Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use cached Primary KeyStore #425

Closed
wants to merge 1 commit into from
Closed

Use cached Primary KeyStore #425

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions ...ntity.query.saml/src/main/java/org/wso2/carbon/identity/query/saml/SignKeyDataHolder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.X509Credential;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
Expand Down Expand Up @@ -134,7 +135,7 @@ private void initializeKeyDataForTenant(int tenantID, String tenantDomain) throw
String keyStoreName = SAMLSSOUtil.generateKSNameFromDomainName(tenantDomain);
String keyAlias = tenantDomain;
KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantID);
KeyStore keyStore = keyMan.getKeyStore(keyStoreName);
CachedKeyStore keyStore = keyMan.getCachedKeyStore(keyStoreName);
issuerPrivateKey = (PrivateKey) keyMan.getPrivateKey(keyStoreName, tenantDomain);

Certificate[] certificates = keyStore.getCertificateChain(keyAlias);
Expand Down Expand Up @@ -170,7 +171,7 @@ private void initializeKeyDataForSuperTenantFromSystemKeyStore() throws Exceptio
KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
issuerPrivateKey = (PrivateKey) keyAdmin.getPrivateKey(keyAlias, true);

Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias);
Certificate[] certificates = keyMan.getCachedPrimaryKeyStore().getCertificateChain(keyAlias);
issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);

publicKey = issuerCerts[0].getPublicKey();
Expand Down
7 changes: 4 additions & 3 deletions ...tity.query.saml/src/main/java/org/wso2/carbon/identity/query/saml/util/OpenSAML3Util.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.opensaml.xmlsec.signature.support.Signer;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
Expand Down Expand Up @@ -308,14 +309,14 @@ public static X509CredentialImpl getX509CredentialImplForTenant(String tenantDom
// get an instance of the corresponding Key Store Manager instance
keyStoreManager = KeyStoreManager.getInstance(tenantId);
X509CredentialImpl credentialImpl = null;
KeyStore keyStore;
CachedKeyStore keyStore;
try {
if (tenantId != MultitenantConstants.SUPER_TENANT_ID) {// for tenants, load private key from their generated key store
keyStore = keyStoreManager.getKeyStore(generateKSNameFromDomainName(tenantDomain));
keyStore = keyStoreManager.getCachedKeyStore(generateKSNameFromDomainName(tenantDomain));
} else {
// for super tenant, load the default pub. cert using the
// config. in carbon.xml
keyStore = keyStoreManager.getPrimaryKeyStore();
keyStore = keyStoreManager.getCachedPrimaryKeyStore();
}
java.security.cert.X509Certificate cert =
(java.security.cert.X509Certificate) keyStore.getCertificate(alias);
Expand Down
4 changes: 1 addition & 3 deletions ...so.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/FileBasedConfigManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -324,9 +324,7 @@ private X509Certificate getCertificateFromKeyStore(String alias) {

try {
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
KeyStore keyStore = keyStoreManager.getPrimaryKeyStore();
X509Certificate certificate = (X509Certificate)keyStore.getCertificate(alias);
return certificate;
return (X509Certificate) keyStoreManager.getCachedPrimaryKeyStore().getCertificate(alias);
} catch (Exception e) {
String errorMsg = String.format("Error occurred while retrieving the certificate for " +
"the alias '%s'." + alias);
Expand Down
4 changes: 2 additions & 2 deletions ...ty.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/admin/SAMLSSOConfigAdmin.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ private void saveCertificateToKeyStore(SAMLSSOServiceProviderDO serviceProviderD

if (MultitenantConstants.SUPER_TENANT_ID == tenantId) {

KeyStore keyStore = manager.getPrimaryKeyStore();
KeyStore keyStore = manager.getCachedPrimaryKeyStore().getKeyStore();

// Admin should manually add the service provider signing certificate to the keystore file.
// If the certificate is available we will set the alias of that certificate.
Expand All @@ -320,7 +320,7 @@ private void saveCertificateToKeyStore(SAMLSSOServiceProviderDO serviceProviderD
} else {

String keyStoreName = getKeyStoreName(tenantId);
KeyStore keyStore = manager.getKeyStore(keyStoreName);
KeyStore keyStore = manager.getCachedKeyStore(keyStoreName).getKeyStore();

// Add new certificate
keyStore.setCertificateEntry(serviceProviderDO.getIssuer(), serviceProviderDO.getX509Certificate());
Expand Down
5 changes: 3 additions & 2 deletions ....sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/builders/SignKeyDataHolder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import org.opensaml.security.x509.X509Credential;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
Expand Down Expand Up @@ -150,7 +151,7 @@ private void initializeKeyDataForTenant(int tenantID, String tenantDomain) throw
String keyStoreName = SAMLSSOUtil.generateKSNameFromDomainName(tenantDomain);
String keyAlias = tenantDomain;
KeyStoreManager keyMan = KeyStoreManager.getInstance(tenantID);
KeyStore keyStore = keyMan.getKeyStore(keyStoreName);
CachedKeyStore keyStore = keyMan.getCachedKeyStore(keyStoreName);
issuerPrivateKey = (PrivateKey) keyMan.getPrivateKey(keyStoreName, tenantDomain);

