updaste KeyStoreFactory and KeyStoreUtils to fix incompatibility with Shibboleth IDP implementation

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-07-03 10:45:45 +0200
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-07-03 10:45:45 +0200
commit: 103338c59196060b64402048b3073cb8132f3dca (patch)
tree: 7f332c380c499e7d8f9e77ed85c10ebf6f838334
parent: 2d904ad1f2292d8ea45b6afeaf9ec214667477c6 (diff)
download: EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.tar.gz
EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.tar.bz2
EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.zip
3 files changed, 68 insertions, 16 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 8cbf1375..743a7318 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -300,28 +300,41 @@ public class EaafKeyStoreFactory {
       final String keyStorePassword = checkConfigurationParameter(config.getSoftKeyStorePassword(),
           ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing Password for KeyStore");
 
-      final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig
-          .getConfigurationRootDirectory());
-      final Resource ressource = resourceLoader.getResource(absKeyStorePath);
+      Resource ressource;
+      if (config.isSkipMakeAbsolutPaths()) {
+        log.debug("Use filepath from config: {}", keyStorePath);
+        ressource = resourceLoader.getResource(keyStorePath);
+                     
+      } else {
+        final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig
+            .getConfigurationRootDirectory()); 
+        log.debug("Use filepath from config: {}", absKeyStorePath);
+        
+        ressource = resourceLoader.getResource(absKeyStorePath);
+               
+      }
+       
       if (!ressource.exists()) {
         throw new EaafConfigurationException(ERRORCODE_05,
             new Object[] { config.getFriendlyName(),
-                "File not found at: " + absKeyStorePath });
+                "RessourceLoader does NOT find File at: " + ressource.getURI() });
 
       }
 
       final InputStream is = ressource.getInputStream();
-      final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword);
+      final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword, config.getKeyStoreType());
       is.close();
-      if (keyStore == null) {
-        throw new EaafFactoryException(ERRORCODE_06,
-            new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" });
-
-      }
 
       return Pair.newInstance(keyStore, null);
-
-    } catch (KeyStoreException | IOException e) {
+      
+    } catch (EaafException e) {
+      throw e;
+      
+    } catch (IOException e) {
+      throw new EaafFactoryException(ERRORCODE_06,
+          new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" });
+      
+    } catch (Exception e) {
       log.error("Software KeyStore initialization FAILED with an generic error.", e);
       throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
 
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index 970efd22..c1a1d917 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -4,10 +4,9 @@ import java.util.Map;
 
 import javax.annotation.Nonnull;
 
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-
 import org.apache.commons.lang3.StringUtils;
 
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import lombok.Getter;
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
@@ -53,6 +52,12 @@ public class KeyStoreConfiguration {
    */
   private String softKeyStorePassword;
 
+  
+  /**
+   * Use filePaths as it is and does not make it absolut.
+   */
+  private boolean skipMakeAbsolutPaths = false;
+  
   /**
    * Build a {@link KeyStoreConfiguration} from a configuration map. <br>
    * <p>
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
index 99b87819..be51426c 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
@@ -30,12 +30,16 @@ import java.security.KeyStoreException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import lombok.extern.slf4j.Slf4j;
+
 /**
  * Utility for creating and loading key stores.
  *
  * @author Paul Ivancsics
  * @version $Id$
  */
+@Slf4j
 public class KeyStoreUtils {
 
   /**
@@ -110,6 +114,32 @@ public class KeyStoreUtils {
   }
 
   /**
+   * Loads a keyStore with known keyStore type.
+   * 
+   * @param is  input stream
+   * @param password Password protecting the keyStore
+   * @param keyStoreType Type of the KeyStore
+   * @return loaded KeyStore
+   * @throws IOException In case of a general error
+   * @throws GeneralSecurityException In case of a KeyStore access error
+   */
+  public static KeyStore loadKeyStore(final InputStream is, final String password, KeyStoreType keyStoreType)
+      throws IOException, GeneralSecurityException {
+    String internalType = KEYSTORE_TYPE_PKCS12;
+    if (keyStoreType.equals(KeyStoreType.JKS)) {
+      internalType = KEYSTORE_TYPE_JKS;
+      
+    } else if (keyStoreType.equals(KeyStoreType.PKCS12)) {
+      internalType = KEYSTORE_TYPE_PKCS12;
+      
+    }
+    
+    return loadKeyStore(internalType, is, password);
+    
+  }
+  
+  
+  /**
    * Loads a keyStore without knowing the keyStore type.
    *
    * @param is       input stream
@@ -125,14 +155,18 @@ public class KeyStoreUtils {
     try {
       try {
         ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password);
+        
       } catch (final IOException e2) {
         is.reset();
         ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password);
+        
       }
+      
     } catch (final Exception e) {
-      e.printStackTrace();
-
+      log.warn("Can not load keystore", e);
+      
     }
+    
     return ks;
 
   }
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-07-03 10:45:45 +0200
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-07-03 10:45:45 +0200
commit	103338c59196060b64402048b3073cb8132f3dca (patch)
tree	7f332c380c499e7d8f9e77ed85c10ebf6f838334
parent	2d904ad1f2292d8ea45b6afeaf9ec214667477c6 (diff)
download	EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.tar.gz EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.tar.bz2 EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.zip