summaryrefslogtreecommitdiff
path: root/eaaf_core_utils/src/main
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-05-05 14:58:38 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-05-05 14:58:38 +0200
commit36fafda8e3b953d3d1cba91efeb4fc82388b0445 (patch)
treee0c6c7833a9d71404bc9a62277716e5bea9d036c /eaaf_core_utils/src/main
parent49cb8adfd8992dc8d21ff208d8dd93e0592e1be4 (diff)
downloadEAAF-Components-36fafda8e3b953d3d1cba91efeb4fc82388b0445.tar.gz
EAAF-Components-36fafda8e3b953d3d1cba91efeb4fc82388b0445.tar.bz2
EAAF-Components-36fafda8e3b953d3d1cba91efeb4fc82388b0445.zip
finish SSLContext creation by using KeyStore from HSM-Facade
Diffstat (limited to 'eaaf_core_utils/src/main')
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java11
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java10
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java8
3 files changed, 16 insertions, 13 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java
index 1e1e2137..d2377d69 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java
@@ -33,18 +33,23 @@ public class EaafSslKeySelectionStrategy implements PrivateKeyStrategy {
@Override
public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) {
log.trace("Selection SSL client-auth key for alias: {}", keyAlias);
+ if (aliases.keySet().isEmpty()) {
+ log.debug("No Key with Alias: {} in empty KeyStore", keyAlias);
+ return null;
+
+ }
+
final PrivateKeyDetails selected = aliases.get(keyAlias);
if (selected != null) {
log.trace("Select SL client-auth key with type:", selected.getType());
return keyAlias;
- } else {
+ } else {
log.warn("KeyStore contains NO key with alias: {}. Using first key from keystore", keyAlias);
log.info("Available aliases: {}", StringUtils.join(aliases.keySet(), ", "));
return aliases.keySet().iterator().next();
-
+
}
-
}
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
index 582ad545..6a66dfff 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java
@@ -5,11 +5,11 @@ import java.util.UUID;
import javax.annotation.Nonnull;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-
import org.apache.commons.lang3.StringUtils;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import lombok.Getter;
import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
@@ -117,7 +117,9 @@ public class HttpClientConfiguration {
}
- if (StringUtils.isEmpty(this.sslKeyPassword)) {
+ if (StringUtils.isEmpty(this.sslKeyPassword)
+ && (KeyStoreType.JKS.equals(keyStoreConfig.getKeyStoreType())
+ || KeyStoreType.PKCS12.equals(keyStoreConfig.getKeyStoreType()))) {
throw new EaafConfigurationException(ERROR_02, new Object[] {
this.friendlyName, this.keyStoreConfig.getFriendlyName()});
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
index b357bb01..eafd8a04 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
@@ -23,7 +23,6 @@ import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
-import java.security.Security;
import java.security.UnrecoverableKeyException;
import javax.annotation.Nonnull;
@@ -168,16 +167,14 @@ public class HttpUtils {
: keyPasswordString.toCharArray();
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
- if (keyStore.getSecond() != null) {
+ if (keyStore.getSecond() != null) {
Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond());
-
log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext",
friendlyName, provider.getName());
sslContextBuilder.setProvider(provider);
- Security.addProvider(provider);
- //sslContextBuilder.setSecureRandom(SecureRandom.getInstanceStrong());
}
+
if (StringUtils.isNotEmpty(keyAlias)) {
sslContextBuilder = sslContextBuilder
.loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias));
@@ -185,7 +182,6 @@ public class HttpUtils {
} else {
sslContextBuilder = sslContextBuilder
.loadKeyMaterial(keyStore.getFirst(), keyPassword);
-
}
if (trustAllServerCertificates) {