Source code

001/*
002 * Copyright 2021-2024 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2021-2024 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2021-2024 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk.unboundidds.extensions;
037
038
039
040import java.util.ArrayList;
041import java.util.List;
042
043import com.unboundid.asn1.ASN1Element;
044import com.unboundid.asn1.ASN1OctetString;
045import com.unboundid.asn1.ASN1Sequence;
046import com.unboundid.ldap.sdk.LDAPException;
047import com.unboundid.ldap.sdk.ResultCode;
048import com.unboundid.util.Debug;
049import com.unboundid.util.NotMutable;
050import com.unboundid.util.NotNull;
051import com.unboundid.util.Nullable;
052import com.unboundid.util.StaticUtils;
053import com.unboundid.util.ThreadSafety;
054import com.unboundid.util.ThreadSafetyLevel;
055import com.unboundid.util.Validator;
056
057import static com.unboundid.ldap.sdk.unboundidds.extensions.ExtOpMessages.*;
058
059
060
061/**
062 * This class provides a {@link ReplaceCertificateKeyStoreContent}
063 * implementation to indicate that the server should use a certificate key store
064 * file contained on the server filesystem.
065 * <BR>
066 * <BLOCKQUOTE>
067 *   <B>NOTE:</B>  This class, and other classes within the
068 *   {@code com.unboundid.ldap.sdk.unboundidds} package structure, are only
069 *   supported for use against Ping Identity, UnboundID, and
070 *   Nokia/Alcatel-Lucent 8661 server products.  These classes provide support
071 *   for proprietary functionality or for external specifications that are not
072 *   considered stable or mature enough to be guaranteed to work in an
073 *   interoperable way with other types of LDAP servers.
074 * </BLOCKQUOTE>
075 */
076@NotMutable()
077@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
078public final class KeyStoreFileReplaceCertificateKeyStoreContent
079       extends ReplaceCertificateKeyStoreContent
080{
081  /**
082   * The BER type to use for the ASN.1 element containing an encoded
083   * representation of this key store content object.
084   */
085  static final byte TYPE_KEY_STORE_CONTENT = (byte) 0xA0;
086
087
088
089  /**
090   * The BER type to use for the ASN.1 element that holds the absolute path to
091   * the key store file.
092   */
093  private static final byte TYPE_KEY_STORE_PATH = (byte) 0x88;
094
095
096
097  /**
098   * The BER type to use for the ASN.1 element that holds the PIN needed to
099   * access protected content in the key store.
100   */
101  private static final byte TYPE_KEY_STORE_PIN = (byte) 0x89;
102
103
104
105  /**
106   * The BER type to use for the ASN.1 element that holds the PIN needed to
107   * access the private key in the key store.
108   */
109  private static final byte TYPE_PRIVATE_KEY_PIN = (byte) 0x8A;
110
111
112
113  /**
114   * The BER type to use for the ASN.1 element that holds the key store type.
115   */
116  private static final byte TYPE_KEY_STORE_TYPE = (byte) 0x8B;
117
118
119
120  /**
121   * The BER type to use for the ASN.1 element that holds the source certificate
122   * alias.
123   */
124  private static final byte TYPE_SOURCE_CERTIFICATE_ALIAS = (byte) 0x8C;
125
126
127
128  /**
129   * The serial version UID for this serializable class.
130   */
131  private static final long serialVersionUID = -4246144511736675823L;
132
133
134
135  // The path to the key store file on the server filesystem.
136  @NotNull private final String keyStorePath;
137
138  // The PIN needed to access the contents of the key store.
139  @NotNull private final String keyStorePIN;
140
141  // The key store type for the key store.
142  @Nullable private final String keyStoreType;
143
144  // The PIN needed to access the private key.
145  @Nullable private final String privateKeyPIN;
146
147  // The alias of the certificate to use in the key store.
148  @Nullable private final String sourceCertificateAlias;
149
150
151
152  /**
153   * Creates a new instance of this key store content object with the provided
154   * information.
