update EaafKeyStoreFactory to get the Security Provider if the KeyStore depends on a special provider implementation

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-17 17:54:04 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-17 17:54:04 +0100
commit: f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21 (patch)
tree: bd4f87cf6e131902e4f7637f4a36737e48748728 /eaaf_modules
parent: 7848c74de2cdafed8bee69d1d5b8e5efa7535bc6 (diff)
download: EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.gz
EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.bz2
EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.zip
2 files changed, 99 insertions, 94 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 259c21bf..1668752a 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -4,6 +4,7 @@ import java.io.IOException;
 import java.security.Key;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.Provider;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
@@ -12,6 +13,22 @@ import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.PostConstruct;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
+import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
+import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
+import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
+
 import org.apache.commons.lang3.StringUtils;
 import org.jose4j.jwa.AlgorithmConstraints;
 import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
@@ -32,35 +49,19 @@ import org.springframework.util.Base64Utils;
 import com.fasterxml.jackson.core.JsonParseException;
 import com.fasterxml.jackson.databind.JsonNode;
 
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
-import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
-import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.core.impl.utils.X509Utils;
-import at.gv.egiz.eaaf.modules.auth.sl20.Constants;
-import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException;
-import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException;
-
 @Service
 public class JsonSecurityUtils implements IJoseTools {
   private static final Logger log = LoggerFactory.getLogger(JsonSecurityUtils.class);
 
   private static final String FRIENDLYNAME_KEYSTORE = "SL2.0 KeyStore";
   private static final String FRIENDLYNAME_TRUSTSTORE = "SL2.0 TrustStore";
-  
+
   @Autowired(required = true) IConfiguration authConfig;
   @Autowired(required = true) EaafKeyStoreFactory keystoreFactory;
-  
-  private KeyStore keyStore;
-  private KeyStore trustStore;
- 
+
+  private Pair<KeyStore, Provider> keyStore;
+  private Pair<KeyStore, Provider> trustStore;
+
   private static JsonMapper mapper = new JsonMapper();
 
   @PostConstruct
@@ -68,36 +69,36 @@ public class JsonSecurityUtils implements IJoseTools {
     log.info("Initialize SL2.0 authentication security constrains ... ");
     try {
       //load KeyStore
-      KeyStoreConfiguration keyStoreConfig = buildKeyStoreConfiguration();
+      final KeyStoreConfiguration keyStoreConfig = buildKeyStoreConfiguration();
       keyStore = keystoreFactory.buildNewKeyStore(keyStoreConfig);
-      
+
       //load TrustStore
-      KeyStoreConfiguration trustStoreConfig = buildTrustStoreConfiguration();
+      final KeyStoreConfiguration trustStoreConfig = buildTrustStoreConfiguration();
       trustStore = keystoreFactory.buildNewKeyStore(trustStoreConfig);
-      
+
       //validate KeyStore entries
-      EaafKeyStoreUtils.getPrivateKeyAndCertificates(keyStore, getSigningKeyAlias(), 
+      EaafKeyStoreUtils.getPrivateKeyAndCertificates(keyStore.getFirst(), getSigningKeyAlias(),
               getSigningKeyPassword(), true, FRIENDLYNAME_KEYSTORE);
-      Pair<Key, X509Certificate[]> encCredentials = 
-          EaafKeyStoreUtils.getPrivateKeyAndCertificates(keyStore, getEncryptionKeyAlias(), 
+      final Pair<Key, X509Certificate[]> encCredentials =
+          EaafKeyStoreUtils.getPrivateKeyAndCertificates(keyStore.getFirst(), getEncryptionKeyAlias(),
               getEncryptionKeyPassword(), false, FRIENDLYNAME_TRUSTSTORE);
       if (encCredentials == null) {
         log.info("No encryption key for SL2.0 found. End-to-End encryption is not used.");
-        
+
       }
-      
+
       //validate TrustStore
-      List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(trustStore);
+      final List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(trustStore.getFirst());
       if (trustedCerts.isEmpty()) {
-        log.info("No certificates in TrustStore: {}. Signature validation will FAIL!", 
+        log.info("No certificates in TrustStore: {}. Signature validation will FAIL!",
             FRIENDLYNAME_TRUSTSTORE);
-        
+
       } else {
-        log.info("Find #{} certificates in TrustStore: {}", 
+        log.info("Find #{} certificates in TrustStore: {}",
             trustedCerts.size(), FRIENDLYNAME_TRUSTSTORE);
-    
+
       }
-      
+
       log.info("SL2.0 authentication security constrains initialized.");
 
