root / esoecrypto / src / com / qut / middleware / crypto / impl / CryptoProcessorImpl.java @ 460f2a096fd9063f77651e57bf9854311aed62c4

View | Annotate | Download (22 KB)

1
/* 
2
 * Copyright 2006, Queensland University of Technology
3
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 
4
 * use this file except in compliance with the License. You may obtain a copy of 
5
 * the License at 
6
 * 
7
 *   http://www.apache.org/licenses/LICENSE-2.0 
8
 * 
9
 * Unless required by applicable law or agreed to in writing, software 
10
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 
11
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 
12
 * License for the specific language governing permissions and limitations under 
13
 * the License.
14
 * 
15
 * Author: Bradley Beddoes
16
 * Creation Date: 1/5/07
17
 * 
18
 * Purpose:  Default crypto processor impl
19
 */
20
package com.qut.middleware.crypto.impl;
21
22
import java.io.ByteArrayInputStream;
23
import java.io.ByteArrayOutputStream;
24
import java.io.FileNotFoundException;
25
import java.io.FileOutputStream;
26
import java.io.IOException;
27
import java.io.ObjectInputStream;
28
import java.io.ObjectOutputStream;
29
import java.math.BigInteger;
30
import java.security.InvalidKeyException;
31
import java.security.KeyPair;
32
import java.security.KeyPairGenerator;
33
import java.security.KeyStore;
34
import java.security.KeyStoreException;
35
import java.security.NoSuchAlgorithmException;
36
import java.security.NoSuchProviderException;
37
import java.security.PublicKey;
38
import java.security.SecureRandom;
39
import java.security.Security;
40
import java.security.SignatureException;
41
import java.security.cert.Certificate;
42
import java.security.cert.CertificateException;
43
import java.security.cert.X509Certificate;
44
import java.security.interfaces.RSAPublicKey;
45
import java.util.Calendar;
46
import java.util.GregorianCalendar;
47
import java.util.Random;
48
49
import javax.security.auth.x500.X500Principal;
50
import javax.security.auth.x500.X500PrivateCredential;
51
52
import org.apache.commons.codec.binary.Hex;
53
import org.bouncycastle.asn1.x509.BasicConstraints;
54
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
55
import org.bouncycastle.asn1.x509.GeneralName;
56
import org.bouncycastle.asn1.x509.GeneralNames;
57
import org.bouncycastle.asn1.x509.KeyPurposeId;
58
import org.bouncycastle.asn1.x509.KeyUsage;
59
import org.bouncycastle.asn1.x509.X509Extensions;
60
import org.bouncycastle.jce.provider.BouncyCastleProvider;
61
import org.bouncycastle.x509.X509V3CertificateGenerator;
62
import org.slf4j.Logger;
63
import org.slf4j.LoggerFactory;
64
import org.w3._2000._09.xmldsig_.KeyInfo;
65
import org.w3._2000._09.xmldsig_.KeyValue;
66
import org.w3._2000._09.xmldsig_.ObjectFactory;
67
import org.w3._2000._09.xmldsig_.RSAKeyValue;
68
import org.w3._2000._09.xmldsig_.X509Data;
69
import org.w3._2000._09.xmldsig_.X509IssuerSerialType;
70
71
import com.qut.middleware.crypto.CryptoProcessor;
72
import com.qut.middleware.crypto.KeystoreResolver;
73
import com.qut.middleware.crypto.exception.CryptoException;
74
import com.qut.middleware.saml2.schemas.metadata.KeyDescriptor;
75
import com.qut.middleware.saml2.schemas.metadata.KeyTypes;
76
import com.qut.middleware.saml2.sec.KeyName;
77
78
public class CryptoProcessorImpl implements CryptoProcessor
79
{
80
        private int certExpiryIntervalInYears;
81
82
        private String certIssuerDN;
83
        private String certIssuerEmail;
84
        private int keySize;
85
86
        /* Provides keydata that metadata documents will be signed with */
87
        private KeystoreResolver localResolver;
88
89
        /* Local logging instance */
90
        private Logger logger = LoggerFactory.getLogger(CryptoProcessorImpl.class.getName());
91
92
        /**
93
         * Creates crypto processor object that must be configured using setters before use
94
         */
95
        public CryptoProcessorImpl()
96
        {
97
                // not implemented
98
        }
99
100
        /**
101
         * Creates fully populated crypto processor ready for use
102
         * 
103
         * @param localResolver
104
         * @param certIssuerDN
105
         * @param certIssuerEmail
106
         * @param certExpiryInterval
107
         * @param keySize
108
         */
109
        public CryptoProcessorImpl(KeystoreResolver localResolver, String certIssuerDN, String certIssuerEmail, int certExpiryInterval, int keySize)
110
        {
111
                if (localResolver == null)
112
                {
113
                        this.logger.error("localResolver for CryptoProcessorImpl was NULL");
114
                        throw new IllegalArgumentException("localResolver for CryptoProcessorImpl was NULL");
115
                }
