diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-14 08:46:52 +0100 | 
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-14 08:46:52 +0100 | 
| commit | e23226c47807be597bbbae3891dbb94069d56836 (patch) | |
| tree | 13419e53996ce9cfe82583cbe5a00c3be2698400 /eaaf_core_utils/src/main | |
| parent | cbfadcc7681c9f362c1e7e2c3eab43980c1236ef (diff) | |
| download | EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.tar.gz EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.tar.bz2 EAAF-Components-e23226c47807be597bbbae3891dbb94069d56836.zip | |
Integrate HSM Facade from A-SIT+
The EaafKeyStoreFactory can be used to build KeyStores from differend providers and types
Diffstat (limited to 'eaaf_core_utils/src/main')
22 files changed, 468 insertions, 307 deletions
| diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index af184050..f13013f5 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -1,6 +1,7 @@  package at.gv.egiz.eaaf.core.impl.credential;  import java.io.IOException; +import java.io.InputStream;  import java.security.KeyStore;  import java.security.KeyStoreException;  import java.security.NoSuchAlgorithmException; @@ -11,8 +12,14 @@ import java.security.cert.CertificateFactory;  import java.security.cert.X509Certificate;  import javax.annotation.Nonnull; +import javax.annotation.Nullable;  import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +  import at.asitplus.hsmfacade.provider.HsmFacadeProvider;  import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter;  import at.gv.egiz.eaaf.core.api.idp.IConfiguration; @@ -22,12 +29,6 @@ import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;  import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;  import at.gv.egiz.eaaf.core.impl.utils.FileUtils;  import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; -  import lombok.extern.slf4j.Slf4j;  @Slf4j @@ -48,42 +49,62 @@ public class EaafKeyStoreFactory {    public static final String ERRORCODE_05 = "internal.keystore.05";    public static final String ERRORCODE_06 = "internal.keystore.06"; -  @Autowired private IConfiguration basicConfig; -  @Autowired private ResourceLoader resourceLoader; - -  private boolean isHsmFacadeInitialized = false; +  private static final String HSM_FACADE_PROVIDER = "HsmFacade"; +  private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore"; +  @Autowired +  private IConfiguration basicConfig; +  @Autowired +  private ResourceLoader resourceLoader; +  private boolean isHsmFacadeInitialized = false; +  /** +   * Get a new KeyStore based on a KeyStore configuration-object. +   * +   * @param config KeyStore configuration +   * @return new KeyStore instance +   * @throws EaafException In case of a KeyStore initialization error +   */    public KeyStore buildNewKeyStore(KeyStoreConfiguration config) throws EaafException {      log.trace("Starting KeyStore generation based on configuration object ... "); -    if (KeyStoreType.SOFTWARE.equals(config.getKeyStoreType())) { +    if (KeyStoreType.PKCS12.equals(config.getKeyStoreType()) +        || KeyStoreType.JKS.equals(config.getKeyStoreType())) {        return getKeyStoreFromFileSystem(config);      } else if (KeyStoreType.HSMFACADE.equals(config.getKeyStoreType())) {        if (isHsmFacadeInitialized) { -       getKeyStoreFromHsmFacade(config); +        return getKeyStoreFromHsmFacade(config);        } else {          log.error("HSMFacade can NOT be used for KeyStore: {} because {} is not initialized",              config.getFriendlyName());          throw new EaafConfigurationException(ERRORCODE_00, -            new Object[]{config.getFriendlyName()}); +            new Object[] { config.getFriendlyName() });        }      } else if (KeyStoreType.PKCS11.equals(config.getKeyStoreType())) {        log.warn("KeyStoreType: {} is NOT supported", config.getKeyStoreType());        throw new EaafConfigurationException(ERRORCODE_02, -          new Object[]{config.getFriendlyName(), config.getKeyStoreType()}); +          new Object[] { config.getFriendlyName(), config.getKeyStoreType() });      } else {        log.warn("KeyStoreType: {} is unrecognized", config.getKeyStoreType());        throw new EaafConfigurationException(ERRORCODE_01, -          new Object[]{config.getFriendlyName()}); +          new Object[] { config.getFriendlyName() });      } -    return null; +  } + +  /** +   * Get the initialization state of the HSM Facade module. +   * +   * @return true if HSM Facade is available, otherwise false +   */ +  public boolean isHsmFacadeInitialized() { +    return isHsmFacadeInitialized; +    }    @PostConstruct @@ -93,7 +114,7 @@ public class EaafKeyStoreFactory {      if (StringUtils.isNotEmpty(hsmFacadeHost)) {        log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");        try { -        final int port = Integer.valueOf( +        final int port = Integer.parseUnsignedInt(              getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT));          final String clientUsername =              getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME); @@ -103,7 +124,8 @@ public class EaafKeyStoreFactory {              getConfigurationParameter(CONFIG_PROP_HSM_FACADE_HSM_NAME);          final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); -        provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port, hsmName); +        provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port, +            hsmName);          Security.addProvider(provider);          isHsmFacadeInitialized = true;          log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", @@ -114,81 +136,91 @@ public class EaafKeyStoreFactory {        } catch (final Exception e) {          log.error("HSM Facade initialization FAILED with an generic error.", e); -        throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e); +        throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);        }      } else { -        log.info("HSM Facade is not configurated. {} can only provide software keystores", -            EaafKeyStoreFactory.class.getSimpleName()); +      log.info("HSM Facade is not configurated. {} can only provide software keystores", +          EaafKeyStoreFactory.class.getSimpleName());      }    } -  private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException { +  private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException, +      EaafFactoryException {      try { -      final String keyStorePath = config.getKeyStoreFilePath(); -      final String keyStorePassword = config.getKeyStorePassword(); +      final String keyStorePath = checkConfigurationParameter(config.getSoftKeyStoreFilePath(), +          ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing filepath to KeyStore"); -      //TODO: check config +      final String keyStorePassword = checkConfigurationParameter(config.getSoftKeyStorePassword(), +          ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing Password for KeyStore"); -      final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory()); +      final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig +          .getConfigurationRootDirectory());        final Resource ressource = resourceLoader.getResource(absKeyStorePath);        if (!ressource.exists()) {          throw new EaafConfigurationException(ERRORCODE_05, -            new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST, -                "File not found at: " + absKeyStorePath}); +            new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, +                "File not found at: " + absKeyStorePath });        } -      return KeyStoreUtils.loadKeyStore(ressource.getInputStream(), keyStorePassword); +      final InputStream is = ressource.getInputStream(); +      