diff --git a/.idea/apim-password-cert-env.iml b/.idea/apim-password-cert-env.iml
new file mode 100644
index 0000000..7ee078d
--- /dev/null
+++ b/.idea/apim-password-cert-env.iml
@@ -0,0 +1,4 @@
+
+
+
+
\ No newline at end of file
diff --git a/.idea/aws.xml b/.idea/aws.xml
new file mode 100644
index 0000000..e14a206
--- /dev/null
+++ b/.idea/aws.xml
@@ -0,0 +1,17 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml
new file mode 100644
index 0000000..645f4a0
--- /dev/null
+++ b/.idea/codeStyles/Project.xml
@@ -0,0 +1,22 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.idea/compiler.xml b/.idea/compiler.xml
index c317d48..5c422ea 100644
--- a/.idea/compiler.xml
+++ b/.idea/compiler.xml
@@ -6,8 +6,8 @@
-
+
diff --git a/README.md b/README.md
index 04651e3..84ab8f8 100644
--- a/README.md
+++ b/README.md
@@ -143,6 +143,8 @@ PLHu3INlHcXQs3AY0wNBLhL2jBwZ0uwBYK+entFpCgb+Z+RQ+uxs3joYuKEMj6M6
Classic Example
```bash
$export cert_domain=`cat cert.pem`
+## Use file path - file should be created via config map / mount
+export certandkey_secureport = /opt/Axway/apigateway/certs/cert.pem
```
@@ -181,7 +183,11 @@ s2+QnHEKNi5n6eyF81l1X3AGOMp2uUF4CfU=
```bash
export certandkey_secureport="MIIL5gIBAzCCC7AGCSqGSIb3DQEHAaCCC6EEggudMIILmTCCBi8GCSqGSIb3DQEHBqCCBiAwggYcAgEAMIIGFQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI9bSw5/Kr0SsCAggAgIIF6DTG3vfPtoc4NPgJE9FU43PRyMpBcv/JIefNDTvC5CNQ+7b47Afqo6mJFIndSxTEbHcnWNG/ufC2/C+7oTn8aZyrgi868fgysv9knhOe+tPJ1O6RyF690m00CmoRhE4kCDKMPaAeRR2ZAMAqj9nPrxjWMXKdrS8+LeEhq2SYSozP8VR+llaTrDPtO8+mC9KRfJIgrKpbB0G/qdnJNtrhJJ8fhaE+/Ufkhydwe0tldu+kOGMODCWVpCY5q2MRrQlhvQhLOYJ7LA/Ovz1ZDjOAE9oujqvhegDxwHj4I6sxHYhGsPUYstNiiqpI5ZcODxUajd5JmEGytk9LU/9PtKEQrXMB4/H7RsRV2bVMWtDaHVW5g0h0oUTw5SBJuPEZMljfLSIXiazerlDC5wybVKVoImDcSiYqHzEKj4DivSclrNfFk4JMMaKIphZZ2qBkCEZ0hEyGxwixyE09yexzW6/5Aq/LF51NJ8THjVHFFScDyOdNsAjiNugXFKe9OkuXW130bbLO+iGscWeJ6vGzjQRM9XIcAOiGJf0jwrGmTu+lFu70C4w+ka5oe6smcABsi52NbeZ7ylW74Fd+fU/O18nXoa7kTbzW5V/BaN+r5flxh1Xd2tUfvG00ABcWtDfHGXSuAtPp+LKRvgU0zS9BVMEr/ZpBpT3KbZAfGjk7Ies/ICpu1OKIDmLrrXHS6ZFhr7+frSjUrmrqGW4+eRBpLQDWD1/XNVzRkbfyE6Lv/lMBjc5BAEG3ZVRSpg9FemyYe5mVk1ehOMdQvUqEGd7DkmfMyXgpUVAbOqebhkS2PSRfcwZZ8O+LQOAnrWI4PRsO0XhmKpmith7S4F+IZ+xKVtkDJbNjAW63OVXKK1E914n7DuI07YCn3CGC4V4i3QlGUgY6kHoEIEfYroCGwupkSh2VLdtsru0dhoP8Dzo0AteWt7knjSQ+era/aPy3qSDE6uUbFNEHD+ol7iD5JMPGG1vnmlCu3nedwkH66LI4Zh8JSQ8qfNwSPt6GVScmpu6HmyuEH1gx6C98bvdzQMcsE+VmjldgGOIobIsTFFmcQMHEM/12R5A/VtnVEQHUY6giuFJpA7IZ2fKHtUiH0ijq1gntkUwWiJml/rb9DQHeZloKpYTEs7GuFdi8CNBZ/vThUcFPVlu8XslPm1zQZlXLb4/ian2Mdu78/FIWz7VVVSpJOablgltcIzOR2QdVYv/rmJsqecAnn2g1f+c5RvLMv2XfyJUzyfW/krlwswDiySV788BsSDylAAthUzs0RjOSIkRnaBGhYEEwhgcHOZV3l5xBjbde+0mR2hiZ3XdfQN9ZITHeCrkSv6yTtH3zh4X6YiPnY0BptOvAV/Vk/Ktdio5rSg8zjC8EDGun1p8vt/eYiIu6YEmeLxwrH27SJSgpnRkpN+u23Mq0zRrQevc7VEej0q1l4XrTDJcCTJhr5swT1UUnJ57tnKnz5X3rqrq9UrTzohVFR445PJFxHbrzyAq9og4OOU3Ya4NHcJmm0+st/V2kBs65oAGNItDJGBGyObXSKMJb4yFc6lf7EneHRMDnLTlz8XES/AN1KVih3TMfjUfgfcXFVLWKRoPVuQP0uNIPto9AIasnrxIc2zhcFpebbnUIAVRUBvNfbkHOGnjYTPf1iXs1uyDRmnQxWXbFpsBQ77wGkXrEHACbCg6pBoe9Lw2A0N5LWQniZy5dire24ZczJRKnk1W6T5W7khIqQ0h1leHsDS+bRSjaKt7MmPbp50MhoK/pX7M0Y2oO7p7Y3lQDtJ2VblMtwe7xWDbHMXDtpKQmcJg1rb5Q/2RZ3VUm08sEH3thughjogoXqCXOXn/FaJ7lVGA3qdjGgaZi1JLXd8NozwEcuNvSy/517a4Ek/uRXKVzV8WsdW8JZGvyELvlbIrdk5evNLc8W7nG4Q4BGSvEAhdLqLkpfBxgER+SU/ojSTa2wm8r/bKK5q8SVxvxaFYEAhJJyf3BrRNm9PokzDWlRR08teSkL2WKIWVX1Bw0Wo1F78Ee7DCCBWIGCSqGSIb3DQEHAaCCBVMEggVPMIIFSzCCBUcGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAg6h0uS8i8h6AICCAAEggTIpKit9ZymYjEoIoMkUpAq44lSCclY8qSmRhoaWnDNTQLhy37fxMf0hiJZ2krvBzGhNLQyBB2Yrob9lry0Sv24mkOUjRxCAhpDu03EThSC/cebaKN0+W1g4qR3EG5zLDtljI+7tgDBhE/PWuV12ZgoP3t9+JHCo1/OVv/IPtUuiP+EVk+SKW9x9/u/HKaordRi4WMhEVW8pUdMktRSQjSzupDE+8GV2ykaZ5BSfbk4RsZD2dyl5hW9lLQ9xFV786667MQcsDh4DhObWQZtX/bASw0/XS6L+TdJmxSOyIci/RGg5iyLxx7xcWRP6zfIiwacrYMxnEB7GX1QDiS3AdjeFoua+htX1DlP7Om15w/b8q79dLhMw+eSUn8g/aLp9n0PKs5mxn6rMcCrmOZJQq5y+0u7g6zOarKx08d6w7yDNCnDS7Hu2DqwaxhHyToEFjQtCw3e7ALdyB/QsZ5HpNNJjyoS+OYbAUJFU5i/oPSX3714wU/gwx/ZiVt4yWW808b8T8ksAKWhp4Gce+VipuNIXKKMdKgx7GiFK12ev31x5BHw+zSUXGc5TXXy0Nb51PTlFwF9/RBXEEleIq0914cK9UumJ6EpdfX6ssqwS9ASFhXfidAlhwH2fuw9lanFB8Y8IDnvBYCxxxtWymh7RZyBumBIdopRA8D2X51BuX6XeYVCYP7PJtXObQfLvGkY50SNOmHbCexq77UxezbMQES+mKW8YXLtZlsD1poOSmrkmRy+jvMXrHFAQidsI5Z2hZjo2sMZSPe+NAwM84yLJYoAq6LuDyhtk3WEbQNO+GB/KqFBOY3fcX0lHFdYEIovTBW+BhspdYEPvJJ01uzgG2VhvriqJ3/ETinKmMvgf5UpJDY+DJ6tgqprN3YCtPB9+NR4cmNz/OUoZKARy64UPWJuX6APGPFIAOD0gNgHqYcrpuksprX/YiYsBVOv/ouqJ9MG36EZ2WYG/KsdtCTssfHYAll5WFu1pGVKVtQJE7sN3Y34jSJDF2F2UoxQbg2CmEnM57GK7kcPjiPnCKPj+o+SEnC8BIO1TxoYnMUB87zfuO53qAdLdQkBvg2salAUsBEHmrDyIOGnEXBuAhHSHbSZSnGpD8gbhnOqfHkRu/OT5BVvnJE+w+dfTlh9vB777VbA5aEYSN16HucPkj3BelDU9+1GctZsSNg4fV/rla7RMf0SUZ02rVbX+52UwxUvuaDH+Pe+QvkTy6sc4b9IIXTphXoZWGClWBGOLBpHfMyxzu2IX4jE4M26DIwUZnVd0vkMYh8dZywgjBCoAJji6Oc1QiNzI3hAwO2sRTaVX5pxZApR+JwPY9ZwLyaOpTSbOXOP7rNZNTMCs1OUHgQdrmPPkE5EBjD/VqXOfLks0Nc8fV1zhofKe088UTZ/qCZKQwK40qhjnYLZ2C1rYjgGtiGHMaPznmwuIazZV9pKgVw+TGTWQmnmuWq7XDEzorbxh0ExjG4S45IQUaTG2kZ9GuHMj3Ocpmf/cJhTZl7wro2x+p/opJYqdKbMOaA+8orsU5r9BCv7NZFh278fSo3fpPut9+ZpmSaYDPpDjAuYlpzv1NFTyAz8Q2myFWFHSxh+KnSfhrEtf4euDRgQ/9gZ2IqXUsZ3FXUNtymfMUYwHwYJKoZIhvcNAQkUMRIeEABDAE4APQBhAHgAdwBhAHkwIwYJKoZIhvcNAQkVMRYEFFnwiPQwNks1gKUHDM3ye/ArMTPaMC0wITAJBgUrDgMCGgUABBQMVJgNbDx/sDqV37rk+lgsiaWPhgQIXKMl/uHVEFw"
-export certandkeypassword=changeit
+
+## Use file path - file should be created via config map / mount
+export certandkey_secureport = /opt/Axway/apigateway/certs/cert.p12
+
+export certandkeypassword_secureport=changeit
```
**secureport** is the name of the https interface.
@@ -217,7 +223,7 @@ $mvn clean install
- Copy the apim-env-module-x.x.jar from project target folder to gateways instance folder $INSTALLDIR/apigateway/groups/{groupname}/{instancename}/ext/lib
-- Add Loadable module to running gateway using publish script.
+- Add Loadable module to running gateway using publish script or Import apim-policy-password-cert-env/src/main/resources/typeSet.xml via Policystudio using File -> Import -> Import Custom filters.
- Parameters of publish command
```bash
@@ -262,4 +268,4 @@ Also please read this page on [how to contribute](https://github.com/Axway-API-M
## License
-[Apache License 2.0](/LICENSE)
\ No newline at end of file
+[Apache License 2.0](/LICENSE)
diff --git a/pom.xml b/pom.xml
index ce57534..3d921a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,133 +1,112 @@
- 4.0.0
-
- com.axway
- apim-env-module
- 1.1.1
-
- apim-env-module
-
- http://www.example.com
-
-
- UTF-8
- 1.8
- 1.8
- 7.7
- /Users/rnatarajan/AxwayProducts/apim_7_7/lib
-
-
-
-
-
- junit
- junit
- 4.11
- test
-
-
-
-
- apigw-common
- apigw-common
- system
- ${api.version}
- ${apim.lib.path}\plugins\apigw-common-7.7.0.1-4.jar
-
-
-
- vordel-trace
- vordel-trace
- system
- ${api.version}
- ${apim.lib.path}\plugins\vordel-trace-7.7.0.1-4.jar
-
-
-
- server
- server
- system
- ${api.version}