     } catch (final RuntimeException e) {
@@ -124,9 +125,9 @@ public class JsonSecurityUtils implements IJoseTools {
 
       // set signing information
       jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
-      Pair<Key, X509Certificate[]> signingCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates(keyStore, 
-          getSigningKeyAlias(), getSigningKeyPassword(), true, FRIENDLYNAME_KEYSTORE);
-      
+      final Pair<Key, X509Certificate[]> signingCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+          keyStore.getFirst(), getSigningKeyAlias(), getSigningKeyPassword(), true, FRIENDLYNAME_KEYSTORE);
+
       jws.setKey(signingCred.getFirst());
 
       // TODO:
@@ -218,8 +219,8 @@ public class JsonSecurityUtils implements IJoseTools {
           SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING
               .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()]));
 
-      final VerificationResult result = 
-          validateSignature(serializedContent, EaafKeyStoreUtils.readCertsFromKeyStore(trustStore), algConstraints);
+      final VerificationResult result =
+          validateSignature(serializedContent, EaafKeyStoreUtils.readCertsFromKeyStore(trustStore.getFirst()), algConstraints);
 
       if (!result.isValidSigned()) {
         log.info("JWS signature invalide. Stopping authentication process ...");
@@ -259,9 +260,9 @@ public class JsonSecurityUtils implements IJoseTools {
       // set payload
       receiverJwe.setCompactSerialization(compactSerialization);
 
-      Pair<Key, X509Certificate[]> encryptionCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates(keyStore, 
-          getEncryptionKeyAlias(), getEncryptionKeyPassword(), true, FRIENDLYNAME_KEYSTORE);
-      
+      final Pair<Key, X509Certificate[]> encryptionCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+          keyStore.getFirst(), getEncryptionKeyAlias(), getEncryptionKeyPassword(), true, FRIENDLYNAME_KEYSTORE);
+
       // validate key from header against key from config
       final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue();
       final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue();
@@ -318,7 +319,7 @@ public class JsonSecurityUtils implements IJoseTools {
     } catch (final IOException e) {
       log.warn("Decrypted SL2.0 result can not be parsed.", e);
       throw new SlCommandoParserException("Decrypted SL2.0 result can not be parsed", e);
-      
+
     }
   }
 
@@ -326,28 +327,28 @@ public class JsonSecurityUtils implements IJoseTools {
   public X509Certificate getEncryptionCertificate() {
     Pair<Key, X509Certificate[]> encryptionCred;
     try {
-      encryptionCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates(keyStore, 
+      encryptionCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates(keyStore.getFirst(),
           getEncryptionKeyAlias(), getEncryptionKeyPassword(), false, FRIENDLYNAME_KEYSTORE);
       if (encryptionCred != null && encryptionCred.getSecond().length > 0) {
         return encryptionCred.getSecond()[0];
-        
+
       }
-      
-    } catch (EaafKeyAccessException e) {
+
+    } catch (final EaafKeyAccessException e) {
       log.trace("Exception is skipped because Encryption is not mandatory on this level", e);
-      
+
     }
-    
+
     return null;
-    
+
   }
 
