From ec3ea499befddbb842d632c2714af7e5f7437132 Mon Sep 17 00:00:00 2001 From: ThumulaPerera <42399179+ThumulaPerera@users.noreply.github.com> Date: Mon, 26 Jun 2023 11:46:01 +0530 Subject: [PATCH 1/3] Modify KeyStoreGenerator to use DAO --- .../keystore/mgt/KeyStoreGenerator.java | 51 ++++++++++--------- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java b/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java index 57aa97be2..8d37eec1d 100644 --- a/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java +++ b/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java @@ -22,15 +22,18 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.base.ServerConfiguration; -import org.wso2.carbon.core.RegistryResources; import org.wso2.carbon.core.util.CryptoUtil; import org.wso2.carbon.keystore.mgt.util.RealmServiceHolder; import org.wso2.carbon.keystore.mgt.util.RegistryServiceHolder; -import org.wso2.carbon.registry.core.Resource; import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.registry.core.session.UserRegistry; -import org.wso2.carbon.security.SecurityConstants; +import org.wso2.carbon.security.SecurityConfigException; import org.wso2.carbon.security.keystore.KeyStoreAdmin; +import org.wso2.carbon.security.keystore.dao.KeyStoreDAO; +import org.wso2.carbon.security.keystore.dao.PubCertDAO; +import org.wso2.carbon.security.keystore.dao.impl.KeyStoreDAOImpl; +import org.wso2.carbon.security.keystore.dao.impl.PubCertDAOImpl; +import org.wso2.carbon.security.keystore.model.PubCertModel; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.utils.ServerConstants; import sun.security.x509.AlgorithmId; @@ -39,9 +42,9 @@ import sun.security.x509.CertificateValidity; import sun.security.x509.CertificateVersion; import sun.security.x509.CertificateX509Key; +import sun.security.x509.X500Name; import sun.security.x509.X509CertImpl; import sun.security.x509.X509CertInfo; -import sun.security.x509.X500Name; import java.io.ByteArrayOutputStream; import java.math.BigInteger; @@ -61,6 +64,8 @@ public class KeyStoreGenerator { private static Log log = LogFactory.getLog(KeyStoreGenerator.class); private UserRegistry govRegistry; + private KeyStoreDAO keyStoreDAO; + private PubCertDAO pubCertDAO; private int tenantId; private String tenantDomain; private String password; @@ -76,11 +81,19 @@ public KeyStoreGenerator(int tenantId) throws KeyStoreMgtException { log.error("Governance registry instance is null"); throw new KeyStoreMgtException("Governance registry instance is null"); } + this.keyStoreDAO = new KeyStoreDAOImpl(tenantId); + this.pubCertDAO = new PubCertDAOImpl(tenantId); + } catch (RegistryException e) { String errorMsg = "Error while obtaining the governance registry for tenant : " + tenantId; log.error(errorMsg, e); throw new KeyStoreMgtException(errorMsg, e); + } catch (SecurityConfigException e) { + String errorMsg = "Error while obtaining DAO implementations for tenant id : " + + tenantId; + log.error(errorMsg, e); + throw new KeyStoreMgtException(errorMsg, e); } } @@ -133,12 +146,12 @@ public boolean isKeyStoreExists(int tenantId) throws KeyStoreMgtException{ String keyStoreName = generateKSNameFromDomainName(); boolean isKeyStoreExists = false; try { - isKeyStoreExists = govRegistry.resourceExists(RegistryResources.SecurityManagement.KEY_STORES + "/" + keyStoreName); - } catch (RegistryException e) { - String msg = "Error while checking the existance of keystore. "; + isKeyStoreExists = keyStoreDAO.getKeyStore(keyStoreName).isPresent(); + } catch (SecurityConfigException e) { + String msg = "Error while checking the existance of keystore. "; log.error(msg + e.getMessage()); - } - return isKeyStoreExists; + } + return isKeyStoreExists; } /** @@ -217,25 +230,13 @@ private void persistKeyStore(KeyStore keyStore, X509Certificate PKCertificate) keystoreAdmin.addKeyStore(outputStream.toByteArray(), keyStoreName, password, " ", "JKS", password); - //Create the pub. key resource - Resource pubKeyResource = govRegistry.newResource(); - pubKeyResource.setContent(PKCertificate.getEncoded()); - pubKeyResource.addProperty(SecurityConstants.PROP_TENANT_PUB_KEY_FILE_NAME_APPENDER, - generatePubKeyFileNameAppender()); - - govRegistry.put(RegistryResources.SecurityManagement.TENANT_PUBKEY_RESOURCE, pubKeyResource); + PubCertModel pubCertModel = new PubCertModel(generatePubKeyFileNameAppender(), PKCertificate.getEncoded()); + String id = pubCertDAO.addPubCert(pubCertModel); //associate the public key with the keystore - govRegistry.addAssociation(RegistryResources.SecurityManagement.KEY_STORES + "/" + keyStoreName, - RegistryResources.SecurityManagement.TENANT_PUBKEY_RESOURCE, - SecurityConstants.ASSOCIATION_TENANT_KS_PUB_KEY); + keyStoreDAO.addPubCertIdToKeyStore(keyStoreName, id); - } catch (RegistryException e) { - String msg = "Error when writing the keystore/pub.cert to registry"; - log.error(msg, e); - throw new KeyStoreMgtException(msg, e); - } - catch (Exception e) { + } catch (Exception e) { //TODO: catch specific exceptions String msg = "Error when processing keystore/pub. cert to be stored in registry"; log.error(msg, e); throw new KeyStoreMgtException(msg, e); From 9ce024f3e6766bf294575969f5800973e48fea05 Mon Sep 17 00:00:00 2001 From: mpmadhavig Date: Wed, 23 Aug 2023 17:53:05 +0530 Subject: [PATCH 2/3] Add newly proposed method signature changes in keystore. --- .../keystore/mgt/KeyStoreGenerator.java | 129 +++++++++--------- 1 file changed, 61 insertions(+), 68 deletions(-) diff --git a/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java b/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java index 8d37eec1d..44cdf1fa8 100644 --- a/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java +++ b/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java @@ -1,20 +1,20 @@ /* -* Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. -* -* WSO2 Inc. licenses this file to you under the Apache License, -* Version 2.0 (the "License"); you may not use this file except -* in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, -* software distributed under the License is distributed on an -* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -* KIND, either express or implied. See the License for the -* specific language governing permissions and limitations -* under the License. -*/ + * Copyright (c) 2005-2010, WSO2 LLC. (https://www.wso2.com). + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ package org.wso2.carbon.keystore.mgt; import org.apache.axiom.om.util.UUIDGenerator; @@ -24,16 +24,16 @@ import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.core.util.CryptoUtil; import org.wso2.carbon.keystore.mgt.util.RealmServiceHolder; -import org.wso2.carbon.keystore.mgt.util.RegistryServiceHolder; -import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.registry.core.session.UserRegistry; import org.wso2.carbon.security.SecurityConfigException; import org.wso2.carbon.security.keystore.KeyStoreAdmin; +import org.wso2.carbon.security.keystore.KeyStoreManagementException; import org.wso2.carbon.security.keystore.dao.KeyStoreDAO; import org.wso2.carbon.security.keystore.dao.PubCertDAO; import org.wso2.carbon.security.keystore.dao.impl.KeyStoreDAOImpl; import org.wso2.carbon.security.keystore.dao.impl.PubCertDAOImpl; import org.wso2.carbon.security.keystore.model.PubCertModel; +import org.wso2.carbon.security.util.KeyStoreMgtUtil; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.utils.ServerConstants; import sun.security.x509.AlgorithmId; @@ -47,12 +47,16 @@ import sun.security.x509.X509CertInfo; import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.math.BigInteger; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.SecureRandom; +import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Date; @@ -62,39 +66,20 @@ */ public class KeyStoreGenerator { - private static Log log = LogFactory.getLog(KeyStoreGenerator.class); + private static final Log log = LogFactory.getLog(KeyStoreGenerator.class); private UserRegistry govRegistry; - private KeyStoreDAO keyStoreDAO; - private PubCertDAO pubCertDAO; - private int tenantId; - private String tenantDomain; + private final KeyStoreDAO keyStoreDAO; + private final PubCertDAO pubCertDAO; + private final int tenantId; + private final String tenantDomain; private String password; + public KeyStoreGenerator(int tenantId) throws KeyStoreMgtException { - public KeyStoreGenerator(int tenantId) throws KeyStoreMgtException { - try { - this.tenantId = tenantId; - this.tenantDomain = getTenantDomainName(); - this.govRegistry = RegistryServiceHolder.getRegistryService(). - getGovernanceSystemRegistry(tenantId); - if(govRegistry == null){ - log.error("Governance registry instance is null"); - throw new KeyStoreMgtException("Governance registry instance is null"); - } - this.keyStoreDAO = new KeyStoreDAOImpl(tenantId); - this.pubCertDAO = new PubCertDAOImpl(tenantId); - - } catch (RegistryException e) { - String errorMsg = "Error while obtaining the governance registry for tenant : " + - tenantId; - log.error(errorMsg, e); - throw new KeyStoreMgtException(errorMsg, e); - } catch (SecurityConfigException e) { - String errorMsg = "Error while obtaining DAO implementations for tenant id : " + - tenantId; - log.error(errorMsg, e); - throw new KeyStoreMgtException(errorMsg, e); - } + this.tenantId = tenantId; + this.tenantDomain = getTenantDomainName(); + this.keyStoreDAO = new KeyStoreDAOImpl(); + this.pubCertDAO = new PubCertDAOImpl(); } @@ -136,20 +121,23 @@ public void generateTrustStore(String trustStoreName) throws KeyStoreMgtExceptio } /** - * This method checks the existance of a keystore - * - * @param tenantId - * @return - * @throws KeyStoreMgtException + * This method checks the existence of a keystore. + * + * @param tenantId Tenant id. + * @return True if the keystore exists, false otherwise. + * @throws KeyStoreMgtException Will be thrown when checking the existence of the keystore. */ - public boolean isKeyStoreExists(int tenantId) throws KeyStoreMgtException{ - String keyStoreName = generateKSNameFromDomainName(); - boolean isKeyStoreExists = false; - try { - isKeyStoreExists = keyStoreDAO.getKeyStore(keyStoreName).isPresent(); - } catch (SecurityConfigException e) { + public boolean isKeyStoreExists(int tenantId) throws KeyStoreMgtException { + + String keyStoreName = generateKSNameFromDomainName(); + boolean isKeyStoreExists = false; + try { + isKeyStoreExists = keyStoreDAO.getKeyStore(KeyStoreMgtUtil.getTenantUUID(tenantId), keyStoreName) + .isPresent(); + } catch (KeyStoreManagementException e) { String msg = "Error while checking the existance of keystore. "; log.error(msg + e.getMessage()); + throw new KeyStoreMgtException(msg, e); } return isKeyStoreExists; } @@ -210,14 +198,15 @@ private X509Certificate generateKeyPair(KeyStore keyStore) throws KeyStoreMgtExc } /** - * Persist the keystore in the gov.registry + * Persist the keystore in the gov.registry. * - * @param keyStore created Keystore of the tenant - * @param PKCertificate pub. key of the tenant - * @throws KeyStoreMgtException Exception when storing the keystore in the registry + * @param keyStore Created Keystore of the tenant. + * @param pkCertificate Pub. key of the tenant. + * @throws