diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-07-03 10:45:45 +0200 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-07-03 10:45:45 +0200 |
commit | 103338c59196060b64402048b3073cb8132f3dca (patch) | |
tree | 7f332c380c499e7d8f9e77ed85c10ebf6f838334 /eaaf_core_utils | |
parent | 2d904ad1f2292d8ea45b6afeaf9ec214667477c6 (diff) | |
download | EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.tar.gz EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.tar.bz2 EAAF-Components-103338c59196060b64402048b3073cb8132f3dca.zip |
updaste KeyStoreFactory and KeyStoreUtils to fix incompatibility with Shibboleth IDP implementation
Diffstat (limited to 'eaaf_core_utils')
3 files changed, 68 insertions, 16 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index 8cbf1375..743a7318 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -300,28 +300,41 @@ public class EaafKeyStoreFactory { final String keyStorePassword = checkConfigurationParameter(config.getSoftKeyStorePassword(), ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing Password for KeyStore"); - final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig - .getConfigurationRootDirectory()); - final Resource ressource = resourceLoader.getResource(absKeyStorePath); + Resource ressource; + if (config.isSkipMakeAbsolutPaths()) { + log.debug("Use filepath from config: {}", keyStorePath); + ressource = resourceLoader.getResource(keyStorePath); + + } else { + final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig + .getConfigurationRootDirectory()); + log.debug("Use filepath from config: {}", absKeyStorePath); + + ressource = resourceLoader.getResource(absKeyStorePath); + + } + if (!ressource.exists()) { throw new EaafConfigurationException(ERRORCODE_05, new Object[] { config.getFriendlyName(), - "File not found at: " + absKeyStorePath }); + "RessourceLoader does NOT find File at: " + ressource.getURI() }); } final InputStream is = ressource.getInputStream(); - final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword); + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword, config.getKeyStoreType()); is.close(); - if (keyStore == null) { - throw new EaafFactoryException(ERRORCODE_06, - new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" }); - - } return Pair.newInstance(keyStore, null); - - } catch (KeyStoreException | IOException e) { + + } catch (EaafException e) { + throw e; + + } catch (IOException e) { + throw new EaafFactoryException(ERRORCODE_06, + new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" }); + + } catch (Exception e) { log.error("Software KeyStore initialization FAILED with an generic error.", e); throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java index 970efd22..c1a1d917 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java @@ -4,10 +4,9 @@ import java.util.Map; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; - import org.apache.commons.lang3.StringUtils; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import lombok.Getter; import lombok.Setter; import lombok.extern.slf4j.Slf4j; @@ -53,6 +52,12 @@ public class KeyStoreConfiguration { */ private String softKeyStorePassword; + + /** + * Use filePaths as it is and does not make it absolut. + */ + private boolean skipMakeAbsolutPaths = false; + /** * Build a {@link KeyStoreConfiguration} from a configuration map. <br> * <p> diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java index 99b87819..be51426c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java @@ -30,12 +30,16 @@ import java.security.KeyStoreException; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import lombok.extern.slf4j.Slf4j; + /** * Utility for creating and loading key stores. * * @author Paul Ivancsics * @version $Id$ */ +@Slf4j public class KeyStoreUtils { /** @@ -110,6 +114,32 @@ public class KeyStoreUtils { } /** + * Loads a keyStore with known keyStore type. + * + * @param is input stream + * @param password Password protecting the keyStore + * @param keyStoreType Type of the KeyStore + * @return loaded KeyStore + * @throws IOException In case of a general error + * @throws GeneralSecurityException In case of a KeyStore access error + */ + public static KeyStore loadKeyStore(final InputStream is, final String password, KeyStoreType keyStoreType) + throws IOException, GeneralSecurityException { + String internalType = KEYSTORE_TYPE_PKCS12; + if (keyStoreType.equals(KeyStoreType.JKS)) { + internalType = KEYSTORE_TYPE_JKS; + + } else if (keyStoreType.equals(KeyStoreType.PKCS12)) { + internalType = KEYSTORE_TYPE_PKCS12; + + } + + return loadKeyStore(internalType, is, password); + + } + + + /** * Loads a keyStore without knowing the keyStore type. * * @param is input stream @@ -125,14 +155,18 @@ public class KeyStoreUtils { try { try { ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password); + } catch (final IOException e2) { is.reset(); ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password); + } + } catch (final Exception e) { - e.printStackTrace(); - + log.warn("Can not load keystore", e); + } + return ks; } |