Module: PkernelJce::IdentityFactory

Included in:: Pkernel::IdentityFactory, Pkernel::IdentityFactory, IdentityEngine

Defined in:: lib/pkernel_jce/identity.rb

Overview

IdentityFactory

Instance Method Summary collapse

#build_from_components(key, cert = nil, chain = [], provider = nil) ⇒ Object (also: #build)
#dump(id, opts = {}) ⇒ Object

end build_from_components.
#load(opts = {}) ⇒ Object

Instance Method Details

#build_from_components(key, cert = nil, chain = [], provider = nil) ⇒ `Object` Also known as: build

# File 'lib/pkernel_jce/identity.rb', line 109

def build_from_components(key, cert = nil, chain = [], provider = nil)
  if key.nil?
    raise PkernelJce::Error, "Key cannot be nil to build identity"
  end

  id = Pkernel::Identity.new( { key: key, certificate: cert, chain: chain } )
  if cert.nil?
    class_eval do
      include PkernelJce::IdentityManagement
    end 
  else
    c = PkernelJce::Certificate.ensure_java_cert(cert)
    if PkernelJce::Certificate.is_issuer_cert?(c)
      class_eval do
        include PkernelJce::IdentityIssuer
        include PkernelJce::IdentityManagement
      end 
    else
      class_eval do
        include PkernelJce::IdentityManagement
      end 
    end
  end

  id.provider = provider
  
  id
end

#dump(id, opts = {}) ⇒ `Object`

end build_from_components

# File 'lib/pkernel_jce/identity.rb', line 140

def dump(id, opts = {})
  
  if id.nil?
    raise PkernelJce::Error, "Identity object is nil in write to keystore"
  end

  prov = opts[:provider] 
  if prov.nil?
    prov = PkernelJce::Provider.add_default
  else
    prov = PkernelJce::Provider.add_provider(prov)
  end

  format = opts[:format]
  format = :p12 if format.nil?
  sFormat = format
  case format
  when :p12, :pkcs12
    PkernelJce::GConf.instance.glog.debug "Loading PKCS12 keystore"
    ks = java.security.KeyStore.getInstance("PKCS12",prov)
    sFormat = :p12
  when :jks
    PkernelJce::GConf.instance.glog.debug "Loading JKS keystore"
    ks = java.security.KeyStore.getInstance("JKS")
    sFormat = :jks
  else
    PkernelJce::GConf.instance.glog.debug "Loading '#{format}' keystore"
    if prov.nil?
      ks = java.security.KeyStore.getInstance(format)
    else
      ks = java.security.KeyStore.getInstance(format, prov)
    end
    sFormat = format
  end

  result = { }
  pass = opts[:password]
  if pass.nil? or pass.empty?
    PkernelJce::GConf.instance.glog.warn "Password is not given to dump identity. Random password shall be generated."
    pass = SecureRandom.hex(8)
    result[:password] = pass
    #raise PkernelJce::Error, "Password should not be empty for identity storage"
  end

  chain = id.chain.map do |c|
    if c.java_kind_of?(org.bouncycastle.cert.X509CertificateHolder) 
      c.to_java_cert
    else
      c
    end
  end

  name = opts[:key_name] || "Pkernel JCE"
  
  ks.load(nil,nil)
  ks.setKeyEntry(name, id.privKey, pass.to_java.toCharArray, chain.to_java(java.security.cert.Certificate))
  baos = java.io.ByteArrayOutputStream.new
  
  file = opts[:file]
  if file.nil? or file.empty?
    ks.store(baos, pass.to_java.toCharArray)
    #baos.toByteArray
    result[:bin] = baos.toByteArray
  else
    fos = java.io.FileOutputStream.new(file)
    ks.store(fos, pass.to_java.toCharArray)
    fos.flush
    fos.close
    
    result[:file] = file
  end
  
  result
end

#load(opts = {}) ⇒ `Object`

# File 'lib/pkernel_jce/identity.rb', line 215

def load(opts = {})

  prov = opts[:provider] 
  if prov.nil?
    prov = PkernelJce::Provider.add_default
  else
    prov = PkernelJce::Provider.add_provider(prov)
  end

  format = opts[:format]
  format = :p12 if format.nil?
  sFormat = format
  case format
  when :p12, :pkcs12
    PkernelJce::GConf.instance.glog.debug "Loading PKCS12 keystore"
    ks = java.security.KeyStore.getInstance("PKCS12",prov)
    sFormat = :p12
  when :jks        
    PkernelJce::GConf.instance.glog.debug "Loading JKS keystore"
    ks = java.security.KeyStore.getInstance("JKS")
    sFormat = :jks
  else
    PkernelJce::GConf.instance.glog.debug "Loading '#{format}' keystore"
    if prov.nil?
      ks = java.security.KeyStore.getInstance(format.to_s)
    else
      ks = java.security.KeyStore.getInstance(format.to_s, prov)
    end
  end   
  
  pass = opts[:password] || ''
  
  file = opts[:file]
  bin = opts[:bin]
  baos = java.io.ByteArrayOutputStream.new

  if not file.nil? or not file.empty?
    fis = java.io.FileInputStream.new(file)
    ks.load(fis,pass.to_java.toCharArray)
    fis.close
  elsif bin.nil?
    ks.load(java.io.ByteArrayInputStream.new(bin),pass.to_java.toCharArray)
  else
    raise PkernelJce::Error, "No file or bin is given to load identity"
  end
  
  name = opts[:key_name] || ks.aliases.to_a[0]
   
  key = ks.getKey(name,pass.to_java.toCharArray)
  cert = ks.getCertificate(name)
  chain = ks.getCertificateChain(name)

  id = Pkernel::Identity.new( { privKey: key, certificate: cert, chain: chain } )
  id
end

Module: PkernelJce::IdentityFactory

Overview

Instance Method Summary collapse

Instance Method Details

#build_from_components(key, cert = nil, chain = [], provider = nil) ⇒ Object Also known as: build

#dump(id, opts = {}) ⇒ Object

#load(opts = {}) ⇒ Object

#build_from_components(key, cert = nil, chain = [], provider = nil) ⇒ `Object` Also known as: build

#dump(id, opts = {}) ⇒ `Object`

#load(opts = {}) ⇒ `Object`