final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword); +      is.close(); +      if (keyStore == null) { +        throw new EaafFactoryException(ERRORCODE_06, +            new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" }); + +      } + +      return keyStore;      } catch (KeyStoreException | IOException e) {        log.error("Software KeyStore initialization FAILED with an generic error.", e); -      throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e); +      throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);      }    } -  private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config) throws EaafFactoryException, EaafConfigurationException { -    final String keyStoreName = config.getKeyStoreName(); -    if (StringUtils.isEmpty(keyStoreName)) { -      throw new EaafConfigurationException(ERRORCODE_06, -          new Object[] {config.getFriendlyName(), "No KeyStore name"}); - -    } +  private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config) +      throws EaafFactoryException, EaafConfigurationException { +    final String keyStoreName = checkConfigurationParameter(config.getKeyStoreName(), +        ERRORCODE_06, config.getFriendlyName(), "KeyStoreName missing for HSM Facade");      try { -      final KeyStore keyStore = KeyStore.getInstance("RemoteKeyStore", "HsmFacade"); +      final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER);        keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName));        return keyStore; -      } catch (NoSuchAlgorithmException | CertificateException | IOException | -          KeyStoreException | NoSuchProviderException e) { -        log.error("Can not initialize KeyStore: {} with reason: {}", -            config.getFriendlyName(), e.getMessage()); -        throw new EaafFactoryException(ERRORCODE_06, -            new Object[] {config.getFriendlyName(), e.getMessage()}, e); +    } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException +        | NoSuchProviderException e) { +      log.error("Can not initialize KeyStore: {} with reason: {}", +          config.getFriendlyName(), e.getMessage()); +      throw new EaafFactoryException(ERRORCODE_06, +          new Object[] { config.getFriendlyName(), e.getMessage() }, e); -      } +    }    }    private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException {      try {        final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST); -    final String absolutCertFilePath = FileUtils.makeAbsoluteUrl( -        certFilePath, basicConfig.getConfigurationRootDirectory()); -    final Resource certFile = resourceLoader.getResource(absolutCertFilePath); +      final String absolutCertFilePath = FileUtils.makeAbsoluteUrl( +          certFilePath, basicConfig.getConfigurationRootDirectory()); +      final Resource certFile = resourceLoader.getResource(absolutCertFilePath); -    if (!certFile.exists()) { -      throw new EaafConfigurationException(ERRORCODE_05, -          new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST, -              "File not found at: " + absolutCertFilePath }); +      if (!certFile.exists()) { +        throw new EaafConfigurationException(ERRORCODE_05, +            new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, +                "File not found at: " + absolutCertFilePath }); -    } +      } -    return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile.getInputStream()); +      return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile +          .getInputStream());      } catch (final EaafConfigurationException e) {        throw e; @@ -196,21 +228,29 @@ public class EaafKeyStoreFactory {      } catch (CertificateException | IOException e) {        log.error("Can not load trusted server-certificate for HSM-Facade. Reason: {}", e.getMessage());        throw new EaafConfigurationException(ERRORCODE_05, -          new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST, e.getMessage()}, e); +          new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, e.getMessage() }, e);      }    }    @Nonnull    private String getConfigurationParameter(@Nonnull String configParamKey) -      throws EaafConfigurationException{ -    final String configValue = basicConfig.getBasicConfiguration(configParamKey); -    if (StringUtils.isEmpty(configValue)) { -      throw new EaafConfigurationException(ERRORCODE_04, new Object[] {configParamKey}); +      throws EaafConfigurationException { +    return checkConfigurationParameter( +        basicConfig.getBasicConfiguration(configParamKey), ERRORCODE_04, configParamKey); + +  } + +  @Nonnull +  private String checkConfigurationParameter(@Nullable String configParam, @Nonnull String errorCode, +      @Nonnull String... errorParams) +      throws EaafConfigurationException { +    if (StringUtils.isEmpty(configParam)) { +      throw new EaafConfigurationException(errorCode, new Object[] { errorParams });      } +    return configParam; -    return configValue;    }  } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java index c8489ac0..400b724f 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java @@ -1,23 +1,144 @@  package at.gv.egiz.eaaf.core.impl.credential; +import java.util.Map; + +import javax.annotation.Nonnull; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;  import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; +@Slf4j  @Getter +@Setter  public class KeyStoreConfiguration { +  public static final String PROP_CONFIG_KEYSTORE_TYPE = +      "keystore.type"; + +  public static final String PROP_CONFIG_HSMFACADE_NAME = +      "keystore.name"; + +  public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PATH = +      "keystore.path"; +  public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD = +      "keystore.password"; + +  /** +   * FriendlyName for this KeyStore. Mainly used for logging. +   */    private String friendlyName; +  /** +   * General type of the KeyStore that should be generated. +   */    private KeyStoreType keyStoreType; +  /** +   * Name of the KeyStore in HSM Facade. +   */    private String keyStoreName; -  private String keyStoreFilePath; +  /** +   * Path to software KeyStore in case of a PKCS12 or JKS KeyStore. +   */ +  private String softKeyStoreFilePath; + +  /** +   * Password of a software KeyStore in case of a PKCS12 or JKS KeyStore. +   */ +  private String softKeyStorePassword; + +  /** +   * Build a {@link KeyStoreConfiguration} from a configuration map. <br> +   * <p> +   * The configuration parameters defined in this class are used to load the +   * configuration. +   * </p> +   * +   * @param config       Configuration +   * @param friendlyName FriendlyName for this KeyStore +   * @return Configuration object for {@link EaafKeyStoreFactory} +   * @throws EaafConfigurationException In case of a configuration error. +   */ +  public static KeyStoreConfiguration buildFromConfigurationMap(Map<String, String> config, +      String friendlyName) throws EaafConfigurationException { + +    final KeyStoreConfiguration internalConfig = new KeyStoreConfiguration(); +    internalConfig.setFriendlyName(friendlyName); + +    final KeyStoreType internalKeyStoreType = KeyStoreType.fromString( +        getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE)); +    if (internalKeyStoreType != null) { +      internalConfig.setKeyStoreType(internalKeyStoreType); + +    } else { +      log.error("KeyStore: {} sets an unknown KeyStore type: {}", +          friendlyName, getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE)); +      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01, +          new Object[] { friendlyName }); + +    } + +    if (internalKeyStoreType.equals(KeyStoreType.HSMFACADE)) { +      