Certificate[] certificates = keyStore.getCertificateChain(keyAlias);
Expand Down Expand Up @@ -184,7 +185,7 @@ private void initializeKeyDataForSuperTenantFromSystemKeyStore() throws Exceptio
KeyStoreManager keyMan = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
issuerPrivateKey = (PrivateKey) keyAdmin.getPrivateKey(keyAlias, true);

Certificate[] certificates = keyMan.getPrimaryKeyStore().getCertificateChain(keyAlias);
Certificate[] certificates = keyMan.getCachedPrimaryKeyStore().getCertificateChain(keyAlias);
issuerCerts = Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);

signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
Expand Down
2 changes: 1 addition & 1 deletion ...sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/builders/X509CredentialImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ private void initCredentialForTenant(String tenantDomain, KeyStoreManager keySto
// Derive key store name.
String jksName = KeystoreUtils.getKeyStoreFileLocation(tenantDomain);
privateKey = (PrivateKey) keyStoreManager.getPrivateKey(jksName, tenantDomain);
signingCert = (X509Certificate) keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain);
signingCert = (X509Certificate) keyStoreManager.getCachedKeyStore(jksName).getCertificate(tenantDomain);
// This Exception is thrown from the KeyStoreManager.
} catch (Exception e) {
throw new IdentityException("Error retrieving private key and the certificate for tenant " +
Expand Down
7 changes: 4 additions & 3 deletions ...n.identity.sso.saml/src/main/java/org/wso2/carbon/identity/sso/saml/util/SAMLSSOUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
Expand Down Expand Up @@ -958,19 +959,19 @@ public static X509CredentialImpl getX509CredentialImplForTenant(String tenantDom
keyStoreManager = KeyStoreManager.getInstance(tenantId);

X509CredentialImpl credentialImpl = null;
KeyStore keyStore;
CachedKeyStore keyStore;

try {
if (tenantId != -1234) {// for tenants, load private key from their generated key store
try {
FrameworkUtils.startTenantFlow(tenantDomain);
keyStore = keyStoreManager.getKeyStore(generateKSNameFromDomainName(tenantDomain));
keyStore = keyStoreManager.getCachedKeyStore(generateKSNameFromDomainName(tenantDomain));
} finally {
FrameworkUtils.endTenantFlow();
}
} else { // for super tenant, load the default pub. cert using the
// config. in carbon.xml
keyStore = keyStoreManager.getPrimaryKeyStore();
keyStore = keyStoreManager.getCachedPrimaryKeyStore();
}
java.security.cert.X509Certificate cert =
(java.security.cert.X509Certificate) keyStore.getCertificate(alias);
Expand Down
5 changes: 4 additions & 1 deletion ...ntity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/SAMLLogoutHandlerTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
import org.testng.annotations.BeforeTest;
import org.testng.annotations.Test;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.identity.application.authentication.framework.context.AuthenticationContext;
Expand All @@ -50,6 +51,7 @@
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;

import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.util.HashMap;
import javax.net.ssl.KeyManager;
Expand Down Expand Up @@ -178,6 +180,7 @@ private void createMocks() throws Exception {

KeyStore keyStore = TestUtils.
loadKeyStoreFromFileSystem(TestUtils.getFilePath("wso2carbon.jks"), "wso2carbon", "JKS");
CachedKeyStore cachedKeyStore = new CachedKeyStore(keyStore);

SAMLSSOUtil.setRegistryService(registryService);
when(registryService.getGovernanceSystemRegistry()).thenReturn(registry);
Expand All @@ -187,7 +190,7 @@ private void createMocks() throws Exception {

mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID)).thenReturn(keyStoreManager);
when(keyStoreManager.getPrimaryKeyStore()).thenReturn(keyStore);
when(keyStoreManager.getCachedPrimaryKeyStore()).thenReturn(cachedKeyStore);
}

@Test
Expand Down
11 changes: 7 additions & 4 deletions ...entity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/util/EncryptionTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.testng.PowerMockTestCase;
import org.testng.annotations.Test;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
import org.wso2.carbon.identity.core.util.IdentityUtil;
Expand Down Expand Up @@ -127,14 +128,16 @@ private void assertEncryptedSAMLAssertion(Assertion assertion, EncryptedAssertio

private void prepareForAssertionEncryption() throws Exception {

KeyStore keyStore = TestUtils.loadKeyStoreFromFileSystem(
TestUtils.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS");
CachedKeyStore cachedKeyStore = new CachedKeyStore(keyStore);

