Skip to content

Commit

Permalink
Use cached keystore
Browse files Browse the repository at this point in the history
  • Loading branch information
@hwupathum
hwupathum committed Aug 1, 2024
1 parent bd40a69 commit 391bdaa
Show file tree
Hide file tree
Showing 10 changed files with 40 additions and 27 deletions.
5 changes: 3 additions & 2 deletions ...ntity.query.saml/src/main/java/org/wso2/carbon/identity/query/saml/SignKeyDataHolder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.X509Credential;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
Expand Down Expand Up @@ -134,7 +135,7 @@ private void initializeKeyDataForTenant(int tenantID, String tenantDomain) throw
String keyStoreName = SAMLSSOUtil.generateKSNameFromDomainName(tenantDomain);
String keyAlias = tenantDomain;
KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantID);
KeyStore keyStore = keyMan.getKeyStore(keyStoreName);
CachedKeyStore keyStore = keyMan.getCachedKeyStore(keyStoreName);
issuerPrivateKey = (PrivateKey) keyMan.getPrivateKey(keyStoreName, tenantDomain);

Certificate[] certificates = keyStore.getCertificateChain(keyAlias);
Expand Down Expand Up @@ -170,7 +171,7 @@ private void initializeKeyDataForSuperTenantFromSystemKeyStore() throws Exceptio
KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
issuerPrivateKey = (PrivateKey) keyAdmin.getPrivateKey(keyAlias, true);

Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias);
Certificate[] certificates = keyMan.getCachedPrimaryKeyStore().getCertificateChain(keyAlias);
issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);

publicKey = issuerCerts[0].getPublicKey();
Expand Down
7 changes: 4 additions & 3 deletions ...tity.query.saml/src/main/java/org/wso2/carbon/identity/query/saml/util/OpenSAML3Util.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.opensaml.xmlsec.signature.support.Signer;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
Expand Down Expand Up @@ -308,14 +309,14 @@ public static X509CredentialImpl getX509CredentialImplForTenant(String tenantDom
// get an instance of the corresponding Key Store Manager instance
keyStoreManager = KeyStoreManager.getInstance(tenantId);
X509CredentialImpl credentialImpl = null;
KeyStore keyStore;
CachedKeyStore keyStore;
try {
if (tenantId != MultitenantConstants.SUPER_TENANT_ID) {// for tenants, load private key from their generated key store
keyStore = keyStoreManager.getKeyStore(generateKSNameFromDomainName(tenantDomain));
keyStore = keyStoreManager.getCachedKeyStore(generateKSNameFromDomainName(tenantDomain));
} else {
// for super tenant, load the default pub. cert using the
// config. in carbon.xml
keyStore = keyStoreManager.getPrimaryKeyStore();
keyStore = keyStoreManager.getCachedPrimaryKeyStore();
}
java.security.cert.X509Certificate cert =
(java.security.cert.X509Certificate) keyStore.getCertificate(alias);
Expand Down
4 changes: 1 addition & 3 deletions ...so.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/FileBasedConfigManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -324,9 +324,7 @@ private X509Certificate getCertificateFromKeyStore(String alias) {

try {
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
KeyStore keyStore = keyStoreManager.getPrimaryKeyStore();
X509Certificate certificate = (X509Certificate)keyStore.getCertificate(alias);
return certificate;
return (X509Certificate) keyStoreManager.getCachedPrimaryKeyStore().getCertificate(alias);
} catch (Exception e) {
String errorMsg = String.format("Error occurred while retrieving the certificate for " +
"the alias '%s'." + alias);
Expand Down
4 changes: 2 additions & 2 deletions ...ty.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ private void saveCertificateToKeyStore(SAMLSSOServiceProviderDO serviceProviderD

if (MultitenantConstants.SUPER_TENANT_ID == tenantId) {

KeyStore keyStore = manager.getPrimaryKeyStore();
KeyStore keyStore = manager.getCachedPrimaryKeyStore().getKeyStore();

// Admin should manually add the service provider signing certificate to the keystore file.
// If the certificate is available we will set the alias of that certificate.
Expand All @@ -320,7 +320,7 @@ private void saveCertificateToKeyStore(SAMLSSOServiceProviderDO serviceProviderD
} else {

String keyStoreName = getKeyStoreName(tenantId);
KeyStore keyStore = manager.getKeyStore(keyStoreName);
KeyStore keyStore = manager.getCachedKeyStore(keyStoreName).getKeyStore();

