summaryrefslogtreecommitdiff
path: root/eaaf_core_utils
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-07-03 10:45:45 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-07-03 10:45:45 +0200
commit103338c59196060b64402048b3073cb8132f3dca (patch)
tree7f332c380c499e7d8f9e77ed85c10ebf6f838334 /eaaf_core_utils
parent2d904ad1f2292d8ea45b6afeaf9ec214667477c6 (diff)
downloadEAAF-Components-103338c59196060b64402048b3073cb8132f3dca.tar.gz
EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.tar.bz2
EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.zip
updaste KeyStoreFactory and KeyStoreUtils to fix incompatibility with Shibboleth IDP implementation
Diffstat (limited to 'eaaf_core_utils')
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java37
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java9
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java38
3 files changed, 68 insertions, 16 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 8cbf1375..743a7318 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -300,28 +300,41 @@ public class EaafKeyStoreFactory {
final String keyStorePassword = checkConfigurationParameter(config.getSoftKeyStorePassword(),
ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing Password for KeyStore");
- final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig
- .getConfigurationRootDirectory());
- final Resource ressource = resourceLoader.getResource(absKeyStorePath);
+ Resource ressource;
+ if (config.isSkipMakeAbsolutPaths()) {
+ log.debug("Use filepath from config: {}", keyStorePath);
+ ressource = resourceLoader.getResource(keyStorePath);
+
+ } else {
+ final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig
+ .getConfigurationRootDirectory());
+ log.debug("Use filepath from config: {}", absKeyStorePath);
+
+ ressource = resourceLoader.getResource(absKeyStorePath);
+
+ }
+
if (!ressource.exists()) {
throw new EaafConfigurationException(ERRORCODE_05,
new Object[] { config.getFriendlyName(),
- "File not found at: " + absKeyStorePath });
+ "RessourceLoader does NOT find File at: " + ressource.getURI() });
}
final InputStream is = ressource.getInputStream();
- final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword);
+ final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword, config.getKeyStoreType());
is.close();
- if (keyStore == null) {
- throw new EaafFactoryException(ERRORCODE_06,
- new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" });
-
- }
return Pair.newInstance(keyStore, null);
-
- } catch (KeyStoreException | IOException e) {
+
+ } catch (EaafException e) {
+ throw e;
+
+ } catch (IOException e) {
+ throw new EaafFactoryException(ERRORCODE_06,
+ new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" });
+
+ } catch (Exception e) {
log.error("Software KeyStore initialization FAILED with an generic error.", e);
throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index 970efd22..c1a1d917 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -4,10 +4,9 @@ import java.util.Map;
import javax.annotation.Nonnull;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-
import org.apache.commons.lang3.StringUtils;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import lombok.Getter;
import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
@@ -53,6 +52,12 @@ public class KeyStoreConfiguration {
*/
private String softKeyStorePassword;
+
+ /**
+ * Use filePaths as it is and does not make it absolut.
+ */
+ private boolean skipMakeAbsolutPaths = false;
+
/**
* Build a {@link KeyStoreConfiguration} from a configuration map. <br>
* <p>
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
index 99b87819..be51426c 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
@@ -30,12 +30,16 @@ import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import lombok.extern.slf4j.Slf4j;
+
/**
* Utility for creating and loading key stores.
*
* @author Paul Ivancsics
* @version $Id$
*/
+@Slf4j
public class KeyStoreUtils {
/**
@@ -110,6 +114,32 @@ public class KeyStoreUtils {
}
/**
+ * Loads a keyStore with known keyStore type.
+ *
+ * @param is input stream
+ * @param password Password protecting the keyStore
+ * @param keyStoreType Type of the KeyStore
+ * @return loaded KeyStore
+ * @throws IOException In case of a general error
+ * @throws GeneralSecurityException In case of a KeyStore access error
+ */
+ public static KeyStore loadKeyStore(final InputStream is, final String password, KeyStoreType keyStoreType)
+ throws IOException, GeneralSecurityException {
+ String internalType = KEYSTORE_TYPE_PKCS12;
+ if (keyStoreType.equals(KeyStoreType.JKS)) {
+ internalType = KEYSTORE_TYPE_JKS;
+
+ } else if (keyStoreType.equals(KeyStoreType.PKCS12)) {
+ internalType = KEYSTORE_TYPE_PKCS12;
+
+ }
+
+ return loadKeyStore(internalType, is, password);
+
+ }
+
+
+ /**
* Loads a keyStore without knowing the keyStore type.
*
* @param is input stream
@@ -125,14 +155,18 @@ public class KeyStoreUtils {
try {
try {
ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password);
+
} catch (final IOException e2) {
is.reset();
ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password);
+
}
+
} catch (final Exception e) {
- e.printStackTrace();
-
+ log.warn("Can not load keystore", e);
+
}
+
return ks;
}