File Doc Category Size Date Package
NSStoJKSConversionModule.java API Doc Glassfish v2 API 27055 Thu Jan 11 20:34:46 GMT 2007 com.sun.enterprise.tools.upgrade.certconversion

NSStoJKSConversionModule

java.lang.Object

public class NSStoJKSConversionModule extends Object implements BaseModule

author : Gautam Borah

Fields Summary
private static Logger
_logger
private com.sun.enterprise.util.i18n.StringManager
sm
private static final String
PKCS12_OUTPUTFILE_OPTION
private static final String
NSS_DB_LOCATION_OPTION
private static final String
ALIAS_OPTION
private static final String
NSS_PWD_OPTION
private static final String
KEYSTORE_PWD_OPTION
private static final String
LIST_CERTIFICATE_OPTION
private static final String
LIST_KEY_ID
private static final String
CERT_NSS_PWD_OPTION
private static final String
CERT_UTIL_UNIX
private static final String
PK12_UTIL_UNIX
private static final String
CERT_UTIL_WIN
private static final String
PK12_UTIL_WIN
private static final String
CONFIG
private static final String
BIN
private static final String
LIB
private static final String
UPGRADE
String
pathOfNSSDbFiles
private String
jksPath
private String
trustJksPath
private List
pkcs12PathList
private String
nssKeyStorePassword
private List
keyList
private InputStream
isJksPath
private OutputStream
osJksPath
private OutputStream
trustJKSPathStream
private String
jksKeyStorePassword
private String
jksCAkeyStorePassword
private boolean
certificateError
private char[]
pwd
private KeyStore
jksKeyStore
private KeyStore
trustedJksKeyStore
private CommonInfoModel
commonInfo
Constructors Summary
public NSStoJKSConversionModule()
sm = StringManager.getManager(LogService.UPGRADE_CERTCONVERSION_LOGGER);
Methods Summary
private void deletePKCS12Files()
String pkcsFilesPath = commonInfo.getDestinationDomainPath(); String[] fileList = new File(pkcsFilesPath).list(); for(int i=0; i<fileList.length; i++){ File pkcsFile = new File(pkcsFilesPath+File.separator+fileList[i]); if(pkcsFile.isFile() && fileList[i].endsWith(".pkcs12") ){ pkcsFile.delete(); } } String domainPath = commonInfo.getDestinationDomainPath(); String nssPwdFile = domainPath +File.separator +"pwdfile"; File pwdfile = new File(nssPwdFile); pwdfile.delete();
private void doBackup(CommonInfoModel commonInfo)
doCACertificateBackup(); doKeyPairBackup();
private void doCACertificateBackup()
FileInputStream in = null; FileOutputStream out = null; try { KeyStore keystoreSource = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore keystoreTarget = KeyStore.getInstance(KeyStore.getDefaultType()); in = new FileInputStream(new File(trustJksPath)); keystoreSource.load(in,jksCAkeyStorePassword.toCharArray()); keystoreTarget.load(null, jksCAkeyStorePassword.toCharArray()); java.util.Enumeration en = keystoreSource.aliases(); for(; en.hasMoreElements(); ){ String alias = (String) en.nextElement(); java.security.cert.Certificate cert = keystoreSource.getCertificate(alias); keystoreTarget.setCertificateEntry(alias,cert); } out = new FileOutputStream(trustJksPath+".back"); keystoreTarget.store(out, jksCAkeyStorePassword.toCharArray()); } catch (java.security.cert.CertificateException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); } catch (NoSuchAlgorithmException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); } catch (FileNotFoundException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); // Keystore does not exist } catch (KeyStoreException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); } catch (IOException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); }catch(Exception e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); }finally { try { if(in!=null) in.close(); if(out!=null) out.close(); }catch(Exception ex){} }
private void doKeyPairBackup()
