Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add IdentityKeyStoreResolver and Util Classes #5794

Merged
merged 35 commits into from
Sep 5, 2024
Merged
Show file tree
Hide file tree
Changes from 29 commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
f3508cc
Add IdentityKeyStoreResolver and util classes
Binara-Sachin Jul 15, 2024
01dcd62
Add new template to identity.xml.j2
Binara-Sachin Jul 15, 2024
c0645bd
Resolve custom keystore name with prefix
Binara-Sachin Jul 15, 2024
ad1d4d9
Fix KeyStore manager access modifier issues
Binara-Sachin Jul 17, 2024
e9fe4c5
Add getKeyStore config method
Binara-Sachin Jul 24, 2024
6832528
IdentityKeyStoreResolverUtil improvements and test cases
Binara-Sachin Jul 28, 2024
7fa6b51
Change access modifiers
Binara-Sachin Jul 28, 2024
2f5713e
Add null checks to method parameters
Binara-Sachin Jul 29, 2024
1592567
Update license header
Binara-Sachin Jul 29, 2024
0fa7e65
Update license header
Binara-Sachin Jul 29, 2024
6e63b7f
Remove unused constants
Binara-Sachin Jul 29, 2024
7738ede
Change getUseInAllTenants variable type to boolean
Binara-Sachin Jul 29, 2024
6040b85
Minor fixes
Binara-Sachin Jul 29, 2024
e6bcf33
Minor fixes
Binara-Sachin Jul 29, 2024
dadc152
Minor improvements
Binara-Sachin Jul 29, 2024
439a237
change config template
Binara-Sachin Jul 29, 2024
6d20dcd
Improvements to logs
Binara-Sachin Jul 29, 2024
74f8dc6
IdentityKeyStoreResolver test cases
Binara-Sachin Jul 29, 2024
b3374bd
Add license header to new test classes.
Binara-Sachin Jul 29, 2024
bc1125b
Change identity.xml.j2 template
Binara-Sachin Jul 29, 2024
0c97204
Add getKeyStoreName method
Binara-Sachin Jul 29, 2024
4d420ef
Improve exception handling
Binara-Sachin Jul 30, 2024
4f1ed23
Minor Improvements
Binara-Sachin Jul 31, 2024
d61ce5c
Improvements and bug fixes
Binara-Sachin Aug 1, 2024
31b7f34
Bump kernel version
Binara-Sachin Aug 14, 2024
d30c2db
Minor improvements
Binara-Sachin Aug 14, 2024
3579016
JavaDoc improvements
Binara-Sachin Aug 14, 2024
caec43c
Improve IdentityKeyStoreResolverUtilTest
Binara-Sachin Aug 15, 2024
7af80b8
Improve IdentityKeyStoreResolverTest
Binara-Sachin Aug 16, 2024
6d6ea65
Change Config path
Binara-Sachin Sep 3, 2024
c55866a
Apply suggestions from code review
Binara-Sachin Sep 3, 2024
979357d
Fix debug log
Binara-Sachin Sep 3, 2024
eb9a1dd
Improve error messages
Binara-Sachin Sep 4, 2024
7dc439a
Remove binary files.
Binara-Sachin Sep 5, 2024
406eb97
Improve comments.
Binara-Sachin Sep 5, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
/*
* Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.core.model;

import org.wso2.carbon.identity.core.util.IdentityKeyStoreResolverConstants.InboundProtocol;

/**
* Class to store IdentityKeyStoreMapping configurations.
*/
public class IdentityKeyStoreMapping {

private final String keyStoreName;
private final InboundProtocol inboundProtocol;
private final boolean useInAllTenants;

public IdentityKeyStoreMapping(String keyStoreName, InboundProtocol
inboundProtocol, Boolean useInAllTenants) {

this.keyStoreName = keyStoreName;
this.inboundProtocol = inboundProtocol;
this.useInAllTenants = useInAllTenants;
}

public String getKeyStoreName() {

return keyStoreName;
}

public InboundProtocol getInboundProtocol() {

return inboundProtocol;
}

public boolean getUseInAllTenants() {

return useInAllTenants;
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
/*
* Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.core.util;

