Skip to content

Commit

Permalink
Ensuring char[] as password type
Browse files Browse the repository at this point in the history
  • Loading branch information
@phax
phax committed Oct 25, 2024
1 parent f5f49c0 commit 5f4aae6
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 20 deletions.
58 changes: 57 additions & 1 deletion ph-security/src/main/java/com/helger/security/keystore/KeyStoreHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,10 @@ public static KeyStore getSimiliarKeyStore (@Nonnull final KeyStore aOther,
* In case key store loading fails
* @throws IllegalArgumentException
* If the key store path is invalid
* @deprecated Use the version with char[] as password type
*/
@Nonnull
@Deprecated (forRemoval = true, since = "11.1.9")
public static KeyStore loadKeyStoreDirect (@Nonnull final IKeyStoreType aKeyStoreType,
@Nullable final String sKeyStorePath,
@Nullable final String sKeyStorePassword) throws GeneralSecurityException,
Expand Down Expand Up @@ -144,8 +146,10 @@ public static KeyStore loadKeyStoreDirect (@Nonnull final IKeyStoreType aKeyStor
* @throws IllegalArgumentException
* If the key store path is invalid
* @since 11.1.1
* @deprecated Use the version with char[] as password type
*/
@Nonnull
@Deprecated (forRemoval = true, since = "11.1.9")
public static KeyStore loadKeyStoreDirect (@Nonnull final IKeyStoreType aKeyStoreType,
@Nullable final String sKeyStorePath,
@Nullable final String sKeyStorePassword,
Expand Down Expand Up @@ -351,8 +355,10 @@ private static boolean _isInvalidPasswordException (@Nonnull final Exception ex)
* @param sKeyStorePassword
* Password for the key store. May not be <code>null</code> to succeed.
* @return The key store loading result. Never <code>null</code>.
* @deprecated Use the version with char[] as password type
*/
@Nonnull
@Deprecated (forRemoval = true, since = "11.1.9")
public static LoadedKeyStore loadKeyStore (@Nonnull final IKeyStoreType aKeyStoreType,
@Nullable final String sKeyStorePath,
@Nullable final String sKeyStorePassword)
Expand All @@ -374,12 +380,62 @@ public static LoadedKeyStore loadKeyStore (@Nonnull final IKeyStoreType aKeyStor
* The Security Provider to use. May be <code>null</code>.
* @return The key store loading result. Never <code>null</code>.
* @since 11.1.1
* @deprecated Use the version with char[] as password type
*/
@Nonnull
@Deprecated (forRemoval = true, since = "11.1.9")
public static LoadedKeyStore loadKeyStore (@Nonnull final IKeyStoreType aKeyStoreType,
@Nullable final String sKeyStorePath,
@Nullable final String sKeyStorePassword,
@Nullable final Provider aSecurityProvider)
{
return loadKeyStore (aKeyStoreType,
sKeyStorePath,
sKeyStorePassword == null ? null : sKeyStorePassword.toCharArray (),
null);
}

/**
* Load the provided key store in a safe manner.
*
* @param aKeyStoreType
* Type of key store. May not be <code>null</code>.
* @param sKeyStorePath
* Path to the key store. May not be <code>null</code> for all key
* store types that require a path.
* @param aKeyStorePassword
* Password for the key store. May not be <code>null</code> to succeed.
* @return The key store loading result. Never <code>null</code>.
* @since 11.1.9
*/
@Nonnull
public static LoadedKeyStore loadKeyStore (@Nonnull final IKeyStoreType aKeyStoreType,
@Nullable final String sKeyStorePath,
@Nullable final char [] aKeyStorePassword)
{
return loadKeyStore (aKeyStoreType, sKeyStorePath, aKeyStorePassword, null);
}

/**
* Load the provided key store in a safe manner.
*
* @param aKeyStoreType
* Type of key store. May not be <code>null</code>.
* @param sKeyStorePath
* Path to the key store. May not be <code>null</code> for all key
* store types that require a path.
* @param aKeyStorePassword
* Password for the key store. May not be <code>null</code> to succeed.
* @param aSecurityProvider
* The Security Provider to use. May be <code>null</code>.
* @return The key store loading result. Never <code>null</code>.
* @since 11.1.9
*/
@Nonnull
public static LoadedKeyStore loadKeyStore (@Nonnull final IKeyStoreType aKeyStoreType,
@Nullable final String sKeyStorePath,
@Nullable final char [] aKeyStorePassword,
@Nullable final Provider aSecurityProvider)
{
ValueEnforcer.notNull (aKeyStoreType, "KeyStoreType");

