " + provider.getName() : ""), e); | ||
} | ||
|
||
try { | ||
boolean fileBased = this instanceof FileBasedKeyStoreType; | ||
try (FileInputStream in = fileBased ? new FileInputStream(params.createFile(params.keystore())) : null) { | ||
ks.load(in, params.storepass() != null ? params.storepass().toCharArray() : null); | ||
} | ||
} catch (Exception e) { | ||
throw new KeyStoreException("Unable to load the keystore " + params.keystore(), e); | ||
} | ||
|
||
return ks; | ||
} | ||
|
||
Function<String, Certificate[]> getCertificateStore(KeyStoreBuilder params) { | ||
return alias -> { | ||
if (alias == null || alias.isEmpty()) { | ||
return null; | ||
} | ||
|
||
try { | ||
return CertificateUtils.loadCertificateChain(params.certfile()); | ||
} catch (IOException | CertificateException e) { | ||
throw new RuntimeException("Failed to load the certificate from " + params.certfile(), e); | ||
} | ||
}; | ||
} | ||
|
||
@Override | ||
public boolean equals(Object o) { | ||
if (this == o) { | ||
return true; | ||
} | ||
if (!(o instanceof KeyStoreType)) { | ||
return false; | ||
} | ||
KeyStoreType that = (KeyStoreType) o; | ||
return Objects.equals(name(), that.name()); | ||
} | ||
|
||
@Override | ||
public int hashCode() { | ||
return Objects.hashCode(name()); | ||
} | ||
} |
66 changes: 66 additions & 0 deletions
66
jsign-crypto/src/main/java/net/jsign/AmazonKeyStoreType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
/* | ||
* Copyright 2024 Emmanuel Bourg | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package net.jsign; | ||
|
||
import java.io.IOException; | ||
import java.net.UnknownServiceException; | ||
import java.security.Provider; | ||
|
||
import org.kohsuke.MetaInfServices; | ||
|
||
import net.jsign.jca.AmazonCredentials; | ||
import net.jsign.jca.AmazonSigningService; | ||
import net.jsign.jca.SigningServiceJcaProvider; | ||
|
||
@MetaInfServices(KeyStoreType.class) | ||
public class AmazonKeyStoreType extends AbstractKeyStoreType { | ||
|
||
@Override | ||
public String name() { | ||
return "AWS"; | ||
} | ||
|
||
@Override | ||
public void validate(KeyStoreBuilder params) { | ||
if (params.keystore() == null) { | ||
throw new IllegalArgumentException("keystore " + params.parameterName() + " must specify the AWS region"); | ||
} | ||
if (params.certfile() == null) { | ||
throw new IllegalArgumentException("certfile " + params.parameterName() + " must be set"); | ||
} | ||
} | ||
|
||
@Override | ||
public Provider getProvider(KeyStoreBuilder params) { | ||
AmazonCredentials credentials; | ||
if (params.storepass() != null) { | ||
credentials = AmazonCredentials.parse(params.storepass()); | ||
} else { | ||
try { | ||
credentials = AmazonCredentials.getDefault(); | ||
} catch (UnknownServiceException e) { | ||
throw new IllegalArgumentException("storepass " + params.parameterName() | ||
+ " must specify the AWS credentials: <accessKey>|<secretKey>[|<sessionToken>]" | ||
+ ", when not running from an EC2 instance (" + e.getMessage() + ")", e); | ||
} catch (IOException e) { | ||
throw new RuntimeException("An error occurred while fetching temporary credentials from IMDSv2 service", e); | ||
} | ||
} | ||
|
||
return new SigningServiceJcaProvider(new AmazonSigningService(params.keystore(), credentials, getCertificateStore(params))); | ||
} | ||
} |
48 changes: 48 additions & 0 deletions
48
jsign-crypto/src/main/java/net/jsign/AzureKeyVaultKeyStoreType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
* Copyright 2024 Emmanuel Bourg | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package net.jsign; | ||
|
||
import java.security.Provider; | ||
|
||
import org.kohsuke.MetaInfServices; | ||
|
||
import net.jsign.jca.AzureKeyVaultSigningService; | ||
import net.jsign.jca.SigningServiceJcaProvider; | ||
|
||
@MetaInfServices(KeyStoreType.class) | ||
public class AzureKeyVaultKeyStoreType extends AbstractKeyStoreType { | ||
|
||
@Override | ||
public String name() { | ||
return "AZUREKEYVAULT"; | ||
} | ||
|
||
@Override | ||
public void validate(KeyStoreBuilder params) { | ||
if (params.keystore() == null) { | ||
throw new IllegalArgumentException("keystore " + params.parameterName() + " must specify the Azure vault name"); | ||
} | ||
if (params.storepass() == null) { | ||
throw new IllegalArgumentException("storepass " + params.parameterName() + " must specify the Azure API access token"); | ||
} | ||
} | ||
|
||
@Override | ||
public Provider getProvider(KeyStoreBuilder params) { | ||
return new SigningServiceJcaProvider(new AzureKeyVaultSigningService(params.keystore(), params.storepass())); | ||
} | ||
} |
48 changes: 48 additions & 0 deletions
48
jsign-crypto/src/main/java/net/jsign/AzureTrustedSigningKeyStoreType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
