update EaafKeyStoreFactory to get the Security Provider if the KeyStore depends on a special provider implementation

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-17 17:54:04 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-17 17:54:04 +0100
commit: f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21 (patch)
tree: bd4f87cf6e131902e4f7637f4a36737e48748728 /eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
parent: 7848c74de2cdafed8bee69d1d5b8e5efa7535bc6 (diff)
download: EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.gz
EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.bz2
EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.zip
1 files changed, 22 insertions, 13 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 5e6ca34b..5936e106 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -2,10 +2,12 @@ package at.gv.egiz.eaaf.core.impl.credential;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.security.Provider;
 import java.security.Security;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -15,11 +17,6 @@ import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.annotation.PostConstruct;
 
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
 import at.asitplus.hsmfacade.provider.HsmFacadeProvider;
 import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
@@ -27,8 +24,15 @@ import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
@@ -64,10 +68,12 @@ public class EaafKeyStoreFactory {
    * Get a new KeyStore based on a KeyStore configuration-object.
    *
    * @param config KeyStore configuration
-   * @return new KeyStore instance
+   * @return {@link Pair} of a new KeyStore instance and an optional {@link Provider}. If the {@link Provider}
+   *     is not <code>null</code> this {@link KeyStore} requires a specific {@link Provider} for {@link Key} operations.
    * @throws EaafException In case of a KeyStore initialization error
    */
-  public KeyStore buildNewKeyStore(KeyStoreConfiguration config) throws EaafException {
+  @Nonnull
+  public Pair<KeyStore, Provider> buildNewKeyStore(KeyStoreConfiguration config) throws EaafException {
     log.trace("Starting KeyStore generation based on configuration object ... ");
     if (KeyStoreType.PKCS12.equals(config.getKeyStoreType())
         || KeyStoreType.JKS.equals(config.getKeyStoreType())) {
@@ -127,7 +133,8 @@ public class EaafKeyStoreFactory {
         final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
         provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port,
             hsmName);
-        Security.addProvider(provider);
+        //Security.addProvider(provider);
+        Security.insertProviderAt(provider, 0);
         isHsmFacadeInitialized = true;
         log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
             EaafKeyStoreFactory.class.getSimpleName());
@@ -148,8 +155,9 @@ public class EaafKeyStoreFactory {
 
   }
 
-  private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException,
-      EaafFactoryException {
+  @Nonnull
+  private Pair<KeyStore, Provider> getKeyStoreFromFileSystem(KeyStoreConfiguration config)
+      throws EaafConfigurationException, EaafFactoryException {
     try {
       final String keyStorePath = checkConfigurationParameter(config.getSoftKeyStoreFilePath(),
           ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing filepath to KeyStore");
@@ -176,7 +184,7 @@ public class EaafKeyStoreFactory {
 
       }
 
-      return keyStore;
+      return Pair.newInstance(keyStore, null);
 
     } catch (KeyStoreException | IOException e) {
       log.error("Software KeyStore initialization FAILED with an generic error.", e);
@@ -185,7 +193,8 @@ public class EaafKeyStoreFactory {
     }
   }
 
-  private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config)
+  @Nonnull
+  private Pair<KeyStore, Provider> getKeyStoreFromHsmFacade(KeyStoreConfiguration config)
       throws EaafFactoryException, EaafConfigurationException {
     final String keyStoreName = checkConfigurationParameter(config.getKeyStoreName(),
         ERRORCODE_06, config.getFriendlyName(), "KeyStoreName missing for HSM Facade");
@@ -193,7 +202,7 @@ public class EaafKeyStoreFactory {
     try {
       final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER);
       keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName));
-      return keyStore;
+      return Pair.newInstance(keyStore, keyStore.getProvider());
 
     } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException
         | NoSuchProviderException e) {
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-17 17:54:04 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-17 17:54:04 +0100
commit	f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21 (patch)
tree	bd4f87cf6e131902e4f7637f4a36737e48748728 /eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
parent	7848c74de2cdafed8bee69d1d5b8e5efa7535bc6 (diff)
download	EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.gz EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.bz2 EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.zip