diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-05-05 14:58:38 +0200 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-05-05 14:58:38 +0200 |
| commit | 36fafda8e3b953d3d1cba91efeb4fc82388b0445 (patch) | |
| tree | e0c6c7833a9d71404bc9a62277716e5bea9d036c /eaaf_core_utils/src/main | |
| parent | 49cb8adfd8992dc8d21ff208d8dd93e0592e1be4 (diff) | |
| download | EAAF-Components-36fafda8e3b953d3d1cba91efeb4fc82388b0445.tar.gz EAAF-Components-36fafda8e3b953d3d1cba91efeb4fc82388b0445.tar.bz2 EAAF-Components-36fafda8e3b953d3d1cba91efeb4fc82388b0445.zip | |
finish SSLContext creation by using KeyStore from HSM-Facade
Diffstat (limited to 'eaaf_core_utils/src/main')
3 files changed, 16 insertions, 13 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java index 1e1e2137..d2377d69 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java @@ -33,18 +33,23 @@ public class EaafSslKeySelectionStrategy implements PrivateKeyStrategy { @Override public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) { log.trace("Selection SSL client-auth key for alias: {}", keyAlias); + if (aliases.keySet().isEmpty()) { + log.debug("No Key with Alias: {} in empty KeyStore", keyAlias); + return null; + + } + final PrivateKeyDetails selected = aliases.get(keyAlias); if (selected != null) { log.trace("Select SL client-auth key with type:", selected.getType()); return keyAlias; - } else { + } else { log.warn("KeyStore contains NO key with alias: {}. Using first key from keystore", keyAlias); log.info("Available aliases: {}", StringUtils.join(aliases.keySet(), ", ")); return aliases.keySet().iterator().next(); - + } - } } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java index 582ad545..6a66dfff 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java @@ -5,11 +5,11 @@ import java.util.UUID; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; - import org.apache.commons.lang3.StringUtils; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import lombok.Getter; import lombok.Setter; import lombok.extern.slf4j.Slf4j; @@ -117,7 +117,9 @@ public class HttpClientConfiguration { } - if (StringUtils.isEmpty(this.sslKeyPassword)) { + if (StringUtils.isEmpty(this.sslKeyPassword) + && (KeyStoreType.JKS.equals(keyStoreConfig.getKeyStoreType()) + || KeyStoreType.PKCS12.equals(keyStoreConfig.getKeyStoreType()))) { throw new EaafConfigurationException(ERROR_02, new Object[] { this.friendlyName, this.keyStoreConfig.getFriendlyName()}); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java index b357bb01..eafd8a04 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java @@ -23,7 +23,6 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.Provider; -import java.security.Security; import java.security.UnrecoverableKeyException; import javax.annotation.Nonnull; @@ -168,16 +167,14 @@ public class HttpUtils { : keyPasswordString.toCharArray(); SSLContextBuilder sslContextBuilder = SSLContexts.custom(); - if (keyStore.getSecond() != null) { + if (keyStore.getSecond() != null) { Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond()); - log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext", friendlyName, provider.getName()); sslContextBuilder.setProvider(provider); - Security.addProvider(provider); - //sslContextBuilder.setSecureRandom(SecureRandom.getInstanceStrong()); } + if (StringUtils.isNotEmpty(keyAlias)) { sslContextBuilder = sslContextBuilder .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias)); @@ -185,7 +182,6 @@ public class HttpUtils { } else { sslContextBuilder = sslContextBuilder .loadKeyMaterial(keyStore.getFirst(), keyPassword); - } if (trustAllServerCertificates) { |