FileInputStream in = null; FileOutputStream out = null; try { KeyStore keystoreSource = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore keystoreTarget = KeyStore.getInstance(KeyStore.getDefaultType()); in = new FileInputStream(new File(jksPath)); keystoreSource.load(in,jksKeyStorePassword.toCharArray()); keystoreTarget.load(null, jksKeyStorePassword.toCharArray()); java.util.Enumeration en = keystoreSource.aliases(); for(; en.hasMoreElements(); ){ String alias = (String) en.nextElement(); Key key = keystoreSource.getKey(alias, jksKeyStorePassword.toCharArray()); java.security.cert.Certificate[] cert = keystoreSource.getCertificateChain(alias); keystoreTarget.setKeyEntry(alias, key, jksKeyStorePassword.toCharArray(), cert); } out = new FileOutputStream(jksPath+".back"); keystoreTarget.store(out, jksKeyStorePassword.toCharArray()); } catch (java.security.cert.CertificateException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); } catch (NoSuchAlgorithmException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); } catch (FileNotFoundException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); // Keystore does not exist } catch (KeyStoreException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); } catch (IOException e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); }catch(Exception e) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.unknownError"),e); }finally { try { if(in!=null) in.close(); if(out!=null) out.close(); }catch(Exception ex){} }
private void generatePKCS12Certificates()
String osName = commonInfo.getOSName(); int size = keyList.size(); for (int i =0;i<size;i++) { String pkcsFile = removeWhiteSpace("" + keyList.get(i)); String pkcsFilePath = commonInfo.getDestinationDomainPath() + File.separator +pkcsFile +".pkcs12"; String sourceDomainDir = commonInfo.getSourceInstancePath(); String configDir = sourceDomainDir + File.separator + CONFIG; String source70Lib = commonInfo.getSourceInstallDir() +File.separator + LIB; String source70Bin = commonInfo.getSourceInstallDir() +File.separator + BIN; String pk12UtilPath = ""; if(osName.indexOf("Windows") == -1) pk12UtilPath = commonInfo.getTargetInstallDir() + File.separator + LIB + File.separator + PK12_UTIL_UNIX; else pk12UtilPath = commonInfo.getTargetInstallDir() + File.separator + LIB + File.separator + PK12_UTIL_WIN; String pk12utilLocation = commonInfo.getTargetInstallDir() + File.separator + LIB + File.separator + UPGRADE; /*String commandString = pk12UtilPath + " " + PKCS12_OUTPUTFILE_OPTION + " " + pkcsFilePath + " " + NSS_DB_LOCATION_OPTION + " " + configDir + " " + ALIAS_OPTION + " " + keyList.get(i) + " " + NSS_PWD_OPTION + " " + commonInfo.getCertDbPassword() +" " + KEYSTORE_PWD_OPTION + " " + commonInfo.getCertDbPassword(); */ String[] commandArray = {pk12UtilPath, source70Lib, source70Bin, pk12utilLocation, PKCS12_OUTPUTFILE_OPTION, pkcsFilePath, NSS_DB_LOCATION_OPTION, configDir, ALIAS_OPTION, ""+ keyList.get(i) + "", NSS_PWD_OPTION, commonInfo.getCertDbPassword(), KEYSTORE_PWD_OPTION, commonInfo.getCertDbPassword() }; StringWriter result = new StringWriter(); //int exitVal = ProcessAdaptor.executeProcess(commandString, result); int exitVal = ProcessAdaptor.executeProcess(commandArray, result); result.flush(); //If process execution is successful add pkcs12file to pkcs12PathList if(exitVal == 0) pkcs12PathList.add(pkcsFilePath); else { _logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.certificateError", keyList.get(i),commonInfo.getCurrentDomain(),result.toString())); throw new CertificateException(sm.getString("enterprise.tools.upgrade.certconversion.certificateError", keyList.get(i),commonInfo.getCurrentDomain(),result.toString())); } }
public java.lang.String getName()
return sm.getString("enterprise.tools.upgrade.certconversion.moduleName");
private void listAllKeysFromSourceInstall()