Expand All @@ -391,7 +447,7 @@ public static LoadedKeyStore loadKeyStore (@Nonnull final IKeyStoreType aKeyStor
// Try to load key store
try
{
aKeyStore = loadKeyStoreDirect (aKeyStoreType, sKeyStorePath, sKeyStorePassword, aSecurityProvider);
aKeyStore = loadKeyStoreDirect (aKeyStoreType, sKeyStorePath, aKeyStorePassword, aSecurityProvider);
}
catch (final IllegalArgumentException ex)
{
Expand Down
44 changes: 25 additions & 19 deletions ph-security/src/test/java/com/helger/security/keystore/KeyStoreHelperTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ public void testLoadKeyStoreDirect () throws Exception
final String sBasePath = new File ("").getAbsolutePath ();

// Load from classpath
KeyStore ks = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "keystores/keystore-no-pw.jks", (String) null);
KeyStore ks = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "keystores/keystore-no-pw.jks", (char []) null);
assertEquals (JKS, ks.getType ());
assertEquals (1, CollectionHelper.getSize (ks.aliases ()));
assertTrue (ks.containsAlias ("1"));
Expand All @@ -119,7 +119,7 @@ public void testLoadKeyStoreDirect () throws Exception
ks = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS,
new ClassPathResource ("keystores/keystore-no-pw.jks").getAsFile ()
.getAbsolutePath (),
(String) null);
(char []) null);
assertEquals (JKS, ks.getType ());
assertEquals (1, CollectionHelper.getSize (ks.aliases ()));
assertTrue (ks.containsAlias ("1"));
Expand All @@ -132,15 +132,15 @@ public void testLoadKeyStoreDirect () throws Exception
.getAbsolutePath ()
.substring (sBasePath.length () +
1),
(String) null);
(char []) null);
assertEquals (JKS, ks.getType ());
assertEquals (1, CollectionHelper.getSize (ks.aliases ()));
assertTrue (ks.containsAlias ("1"));
assertNotNull (ks.getCertificate ("1"));
ks.setKeyEntry ("2", aKeyPair.getPrivate (), "key2".toCharArray (), certs);

// Load from classpath
ks = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "keystores/keystore-pw-peppol.jks", (String) null);
ks = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "keystores/keystore-pw-peppol.jks", (char []) null);
assertEquals (1, CollectionHelper.getSize (ks.aliases ()));
assertTrue (ks.containsAlias ("1"));
final Certificate c2 = ks.getCertificate ("1");
Expand All @@ -152,7 +152,7 @@ public void testLoadKeyStoreDirect () throws Exception
ks = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS,
new ClassPathResource ("keystores/keystore-pw-peppol.jks").getAsFile ()
.getAbsolutePath (),
(String) null);
(char []) null);
assertEquals (1, CollectionHelper.getSize (ks.aliases ()));
assertTrue (ks.containsAlias ("1"));
assertNotNull (ks.getCertificate ("1"));
Expand All @@ -164,13 +164,15 @@ public void testLoadKeyStoreDirect () throws Exception
.getAbsolutePath ()
.substring (sBasePath.length () +
1),
(String) null);
(char []) null);
assertEquals (1, CollectionHelper.getSize (ks.aliases ()));
assertTrue (ks.containsAlias ("1"));
assertNotNull (ks.getCertificate ("1"));
ks.setKeyEntry ("2", aKeyPair.getPrivate (), "key2".toCharArray (), certs);

ks = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "keystores/keystore-pw-peppol.jks", "peppol");
ks = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS,
"keystores/keystore-pw-peppol.jks",
"peppol".toCharArray ());
assertEquals (1, CollectionHelper.getSize (ks.aliases ()));
assertTrue (ks.containsAlias ("1"));
final Certificate c3 = ks.getCertificate ("1");
Expand All @@ -181,7 +183,7 @@ public void testLoadKeyStoreDirect () throws Exception
try
{
// Non-existing file
KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "keystores/keystore-not-existing.jks", (String) null);
KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "keystores/keystore-not-existing.jks", (char []) null);
fail ();
}
catch (final IllegalArgumentException ex)
Expand All @@ -190,7 +192,9 @@ public void testLoadKeyStoreDirect () throws Exception
try
{
// Invalid password
KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS, "keystores/keystore-pw-peppol.jks", "wrongpw");
KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS,
"keystores/keystore-pw-peppol.jks",
"wrongpw".toCharArray ());
fail ();
}
catch (final IOException ex)
Expand All @@ -216,7 +220,9 @@ public void testLoadKeyStoreForPkcs11 ()
Security.removeProvider ("SunrPKCS11");
Security.addProvider (aMockPkcs11Provider);

