diff options
| -rw-r--r-- | eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java | 116 | 
1 files changed, 91 insertions, 25 deletions
| diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java index eafd8a04..5035460f 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java @@ -162,42 +162,108 @@ public class HttpUtils {        boolean trustAllServerCertificates, @Nonnull String friendlyName)        throws EaafConfigurationException, EaafFactoryException {      try { -      log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); -      final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() -          : keyPasswordString.toCharArray(); -        SSLContextBuilder sslContextBuilder = SSLContexts.custom(); -      if (keyStore.getSecond() != null) { -        Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond()); -        log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext", -            friendlyName, provider.getName()); -        sslContextBuilder.setProvider(provider); -         -      } -      if (StringUtils.isNotEmpty(keyAlias)) { -        sslContextBuilder = sslContextBuilder -            .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias)); - -      } else { -        sslContextBuilder = sslContextBuilder -            .loadKeyMaterial(keyStore.getFirst(), keyPassword); -      } - -      if (trustAllServerCertificates) { -        log.warn("Http-client:{} trusts ALL TLS server-certificates!"); -        final TrustStrategy trustStrategy = new TrustAllStrategy(); -        sslContextBuilder = sslContextBuilder.loadTrustMaterial(trustStrategy); +      injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName); +             +      injectTrustStore(sslContextBuilder, null, trustAllServerCertificates, friendlyName); +       +      return sslContextBuilder.build(); -      } +    } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException +        | KeyStoreException e) { +      throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e); +    } +  } +   +  /** +   * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client +   * authentication and a custom TrustStore as {@link KeyStore}. +   * +   * @param keyStore                   KeyStore with private keys that should be +   *                                   used +   * @param keyAlias                   Alias of the key that should be used. If +   *                                   the alias is null, than the first key that +   *                                   is found will be selected. +   * @param keyPasswordString          Password of the Key in this keystore +   * @param trustStore                 TrustStore with trusted SSL certificates +   * @param trustAllServerCertificates Deactivate SSL server-certificate +   *                                   validation +   * @param friendlyName               FriendlyName of the http client for logging +   *                                   purposes +   * @return {@link SSLContext} with X509 client authentication +   * @throws EaafConfigurationException In case of a configuration error +   * @throws EaafFactoryException       In case of a {@link SSLContext} +   *                                    initialization error +   */ +  public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final Pair<KeyStore, Provider> keyStore, +      @Nullable String keyAlias, @Nullable String keyPasswordString, +      @Nullable final Pair<KeyStore, Provider> trustStore, boolean trustAllServerCertificates,  +      @Nonnull String friendlyName) +      throws EaafConfigurationException, EaafFactoryException { +    try { +      SSLContextBuilder sslContextBuilder = SSLContexts.custom(); +       +      injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName); +             +      injectTrustStore(sslContextBuilder, trustStore, trustAllServerCertificates, friendlyName); +              return sslContextBuilder.build();      } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException          | KeyStoreException e) {        throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e); +    }     +  } +   +  private static void injectTrustStore(SSLContextBuilder sslContextBuilder, +      Pair<KeyStore, Provider> trustStore, boolean trustAllServerCertificates, String friendlyName)  +          throws NoSuchAlgorithmException, KeyStoreException { +     +    TrustStrategy trustStrategy = null; +    if (trustAllServerCertificates) { +      log.warn("Http-client:{} trusts ALL TLS server-certificates!", friendlyName); +      trustStrategy = new TrustAllStrategy(); +       +    } +             +    KeyStore trustStoreImpl = null; +    if (trustStore != null) { +      log.info("Http-client: {} uses custom TrustStore.", friendlyName); +      trustStoreImpl = trustStore.getFirst(); + +    }  +               +    sslContextBuilder.loadTrustMaterial(trustStoreImpl, trustStrategy); +         +  } + +  private static void injectKeyStore(SSLContextBuilder sslContextBuilder, Pair<KeyStore, Provider> keyStore, +      String keyAlias, String keyPasswordString, String friendlyName)  +          throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException { +    if (keyStore.getSecond() != null) { +      Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond()); +      log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext", +          friendlyName, provider.getName()); +      sslContextBuilder.setProvider(provider); +       +    } +     +    log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); +    final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() +        : keyPasswordString.toCharArray(); + +    if (StringUtils.isNotEmpty(keyAlias)) { +      sslContextBuilder = sslContextBuilder +          .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias)); + +    } else { +      sslContextBuilder = sslContextBuilder +          .loadKeyMaterial(keyStore.getFirst(), keyPassword);      } +        }  } | 