String osName = commonInfo.getOSName(); String sourceDomainDir = commonInfo.getSourceInstancePath(); String configDir = sourceDomainDir + File.separator + CONFIG; String source70Lib = commonInfo.getSourceInstallDir() +File.separator + LIB; String source70Bin = commonInfo.getSourceInstallDir() +File.separator + BIN; String certutilLocation = commonInfo.getTargetInstallDir() +File.separator + LIB +File.separator + UPGRADE; String certUtilPath = ""; if(osName.indexOf("Windows") == -1) certUtilPath = commonInfo.getTargetInstallDir() + File.separator + LIB + File.separator + CERT_UTIL_UNIX; else certUtilPath = commonInfo.getTargetInstallDir() + File.separator + LIB + File.separator + CERT_UTIL_WIN; StringWriter result = new StringWriter(); String nssPwd = commonInfo.getCertDbPassword(); //String nssPwdFile = commonInfo.getNSSPwdFile(); String domainPath = commonInfo.getDestinationDomainPath(); String nssPwdFile = domainPath +File.separator +"pwdfile"; PrintWriter pw = null; try{ pw = new PrintWriter(new FileOutputStream(nssPwdFile )); pw.println(nssPwd); pw.flush(); pw.close(); }catch(FileNotFoundException fe) { _logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.unknownError "),fe); }finally { try { if(pw !=null) pw.close(); }catch(Exception e){} } String commandString = certUtilPath + " " + LIST_KEY_ID + " " + NSS_DB_LOCATION_OPTION + " " + configDir + " " + CERT_NSS_PWD_OPTION + " " + nssPwdFile + " " +source70Lib + " " +source70Bin + " " +certutilLocation; int exitVal = ProcessAdaptor.executeProcess(commandString, result); result.flush(); String resultString = result.toString(); if(exitVal == 0) { parseAndGetKeys(resultString); }else { _logger.log(Level.WARNING, sm.getString("enterprise.tools.upgrade.certconversion.error_executing_certutil",resultString)); throw new CertificateException(sm.getString("enterprise.tools.upgrade.certconversion.error_executing_certutil",resultString)); }
public static void main(java.lang.String[] args)
CommonInfoModel commonInfo = new CommonInfoModel(); commonInfo.setSourceInstallDir(args[0]); commonInfo.setTargetInstallDir(args[1]); commonInfo.setCertDbPassword(args[2]); commonInfo.setJksKeystorePassword(args[3]); NSStoJKSConversionModule convModule = new NSStoJKSConversionModule(); convModule.upgrade(commonInfo);
private void openAllInputKeystorePKCS12()
int size = pkcs12PathList.size(); for(int i=0; i<size; i++){ openInputKeystorePKCS12((String)pkcs12PathList.get(i), nssKeyStorePassword); }
public void openInputKeystorePKCS12(java.lang.String pkcs12Path, java.lang.String pkcs12Pwd)
FileInputStream fis = null; KeyStore pkcs12KeyStore = null; try{ fis = new FileInputStream(pkcs12Path); pkcs12KeyStore = KeyStore.getInstance("PKCS12"); pkcs12KeyStore.load(fis, pkcs12Pwd.toCharArray()); java.util.Enumeration en = pkcs12KeyStore.aliases(); for(; en.hasMoreElements(); ){ String alias = (String) en.nextElement(); _logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.processing_keypair",alias)); Key key = pkcs12KeyStore.getKey(alias, pkcs12Pwd.toCharArray()); java.security.cert.Certificate[] cert = pkcs12KeyStore.getCertificateChain(alias); List caList = new ArrayList(); int i =0; if(cert.length > 1) { i=1; for(;i<cert.length;i++) { if(cert[i] instanceof X509Certificate) { if(!certificateError) writeToOutputTrustedKeystore(cert[i],alias + "ca" + i); /*X509Certificate x509cert = (X509Certificate)cert[i]; Principal principal = x509cert.getIssuerDN(); caList.add(principal.getName()+"\n");*/ } } } if(cert.length == 1) { X509Certificate x509cert = (X509Certificate)cert[0]; Principal issuerPrincipal = x509cert.getIssuerDN(); Principal subjectPrincipal = x509cert.getSubjectDN(); String subject = subjectPrincipal.getName(); String issuer = issuerPrincipal.getName(); if(subject.equals(issuer) && (!certificateError)) writeToOutputTrustedKeystore(cert[i],alias); else _logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.ca_list",issuer)); } //_logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.ca_list",caList)); if(!certificateError) writeToOutputKeystore(key, cert, alias); } }catch(Exception e){ certificateError = true; _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.certconversion.certificate_PKCS12_Error"),e); throw new CertificateException(sm.getString("enterprise.tools.upgrade.certconversion.certificate_PKCS12_Error")); }finally{ if(fis!=null) try{fis.close();}catch(Exception e){} }
