diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-17 17:54:04 +0100 | 
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-17 17:54:04 +0100 | 
| commit | f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21 (patch) | |
| tree | bd4f87cf6e131902e4f7637f4a36737e48748728 /eaaf_core_utils/src/main | |
| parent | 7848c74de2cdafed8bee69d1d5b8e5efa7535bc6 (diff) | |
| download | EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.gz EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.bz2 EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.zip | |
update EaafKeyStoreFactory to get the Security Provider if the KeyStore depends on a special provider implementation
Diffstat (limited to 'eaaf_core_utils/src/main')
2 files changed, 37 insertions, 27 deletions
| diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index 5e6ca34b..5936e106 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -2,10 +2,12 @@ package at.gv.egiz.eaaf.core.impl.credential;  import java.io.IOException;  import java.io.InputStream; +import java.security.Key;  import java.security.KeyStore;  import java.security.KeyStoreException;  import java.security.NoSuchAlgorithmException;  import java.security.NoSuchProviderException; +import java.security.Provider;  import java.security.Security;  import java.security.cert.CertificateException;  import java.security.cert.CertificateFactory; @@ -15,11 +17,6 @@ import javax.annotation.Nonnull;  import javax.annotation.Nullable;  import javax.annotation.PostConstruct; -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; -  import at.asitplus.hsmfacade.provider.HsmFacadeProvider;  import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter;  import at.gv.egiz.eaaf.core.api.idp.IConfiguration; @@ -27,8 +24,15 @@ import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;  import at.gv.egiz.eaaf.core.exceptions.EaafException;  import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;  import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair;  import at.gv.egiz.eaaf.core.impl.utils.FileUtils;  import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +  import lombok.extern.slf4j.Slf4j;  @Slf4j @@ -64,10 +68,12 @@ public class EaafKeyStoreFactory {     * Get a new KeyStore based on a KeyStore configuration-object.     *     * @param config KeyStore configuration -   * @return new KeyStore instance +   * @return {@link Pair} of a new KeyStore instance and an optional {@link Provider}. If the {@link Provider} +   *     is not <code>null</code> this {@link KeyStore} requires a specific {@link Provider} for {@link Key} operations.     * @throws EaafException In case of a KeyStore initialization error     */ -  public KeyStore buildNewKeyStore(KeyStoreConfiguration config) throws EaafException { +  @Nonnull +  public Pair<KeyStore, Provider> buildNewKeyStore(KeyStoreConfiguration config) throws EaafException {      log.trace("Starting KeyStore generation based on configuration object ... ");      if (KeyStoreType.PKCS12.equals(config.getKeyStoreType())          || KeyStoreType.JKS.equals(config.getKeyStoreType())) { @@ -127,7 +133,8 @@ public class EaafKeyStoreFactory {          final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();          provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port,              hsmName); -        Security.addProvider(provider); +        //Security.addProvider(provider); +        Security.insertProviderAt(provider, 0);          isHsmFacadeInitialized = true;          log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",              EaafKeyStoreFactory.class.getSimpleName()); @@ -148,8 +155,9 @@ public class EaafKeyStoreFactory {    } -  private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException, -      EaafFactoryException { +  @Nonnull +  private Pair<KeyStore, Provider> getKeyStoreFromFileSystem(KeyStoreConfiguration config) +      throws EaafConfigurationException, EaafFactoryException {      try {        final String keyStorePath = checkConfigurationParameter(config.getSoftKeyStoreFilePath(),            ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing filepath to KeyStore"); @@ -176,7 +184,7 @@ public class EaafKeyStoreFactory {        } -      return keyStore; +      return Pair.newInstance(keyStore, null);      } catch (KeyStoreException | IOException e) {        log.error("Software KeyStore initialization FAILED with an generic error.", e); @@ -185,7 +193,8 @@ public class EaafKeyStoreFactory {      }    } -  private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config) +  @Nonnull +  private Pair<KeyStore, Provider> getKeyStoreFromHsmFacade(KeyStoreConfiguration config)        throws EaafFactoryException, EaafConfigurationException {      final String keyStoreName = checkConfigurationParameter(config.getKeyStoreName(),          ERRORCODE_06, config.getFriendlyName(), "KeyStoreName missing for HSM Facade"); @@ -193,7 +202,7 @@ public class EaafKeyStoreFactory {      try {        final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER);        keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName)); -      return keyStore; +      return Pair.newInstance(keyStore, keyStore.getProvider());      } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException          | NoSuchProviderException e) { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java index ade0c28d..e681e705 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java @@ -10,6 +10,13 @@ import javax.annotation.PostConstruct;  import javax.net.ssl.HostnameVerifier;  import javax.net.ssl.SSLContext; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +  import org.apache.commons.lang3.StringUtils;  import org.apache.http.HttpRequest;  import org.apache.http.HttpResponse; @@ -38,12 +45,6 @@ import org.apache.http.ssl.SSLContexts;  import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.core.io.ResourceLoader; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;  import lombok.extern.slf4j.Slf4j;  @Slf4j @@ -51,10 +52,10 @@ public class HttpClientFactory implements IHttpClientFactory {    @Autowired(required = true)    private IConfiguration basicConfig; -   +    @Autowired(required = true)    ResourceLoader resourceLoader; -   +    @Autowired private EaafKeyStoreFactory keyStoreFactory;    public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE = @@ -79,7 +80,7 @@ public class HttpClientFactory implements IHttpClientFactory {        "client.auth.ssl.keystore.path";    public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD =        "client.auth.ssl.keystore.password"; -  private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME =  +  private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME =        "client.auth.ssl.keystore.name";    public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE =        "client.auth.ssl.keystore.type"; @@ -269,18 +270,18 @@ public class HttpClientFactory implements IHttpClientFactory {          .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY);      try { -      KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); +      final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();        keyStoreConfig.setKeyStoreType(keyStoreType);        keyStoreConfig.setFriendlyName("HttpClient Keystore");        keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath);        keyStoreConfig.setSoftKeyStorePassword(keyStorePassword);        keyStoreConfig.setKeyStoreName(keyStoreName); -       +        log.debug("Open keyStore with type: {}", keyStoreType); -      KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); -       +      final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig).getFirst(); +        return keyStore; -       +      } catch (final EaafException e) {        log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e);        throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem", | 