KeyStoreMgtException Exception when storing the keystore in the registry. */ - private void persistKeyStore(KeyStore keyStore, X509Certificate PKCertificate) + private void persistKeyStore(KeyStore keyStore, X509Certificate pkCertificate) throws KeyStoreMgtException { + try { ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); keyStore.store(outputStream, password.toCharArray()); @@ -228,15 +217,19 @@ private void persistKeyStore(KeyStore keyStore, X509Certificate PKCertificate) // Use the keystore using the keystore admin KeyStoreAdmin keystoreAdmin = new KeyStoreAdmin(tenantId, govRegistry); keystoreAdmin.addKeyStore(outputStream.toByteArray(), keyStoreName, - password, " ", "JKS", password); - - PubCertModel pubCertModel = new PubCertModel(generatePubKeyFileNameAppender(), PKCertificate.getEncoded()); + password, " ", "JKS", password); + + PubCertModel pubCertModel = new PubCertModel(); + pubCertModel.setFileNameAppender(generatePubKeyFileNameAppender()); + pubCertModel.setContent(pkCertificate.getEncoded()); + String id = pubCertDAO.addPubCert(pubCertModel); //associate the public key with the keystore - keyStoreDAO.addPubCertIdToKeyStore(keyStoreName, id); + keyStoreDAO.addPubCertIdToKeyStore(KeyStoreMgtUtil.getTenantUUID(tenantId), keyStoreName, id); - } catch (Exception e) { //TODO: catch specific exceptions + } catch (SecurityConfigException | KeyStoreManagementException | CertificateException | KeyStoreException | + IOException | NoSuchAlgorithmException e) { String msg = "Error when processing keystore/pub. cert to be stored in registry"; log.error(msg, e); throw new KeyStoreMgtException(msg, e); From f284662d8edf4a334ffa786ab7d7fcdadeff2720 Mon Sep 17 00:00:00 2001 From: mpmadhavig Date: Thu, 31 Aug 2023 08:40:57 +0530 Subject: [PATCH 3/3] Change security-mgt package to carbon-kernel. --- .../pom.xml | 5 ---- .../keystore/mgt/KeyStoreGenerator.java | 30 +++++++++---------- pom.xml | 13 +------- 3 files changed, 15 insertions(+), 33 deletions(-) diff --git a/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/pom.xml b/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/pom.xml index 06166408a..50b714e77 100644 --- a/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/pom.xml +++ b/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/pom.xml @@ -49,7 +49,6 @@ javax.servlet;version="${imp.pkg.version.javax.servlet}", javax.servlet.http;version="${imp.pkg.version.javax.servlet}", - org.wso2.carbon.security.*; version="${org.wso2.carbon.security.mgt.version.range}", org.bouncycastle.*;version="${org.bouncycastle.imp.pkg.version.range}", org.apache.lucene.*, org.osgi.service.component.*;version="${imp.package.version.osgi.services}", @@ -103,10 +102,6 @@ org.wso2.orbit.org.bouncycastle bcprov-jdk15on - - org.wso2.carbon.security.mgt - org.wso2.carbon.security.mgt - org.wso2.orbit.org.bouncycastle bcpkix-jdk15on diff --git a/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java b/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java index 44cdf1fa8..47aacd896 100644 --- a/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java +++ b/components/tenant-mgt/org.wso2.carbon.tenant.keystore.mgt/src/main/java/org/wso2/carbon/keystore/mgt/KeyStoreGenerator.java @@ -22,18 +22,17 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.base.ServerConfiguration; +import org.wso2.carbon.core.keystore.util.KeyStoreMgtUtil; import org.wso2.carbon.core.util.CryptoUtil; import org.wso2.carbon.keystore.mgt.util.RealmServiceHolder; -import org.wso2.carbon.registry.core.session.UserRegistry; -import org.wso2.carbon.security.SecurityConfigException; -import org.wso2.carbon.security.keystore.KeyStoreAdmin; -import org.wso2.carbon.security.keystore.KeyStoreManagementException; -import