- ${apim.lib.path}\server.jar
-
-
-
-
- precipitate
- precipitate
- system
- ${api.version}
- ${apim.lib.path}\precipitate.jar
-
-
-
-
- es-core
- es-core
- system
- ${api.version}
- ${apim.lib.path}\plugins\es-core-7.7.0.1-4.jar
-
-
-
- vordel-common
- vordel-common
- system
- ${api.version}
- ${apim.lib.path}\plugins\vordel-common-7.7.0.1-4.jar
-
-
-
- vordel-system
- vordel-system
- system
- ${api.version}
- ${apim.lib.path}\plugins\vordel-system-7.7.0.1-4.jar
-
-
-
-
- vordel-config
- vordel-config
- system
- ${api.version}
- ${apim.lib.path}\plugins\vordel-config-7.7.0.1-4.jar
-
-
-
-
- org.apache.logging.log4j
- log4j-api
- 2.11.2
-
-
- org.apache.logging.log4j
- log4j-core
- 2.13.2
-
-
-
-
-
-
-
-
-
-
- org.apache.maven.plugins
- maven-jar-plugin
- 3.0.2
-
-
- instance.xml
- ExternalConfigLoadableModule.xml
- typeSet.xml
-
-
-
-
-
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ 4.0.0
+
+ com.axway
+ apim-env-module
+ 1.1.1
+
+ apim-env-module
+ https://axway.com
+
+
+ UTF-8
+ 1.8
+ 1.8
+ 7.7
+ /Users/rnatarajan/AxwayProducts/apim_7_7/lib
+
+
+
+
+ junit
+ junit
+ [4.13.1,)
+ test
+
+
+ apigw-common
+ apigw-common
+ system
+ ${api.version}
+ ${apim.lib.path}/plugins/apigw-common-7.7.0.1-4.jar
+
+
+ vordel-trace
+ vordel-trace
+ system
+ ${api.version}
+ ${apim.lib.path}/plugins/vordel-trace-7.7.0.1-4.jar
+
+
+ server
+ server
+ system
+ ${api.version}
+ ${apim.lib.path}/server.jar
+
+
+ precipitate
+ precipitate
+ system
+ ${api.version}
+ ${apim.lib.path}/precipitate.jar
+
+
+ es-core
+ es-core
+ system
+ ${api.version}
+ ${apim.lib.path}/plugins/es-core-7.7.0.1-4.jar
+
+
+ vordel-common
+ vordel-common
+ system
+ ${api.version}
+ ${apim.lib.path}/plugins/vordel-common-7.7.0.1-4.jar
+
+
+ vordel-system
+ vordel-system
+ system
+ ${api.version}
+ ${apim.lib.path}/plugins/vordel-system-7.7.0.1-4.jar
+
+
+ vordel-config
+ vordel-config
+ system
+ ${api.version}
+ ${apim.lib.path}/plugins/vordel-config-7.7.0.1-4.jar
+
+
+ org.apache.logging.log4j
+ log4j-api
+ 2.11.2
+
+
+ org.apache.logging.log4j
+ log4j-core
+ 2.13.2
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-jar-plugin
+ 3.0.2
+
+
+ instance.xml
+ ExternalConfigLoadableModule.xml
+ typeSet.xml
+
+
+
+
+
diff --git a/src/main/java/com/axway/CertHelper.java b/src/main/java/com/axway/CertHelper.java
index 10d90d4..d7bba6d 100644
--- a/src/main/java/com/axway/CertHelper.java
+++ b/src/main/java/com/axway/CertHelper.java
@@ -12,29 +12,6 @@
public class CertHelper {
-// public PKCS12 parseP12(String content, char[] password) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException, UnrecoverableKeyException {
-//
-// KeyStore keyStore = KeyStore.getInstance("PKCS12");
-// InputStream io = new ByteArrayInputStream(Base64.getDecoder().decode(content));
-// keyStore.load(io, password);
-// io.close();
-// Enumeration aliases = keyStore.aliases();
-// while (aliases.hasMoreElements()) {
-// String alias = aliases.nextElement();
-// if (keyStore.isKeyEntry(alias)) {
-// Certificate certificate = keyStore.getCertificate(alias);
-// PrivateKey key = (PrivateKey) keyStore.getKey(alias, password);
-// PKCS12 pkcs12 = new PKCS12();
-// pkcs12.setCertificate(certificate);
-// pkcs12.setPrivateKey(key);
-// pkcs12.setAlias(alias);
-// return pkcs12;
-// }
-// }
-// return null;
-// }
-
-
public PKCS12 parseP12(File file, char[] password) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException, UnrecoverableKeyException {