155   *
156   * @param  keyStorePath            The absolute path to the target key store
157   *                                 on the server filesystem.  It must not be
158   *                                 {@code null} or empty.
159   * @param  keyStorePIN             The PIN needed to access protected content
160   *                                 in the key store.  It must not be
161   *                                 {@code null} or empty.
162   * @param  privateKeyPIN           The PIN needed to access private key
163   *                                 information in the key store.  It may be
164   *                                 {@code null} if the key store PIN should
165   *                                 also be used as the private key PIN.
166   * @param  keyStoreType            The key store type for the target key
167   *                                 store.  If provided, its value will likely
168   *                                 be one of JKS, PKCS12, or BCFKS.  If this
169   *                                 is {@code null}, then the server will
170   *                                 attempt to automatically determine the
171   *                                 appropriate key store type.
172   * @param  sourceCertificateAlias  The alias of the private key entry in the
173   *                                 key store that contains the new certificate
174   *                                 chain to be used.  It may optionally be
175   *                                 {@code null} if and only if the key store
176   *                                 has only a single private key entry.
177   */
178  public KeyStoreFileReplaceCertificateKeyStoreContent(
179              @NotNull final String keyStorePath,
180              @NotNull final String keyStorePIN,
181              @Nullable final String privateKeyPIN,
182              @Nullable final String keyStoreType,
183              @Nullable final String sourceCertificateAlias)
184  {
185    Validator.ensureNotNullOrEmpty(keyStorePath,
186         "KeyStoreFileReplaceCertificateKeyStoreContent.keyStorePath must " +
187              "not be null.");
188    Validator.ensureNotNullOrEmpty(keyStorePIN,
189         "KeyStoreFileReplaceCertificateKeyStoreContent.keyStorePIN must " +
190              "not be null.");
191
192    this.keyStorePath = keyStorePath;
193    this.keyStorePIN = keyStorePIN;
194    this.privateKeyPIN = privateKeyPIN;
195    this.keyStoreType = keyStoreType;
196    this.sourceCertificateAlias = sourceCertificateAlias;
197  }
198
199
200
201  /**
202   * Retrieves the absolute path to the target key store on the server
203   * filesystem.
204   *
205   * @return  The absolute path to the target key store on the server
206   *          filesystem.
207   */
208  @NotNull()
209  public String getKeyStorePath()
210  {
211    return keyStorePath;
212  }
213
214
215
216  /**
217   * Retrieves the PIN needed to access protected content in the key store.
218   *
219   * @return  The PIN needed to access protected content in the key store.
220   */
221  @NotNull()
222  public String getKeyStorePIN()
223  {
224    return keyStorePIN;
225  }
226
227
228
229  /**
230   * Retrieves the PIN needed to access private key information in the key
231   * store, if available.
232   *
233   * @return  The PIN needed to access private key information in the key store,
234   *          or {@code null} if the key store PIN should also be used as the
235   *          private key PIN.
236   */
237  @Nullable()
238  public String getPrivateKeyPIN()
239  {
240    return privateKeyPIN;
241  }
242
243
244
245  /**
246   * Retrieves the key store type for the target key store, if available.
247   *
248   * @return  The key store type for the target key store, or {@code null} if
249   *          the key store type is not available and the server should attempt
250   *          to automatically determine the appropriate key store type.
251   */
252  @Nullable()
253  public String getKeyStoreType()
254  {
255    return keyStoreType;
256  }
257
258
259
260  /**
261   * Retrieves the alias of the private key entry in the key store that contains
262   * the new certificate chain to be used, if available.
263   *
264   * @return  The alias of the private key entry in the key store that contains
265   *          the new certificate chain to be used, or {@code null} if no source
266   *          certificate alias was provided and the key store is expected to
267   *          have only a single private key entry.
268   */
269  @Nullable()
270  public String getSourceCertificateAlias()
271  {
272    return sourceCertificateAlias;
273  }
274
275
276
277  /**
278   * Decodes a key store file replace certificate key store content object from
279   * the provided ASN.1 element.
