Add Capability to retrieve Custom KeyStores #4025
Conversation
|
|
| @@ -160,6 +160,20 @@ public static final class SecurityManagement { | |||
| public static final String SERVER_INTERNAL_PRIVATE_KEY_PASSWORD = "Security.InternalKeyStore.KeyPassword"; | |||
| public static final String SERVER_INTERNAL_KEYSTORE_TYPE = "Security.InternalKeyStore.Type"; | |||
|
|
|||
| //Custom KeyStore related constants | |||
There was a problem hiding this comment.
| //Custom KeyStore related constants | |
| // Custom KeyStore related constants. |
| @@ -124,39 +133,21 @@ public static KeyStoreManager getInstance(int tenantId, | |||
| * @return KeyStore object | |||
| * @throws Exception If there is not a key store with the given name | |||
| */ | |||
| public KeyStore getKeyStore(String keyStoreName) throws Exception { | |||
| public KeyStore getKeyStore(String keyStoreName) { | |||
There was a problem hiding this comment.
Don't change the public method definitions
|
|
||
| return getTenantKeyStore(keyStoreName); | ||
| } catch (Exception e) { | ||
| log.error("Error loading the key store : " + keyStoreName); |
There was a problem hiding this comment.
No need to log the error here, since we should be printing the error message from the place where the exception is handled
| @@ -111,4 +117,53 @@ public static Certificate getCertificate(String alias, KeyStore store) throws Ax | |||
| } | |||
| } | |||
|
|
|||
| public static boolean isCustomKeyStore(String keyStoreName) { | |||
| return false; | ||
| } | ||
|
|
||
| public static QName getQNameWithCarbonNS(String localPart) { |
There was a problem hiding this comment.
Javadoc comments are required for all the public methods. Specially if they are a util function.
|
|
||
|
|
| */ | ||
| public PrivateKey getCustomKeyStorePrivateKey(String keyStoreName) throws Exception { | ||
|
|
||
| OMElement config = KeyStoreUtil.getCustomKeyStoreConfig(keyStoreName, this.getServerConfigService()); |
There was a problem hiding this comment.
Let's add a validation to the keystore name to verify it's a customkeystore
| /** | ||
| * This method is used to get public certificates of custom keystores | ||
| * | ||
| * @return Public certificate of a given custom keystore | ||
| * @throws Exception Permission denied for accessing primary key store | ||
| */ |
There was a problem hiding this comment.
| /** | |
| * This method is used to get public certificates of custom keystores | |
| * | |
| * @return Public certificate of a given custom keystore | |
| * @throws Exception Permission denied for accessing primary key store | |
| */ | |
| /** | |
| * This method is used to get public certificates of custom keystores. | |
| * | |
| * @return Public certificate of a given custom keystore. | |
| * @throws Exception Permission denied for accessing the primary key store. | |
| */ |
Please check other similar places
| * @return custom key store object | ||
| * @throws Exception Carbon Exception for tenants other than tenant 0 | ||
| */ | ||
| public KeyStore getCustomKeyStore(String keyStoreName) throws Exception { |
There was a problem hiding this comment.
Do we need to have this method public? It would be better to add the validation for the keystore name to ensure that it is a custom keystore. Otherwise it will cause unexpected behavior
| @@ -160,6 +160,20 @@ public static final class SecurityManagement { | |||
| public static final String SERVER_INTERNAL_PRIVATE_KEY_PASSWORD = "Security.InternalKeyStore.KeyPassword"; | |||
| public static final String SERVER_INTERNAL_KEYSTORE_TYPE = "Security.InternalKeyStore.Type"; | |||
|
|
|||
| //Custom KeyStore related constants | |||
| public static final class CustomKeyStore { | |||
| public static final String KEYSTORE_PREFIX = "CustomKeyStore/"; | |||
There was a problem hiding this comment.
Shall we have the prefix as CUSTOM/ only? so that the keystore name would be appended.
| * @param alias alias of the private key | ||
| * @return private key corresponding to the alias | ||
| */ | ||
| public PrivateKey getTenantPrivateKey(String keyStoreName, String alias) throws Exception{ |
There was a problem hiding this comment.
Do we expect to call this method outside this class?
| * This method loads the private key of a given tenant key store | ||
| * | ||
| * @param keyStoreName name of the tenant key store | ||
| * @param alias alias of the private key | ||
| * @return private key corresponding to the alias |
There was a problem hiding this comment.
| * This method loads the private key of a given tenant key store | |
| * | |
| * @param keyStoreName name of the tenant key store | |
| * @param alias alias of the private key | |
| * @return private key corresponding to the alias | |
| * This method loads the private key of a given tenant key store. | |
| * | |
| * @param keyStoreName Name of the tenant key store. | |
| * @param alias Alias of the private key. | |
| * @return Private key corresponding to the alias. |
Purpose
KeyStoreManagerclass.KeyStoreManagerProblem Statement: wso2-enterprise/iam-product-management#67
Git Issue: wso2/product-is#20564