public void openOutputKeystoreJKS()
InputStream inputStreamJks = null; try{ inputStreamJks = new FileInputStream(jksPath); jksKeyStore = KeyStore.getInstance("JKS"); jksKeyStore.load(inputStreamJks, jksKeyStorePassword.toCharArray()); }catch(Exception e){ certificateError = true; _logger.log(Level.SEVERE,sm.getString("enterprise.tools.upgrade.certconversion.JKS_Password_Error"),e); throw new CertificateException(sm.getString("enterprise.tools.upgrade.certconversion.JKS_Password_Error")); }finally{ if(inputStreamJks!=null) try{inputStreamJks.close();}catch(Exception e){} }
public void openOutputTrustedKeystoreJKS()
InputStream inputStreamJks = null; try{ inputStreamJks = new FileInputStream(trustJksPath); trustedJksKeyStore = KeyStore.getInstance("JKS"); trustedJksKeyStore.load(inputStreamJks, jksCAkeyStorePassword.toCharArray()); }catch(Exception e){ certificateError = true; _logger.log(Level.SEVERE,sm.getString("enterprise.tools.upgrade.certconversion.JKS_Password_Error"),e); throw new CertificateException(sm.getString("enterprise.tools.upgrade.certconversion.JKS_Password_Error")); }finally{ if(inputStreamJks!=null) try{inputStreamJks.close();}catch(Exception e){} }
private void parseAndGetKeys(java.lang.String input)
try { BufferedReader reader = new BufferedReader(new StringReader(input)); //Reading the Line <0> KEY String readString =reader.readLine(); while(readString != null) { //Key starts from 4th Index String marker = readString.substring(0,1); String anotherMarker = readString.substring(2,3); if(!(marker.equals("<") && anotherMarker.equals(">"))) { _logger.log(Level.WARNING, sm.getString("enterprise.tools.upgrade.certconversion.error_executing_certutil",input)); return; } String alias = readString.substring(4); keyList.add(alias); _logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.alias_info",commonInfo.getCurrentDomain(), alias)); readString =reader.readLine(); } }catch (Exception e) { _logger.log(Level.WARNING, sm.getString("enterprise.tools.upgrade.certconversion.unknownError"),e); }
public void recovery(CommonInfoModel commonInfo)
File keypairKeyStoreOriginalFile = new File(jksPath); File keypairKeyStoreBackupFile = new File(jksPath+".back"); File trustedKeyStoreOriginalFile = new File(trustJksPath); File trustedKeyStoreBackupFile = new File(trustJksPath+".back"); new File(jksPath+".back1").delete(); new File(trustJksPath+".back1").delete(); boolean success = keypairKeyStoreOriginalFile.renameTo(new File(jksPath+".back1")); if(!success) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.certconversion.could_not_recover_certificates")); return; } success = trustedKeyStoreOriginalFile.renameTo(new File(trustJksPath+".back1")); if(!success) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.certconversion.could_not_recover_certificates")); return; } keypairKeyStoreOriginalFile.delete(); trustedKeyStoreOriginalFile.delete(); success = keypairKeyStoreBackupFile.renameTo(keypairKeyStoreOriginalFile); if(!success) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.certconversion.could_not_recover_certificates")); File keypairKeyStoreanotherBackupFile = new File(jksPath+".back1"); File trustedKeyStoreanotherBackupFile = new File(trustJksPath+".back1"); keypairKeyStoreanotherBackupFile.renameTo(keypairKeyStoreOriginalFile); trustedKeyStoreanotherBackupFile.renameTo(trustedKeyStoreOriginalFile); return; } success = trustedKeyStoreBackupFile.renameTo(trustedKeyStoreOriginalFile); if(!success) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.certconversion.could_not_recover_certificates")); File keypairKeyStoreanotherBackupFile = new File(jksPath+".back1"); File trustedKeyStoreanotherBackupFile = new File(trustJksPath+".back1"); keypairKeyStoreanotherBackupFile.renameTo(keypairKeyStoreOriginalFile); trustedKeyStoreanotherBackupFile.renameTo(trustedKeyStoreOriginalFile); return; } new File(jksPath+".back1").delete(); new File(trustJksPath+".back1").delete();
