Merge pull request #426 from hwupathum/pkcs12

Use getKeystoreInstance from KeystoreUtils
wso2-extensions · Oct 3, 2024 · 0035b2b · 0035b2b
2 parents 363bd82 + d3ac9cc
commit 0035b2b
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 22 deletions.
diff --git a/...ntity.query.saml/src/main/java/org/wso2/carbon/identity/query/saml/SignKeyDataHolder.java b/...ntity.query.saml/src/main/java/org/wso2/carbon/identity/query/saml/SignKeyDataHolder.java
@@ -32,9 +32,9 @@
 import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
 import org.wso2.carbon.identity.query.saml.exception.IdentitySAML2QueryException;
 import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
-import org.wso2.carbon.security.keystore.KeyStoreAdmin;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
+import org.wso2.carbon.utils.security.KeystoreUtils;
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
@@ -46,6 +46,7 @@
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.UnrecoverableKeyException;
@@ -165,10 +166,8 @@ private void initializeKeyDataForSuperTenantFromSystemKeyStore() throws Exceptio
             throw new IdentityException("Invalid file configurations. The key alias is not found.");
         }
 
-        KeyStoreAdmin keyAdmin = new KeyStoreAdmin(MultitenantConstants.SUPER_TENANT_ID,
-                SAMLSSOUtil.getRegistryService().getGovernanceSystemRegistry());
         KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
-        issuerPrivateKey = (PrivateKey) keyAdmin.getPrivateKey(keyAlias, true);
+        issuerPrivateKey = keyMan.getDefaultPrivateKey();
 
         Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias);
         issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);
@@ -223,7 +222,7 @@ private void initializeKeyDataForSuperTenantFromSignKeyStore() throws IdentityEx
                 try (FileInputStream is = new FileInputStream(keyStoreLocation)) {
                     String keyStoreType = ServerConfiguration.getInstance().getFirstProperty(
                             SECURITY_SAML_SIGN_KEY_STORE_TYPE);
-                    KeyStore keyStore = KeyStore.getInstance(keyStoreType);
+                    KeyStore keyStore = KeystoreUtils.getKeystoreInstance(keyStoreType);
 
                     char[] keyStorePassword = ServerConfiguration.getInstance().getFirstProperty(
                             SECURITY_SAML_SIGN_KEY_STORE_PASSWORD).toCharArray();
@@ -233,7 +232,7 @@ private void initializeKeyDataForSuperTenantFromSignKeyStore() throws IdentityEx
 
                 } catch (FileNotFoundException e) {
                     throw new IdentityException("Unable to locate keystore", e);
-                } catch (IOException e) {
+                } catch (IOException | NoSuchProviderException e) {
                     throw new IdentityException("Unable to read keystore", e);
                 } catch (CertificateException e) {
                     throw new IdentityException("Unable to read certificate", e);

diff --git a/....sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/builders/SignKeyDataHolder.java b/....sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/builders/SignKeyDataHolder.java
@@ -33,10 +33,9 @@
 import org.wso2.carbon.identity.core.util.IdentityUtil;
 import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
 import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
-import org.wso2.carbon.registry.api.RegistryException;
-import org.wso2.carbon.security.keystore.KeyStoreAdmin;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
+import org.wso2.carbon.utils.security.KeystoreUtils;
 
 import javax.crypto.SecretKey;
 import java.io.FileInputStream;
@@ -46,6 +45,7 @@
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.UnrecoverableKeyException;
@@ -127,8 +127,6 @@ public SignKeyDataHolder(String username) throws IdentityException {
             throw new IdentityException("Unable to load keystore of the tenant domain:" + tenantDomain, e);
         } catch (UserStoreException e) {
             throw new IdentityException("Unable to load user store of the tenant domain:" + tenantDomain, e);
-        } catch (RegistryException e) {
-            throw new IdentityException("Unable to create new KeyStoreAdmin of the tenant domain:" + tenantDomain);
         } catch (Exception e) {
             throw new IdentityException("Unable to get primary keystore of the tenant domain:" + tenantDomain, e);
         }
@@ -179,11 +177,8 @@ private void initializeKeyDataForSuperTenantFromSystemKeyStore() throws Exceptio
             throw new IdentityException("Invalid file configurations. The key alias is not found.");
         }
 
-        KeyStoreAdmin keyAdmin = new KeyStoreAdmin(MultitenantConstants.SUPER_TENANT_ID,
-                SAMLSSOUtil.getRegistryService().getGovernanceSystemRegistry());
         KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
-        issuerPrivateKey = (PrivateKey) keyAdmin.getPrivateKey(keyAlias, true);
-
+        issuerPrivateKey = keyMan.getDefaultPrivateKey();
         Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias);
         issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);
 
@@ -235,7 +230,7 @@ private void initializeKeyDataForSuperTenantFromSignKeyStore() throws IdentityEx
                 try (FileInputStream is = new FileInputStream(keyStoreLocation)) {
                     String keyStoreType = ServerConfiguration.getInstance().getFirstProperty(
                             SECURITY_SAML_SIGN_KEY_STORE_TYPE);
-                    KeyStore keyStore = KeyStore.getInstance(keyStoreType);
+                    KeyStore keyStore = KeystoreUtils.getKeystoreInstance(keyStoreType);
 
                     char[] keyStorePassword = ServerConfiguration.getInstance().getFirstProperty(
                             SECURITY_SAML_SIGN_KEY_STORE_PASSWORD).toCharArray();
@@ -245,7 +240,7 @@ private void initializeKeyDataForSuperTenantFromSignKeyStore() throws IdentityEx
 
                 } catch (FileNotFoundException e) {
                     throw new IdentityException("Unable to locate keystore", e);
-                } catch (IOException e) {
+                } catch (IOException | NoSuchProviderException e) {
                     throw new IdentityException("Unable to read keystore", e);
                 } catch (CertificateException e) {
                     throw new IdentityException("Unable to read certificate", e);

diff --git a/...sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/builders/X509CredentialImpl.java b/...sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/builders/X509CredentialImpl.java
@@ -41,6 +41,7 @@
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 import java.security.UnrecoverableKeyException;
@@ -182,14 +183,14 @@ private void initSuperTenantSignKeyStore() throws IdentityException {
         try (FileInputStream is = new FileInputStream(keyStoreLocation)) {
             String keyStoreType = ServerConfiguration.getInstance().getFirstProperty(
                     SECURITY_SAML_SIGN_KEY_STORE_TYPE);
-            KeyStore keyStore = KeyStore.getInstance(keyStoreType);
+            KeyStore keyStore = KeystoreUtils.getKeystoreInstance(keyStoreType);
             char[] keyStorePassword = ServerConfiguration.getInstance().getFirstProperty(
                     SECURITY_SAML_SIGN_KEY_STORE_PASSWORD).toCharArray();
             keyStore.load(is, keyStorePassword);
             superTenantSignKeyStore = keyStore;
         } catch (IOException | CertificateException | NoSuchAlgorithmException e) {
             throw new IdentityException("Unable to load keystore.", e);
-        } catch (KeyStoreException e) {
+        } catch (KeyStoreException | NoSuchProviderException e) {
             throw new IdentityException("Unable to get an instance of keystore.", e);
         }
     }

diff --git a/...ntity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/SAMLLogoutHandlerTest.java b/...ntity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/SAMLLogoutHandlerTest.java
@@ -46,10 +46,10 @@
 import org.wso2.carbon.registry.core.Collection;
 import org.wso2.carbon.registry.core.service.RegistryService;
 import org.wso2.carbon.registry.core.session.UserRegistry;
-import org.wso2.carbon.security.keystore.KeyStoreAdmin;
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 
 import java.security.KeyStore;
+import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.util.HashMap;
 import javax.net.ssl.KeyManager;
@@ -70,7 +70,7 @@
  */
 @PrepareForTest({HttpServletRequest.class, IdentityProviderManager.class, InitializationService.class,
         SSLContext.class, IdentityProvider.class, IdentityUtil.class, ServerConfiguration.class,
-        KeyStoreManager.class, Class.class, KeyStoreAdmin.class, KeyStoreUtil.class, IdentityTenantUtil.class })
+        KeyStoreManager.class, Class.class, KeyStoreUtil.class, IdentityTenantUtil.class })
 @PowerMockIgnore({"javax.xml.*", "org.xml.*", "org.apache.xerces.*", "org.w3c.dom.*", "javax.net.*", "javax.security.*"})
 public class SAMLLogoutHandlerTest extends PowerMockTestCase {
 
@@ -188,6 +188,7 @@ private void createMocks() throws Exception {
         mockStatic(KeyStoreManager.class);
         when(KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID)).thenReturn(keyStoreManager);
         when(keyStoreManager.getPrimaryKeyStore()).thenReturn(keyStore);
+        when(keyStoreManager.getDefaultPrivateKey()).thenReturn((PrivateKey) keyStore.getKey("wso2carbon", "wso2carbon".toCharArray()));
     }
 
     @Test

diff --git a/pom.xml b/pom.xml
@@ -460,8 +460,8 @@
     </modules>
 
     <properties>
-        <carbon.kernel.version>4.9.23</carbon.kernel.version>
-        <carbon.kernel.feature.version>4.9.0</carbon.kernel.feature.version>
+        <carbon.kernel.version>4.10.22</carbon.kernel.version>
+        <carbon.kernel.feature.version>4.10.22</carbon.kernel.feature.version>
         <carbon.identity.framework.version>7.0.105</carbon.identity.framework.version>
         <carbon.identity.framework.imp.pkg.version.range>[5.25.260, 8.0.0)
         </carbon.identity.framework.imp.pkg.version.range>