@@ -46,10 +23,37 @@ public PKCS12 parseP12(File file, char[] password) throws KeyStoreException, NoS
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
if (keyStore.isKeyEntry(alias)) {
- Certificate certificate = keyStore.getCertificate(alias);
+ //Certificate certificate = keyStore.getCertificate(alias);
+ PrivateKey key = (PrivateKey) keyStore.getKey(alias, password);
+ PKCS12 pkcs12 = new PKCS12();
+
+ pkcs12.setPrivateKey(key);
+ pkcs12.setAlias(alias);
+ Certificate[] certificates = keyStore.getCertificateChain(alias);
+ pkcs12.setCertificates(certificates);
+ return pkcs12;
+ }
+ }
+ return null;
+ }
+
+
+
+ public PKCS12 parseP12(String content, char[] password) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException, UnrecoverableKeyException {
+
+ KeyStore keyStore = KeyStore.getInstance("PKCS12");
+ InputStream io = new ByteArrayInputStream(Base64.getDecoder().decode(content));
+ keyStore.load(io, password);
+ io.close();
+ Enumeration aliases = keyStore.aliases();
+ while (aliases.hasMoreElements()) {
+ String alias = aliases.nextElement();
+ if (keyStore.isKeyEntry(alias)) {
+ //Certificate certificate = keyStore.getCertificate(alias);
PrivateKey key = (PrivateKey) keyStore.getKey(alias, password);
PKCS12 pkcs12 = new PKCS12();
- pkcs12.setCertificate(certificate);
+ Certificate[] certificates = keyStore.getCertificateChain(alias);
+ pkcs12.setCertificates(certificates);
pkcs12.setPrivateKey(key);
pkcs12.setAlias(alias);
return pkcs12;
@@ -59,11 +63,18 @@ public PKCS12 parseP12(File file, char[] password) throws KeyStoreException, NoS
}
- public X509Certificate parseX509(String base64EncodedCert) throws CertificateException {
- InputStream inputStream = new ByteArrayInputStream(base64EncodedCert.getBytes());
+ public X509Certificate parseX509(String base64EncodedCert) throws CertificateException, FileNotFoundException {
+
+ File file = new File(base64EncodedCert);
+ InputStream inputStream = null;
+ if(file.exists()){
+ inputStream = new FileInputStream(file);
+ }else {
+ inputStream = new ByteArrayInputStream(base64EncodedCert.getBytes());
+ }
+
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
- X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
- return certificate;
+ return (X509Certificate) certificateFactory.generateCertificate(inputStream);
}
}
diff --git a/src/main/java/com/axway/ExternalConfigLoader.java b/src/main/java/com/axway/ExternalConfigLoader.java
index e9453ff..da1a0ca 100644
--- a/src/main/java/com/axway/ExternalConfigLoader.java
+++ b/src/main/java/com/axway/ExternalConfigLoader.java
@@ -12,7 +12,9 @@
import org.apache.logging.log4j.Logger;
import java.io.File;
+import java.io.FileNotFoundException;
import java.security.Principal;
+import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.*;
@@ -52,17 +54,21 @@ private void updatePassword(EntityStore entityStore) {
Map ldap = envValues.entrySet()
.stream()
.filter(map -> map.getKey().startsWith("ldap_"))
- .collect(Collectors.toMap(map -> map.getKey(), map -> map.getValue()));
+ .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
- Map jms = envValues.entrySet()
- .stream()
- .filter(map -> map.getKey().startsWith("jms_"))
- .collect(Collectors.toMap(map -> map.getKey(), map -> map.getValue()));
+ Map jms = new HashMap<>();
+ for (Map.Entry stringStringEntry : envValues.entrySet()) {
+ if (stringStringEntry.getKey().startsWith("jms_")) {