   private KeyStoreConfiguration buildKeyStoreConfiguration() throws EaafConfigurationException {
-    KeyStoreConfiguration config = new KeyStoreConfiguration();
+    final KeyStoreConfiguration config = new KeyStoreConfiguration();
     config.setFriendlyName(FRIENDLYNAME_KEYSTORE);
-    
+
     config.setKeyStoreType(authConfig.getBasicConfiguration(
-        authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_TYPE), 
+        authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_TYPE),
         KeyStoreType.JKS.getKeyStoreType()));
     config.setKeyStoreName(
         authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_NAME));
@@ -355,20 +356,20 @@ public class JsonSecurityUtils implements IJoseTools {
         authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH));
     config.setSoftKeyStorePassword(
         authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD));
-    
+
     //validate configuration state
     config.validate();
-    
+
     return config;
-    
+
   }
-  
+
   private KeyStoreConfiguration buildTrustStoreConfiguration() throws EaafConfigurationException {
-    KeyStoreConfiguration config = new KeyStoreConfiguration();
+    final KeyStoreConfiguration config = new KeyStoreConfiguration();
     config.setFriendlyName(FRIENDLYNAME_TRUSTSTORE);
-    
+
     config.setKeyStoreType(authConfig.getBasicConfiguration(
-        authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_TRUSTSTORE_TYPE), 
+        authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_TRUSTSTORE_TYPE),
         KeyStoreType.JKS.getKeyStoreType()));
     config.setKeyStoreName(
         authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_TRUSTSTORE_NAME));
@@ -376,13 +377,13 @@ public class JsonSecurityUtils implements IJoseTools {
         authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_TRUSTSTORE_PATH));
     config.setSoftKeyStorePassword(
         authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_TRUSTSTORE_PASSWORD));
-    
+
     //validate configuration state
     config.validate();
-    
+
     return config;
   }
-  
+
 
   private String getSigningKeyAlias() {
     String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS);
@@ -394,7 +395,7 @@ public class JsonSecurityUtils implements IJoseTools {
   }
 
   private char[] getSigningKeyPassword() {
-    String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD);
+    final String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD);
     if (value != null) {
       return value.trim().toCharArray();
     }
@@ -412,7 +413,7 @@ public class JsonSecurityUtils implements IJoseTools {
   }
 
   private char[] getEncryptionKeyPassword() {
-    String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD);
+    final String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD);
     if (value != null) {
       return value.trim().toCharArray();
     }
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
index cd77228c..26a5c5f6 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java
@@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
 
 import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.Provider;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@@ -31,24 +32,25 @@ import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.PostConstruct;
 
-import org.apache.commons.lang3.StringUtils;
-import org.apache.xml.security.algorithms.JCEMapper;
-import org.opensaml.security.credential.UsageType;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.ResourceLoader;
-
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
-import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
 import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
 import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider;
 import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
 import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
 import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.opensaml.security.credential.UsageType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ResourceLoader;
+
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
@@ -64,7 +66,7 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
   @Autowired
   private EaafKeyStoreFactory keyStoreFactory;
 
-  private KeyStore keyStore = null;
+  private Pair<KeyStore, Provider> keyStore = null;
 
   /**
    * Get a friendlyName for this keyStore implementation This friendlyName is used
@@ -75,10 +77,10 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
   public final String getFriendlyName() {
     try {
       return getBasicKeyStoreConfig().getFriendlyName();
-      
-    } catch (EaafConfigurationException e) {
+
+    } catch (final EaafConfigurationException e) {
       return "No KeyStoreName";
-      
+
     }
 
