View Javadoc
1   /*
2    * Copyright (c) 2002-2021, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.util.signrequest;
35  
36  import java.io.FileInputStream;
37  import java.io.IOException;
38  import java.security.Key;
39  import java.security.KeyPair;
40  import java.security.KeyStore;
41  import java.security.KeyStoreException;
42  import java.security.NoSuchAlgorithmException;
43  import java.security.PrivateKey;
44  import java.security.PublicKey;
45  import java.security.UnrecoverableKeyException;
46  import java.security.cert.Certificate;
47  import java.security.cert.CertificateException;
48  import java.util.Map;
49  
50  import javax.servlet.http.HttpServletRequest;
51  
52  public class JWTRSAKeyStoreFileAuthenticator extends AbstractJWTRSAAuthenticator
53  {
54      private final String _strKeystorePath;
55      private final String _strKeystorePassword;
56      private final String _strCertificatePassword;
57      private final String _strAlias;
58  
59      /**
60       * {@inheritDoc }
61       */
62      @Override
63      public boolean isRequestAuthenticated( HttpServletRequest request )
64      {
65          // WARNING
66          // Be careful when your using the KeyStoreFileAuthenticator to sign request.
67          // This implementation can be used from request inside the same server; because
68          // its requires the keystore which contains both private and public keys. Do
69          // not use it if your are client/server request mode, as API calls. See doc
70          // for more informations.
71          return super.isRequestAuthenticated( request );
72      }
73  
74      /**
75       * Constructor
76       * 
77       * @param mapClaimsToCheck
78       *            The map of claims key/values to check in the JWT
79       * @param strJWTHttpHeader
80       *            The name of the header which contains the JWT
81       * @param lValidityPeriod
82       *            The validity period
83       * @param strEncryptionAlgorythmName
84       *            The name of the algorithm.
85       * @param strKeystorePath
86       *            The path of the keystore
87       * @param strKeystorePassword
88       *            The password of the keystore
89       * @param strCertificatePassword
90       *            The pass of the certificate
91       * @param strAlias
92       *            The alias of the certificate in the keystore
93       */
94      public JWTRSAKeyStoreFileAuthenticator( Map<String, String> mapClaimsToCheck, String strJWTHttpHeader, long lValidityPeriod,
95              String strEncryptionAlgorythmName, String strKeystorePath, String strKeystorePassword, String strCertificatePassword, String strAlias )
96      {
97          super( mapClaimsToCheck, strJWTHttpHeader, lValidityPeriod, strEncryptionAlgorythmName );
98          _strKeystorePath = strKeystorePath;
99          _strKeystorePassword = strKeystorePassword;
100         _strCertificatePassword = strCertificatePassword;
101         _strAlias = strAlias;
102     }
103 
104     /**
105      * {@inheritDoc }
106      */
107     @Override
108     protected KeyPair getKeyPair( )
109     {
110         try
111         {
112             FileInputStream is = new FileInputStream( _strKeystorePath );
113             KeyStore keystore = KeyStore.getInstance( KeyStore.getDefaultType( ) );
114             keystore.load( is, _strKeystorePassword.toCharArray( ) );
115 
116             Key key = (PrivateKey) keystore.getKey( _strAlias, _strCertificatePassword.toCharArray( ) );
117             Certificate cert = keystore.getCertificate( _strAlias );
118             PublicKey publicKey = cert.getPublicKey( );
119 
120             return new KeyPair( publicKey, (PrivateKey) key );
121         }
122 
123         catch( CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e )
124         {
125             LOGGER.error( "Unable to get key pair from certificate", e );
126         }
127 
128         return null;
129     }
130 }