when(realmService.getTenantManager()).thenReturn(tenantManager);
when(tenantManager.getTenantId(anyString())).thenReturn(4567);
mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(anyInt())).thenReturn(keyStoreManager);
when(keyStoreManager.getKeyStore(anyString())).thenReturn(TestUtils.loadKeyStoreFromFileSystem(
TestUtils.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS"));
when(keyStoreManager.getPrimaryKeyStore()).thenReturn(TestUtils.loadKeyStoreFromFileSystem(
TestUtils.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS"));
when(keyStoreManager.getCachedKeyStore(anyString())).thenReturn(cachedKeyStore);
when(keyStoreManager.getCachedPrimaryKeyStore()).thenReturn(cachedKeyStore);
SAMLSSOUtil.setRealmService(realmService);

mockStatic(IdentityUtil.class);
Expand Down
17 changes: 11 additions & 6 deletions ...entity.sso.saml/src/test/java/org/wso2/carbon/identity/sso/saml/util/SAMLSSOUtilTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import org.testng.annotations.DataProvider;
import org.testng.annotations.ObjectFactory;
import org.testng.annotations.Test;
import org.wso2.carbon.core.util.CachedKeyStore;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceComponent;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
Expand Down Expand Up @@ -64,6 +65,7 @@
import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
import org.wso2.carbon.utils.security.KeystoreUtils;

import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;

Expand Down Expand Up @@ -403,15 +405,18 @@ public void testGetDestinationException() throws Exception {
@Test
public void testGetX509CredentialImplForSuperTenant() throws Exception {

KeyStore keyStore = TestUtils.loadKeyStoreFromFileSystem(TestUtils
.getFilePath("wso2carbon.jks"), "wso2carbon", "JKS");
CachedKeyStore cachedKeyStore = new CachedKeyStore(keyStore);
prepareForGetIssuer();
mockStatic(FrameworkServiceComponent.class);
when(FrameworkServiceComponent.getRealmService()).thenReturn(realmService);
when(realmService.getTenantManager()).thenReturn(tenantManager);
when(tenantManager.getTenantId(anyString())).thenReturn(-1234);
mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(eq(-1234))).thenReturn(keyStoreManager);
when(keyStoreManager.getPrimaryKeyStore()).thenReturn(TestUtils.loadKeyStoreFromFileSystem(TestUtils
.getFilePath("wso2carbon.jks"), "wso2carbon", "JKS"));
when(keyStoreManager.getCachedPrimaryKeyStore()).thenReturn(cachedKeyStore);
when(keyStoreManager.getCachedKeyStore(anyString())).thenReturn(cachedKeyStore);
X509CredentialImpl x509Credential = SAMLSSOUtil.getX509CredentialImplForTenant("carbon.super", "wso2carbon");
assertNotNull(x509Credential.getPublicKey(), "public key is missing");
}
Expand All @@ -427,9 +432,9 @@ public void testGetX509CredentialImplForTenant() throws Exception {
when(tenantManager.getTenantId(anyString())).thenReturn(1);
mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(eq(1))).thenReturn(keyStoreManager);
when(keyStoreManager.getKeyStore(eq(SAMLSSOUtil.generateKSNameFromDomainName(TestConstants.WSO2_TENANT_DOMAIN)))).thenReturn
(TestUtils.loadKeyStoreFromFileSystem(TestUtils
.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS"));
when(keyStoreManager.getCachedKeyStore(eq(SAMLSSOUtil.generateKSNameFromDomainName(TestConstants.WSO2_TENANT_DOMAIN)))).thenReturn
(new CachedKeyStore(TestUtils.loadKeyStoreFromFileSystem(TestUtils
.getFilePath(TestConstants.KEY_STORE_NAME), TestConstants.WSO2_CARBON, "JKS")));
X509CredentialImpl x509Credential = SAMLSSOUtil.getX509CredentialImplForTenant(TestConstants
.WSO2_TENANT_DOMAIN, TestConstants.WSO2_CARBON);
assertNotNull(x509Credential.getPublicKey(), "public key is missing for tenant");
Expand All @@ -443,7 +448,7 @@ public void testGetX509CredentialImplException() throws Exception {
when(tenantManager.getTenantId(anyString())).thenReturn(1);
mockStatic(KeyStoreManager.class);
when(KeyStoreManager.getInstance(eq(1))).thenReturn(keyStoreManager);
when(keyStoreManager.getKeyStore(eq(SAMLSSOUtil.generateKSNameFromDomainName(TestConstants.WSO2_TENANT_DOMAIN)))).thenReturn
when(keyStoreManager.getCachedKeyStore(eq(SAMLSSOUtil.generateKSNameFromDomainName(TestConstants.WSO2_TENANT_DOMAIN)))).thenReturn
(null);
X509CredentialImpl x509Credential = SAMLSSOUtil.getX509CredentialImplForTenant(TestConstants
.WSO2_TENANT_DOMAIN, TestConstants.WSO2_CARBON);
Expand Down
Loading