/**
* This class holds the constants used by IdentityKeyStoreManager.
*/
public class IdentityKeyStoreResolverConstants {

// Primary KeyStore configs.
public static final String PRIMARY_KEYSTORE_CONFIG_PATH = "Security.KeyStore.";

// CustomKeyStoreMapping config path.
public static final String CONFIG_ELEM_SECURITY = "Security";
public static final String CONFIG_ELEM_KEYSTORE_MAPPINGS = "CustomKeyStoreMappings";
public static final String CONFIG_ELEM_KEYSTORE_MAPPING = "KeyStoreMapping";

// CustomKeyStoreMapping config attributes.
public static final String ATTR_NAME_PROTOCOL = "Protocol";
public static final String ATTR_NAME_KEYSTORE_NAME = "KeyStoreName";
public static final String ATTR_NAME_USE_IN_ALL_TENANTS = "UseInAllTenants";

// KeyStore Constants.
public static final String KEY_STORE_EXTENSION = ".jks";

// Inbound Protocols.
private static final String INBOUND_PROTOCOL_OAUTH = "oauth";
public static final String INBOUND_PROTOCOL_SAML = "saml";
public static final String INBOUND_PROTOCOL_WS_TRUST = "ws-trust";
public static final String INBOUND_PROTOCOL_WS_FEDERATION = "ws-federation";

/**
* Enums for inbound protocols.
*/
public enum InboundProtocol {

// List of supported inbound protocols
OAUTH(INBOUND_PROTOCOL_OAUTH),
SAML(INBOUND_PROTOCOL_SAML),
WS_TRUST(INBOUND_PROTOCOL_WS_TRUST),
WS_FEDERATION(INBOUND_PROTOCOL_WS_FEDERATION);

private final String protocolName;

InboundProtocol(String protocolName) {
this.protocolName = protocolName;
}

@Override
public String toString() {
return protocolName;
}

public static InboundProtocol fromString(String protocolName) {
Binara-Sachin marked this conversation as resolved.
Show resolved Hide resolved
switch(protocolName) {
case INBOUND_PROTOCOL_OAUTH:
return OAUTH;
case INBOUND_PROTOCOL_SAML:
return SAML;
case INBOUND_PROTOCOL_WS_TRUST:
return WS_TRUST;
case INBOUND_PROTOCOL_WS_FEDERATION:
return WS_FEDERATION;
default:
return null;
}
}
}

/**
* ErrorMessages enum holds the error codes and messages.
* IKSR stands for Identity Key Store Resolver.
*/
public enum ErrorMessages {
// Error codes for errors occurred in Carbon Kernel KeyStoreManager side
ERROR_CODE_ERROR_RETRIEVING_TENANT_KEYSTORE(
"IKSR-10001", "Error retrieving tenant keystore",
"Error occurred when retrieving keystore for tenant: %s"),
ERROR_CODE_ERROR_RETRIEVING_CUSTOM_KEYSTORE(
"IKSR-10002", "Error retrieving custom keystore",
"Error occurred when retrieving custom keystore: %s"),
ERROR_CODE_ERROR_RETRIEVING_TENANT_PRIVATE_KEY(
"IKSR-10003", "Error retrieving tenant private key",
"Error occurred when retrieving private key for tenant: %s"),
ERROR_CODE_ERROR_RETRIEVING_CUSTOM_PRIVATE_KEY(
"IKSR-10004", "Error retrieving custom keystore private key",
"Error occurred when retrieving private key from key store: %s"),
ERROR_CODE_ERROR_RETRIEVING_TENANT_PUBLIC_CERTIFICATE(
"IKSR-10005", "Error retrieving tenant public certificate",
"Error occurred when retrieving public certificate for tenant: %s"),
ERROR_CODE_ERROR_RETRIEVING_CUSTOM_PUBLIC_CERTIFICATE(
"IKSR-10006", "Error retrieving custom keystore public certificate",
"Error occurred when retrieving public certificate from key store: %s"),
ERROR_CODE_ERROR_RETRIEVING_PRIMARY_KEYSTORE_CONFIGURATION(
"IKSR-10007", "Error retrieving primary keystore configuration",
"Error occurred when retrieving primary keystore configuration"),
ERROR_CODE_ERROR_RETRIEVING_TENANT_KEYSTORE_CONFIGURATION(
"IKSR-10008", "Error retrieving tenant keystore configuration",
"Error occurred when retrieving tenant keystore configuration for tenant: %s"),
ERROR_CODE_ERROR_RETRIEVING_CUSTOM_KEYSTORE_CONFIGURATION(
Binara-Sachin marked this conversation as resolved.
Show resolved Hide resolved
"IKSR-10009", "Error retrieving custom keystore configuration",
"Error occurred when retrieving custom keystore configuration for: %s"),

