first tests for SSL Client Auth. with HSM-Facade

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-05-05 12:28:28 +0200
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-05-05 12:28:28 +0200
commit: 49cb8adfd8992dc8d21ff208d8dd93e0592e1be4 (patch)
tree: 7631ccdd3ce61754e7b24a8ec7be7cf9281ff37d /eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
parent: f7941c2004a157023f1f89ef2d3c9de75548d73e (diff)
download: EAAF-Components-49cb8adfd8992dc8d21ff208d8dd93e0592e1be4.tar.gz
EAAF-Components-49cb8adfd8992dc8d21ff208d8dd93e0592e1be4.tar.bz2
EAAF-Components-49cb8adfd8992dc8d21ff208d8dd93e0592e1be4.zip
1 files changed, 12 insertions, 2 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
index 06b8dfd2..b357bb01 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
@@ -23,6 +23,7 @@ import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
+import java.security.Security;
 import java.security.UnrecoverableKeyException;
 
 import javax.annotation.Nonnull;
@@ -35,6 +36,7 @@ import org.apache.http.conn.ssl.TrustAllStrategy;
 import org.apache.http.ssl.SSLContextBuilder;
 import org.apache.http.ssl.SSLContexts;
 import org.apache.http.ssl.TrustStrategy;
+import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
 
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
@@ -166,8 +168,16 @@ public class HttpUtils {
           : keyPasswordString.toCharArray();
 
       SSLContextBuilder sslContextBuilder = SSLContexts.custom();
-      Provider provider = null;
-      sslContextBuilder.setProvider(provider);
+      if (keyStore.getSecond() != null) {        
+        Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond());
+        
+        log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext",
+            friendlyName, provider.getName());
+        sslContextBuilder.setProvider(provider);
+        Security.addProvider(provider);
+        //sslContextBuilder.setSecureRandom(SecureRandom.getInstanceStrong());
+        
+      }
       if (StringUtils.isNotEmpty(keyAlias)) {
         sslContextBuilder = sslContextBuilder
             .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias));
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-05-05 12:28:28 +0200
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-05-05 12:28:28 +0200
commit	49cb8adfd8992dc8d21ff208d8dd93e0592e1be4 (patch)
tree	7631ccdd3ce61754e7b24a8ec7be7cf9281ff37d /eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
parent	f7941c2004a157023f1f89ef2d3c9de75548d73e (diff)
download	EAAF-Components-49cb8adfd8992dc8d21ff208d8dd93e0592e1be4.tar.gz EAAF-Components-49cb8adfd8992dc8d21ff208d8dd93e0592e1be4.tar.bz2 EAAF-Components-49cb8adfd8992dc8d21ff208d8dd93e0592e1be4.zip