+ if (jms.put(stringStringEntry.getKey(), stringStringEntry.getValue()) != null) {
+ throw new IllegalStateException("Duplicate key");
+ }
+ }
+ }
Map smtp = envValues.entrySet()
.stream()
.filter(map -> map.getKey().startsWith("smtp_"))
- .collect(Collectors.toMap(map -> map.getKey(), map -> map.getValue()));
+ .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
while (keysIterator.hasNext()) {
@@ -94,29 +100,41 @@ private void updatePassword(EntityStore entityStore) {
}
} else if (key.startsWith("cert_")) {
- importPublicCertificate(passwordValue, entityStore);
+ try {
+ X509Certificate certificate = certHelper.parseX509(passwordValue);
+ importPublicCertificate(certificate, entityStore);
+ } catch (CertificateException | FileNotFoundException e) {
+ Trace.error("Unable to add the certs from Environment variable", e);
+ }
} else if (key.startsWith("disablehttps_")) {
- if(passwordValue.equalsIgnoreCase("true")){
+ if (passwordValue.equalsIgnoreCase("true")) {
disableInterface(entityStore, filterName, "SSLInterface");
}
} else if (key.startsWith("disablehttp_")) {
- if(passwordValue.equalsIgnoreCase("true")){
+ if (passwordValue.equalsIgnoreCase("true")) {
disableInterface(entityStore, filterName, "InetInterface");
}
} else if (key.equalsIgnoreCase("cassandra_disablessl")) {
- if(passwordValue.equalsIgnoreCase("true")){
+ if (passwordValue.equalsIgnoreCase("true")) {
disableCassandraSSL(entityStore);
}
} else if (key.startsWith("cassandraCert")) {
- String alias = importPublicCertificate(passwordValue, entityStore);
- String escapedAlias = ShorthandKeyFinder.escapeFieldValue(alias);
- updateCassandraCert(entityStore, escapedAlias);
+ try {
+ X509Certificate certificate = certHelper.parseX509(passwordValue);
+ String alias = importPublicCertificate(certificate, entityStore);
+ if(alias != null) {
+ String escapedAlias = ShorthandKeyFinder.escapeFieldValue(alias);
+ updateCassandraCert(entityStore, escapedAlias);
+ }
+ } catch (CertificateException | FileNotFoundException e) {
+ Trace.error("Unable to add Cassandra certificate from Environment variable", e);
+ }
} else if (key.startsWith("certandkey_")) {
try {
char[] password = System.getenv("certandkeypassword" + "_" + filterName).toCharArray();
String alias = importP12(entityStore, passwordValue, password);
- String escapedAlias = ShorthandKeyFinder.escapeFieldValue(alias);
- configureP12(entityStore, filterName, escapedAlias);
+ Trace.info("P12 file alias name :" + alias);
+ configureP12(entityStore, filterName, alias);
} catch (Exception e) {
Trace.error("Unable to add the p12 from Environment variable", e);
}
@@ -261,7 +279,7 @@ private void updateSMTP(EntityStore entityStore, Credential credential) {
private void updateAlertSMTP(EntityStore entityStore, Credential credential) {
if (credential.getFilterName().equalsIgnoreCase("manager")) {
Entity entity = getEntity(entityStore, "/[AlertManager]name=Default Alert Configuration/[EmailAlertSystem]name=API Manager Email Alerts");
- if(entity == null){
+ if (entity == null) {
return;
}
setUsernameAndPassword(credential, entity, "username");
@@ -279,12 +297,14 @@ private void updateCassandraCert(EntityStore entityStore, String escapedAlias) {
boolean useSSL = entity.getBooleanValue("useSSL");
if (useSSL) {
//String certPlaceHolder = "";
- PortableESPK portableESPK = getCertEntity(entityStore, escapedAlias);
+ Entity certEntity = getCertEntity(entityStore, escapedAlias);
