/** * If <code>propertyValue</code> is not null or empty, returns the result * of <code>KeyStoreFileType.fromPropertyValue(propertyValue)</code>. Else, * returns the result of <code>KeyStoreFileType.fromFileName(filename)</code>. * @param propertyValue property value describing the KeyStoreFileType, or * null/empty to auto-detect the type from the file * name. * @param filename file name of the key store file. The file extension is * used to auto-detect the KeyStoreFileType when * <code>propertyValue</code> is null or empty. * @return a KeyStoreFileType. * @throws IllegalArgumentException if <code>propertyValue</code> is not * one of "JKS", "PEM", or empty/null. * @throws IllegalArgumentException if <code>propertyValue</code>is empty * or null and the type could not be determined from the file name. */ public static KeyStoreFileType fromPropertyValueOrFileName(String propertyValue, String filename) { KeyStoreFileType result = KeyStoreFileType.fromPropertyValue(propertyValue); if (result == null) { result = KeyStoreFileType.fromFilename(filename); } return result; } }
@Test(expected = IllegalArgumentException.class) public void testFromPropertyValueOrFileNameThrowsOnBadFileExtension() { KeyStoreFileType.fromPropertyValueOrFileName("", "prod.key"); } }
/** * Detects the type of KeyStore / TrustStore file from the file extension. * If the file name ends with ".jks", returns <code>StoreFileType.JKS</code>. * If the file name ends with ".pem", returns <code>StoreFileType.PEM</code>. * Otherwise, throws an IllegalArgumentException. * @param filename the filename of the key store or trust store file. * @return a KeyStoreFileType. * @throws IllegalArgumentException if the filename does not end with * ".jks" or ".pem". */ public static KeyStoreFileType fromFilename(String filename) { int i = filename.lastIndexOf('.'); if (i >= 0) { String extension = filename.substring(i); for (KeyStoreFileType storeFileType : KeyStoreFileType.values()) { if (storeFileType.getDefaultFileExtension().equals(extension)) { return storeFileType; } } } throw new IllegalArgumentException( "Unable to auto-detect store file type from file name: " + filename); }
private File getTrustStorePemFile() throws IOException { if (trustStorePemFile == null) { File trustStorePemFile = File.createTempFile( TRUST_STORE_PREFIX, KeyStoreFileType.PEM.getDefaultFileExtension(), tempDir); trustStorePemFile.deleteOnExit(); FileUtils.writeStringToFile( trustStorePemFile, X509TestHelpers.pemEncodeX509Certificate(trustStoreCertificate), StandardCharsets.US_ASCII, false); this.trustStorePemFile = trustStorePemFile; } return trustStorePemFile; }
@Test public void testGetPropertyValue() { Assert.assertEquals("PEM", KeyStoreFileType.PEM.getPropertyValue()); Assert.assertEquals("JKS", KeyStoreFileType.JKS.getPropertyValue()); }
@Test(expected = IllegalArgumentException.class) public void testFromPropertyValueThrowsOnBadPropertyValue() { KeyStoreFileType.fromPropertyValue("foobar"); }
@Test(expected = IllegalArgumentException.class) public void testFromFilenameThrowsOnBadFileExtension() { KeyStoreFileType.fromFilename("prod.key"); }
/** * Returns the path to the key store file in the given format (JKS or PEM). Note that the file is created lazily, * the first time this method is called. The key store file is temporary and will be deleted on exit. * @param storeFileType the store file type (JKS or PEM). * @return the path to the key store file. * @throws IOException if there is an error creating the key store file. */ public File getKeyStoreFile(KeyStoreFileType storeFileType) throws IOException { switch (storeFileType) { case JKS: return getKeyStoreJksFile(); case PEM: return getKeyStorePemFile(); default: throw new IllegalArgumentException("Invalid key store type: " + storeFileType + ", must be one of: " + Arrays.toString(KeyStoreFileType.values())); } }
/** * The property string that specifies that a key store or trust store * should use this store file type. */ public String getPropertyValue() { return this.name(); }
/** * Converts a property value to a StoreFileType enum. If the property value * is <code>null</code> or an empty string, returns <code>null</code>. * @param propertyValue the property value. * @return the KeyStoreFileType, or <code>null</code> if * <code>propertyValue</code> is <code>null</code> or empty. * @throws IllegalArgumentException if <code>propertyValue</code> is not * one of "JKS", "PEM", or empty/null. */ public static KeyStoreFileType fromPropertyValue(String propertyValue) { if (propertyValue == null || propertyValue.length() == 0) { return null; } return KeyStoreFileType.valueOf(propertyValue.toUpperCase()); }
