EPKeystoreManager xref

View Javadoc

1   package org.eparapher.core.crypto;
2   
3   import java.io.File;
4   import java.util.ArrayList;
5   
6   import org.apache.log4j.Logger;
7   import org.eparapher.core.EParapherManager;
8   import org.eparapher.core.crypto.keystore.FileKeystore;
9   import org.eparapher.core.crypto.keystore.HardwareKeyStore;
10  import org.eparapher.core.crypto.keystore.ITrustStore;
11  import org.eparapher.core.crypto.keystore.IUserKeystore;
12  import org.eparapher.core.crypto.keystore.MSCAPIKeystore;
13  import org.eparapher.core.crypto.keystore.smartcard.TrackingThread;
14  import org.eparapher.core.tools.JVMSettings;
15  
16  public class EPKeystoreManager {
17  
18  	private static Logger log = Logger.getLogger(EPKeystoreManager.class);
19  	
20  	public static final String MSCAPI_CONFIGNAME = "SunMSCAPI";
21  	public final static String PKCS11_CONFIGNAME = "PKCS11";
22  	
23  	public static final String JKS_CONFIGNAME    = "JKS";
24  	public static final String JCEKS_CONFIGNAME  = "JCEKS";
25  	public static final String PKCS12_CONFIGNAME = "PKCS12";
26  	public static final String BC_CONFIGNAME     = "BKS";
27  	//TODO : test and implement those : 
28  	public final static String UBER_CONFIGNAME   = "UBER";
29  	public final static String KDB_CONFIGNAME    = "CMSKS";
30  	
31  	public final static String[] KSFILEFORMAT    = { JKS_CONFIGNAME, JCEKS_CONFIGNAME, PKCS12_CONFIGNAME, BC_CONFIGNAME, UBER_CONFIGNAME};
32  	
33  	public static String[][] certStoreFamilies ;
34  
35  	private static EPKeystoreManager singleton;
36  	
37  	public static EPKeystoreManager getInstance() {
38  		if (singleton == null)
39  			singleton = new EPKeystoreManager();
40  		return singleton;
41  	}
42  	
43  	private TrackingThread  myTrackingSystem ;
44  	private IUserKeystore   myuserkeystore;
45  	private ITrustStore     mytrustkeystore;
46  	
47  	public EPKeystoreManager() {
48  		
49  		certStoreFamilies = getCertStoreFamilies();
50  
51  		return;
52  	}
53  	
54  	public String[][] getCertStoreFamilies() {
55  		
56  		ArrayList<String[]> families = new ArrayList<String[]>();
57  
58  		//CAPICOM
59  		if (JVMSettings.isWindowsOS() && JVMSettings.isJava16Min())
60  			families.add(new String[] { "Microsoft CAPICOM", MSCAPI_CONFIGNAME });
61  		
62  		//File Keystores
63  		families.add(new String[] { "JKS File",                 JKS_CONFIGNAME });
64  		families.add(new String[] { "JCEKS File",               JCEKS_CONFIGNAME });
65  		families.add(new String[] { "PKCS#12 File",             PKCS12_CONFIGNAME});
66  		families.add(new String[] { "BC File (BouncyCastle)",   BC_CONFIGNAME});
67  		families.add(new String[] { "UBER File (BouncyCastle)", UBER_CONFIGNAME});
68  		
69  		//KDB Keystore if IBM Provider available
70  		if ( EPCryptoProviderManager.LoadIBMCMSKSProvider() )
71  			families.add(new String[] { "KDB File (CMSKS-IBM)",     KDB_CONFIGNAME });
72  		
73  		//PKCS11
74  		families.add(new String[] { "PKCS#11 Token (smartcard, usb token,...)", PKCS11_CONFIGNAME });
75  		
76  		return families.toArray(new String[][] {});
77  	}
78  	
79  	public IUserKeystore getUserkeystore() {
80  		if ( myuserkeystore == null ) {
81  	        if (!initUserKeystore())
82  	        	return null;
83  	        //Create keystore and certificates if not exists.
84  	        if (!myuserkeystore.exists()) {
85  	        	myuserkeystore.initialize();
86  	        }
87  		}
88  		return myuserkeystore;
89  	}
90  	
91  	public ITrustStore getTrustStore() {
92  		return mytrustkeystore;
93  	}
94  
95  	/**
96  	 * initialize the Trust store that contains the CA certificate.