+ PortableESPK portableESPK = PortableESPK.toPortableKey(entityStore, certEntity.getPK());
+ // PortableESPK portableESPK = getCertEntity(entityStore, escapedAlias);
entity.setReferenceField("sslTrustedCerts", portableESPK);
entityStore.updateEntity(entity);
}
}
-
+
private void disableCassandraSSL(EntityStore entityStore) {
String shorthandKey = "/[CassandraSettings]name=Cassandra Settings";
Entity entity = getEntity(entityStore, shorthandKey);
@@ -295,7 +315,7 @@ private void disableCassandraSSL(EntityStore entityStore) {
// Supports both HTTP and HTTPS interfaces where interfaceType are InetInterface, SSLInterface
private void disableInterface(EntityStore entityStore, String name, String interfaceType) {
- String shorthandKey = "/[NetService]name=Service/[HTTP]**/["+interfaceType+"]name=" + name;
+ String shorthandKey = "/[NetService]name=Service/[HTTP]**/[" + interfaceType + "]name=" + name;
ShorthandKeyFinder shorthandKeyFinder = new ShorthandKeyFinder(entityStore);
List entities = shorthandKeyFinder.getEntities(shorthandKey);
if (entities.isEmpty()) {
@@ -308,21 +328,15 @@ private void disableInterface(EntityStore entityStore, String name, String inter
Trace.info("Disabled Interface: " + name);
}
- // Trust CA certs
- private String importPublicCertificate(String base64EncodedCert, EntityStore entityStore) {
-
- String shorthandKey = "/[Certificates]name=Certificate Store";
- ShorthandKeyFinder shorthandKeyFinder = new ShorthandKeyFinder(entityStore);
- Entity entity = shorthandKeyFinder.getEntity(shorthandKey);
+ // Trust CA Certs
+ private String importPublicCertificate(X509Certificate certificate, EntityStore entityStore) {
try {
- Trace.info("Cert :" + base64EncodedCert);
- X509Certificate certificate = certHelper.parseX509(base64EncodedCert);
Principal principal = certificate.getSubjectDN();
final String alias = principal.getName();
String escapedAlias = ShorthandKeyFinder.escapeFieldValue(alias);
- shorthandKey = "[Certificate]dname=" + escapedAlias;
- Entity certEntity = shorthandKeyFinder.getEntity(entity.getPK(), shorthandKey);
- Trace.info("Alias :" + alias);
+ Entity certEntity = getCertEntity(entityStore, escapedAlias);
+ Trace.info("Alias :" + alias + "Escaped alias :"+ escapedAlias);
+
if (certEntity == null) {
Trace.info("Adding cert");
@@ -334,16 +348,15 @@ private String importPublicCertificate(String base64EncodedCert, EntityStore ent
certEntity.setBinaryValue("content", certificate.getEncoded());
entityStore.addEntity(groups.iterator().next(), certEntity);
} else {
- Trace.info("Updating cert with alias " + alias);
+ Trace.info("Updating cert with alias " + escapedAlias);
certEntity.setBinaryValue("content", certificate.getEncoded());
entityStore.updateEntity(certEntity);
}
- return alias;
+ return escapedAlias;
} catch (CertificateException e) {
Trace.error("Unable to add the certs from Environment variable", e);
}
return null;
-
}
private void configureP12(EntityStore entityStore, String name, String alias) {
@@ -356,54 +369,86 @@ private void configureP12(EntityStore entityStore, String name, String alias) {
return;
}
Entity entity = entities.get(0);
- PortableESPK portableESPK = getCertEntity(entityStore, alias);
+ String escapedAlias = ShorthandKeyFinder.escapeFieldValue(alias);
+ Entity certEntity = getCertEntity(entityStore, escapedAlias);
+ //Trace.info("Certificate entity set to listener interface "+ certEntity);
