summaryrefslogtreecommitdiff
path: root/eaaf_core_utils
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-06-15 15:00:12 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-06-15 15:00:12 +0200
commit43a86470cfb621226fbffa609640bdd4a5d381eb (patch)
treeffa7df4a6cb290160bcc11af6a39d8df0e743005 /eaaf_core_utils
parent2566ca181ff46eaa23c5c94baf9f2a81f1a9287f (diff)
parent8003717dc8fb8e5a51f2376f09e0ea740e6eca8f (diff)
downloadEAAF-Components-43a86470cfb621226fbffa609640bdd4a5d381eb.tar.gz
EAAF-Components-43a86470cfb621226fbffa609640bdd4a5d381eb.tar.bz2
EAAF-Components-43a86470cfb621226fbffa609640bdd4a5d381eb.zip
Merge branch 'nightlyBuild' of gitlab.iaik.tugraz.at:egiz/eaaf_components into nightlyBuild
Diffstat (limited to 'eaaf_core_utils')
-rw-r--r--eaaf_core_utils/pom.xml2
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java116
2 files changed, 92 insertions, 26 deletions
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index 9c9c20af..02c7839b 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -7,7 +7,7 @@
<parent>
<groupId>at.gv.egiz</groupId>
<artifactId>eaaf</artifactId>
- <version>1.1.5-SNAPSHOT</version>
+ <version>1.1.6-SNAPSHOT</version>
</parent>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_core_utils</artifactId>
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
index eafd8a04..81ebe1fe 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
@@ -162,42 +162,108 @@ public class HttpUtils {
boolean trustAllServerCertificates, @Nonnull String friendlyName)
throws EaafConfigurationException, EaafFactoryException {
try {
- log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
- final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
- : keyPasswordString.toCharArray();
-
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
- if (keyStore.getSecond() != null) {
- Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond());
- log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext",
- friendlyName, provider.getName());
- sslContextBuilder.setProvider(provider);
-
- }
- if (StringUtils.isNotEmpty(keyAlias)) {
- sslContextBuilder = sslContextBuilder
- .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias));
-
- } else {
- sslContextBuilder = sslContextBuilder
- .loadKeyMaterial(keyStore.getFirst(), keyPassword);
- }
-
- if (trustAllServerCertificates) {
- log.warn("Http-client:{} trusts ALL TLS server-certificates!");
- final TrustStrategy trustStrategy = new TrustAllStrategy();
- sslContextBuilder = sslContextBuilder.loadTrustMaterial(trustStrategy);
+ injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName);
+
+ injectTrustStore(sslContextBuilder, null, trustAllServerCertificates, friendlyName);
+
+ return sslContextBuilder.build();
- }
+ } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException
+ | KeyStoreException e) {
+ throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e);
+ }
+ }
+
+ /**
+ * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client
+ * authentication and a custom TrustStore as {@link KeyStore}.
+ *
+ * @param keyStore KeyStore with private keys that should be
+ * used
+ * @param keyAlias Alias of the key that should be used. If
+ * the alias is null, than the first key that
+ * is found will be selected.
+ * @param keyPasswordString Password of the Key in this keystore
+ * @param trustStore TrustStore with trusted SSL certificates
+ * @param trustAllServerCertificates Deactivate SSL server-certificate
+ * validation
+ * @param friendlyName FriendlyName of the http client for logging
+ * purposes
+ * @return {@link SSLContext} with X509 client authentication
+ * @throws EaafConfigurationException In case of a configuration error
+ * @throws EaafFactoryException In case of a {@link SSLContext}
+ * initialization error
+ */
+ public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final Pair<KeyStore, Provider> keyStore,
+ @Nullable String keyAlias, @Nullable String keyPasswordString,
+ @Nullable final Pair<KeyStore, Provider> trustStore, boolean trustAllServerCertificates,
+ @Nonnull String friendlyName)
+ throws EaafConfigurationException, EaafFactoryException {
+ try {
+ SSLContextBuilder sslContextBuilder = SSLContexts.custom();
+
+ injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName);
+
+ injectTrustStore(sslContextBuilder, trustStore, trustAllServerCertificates, friendlyName);
+
return sslContextBuilder.build();
} catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException
| KeyStoreException e) {
throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e);
+ }
+ }
+
+ private static void injectTrustStore(SSLContextBuilder sslContextBuilder,
+ Pair<KeyStore, Provider> trustStore, boolean trustAllServerCertificates, String friendlyName)
+ throws NoSuchAlgorithmException, KeyStoreException {
+
+ TrustStrategy trustStrategy = null;
+ if (trustAllServerCertificates) {
+ log.warn("Http-client:{} trusts ALL TLS server-certificates!", friendlyName);
+ trustStrategy = new TrustAllStrategy();
+
+ }
+
+ KeyStore trustStoreImpl = null;
+ if (trustStore != null) {
+ log.info("Http-client: {} uses custom TrustStore.", friendlyName);
+ trustStoreImpl = trustStore.getFirst();
+
+ }
+
+ sslContextBuilder.loadTrustMaterial(trustStoreImpl, trustStrategy);
+
+ }
+
+ private static void injectKeyStore(SSLContextBuilder sslContextBuilder, Pair<KeyStore, Provider> keyStore,
+ String keyAlias, String keyPasswordString, String friendlyName)
+ throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
+ if (keyStore.getSecond() != null) {
+ Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond());
+ log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext",
+ friendlyName, provider.getName());
+ sslContextBuilder.setProvider(provider);
+
+ }
+
+ log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
+ final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
+ : keyPasswordString.toCharArray();
+
+ if (StringUtils.isNotEmpty(keyAlias)) {
+ sslContextBuilder
+ .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias));
+
+ } else {
+ sslContextBuilder.loadKeyMaterial(keyStore.getFirst(), keyPassword);
+
}
+
}
}