diff options
author | Thomas <> | 2023-07-12 10:13:44 +0200 |
---|---|---|
committer | Thomas <> | 2023-07-12 10:13:44 +0200 |
commit | e0f7b2c41f66038dc6438b3cc6da14a1422ccf43 (patch) | |
tree | f2ca69eb5b058f4253aa9db4940d528d4ee72f16 /eaaf_core_utils/src/main/java/at | |
parent | 25ae045ff811ed39638e5366f7d53f3776f0d436 (diff) | |
download | EAAF-Components-e0f7b2c41f66038dc6438b3cc6da14a1422ccf43.tar.gz EAAF-Components-e0f7b2c41f66038dc6438b3cc6da14a1422ccf43.tar.bz2 EAAF-Components-e0f7b2c41f66038dc6438b3cc6da14a1422ccf43.zip |
feat(hsm-facade): make trusted SSL-certificate optional for HSM-Facade initialization
Diffstat (limited to 'eaaf_core_utils/src/main/java/at')
-rw-r--r-- | eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java | 54 |
1 files changed, 37 insertions, 17 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index fec984c4..0ecdcc92 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -288,17 +288,29 @@ public class EaafKeyStoreFactory { final long grpcDeadline = getConfigurationParameterLong(CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE, HSM_FACADE_DEFAULT_DEADLINE); + X509Certificate trustedSslCertificate = getHsmFacadeTrustSslCertificate(); //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade //has not be in ClassPath on every project final Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{}); - final Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT, + final Method initMethodWithSslCert = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT, X509Certificate.class, String.class, String.class, String.class, int.class, long.class); - if (initMethod != null && constructor != null) { + final Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT, + String.class, String.class, String.class, int.class, long.class); + if (initMethodWithSslCert != null && initMethod != null && constructor != null) { final Object rawProvider = constructor.invoke(hsmProviderClazz); - initMethod.invoke( - rawProvider, getHsmFacadeTrustSslCertificate(), - clientUsername, clientPassword, hsmFacadeHost, port, grpcDeadline); + + if (trustedSslCertificate != null) { + log.trace("Invoking HSM-Facade constructor with SSL certificate ... "); + initMethodWithSslCert.invoke(rawProvider, trustedSslCertificate, clientUsername, clientPassword, + hsmFacadeHost, port, grpcDeadline); + + } else { + log.trace("Invoking HSM-Facade constructor without SSL certificate ... "); + initMethod.invoke(rawProvider, clientUsername, clientPassword, + hsmFacadeHost, port, grpcDeadline); + + } if (rawProvider instanceof Provider) { Security.addProvider((Provider) rawProvider); @@ -318,7 +330,7 @@ public class EaafKeyStoreFactory { log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, constructor != null); log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, - HSM_FACADE_PROVIDER_METHOD_INIT, initMethod != null); + HSM_FACADE_PROVIDER_METHOD_INIT, initMethodWithSslCert != null); throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}); } @@ -527,21 +539,29 @@ public class EaafKeyStoreFactory { private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException { try { - final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST); + final String certFilePath = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_SSLTRUST); + if (StringUtils.isNotEmpty(certFilePath)) { + final String absolutCertFilePath = FileUtils.makeAbsoluteUrl( + certFilePath, basicConfig.getConfigurationRootDirectory()); - final String absolutCertFilePath = FileUtils.makeAbsoluteUrl( - certFilePath, basicConfig.getConfigurationRootDirectory()); - final Resource certFile = resourceLoader.getResource(absolutCertFilePath); + log.debug("Loading HSM-Facade trusted server-certificate from path : {}", absolutCertFilePath); + final Resource certFile = resourceLoader.getResource(absolutCertFilePath); - if (!certFile.exists()) { - throw new EaafConfigurationException(ERRORCODE_05, - new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, - "File not found at: " + absolutCertFilePath }); + if (!certFile.exists()) { + throw new EaafConfigurationException(ERRORCODE_05, + new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, + "File not found at: " + absolutCertFilePath }); - } + } + + return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate( + certFile.getInputStream()); - return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile - .getInputStream()); + } else { + log.info("HSM-Facade trusted server-certificate is not set. Using System-TrustStore ... "); + return null; + + } } catch (final EaafConfigurationException e) { throw e; |