// Add new certificate
keyStore.setCertificateEntry(serviceProviderDO.getIssuer(), serviceProviderDO.getX509Certificate());
Expand Down
5 changes: 3 additions & 2 deletions ....sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/builders/SignKeyDataHolder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import org.opensaml.security.x509.X509Credential;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
Expand Down Expand Up @@ -150,7 +151,7 @@ private void initializeKeyDataForTenant(int tenantID, String tenantDomain) throw
String keyStoreName = SAMLSSOUtil.generateKSNameFromDomainName(tenantDomain);
String keyAlias = tenantDomain;
KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantID);
KeyStore keyStore = keyMan.getKeyStore(keyStoreName);
CachedKeyStore keyStore = keyMan.getCachedKeyStore(keyStoreName);
issuerPrivateKey = (PrivateKey) keyMan.getPrivateKey(keyStoreName, tenantDomain);

Certificate[] certificates = keyStore.getCertificateChain(keyAlias);
Expand Down Expand Up @@ -184,7 +185,7 @@ private void initializeKeyDataForSuperTenantFromSystemKeyStore() throws Exceptio
KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
issuerPrivateKey = (PrivateKey) keyAdmin.getPrivateKey(keyAlias, true);

Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias);
Certificate[] certificates = keyMan.getCachedPrimaryKeyStore().getCertificateChain(keyAlias);
issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);

signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
Expand Down
2 changes: 1 addition & 1 deletion ...sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/builders/X509CredentialImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ private void initCredentialForTenant(String tenantDomain, KeyStoreManager keySto
// Derive key store name.
String jksName = KeystoreUtils.getKeyStoreFileLocation(tenantDomain);
privateKey = (PrivateKey) keyStoreManager.getPrivateKey(jksName, tenantDomain);
signingCert = (X509Certificate) keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain);
signingCert = (X509Certificate) keyStoreManager.getCachedKeyStore(jksName).getCertificate(tenantDomain);
// This Exception is thrown from the KeyStoreManager.
} catch (Exception e) {
throw new IdentityException("Error retrieving private key and the certificate for tenant " +
Expand Down
7 changes: 4 additions & 3 deletions ...n.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/util/SAMLSSOUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
Expand Down Expand Up @@ -958,19 +959,19 @@ public static X509CredentialImpl getX509CredentialImplForTenant(String tenantDom
keyStoreManager = KeyStoreManager.getInstance(tenantId);

X509CredentialImpl credentialImpl = null;
KeyStore keyStore;
CachedKeyStore keyStore;

try {
if (tenantId != -1234) {// for tenants, load private key from their generated key store
try {
FrameworkUtils.startTenantFlow(tenantDomain);
keyStore = keyStoreManager.getKeyStore(generateKSNameFromDomainName(tenantDomain));
keyStore = keyStoreManager.getCachedKeyStore(generateKSNameFromDomainName(tenantDomain));
} finally {
FrameworkUtils.endTenantFlow();
}
} else { // for super tenant, load the default pub. cert using the
// config. in carbon.xml
keyStore = keyStoreManager.getPrimaryKeyStore();
keyStore = keyStoreManager.getCachedPrimaryKeyStore();
}
java.security.cert.X509Certificate cert =
(java.security.cert.X509Certificate) keyStore.getCertificate(alias);
Expand Down
5 changes: 4 additions & 1 deletion ...ntity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/SAMLLogoutHandlerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import org.testng.annotations.BeforeTest;
import org.testng.annotations.Test;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
Expand All @@ -50,6 +51,7 @@
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.util.HashMap;
import javax.net.ssl.KeyManager;
Expand Down Expand Up @@ -178,6 +180,7 @@ private void createMocks() throws Exception {

KeyStore keyStore = TestUtils.
loadKeyStoreFromFileSystem(TestUtils.getFilePath("wso2carbon.jks"), "wso2carbon", "JKS");
CachedKeyStore cachedKeyStore = new CachedKeyStore(keyStore);

SAMLSSOUtil.setRegistryService(registryService);
when(registryService.getGovernanceSystemRegistry()).thenReturn(registry);
Expand All @@ -187,7 +190,7 @@ private void createMocks() throws Exception {

mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID)).thenReturn(keyStoreManager);
when(keyStoreManager.getPrimaryKeyStore()).thenReturn(keyStore);
when(keyStoreManager.getCachedPrimaryKeyStore()).thenReturn(cachedKeyStore);
}