private java.lang.String removeWhiteSpace(java.lang.String str)
String concat=""; StringTokenizer st = new StringTokenizer(str); while(st.hasMoreTokens()) { concat=concat+st.nextToken(); } return concat;
private void runPkcs12ToJks()
// to convert from pkcs12 to jks openOutputKeystoreJKS(); openOutputTrustedKeystoreJKS(); openAllInputKeystorePKCS12(); if(!certificateError) storeJksKeyStore(); if(!certificateError) storeJksTrustedKeyStore();
private void storeJksKeyStore()
try{ osJksPath = new FileOutputStream(jksPath); jksKeyStore.store(osJksPath, jksKeyStorePassword.toCharArray()); }catch(Exception ex){ _logger.log(Level.SEVERE,sm.getString("enterprise.tools.upgrade.certconversion.certificate_JKS_Error"),ex); throw new CertificateException(sm.getString("enterprise.tools.upgrade.certconversion.certificate_JKS_Error")); }finally{ if(osJksPath!=null) try{osJksPath.close();}catch(Exception e){} }
private void storeJksTrustedKeyStore()
try{ trustJKSPathStream = new FileOutputStream(trustJksPath); trustedJksKeyStore.store(trustJKSPathStream, jksCAkeyStorePassword.toCharArray()); }catch(Exception ex){ _logger.log(Level.SEVERE,sm.getString("enterprise.tools.upgrade.certconversion.certificate_JKS_Error"),ex); throw new CertificateException(sm.getString("enterprise.tools.upgrade.certconversion.certificate_JKS_Error")); }finally{ if(osJksPath!=null) try{osJksPath.close();}catch(Exception e){} }
public boolean upgrade(CommonInfoModel commonInfo)
try { String currentDomain = commonInfo.getCurrentDomain(); if(!(commonInfo.getDomainOptionList().contains(currentDomain)) || commonInfo.getCertDbPassword() == null) return true; this.jksPath=commonInfo.getTargetJKSKeyStorePath(); this.trustJksPath = commonInfo.getTargetTrustedJKSKeyStorePath(); this.jksKeyStorePassword=commonInfo.getJksKeystorePassword(); this.jksCAkeyStorePassword=commonInfo.getJksCAKeystorePassword(); this.pkcs12PathList=new ArrayList(); this.keyList = new ArrayList(); this.nssKeyStorePassword=commonInfo.getCertDbPassword(); this.commonInfo = commonInfo; _logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.start_certificate_migration",currentDomain)); doBackup(commonInfo); listAllKeysFromSourceInstall(); generatePKCS12Certificates(); runPkcs12ToJks(); deletePKCS12Files(); _logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.finished_certificate_migration",currentDomain)); }catch(CertificateException ce) { _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.certconversion.could_not_migrate_certificates",ce)); UpdateProgressManager.getProgressManager().setContinueUpgrade(false); return false; } return true;
public void writeToOutputKeystore(java.security.Key key, java.security.cert.Certificate[] cert, java.lang.String alias)
try{ jksKeyStore.setKeyEntry(alias, key, jksKeyStorePassword.toCharArray(), cert); _logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.alias_transferred",alias)); } catch(Exception e){ certificateError = true; _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.certconversion.JKS_Password_Error"),e); throw new CertificateException(sm.getString("enterprise.tools.upgrade.certconversion.JKS_Password_Error")); }
public void writeToOutputTrustedKeystore(java.security.cert.Certificate cert, java.lang.String alias)
try{ trustedJksKeyStore.setCertificateEntry(alias, cert); _logger.log(Level.INFO,sm.getString("enterprise.tools.upgrade.certconversion.ca_transferred",alias)); } catch(Exception e){ certificateError = true; _logger.log(Level.WARNING,sm.getString("enterprise.tools.upgrade.certconversion.JKS_Password_Error"),e); throw new CertificateException(sm.getString("enterprise.tools.upgrade.certconversion.JKS_Password_Error")); }