final LoadedKeyStore loadedKeyStore = KeyStoreHelper.loadKeyStore (EKeyStoreType.PKCS11, null, "111111");
final LoadedKeyStore loadedKeyStore = KeyStoreHelper.loadKeyStore (EKeyStoreType.PKCS11,
null,
"111111".toCharArray ());
assertNotNull (loadedKeyStore);
assertNotNull (loadedKeyStore.getKeyStore ());
assertEquals (PKCS11, loadedKeyStore.getKeyStore ().getType ());
Expand All @@ -228,46 +234,46 @@ public void testLoadKeyStoreForPkcs11 ()
@Test
public void testLoadKeyStore () throws Exception
{
LoadedKeyStore ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/keystore-no-pw.jks", (String) null);
LoadedKeyStore ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/keystore-no-pw.jks", (char []) null);
assertNotNull (ks);
assertTrue (ks.isSuccess ());
assertNotNull (ks.getKeyStore ());
assertNull (ks.getError ());
assertEquals (1, CollectionHelper.getSize (ks.getKeyStore ().aliases ()));

ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/keystore-pw-peppol.jks", "peppol");
ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/keystore-pw-peppol.jks", "peppol".toCharArray ());
assertNotNull (ks);
assertTrue (ks.isSuccess ());
assertNotNull (ks.getKeyStore ());
assertNull (ks.getError ());
assertEquals (1, CollectionHelper.getSize (ks.getKeyStore ().aliases ()));

// Non-existing file
ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/keystore-not-existing.jks", (String) null);
ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/keystore-not-existing.jks", (char []) null);
assertNotNull (ks);
assertTrue (ks.isFailure ());
assertNull (ks.getKeyStore ());
assertEquals (EKeyStoreLoadError.KEYSTORE_LOAD_ERROR_NON_EXISTING, ks.getError ());
assertNotNull (ks.getErrorText (Locale.GERMANY));

// Invalid password
ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/keystore-pw-peppol.jks", "wrongpw");
ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/keystore-pw-peppol.jks", "wrongpw".toCharArray ());
assertNotNull (ks);
assertTrue (ks.isFailure ());
assertNull (ks.getKeyStore ());
assertEquals (EKeyStoreLoadError.KEYSTORE_INVALID_PASSWORD, ks.getError ());
assertNotNull (ks.getErrorText (Locale.GERMANY));

// Not a key store
ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/no-keystore.txt", "wrongpw");
ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/no-keystore.txt", "wrongpw".toCharArray ());
assertNotNull (ks);
assertTrue (ks.isFailure ());
assertNull (ks.getKeyStore ());
assertEquals (EKeyStoreLoadError.KEYSTORE_LOAD_ERROR_FORMAT_ERROR, ks.getError ());
assertNotNull (ks.getErrorText (Locale.GERMANY));

// Non existing file
ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/non-existing-keystore.jks", "any");
ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.JKS, "keystores/non-existing-keystore.jks", "any".toCharArray ());
assertNotNull (ks);
assertTrue (ks.isFailure ());
assertNull (ks.getKeyStore ());
Expand All @@ -288,7 +294,7 @@ public void testLoadPeppolTrustStoreProduction () throws Exception
// Load trust store
final KeyStore aTrustStore = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS,
"keystores/truststore-peppol-prod.jks",
"peppol");
"peppol".toCharArray ());
assertNotNull (aTrustStore);

// Additionally the STS certificate is contained
Expand All @@ -312,7 +318,7 @@ public void testLoadPeppolTrustStorePilot () throws Exception
// Load trust store
final KeyStore aTrustStore = KeyStoreHelper.loadKeyStoreDirect (EKeyStoreType.JKS,
"keystores/truststore-peppol-pilot.jks",
"peppol");
"peppol".toCharArray ());
assertNotNull (aTrustStore);

// Additionally the STS certificate is contained
Expand Down Expand Up @@ -357,7 +363,7 @@ public void testLoadBKSKeyStore () throws Exception
{
final LoadedKeyStore ks = KeyStoreHelper.loadKeyStore (EKeyStoreType.BKS,
"keystores/keystore-pw-test.bks",
"test",
"test".toCharArray (),
PBCProvider.getProvider ());
assertNotNull (ks);
assertTrue (ks.isSuccess ());
Expand Down

0 comments on commit 5f4aae6

Please sign in to comment.