/* | ||
* Copyright 2024 Emmanuel Bourg | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package net.jsign; | ||
|
||
import java.security.Provider; | ||
|
||
import org.kohsuke.MetaInfServices; | ||
|
||
import net.jsign.jca.AzureTrustedSigningService; | ||
import net.jsign.jca.SigningServiceJcaProvider; | ||
|
||
@MetaInfServices(KeyStoreType.class) | ||
public class AzureTrustedSigningKeyStoreType extends AbstractKeyStoreType { | ||
|
||
@Override | ||
public String name() { | ||
return "TRUSTEDSIGNING"; | ||
} | ||
|
||
@Override | ||
public void validate(KeyStoreBuilder params) { | ||
if (params.keystore() == null) { | ||
throw new IllegalArgumentException("keystore " + params.parameterName() + " must specify the Azure endpoint (<region>.codesigning.azure.net)"); | ||
} | ||
if (params.storepass() == null) { | ||
throw new IllegalArgumentException("storepass " + params.parameterName() + " must specify the Azure API access token"); | ||
} | ||
} | ||
|
||
@Override | ||
public Provider getProvider(KeyStoreBuilder params) { | ||
return new SigningServiceJcaProvider(new AzureTrustedSigningService(params.keystore(), params.storepass())); | ||
} | ||
} |
46 changes: 46 additions & 0 deletions
46
jsign-crypto/src/main/java/net/jsign/DigiCertOneKeyStoreType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
/* | ||
* Copyright 2024 Emmanuel Bourg | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package net.jsign; | ||
|
||
import java.security.Provider; | ||
|
||
import org.kohsuke.MetaInfServices; | ||
|
||
import net.jsign.jca.DigiCertOneSigningService; | ||
import net.jsign.jca.SigningServiceJcaProvider; | ||
|
||
@MetaInfServices(KeyStoreType.class) | ||
public class DigiCertOneKeyStoreType extends AbstractKeyStoreType { | ||
|
||
@Override | ||
public String name() { | ||
return "DIGICERTONE"; | ||
} | ||
|
||
@Override | ||
public void validate(KeyStoreBuilder params) { | ||
if (params.storepass() == null || params.storepass().split("\\|").length != 3) { | ||
throw new IllegalArgumentException("storepass " + params.parameterName() + " must specify the DigiCert ONE API key and the client certificate: <apikey>|<keystore>|<password>"); | ||
} | ||
} | ||
|
||
@Override | ||
public Provider getProvider(KeyStoreBuilder params) { | ||
String[] elements = params.storepass().split("\\|"); | ||
return new SigningServiceJcaProvider(new DigiCertOneSigningService(params.keystore(), elements[0], params.createFile(elements[1]), elements[2])); | ||
} | ||
} |
53 changes: 53 additions & 0 deletions
53
jsign-crypto/src/main/java/net/jsign/ESignerKeyStoreType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
/* | ||
* Copyright 2024 Emmanuel Bourg | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package net.jsign; | ||
|
||
import java.io.IOException; | ||
import java.security.Provider; | ||
|
||
import org.kohsuke.MetaInfServices; | ||
|
||
import net.jsign.jca.ESignerSigningService; | ||
import net.jsign.jca.SigningServiceJcaProvider; | ||
|
||
@MetaInfServices(KeyStoreType.class) | ||
public class ESignerKeyStoreType extends AbstractKeyStoreType { | ||
|
||
@Override | ||
public String name() { | ||
return "ESIGNER"; | ||
} | ||
|
||
@Override | ||
public void validate(KeyStoreBuilder params) { | ||
if (params.storepass() == null || !params.storepass().contains("|")) { | ||
throw new IllegalArgumentException("storepass " + params.parameterName() + " must specify the SSL.com username and password: <username>|<password>"); | ||
} | ||
} | ||
|
||
@Override | ||
public Provider getProvider(KeyStoreBuilder params) { | ||
String[] elements = params.storepass().split("\\|", 2); | ||
String endpoint = params.keystore() != null ? params.keystore() : "https://cs.ssl.com"; | ||
try { | ||
return new SigningServiceJcaProvider(new ESignerSigningService(endpoint, elements[0], elements[1])); | ||
} catch (IOException e) { | ||
throw new IllegalStateException("Authentication failed with SSL.com", e); | ||
} | ||
} | ||
} | ||
|
35 changes: 35 additions & 0 deletions
35
jsign-crypto/src/main/java/net/jsign/ETokenKeyStoreType.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
/* | ||
* Copyright 2024 Emmanuel Bourg | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package net.jsign; | ||
|
||
import java.security.Provider; | ||
|
||
import org.kohsuke.MetaInfServices; | ||
|
||
@MetaInfServices(KeyStoreType.class) | ||
public class ETokenKeyStoreType extends AbstractKeyStoreType { | ||
|
||
@Override | ||
public String name() { | ||
return "ETOKEN"; | ||
} | ||
|
||
@Override | ||
public Provider getProvider(KeyStoreBuilder params) { | ||
return SafeNetEToken.getProvider(); | ||
} | ||
} |
Oops, something went wrong.