2 * The Shibboleth License, Version 1.
4 * University Corporation for Advanced Internet Development, Inc.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
11 * Redistributions of source code must retain the above copyright notice, this
12 * list of conditions and the following disclaimer.
14 * Redistributions in binary form must reproduce the above copyright notice,
15 * this list of conditions and the following disclaimer in the documentation
16 * and/or other materials provided with the distribution, if any, must include
17 * the following acknowledgment: "This product includes software developed by
18 * the University Corporation for Advanced Internet Development
19 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement
20 * may appear in the software itself, if and wherever such third-party
21 * acknowledgments normally appear.
23 * Neither the name of Shibboleth nor the names of its contributors, nor
24 * Internet2, nor the University Corporation for Advanced Internet Development,
25 * Inc., nor UCAID may be used to endorse or promote products derived from this
26 * software without specific prior written permission. For written permission,
27 * please contact shibboleth@shibboleth.org
29 * Products derived from this software may not be called Shibboleth, Internet2,
30 * UCAID, or the University Corporation for Advanced Internet Development, nor
31 * may Shibboleth appear in their name, without prior written permission of the
32 * University Corporation for Advanced Internet Development.
35 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
36 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
37 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
38 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
39 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
40 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
41 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT,
42 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
43 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
44 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
46 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
47 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
50 package edu.internet2.middleware.shibboleth.utils;
53 import java.io.FileOutputStream;
54 import java.io.IOException;
55 import java.security.GeneralSecurityException;
56 import java.security.KeyStore;
57 import java.security.SecureRandom;
59 import javax.crypto.SecretKey;
60 import javax.crypto.SecretKeyFactory;
61 import javax.crypto.spec.DESedeKeySpec;
63 import org.apache.tools.ant.BuildException;
64 import org.apache.tools.ant.Task;
67 * Generates a Triple DES key and sticks it in the default location for use by
68 * the <code>CryptoHandleRepository</code>
70 * @author Walter Hoehn (wassa@columbia.edu)
72 public class HandleRepositorySecretGenerator extends Task {
74 private File keyStorePath;
75 private String keyStorePassword;
76 private String keyStoreKeyAlias;
77 private String keyStoreKeyPassword;
78 public void execute() throws BuildException {
80 if (keyStorePath == null
81 || keyStorePassword == null
82 || keyStoreKeyAlias == null
83 || keyStoreKeyPassword == null) {
84 throw new BuildException("Missing required parameter.");
86 log("Generating secret.");
87 SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
88 byte[] pseudoRand = new byte[24];
89 new SecureRandom().nextBytes(pseudoRand);
90 SecretKey secret = keyFactory.generateSecret(new DESedeKeySpec(pseudoRand));
92 log("Writing keystore.");
93 KeyStore keyStore = KeyStore.getInstance("JCEKS");
94 keyStore.load(null, keyStorePassword.toCharArray());
95 keyStore.setKeyEntry(keyStoreKeyAlias, secret, keyStoreKeyPassword.toCharArray(), null);
96 keyStore.store(new FileOutputStream(keyStorePath), keyStorePassword.toCharArray());
98 } catch (GeneralSecurityException e) {
99 throw new BuildException("Unable to generate secret: " + e);
100 } catch (IOException e) {
101 throw new BuildException("Unable to store secret in keystore: " + e);
106 * Sets the keyStoreKeyAlias.
107 * @param keyStoreKeyAlias The keyStoreKeyAlias to set
109 public void setKeyStoreKeyAlias(String keyStoreKeyAlias) {
110 this.keyStoreKeyAlias = keyStoreKeyAlias;
114 * Sets the keyStoreKeyPassword.
115 * @param keyStoreKeyPassword The keyStoreKeyPassword to set
117 public void setKeyStoreKeyPassword(String keyStoreKeyPassword) {
118 this.keyStoreKeyPassword = keyStoreKeyPassword;
122 * Sets the keyStorePassword.
123 * @param keyStorePassword The keyStorePassword to set
125 public void setKeyStorePassword(String keyStorePassword) {
126 this.keyStorePassword = keyStorePassword;
130 * Sets the keyStorePath.
131 * @param keyStorePath The keyStorePath to set
133 public void setKeyStorePath(File keyStorePath) {
134 this.keyStorePath = keyStorePath;