summaryrefslogtreecommitdiff
path: root/eaaf_core_utils/src/main
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-05-05 12:28:28 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-05-05 12:28:28 +0200
commit49cb8adfd8992dc8d21ff208d8dd93e0592e1be4 (patch)
tree7631ccdd3ce61754e7b24a8ec7be7cf9281ff37d /eaaf_core_utils/src/main
parentf7941c2004a157023f1f89ef2d3c9de75548d73e (diff)
downloadEAAF-Components-49cb8adfd8992dc8d21ff208d8dd93e0592e1be4.tar.gz
EAAF-Components-49cb8adfd8992dc8d21ff208d8dd93e0592e1be4.tar.bz2
EAAF-Components-49cb8adfd8992dc8d21ff208d8dd93e0592e1be4.zip
first tests for SSL Client Auth. with HSM-Facade
Diffstat (limited to 'eaaf_core_utils/src/main')
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java14
1 files changed, 12 insertions, 2 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
index 06b8dfd2..b357bb01 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
@@ -23,6 +23,7 @@ import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
+import java.security.Security;
import java.security.UnrecoverableKeyException;
import javax.annotation.Nonnull;
@@ -35,6 +36,7 @@ import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
+import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
@@ -166,8 +168,16 @@ public class HttpUtils {
: keyPasswordString.toCharArray();
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
- Provider provider = null;
- sslContextBuilder.setProvider(provider);
+ if (keyStore.getSecond() != null) {
+ Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond());
+
+ log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext",
+ friendlyName, provider.getName());
+ sslContextBuilder.setProvider(provider);
+ Security.addProvider(provider);
+ //sslContextBuilder.setSecureRandom(SecureRandom.getInstanceStrong());
+
+ }
if (StringUtils.isNotEmpty(keyAlias)) {
sslContextBuilder = sslContextBuilder
.loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias));