mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/server/org/opends/server/util/Platform.java
@@ -22,7 +22,7 @@ * CDDL HEADER END * * * Copyright 2009 Sun Microsystems, Inc. * Copyright 2010 Sun Microsystems, Inc. */ package org.opends.server.util; @@ -46,6 +46,7 @@ import org.opends.messages.Message; import static org.opends.messages.UtilityMessages.*; /** * Provides a wrapper class that collects all of the JVM vendor * and JDK version specific code in a single place. @@ -80,7 +81,7 @@ } else { IMPL = new DefaultPlatformIMPL(); IMPL = new JDK6PlatformIMPL(); } } else @@ -91,6 +92,10 @@ { IMPL = new Sun5PlatformIMPL(); } else if(ver.startsWith("1.6")) { IMPL = new JDK6PlatformIMPL(); } else { IMPL = new DefaultPlatformIMPL(); @@ -106,42 +111,39 @@ //Key size, key algorithm and signature algorithms used. private static final int KEY_SIZE = 1024; private static final String KEY_ALGORITHM = "rsa"; private static final String SIG_ALGORITHM = "SHA1WithRSA"; static final String SIG_ALGORITHM = "SHA1WithRSA"; //Time values used in validity calculations. private static final int SEC_IN_DAY = 24 * 60 * 60; private static final int DEFAULT_VALIDITY = 90 * SEC_IN_DAY; static final int DEFAULT_VALIDITY = 90 * SEC_IN_DAY; //These two are used to build certificate request files. private static final String TMPFILE_PREFIX = "CertificateManager-"; private static final String TMPFILE_EXT = ".csr"; static final String TMPFILE_PREFIX = "CertificateManager-"; static final String TMPFILE_EXT = ".csr"; //Methods pulled from the classes. private static final String ENCODE_SIGN_METHOD = "encodeAndSign"; static final String ENCODE_SIGN_METHOD = "encodeAndSign"; private static final String GENERATE_METHOD = "generate"; private static final String GET_PRIVATE_KEY_METHOD = "getPrivateKey"; private static final String GET_SELFSIGNED_CERT_METHOD = "getSelfCertificate"; private static final String PRINT_METHOD = "print"; static final String PRINT_METHOD = "print"; //Classes needed to manage certificates. private static Class<?> certKeyGenClass, X500NameClass, X500SignerClass, PKCS10Class; static Class<?> certKeyGenClass, X500NameClass; static Class<?> PKCS10Class; //Constructors for each of the above classes. private static Constructor<?> certKeyGenCons, X500NameCons, X500SignerCons, pkcs10Cons; static Constructor<?> certKeyGenCons, X500NameCons, pkcs10Cons; static { String x509pkg = pkgPrefix + ".x509"; String pkcs10Pkg = pkgPrefix + ".pkcs"; String certAndKeyGen= x509pkg + ".CertAndKeyGen"; String X500Name = x509pkg + ".X500Name"; String X500Signer = x509pkg + ".X500Signer"; try { certKeyGenClass = Class.forName(certAndKeyGen); X500NameClass = Class.forName(X500Name); X500SignerClass = Class.forName(X500Signer); if(certReqAllowed) { String pkcs10 = pkcs10Pkg + ".PKCS10"; PKCS10Class = Class.forName(pkcs10); @@ -150,8 +152,6 @@ certKeyGenCons = certKeyGenClass.getConstructor(String.class, String.class); X500NameCons = X500NameClass.getConstructor(String.class); X500SignerCons = X500SignerClass.getConstructor(Signature.class, X500NameClass); } catch (ClassNotFoundException e) { Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); @@ -166,73 +166,10 @@ protected PlatformIMPL() {} /** * Generate a certificate request. Note that this methods checks if * the certificate request generation is allowed and throws an * exception if it isn't supported. Some vendors JDKs aren't compatible * with Sun's certificate request generation classes so they aren't * supported. * * @param ks The keystore to use in the request creation. * @param ksType The keystore type. * @param ksPath The path to the keystore. * @param alias The alias to use in the request generation. * @param pwd The keystore password to use. * @param dn A dn string to use as the certificate subject. * * @return A file object pointing at the created certificate request. * @throws KeyStoreException If the certificate request failed. */ public final File generateCertificateRequest(KeyStore ks, String ksType, String ksPath, String alias, char[] pwd, String dn) throws KeyStoreException { if(!certReqAllowed) { String vendor = System.getProperty("java.vendor"); Message msg = ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor); throw new KeyStoreException(msg.toString()); } KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath, alias, pwd, dn, DEFAULT_VALIDITY); File csrFile; try { csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT); csrFile.deleteOnExit(); PrintStream printStream = new PrintStream(new FileOutputStream(csrFile.getAbsolutePath())); if(keyStore == null) { Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get(); throw new KeyStoreException(msg.toString()); } PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd); if(privateKey == null) { Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias); throw new KeyStoreException(msg.toString()); } Certificate cert = keyStore.getCertificate(alias); if(cert == null) { Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias); throw new KeyStoreException(msg.toString()); } Signature signature = Signature.getInstance(SIG_ALGORITHM); signature.initSign(privateKey); Object request = pkcs10Cons.newInstance(cert.getPublicKey()); Object subject = X500NameCons.newInstance(dn); Object signer = X500SignerCons.newInstance(signature, subject); Method encodeAndSign = PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass); Method print = PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class); encodeAndSign.invoke(request, signer); print.invoke(request, printStream); printStream.close(); } catch (Exception e) { Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage()); throw new KeyStoreException(msg.toString()); } return csrFile; } public abstract File generateCertificateRequest(KeyStore ks, String ksType, String ksPath, String alias, char[] pwd, String dn) throws KeyStoreException; /** * Delete the specified alias from the specified keystore. @@ -421,7 +358,7 @@ * @throws KeyStoreException If the alias is not in the keystore, the * entry related to the alias is not of */ private PrivateKey getPrivateKey(KeyStore ks, String alias, char[] pwd) PrivateKey getPrivateKey(KeyStore ks, String alias, char[] pwd) throws KeyStoreException { PrivateKey key = null; try { @@ -549,22 +486,40 @@ //Normalized form method. private static final Object FORM_NFKC; private static Class<?> X500SignerClass; private static Constructor<?> X500SignerCons; static { Method normalize = null; Object formNFKC = null; String x509pkg = pkgPrefix + ".x509"; String X500Signer = x509pkg + ".X500Signer"; try { Class<?> normalizer = Class.forName("sun.text.Normalizer"); formNFKC = normalizer.getField("DECOMP_COMPAT").get(null); Class<?> normalizerForm = Class.forName("sun.text.Normalizer$Mode"); normalize = normalizer.getMethod("normalize", String.class, normalizerForm, Integer.TYPE); X500SignerClass = Class.forName(X500Signer); X500SignerCons = X500SignerClass.getConstructor(Signature.class, X500NameClass); } catch (ClassNotFoundException e) { Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); } catch (SecurityException e) { Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); } catch (NoSuchMethodException e) { Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); } catch (Exception ex) { // Do not use Normalizer. The values are already set to null. // Do not use Normalizer. The values are already set to null. } NORMALIZE = normalize; FORM_NFKC = formNFKC; } NORMALIZE = normalize; FORM_NFKC = formNFKC; } @Override @@ -578,6 +533,76 @@ //Don't do anything. buffer should be used. } } /** * Generate a certificate request. Note that this methods checks if * the certificate request generation is allowed and throws an * exception if it isn't supported. Some vendors JDKs aren't compatible * with Sun's certificate request generation classes so they aren't * supported. Note this method uses the X500Signer class which has been * deprecated in JDK 1.7. * * @param ks The keystore to use in the request creation. * @param ksType The keystore type. * @param ksPath The path to the keystore. * @param alias The alias to use in the request generation. * @param pwd The keystore password to use. * @param dn A dn string to use as the certificate subject. * * @return A file object pointing at the created certificate request. * @throws KeyStoreException If the certificate request failed. */ public File generateCertificateRequest(KeyStore ks, String ksType, String ksPath, String alias, char[] pwd, String dn) throws KeyStoreException { if(!certReqAllowed) { String vendor = System.getProperty("java.vendor"); Message msg = ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor); throw new KeyStoreException(msg.toString()); } KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath, alias, pwd, dn, DEFAULT_VALIDITY); File csrFile; try { csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT); csrFile.deleteOnExit(); PrintStream printStream = new PrintStream(new FileOutputStream(csrFile.getAbsolutePath())); if(keyStore == null) { Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get(); throw new KeyStoreException(msg.toString()); } PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd); if(privateKey == null) { Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias); throw new KeyStoreException(msg.toString()); } Certificate cert = keyStore.getCertificate(alias); if(cert == null) { Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias); throw new KeyStoreException(msg.toString()); } Signature signature = Signature.getInstance(SIG_ALGORITHM); signature.initSign(privateKey); Object request = pkcs10Cons.newInstance(cert.getPublicKey()); Object subject = X500NameCons.newInstance(dn); Object signer = X500SignerCons.newInstance(signature, subject); Method encodeAndSign = PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass); Method print = PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class); encodeAndSign.invoke(request, signer); print.invoke(request, printStream); printStream.close(); } catch (Exception e) { Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage()); throw new KeyStoreException(msg.toString()); } return csrFile; } } /** @@ -618,19 +643,312 @@ //Don't do anything. buffer should be used. } } /** * Generate a certificate request. Note that this methods checks if * the certificate request generation is allowed and throws an * exception if it isn't supported. Some vendors JDKs aren't compatible * with Sun's certificate request generation classes so they aren't * supported. * * @param ks The keystore to use in the request creation. * @param ksType The keystore type. * @param ksPath The path to the keystore. * @param alias The alias to use in the request generation. * @param pwd The keystore password to use. * @param dn A dn string to use as the certificate subject. * * @return A file object pointing at the created certificate request. * @throws KeyStoreException If the certificate request failed. */ public File generateCertificateRequest(KeyStore ks, String ksType, String ksPath, String alias, char[] pwd, String dn) throws KeyStoreException { if(!certReqAllowed) { String vendor = System.getProperty("java.vendor"); Message msg = ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor); throw new KeyStoreException(msg.toString()); } KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath, alias, pwd, dn, DEFAULT_VALIDITY); File csrFile; try { csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT); csrFile.deleteOnExit(); PrintStream printStream = new PrintStream(new FileOutputStream(csrFile.getAbsolutePath())); if(keyStore == null) { Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get(); throw new KeyStoreException(msg.toString()); } PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd); if(privateKey == null) { Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias); throw new KeyStoreException(msg.toString()); } Certificate cert = keyStore.getCertificate(alias); if(cert == null) { Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias); throw new KeyStoreException(msg.toString()); } Signature signature = Signature.getInstance(SIG_ALGORITHM); signature.initSign(privateKey); Object request = pkcs10Cons.newInstance(cert.getPublicKey()); Object subject = X500NameCons.newInstance(dn); Method encodeAndSign = PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500NameClass, Signature.class); Method print = PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class); encodeAndSign.invoke(request, subject, signature); print.invoke(request, printStream); printStream.close(); } catch (Exception e) { e.printStackTrace(); Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage()); throw new KeyStoreException(msg.toString()); } return csrFile; } } /** * Default JDK 6 platform class. */ private static class JDK6PlatformIMPL extends PlatformIMPL { //normalize method. private static final Method NORMALIZE; //Normalized form method. private static final Object FORM_NFKC; private static Class<?> X500SignerClass; private static Constructor<?> X500SignerCons; static { Method normalize = null; Object formNFKC = null; String x509pkg = pkgPrefix + ".x509"; String X500Signer = x509pkg + ".X500Signer"; try { Class<?> normalizer = Class.forName("java.text.Normalizer"); Class<?> normalizerForm = Class.forName("java.text.Normalizer$Form"); normalize = normalizer.getMethod("normalize", CharSequence.class, normalizerForm); formNFKC = normalizerForm.getField("NFKD").get(null); X500SignerClass = Class.forName(X500Signer); X500SignerCons = X500SignerClass.getConstructor(Signature.class, X500NameClass); } catch (ClassNotFoundException e) { Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); } catch (SecurityException e) { Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); } catch (NoSuchMethodException e) { Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); } catch (Exception ex) { // Do not use Normalizer. The values are already set to null. } NORMALIZE = normalize; FORM_NFKC = formNFKC; } @Override public void normalize(StringBuilder buffer) { try { String normal = (String) NORMALIZE.invoke(null, buffer, FORM_NFKC); buffer.replace(0,buffer.length(),normal); } catch(Exception ex) { //Don't do anything. buffer should be used. } } /** * Generate a certificate request. Note that this methods checks if * the certificate request generation is allowed and throws an * exception if it isn't supported. Some vendors JDKs aren't compatible * with Sun's certificate request generation classes so they aren't * supported. Note this method uses the X500Signer class which has been * deprecated in JDK 1.7. * * @param ks The keystore to use in the request creation. * @param ksType The keystore type. * @param ksPath The path to the keystore. * @param alias The alias to use in the request generation. * @param pwd The keystore password to use. * @param dn A dn string to use as the certificate subject. * * @return A file object pointing at the created certificate request. * @throws KeyStoreException If the certificate request failed. */ public File generateCertificateRequest(KeyStore ks, String ksType, String ksPath, String alias, char[] pwd, String dn) throws KeyStoreException { if(!certReqAllowed) { String vendor = System.getProperty("java.vendor"); Message msg = ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor); throw new