+ PortableESPK portableESPK = PortableESPK.toPortableKey(entityStore, certEntity.getPK());
//Trace.info("Portable : " + portableESPK);
entity.setReferenceField("serverCert", portableESPK);
entityStore.updateEntity(entity);
}
- private PortableESPK getCertEntity(EntityStore entityStore, String alias) {
+ private Entity getCertEntity(EntityStore entityStore, String alias) {
String shorthandKey = "/[Certificates]name=Certificate Store";
ShorthandKeyFinder shorthandKeyFinder = new ShorthandKeyFinder(entityStore);
Entity entity = shorthandKeyFinder.getEntity(shorthandKey);
shorthandKey = "[Certificate]dname=" + alias;
//See if the certificate alias already exists in the entity store,
//if it does then update it thereby preserving any references to any HTTPS interfaces that are using this cert
- Entity certEntity = shorthandKeyFinder.getEntity(entity.getPK(), shorthandKey);
+ return shorthandKeyFinder.getEntity(entity.getPK(), shorthandKey);
//Trace.info("PK : " + certEntity.getPK());
- return PortableESPK.toPortableKey(entityStore, certEntity.getPK());
+ //return PortableESPK.toPortableKey(entityStore, certEntity.getPK());
}
private String importP12(EntityStore entityStore, String cert, char[] password) throws Exception {
- PKCS12 pkcs12 = certHelper.parseP12(new File(cert), password);
+ PKCS12 pkcs12 = null;
+ File file = new File(cert);
+ if(file.exists()){
+ pkcs12 = certHelper.parseP12(file, password);
+ }else {
+ pkcs12 = certHelper.parseP12(cert, password);
+ }
String alias = pkcs12.getAlias();
- String shorthandKey = "/[Certificates]name=Certificate Store";
- ShorthandKeyFinder shorthandKeyFinder = new ShorthandKeyFinder(entityStore);
- Entity entity = shorthandKeyFinder.getEntity(shorthandKey);
+ Trace.info("Certificate alias name : " + alias);
String escapedAlias = ShorthandKeyFinder.escapeFieldValue(alias);
- shorthandKey = "[Certificate]dname=" + escapedAlias;
- //See if the certificate alias already exists in the entity store,
- //if it does then update it thereby preserving any references to any HTTPS interfaces that are using this cert
- Entity certEntity = shorthandKeyFinder.getEntity(entity.getPK(), shorthandKey);
+ Certificate[] certificates = pkcs12.getCertificates();
+ Entity certEntity = getCertEntity(entityStore, escapedAlias);
+ Trace.info("Escaped Certificate alias name : " + escapedAlias);
+ // Trace.info("Certificate Entity received from entity store : "+ certEntity);
if (certEntity != null) {
//certEntity.setBinaryValue();
//Updates the existing certificate in the certstore
- certEntity.setBinaryValue("content", pkcs12.getCertificate().getEncoded());
- String key = Base64.getEncoder().encodeToString(pkcs12.getPrivateKey().getEncoded());
- certEntity.setStringField("key", key);
- entityStore.updateEntity(certEntity);
+ Trace.info("Updating existing certificate");
+ for (int i = 0; i < certificates.length; i++) {
+ if (i == 0) {
+ certEntity.setBinaryValue("content", certificates[i].getEncoded());
+ String key = Base64.getEncoder().encodeToString(pkcs12.getPrivateKey().getEncoded());
+ certEntity.setStringField("key", key);
+ entityStore.updateEntity(certEntity);
+ } else {
+ //handle CA Certificate chain
+ X509Certificate certificate = (X509Certificate) certificates[i];
+ importPublicCertificate(certificate, entityStore);
+ }
+
+ }
+
} else {
ESPK rootPK = entityStore.getRootPK();
EntityType group = entityStore.getTypeForName("Certificates");
Collection groups = entityStore.listChildren(rootPK, group);