280   *
281   * @param  element  The ASN.1 element containing the encoded representation of
282   *                  the key store file replace certificate key store content
283   *                  object.  It must not be {@code null}.
284   *
285   * @return  The decoded key store content object.
286   *
287   * @throws  LDAPException  If the provided ASN.1 element cannot be decoded as
288   *                         a key store file replace certificate key store
289   *                         content object.
290   */
291  @NotNull()
292  static KeyStoreFileReplaceCertificateKeyStoreContent decodeInternal(
293              @NotNull final ASN1Element element)
294         throws LDAPException
295  {
296    try
297    {
298      final ASN1Element[] elements = element.decodeAsSequence().elements();
299      final String keyStorePath =
300           elements[0].decodeAsOctetString().stringValue();
301      final String keyStorePIN =
302           elements[1].decodeAsOctetString().stringValue();
303
304      String privateKeyPIN = null;
305      String keyStoreType = null;
306      String sourceCertificateAlias = null;
307      for (int i=2; i < elements.length; i++)
308      {
309        switch (elements[i].getType())
310        {
311          case TYPE_PRIVATE_KEY_PIN:
312            privateKeyPIN = elements[i].decodeAsOctetString().stringValue();
313            break;
314          case TYPE_KEY_STORE_TYPE:
315            keyStoreType = elements[i].decodeAsOctetString().stringValue();
316            break;
317          case TYPE_SOURCE_CERTIFICATE_ALIAS:
318            sourceCertificateAlias =
319                 elements[i].decodeAsOctetString().stringValue();
320            break;
321        }
322      }
323
324      return new KeyStoreFileReplaceCertificateKeyStoreContent(keyStorePath,
325           keyStorePIN, privateKeyPIN, keyStoreType, sourceCertificateAlias);
326    }
327    catch (final Exception e)
328    {
329      Debug.debugException(e);
330      throw new LDAPException(ResultCode.DECODING_ERROR,
331           ERR_KSF_KSC_DECODE_ERROR.get(StaticUtils.getExceptionMessage(e)),
332           e);
333    }
334  }
335
336
337
338  /**
339   * {@inheritDoc}
340   */
341  @Override()
342  @NotNull()
343  public ASN1Element encode()
344  {
345    final List<ASN1Element> elements = new ArrayList<>(5);
346    elements.add(new ASN1OctetString(TYPE_KEY_STORE_PATH, keyStorePath));
347    elements.add(new ASN1OctetString(TYPE_KEY_STORE_PIN, keyStorePIN));
348
349    if (privateKeyPIN != null)
350    {
351      elements.add(new ASN1OctetString(TYPE_PRIVATE_KEY_PIN, privateKeyPIN));
352    }
353
354    if (keyStoreType != null)
355    {
356      elements.add(new ASN1OctetString(TYPE_KEY_STORE_TYPE, keyStoreType));
357    }
358
359    if (sourceCertificateAlias != null)
360    {
361      elements.add(new ASN1OctetString(TYPE_SOURCE_CERTIFICATE_ALIAS,
362           sourceCertificateAlias));
363    }
364
365    return new ASN1Sequence(TYPE_KEY_STORE_CONTENT, elements);
366  }
367
368
369
370  /**
371   * {@inheritDoc}
372   */
373  @Override()
374  public void toString(@NotNull final StringBuilder buffer)
375  {
376    buffer.append(
377         "KeyStoreFileReplaceCertificateKeyStoreContent(keyStorePath='");
378    buffer.append(keyStorePath);
379    buffer.append("', privateKeyPINProvided=");
380    buffer.append(privateKeyPIN != null);
381
382    if (keyStoreType != null)
383    {
384      buffer.append(", keyStoreType='");
385      buffer.append(keyStoreType);
386      buffer.append('\'');
387    }
388
389    if (sourceCertificateAlias != null)
390    {
391      buffer.append(", sourceCertificateAlias='");
392      buffer.append(sourceCertificateAlias);
393      buffer.append('\'');
394    }
395
396    buffer.append(')');
397  }
398}