   }
@@ -143,8 +145,9 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
   @Override
   public EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException {
     try {
-      final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
-          getMetadataKeyAlias(), getPassCharArrayOrNull(getMetadataKeyPassword()), getFriendlyName());
+      final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(
+          keyStore.getFirst(), getMetadataKeyAlias(),
+          getPassCharArrayOrNull(getMetadataKeyPassword()), getFriendlyName());
       credentials.setUsageType(UsageType.SIGNING);
       credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials));
       credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials));
@@ -167,8 +170,9 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
   @Override
   public EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException {
     try {
-      final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
-          getSignatureKeyAlias(), getPassCharArrayOrNull(getSignatureKeyPassword()), getFriendlyName());
+      final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(
+          keyStore.getFirst(), getSignatureKeyAlias(),
+          getPassCharArrayOrNull(getSignatureKeyPassword()), getFriendlyName());
       credentials.setUsageType(UsageType.SIGNING);
       credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials));
       credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials));
@@ -196,8 +200,9 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
     }
 
     try {
-      final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore,
-          getEncryptionKeyAlias(), getPassCharArrayOrNull(getEncryptionKeyPassword()), getFriendlyName());
+      final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(
+          keyStore.getFirst(), getEncryptionKeyAlias(),
+          getPassCharArrayOrNull(getEncryptionKeyPassword()), getFriendlyName());
       credentials.setUsageType(UsageType.ENCRYPTION);
       credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials));
       credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials));
@@ -226,12 +231,12 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
     final List<X509Certificate> result = new ArrayList<>();
 
     try {
-      final Enumeration<String> aliases = keyStore.aliases();
+      final Enumeration<String> aliases = keyStore.getFirst().aliases();
       while (aliases.hasMoreElements()) {
         final String el = aliases.nextElement();
         log.trace("Process TrustStoreEntry: " + el);
-        if (keyStore.isCertificateEntry(el)) {
-          final Certificate cert = keyStore.getCertificate(el);
+        if (keyStore.getFirst().isCertificateEntry(el)) {
+          final Certificate cert = keyStore.getFirst().getCertificate(el);
           if (cert != null && cert instanceof X509Certificate) {
             result.add((X509Certificate) cert);
 
@@ -257,10 +262,10 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
       final KeyStoreConfiguration keyStoreConfig = getBasicKeyStoreConfig();
       keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
 
-      if (JCEMapper.getProviderId() != null
-          && !JCEMapper.getProviderId().equals(keyStore.getProvider().getName())) {
+      if (JCEMapper.getProviderId() != null && keyStore.getSecond() != null
+          && !JCEMapper.getProviderId().equals(keyStore.getSecond().getName())) {
         log.error("OpenSAML3.x can ONLY use a single type of CryptoProvider in an application. "
-            + "Can NOT set: {}, because {} was already set", keyStore.getProvider().getName(),
+            + "Can NOT set: {}, because {} was already set", keyStore.getSecond().getName(),
             JCEMapper.getProviderId());
         throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_06,
             new Object[] { keyStoreConfig.getFriendlyName(),
@@ -271,12 +276,11 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi
       // Set JCEMapper only in case of HSM based KeyStores because Software KeyStores
       // can use
       // the default SecurityProvider system in OpenSAML3.x signing engine
-      if (!KeyStoreType.JKS.equals(keyStoreConfig.getKeyStoreType())
-          && !KeyStoreType.PKCS12.equals(keyStoreConfig.getKeyStoreType())
+      if (keyStore.getSecond() != null
           && JCEMapper.getProviderId() == null) {
         log.info("Register CryptoProvider: {} as defaut for OpenSAML3.x",
-            keyStore.getProvider().getName());
-        JCEMapper.setProviderId(keyStore.getProvider().getName());
+            keyStore.getSecond().getName());
+        JCEMapper.setProviderId(keyStore.getSecond().getName());
 
       }
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-17 17:54:04 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-17 17:54:04 +0100
commit	f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21 (patch)
tree	bd4f87cf6e131902e4f7637f4a36737e48748728 /eaaf_modules
parent	7848c74de2cdafed8bee69d1d5b8e5efa7535bc6 (diff)
download	EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.gz EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.tar.bz2 EAAF-Components-f62bafa252e6e0dfaaa9ba4acbc34b47ee627e21.zip