116
                if (certIssuerDN == null)
117
                {
118
                        this.logger.error("certIssuerDN for CryptoProcessorImpl was NULL");
119
                        throw new IllegalArgumentException("certIssuerDN for CryptoProcessorImpl was NULL");
120
                }
121
                if (certIssuerEmail == null)
122
                {
123
                        this.logger.error("certIssuerEmail for CryptoProcessorImpl was NULL");
124
                        throw new IllegalArgumentException("certIssuerEmail for CryptoProcessorImpl was NULL");
125
                }
126
127
                this.localResolver = localResolver;
128
                this.certIssuerDN = certIssuerDN;
129
                this.certIssuerEmail = certIssuerEmail;
130
                this.certExpiryIntervalInYears = certExpiryInterval;
131
                this.keySize = keySize;
132
133
        }
134
135
        /*
136
         * (non-Javadoc)
137
         * 
138
         * @see com.qut.middleware.crypto.CryptoProcessor#generatePassphrase()
139
         */
140
        public String generatePassphrase()
141
        {
142
                SecureRandom random;
143
                String passphrase;
144
                byte[] buf;
145
146
                try
147
                {
148
                        /* Attempt to get the specified RNG instance */
149
                        random = SecureRandom.getInstance("SHA1PRNG");
150
                }
151
                catch (NoSuchAlgorithmException nsae)
152
                {
153
                        random = new SecureRandom();
154
                }
155
156
                buf = new byte[10];
157
                random.nextBytes(buf);
158
                passphrase = new String(Hex.encodeHex(buf));
159
160
                return passphrase;
161
        }
162
163
        /*
164
         * (non-Javadoc)
165
         * 
166
         * @see com.qut.middleware.crypto.impl.CryptoProcessor#createSigningKeyDescriptor(java.security.interfaces.RSAPublicKey,
167
         *      java.lang.String)
168
         */
169
        public KeyDescriptor createSigningKeyDescriptor(RSAPublicKey pubKey, String keyPairName, String issuerDN, String serialNumber)
170
        {
171
                KeyDescriptor keyDescriptor = new KeyDescriptor();
172
                keyDescriptor.setUse(KeyTypes.SIGNING);
173
                KeyInfo keyInfo = new KeyInfo();
174
                KeyName keyName = new KeyName(keyPairName);
175
                keyInfo.getContent().add(keyName);
176
177
                KeyValue keyValue = new KeyValue();
178
                RSAKeyValue rsaKeyValue = new RSAKeyValue();
179
                rsaKeyValue.setExponent(pubKey.getPublicExponent().toByteArray());
180
                rsaKeyValue.setModulus(pubKey.getModulus().toByteArray());
181
                keyValue.getContent().add(rsaKeyValue);
182
                keyInfo.getContent().add(keyValue);
183
                keyDescriptor.setKeyInfo(keyInfo);
184
                
185
                if (issuerDN != null && serialNumber != null)
186
                {
187
                        BigInteger serialNumberValue = new BigInteger(serialNumber);
188
                        X509Data x509Data = new X509Data();
189
                        X509IssuerSerialType x509IssuerSerialType = new X509IssuerSerialType();
190
                        x509IssuerSerialType.setX509IssuerName(issuerDN);
191
                        x509IssuerSerialType.setX509SerialNumber(serialNumberValue);
192
                        x509Data.getX509DataContent().add(new ObjectFactory().createX509DataX509IssuerSerial(x509IssuerSerialType));
193
                        keyInfo.getContent().add(x509Data);
194
                }
195
196
                logger.debug("Generated KeyDescriptor for document signing with keyname " + keyPairName);
197
198
                return keyDescriptor;
199
200
        }
201
202
        /*
203
         * (non-Javadoc)
204
         * 
205
         * @see com.qut.middleware.crypto.impl.CryptoProcessor#generateKeyPair(int)
206
         */
207
        public KeyPair generateKeyPair() throws CryptoException
208
        {
209
                try
210
                {
211
                        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
212
                        keyGen.initialize(this.keySize);
213
214
                        KeyPair keyPair = keyGen.generateKeyPair();
215
                        return keyPair;
216
                }
217
                catch (NoSuchAlgorithmException e)
218
                {
219
                        this.logger.error("NoSuchAlgorithmException thrown, " + e.getLocalizedMessage());
220
                        this.logger.debug(e.toString());
221
