first steps in openSAML3 refactoring

1 files changed, 43 insertions, 24 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index 5c9bb6be..c0b015be 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -19,11 +19,22 @@
 
 package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.KeyStore;
+import java.security.KeyStoreException;
 import java.security.PrivateKey;
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.RSAPrivateKey;
 
+import javax.annotation.PostConstruct;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
+
 import org.apache.commons.lang3.StringUtils;
 import org.opensaml.xml.security.credential.Credential;
 import org.opensaml.xml.security.credential.UsageType;
@@ -32,14 +43,15 @@ import org.opensaml.xml.signature.Signature;
 import org.opensaml.xml.signature.SignatureConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
 
 public abstract class AbstractCredentialProvider {
 
+  @Autowired protected ResourceLoader resourceLoader;
+
   private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class);
 
   private KeyStore keyStore = null;
@@ -117,11 +129,6 @@ public abstract class AbstractCredentialProvider {
    */
   public X509Credential getIdpMetaDataSigningCredential() throws CredentialsNotAvailableException {
     try {
-
-      if (keyStore == null) {
-        keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
-      }
-
       final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
           getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray());
 
@@ -136,8 +143,7 @@ public abstract class AbstractCredentialProvider {
       }
       return credentials;
     } catch (final Exception e) {
-      log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials");
-      e.printStackTrace();
+      log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials", e);
       throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e);
     }
   }
@@ -150,10 +156,6 @@ public abstract class AbstractCredentialProvider {
    */
   public X509Credential getIdpAssertionSigningCredential() throws CredentialsNotAvailableException {
     try {
-      if (keyStore == null) {
-        keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
-      }
-
       final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
           getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray());
 
@@ -169,8 +171,7 @@ public abstract class AbstractCredentialProvider {
 
       return credentials;
     } catch (final Exception e) {
-      log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials");
-      e.printStackTrace();
+      log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials", e);
       throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e);
     }
   }
@@ -184,10 +185,6 @@ public abstract class AbstractCredentialProvider {
   public X509Credential getIdpAssertionEncryptionCredential()
       throws CredentialsNotAvailableException {
     try {
-      if (keyStore == null) {
-        keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword());
-      }
-
       // if no encryption key is configured return null
       if (StringUtils.isEmpty(getEncryptionKeyAlias())) {
         return null;
@@ -210,8 +207,7 @@ public abstract class AbstractCredentialProvider {
       return credentials;
 
     } catch (final Exception e) {
-      log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials");
-      e.printStackTrace();
+      log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials", e);
       throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e);
     }
   }
@@ -243,4 +239,27 @@ public abstract class AbstractCredentialProvider {
     return signer;
 
   }
+
+  @Lazy
+  @PostConstruct
+  private void initialize() throws Exception {
+    try {
+      final Resource ressource = resourceLoader.getResource(getKeyStoreFilePath());
+      final InputStream is = ressource.getInputStream();
+      keyStore = KeyStoreUtils.loadKeyStore(is, getKeyStorePassword());
+
+      if (keyStore == null) {
+        throw new EaafConfigurationException("module.00",
+            new Object[] {getFriendlyName(), "KeyStore initialization failed. Maybe wrong password"});
+
+      }
+
+    } catch (IOException | KeyStoreException | EaafException e) {
+      log.error("Can not initialize KeyStore for eIDAS authentication client.", e);
+      throw e;
+
+    }
+
+  }
+
 }