001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto.tls;
019
020import java.io.File;
021import java.io.IOException;
022import java.io.InputStream;
023import java.nio.file.Files;
024import java.security.GeneralSecurityException;
025import java.security.KeyStore;
026import java.security.KeyStoreException;
027
028/**
029 * Base class for instances of {@link KeyStoreLoader} which load the key/trust stores from files on
030 * a filesystem using standard {@link KeyStore} types like JKS or PKCS12.
031 * <p/>
032 * This file has been copied from the Apache ZooKeeper project.
033 * @see <a href=
034 *      "https://github.com/apache/zookeeper/blob/c74658d398cdc1d207aa296cb6e20de00faec03e/zookeeper-server/src/main/java/org/apache/zookeeper/common/StandardTypeFileKeyStoreLoader.java">Base
035 *      revision</a>
036 */
037abstract class StandardTypeFileKeyStoreLoader extends FileKeyStoreLoader {
038  private static final char[] EMPTY_CHAR_ARRAY = new char[0];
039
040  protected final SupportedStandardKeyFormat format;
041
042  protected enum SupportedStandardKeyFormat {
043    JKS,
044    PKCS12,
045    BCFKS
046  }
047
048  StandardTypeFileKeyStoreLoader(String keyStorePath, String trustStorePath,
049    char[] keyStorePassword, char[] trustStorePassword, SupportedStandardKeyFormat format) {
050    super(keyStorePath, trustStorePath, keyStorePassword, trustStorePassword);
051    this.format = format;
052  }
053
054  @Override
055  public KeyStore loadKeyStore() throws IOException, GeneralSecurityException {
056    try (InputStream inputStream = Files.newInputStream(new File(keyStorePath).toPath())) {
057      KeyStore ks = keyStoreInstance();
058      ks.load(inputStream, passwordStringToCharArray(keyStorePassword));
059      return ks;
060    }
061  }
062
063  @Override
064  public KeyStore loadTrustStore() throws IOException, GeneralSecurityException {
065    try (InputStream inputStream = Files.newInputStream(new File(trustStorePath).toPath())) {
066      KeyStore ts = keyStoreInstance();
067      ts.load(inputStream, passwordStringToCharArray(trustStorePassword));
068      return ts;
069    }
070  }
071
072  private KeyStore keyStoreInstance() throws KeyStoreException {
073    return KeyStore.getInstance(format.name());
074  }
075
076  private static char[] passwordStringToCharArray(char[] password) {
077    return password == null ? EMPTY_CHAR_ARRAY : password;
078  }
079}