// Errors occurred within the IdentityKeyStoreResolver
ERROR_CODE_INVALID_ARGUMENT(
"IKSR-20001", "Illegal arguments provided",
"%s must not be null or empty");

private final String code;
private final String message;
private final String description;

ErrorMessages(String code, String message, String description) {
this.code = code;
this.message = message;
this.description = description;
}

public String getCode() {
return code;
}

public String getMessage() {
return message;
}

public String getDescription() {
return description;
}

@Override
public String toString() {
return code + " - " + message;
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
/*
* Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.core.util;

import org.wso2.carbon.identity.base.IdentityException;

/**
* Exception type for IdentityKeyStoreManager class.
*/
public class IdentityKeyStoreResolverException extends IdentityException {
Binara-Sachin marked this conversation as resolved.
Show resolved Hide resolved

public IdentityKeyStoreResolverException(String errorCode, String message) {

super(errorCode, message);
}

public IdentityKeyStoreResolverException(String errorCode, String message, Throwable e) {

super(errorCode, message, e);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
/*
* Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/

package org.wso2.carbon.identity.core.util;

import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.identity.core.util.IdentityKeyStoreResolverConstants.ErrorMessages;

import javax.xml.namespace.QName;

/**
* Utility methods for IdentityKeyStoreManager.
*/
public class IdentityKeyStoreResolverUtil {

/**
* Builds the key store name for a tenant using tenant domain name.
*
* @param tenantDomain Tenant domain name.
* @return tenant key store name as String.
* @throws IdentityKeyStoreResolverException if tenant domain is null or empty.
*/
public static String buildTenantKeyStoreName(String tenantDomain) throws IdentityKeyStoreResolverException {
Binara-Sachin marked this conversation as resolved.
Show resolved Hide resolved

if (tenantDomain == null || tenantDomain.isEmpty()) {
throw new IdentityKeyStoreResolverException(
ErrorMessages.ERROR_CODE_INVALID_ARGUMENT.getCode(),
String.format(ErrorMessages.ERROR_CODE_INVALID_ARGUMENT.getDescription(), "Tenant domain"));
}
String ksName = tenantDomain.trim().replace(".", "-");
return ksName + IdentityKeyStoreResolverConstants.KEY_STORE_EXTENSION;
}

/**
* Builds the custom key store name by adding the CUSTOM_KEYSTORE_PREFIX to the key store name.
*
* @param keyStoreName Key store file name.
* @return Custom key store name as String.
* @throws IdentityKeyStoreResolverException if key store name is null or empty.
*/
public static String buildCustomKeyStoreName(String keyStoreName) throws IdentityKeyStoreResolverException {
Binara-Sachin marked this conversation as resolved.
Show resolved Hide resolved

if (keyStoreName == null || keyStoreName.isEmpty()) {
throw new IdentityKeyStoreResolverException(
ErrorMessages.ERROR_CODE_INVALID_ARGUMENT.getCode(),
String.format(ErrorMessages.ERROR_CODE_INVALID_ARGUMENT.getDescription(), "KeyStore name"));
}
return RegistryResources.SecurityManagement.CustomKeyStore.CUSTOM_KEYSTORE_PREFIX + keyStoreName;
}

/**
* Builds a QName object with the IDENTITY_DEFAULT_NAMESPACE.
*
* @param localPart Local part of the QName.
* @return QName object.
*/
public static QName getQNameWithIdentityNameSpace(String localPart) {

return new QName(IdentityCoreConstants.IDENTITY_DEFAULT_NAMESPACE, localPart);
Binara-Sachin marked this conversation as resolved.
Show resolved Hide resolved
}
}
Loading
Loading