diff --git a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/artifact/SAMLSSOSoapMessageService.java b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/artifact/SAMLSSOSoapMessageService.java
index e9f76dd5..0f3fe67e 100644
--- a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/artifact/SAMLSSOSoapMessageService.java
+++ b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/artifact/SAMLSSOSoapMessageService.java
@@ -35,10 +35,11 @@
import org.opensaml.soap.soap11.Envelope;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.authenticator.samlsso.exception.ArtifactResolutionException;
import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOConstants;
-import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOUtils;
import org.wso2.carbon.utils.CarbonUtils;
import java.io.IOException;
@@ -137,30 +138,28 @@ private SSLContext getSSLContext(final ServerConfiguration serverConfig)
SSLContext sslContext = null;
KeyManagerFactory keyManagerFactory;
- KeyStore keyStore;
- String keyStorePath;
- String keyStorePassword;
- String keyStoreType;
if (serverConfig != null) {
- keyStorePath = serverConfig.getFirstProperty(SSOConstants.SECURITY_KEYSTORE_LOCATION);
- keyStorePassword = serverConfig.getFirstProperty(SSOConstants.ServerConfig.KEY_PASSWORD);
- keyStoreType = serverConfig.getFirstProperty(SSOConstants.SECURITY_KEYSTORE_TYPE);
+ String keyStorePath = serverConfig.getFirstProperty(SSOConstants.SECURITY_KEYSTORE_LOCATION);
+ String keyStorePassword = serverConfig.getFirstProperty(SSOConstants.ServerConfig.KEY_PASSWORD);
+ KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
char[] kspassphrase = keyStorePassword.toCharArray();
sslContext = SSLContext.getInstance("TLSv1.2");
keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
- keyStore = SSOUtils.loadKeyStoreFromFileSystem(keyStorePath, keyStorePassword, keyStoreType);
- keyManagerFactory.init(keyStore, kspassphrase);
- sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
+ try {
+ KeyStore keyStore = keyStoreManager.getPrimaryKeyStore();
+ keyManagerFactory.init(keyStore, kspassphrase);
+ sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
+ } catch (Exception e) {
+ throw new GeneralSecurityException("Error when try to load keystore" + keyStorePath, e);
+ }
if (log.isDebugEnabled()) {
- log.debug("Created SSL Context using keystore: " + keyStorePath + " and keyStorePassword: " +
- keyStorePassword);
+ log.debug("Created SSL Context using keystore: " + keyStorePath);
}
}
-
return sslContext;
}
diff --git a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java
index c1adae1b..2fed0fc7 100644
--- a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java
+++ b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java
@@ -29,6 +29,7 @@
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.KeyStoreManager;
+import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException;
import org.wso2.carbon.identity.application.authenticator.samlsso.internal.SAMLSSOAuthenticatorServiceDataHolder;
@@ -141,7 +142,7 @@ public X509CredentialImpl(String tenantDomain, String idpCert) throws SAMLSSOExc
try (FileInputStream is = new FileInputStream(keyStoreLocation)) {
String keyStoreType = ServerConfiguration.getInstance().getFirstProperty(
SECURITY_SAML_SIGN_KEY_STORE_TYPE);
- KeyStore keyStore = KeyStore.getInstance(keyStoreType);
+ KeyStore keyStore = KeystoreUtils.getKeystoreInstance(keyStoreType);
char[] keyStorePassword = ServerConfiguration.getInstance().getFirstProperty(
SECURITY_SAML_SIGN_KEY_STORE_PASSWORD).toCharArray();
diff --git a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java
index d9334ebb..4e9309b6 100644
--- a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java
+++ b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java
@@ -57,6 +57,7 @@
import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.utils.security.KeystoreUtils;
import org.xml.sax.SAXException;
import java.io.ByteArrayInputStream;
@@ -69,6 +70,7 @@
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
@@ -643,10 +645,10 @@ private static Document getDocument(DocumentBuilderFactory documentBuilderFactor
public static KeyStore loadKeyStoreFromFileSystem(String keyStorePath, String password, String type) {
try (FileInputStream inputStream = new FileInputStream(keyStorePath)) {
- KeyStore keyStore = KeyStore.getInstance(type);
+ KeyStore keyStore = KeystoreUtils.getKeystoreInstance(type);
keyStore.load(inputStream, password.toCharArray());
return keyStore;
- } catch (KeyStoreException e1) {
+ } catch (KeyStoreException | NoSuchProviderException e1) {
throw new java.lang.SecurityException("Could not get a keystore instance of type: " + type + ": " + e1);
} catch (IOException e2) {
throw new java.lang.SecurityException("Could not open keystore in path: " + keyStorePath + ": " + e2);
diff --git a/pom.xml b/pom.xml
index d807af1c..7bab6504 100644
--- a/pom.xml
+++ b/pom.xml
@@ -285,8 +285,8 @@
[1.0.0, 2.0.0)
- 4.9.23
- 4.9.0
+ 4.10.22
+ 4.10.22
[4.4.0, 5.0.0)
[1.0.1, 2.0.0)