From eb7d3069771cc277aeecdcd2f4faae327f608f70 Mon Sep 17 00:00:00 2001
From: Udara Pathum <46132469+hwupathum@users.noreply.github.com>
Date: Mon, 30 Sep 2024 16:22:08 +0530
Subject: [PATCH] Use getKeystoreInstance from KeystoreUtils

---
 .../artifact/SAMLSSOSoapMessageService.java   | 27 +++++++++----------
 .../samlsso/manager/X509CredentialImpl.java   |  3 ++-
 .../authenticator/samlsso/util/SSOUtils.java  |  6 +++--
 pom.xml                                       |  4 +--
 4 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/artifact/SAMLSSOSoapMessageService.java b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/artifact/SAMLSSOSoapMessageService.java
index e9f76dd5..0f3fe67e 100644
--- a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/artifact/SAMLSSOSoapMessageService.java
+++ b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/artifact/SAMLSSOSoapMessageService.java
@@ -35,10 +35,11 @@
 import org.opensaml.soap.soap11.Envelope;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.base.ServerConfiguration;
+import org.wso2.carbon.core.util.KeyStoreManager;
 import org.wso2.carbon.identity.application.authenticator.samlsso.exception.ArtifactResolutionException;
 import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOConstants;
-import org.wso2.carbon.identity.application.authenticator.samlsso.util.SSOUtils;
 import org.wso2.carbon.utils.CarbonUtils;
 
 import java.io.IOException;
@@ -137,30 +138,28 @@ private SSLContext getSSLContext(final ServerConfiguration serverConfig)
 
         SSLContext sslContext = null;
         KeyManagerFactory keyManagerFactory;
-        KeyStore keyStore;
-        String keyStorePath;
-        String keyStorePassword;
-        String keyStoreType;
 
         if (serverConfig != null) {
-            keyStorePath = serverConfig.getFirstProperty(SSOConstants.SECURITY_KEYSTORE_LOCATION);
-            keyStorePassword = serverConfig.getFirstProperty(SSOConstants.ServerConfig.KEY_PASSWORD);
-            keyStoreType = serverConfig.getFirstProperty(SSOConstants.SECURITY_KEYSTORE_TYPE);
+            String keyStorePath = serverConfig.getFirstProperty(SSOConstants.SECURITY_KEYSTORE_LOCATION);
+            String keyStorePassword = serverConfig.getFirstProperty(SSOConstants.ServerConfig.KEY_PASSWORD);
+            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
 
             char[] kspassphrase = keyStorePassword.toCharArray();
 
             sslContext = SSLContext.getInstance("TLSv1.2");
             keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
-            keyStore = SSOUtils.loadKeyStoreFromFileSystem(keyStorePath, keyStorePassword, keyStoreType);
-            keyManagerFactory.init(keyStore, kspassphrase);
-            sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
+            try {
+                KeyStore keyStore = keyStoreManager.getPrimaryKeyStore();
+                keyManagerFactory.init(keyStore, kspassphrase);
+                sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
+            } catch (Exception e) {
+                throw new GeneralSecurityException("Error when try to load keystore" + keyStorePath, e);
+            }
 
             if (log.isDebugEnabled()) {
-                log.debug("Created SSL Context using keystore: " + keyStorePath + " and keyStorePassword: " +
-                        keyStorePassword);
+                log.debug("Created SSL Context using keystore: " + keyStorePath);
             }
         }
-
         return sslContext;
     }
 
diff --git a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java
index c1adae1b..2fed0fc7 100644
--- a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java
+++ b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/manager/X509CredentialImpl.java
@@ -29,6 +29,7 @@
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.base.ServerConfiguration;
 import org.wso2.carbon.core.util.KeyStoreManager;
+import org.wso2.carbon.core.util.KeyStoreUtil;
 import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
 import org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException;
 import org.wso2.carbon.identity.application.authenticator.samlsso.internal.SAMLSSOAuthenticatorServiceDataHolder;
@@ -141,7 +142,7 @@ public X509CredentialImpl(String tenantDomain, String idpCert) throws SAMLSSOExc
                                 try (FileInputStream is = new FileInputStream(keyStoreLocation)) {
                                     String keyStoreType = ServerConfiguration.getInstance().getFirstProperty(
                                             SECURITY_SAML_SIGN_KEY_STORE_TYPE);
-                                    KeyStore keyStore = KeyStore.getInstance(keyStoreType);
+                                    KeyStore keyStore = KeystoreUtils.getKeystoreInstance(keyStoreType);
 
                                     char[] keyStorePassword = ServerConfiguration.getInstance().getFirstProperty(
                                             SECURITY_SAML_SIGN_KEY_STORE_PASSWORD).toCharArray();
diff --git a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java
index d9334ebb..4e9309b6 100644
--- a/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java
+++ b/components/org.wso2.carbon.identity.application.authenticator.samlsso/src/main/java/org/wso2/carbon/identity/application/authenticator/samlsso/util/SSOUtils.java
@@ -57,6 +57,7 @@
 import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants;
 import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
 import org.wso2.carbon.identity.core.util.IdentityUtil;
+import org.wso2.carbon.utils.security.KeystoreUtils;
 import org.xml.sax.SAXException;
 
 import java.io.ByteArrayInputStream;
@@ -69,6 +70,7 @@
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
@@ -643,10 +645,10 @@ private static Document getDocument(DocumentBuilderFactory documentBuilderFactor
     public static KeyStore loadKeyStoreFromFileSystem(String keyStorePath, String password, String type) {
 
         try (FileInputStream inputStream = new FileInputStream(keyStorePath)) {
-            KeyStore keyStore = KeyStore.getInstance(type);
+            KeyStore keyStore = KeystoreUtils.getKeystoreInstance(type);
             keyStore.load(inputStream, password.toCharArray());
             return keyStore;
-        } catch (KeyStoreException e1) {
+        } catch (KeyStoreException | NoSuchProviderException e1) {
             throw new java.lang.SecurityException("Could not get a keystore instance of type: " + type + ": " + e1);
         } catch (IOException e2) {
             throw new java.lang.SecurityException("Could not open keystore in path: " + keyStorePath + ": " + e2);
diff --git a/pom.xml b/pom.xml
index d807af1c..7bab6504 100644
--- a/pom.xml
+++ b/pom.xml
@@ -285,8 +285,8 @@
         <identity.outbound.auth.samlsso.imp.pkg.version.range>[1.0.0, 2.0.0)</identity.outbound.auth.samlsso.imp.pkg.version.range>
 
         <!--Carbon Kernel Version-->
-        <carbon.kernel.version>4.9.23</carbon.kernel.version>
-        <carbon.kernel.feature.version>4.9.0</carbon.kernel.feature.version>
+        <carbon.kernel.version>4.10.22</carbon.kernel.version>
+        <carbon.kernel.feature.version>4.10.22</carbon.kernel.feature.version>
         <carbon.kernel.imp.pkg.version.range>[4.4.0, 5.0.0)</carbon.kernel.imp.pkg.version.range>
         <carbon.user.api.imp.pkg.version.range>[1.0.1, 2.0.0)</carbon.user.api.imp.pkg.version.range>