diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-12-28 15:51:42 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-12-28 15:51:42 +0100 |
commit | 495403c917a39fdeb3906f10ac8b997f68eb3875 (patch) | |
tree | 6797d9af002bbf384597ea016f9c7afa021692a3 /eaaf_core_utils/src | |
parent | 1aafdf3bbae55b09e6d28e97281797ba9e53aad0 (diff) | |
download | EAAF-Components-495403c917a39fdeb3906f10ac8b997f68eb3875.tar.gz EAAF-Components-495403c917a39fdeb3906f10ac8b997f68eb3875.tar.bz2 EAAF-Components-495403c917a39fdeb3906f10ac8b997f68eb3875.zip |
update to HSM-Facade v0.6.0 and add HealthCheck functionality
Diffstat (limited to 'eaaf_core_utils/src')
2 files changed, 75 insertions, 2 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index 1c6e6e76..63ad3d98 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -72,11 +72,14 @@ public class EaafKeyStoreFactory { private static final String HSM_FACADE_PROVIDER_METHOD_CONSTRUCT = "getInstance"; private static final String HSM_FACADE_PROVIDER_METHOD_INIT = "init"; private static final String HSM_FACADE_PROVIDER_METHOD_ISINITIALIZED = "isInitialized"; + private static final String HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK = "healthcheck"; private static final String HSM_FACADE_PROVIDER_INIT_ERROR_MSG = "Has HSM-Facade class supported '{}' method: {}"; private static final String HSM_FACADE_PROVIDER = "HsmFacade"; private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore"; + public enum HsmFacadeStatus { UP, DOWN, UNKNOWN } + @Autowired private IConfiguration basicConfig; @Autowired @@ -171,6 +174,44 @@ public class EaafKeyStoreFactory { return isHsmFacadeInitialized; } + + /** + * Get the current status for HSM-Facade interaction. + * + * @return {@link HsmFacadeStatus} to indicate the current status. + */ + public HsmFacadeStatus checkHsmFacadeStatus() { + if (isHsmFacadeInitialized()) { + final Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER); + if (alreadyLoadedProvider != null) { + try { + final Method healthCheck = + alreadyLoadedProvider.getClass().getMethod(HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK, new Class[]{}); + boolean currentHealthStatus = (boolean) healthCheck.invoke(alreadyLoadedProvider); + HsmFacadeStatus status = currentHealthStatus ? HsmFacadeStatus.UP : HsmFacadeStatus.DOWN; + log.trace("Current HSM-Facade status is: ", status); + return status; + + } catch (final Exception e) { + log.info("Can not determine state of alreay loaded HSM Facade: {} because HealthCheck not support", + alreadyLoadedProvider.getVersion()); + log.debug("Full HSM-Facade health-check exception", e); + return HsmFacadeStatus.UNKNOWN; + + } + + } else { + log.warn("HSM-Facade is marked as 'initialized', but not load as Security-Provider"); + return HsmFacadeStatus.DOWN; + } + + } else { + log.trace("HSM-Facade is not initialized. Set status do 'unknown'"); + return HsmFacadeStatus.UNKNOWN; + + } + } + @PostConstruct private void initialize() throws EaafException { @@ -354,7 +395,7 @@ public class EaafKeyStoreFactory { private Pair<KeyStore, Provider> getKeyStoreFromHsmFacade(String keyStoreName, String friendlyName) throws EaafFactoryException, EaafConfigurationException { final String validatedKeyStoreName = checkConfigurationParameter(keyStoreName, - ERRORCODE_06, friendlyName, "KeyStoreName missing for HSM Facade"); + ERRORCODE_06, friendlyName, "KeyStoreName missing for HSM Fac)ade"); try { final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER); diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index 6d1b63d7..24fb271f 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -288,6 +288,9 @@ public class EaafKeyStoreFactoryTest { Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); Assert.assertNull("KeyStore is null", keyStore.getSecond()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UNKNOWN, + keyStoreFactory.checkHsmFacadeStatus()); + } @Test @@ -607,17 +610,44 @@ public class EaafKeyStoreFactoryTest { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, + keyStoreFactory.checkHsmFacadeStatus()); } @Test @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeHealthCheckNoProvider() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + PATH_TO_HSM_FACADE_TRUST_CERT); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + Security.removeProvider("HsmFacade"); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.DOWN, + keyStoreFactory.checkHsmFacadeStatus()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeAlreadLoaded() { HsmFacadeProvider provider = HsmFacadeProvider.getInstance(); Security.addProvider(provider); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, + keyStoreFactory.checkHsmFacadeStatus()); } @@ -769,7 +799,9 @@ public class EaafKeyStoreFactoryTest { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); - + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, + keyStoreFactory.checkHsmFacadeStatus()); + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); keyStoreConfig.setKeyStoreName("authhandler"); |