summaryrefslogtreecommitdiff
path: root/eaaf_core_utils/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2021-01-05 18:30:40 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2021-01-05 18:30:40 +0100
commit013febf9435d0aa3536897b3636787ae3ba15935 (patch)
tree5c424808d8bbb31b755736106639d3831c466f2e /eaaf_core_utils/src/main/java/at
parent228d4e40cfb8fc3fa7912064af3768a74beb9312 (diff)
parent07dcace901880965ea4b25816500f256f17899c0 (diff)
downloadEAAF-Components-013febf9435d0aa3536897b3636787ae3ba15935.tar.gz
EAAF-Components-013febf9435d0aa3536897b3636787ae3ba15935.tar.bz2
EAAF-Components-013febf9435d0aa3536897b3636787ae3ba15935.zip
Merge branch 'nightlyBuild' of gitlab.iaik.tugraz.at:egiz/eaaf_components into nightlyBuild
Diffstat (limited to 'eaaf_core_utils/src/main/java/at')
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java43
1 files changed, 42 insertions, 1 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 1c6e6e76..63ad3d98 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -72,11 +72,14 @@ public class EaafKeyStoreFactory {
private static final String HSM_FACADE_PROVIDER_METHOD_CONSTRUCT = "getInstance";
private static final String HSM_FACADE_PROVIDER_METHOD_INIT = "init";
private static final String HSM_FACADE_PROVIDER_METHOD_ISINITIALIZED = "isInitialized";
+ private static final String HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK = "healthcheck";
private static final String HSM_FACADE_PROVIDER_INIT_ERROR_MSG
= "Has HSM-Facade class supported '{}' method: {}";
private static final String HSM_FACADE_PROVIDER = "HsmFacade";
private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore";
+ public enum HsmFacadeStatus { UP, DOWN, UNKNOWN }
+
@Autowired
private IConfiguration basicConfig;
@Autowired
@@ -171,6 +174,44 @@ public class EaafKeyStoreFactory {
return isHsmFacadeInitialized;
}
+
+ /**
+ * Get the current status for HSM-Facade interaction.
+ *
+ * @return {@link HsmFacadeStatus} to indicate the current status.
+ */
+ public HsmFacadeStatus checkHsmFacadeStatus() {
+ if (isHsmFacadeInitialized()) {
+ final Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER);
+ if (alreadyLoadedProvider != null) {
+ try {
+ final Method healthCheck =
+ alreadyLoadedProvider.getClass().getMethod(HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK, new Class[]{});
+ boolean currentHealthStatus = (boolean) healthCheck.invoke(alreadyLoadedProvider);
+ HsmFacadeStatus status = currentHealthStatus ? HsmFacadeStatus.UP : HsmFacadeStatus.DOWN;
+ log.trace("Current HSM-Facade status is: ", status);
+ return status;
+
+ } catch (final Exception e) {
+ log.info("Can not determine state of alreay loaded HSM Facade: {} because HealthCheck not support",
+ alreadyLoadedProvider.getVersion());
+ log.debug("Full HSM-Facade health-check exception", e);
+ return HsmFacadeStatus.UNKNOWN;
+
+ }
+
+ } else {
+ log.warn("HSM-Facade is marked as 'initialized', but not load as Security-Provider");
+ return HsmFacadeStatus.DOWN;
+ }
+
+ } else {
+ log.trace("HSM-Facade is not initialized. Set status do 'unknown'");
+ return HsmFacadeStatus.UNKNOWN;
+
+ }
+ }
+
@PostConstruct
private void initialize() throws EaafException {
@@ -354,7 +395,7 @@ public class EaafKeyStoreFactory {
private Pair<KeyStore, Provider> getKeyStoreFromHsmFacade(String keyStoreName, String friendlyName)
throws EaafFactoryException, EaafConfigurationException {
final String validatedKeyStoreName = checkConfigurationParameter(keyStoreName,
- ERRORCODE_06, friendlyName, "KeyStoreName missing for HSM Facade");
+ ERRORCODE_06, friendlyName, "KeyStoreName missing for HSM Fac)ade");
try {
final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER);