-
Notifications
You must be signed in to change notification settings - Fork 652
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Capability to retrieve Custom KeyStores #4025
base: 4.10.x
Are you sure you want to change the base?
Conversation
|
@@ -160,6 +160,20 @@ public static final class SecurityManagement { | |||
public static final String SERVER_INTERNAL_PRIVATE_KEY_PASSWORD = "Security.InternalKeyStore.KeyPassword"; | |||
public static final String SERVER_INTERNAL_KEYSTORE_TYPE = "Security.InternalKeyStore.Type"; | |||
|
|||
//Custom KeyStore related constants |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
//Custom KeyStore related constants | |
// Custom KeyStore related constants. |
@@ -124,39 +133,21 @@ public static KeyStoreManager getInstance(int tenantId, | |||
* @return KeyStore object | |||
* @throws Exception If there is not a key store with the given name | |||
*/ | |||
public KeyStore getKeyStore(String keyStoreName) throws Exception { | |||
public KeyStore getKeyStore(String keyStoreName) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't change the public method definitions
|
||
return getTenantKeyStore(keyStoreName); | ||
} catch (Exception e) { | ||
log.error("Error loading the key store : " + keyStoreName); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need to log the error here, since we should be printing the error message from the place where the exception is handled
@@ -111,4 +117,53 @@ public static Certificate getCertificate(String alias, KeyStore store) throws Ax | |||
} | |||
} | |||
|
|||
public static boolean isCustomKeyStore(String keyStoreName) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add javadoc comment for the method
return false; | ||
} | ||
|
||
public static QName getQNameWithCarbonNS(String localPart) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Javadoc comments are required for all the public methods. Specially if they are a util function.
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unnecessary new lines
*/ | ||
public PrivateKey getCustomKeyStorePrivateKey(String keyStoreName) throws Exception { | ||
|
||
OMElement config = KeyStoreUtil.getCustomKeyStoreConfig(keyStoreName, this.getServerConfigService()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's add a validation to the keystore name to verify it's a customkeystore
/** | ||
* This method is used to get public certificates of custom keystores | ||
* | ||
* @return Public certificate of a given custom keystore | ||
* @throws Exception Permission denied for accessing primary key store | ||
*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/** | |
* This method is used to get public certificates of custom keystores | |
* | |
* @return Public certificate of a given custom keystore | |
* @throws Exception Permission denied for accessing primary key store | |
*/ | |
/** | |
* This method is used to get public certificates of custom keystores. | |
* | |
* @return Public certificate of a given custom keystore. | |
* @throws Exception Permission denied for accessing the primary key store. | |
*/ |
Please check other similar places
* @return custom key store object | ||
* @throws Exception Carbon Exception for tenants other than tenant 0 | ||
*/ | ||
public KeyStore getCustomKeyStore(String keyStoreName) throws Exception { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to have this method public? It would be better to add the validation for the keystore name to ensure that it is a custom keystore. Otherwise it will cause unexpected behavior
@@ -160,6 +160,20 @@ public static final class SecurityManagement { | |||
public static final String SERVER_INTERNAL_PRIVATE_KEY_PASSWORD = "Security.InternalKeyStore.KeyPassword"; | |||
public static final String SERVER_INTERNAL_KEYSTORE_TYPE = "Security.InternalKeyStore.Type"; | |||
|
|||
//Custom KeyStore related constants | |||
public static final class CustomKeyStore { | |||
public static final String KEYSTORE_PREFIX = "CustomKeyStore/"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shall we have the prefix as CUSTOM/
only? so that the keystore name would be appended.
* @param alias alias of the private key | ||
* @return private key corresponding to the alias | ||
*/ | ||
public PrivateKey getTenantPrivateKey(String keyStoreName, String alias) throws Exception{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we expect to call this method outside this class?
* This method loads the private key of a given tenant key store | ||
* | ||
* @param keyStoreName name of the tenant key store | ||
* @param alias alias of the private key | ||
* @return private key corresponding to the alias |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* This method loads the private key of a given tenant key store | |
* | |
* @param keyStoreName name of the tenant key store | |
* @param alias alias of the private key | |
* @return private key corresponding to the alias | |
* This method loads the private key of a given tenant key store. | |
* | |
* @param keyStoreName Name of the tenant key store. | |
* @param alias Alias of the private key. | |
* @return Private key corresponding to the alias. |
Purpose
KeyStoreManager
class.KeyStoreManager
Problem Statement: wso2-enterprise/iam-product-management#67
Git Issue: wso2/product-is#20564