org.wso2.carbon.security.keystore.dao.KeyStoreDAO; -import org.wso2.carbon.security.keystore.dao.PubCertDAO; -import org.wso2.carbon.security.keystore.dao.impl.KeyStoreDAOImpl; -import org.wso2.carbon.security.keystore.dao.impl.PubCertDAOImpl; -import org.wso2.carbon.security.keystore.model.PubCertModel; -import org.wso2.carbon.security.util.KeyStoreMgtUtil; +import org.wso2.carbon.core.keystore.KeyStoreAdmin; +import org.wso2.carbon.core.keystore.KeyStoreManagementException; +import org.wso2.carbon.core.keystore.dao.KeyStoreDAO; +import org.wso2.carbon.core.keystore.dao.PubCertDAO; +import org.wso2.carbon.core.keystore.dao.impl.KeyStoreDAOImpl; +import org.wso2.carbon.core.keystore.dao.impl.PubCertDAOImpl; +import org.wso2.carbon.core.keystore.model.PubCertModel; +import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.utils.ServerConstants; import sun.security.x509.AlgorithmId; @@ -67,7 +66,6 @@ public class KeyStoreGenerator { private static final Log log = LogFactory.getLog(KeyStoreGenerator.class); - private UserRegistry govRegistry; private final KeyStoreDAO keyStoreDAO; private final PubCertDAO pubCertDAO; private final int tenantId; @@ -134,7 +132,7 @@ public boolean isKeyStoreExists(int tenantId) throws KeyStoreMgtException { try { isKeyStoreExists = keyStoreDAO.getKeyStore(KeyStoreMgtUtil.getTenantUUID(tenantId), keyStoreName) .isPresent(); - } catch (KeyStoreManagementException e) { + } catch (KeyStoreManagementException | UserStoreException e) { String msg = "Error while checking the existance of keystore. "; log.error(msg + e.getMessage()); throw new KeyStoreMgtException(msg, e); @@ -215,7 +213,7 @@ private void persistKeyStore(KeyStore keyStore, X509Certificate pkCertificate) String keyStoreName = generateKSNameFromDomainName(); // Use the keystore using the keystore admin - KeyStoreAdmin keystoreAdmin = new KeyStoreAdmin(tenantId, govRegistry); + KeyStoreAdmin keystoreAdmin = new KeyStoreAdmin(tenantId); keystoreAdmin.addKeyStore(outputStream.toByteArray(), keyStoreName, password, " ", "JKS", password); @@ -228,8 +226,8 @@ private void persistKeyStore(KeyStore keyStore, X509Certificate pkCertificate) //associate the public key with the keystore keyStoreDAO.addPubCertIdToKeyStore(KeyStoreMgtUtil.getTenantUUID(tenantId), keyStoreName, id); - } catch (SecurityConfigException | KeyStoreManagementException | CertificateException | KeyStoreException | - IOException | NoSuchAlgorithmException e) { + } catch (KeyStoreManagementException | CertificateException | KeyStoreException | IOException | + NoSuchAlgorithmException | UserStoreException e) { String msg = "Error when processing keystore/pub. cert to be stored in registry"; log.error(msg, e); throw new KeyStoreMgtException(msg, e); @@ -249,7 +247,7 @@ private void persistTrustStore(KeyStore trustStore, String trustStoreName) throw outputStream.flush(); outputStream.close(); - KeyStoreAdmin keystoreAdmin = new KeyStoreAdmin(tenantId, govRegistry); + KeyStoreAdmin keystoreAdmin = new KeyStoreAdmin(tenantId); keystoreAdmin.addTrustStore(outputStream.toByteArray(), trustStoreName, password, " ", "JKS"); } catch (Exception e) { String msg = "Error when processing keystore/pub. cert to be stored in registry"; diff --git a/pom.xml b/pom.xml index 31043bfcc..8faa4fb29 100644 --- a/pom.xml +++ b/pom.xml @@ -482,13 +482,6 @@ ${opensaml2.wso2.version} - - org.wso2.carbon.security.mgt - org.wso2.carbon.security.mgt - ${carbon.security.mgt.version} - - - backport-util-concurrent.wso2 backport-util-concurrent @@ -901,7 +894,7 @@ - 4.9.2 + 4.9.13-SNAPSHOT ${carbon.kernel.version} [4.5.0, 5.0.0) [1.0.1, 2.0.0) @@ -930,10 +923,6 @@ ${project.version} [4.7.0, 5.0.0) - - 1.0.0 - [1.0.0, 2.0.0) - 4.2.0 1.3.4