1 /*============LICENSE_START=======================================================
2 * oom-truststore-merger
3 * ================================================================================
4 * Copyright (C) 2020 Nokia. All rights reserved.
5 * ================================================================================
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 * ============LICENSE_END=========================================================
20 package org.onap.oom.truststoremerger.certification.file.provider;
23 import java.io.FileInputStream;
24 import java.io.FileOutputStream;
25 import java.security.KeyStore;
26 import java.security.KeyStoreException;
27 import java.util.ArrayList;
28 import java.util.Collections;
29 import java.util.List;
30 import org.onap.oom.truststoremerger.api.ExitableException;
31 import org.onap.oom.truststoremerger.certification.file.provider.entry.CertificateWithAlias;
32 import org.onap.oom.truststoremerger.certification.file.provider.entry.CertificateWithAliasFactory;
33 import org.onap.oom.truststoremerger.certification.file.exception.AliasConflictException;
34 import org.onap.oom.truststoremerger.certification.file.exception.TruststoreDataOperationException;
35 import org.onap.oom.truststoremerger.certification.file.exception.LoadTruststoreException;
36 import org.onap.oom.truststoremerger.certification.file.exception.MissingTruststoreException;
37 import org.onap.oom.truststoremerger.certification.file.exception.WriteTruststoreFileException;
38 import org.slf4j.Logger;
39 import org.slf4j.LoggerFactory;
41 public class JavaCertificateStoreController implements CertificateController {
43 private static final Logger LOGGER = LoggerFactory.getLogger(JavaCertificateStoreController.class);
45 private final CertificateWithAliasFactory factory = new CertificateWithAliasFactory();
46 private final KeyStore keyStore;
47 private final File storeFile;
48 private final String password;
51 public JavaCertificateStoreController(KeyStore keyStore, File storeFile, String password) {
52 this.keyStore = keyStore;
53 this.storeFile = storeFile;
54 this.password = password;
57 public List<CertificateWithAlias> getNotEmptyCertificateList() throws ExitableException {
58 List<String> aliases = getTruststoreAliasesList();
59 if (aliases.isEmpty()) {
60 throw new MissingTruststoreException("Missing certificate aliases in file: " + storeFile.getPath());
62 return getWrappedCertificates(aliases);
65 public void addCertificates(List<CertificateWithAlias> certificatesWithAliases)
66 throws ExitableException {
67 if (getTruststoreAliasesList().isEmpty()){
68 throw new MissingTruststoreException("Missing certificate aliases in file: " + storeFile.getPath());
70 for (CertificateWithAlias certificate : certificatesWithAliases) {
71 addCertificate(certificate);
75 public void saveFile() throws WriteTruststoreFileException {
76 try (FileOutputStream outputStream = new FileOutputStream(this.storeFile)) {
77 keyStore.store(outputStream, this.password.toCharArray());
78 } catch (Exception e) {
79 LOGGER.error("Cannot write truststore file");
80 throw new WriteTruststoreFileException(e);
84 public void loadFile() throws LoadTruststoreException {
86 keyStore.load(new FileInputStream(this.storeFile), this.password.toCharArray());
87 } catch (Exception e) {
88 LOGGER.error("Cannot load file: {}", this.storeFile.getPath());
89 throw new LoadTruststoreException(e);
93 private void addCertificate(CertificateWithAlias certificate)
94 throws TruststoreDataOperationException, AliasConflictException {
95 if (hasAliasConflict(certificate)) {
96 LOGGER.error("Alias conflict detected");
97 throw new AliasConflictException("Alias conflict detected. Alias conflicted: " + certificate.getAlias());
100 keyStore.setCertificateEntry(certificate.getAlias(), certificate.getCertificate());
101 } catch (KeyStoreException e) {
102 LOGGER.error("Cannot merge certificate with alias: {}", certificate.getAlias());
103 throw new TruststoreDataOperationException(e);
107 private boolean hasAliasConflict(CertificateWithAlias certificate) throws TruststoreDataOperationException {
109 return keyStore.containsAlias(certificate.getAlias());
110 } catch (KeyStoreException e) {
111 LOGGER.error("Cannot check alias conflict");
112 throw new TruststoreDataOperationException(e);
116 private List<CertificateWithAlias> getWrappedCertificates(List<String> aliases)
117 throws TruststoreDataOperationException {
119 List<CertificateWithAlias> certificateWrapped = new ArrayList<>();
121 for (String alias : aliases) {
122 certificateWrapped.add(createWrappedCertificate(alias));
124 return certificateWrapped;
127 private CertificateWithAlias createWrappedCertificate(String alias) throws TruststoreDataOperationException {
129 return factory.createCertificateWithAlias(keyStore.getCertificate(alias), alias);
130 } catch (KeyStoreException e) {
131 LOGGER.warn("Cannot get certificate with alias: {} ", alias);
132 throw new TruststoreDataOperationException(e);
136 private List<String> getTruststoreAliasesList() throws TruststoreDataOperationException {
138 List<String> aliases = Collections.list(keyStore.aliases());
139 return getFilteredAlias(aliases);
140 } catch (KeyStoreException e) {
141 LOGGER.warn("Cannot read truststore aliases");
142 throw new TruststoreDataOperationException(e);
146 private List<String> getFilteredAlias(List<String> aliases) throws KeyStoreException {
147 List<String> filteredAlias = new ArrayList<>();
148 for (String alias : aliases) {
149 if (keyStore.isCertificateEntry(alias)) {
150 filteredAlias.add(alias);
153 return filteredAlias;