                        throw new CryptoException(e.getLocalizedMessage(), e);
222
                }
223
        }
224
225
        /*
226
         * (non-Javadoc)
227
         * 
228
         * @see com.qut.middleware.crypto.impl.CryptoProcessor#generateKeyStore(java.lang.String)
229
         */
230
        public KeyStore generateKeyStore() throws CryptoException
231
        {
232
                try
233
                {
234
                        logger.debug("Generating a new key store.");
235
236
                        /* Add BC to the jdk security manager to be able to use it as a provider */
237
                        Security.addProvider(new BouncyCastleProvider());
238
239
                        /* Create and init an empty key store */
240
                        KeyStore keyStore = KeyStore.getInstance("JKS");
241
                        keyStore.load(null, null);
242
243
                        /*
244
                         * Populate all new key stores with the key data of the local resolver, generally this is for metadata
245
                         * purposes to ensure that all systems in the authentication network can correctly validate the signed
246
                         * metadata document
247
                         */
248
                        X509Certificate localCertificate = (X509Certificate)localResolver.getLocalCertificate();
249
                        Calendar before = new GregorianCalendar();
250
                        Calendar expiry = new GregorianCalendar();
251
                        before.setTime(localCertificate.getNotBefore());
252
                        expiry.setTime(localCertificate.getNotAfter());
253
                        
254
                        addPublicKey(keyStore, new KeyPair(this.localResolver.getLocalPublicKey(), this.localResolver.getLocalPrivateKey()),
255
                                        this.localResolver.getLocalKeyAlias(), this.certIssuerDN, before, expiry);
256
257
                        return keyStore;
258
                }
259
                catch (KeyStoreException e)
260
                {
261
                        this.logger.error("KeyStoreException thrown, " + e.getLocalizedMessage());
262
                        this.logger.debug(e.toString());
263
                        throw new CryptoException(e.getLocalizedMessage(), e);
264
                }
265
                catch (NoSuchAlgorithmException e)
266
                {
267
                        this.logger.error("NoSuchAlgorithmException thrown, " + e.getLocalizedMessage());
268
                        this.logger.debug(e.toString());
269
                        throw new CryptoException(e.getLocalizedMessage(), e);
270
                }
271
                catch (CertificateException e)
272
                {
273
                        this.logger.error("CertificateException thrown, " + e.getLocalizedMessage());
274
                        this.logger.debug(e.toString());
275
                        throw new CryptoException(e.getLocalizedMessage(), e);
276
                }
277
                catch (IOException e)
278
                {
279
                        this.logger.error("IOException thrown, " + e.getLocalizedMessage());
280
                        this.logger.debug(e.toString());
281
                        throw new CryptoException(e.getLocalizedMessage(), e);
282
                }
283
        }
284
285
        /*
286
         * (non-Javadoc)
287
         * 
288
         * @see com.qut.middleware.crypto.impl.CryptoProcessor#addPublicKey(java.security.KeyStore, java.security.KeyPair,
289
         *      java.lang.String, java.lang.String)
290
         */
291
        public void addPublicKey(KeyStore ks, KeyPair keyPair, String keyPairName, String keyPairSubjectDN) throws CryptoException
292
        {
293
                try
294
                {
295
                        X509Certificate cert = generateV3Certificate(keyPair, keyPairSubjectDN);
296
                        ks.setCertificateEntry(keyPairName, cert);
297
298
                }
299
                catch (KeyStoreException e)
300
                {
301
                        this.logger.error("KeyStoreException thrown, " + e.getLocalizedMessage());
302
                        this.logger.debug(e.toString());
303
                        throw new CryptoException(e.getLocalizedMessage(), e);
304
                }
305
        }
306
307
        /**
308
         *
309
         * @param ks
310
         * @param keyPair
311
         * @param keyPairName
312
         * @param keyPairSubjectDN
313
         * @param before
314
         * @param expiry
315
         * @throws CryptoException
316
         */
317
        public void addPublicKey(KeyStore ks, KeyPair keyPair, String keyPairName, String keyPairSubjectDN, Calendar before, Calendar expiry) throws CryptoException
