1 files changed, 68 insertions, 21 deletions

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index e60c326c..4abf23e0 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -2,8 +2,11 @@ package at.gv.egiz.eaaf.core.impl.credential;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Method;
 import java.security.Key;
 import java.security.KeyStore;
+import java.security.KeyStore.LoadStoreParameter;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
@@ -17,8 +20,11 @@ import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.annotation.PostConstruct;
 
-import at.asitplus.hsmfacade.provider.HsmFacadeProvider;
-import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -27,12 +33,6 @@ import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
@@ -52,7 +52,11 @@ public class EaafKeyStoreFactory {
   public static final String ERRORCODE_05 = "internal.keystore.05";
   public static final String ERRORCODE_06 = "internal.keystore.06";
   public static final String ERRORCODE_07 = "internal.keystore.07";
+  public static final String ERRORCODE_10 = "internal.keystore.10";
 
+  private static final String HSM_FACADE_PROVIDER_CLASS = "at.asitplus.hsmfacade.provider.HsmFacadeProvider";
+  private static final String HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS 
+      = "at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter";
   private static final String HSM_FACADE_PROVIDER = "HsmFacade";
   private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore";
 
@@ -115,10 +119,10 @@ public class EaafKeyStoreFactory {
   }
 
   @PostConstruct
-  private void initialize() throws EaafException {
-
+  private void initialize() throws EaafException {    
+    Class<?> hsmProviderClazz = getHsmProviderClass();    
     final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST);
-    if (StringUtils.isNotEmpty(hsmFacadeHost)) {
+    if (hsmProviderClazz != null && StringUtils.isNotEmpty(hsmFacadeHost)) {
       log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");
       try {
         final int port = Integer.parseUnsignedInt(
@@ -127,14 +131,31 @@ public class EaafKeyStoreFactory {
             getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);
         final String clientPassword =
             getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD);
-
-        final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
-        provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port);
-        //Security.addProvider(provider);
-        Security.insertProviderAt(provider, 0);
-        isHsmFacadeInitialized = true;
-        log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
-            EaafKeyStoreFactory.class.getSimpleName());
+                
+        //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade 
+        //has not be in ClassPath on every project
+        Method initMethod = hsmProviderClazz.getMethod("init", 
+            X509Certificate.class, String.class, String.class, String.class, int.class);               
+        Object rawProvider = 
+            hsmProviderClazz.getMethod("getInstance", new Class[]{}).invoke(hsmProviderClazz);                
+        if (rawProvider instanceof Provider && initMethod != null) {                    
+          initMethod.invoke(
+              rawProvider, getHsmFacadeTrustSslCertificate(), 
+              clientUsername, clientPassword, hsmFacadeHost, port);
+          Security.insertProviderAt((Provider) rawProvider, 0);
+          isHsmFacadeInitialized = true;
+          log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
+              EaafKeyStoreFactory.class.getSimpleName());
+                             
+        } else {
+          log.warn("HSM-Facade class is type of 'java.security.Provider': {}", rawProvider instanceof Provider);
+          log.warn("HSM-Facade class is supported 'init' method: {}", rawProvider instanceof Provider);
+          throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS});
+          
+        }
+                
+        //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
+        //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port);
 
       } catch (final EaafException e) {
         throw e;
@@ -152,6 +173,17 @@ public class EaafKeyStoreFactory {
 
   }
 
+  private Class<?> getHsmProviderClass() {
+    try {
+      return Class.forName(HSM_FACADE_PROVIDER_CLASS);
+            
+    } catch (ClassNotFoundException e1) {
+      log.debug("No HSM-Facade implemenation in ClassPath. HSM-Facade will not be available");
+      return null;
+      
+    }
+  }
+
   @Nonnull
   private Pair<KeyStore, Provider> getKeyStoreFromFileSystem(KeyStoreConfiguration config)
       throws EaafConfigurationException, EaafFactoryException {
@@ -198,11 +230,11 @@ public class EaafKeyStoreFactory {
 
     try {
       final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER);
-      keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName));
+      keyStore.load(getHsmFacadeKeyStoreParameter(keyStoreName));
       return Pair.newInstance(keyStore, keyStore.getProvider());
 
     } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException
-        | NoSuchProviderException e) {
+        | NoSuchProviderException | EaafException e) {
       log.error("Can not initialize KeyStore: {} with reason: {}",
           config.getFriendlyName(), e.getMessage());
       throw new EaafFactoryException(ERRORCODE_06,
@@ -211,6 +243,21 @@ public class EaafKeyStoreFactory {
     }
   }
 
+  private KeyStore.LoadStoreParameter getHsmFacadeKeyStoreParameter(String keyStoreName) throws EaafException {
+    try {
+      Class<?> clazz = Class.forName(HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS);
+      Constructor<?> constructor = clazz.getConstructor(String.class);      
+      Object keyStoreParams = constructor.newInstance(keyStoreName);      
+      return (LoadStoreParameter) keyStoreParams;
+            
+    } catch (Exception e) {
+      log.error("Can NOT build class: {} for HSM-Facade provider", HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS, e);
+      throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}, e);
+      
+    }
+        
+  }
+  
   private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException {
     try {
       final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST);