Integrate HSM Facade from A-SIT+

The EaafKeyStoreFactory can be used to build KeyStores from differend providers and types

1 files changed, 35 insertions, 87 deletions

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
index c60fcd7f..ade0c28d 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
@@ -1,18 +1,15 @@
 package at.gv.egiz.eaaf.core.impl.utils;
 
-import java.io.IOException;
-import java.io.InputStream;
 import java.security.KeyManagementException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
+
 import javax.annotation.PostConstruct;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.HttpRequest;
 import org.apache.http.HttpResponse;
@@ -38,18 +35,27 @@ import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
 import org.apache.http.protocol.HttpContext;
 import org.apache.http.ssl.SSLContexts;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
 public class HttpClientFactory implements IHttpClientFactory {
-  private static final Logger log = LoggerFactory.getLogger(HttpClientFactory.class);
+
   @Autowired(required = true)
   private IConfiguration basicConfig;
+  
   @Autowired(required = true)
   ResourceLoader resourceLoader;
+  
+  @Autowired private EaafKeyStoreFactory keyStoreFactory;
 
   public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE =
       "client.http.connection.pool.use";
@@ -73,6 +79,8 @@ public class HttpClientFactory implements IHttpClientFactory {
       "client.auth.ssl.keystore.path";
   public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD =
       "client.auth.ssl.keystore.password";
+  private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME = 
+      "client.auth.ssl.keystore.name";
   public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE =
       "client.auth.ssl.keystore.type";
   public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD =
@@ -127,47 +135,6 @@ public class HttpClientFactory implements IHttpClientFactory {
 
   }
 
-  public enum KeyStoreType {
-    PKCS12("pkcs12"), JKS("jks");
-
-    private final String type;
-
-    KeyStoreType(final String type) {
-      this.type = type;
-    }
-
-    /**
-     * Get the KeyStore type.
-     *
-     * @return
-     */
-    public String getType() {
-      return this.type;
-    }
-
-    /**
-     * Get Keystore type from configuration.
-     *
-     * @param s String representation for keyStore type
-     * @return
-     */
-    public static KeyStoreType fromString(final String s) {
-      try {
-        return KeyStoreType.valueOf(s.toUpperCase());
-
-      } catch (IllegalArgumentException | NullPointerException e) {
-        return null;
-      }
-    }
-
-    @Override
-    public String toString() {
-      return getType();
-
-    }
-
-  }
-
   private HttpClientBuilder httpClientBuilder = null;
 
   /*
@@ -246,7 +213,6 @@ public class HttpClientFactory implements IHttpClientFactory {
     // set pool connection if required
     injectConnectionPoolIfRequired(sslConnectionFactory);
 
-
   }
 
   private void injectBasicAuthenticationIfRequired(final ClientAuthMode clientAuthMode) {
@@ -286,54 +252,39 @@ public class HttpClientFactory implements IHttpClientFactory {
     final String keyPasswordString =
         basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD);
     log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
-    final char[] keyPassword = (keyPasswordString == null) ? StringUtils.EMPTY.toCharArray()
+    final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
         : keyPasswordString.toCharArray();
     return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build();
 
   }
 
   private KeyStore getSslAuthKeyStore() throws EaafConfigurationException {
-    final KeyStoreType keyStoreType = KeyStoreType.fromString(basicConfig.getBasicConfiguration(
-        PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getType()));
+    final String keyStoreType = basicConfig.getBasicConfiguration(
+        PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType());
     final String localKeyStorePath = basicConfig
         .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY);
     final String keyStorePassword = basicConfig
         .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY);
+    final String keyStoreName = basicConfig
+        .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY);
 
     try {
+      KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+      keyStoreConfig.setKeyStoreType(keyStoreType);
+      keyStoreConfig.setFriendlyName("HttpClient Keystore");
+      keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath);
+      keyStoreConfig.setSoftKeyStorePassword(keyStorePassword);
+      keyStoreConfig.setKeyStoreName(keyStoreName);
+      
       log.debug("Open keyStore with type: {}", keyStoreType);
-      KeyStore clientStore;
-      if (keyStoreType.equals(KeyStoreType.PKCS12)) {
-        clientStore = KeyStore.getInstance("pkcs12");
-      } else {
-        clientStore = KeyStore.getInstance("JKS");
-      }
-
-
-      log.debug("Read keyStore path: {} from configuration", localKeyStorePath);
-      if (StringUtils.isNotEmpty(localKeyStorePath)) {
-        final String absFilePath = FileUtils.makeAbsoluteUrl(localKeyStorePath,
-            basicConfig.getConfigurationRootDirectory());
-        final Resource ressource = resourceLoader.getResource(absFilePath);
-        final InputStream is = ressource.getInputStream();
-        log.trace("Load keyStore: {} with password: {}", absFilePath, keyStorePassword);
-        clientStore.load(is, keyStorePassword.toCharArray());
-        is.close();
-
-        return clientStore;
-
-      } else {
-        log.warn("Path to keyStore for SSL Client-Authentication is empty or null");
-        throw new EaafConfigurationException(
-            "Path to keyStore for SSL Client-Authentication is empty or null", new Object[] {});
-
-      }
-
-    } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException
-        | IOException e) {
+      KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+      
+      return keyStore;
+      
+    } catch (final EaafException e) {
       log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e);
       throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem",
-          new Object[] {localKeyStorePath}, e);
+          new Object[] { localKeyStorePath }, e);
 
     }
 
@@ -413,9 +364,6 @@ public class HttpClientFactory implements IHttpClientFactory {
 
     }
 
-
   }
 
-
-
 }