certEntity = EntityStoreDelegate.createDefaultedEntity(entityStore, "Certificate");
- certEntity.setStringField("dname", alias);
- certEntity.setBinaryValue("content", pkcs12.getCertificate().getEncoded());
- String key = Base64.getEncoder().encodeToString(pkcs12.getPrivateKey().getEncoded());
- certEntity.setStringField("key", key);
- entityStore.addEntity(groups.iterator().next(), certEntity);
+
+ for (int i = 0; i < certificates.length; i++) {
+ if (i == 0) {
+ Trace.info("Importing Leaf certificate");
+ certEntity.setStringField("dname", alias);
+ certEntity.setBinaryValue("content", certificates[i].getEncoded());
+ String key = Base64.getEncoder().encodeToString(pkcs12.getPrivateKey().getEncoded());
+ certEntity.setStringField("key", key);
+ entityStore.addEntity(groups.iterator().next(), certEntity);
+ Trace.info("Leaf certificate imported");
+ } else {
+ //handle CA Certificate chain
+ Trace.info("Importing certificate root / intermediate");
+ X509Certificate certificate = (X509Certificate) certificates[i];
+ importPublicCertificate(certificate, entityStore);
+ Trace.info("Imported root / intermediate certificate");
+ }
+
+ }
}
return alias;
}
diff --git a/src/main/java/com/axway/PKCS12.java b/src/main/java/com/axway/PKCS12.java
index 5d6fa5e..b1d012b 100644
--- a/src/main/java/com/axway/PKCS12.java
+++ b/src/main/java/com/axway/PKCS12.java
@@ -5,7 +5,7 @@
public class PKCS12 {
- private Certificate certificate;
+ private Certificate[] certificates;
private PrivateKey privateKey;
private String alias;
@@ -17,14 +17,6 @@ public void setAlias(String alias) {
this.alias = alias;
}
- public Certificate getCertificate() {
- return certificate;
- }
-
- public void setCertificate(Certificate certificate) {
- this.certificate = certificate;
- }
-
public PrivateKey getPrivateKey() {
return privateKey;
}
@@ -33,5 +25,11 @@ public void setPrivateKey(PrivateKey privateKey) {
this.privateKey = privateKey;
}
+ public Certificate[] getCertificates() {
+ return certificates;
+ }
+ public void setCertificates(Certificate[] certificates) {
+ this.certificates = certificates;
+ }
}
diff --git a/src/test/java/com/axway/CertHelperTest.java b/src/test/java/com/axway/CertHelperTest.java
index 5aa8395..cee12a4 100644
--- a/src/test/java/com/axway/CertHelperTest.java
+++ b/src/test/java/com/axway/CertHelperTest.java
@@ -4,6 +4,7 @@
import org.junit.Test;
import java.io.File;
+import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@@ -27,8 +28,8 @@ public void testP12() {
// String content = Base64.getEncoder().encodeToString(data);
// System.out.println(content);
try {
- PKCS12 pkcs12 = certHelper.parseP12(new File(ClassLoader.getSystemResource("test.p12").getFile()), "changeit".toCharArray());
- System.out.println(pkcs12.getCertificate().getPublicKey().getFormat());
+ PKCS12 pkcs12 = certHelper.parseP12(new File(ClassLoader.getSystemResource("certificate.p12").getFile()), "changeit".toCharArray());
+ // System.out.println(pkcs12.getCertificate().getPublicKey().getFormat());
System.out.println(pkcs12.getPrivateKey().getFormat());
} catch (KeyStoreException e) {
e.printStackTrace();
@@ -71,7 +72,7 @@ public void testX509() {
X509Certificate certificate = certHelper.parseX509(cert);
String name = certificate.getSubjectDN().getName();
System.out.println(name);
- } catch (CertificateException e) {
+ } catch (CertificateException | FileNotFoundException e) {
e.printStackTrace();
}
}