318
        {
319
                try
320
                {
321
                        X509Certificate cert = generateV3Certificate(keyPair, keyPairSubjectDN, before, expiry);
322
                        ks.setCertificateEntry(keyPairName, cert);
323
324
                }
325
                catch (KeyStoreException e)
326
                {
327
                        this.logger.error("KeyStoreException thrown, " + e.getLocalizedMessage());
328
                        this.logger.debug(e.toString());
329
                        throw new CryptoException(e.getLocalizedMessage(), e);
330
                }
331
        }
332
333
        /*
334
         * (non-Javadoc)
335
         * 
336
         * @see com.qut.middleware.crypto.impl.CryptoProcessor#addKeyPair(java.security.KeyStore, java.lang.String,
337
         *      java.security.KeyPair, java.lang.String, java.lang.String, java.lang.String)
338
         */
339
        public KeyStore addKeyPair(KeyStore keyStore, String keyStorePassphrase, KeyPair keyPair, String keyPairName, String keyPairPassphrase, String keyPairSubjectDN) throws CryptoException
340
        {
341
                logger.debug("Adding key pair to existing key store");
342
343
                try
344
                {
345
                        // Create the public key certificate for storage in the key store.
346
                        X509Certificate cert = generateV3Certificate(keyPair, keyPairSubjectDN);
347
                        X500PrivateCredential privateCredentials = new X500PrivateCredential(cert, keyPair.getPrivate(), keyPairName);
348
349
                        Certificate[] certChain = new X509Certificate[1];
350
                        certChain[0] = privateCredentials.getCertificate();
351
352
                        // Load our generated key store up. They all have the same password, which we set.
353
                        keyStore.load(null, keyStorePassphrase.toCharArray());
354
355
                        /* Add certificate which contains the public key and set the private key as a key entry in the key store */
356
                        keyStore.setCertificateEntry(privateCredentials.getAlias(), privateCredentials.getCertificate());
357
                        keyStore.setKeyEntry(privateCredentials.getAlias(), keyPair.getPrivate(), keyPairPassphrase.toCharArray(), certChain);
358
359
                        return keyStore;
360
                }
361
                catch (NoSuchAlgorithmException e)
362
                {
363
                        this.logger.error("NoSuchAlgorithmException thrown, " + e.getLocalizedMessage());
364
                        this.logger.debug(e.toString());
365
                        throw new CryptoException(e.getLocalizedMessage(), e);
366
                }
367
                catch (CertificateException e)
368
                {
369
                        this.logger.error("CertificateException thrown, " + e.getLocalizedMessage());
370
                        this.logger.debug(e.toString());
371
                        throw new CryptoException(e.getLocalizedMessage(), e);
372
                }
373
                catch (KeyStoreException e)
374
                {
375
                        this.logger.error("KeyStoreException thrown, " + e.getLocalizedMessage());
376
                        this.logger.debug(e.toString());
377
                        throw new CryptoException(e.getLocalizedMessage(), e);
378
                }
379
                catch (IOException e)
380
                {
381
                        this.logger.error("IOException thrown, " + e.getLocalizedMessage());
382
                        this.logger.debug(e.toString());
383
                        throw new CryptoException(e.getLocalizedMessage(), e);
384
                }
385
        }
386
387
        /*
388
         * (non-Javadoc)
389
         * 
390
         * @see com.qut.middleware.crypto.impl.CryptoProcessor#generateV3Certificate(java.security.KeyPair,
391
         *      java.lang.String)
392
         */
393
        public X509Certificate generateV3Certificate(KeyPair pair, String certSubjectDN) throws CryptoException
394
        {
395
                /* Set the start of valid period to now - a few seconds for time skew. */
396
                Calendar before = new GregorianCalendar();
397
                before.add(Calendar.DAY_OF_MONTH, -1);
398
399
                /* Set the certificate expiry date to current time plus configured interval for expiry. */
400
                Calendar expiry = new GregorianCalendar();
401
                expiry.add(Calendar.YEAR, this.certExpiryIntervalInYears);
402
403
                return generateV3Certificate(pair, certSubjectDN, before, expiry);
404
        }
405
406
        /*
407
         * (non-Javadoc)
408
         *
409
         * @see com.qut.middleware.crypto.impl.CryptoProcessor#generateV3Certificate(java.security.KeyPair,
410
         *      java.lang.String)
411
         */
412
        private X509Certificate generateV3Certificate(KeyPair pair, String certSubjectDN, Calendar before, Calendar expiry) throws CryptoException
413
        {
414
                X509V3CertificateGenerator cert = new X509V3CertificateGenerator();
415
416
                /* Set the certificate serial number to a random number */
417
                Random rand = new Random();
418
                rand.setSeed(System.currentTimeMillis());
419
420
                /* Generates a number between 0 and 2^32 as the serial */
421
                BigInteger serial = BigInteger.valueOf(rand.nextInt(Integer.MAX_VALUE));
422
                logger.info("Setting X509 Cert Serial to: " + serial);
423
424
                cert.setSerialNumber(serial);
425
426
                /* Set the certificate issuer */
427
                cert.setIssuerDN(new X500Principal(this.certIssuerDN));
428
429
                /* Set the start of valid period. */
430
                cert.setNotBefore(before.getTime());
431
432
                /* Set the certificate expiry date. */
433
                cert.setNotAfter(expiry.getTime());
434
435
                /* Set the subject */
436
                cert.setSubjectDN(new X500Principal(certSubjectDN));
437
438
                cert.setPublicKey(pair.getPublic());
439
440
                /* Signature algorithm, this may need to be changed if not all hosts have SHA256 and RSA implementations */
441
                cert.setSignatureAlgorithm("SHA512withRSA");
442
443
                cert.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
444
445
                /* Only for signing */
446
                cert.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign));
447
                cert.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth));
448
449
                /* Set a contact email address for the issuer */
450
                cert.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, this.certIssuerEmail)));
451
452
                logger.debug("Generating X509Certificate for key pair: " + pair);
453
454
                try
455
                {
456
                        /* Use the BouncyCastle provider to actually generate the X509Certificate now */
457
                        return cert.generateX509Certificate(pair.getPrivate(), "BC");
458
                }
459
                catch (InvalidKeyException e)
460
                {
461
                        this.logger.error("InvalidKeyException thrown, " + e.getLocalizedMessage());
462
                        this.logger.debug(e.toString());
463
                        throw new CryptoException(e.getLocalizedMessage(), e);
464
                }
465
                catch (NoSuchProviderException e)
466
                {
467
                        this.logger.error("NoSuchProviderException thrown, " + e.getLocalizedMessage());
468
                        this.logger.debug(e.toString());
469
                        throw new CryptoException(e.getLocalizedMessage(), e);
470
                }
471
                catch (SecurityException e)
472
                {
473
                        this.logger.error("SecurityException thrown, " + e.getLocalizedMessage());
474
                        this.logger.debug(e.toString());
475
                        throw new CryptoException(e.getLocalizedMessage(), e);
476
                }
477
                catch (SignatureException e)
478
                {
479
                        this.logger.error("SignatureException thrown, " + e.getLocalizedMessage());
480
                        this.logger.debug(e.toString());
481
                        throw new CryptoException(e.getLocalizedMessage(), e);
482
                }
483
484
        }
485
486
        /* (non-Javadoc)
487
         * @see com.qut.middleware.crypto.CryptoProcessor#serializeKeyStore(java.security.KeyStore, java.lang.String, java.lang.String)
488
         */
489
        public void serializeKeyStore(KeyStore keyStore, String keyStorePassphrase, String filename) throws CryptoException
490
        {
491
                FileOutputStream fos = null;
492
                try
493
                {
494
                        fos = new FileOutputStream(filename);
495
                        keyStore.store(fos, keyStorePassphrase.toCharArray());
496
                }
497
                catch (FileNotFoundException e)
498
                {
499
                        this.logger.error(e.getLocalizedMessage());
500
                        this.logger.debug(e.toString());
501
                        throw new CryptoException(e.getLocalizedMessage(), e);
502
