activates HSM-Facade, if HSM-Facade-Provider is an already loaded Java Security-Provider

2 files changed, 101 insertions, 55 deletions

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 711a3517..504afc9f 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -172,69 +172,93 @@ public class EaafKeyStoreFactory {
 
   @PostConstruct
   private void initialize() throws EaafException {    
-    Class<?> hsmProviderClazz = getHsmProviderClass();    
-    final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST);
-    if (hsmProviderClazz != null && StringUtils.isNotEmpty(hsmFacadeHost)) {
-      log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");
-      try {
-        final int port = Integer.parseUnsignedInt(
-            getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT));
-        final String clientUsername =
-            getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);
-        final String clientPassword =
-            getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD);
-                
-        //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade 
-        //has not be in ClassPath on every project
+    Class<?> hsmProviderClazz = getHsmProviderClass();               
+    if (hsmProviderClazz != null) {      
+      final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST);
+      Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER);
+      if (alreadyLoadedProvider != null 
+          && alreadyLoadedProvider.getClass().isAssignableFrom(hsmProviderClazz)) {
+        //TODO: check isInitialized() flag, if the parameter is available in next version        
         
-        Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{});
-        Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT, 
-            X509Certificate.class, String.class, String.class, String.class, int.class);
-        if (initMethod != null && constructor != null) {                              
-          Object rawProvider = constructor.invoke(hsmProviderClazz); 
-          initMethod.invoke(
-              rawProvider, getHsmFacadeTrustSslCertificate(), 
-              clientUsername, clientPassword, hsmFacadeHost, port);
+        
+        log.info("Find already initialized Java SecurityProvider: {}", alreadyLoadedProvider.getName());
+        log.info("HSM Facade is already initialized. {} can provide KeyStores based on remote HSM",
+            EaafKeyStoreFactory.class.getSimpleName());
+        isHsmFacadeInitialized = true;
+        
+      } else if (StringUtils.isNotEmpty(hsmFacadeHost)) {            
+        log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");
+        initializeHsmFacadeSecurityProvider(hsmProviderClazz, hsmFacadeHost);
+        
+      } else {
+        log.info("HSM Facade is on ClassPath but not configurated. {} can only provide software keystores",
+            EaafKeyStoreFactory.class.getSimpleName());
+        
+      }
+
+    } else {
+      log.info("HSM Facade is not on ClassPath. {} can only provide software keystores",
+          EaafKeyStoreFactory.class.getSimpleName());
+
+    }
+
+  }
+
+  private void initializeHsmFacadeSecurityProvider(Class<?> hsmProviderClazz, String hsmFacadeHost) 
+      throws EaafException {
+    try {
+      final int port = Integer.parseUnsignedInt(
+          getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT));
+      final String clientUsername =
+          getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);
+      final String clientPassword =
+          getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD);
+              
+      //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade 
+      //has not be in ClassPath on every project
+      Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{});
+      Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT, 
+          X509Certificate.class, String.class, String.class, String.class, int.class);
+      if (initMethod != null && constructor != null) {                              
+        Object rawProvider = constructor.invoke(hsmProviderClazz); 
+        initMethod.invoke(
+            rawProvider, getHsmFacadeTrustSslCertificate(), 
+            clientUsername, clientPassword, hsmFacadeHost, port);
+        
+        if (rawProvider instanceof Provider) {           
+          Security.insertProviderAt((Provider) rawProvider, 0);
+          isHsmFacadeInitialized = true;
+          log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
+              EaafKeyStoreFactory.class.getSimpleName());
           
-          if (rawProvider instanceof Provider) {           
-            Security.insertProviderAt((Provider) rawProvider, 0);
-            isHsmFacadeInitialized = true;
-            log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
-                EaafKeyStoreFactory.class.getSimpleName());
-            
-          } else {
-            log.warn("Is HSM-Facade class type of 'java.security.Provider': {}", 
-                rawProvider instanceof Provider);  
-            throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS});
-            
-          }
-                             
-        } else {          
-          log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, 
-              HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, constructor != null);
-          log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, 
-              HSM_FACADE_PROVIDER_METHOD_INIT, initMethod != null);
+        } else {
+          log.warn("Is HSM-Facade class type of 'java.security.Provider': {}", 
+              rawProvider instanceof Provider);  
           throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS});
           
         }
-                
-        //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
-        //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port);
-
-      } catch (final EaafException e) {
-        throw e;
-
-      } catch (final Exception e) {
-        log.error("HSM Facade initialization FAILED with an generic error.", e);
-        throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
+                           
+      } else {          
+        log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, 
+            HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, constructor != null);
+        log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, 
+            HSM_FACADE_PROVIDER_METHOD_INIT, initMethod != null);
+        throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS});
+        
       }
+              
+      //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
+      //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port);
 
-    } else {
-      log.info("HSM Facade is not configurated. {} can only provide software keystores",
-          EaafKeyStoreFactory.class.getSimpleName());
+    } catch (final EaafException e) {
+      throw e;
 
+    } catch (final Exception e) {
+      log.error("HSM Facade initialization FAILED with an generic error.", e);
+      throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
+      
     }
-
+    
   }
 
   private Class<?> getHsmProviderClass() {
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index fc945fdd..6a24f6b4 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -4,6 +4,7 @@ import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.Provider;
+import java.security.Security;
 import java.security.cert.X509Certificate;
 import java.util.List;
 
@@ -27,6 +28,7 @@ import com.google.common.base.Predicates;
 import com.google.common.base.Throwables;
 import com.google.common.collect.FluentIterable;
 
+import at.asitplus.hsmfacade.provider.HsmFacadeProvider;
 import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -73,7 +75,8 @@ public class EaafKeyStoreFactoryTest {
   @Before
   public void testSetup() {
     mapConfig.clearAllConfig();
-
+    Security.removeProvider(HsmFacadeProvider.getInstance().getName());
+    
   }
 
   @Test
@@ -434,6 +437,14 @@ public class EaafKeyStoreFactoryTest {
     Assert.assertNull("Provider is not null", key.getSecond());
     
   }
+
+  @Test
+  @DirtiesContext
+  public void hsmFacadeNoHostConfig() {
+    context.getBean(EaafKeyStoreFactory.class);
+      
+  }
+  
   
   @Test
   @DirtiesContext
@@ -600,6 +611,17 @@ public class EaafKeyStoreFactoryTest {
 
   @Test
   @DirtiesContext
+  public void hsmFacadeAlreadLoaded() {
+    HsmFacadeProvider provider = HsmFacadeProvider.getInstance();
+    Security.addProvider(provider);
+    
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+  }
+  
+  @Test
+  @DirtiesContext
   public void hsmFacadeKeyStoreNoKeyStoreName() {
     configureHsmFacade();