97  	 * It's using the JRE Truststore (${java.home}/lib/security) or the CAPICOM root keystore
98  	 * 
99  	 * @return true if loaded
100 	 */
101 	public boolean initTrustKeystore() {
102     	log.debug("Loading trust keystore");
103     	if (isCAPICOMUsed())
104     		mytrustkeystore = new MSCAPIKeystore();
105     	else {
106     		String JRETrustStore = System.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts" ;
107     		//log.info("Using JRE TrustStore : " + JRETrustStore );
108     		mytrustkeystore = new FileKeystore( "JKS" , JRETrustStore );
109     	}
110     	return mytrustkeystore.loadTrustStore();
111 	}
112 	
113 	/**
114 	 *  Initialize the User Keystore, that contains user cryptographic informations : keys (private) and certificates (public).
115 	 *  Manage PKCS11, Windows store and File Keystore
116 	 *  
117 	 * @return
118 	 */
119 	public boolean initUserKeystore() {
120     	log.debug("Loading user keystore");
121     	if ( isPKCS11Used() ) {
122         		myuserkeystore = new HardwareKeyStore();
123         		return ((HardwareKeyStore) myuserkeystore).isPkcs11BridgeLoaded();
124     	}
125     	else if (isCAPICOMUsed()) {
126     		myuserkeystore = new MSCAPIKeystore();
127     		return true;
128     	} else if (isBCUsed() || isJCEKSUsed() || isJKSUsed() || isPKCS12Used() || isCMSKSUsed() || isUBERUsed()) {
129     		myuserkeystore = new FileKeystore( FileKeystore.getFileKeystoreType(), EParapherManager.getInstance().getSettings().getFileKeystorePath() );
130     		return true;
131     	}
132     	return false;
133 	}
134 
135 	/**
136 	 * Start the thread that track the token status (accessible/removed)
137 	 * Only started if PKCS11 is used.
138 	 */
139 	public void startTrackingThread() {
140 		if (myTrackingSystem !=null)
141 			this.myTrackingSystem.stop();
142 		if ( isPKCS11Used() ) {
143 			try {
144 		    	this.myTrackingSystem = new TrackingThread(EParapherManager.getInstance().getSettings().getPKCS11TrackingSleepTime());
145 		    	this.myTrackingSystem.start();
146 		    	log.info("Token Tracking thread for PKCS11 started" );
147 			} catch (Exception e) {
148 				log.error("PKCS11 Tracking thread not started : " + e.getLocalizedMessage(), e);
149 			}
150 		}
151 	}
152 	
153 	public static boolean isPKCS11Used() {
154 		return (EParapherManager.getInstance().getSettings().getPersonalStoreType().equals(EPKeystoreManager.PKCS11_CONFIGNAME));
155 	}
156 	public static boolean isPKCS12Used() {
157 		return (EParapherManager.getInstance().getSettings().getPersonalStoreType().equals(EPKeystoreManager.PKCS12_CONFIGNAME));
158 	}
159 	public static boolean isBCUsed() {
160 		return (EParapherManager.getInstance().getSettings().getPersonalStoreType().equals(EPKeystoreManager.BC_CONFIGNAME));
161 	}
162 	public static boolean isUBERUsed() {
163 		return (EParapherManager.getInstance().getSettings().getPersonalStoreType().equals(EPKeystoreManager.UBER_CONFIGNAME));
164 	}
165 	public static boolean isJKSUsed() {
166 		return (EParapherManager.getInstance().getSettings().getPersonalStoreType().equals(EPKeystoreManager.JKS_CONFIGNAME));
167 	}
168 	public static boolean isJCEKSUsed() {
169 		return (EParapherManager.getInstance().getSettings().getPersonalStoreType().equals(EPKeystoreManager.JCEKS_CONFIGNAME));
170 	}
171 	public static boolean isCMSKSUsed() {
172 		return (EParapherManager.getInstance().getSettings().getPersonalStoreType().equals(EPKeystoreManager.KDB_CONFIGNAME));
173 	}
174 	public static boolean isCAPICOMUsed() {
175 		return (EParapherManager.getInstance().getSettings().getPersonalStoreType().equals(EPKeystoreManager.MSCAPI_CONFIGNAME));
176 	}
177 
178 }