View Javadoc
1   /*
2    * Copyright (c) 2002-2021, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.util.signrequest;
35  
36  import java.io.FileInputStream;
37  import java.io.IOException;
38  import java.security.KeyPair;
39  import java.security.KeyStore;
40  import java.security.KeyStoreException;
41  import java.security.NoSuchAlgorithmException;
42  import java.security.PublicKey;
43  import java.security.cert.Certificate;
44  import java.security.cert.CertificateException;
45  import java.util.List;
46  import java.util.Map;
47  
48  public class JWTRSATrustStoreFileAuthenticator extends AbstractJWTRSAAuthenticator
49  {
50      private final String _strCacertPath;
51      private final String _strCacertPassword;
52      private final String _strAlias;
53  
54      /**
55       * Constructor
56       * 
57       * @param mapClaimsToCheck
58       *            The map of claims key/values to check in the JWT
59       * @param strJWTHttpHeader
60       *            The name of the header which contains the JWT
61       * @param lValidityPeriod
62       *            The validity period
63       * @param strEncryptionAlgorythmName
64       *            The name of the algorithm.
65       * @param strCacertPath
66       * @param strCacertPassword
67       * @param strAlias
68       */
69      public JWTRSATrustStoreFileAuthenticator( Map<String, String> mapClaimsToCheck, String strJWTHttpHeader, long lValidityPeriod,
70              String strEncryptionAlgorythmName, String strCacertPath, String strCacertPassword, String strAlias )
71      {
72          super( mapClaimsToCheck, strJWTHttpHeader, lValidityPeriod, strEncryptionAlgorythmName );
73          _strCacertPath = strCacertPath;
74          _strCacertPassword = strCacertPassword;
75          _strAlias = strAlias;
76      }
77  
78      /**
79       * {@inheritDoc }
80       */
81      @Override
82      protected KeyPair getKeyPair( )
83      {
84          try
85          {
86              FileInputStream is = new FileInputStream( _strCacertPath );
87              KeyStore keystore = KeyStore.getInstance( KeyStore.getDefaultType( ) );
88              keystore.load( is, _strCacertPassword.toCharArray( ) );
89              Certificate cert = keystore.getCertificate( _strAlias );
90              PublicKey publicKey = cert.getPublicKey( );
91  
92              return new KeyPair( publicKey, null );
93          }
94  
95          catch( CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException e )
96          {
97              LOGGER.error( "Unable to get key pair from certificate", e );
98          }
99  
100         return null;
101     }
102 
103     /**
104      * {@inheritDoc }
105      */
106     @Override
107     public AuthenticateRequestInformations  getSecurityInformations( List<String> elements )
108     {
109     	return null;
110         // Do nothing : its not possible to authenticate a request only with a trustore file, because its
111         // it only contains public key. Use a JWTCertificateFileAuthenticator if you
112         // want to sign request with RSA private key.
113     }
114 }