                }
503
                catch (KeyStoreException e)
504
                {
505
                        this.logger.error(e.getLocalizedMessage());
506
                        this.logger.debug(e.toString());
507
                        throw new CryptoException(e.getLocalizedMessage(), e);
508
                }
509
                catch (NoSuchAlgorithmException e)
510
                {
511
                        this.logger.error(e.getLocalizedMessage());
512
                        this.logger.debug(e.toString());
513
                        throw new CryptoException(e.getLocalizedMessage(), e);
514
                }
515
                catch (CertificateException e)
516
                {
517
                        this.logger.error(e.getLocalizedMessage());
518
                        this.logger.debug(e.toString());
519
                        throw new CryptoException(e.getLocalizedMessage(), e);
520
                }
521
                catch (IOException e)
522
                {
523
                        this.logger.error(e.getLocalizedMessage());
524
                        this.logger.debug(e.toString());
525
                        throw new CryptoException(e.getLocalizedMessage(), e);
526
                }
527
                finally
528
                {
529
                        if (fos != null)
530
                        {
531
                                try
532
                                {
533
                                        fos.flush();
534
                                        fos.close();
535
                                }
536
                                catch (IOException e)
537
                                {
538
                                        this.logger.error(e.getLocalizedMessage());
539
                                        this.logger.debug(e.toString());
540
                                        throw new CryptoException(e.getLocalizedMessage(), e);
541
                                }
542
                        }
543
                }
544
        }
545
        
546
        public PublicKey convertByteArrayPublicKey(byte[] rawKey) throws CryptoException
547
        {
548
                ByteArrayInputStream inputStream = null; 
549
                ObjectInputStream objectInputStream = null;
550
                PublicKey key;
551
                
552
                try
553
                {
554
                        inputStream = new ByteArrayInputStream(rawKey);
555
                        objectInputStream = new ObjectInputStream(inputStream);
556
                        key = (PublicKey) objectInputStream.readObject();
557
                        
558
                        return key;
559
                }
560
                catch (IOException e)
561
                {
562
                        throw new CryptoException("Exception when attempting to unserialize PublicKey", e);
563
                }
564
                catch (ClassNotFoundException e)
565
                {
566
                        throw new CryptoException("Exception when attempting to unserialize PublicKey", e);
567
                }
568
                finally
569
                {
570
                        try
571
                        {
572
                                if(objectInputStream != null)
573
                                        objectInputStream.close();
574
                                
575
                                if(inputStream != null)
576
                                        inputStream.close();
577
                        }
578
                        catch (IOException e)
579
                        {
580
                                throw new CryptoException("Exception when attempting to unserialize PublicKey (stream close failed)", e);
581
                        }
582
                }
583
        }
584
        
585
        public byte[] convertPublicKeyByteArray(PublicKey key) throws CryptoException
586
        {
587
                byte[] serializedPK;
588
                ByteArrayOutputStream outputStream = null;
589
                ObjectOutputStream objectOutputStream = null;
590
                
591
                try
592
                {
593
                         outputStream = new ByteArrayOutputStream();
594
                         objectOutputStream = new ObjectOutputStream(outputStream);
595
                        objectOutputStream.writeObject(key);
596
                        serializedPK = outputStream.toByteArray();
597
                        
598
                        return serializedPK;
599
                }
600
                catch (IOException e)
601
                {
602
                        throw new CryptoException("Exception when attempting to serialize PublicKey", e);
603