@Test
Expand Down
11 changes: 7 additions & 4 deletions ...entity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/util/EncryptionTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.testng.PowerMockTestCase;
import org.testng.annotations.Test;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
import org.wso2.carbon.identity.core.util.IdentityUtil;
Expand Down Expand Up @@ -127,14 +128,16 @@ private void assertEncryptedSAMLAssertion(Assertion assertion, EncryptedAssertio

private void prepareForAssertionEncryption() throws Exception {

KeyStore keyStore = TestUtils.loadKeyStoreFromFileSystem(
TestUtils.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS");
CachedKeyStore cachedKeyStore = new CachedKeyStore(keyStore);

when(realmService.getTenantManager()).thenReturn(tenantManager);
when(tenantManager.getTenantId(anyString())).thenReturn(4567);
mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(anyInt())).thenReturn(keyStoreManager);
when(keyStoreManager.getKeyStore(anyString())).thenReturn(TestUtils.loadKeyStoreFromFileSystem(
TestUtils.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS"));
when(keyStoreManager.getPrimaryKeyStore()).thenReturn(TestUtils.loadKeyStoreFromFileSystem(
TestUtils.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS"));
when(keyStoreManager.getCachedKeyStore(anyString())).thenReturn(cachedKeyStore);
when(keyStoreManager.getCachedPrimaryKeyStore()).thenReturn(cachedKeyStore);
SAMLSSOUtil.setRealmService(realmService);

mockStatic(IdentityUtil.class);
Expand Down
17 changes: 11 additions & 6 deletions ...entity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/util/SAMLSSOUtilTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import org.testng.annotations.DataProvider;
import org.testng.annotations.ObjectFactory;
import org.testng.annotations.Test;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
Expand Down Expand Up @@ -64,6 +65,7 @@
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import org.wso2.carbon.utils.security.KeystoreUtils;

import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;

Expand Down Expand Up @@ -403,15 +405,18 @@ public void testGetDestinationException() throws Exception {
@Test
public void testGetX509CredentialImplForSuperTenant() throws Exception {

KeyStore keyStore = TestUtils.loadKeyStoreFromFileSystem(TestUtils
.getFilePath("wso2carbon.jks"), "wso2carbon", "JKS");
CachedKeyStore cachedKeyStore = new CachedKeyStore(keyStore);
prepareForGetIssuer();
mockStatic(FrameworkServiceComponent.class);
when(FrameworkServiceComponent.getRealmService()).thenReturn(realmService);
when(realmService.getTenantManager()).thenReturn(tenantManager);
when(tenantManager.getTenantId(anyString())).thenReturn(-1234);
mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(eq(-1234))).thenReturn(keyStoreManager);
when(keyStoreManager.getPrimaryKeyStore()).thenReturn(TestUtils.loadKeyStoreFromFileSystem(TestUtils
.getFilePath("wso2carbon.jks"), "wso2carbon", "JKS"));
when(keyStoreManager.getCachedPrimaryKeyStore()).thenReturn(cachedKeyStore);
when(keyStoreManager.getCachedKeyStore(anyString())).thenReturn(cachedKeyStore);
X509CredentialImpl x509Credential = SAMLSSOUtil.getX509CredentialImplForTenant("carbon.super", "wso2carbon");
assertNotNull(x509Credential.getPublicKey(), "public key is missing");
}
Expand All @@ -427,9 +432,9 @@ public void testGetX509CredentialImplForTenant() throws Exception {
when(tenantManager.getTenantId(anyString())).thenReturn(1);
mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(eq(1))).thenReturn(keyStoreManager);
when(keyStoreManager.getKeyStore(eq(SAMLSSOUtil.generateKSNameFromDomainName(TestConstants.WSO2_TENANT_DOMAIN)))).thenReturn
(TestUtils.loadKeyStoreFromFileSystem(TestUtils
.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS"));
when(keyStoreManager.getCachedKeyStore(eq(SAMLSSOUtil.generateKSNameFromDomainName(TestConstants.WSO2_TENANT_DOMAIN)))).thenReturn
(new CachedKeyStore(TestUtils.loadKeyStoreFromFileSystem(TestUtils
.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS")));
X509CredentialImpl x509Credential = SAMLSSOUtil.getX509CredentialImplForTenant(TestConstants
.WSO2_TENANT_DOMAIN, TestConstants.WSO2_CARBON);
assertNotNull(x509Credential.getPublicKey(), "public key is missing for tenant");
Expand All @@ -443,7 +448,7 @@ public void testGetX509CredentialImplException() throws Exception {
when(tenantManager.getTenantId(anyString())).thenReturn(1);
mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(eq(1))).thenReturn(keyStoreManager);
when(keyStoreManager.getKeyStore(eq(SAMLSSOUtil.generateKSNameFromDomainName(TestConstants.WSO2_TENANT_DOMAIN)))).thenReturn
when(keyStoreManager.getCachedKeyStore(eq(SAMLSSOUtil.generateKSNameFromDomainName(TestConstants.WSO2_TENANT_DOMAIN)))).thenReturn
(null);
X509CredentialImpl x509Credential = SAMLSSOUtil.getX509CredentialImplForTenant(TestConstants
.WSO2_TENANT_DOMAIN, TestConstants.WSO2_CARBON);
Expand Down

0 comments on commit 391bdaa

Please sign in to comment.