Merge branch 'nightlyBuild' of gitlab.iaik.tugraz.at:egiz/eaaf_components into nightlyBuild

2 files changed, 92 insertions, 26 deletions

diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index 9c9c20af..02c7839b 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -7,7 +7,7 @@
   <parent>
     <groupId>at.gv.egiz</groupId>
     <artifactId>eaaf</artifactId>
-    <version>1.1.5-SNAPSHOT</version>
+    <version>1.1.6-SNAPSHOT</version>
   </parent>
   <groupId>at.gv.egiz.eaaf</groupId>
   <artifactId>eaaf_core_utils</artifactId>
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
index eafd8a04..81ebe1fe 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
@@ -162,42 +162,108 @@ public class HttpUtils {
       boolean trustAllServerCertificates, @Nonnull String friendlyName)
       throws EaafConfigurationException, EaafFactoryException {
     try {
-      log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
-      final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
-          : keyPasswordString.toCharArray();
-
       SSLContextBuilder sslContextBuilder = SSLContexts.custom();
-      if (keyStore.getSecond() != null) {
-        Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond());
-        log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext",
-            friendlyName, provider.getName());
-        sslContextBuilder.setProvider(provider);
-        
-      }
       
-      if (StringUtils.isNotEmpty(keyAlias)) {
-        sslContextBuilder = sslContextBuilder
-            .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias));
-
-      } else {
-        sslContextBuilder = sslContextBuilder
-            .loadKeyMaterial(keyStore.getFirst(), keyPassword);
-      }
-
-      if (trustAllServerCertificates) {
-        log.warn("Http-client:{} trusts ALL TLS server-certificates!");
-        final TrustStrategy trustStrategy = new TrustAllStrategy();
-        sslContextBuilder = sslContextBuilder.loadTrustMaterial(trustStrategy);
+      injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName);
+            
+      injectTrustStore(sslContextBuilder, null, trustAllServerCertificates, friendlyName);
+      
+      return sslContextBuilder.build();
 
-      }
+    } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException
+        | KeyStoreException e) {
+      throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e);
 
+    }
+  }
+  
+  /**
+   * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client
+   * authentication and a custom TrustStore as {@link KeyStore}.
+   *
+   * @param keyStore                   KeyStore with private keys that should be
+   *                                   used
+   * @param keyAlias                   Alias of the key that should be used. If
+   *                                   the alias is null, than the first key that
+   *                                   is found will be selected.
+   * @param keyPasswordString          Password of the Key in this keystore
+   * @param trustStore                 TrustStore with trusted SSL certificates
+   * @param trustAllServerCertificates Deactivate SSL server-certificate
+   *                                   validation
+   * @param friendlyName               FriendlyName of the http client for logging
+   *                                   purposes
+   * @return {@link SSLContext} with X509 client authentication
+   * @throws EaafConfigurationException In case of a configuration error
+   * @throws EaafFactoryException       In case of a {@link SSLContext}
+   *                                    initialization error
+   */
+  public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final Pair<KeyStore, Provider> keyStore,
+      @Nullable String keyAlias, @Nullable String keyPasswordString,
+      @Nullable final Pair<KeyStore, Provider> trustStore, boolean trustAllServerCertificates, 
+      @Nonnull String friendlyName)
+      throws EaafConfigurationException, EaafFactoryException {
+    try {
+      SSLContextBuilder sslContextBuilder = SSLContexts.custom();
+      
+      injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName);
+            
+      injectTrustStore(sslContextBuilder, trustStore, trustAllServerCertificates, friendlyName);
+      
       return sslContextBuilder.build();
 
     } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException
         | KeyStoreException e) {
       throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e);
 
+    }    
+  }
+  
+  private static void injectTrustStore(SSLContextBuilder sslContextBuilder,
+      Pair<KeyStore, Provider> trustStore, boolean trustAllServerCertificates, String friendlyName) 
+          throws NoSuchAlgorithmException, KeyStoreException {
+    
+    TrustStrategy trustStrategy = null;
+    if (trustAllServerCertificates) {
+      log.warn("Http-client:{} trusts ALL TLS server-certificates!", friendlyName);
+      trustStrategy = new TrustAllStrategy();
+      
+    }
+            
+    KeyStore trustStoreImpl = null;
+    if (trustStore != null) {
+      log.info("Http-client: {} uses custom TrustStore.", friendlyName);
+      trustStoreImpl = trustStore.getFirst();
+
+    } 
+              
+    sslContextBuilder.loadTrustMaterial(trustStoreImpl, trustStrategy);
+        
+  }
+
+  private static void injectKeyStore(SSLContextBuilder sslContextBuilder, Pair<KeyStore, Provider> keyStore,
+      String keyAlias, String keyPasswordString, String friendlyName) 
+          throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
+    if (keyStore.getSecond() != null) {
+      Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond());
+      log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext",
+          friendlyName, provider.getName());
+      sslContextBuilder.setProvider(provider);
+      
+    }
+    
+    log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
+    final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
+        : keyPasswordString.toCharArray();
+
+    if (StringUtils.isNotEmpty(keyAlias)) {
+      sslContextBuilder
+        .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias));
+
+    } else {
+      sslContextBuilder.loadKeyMaterial(keyStore.getFirst(), keyPassword);
+      
     }
+    
   }
 
 }