                }
604
                finally
605
                {
606
                        try
607
                        {
608
                                if(objectOutputStream != null)
609
                                        objectOutputStream.close();
610
                                
611
                                if(outputStream != null)
612
                                        outputStream.close();
613
                        }
614
                        catch (IOException e)
615
                        {
616
                                throw new CryptoException("Exception when attempting to serialize PublicKey (stream close failed)", e);
617
                        }
618
                }
619
        }
620
621
        /*
622
         * (non-Javadoc)
623
         * 
624
         * @see com.qut.middleware.crypto.CryptoProcessor#convertKeystoreByteArray(java.security.KeyStore, java.lang.String)
625
         */
626
        public byte[] convertKeystoreByteArray(KeyStore keyStore, String keyStorePassphrase) throws CryptoException
627
        {
628
                byte[] keyStoreBytes;
629
                ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
630
631
                try
632
                {
633
                        keyStore.store(outputStream, keyStorePassphrase.toCharArray());
634
635
                        keyStoreBytes = outputStream.toByteArray();
636
                        return keyStoreBytes;
637
                }
638
                catch (KeyStoreException e)
639
                {
640
                        this.logger.error("KeyStoreException thrown, " + e.getLocalizedMessage());
641
                        this.logger.debug(e.toString());
642
                        throw new CryptoException(e.getLocalizedMessage(), e);
643
                }
644
                catch (NoSuchAlgorithmException e)
645
                {
646
                        this.logger.error("NoSuchAlgorithmException thrown, " + e.getLocalizedMessage());
647
                        this.logger.debug(e.toString());
648
                        throw new CryptoException(e.getLocalizedMessage(), e);
649
                }
650
                catch (CertificateException e)
651
                {
652
                        this.logger.error("CertificateException thrown, " + e.getLocalizedMessage());
653
                        this.logger.debug(e.toString());
654
                        throw new CryptoException(e.getLocalizedMessage(), e);
655
                }
656
                catch (IOException e)
657
                {
658
                        this.logger.error("IOException thrown, " + e.getLocalizedMessage());
659
                        this.logger.debug(e.toString());
660
                        throw new CryptoException(e.getLocalizedMessage(), e);
661
                }
662
                finally
663
                {
664
                        try
665
                        {
666
                                outputStream.close();
667
                        }
668
                        catch (IOException e)
669
                        {
670
                                this.logger.error("IOException thrown in finally, " + e.getLocalizedMessage());
671
                                this.logger.debug(e.toString());
672
                        }
673
                }
674
        }
675
676
        public int getCertExpiryIntervalInYears()
677
        {
678
                return this.certExpiryIntervalInYears;
679
        }
680
681
        public void setCertExpiryIntervalInYears(int certExpiryIntervalInYears)
682
        {
683
                this.certExpiryIntervalInYears = certExpiryIntervalInYears;
684
        }
685
686
        public String getCertIssuerDN()
687
        {
688
                return this.certIssuerDN;
689
        }
690
691
        public void setCertIssuerDN(String certIssuerDN)
692
        {
693
                this.certIssuerDN = certIssuerDN;
694
        }
695
696
        public String getCertIssuerEmail()
697
        {
698
                return this.certIssuerEmail;
699
        }
700
701
        public void setCertIssuerEmail(String certIssuerEmail)
702
        {
703
                this.certIssuerEmail = certIssuerEmail;
704
        }
705
706
        public int getKeySize()
707
        {
708
                return this.keySize;
709
        }
710
711
        public void setKeySize(int keySize)
712
        {
713
                this.keySize = keySize;
714
        }
715
716
        public KeystoreResolver getLocalResolver()
717
        {
718
                return this.localResolver;
719
        }
720
721
        public void setLocalResolver(KeystoreResolver localResolver)
722
        {
723
                this.localResolver = localResolver;
724
        }
725
}