KeyStoreException(msg.toString()); } KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath, alias, pwd, dn, DEFAULT_VALIDITY); File csrFile; try { csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT); csrFile.deleteOnExit(); PrintStream printStream = new PrintStream(new FileOutputStream(csrFile.getAbsolutePath())); if(keyStore == null) { Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get(); throw new KeyStoreException(msg.toString()); } PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd); if(privateKey == null) { Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias); throw new KeyStoreException(msg.toString()); } Certificate cert = keyStore.getCertificate(alias); if(cert == null) { Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias); throw new KeyStoreException(msg.toString()); } Signature signature = Signature.getInstance(SIG_ALGORITHM); signature.initSign(privateKey); Object request = pkcs10Cons.newInstance(cert.getPublicKey()); Object subject = X500NameCons.newInstance(dn); Object signer = X500SignerCons.newInstance(signature, subject); Method encodeAndSign = PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass); Method print = PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class); encodeAndSign.invoke(request, signer); print.invoke(request, printStream); printStream.close(); } catch (Exception e) { Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage()); throw new KeyStoreException(msg.toString()); } return csrFile; } } /** * IBM JDK 5 platform class. */ private static class IBM5PlatformIMPL extends PlatformIMPL { @Override public void normalize(StringBuilder buffer) { //No implementation. } //Classes needed to manage certificates. private static Class<?> X500SignerClass; private static Constructor<?> X500SignerCons; static { String x509pkg = pkgPrefix + ".x509"; String X500Signer = x509pkg + ".X500Signer"; try { X500SignerClass = Class.forName(X500Signer); X500SignerCons = X500SignerClass.getConstructor(Signature.class, X500NameClass); } catch (ClassNotFoundException e) { Message msg = ERR_CERTMGR_CLASS_NOT_FOUND.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); } catch (SecurityException e) { Message msg = ERR_CERTMGR_SECURITY.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); } catch (NoSuchMethodException e) { Message msg = ERR_CERTMGR_NO_METHOD.get(e.getMessage()); throw new ExceptionInInitializerError(msg.toString()); } } @Override public void normalize(StringBuilder buffer) { //No implementation. } /** * Generate a certificate request. Note that this methods checks if * the certificate request generation is allowed and throws an * exception if it isn't supported. Some vendors JDKs aren't compatible * with Sun's certificate request generation classes so they aren't * supported. Note this method uses the X500Signer class which has been * deprecated in JDK 1.7. * * @param ks The keystore to use in the request creation. * @param ksType The keystore type. * @param ksPath The path to the keystore. * @param alias The alias to use in the request generation. * @param pwd The keystore password to use. * @param dn A dn string to use as the certificate subject. * * @return A file object pointing at the created certificate request. * @throws KeyStoreException If the certificate request failed. */ public File generateCertificateRequest(KeyStore ks, String ksType, String ksPath, String alias, char[] pwd, String dn) throws KeyStoreException { if(!certReqAllowed) { String vendor = System.getProperty("java.vendor"); Message msg = ERR_CERTMGR_CERT_SIGN_REQ_NOT_SUPPORTED.get(vendor); throw new KeyStoreException(msg.toString()); } KeyStore keyStore = generateSelfSignedCertificate(ks, ksType, ksPath, alias, pwd, dn, DEFAULT_VALIDITY); File csrFile; try { csrFile = File.createTempFile(TMPFILE_PREFIX, TMPFILE_EXT); csrFile.deleteOnExit(); PrintStream printStream = new PrintStream(new FileOutputStream(csrFile.getAbsolutePath())); if(keyStore == null) { Message msg = ERR_CERTMGR_KEYSTORE_NONEXISTANT.get(); throw new KeyStoreException(msg.toString()); } PrivateKey privateKey = getPrivateKey(keyStore, alias, pwd); if(privateKey == null) { Message msg = ERR_CERTMGR_PRIVATE_KEY.get(alias); throw new KeyStoreException(msg.toString()); } Certificate cert = keyStore.getCertificate(alias); if(cert == null) { Message msg = ERR_CERTMGR_ALIAS_NO_CERTIFICATE.get(alias); throw new KeyStoreException(msg.toString()); } Signature signature = Signature.getInstance(SIG_ALGORITHM); signature.initSign(privateKey); Object request = pkcs10Cons.newInstance(cert.getPublicKey()); Object subject = X500NameCons.newInstance(dn); Object signer = X500SignerCons.newInstance(signature, subject); Method encodeAndSign = PKCS10Class.getMethod(ENCODE_SIGN_METHOD, X500SignerClass); Method print = PKCS10Class.getMethod(PRINT_METHOD, PrintStream.class); encodeAndSign.invoke(request, signer); print.invoke(request, printStream); printStream.close(); } catch (Exception e) { Message msg = ERR_CERTMGR_CERT_REQUEST.get(alias,e.getMessage()); throw new KeyStoreException(msg.toString()); } return csrFile; } } /** * Normalize the specified buffer. *