log.trace("Set-up HSM-Facade KeyStore ... "); +      internalConfig.setKeyStoreName( +          getConfigurationParameter(config, PROP_CONFIG_HSMFACADE_NAME)); + +    } else if (internalKeyStoreType.equals(KeyStoreType.PKCS12) +        || internalKeyStoreType.equals(KeyStoreType.JKS)) { +      log.trace("Set-up software KeyStore ... "); +      internalConfig.setSoftKeyStoreFilePath( +          getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PATH)); +      internalConfig.setSoftKeyStorePassword( +          getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD)); + +    } else { +      log.info("Configuration of type: {} not supported yet", internalKeyStoreType); +      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_02, +          new Object[] { friendlyName, config.get(PROP_CONFIG_KEYSTORE_TYPE) }); + +    } + +    return internalConfig; +  } -  private String keyStorePassword; +  /** +   * Set the Type of the KeyStore based on String identifier. +   * +   * @param keyStoreType String based KeyStore type +   * @throws EaafConfigurationException In case of an unknown KeyStore type +   */ +  public void setKeyStoreType(@Nonnull String keyStoreType) throws EaafConfigurationException { +    final KeyStoreType internalKeyStoreType = KeyStoreType.fromString(keyStoreType); +    if (internalKeyStoreType != null) { +      setKeyStoreType(internalKeyStoreType); + +    } else { +      log.error("KeyStore: {} sets an unknown KeyStore type: {}", +          friendlyName, keyStoreType); +      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01, +          new Object[] { friendlyName }); +    } + +  } + +  /** +   * Set the Type of the KeyStore based on String identifier. +   * +   * @param type String based KeyStore type +   */ +  public void setKeyStoreType(@Nonnull KeyStoreType type) { +    this.keyStoreType = type; + +  }    public enum KeyStoreType { -    SOFTWARE("software"), HSMFACADE("hsmfacade"), PKCS11("pkcs11"); +    PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");      private final String keyStoreType; @@ -54,6 +175,19 @@ public class KeyStoreConfiguration {        return getKeyStoreType();      } +  } + +  @Nonnull +  private static String getConfigurationParameter(@Nonnull Map<String, String> config, +      @Nonnull String configParamKey) +      throws EaafConfigurationException { +    final String configValue = config.get(configParamKey); +    if (StringUtils.isEmpty(configValue)) { +      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_04, new Object[] { configParamKey }); + +    } +    return configValue;    } +  } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java index 8584d63f..67d87b0d 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java @@ -23,8 +23,9 @@ import java.security.NoSuchAlgorithmException;  import java.security.SecureRandom;  /** - * Holder for a secure random instance following the initialization on demand holder design pattern. - * The secure random instance is a singleton that is initialized on first usage. + * Holder for a secure random instance following the initialization on demand + * holder design pattern. The secure random instance is a singleton that is + * initialized on first usage.   *   * @author tknall   * diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java new file mode 100644 index 00000000..5aa5b3b5 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java @@ -0,0 +1,16 @@ +package at.gv.egiz.eaaf.core.impl.logging; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +public class EaafUtilsMessageSource implements IMessageSourceLocation { + +  @Override +  public List<String> getMessageSourceLocation() { +    return Arrays.asList("classpath:messages/eaaf_utils_message"); + +  } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java index 5715a7b6..0d394d19 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java @@ -1,11 +1,12 @@  package at.gv.egiz.eaaf.core.impl.logging;  import java.text.MessageFormat; +  import at.gv.egiz.eaaf.core.api.IStatusMessenger;  /** - * Simple {@link IStatusMessenger} implementation that formats messages by using. - * {@link MessageFormat} + * Simple {@link IStatusMessenger} implementation that formats messages by + * using. {@link MessageFormat}   *   * @author tlenz   * diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java index 8090585f..ef1f3fdc 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java @@ -23,7 +23,8 @@ import org.apache.commons.lang3.StringUtils;  import at.gv.egiz.eaaf.core.api.data.EaafConstants;  /** - * Builds a DataURL parameter meant for the security layer implementation to respond to. + * Builds a DataURL parameter meant for the security layer implementation to + * respond to.   *   * @author Paul Ivancsics   * @version $Id$ @@ -39,12 +40,13 @@ public class DataUrlBuilder {    /**     * Constructs a data URL for <code>VerifyIdentityLink</code> or -   * <code>VerifyAuthenticationBlock</code>, including the <code>MOASessionID</code> as a parameter. +   * <code>VerifyAuthenticationBlock</code>, including the +   * <code>MOASessionID</code> as a parameter.     * -   * @param authBaseUrl base URL (context path) of the MOA ID Authentication component, including a -   *        trailing <code>'/'</code> +   * @param authBaseUrl     base URL (context path) of the MOA ID Authentication +   *                        component, including a trailing <code>'/'</code>     * @param authServletName request part of the data URL -   * @param pendingReqId sessionID to be included in the dataURL +   * @param pendingReqId    sessionID to be included in the dataURL     * @return String     */    public String buildDataUrl(String authBaseUrl, String authServletName, @@ -70,10 +72,10 @@ public class DataUrlBuilder {    /**     * Method addParameter. -   *  +   *     * @param urlString represents the url     * @param paramname is the parameter to be added -   * @param value is the value of that parameter +   * @param value     is the value of that parameter     * @return String     */    private String addParameter(final String urlString, final String paramname, final String value) { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java index 943d3dad..7cb551e2 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java @@ -17,8 +17,6 @@   * works that you distribute must include a readable copy of the "NOTICE" text file.   */ - -  package at.gv.egiz.eaaf.core.impl.utils;  import java.io.BufferedInputStream; @@ -31,6 +29,7 @@ import java.io.OutputStream;  import java.net.MalformedURLException;  import java.net.URI;  import java.net.URL; +  import org.apache.commons.lang3.StringUtils;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; @@ -38,7 +37,6 @@ import org.slf4j.LoggerFactory;  public class FileUtils {    private static final Logger log = LoggerFactory.getLogger(FileUtils.class); -    /**     * Reads a file, given by URL, into a byte array.     * @@ -72,7 +70,7 @@ public class FileUtils {    /**     * Reads a file from a resource.     * -   * @param name filename +   * @param name     filename     * @param encoding character encoding     * @return file content     * @throws IOException on any exception thrown @@ -82,11 +80,11 @@ public class FileUtils {      return new String(content, encoding);    } -    /** -   * Returns the absolute URL of a given url which is relative to the parameter root. +   * Returns the absolute URL of a given url which is relative to the parameter +   * root.     * -   * @param url Filepath +   * @param url  Filepath     * @param root configuration root context     * @return absolut filepath     * @throws MalformedURLException In case of a filepath error @@ -102,9 +100,10 @@ public class FileUtils {    }    /** -   * Returns the absolute URL of a given url which is relative to the parameter root. +   * Returns the absolute URL of a given url which is relative to the parameter +   * root.     * -   * @param url Filepath +   * @param url  Filepath     * @param root configuration root context     * @return absolut filepath     */ @@ -145,7 +144,6 @@ public class FileUtils {      }    } -    private static void copy(final InputStream fis, final OutputStream fos) {      try {        final byte[] buffer = new byte[0xFFFF]; @@ -161,7 +159,7 @@ public class FileUtils {    /**     * Copy file from source to destination.     * -   * @param src File source +   * @param src  File source     * @param dest file destination     */    public static void copyFile(final File src, final File dest) { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java index c60fcd7f..ade0c28d 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java @@ -1,18 +1,15 @@  package at.gv.egiz.eaaf.core.impl.utils; -import java.io.IOException; -import java.io.InputStream;  import java.security.KeyManagementException;  import java.security.KeyStore;  import java.security.KeyStoreException;  import java.security.NoSuchAlgorithmException;  import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; +  import javax.annotation.PostConstruct;  import javax.net.ssl.HostnameVerifier;  import javax.net.ssl.SSLContext; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +  import org.apache.commons.lang3.StringUtils;  import org.apache.http.HttpRequest;  import org.apache.http.HttpResponse; @@ -38,18 +35,27 @@ import org.apache.http.impl.client.HttpClients;  import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;  import org.apache.http.protocol.HttpContext;  import org.apache.http.ssl.SSLContexts; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory;  import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource;  import org.springframework.core.io.ResourceLoader; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import lombok.extern.slf4j.Slf4j; + +@Slf4j  public class HttpClientFactory implements IHttpClientFactory { -  private static final Logger log = LoggerFactory.getLogger(HttpClientFactory.class); +    @Autowired(required = true)    private IConfiguration basicConfig; +      @Autowired(required = true)    ResourceLoader resourceLoader; +   +  @Autowired private EaafKeyStoreFactory keyStoreFactory;    public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE =        "client.http.connection.pool.use"; @@ -73,6 +79,8 @@ public class HttpClientFactory implements IHttpClientFactory {        "client.auth.ssl.keystore.path";    public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD =        "client.auth.ssl.keystore.password"; +  private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME =  +      "client.auth.ssl.keystore.name";    public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE =        "client.auth.ssl.keystore.type";    public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD = @@ -127,47 +135,6 @@ public class HttpClientFactory implements IHttpClientFactory {    } -  public enum KeyStoreType { -    PKCS12("pkcs12"), JKS("jks"); - -    private final String type; - -    KeyStoreType(final String type) { -      this.type = type; -    } - -    /** -     * Get the KeyStore type. -     * -     * @return -     */ -    public String getType() { -      return this.type; -    } - -    /** -     * Get Keystore type from configuration. -     * -     * @param s String representation for keyStore type -     * @return -     */ -    public static KeyStoreType fromString(final String s) { -      try { -        return KeyStoreType.valueOf(s.toUpperCase()); - -      } catch (IllegalArgumentException | NullPointerException e) { -        return null; -      } -    } - -    @Override -    public String toString() { -      return getType(); - -    } - -  } -    private HttpClientBuilder httpClientBuilder = null;    /* @@ -246,7 +213,6 @@ public class HttpClientFactory implements IHttpClientFactory {      // set pool connection if required      injectConnectionPoolIfRequired(sslConnectionFactory); -    }    private void injectBasicAuthenticationIfRequired(final ClientAuthMode clientAuthMode) { @@ -286,54 +252,39 @@ public class HttpClientFactory implements IHttpClientFactory {      final String keyPasswordString =          basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD);      log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); -    final char[] keyPassword = (keyPasswordString == null) ? StringUtils.EMPTY.toCharArray() +    final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()          : keyPasswordString.toCharArray();      return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build();    }    private KeyStore getSslAuthKeyStore() throws EaafConfigurationException { -    final KeyStoreType keyStoreType = KeyStoreType.fromString(basicConfig.getBasicConfiguration( -        PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getType())); +    final String keyStoreType = basicConfig.getBasicConfiguration( +        PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType());      final String localKeyStorePath = basicConfig          .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY);      final String keyStorePassword = basicConfig          .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY); +    final String keyStoreName = basicConfig +        .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY);      try { +      KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); +      keyStoreConfig.setKeyStoreType(keyStoreType); +      keyStoreConfig.setFriendlyName("HttpClient Keystore"); +      keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath); +      keyStoreConfig.setSoftKeyStorePassword(keyStorePassword); +      keyStoreConfig.setKeyStoreName(keyStoreName); +              log.debug("Open keyStore with type: {}", keyStoreType); -      KeyStore clientStore; -      if (keyStoreType.equals(KeyStoreType.PKCS12)) { -        clientStore = KeyStore.getInstance("pkcs12"); -      } else { -        clientStore = KeyStore.getInstance("JKS"); -      } - - -      log.debug("Read keyStore path: {} from configuration", localKeyStorePath); -      if (StringUtils.isNotEmpty(localKeyStorePath)) { -        final String absFilePath = FileUtils.makeAbsoluteUrl(localKeyStorePath, -            basicConfig.getConfigurationRootDirectory()); -        final Resource ressource = resourceLoader.getResource(absFilePath); -        final InputStream is = ressource.getInputStream(); -        log.trace("Load keyStore: {} with password: {}", absFilePath, keyStorePassword); -        clientStore.load(is, keyStorePassword.toCharArray()); -        is.close(); - -        return clientStore; - -      } else { -        log.warn("Path to keyStore for SSL Client-Authentication is empty or null"); -        throw new EaafConfigurationException( -            "Path to keyStore for SSL Client-Authentication is empty or null", new Object[] {}); - -      } - -    } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException -        | IOException e) { +      KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig); +       +      return keyStore; +       +    } catch (final EaafException e) {        log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e);        throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem", -          new Object[] {localKeyStorePath}, e); +          new Object[] { localKeyStorePath }, e);      } @@ -413,9 +364,6 @@ public class HttpClientFactory implements IHttpClientFactory {      } -    } - -  } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java index 1f7601d8..66356ba0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java @@ -19,18 +19,17 @@  package at.gv.egiz.eaaf.core.impl.utils;  import javax.servlet.http.HttpServletRequest; -import org.apache.commons.lang3.StringUtils; - +import org.apache.commons.lang3.StringUtils;  public class HttpUtils { -    /**     * Helper method to retrieve server URL including context path.     *     * @param request HttpServletRequest -   * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth +   * @return Server URL including context path (e.g. +   *         http://localhost:8443/moa-id-auth     */    public static String getBaseUrl(final HttpServletRequest request) {      final StringBuffer buffer = new StringBuffer(getServerUrl(request)); @@ -101,8 +100,8 @@ public class HttpUtils {    /**     * Add a http GET parameter to URL.     * -   * @param url URL -   * @param paramname Name of the parameter. +   * @param url        URL +   * @param paramname  Name of the parameter.     * @param paramvalue Value of the parameter.     * @return     */ diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java index 0dc00573..f922e1ac 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java @@ -5,7 +5,8 @@ import org.apache.http.impl.client.CloseableHttpClient;  public interface IHttpClientFactory {    /** -   * Return an instance of a Apache HTTP client that follows http redirects automatically. +   * Return an instance of a Apache HTTP client that follows http redirects +   * automatically.     *     * @return     */ @@ -14,7 +15,8 @@ public interface IHttpClientFactory {    /**     * Return an instance of a Apache HTTP client.     * -   * @param followRedirects if <code>false</code>, the client does not flow 30x http redirects +   * @param followRedirects if <code>false</code>, the client does not flow 30x +   *                        http redirects     * @return     */    CloseableHttpClient getHttpClient(boolean followRedirects); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java index 18ddf422..99b87819 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java @@ -17,8 +17,6 @@   * works that you distribute must include a readable copy of the "NOTICE" text file.   */ - -  package at.gv.egiz.eaaf.core.impl.utils;  import java.io.BufferedInputStream; @@ -50,16 +48,14 @@ public class KeyStoreUtils {     */    private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12"; - -    /**     * Loads a key store from file.     *     * @param keystoreType key store type -   * @param urlString URL of key store -   * @param password password protecting the key store +   * @param urlString    URL of key store +   * @param password     password protecting the key store     * @return key store loaded -   * @throws IOException thrown while reading the key store from file +   * @throws IOException              thrown while reading the key store from file     * @throws GeneralSecurityException thrown while creating the key store     */    public static KeyStore loadKeyStore(final String keystoreType, final String urlString, @@ -74,10 +70,10 @@ public class KeyStoreUtils {     * Load a KeyStore from Filesystem.     *     * @param keyStorePath Path to KeyStore -   * @param password KeyStore password +   * @param password     KeyStore password     * @return KeyStore     * @throws KeyStoreException In case of a keystore error -   * @throws IOException In case of a general read error +   * @throws IOException       In case of a general read error     */    public static KeyStore loadKeyStore(final String keyStorePath, final String password)        throws KeyStoreException, IOException { @@ -89,13 +85,15 @@ public class KeyStoreUtils {    }    /** -   * Loads a key store from an <code>InputStream</code>, and closes the <code>InputStream</code>. +   * Loads a key store from an <code>InputStream</code>, and closes the +   * <code>InputStream</code>.     *     * @param keystoreType key store type -   * @param in input stream -   * @param password password protecting the key store +   * @param in           input stream +   * @param password     password protecting the key store     * @return key store loaded -   * @throws IOException thrown while reading the key store from the stream +   * @throws IOException              thrown while reading the key store from the +   *                                  stream     * @throws GeneralSecurityException thrown while creating the key store     */    public static KeyStore loadKeyStore(final String keystoreType, final InputStream in, @@ -114,11 +112,11 @@ public class KeyStoreUtils {    /**     * Loads a keyStore without knowing the keyStore type.     * -   * @param is input stream +   * @param is       input stream     * @param password Password protecting the keyStore     * @return keyStore loaded     * @throws KeyStoreException thrown if keyStore cannot be loaded -   * @throws IOException In case of a general error +   * @throws IOException       In case of a general error     */    public static KeyStore loadKeyStore(final InputStream is, final String password)        throws KeyStoreException, IOException { @@ -140,10 +138,10 @@ public class KeyStoreUtils {    }    /** -   * Creates a key store from X509 certificate files, aliasing them with the index in the -   * <code>String[]</code>, starting with <code>"0"</code>. +   * Creates a key store from X509 certificate files, aliasing them with the index +   * in the <code>String[]</code>, starting with <code>"0"</code>.     * -   * @param keyStoreType key store type +   * @param keyStoreType  key store type     * @param certFilenames certificate filenames     * @return key store created     * @throws Exception In case of an error @@ -192,6 +190,4 @@ public class KeyStoreUtils {      }    } - -  } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java index 929d2994..0c5eeb40 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java @@ -28,8 +28,10 @@ import java.util.Map;  import java.util.Map.Entry;  import java.util.Properties;  import java.util.Set; +  import javax.annotation.Nonnull;  import javax.annotation.Nullable; +  import org.apache.commons.lang3.StringUtils;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; @@ -49,8 +51,7 @@ public class KeyValueUtils {    public static final String DEFAULT_VALUE = "default";    /** -   * Convert Java properties into a Map String/String. -   * <br> +   * Convert Java properties into a Map String/String. <br>     * <b>Important:</b> The key/values from properties must be of type String!     *     * @param properties Java {@link Properties} that should be converted @@ -72,7 +73,7 @@ public class KeyValueUtils {    /**     * Extract the first child of an input key after a the prefix.     * -   * @param key Full input key +   * @param key    Full input key     * @param prefix Prefix     * @return Child key {String} if it exists or null     */ @@ -82,11 +83,11 @@ public class KeyValueUtils {        final int index = idAfterPrefix.indexOf(KEY_DELIMITER);        if (index > 0) {          final String adding = idAfterPrefix.substring(0, index); -        if (!(adding.isEmpty())) { +        if (!adding.isEmpty()) {            return adding;          } -      } else if (!(idAfterPrefix.isEmpty())) { +      } else if (!idAfterPrefix.isEmpty()) {          return idAfterPrefix;        } @@ -98,9 +99,10 @@ public class KeyValueUtils {    /**     * Extract the prefix from an input key.     * -   * @param key Full input key +   * @param key    Full input key     * @param suffix Suffix of this key -   * @return Prefix {String} of the key or null if input key does not ends with postfix string +   * @return Prefix {String} of the key or null if input key does not ends with +   *         postfix string     */    public static String getPrefixFromKey(final String key, final String suffix) {      if (key != null && suffix != null && key.endsWith(suffix)) { @@ -118,9 +120,10 @@ public class KeyValueUtils {    /**     * Remove a prefix string from a key.     * -   * @param key Full input key +   * @param key    Full input key     * @param prefix Prefix, which should be removed -   * @return The suffix of the input key or null if the input does not starts with the prefix +   * @return The suffix of the input key or null if the input does not starts with +   *         the prefix     */    public static String removePrefixFromKey(final String key, String prefix) {      if (prefix == null) { @@ -145,9 +148,10 @@ public class KeyValueUtils {    /**     * Remove a prefix string from all keys in Map String/String of key/value pairs.     * -   * @param keys Input data of key/value pairs +   * @param keys   Input data of key/value pairs     * @param prefix Prefix which should be removed -   * @return Map String/String of key/value pairs without prefix in key, but never null +   * @return Map String/String of key/value pairs without prefix in key, but never +   *         null     */    public static Map<String, String> removePrefixFromKeys(final Map<String, String> keys,        final String prefix) { @@ -165,26 +169,29 @@ public class KeyValueUtils {    }    /** -   * Get a subset of key/value pairs which starts with a prefix string The Prefix is removed from -   * the key. +   * Get a subset of key/value pairs which starts with a prefix string The Prefix +   * is removed from the key.     * -   * @param keys Input data of key/value pairs +   * @param keys   Input data of key/value pairs     * @param prefix Prefix string -   * @return Map String/String of key/value pairs without prefix in key, but never null +   * @return Map String/String of key/value pairs without prefix in key, but never +   *         null     */    public static Map<String, String> getSubSetWithPrefix(final Map<String, String> keys,        final String prefix) {      return removePrefixFromKeys(keys, prefix);    } -    /** -   * Add a prefix to key/value pairs to make the key absolute according to key namespace convention. +   * Add a prefix to key/value pairs to make the key absolute according to key +   * namespace convention.     * -   * @param input Input key/value pairs which should be updated -   * @param prefix Key prefix, which should be added if the key is not absolute +   * @param input             Input key/value pairs which should be updated +   * @param prefix            Key prefix, which should be added if the key is not +   *                          absolute     * @param absolutIdentifier Key identifier, which indicates an absolute key -   * @return Map String/String of key/value pairs in which all keys are absolute but never null +   * @return Map String/String of key/value pairs in which all keys are absolute +   *         but never null     */    public static Map<String, String> makeKeysAbsolut(final Map<String, String> input,        final String prefix, final String absolutIdentifier) { @@ -225,7 +232,7 @@ public class KeyValueUtils {    /**     * Find the highest free list counter.     * -   * @param input Array of list keys +   * @param input      Array of list keys     * @param listPrefix {String} prefix of the list     * @return {int} highest free list counter     */ @@ -247,7 +254,7 @@ public class KeyValueUtils {    /**     * Find the highest free list counter.     * -   * @param keySet Set of list keys +   * @param keySet     Set of list keys     * @param listPrefix {String} prefix of the list     * @return {int} highest free list counter     */ @@ -261,13 +268,12 @@ public class KeyValueUtils {      return findNextFreeListCounter(array, listPrefix);    } -    /**     * Normalize a CSV encoded list of value of an key/value pair.     *     * <p> -   * This method removes all whitespace at the begin or the end of CSV values and remove newLine -   * signs at the end of value. The ',' is used as list delimiter +   * This method removes all whitespace at the begin or the end of CSV values and +   * remove newLine signs at the end of value. The ',' is used as list delimiter     * </p>     *     * @param value CSV encoded input data @@ -289,7 +295,6 @@ public class KeyValueUtils {      return normalizedCodes;    } -    /**     * Check a String if it is a comma separated list of values.     * @@ -298,7 +303,8 @@ public class KeyValueUtils {     * </p>     *     * @param value CSV encoded input data -   * @return true if the input data contains a ',' and has more then 1 list element, otherwise false +   * @return true if the input data contains a ',' and has more then 1 list +   *         element, otherwise false     */    public static boolean isCsvValueString(final String value) {      if (StringUtils.isNotEmpty(value)) { @@ -316,8 +322,8 @@ public class KeyValueUtils {    /**     * Convert a CSV list to a List of CSV values. <br>     * <br> -   * This method removes all whitespace at the begin or the end of CSV values and remove newLine -   * signs at the end of value. The ',' is used as list delimiter +   * This method removes all whitespace at the begin or the end of CSV values and +   * remove newLine signs at the end of value. The ',' is used as list delimiter     *     * @param csv CSV encoded input data     * @return List of CSV normalized values, but never null @@ -338,8 +344,8 @@ public class KeyValueUtils {    /**     * Convert a List of String elements to a Map of Key/Value pairs. <br> -   * Every List element used as a key/value pair and the '=' sign represents the delimiter between -   * key and value +   * Every List element used as a key/value pair and the '=' sign represents the +   * delimiter between key and value     *     * @param elements List of key/value elements     * @return Map of Key / Value pairs, but never null diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java index 755c4431..5d2a11d0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java @@ -17,18 +17,18 @@   * works that you distribute must include a readable copy of the "NOTICE" text file.  */ - -  package at.gv.egiz.eaaf.core.impl.utils;  import java.util.ListIterator; +  import org.w3c.dom.DOMException;  import org.w3c.dom.Node;  import org.w3c.dom.traversal.NodeFilter;  import org.w3c.dom.traversal.NodeIterator;  /** - * A <code>NodeIterator</code> implementation based on a <code>ListIterator</code>. + * A <code>NodeIterator</code> implementation based on a + * <code>ListIterator</code>.   *   * @see java.util.ListIterator   * @see org.w3c.dom.traversal.NodeIterator @@ -48,31 +48,26 @@ public class NodeIteratorAdapter implements NodeIterator {      this.nodeIterator = nodeIterator;    } -    @Override    public Node getRoot() {      return null;    } -    @Override    public int getWhatToShow() {      return NodeFilter.SHOW_ALL;    } -    @Override    public NodeFilter getFilter() {      return null;    } -    @Override    public boolean getExpandEntityReferences() {      return false;    } -    @Override    public Node nextNode() throws DOMException {      if (nodeIterator.hasNext()) { @@ -81,7 +76,6 @@ public class NodeIteratorAdapter implements NodeIterator {      return null;    } -    @Override    public Node previousNode() throws DOMException {      if (nodeIterator.hasPrevious()) { @@ -90,7 +84,6 @@ public class NodeIteratorAdapter implements NodeIterator {      return null;    } -    @Override    public void detach() { diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java index a942f75e..83a6725c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java @@ -17,11 +17,10 @@   * works that you distribute must include a readable copy of the "NOTICE" text file.  */ - -  package at.gv.egiz.eaaf.core.impl.utils;  import java.util.List; +  import org.w3c.dom.Node;  import org.w3c.dom.NodeList; @@ -45,13 +44,11 @@ public class NodeListAdapter implements NodeList {      this.nodeList = nodeList;    } -    @Override    public Node item(final int index) {      return (Node) nodeList.get(index);    } -    @Override    public int getLength() {      return nodeList.size(); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java index 14d54b0b..aedbbb7f 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java @@ -19,7 +19,6 @@  package at.gv.egiz.eaaf.core.impl.utils; -  import java.io.UnsupportedEncodingException;  import java.nio.ByteBuffer;  import java.security.NoSuchAlgorithmException; @@ -27,12 +26,13 @@ import java.security.SecureRandom;  import java.text.DateFormat;  import java.text.SimpleDateFormat;  import java.util.Date; -import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder; +  import org.apache.commons.codec.binary.Hex;  import org.apache.commons.lang3.ArrayUtils;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; +import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder;  /**   * Random number generator used to generate ID's. @@ -44,9 +44,9 @@ public class Random {    private static final Logger log = LoggerFactory.getLogger(Random.class);    private static final char[] allowedPreFix = -      {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', +      { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',            's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', -          'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'}; +          'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };    /** random number generator used. */    private static SecureRandom random; @@ -63,14 +63,14 @@ public class Random {      } -      // random = iaik.security.random.SHA256FIPS186Random.getDefault();    }    /** -   * Generate a unique process reference-value [160bit], which always starts with a letter <br> -   * This unique ID consists of single letter, a 64bit date String[yyyyddMM], and a 88bit random -   * value. +   * Generate a unique process reference-value [160bit], which always starts with +   * a letter <br> +   * This unique ID consists of single letter, a 64bit date String[yyyyddMM], and +   * a 88bit random value.     *     * @return 160bit ID, which is hex encoded     */ @@ -98,12 +98,8 @@ public class Random {      } - -    } - -    /**     * Creates a new random number [256bit], and encode it as hex value.     * diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java index ee88c4bb..bc770a8c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java @@ -8,17 +8,13 @@ import java.security.spec.InvalidKeySpecException;  import java.security.spec.KeySpec;  import java.util.Arrays;  import java.util.Base64; +  import javax.annotation.PostConstruct;  import javax.crypto.Mac;  import javax.crypto.SecretKey;  import javax.crypto.SecretKeyFactory;  import javax.crypto.spec.PBEKeySpec; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; -import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +  import org.apache.commons.lang3.StringUtils;  import org.joda.time.DateTime;  import org.joda.time.DurationFieldType; @@ -30,9 +26,16 @@ import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.lang.NonNull;  import org.springframework.lang.Nullable; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +  /** - * PendingRequestId generation strategy based on signed tokens that facilitates extended token - * validation. + * PendingRequestId generation strategy based on signed tokens that facilitates + * extended token validation.   *   * @author tlenz   * @@ -78,7 +81,7 @@ public class SecurePendingRequestIdGenerationStrategy            .encodeToString(externalPendingRequestId.toString().getBytes("UTF-8"));      } catch (final UnsupportedEncodingException e) { -      throw new EaafException("internal.99", new Object[] {e.getMessage()}, e); +      throw new EaafException("internal.99", new Object[] { e.getMessage() }, e);      } @@ -131,7 +134,6 @@ public class SecurePendingRequestIdGenerationStrategy        return internalPendingReqId; -      } catch (final IllegalArgumentException | EaafIllegalStateException e) {        log.warn("Token is NOT a valid String. Msg: {}", e.getMessage());        log.debug("TokenValue: {}", externalPendingReqId); @@ -177,7 +179,6 @@ public class SecurePendingRequestIdGenerationStrategy    } -    @PostConstruct    private void initialize() throws EaafConfigurationException {      log.debug("Initializing " + this.getClass().getName() + " ... "); @@ -186,7 +187,7 @@ public class SecurePendingRequestIdGenerationStrategy          baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET);      if (StringUtils.isEmpty(pendingReqIdDigistSecret)) {        throw new EaafConfigurationException("config.08", -          new Object[] {CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET}); +          new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET });      }      digistAlgorithm = baseConfig.getBasicConfiguration( @@ -201,11 +202,10 @@ public class SecurePendingRequestIdGenerationStrategy        final KeySpec spec = new PBEKeySpec(pendingReqIdDigistSecret.toCharArray(), salt, 10000, 128);        key = keyFactory.generateSecret(spec); -      } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {        log.error("Can NOT initialize TokenService with configuration object", e);        throw new EaafConfigurationException("config.09", -          new Object[] {CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key"}, +          new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key" },            e);      } @@ -229,7 +229,7 @@ public class SecurePendingRequestIdGenerationStrategy      } catch (UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeyException e) {        log.error("Can NOT generate secure pendingRequestId", e);        throw new EaafIllegalStateException( -          new Object[] {"Can NOT caluclate digist for secure pendingRequestId"}, e); +          new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e);      } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java index 049f7175..78f0cdec 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java @@ -1,11 +1,13 @@  package at.gv.egiz.eaaf.core.impl.utils; +import org.apache.commons.lang3.StringUtils; +  import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;  import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; -import org.apache.commons.lang3.StringUtils;  /** - * Simple pendingRequestId generation strategy that facilitates no extended validation. + * Simple pendingRequestId generation strategy that facilitates no extended + * validation.   *   * @author tlenz   * @@ -34,8 +36,6 @@ public class SimplePendingRequestIdGenerationStrategy            "PendingRequestId is empty or null");      } - -      return externalPendingReqId;    } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java index 795b71f7..22a6de2b 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java @@ -17,8 +17,6 @@   * works that you distribute must include a readable copy of the "NOTICE" text file.   */ - -  package at.gv.egiz.eaaf.core.impl.utils;  import java.io.ByteArrayOutputStream; @@ -39,8 +37,8 @@ public class StreamUtils {     *     * @param is1 The 1st <code>InputStream</code> to compare.     * @param is2 The 2nd <code>InputStream</code> to compare. -   * @return boolean <code>true</code>, if both streams contain the exactly the same content, -   *         <code>false</code> otherwise. +   * @return boolean <code>true</code>, if both streams contain the exactly the +   *         same content, <code>false</code> otherwise.     * @throws IOException An error occurred reading one of the streams.     */    public static boolean compareStreams(final InputStream is1, final InputStream is2) @@ -83,10 +81,11 @@ public class StreamUtils {    /**     * Compare two byte arrays, up to a given maximum length.     * -   * @param b1 1st byte array to compare. -   * @param b2 2nd byte array to compare. +   * @param b1     1st byte array to compare. +   * @param b2     2nd byte array to compare.     * @param length The maximum number of bytes to compare. -   * @return <code>true</code>, if the byte arrays are equal, <code>false</code> otherwise. +   * @return <code>true</code>, if the byte arrays are equal, <code>false</code> +   *         otherwise.     */    private static boolean compareBytes(final byte[] b1, final byte[] b2, final int length) {      if (b1.length != b2.length) { @@ -115,8 +114,8 @@ public class StreamUtils {      copyStream(in, out, null);      /* -     * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = in.read()) >= 0) -     * out.write(b); +     * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = +     * in.read()) >= 0) out.write(b);       *       */      in.close(); @@ -126,10 +125,11 @@ public class StreamUtils {    /**     * Reads a <code>String</code> from a stream, using given encoding.     * -   * @param in The <code>InputStream</code> to read. +   * @param in       The <code>InputStream</code> to read.     * @param encoding The character encoding to use for converting the bytes of the -   *        <code>InputStream</code> into a <code>String</code>. -   * @return The content of the given <code>InputStream</code> converted into a <code>String</code>. +   *                 <code>InputStream</code> into a <code>String</code>. +   * @return The content of the given <code>InputStream</code> converted into a +   *         <code>String</code>.     * @throws IOException on any exception thrown     */    public static String readStream(final InputStream in, final String encoding) throws IOException { @@ -137,23 +137,26 @@ public class StreamUtils {      copyStream(in, out, null);      /* -     * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = in.read()) >= 0) -     * out.write(b); +     * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = +     * in.read()) >= 0) out.write(b);       */      in.close();      return out.toString(encoding);    }    /** -   * Reads all data (until EOF is reached) from the given source to the destination stream. If the -   * destination stream is null, all data is dropped. It uses the given buffer to read data and -   * forward it. If the buffer is null, this method allocates a buffer. +   * Reads all data (until EOF is reached) from the given source to the +   * destination stream. If the destination stream is null, all data is dropped. +   * It uses the given buffer to read data and forward it. If the buffer is null, +   * this method allocates a buffer.     * -   * @param source The stream providing the data. -   * @param destination The stream that takes the data. If this is null, all data from source will -   *        be read and discarded. -   * @param buffer The buffer to use for forwarding. If it is null, the method allocates a buffer. -   * @exception IOException If reading from the source or writing to the destination fails. +   * @param source      The stream providing the data. +   * @param destination The stream that takes the data. If this is null, all data +   *                    from source will be read and discarded. +   * @param buffer      The buffer to use for forwarding. If it is null, the +   *                    method allocates a buffer. +   * @exception IOException If reading from the source or writing to the +   *                        destination fails.     */    private static void copyStream(final InputStream source, final OutputStream destination,        byte[] buffer) throws IOException { @@ -169,14 +172,15 @@ public class StreamUtils {        while ((bytesRead = source.read(buffer)) >= 0) {          destination.write(buffer, 0, bytesRead);        } -    }  +    }    }    // /**    // * Gets the stack trace of the <code>Throwable</code> passed in as a string.    // *    // * @param t The <code>Throwable</code>. -  // * @return a String representing the stack trace of the <code>Throwable</code>. +  // * @return a String representing the stack trace of the +  // <code>Throwable</code>.    // */    // public static String getStackTraceAsString(final Throwable t) {    // final ByteArrayOutputStream stackTraceBis = new ByteArrayOutputStream(); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java index 3875e587..d8976548 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java @@ -19,7 +19,6 @@  package at.gv.egiz.eaaf.core.impl.utils; -  import at.gv.egiz.eaaf.core.api.IRequest;  /** @@ -37,7 +36,8 @@ public class TransactionIdUtils {    /**     * Set all MDC variables from pending request to this threat context.<br> -   * These includes SessionID, TransactionID, and unique service-provider identifier +   * These includes SessionID, TransactionID, and unique service-provider +   * identifier     *     * @param pendingRequest Http request object     */ @@ -59,7 +59,6 @@ public class TransactionIdUtils {    } -    public static void setServiceProviderId(final String oaUniqueId) {      org.slf4j.MDC.put(MDC_SERVICEPROVIDER_ID, oaUniqueId); @@ -90,5 +89,4 @@ public class TransactionIdUtils {    } -  } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java index 00a31a13..72c183bf 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java @@ -8,9 +8,9 @@ import javax.security.auth.x500.X500Principal;  public class X509Utils {    /** -   * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should be the Hostname, -   * the last Element should be the Root Certificate. -   *  +   * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should +   * be the Hostname, the last Element should be the Root Certificate. +   *     * @param certs The first element must be the correct one.     * @return sorted Certificate Chain     */ diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties new file mode 100644 index 00000000..970b8e5a --- /dev/null +++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties @@ -0,0 +1,10 @@ +internal.keystore.00=HSM-Facade NOT INITIALIZED. KeyStore:{0} initialization failed  +internal.keystore.01=KeyStore:{0} configuration has an unsupported type in configuration. +internal.keystore.02=Type:{1} of KeyStore:{0} is NOT SUPPORTED yet. +internal.keystore.03=HSM-Facade initialization failed with a generic error: {0} +internal.keystore.04=HSM-Facade has a wrong configuration. Missing property: {0} +internal.keystore.05=HSM-Facade has a wrong configuration. Property: {0} Reason:{1}   +internal.keystore.06=KeyStore: {0} initialization failed. Reason: {1} + + + diff --git a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml new file mode 100644 index 00000000..7568f423 --- /dev/null +++ b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +  xmlns:context="http://www.springframework.org/schema/context" +  xmlns:tx="http://www.springframework.org/schema/tx" +  xmlns:aop="http://www.springframework.org/schema/aop" +  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd +    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd +    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd +    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" > +         +  <bean id="eaafKeyStoreFactory" +        class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" /> + +  <bean id="eaafUtilsMessageSource" +        class="at.gv.egiz.eaaf.core.impl.logging.EaafUtilsMessageSource" /> + +  +</beans>
\ No newline at end of file | 