private File getKeyStorePemFile() throws IOException { if (keyStorePemFile == null) { try { File keyStorePemFile = File.createTempFile( KEY_STORE_PREFIX, KeyStoreFileType.PEM.getDefaultFileExtension(), tempDir); keyStorePemFile.deleteOnExit(); FileUtils.writeStringToFile( keyStorePemFile, X509TestHelpers.pemEncodeCertAndPrivateKey( keyStoreCertificate, keyStoreKeyPair.getPrivate(), keyStorePassword), StandardCharsets.US_ASCII, false); this.keyStorePemFile = keyStorePemFile; } catch (OperatorCreationException e) { throw new IOException(e); } } return keyStorePemFile; }
@Test(expected = X509Exception.KeyManagerException.class) public void testLoadJKSKeyStoreWithWrongPassword() throws Exception { // Attempting to load with the wrong key password should fail X509KeyManager km = X509Util.createKeyManager( x509TestContext.getKeyStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), "wrong password", KeyStoreFileType.JKS.getPropertyValue()); }
@Test public void testFromPropertyValueIgnoresCase() { Assert.assertEquals(KeyStoreFileType.PEM, KeyStoreFileType.fromPropertyValue("pem")); Assert.assertEquals(KeyStoreFileType.JKS, KeyStoreFileType.fromPropertyValue("jks")); Assert.assertNull(KeyStoreFileType.fromPropertyValue("")); Assert.assertNull(KeyStoreFileType.fromPropertyValue(null)); }
@Test public void testFromFilename() { Assert.assertEquals(KeyStoreFileType.JKS, KeyStoreFileType.fromFilename("mykey.jks")); Assert.assertEquals(KeyStoreFileType.JKS, KeyStoreFileType.fromFilename("/path/to/key/dir/mykey.jks")); Assert.assertEquals(KeyStoreFileType.PEM, KeyStoreFileType.fromFilename("mykey.pem")); Assert.assertEquals(KeyStoreFileType.PEM, KeyStoreFileType.fromFilename("/path/to/key/dir/mykey.pem")); }
/** * Returns the path to the trust store file in the given format (JKS or PEM). Note that the file is created lazily, * the first time this method is called. The trust store file is temporary and will be deleted on exit. * @param storeFileType the store file type (JKS or PEM). * @return the path to the trust store file. * @throws IOException if there is an error creating the trust store file. */ public File getTrustStoreFile(KeyStoreFileType storeFileType) throws IOException { switch (storeFileType) { case JKS: return getTrustStoreJksFile(); case PEM: return getTrustStorePemFile(); default: throw new IllegalArgumentException("Invalid trust store type: " + storeFileType + ", must be one of: " + Arrays.toString(KeyStoreFileType.values())); } }
/** * Returns a {@link FileKeyStoreLoader.Builder} that can build a loader * which loads keys and certs from files of the given * {@link KeyStoreFileType}. * * @param type the file type to load keys/certs from. * @return a new Builder. */ static FileKeyStoreLoader.Builder<? extends FileKeyStoreLoader> getBuilderForKeyStoreFileType(KeyStoreFileType type) { switch (Objects.requireNonNull(type)) { case JKS: return new JKSFileLoader.Builder(); case PEM: return new PEMFileLoader.Builder(); default: throw new AssertionError( "Unexpected StoreFileType: " + type.name()); } }
@Test(expected = IllegalArgumentException.class) public void testFromPropertyValueOrFileNameThrowsOnBadPropertyValue() { KeyStoreFileType.fromPropertyValueOrFileName("foobar", "prod.jks"); }
private File getTrustStoreJksFile() throws IOException { if (trustStoreJksFile == null) { try { File trustStoreJksFile = File.createTempFile( TRUST_STORE_PREFIX, KeyStoreFileType.JKS.getDefaultFileExtension(), tempDir); trustStoreJksFile.deleteOnExit(); final FileOutputStream trustStoreOutputStream = new FileOutputStream(trustStoreJksFile); try { byte[] bytes = X509TestHelpers.certToJavaTrustStoreBytes(trustStoreCertificate, trustStorePassword); trustStoreOutputStream.write(bytes); trustStoreOutputStream.flush(); } finally { trustStoreOutputStream.close(); } this.trustStoreJksFile = trustStoreJksFile; } catch (GeneralSecurityException e) { throw new IOException(e); } } return trustStoreJksFile; }
@Test(expected = X509Exception.TrustManagerException.class) public void testLoadJKSTrustStoreWithWrongPassword() throws Exception { // Attempting to load with the wrong key password should fail X509TrustManager tm = X509Util.createTrustManager( x509TestContext.getTrustStoreFile(KeyStoreFileType.JKS).getAbsolutePath(), "wrong password", KeyStoreFileType.JKS.getPropertyValue(), true, true, true, true); }
@Test public void testFromPropertyValue() { Assert.assertEquals(KeyStoreFileType.PEM, KeyStoreFileType.fromPropertyValue("PEM")); Assert.assertEquals(KeyStoreFileType.JKS, KeyStoreFileType.fromPropertyValue("JKS")); Assert.assertNull(KeyStoreFileType.fromPropertyValue("")); Assert.assertNull(KeyStoreFileType.fromPropertyValue(null)); }