1 files changed, 100 insertions, 60 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index af184050..f13013f5 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -1,6 +1,7 @@
 package at.gv.egiz.eaaf.core.impl.credential;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -11,8 +12,14 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.annotation.PostConstruct;
 
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
 import at.asitplus.hsmfacade.provider.HsmFacadeProvider;
 import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
@@ -22,12 +29,6 @@ import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
 import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
@@ -48,42 +49,62 @@ public class EaafKeyStoreFactory {
   public static final String ERRORCODE_05 = "internal.keystore.05";
   public static final String ERRORCODE_06 = "internal.keystore.06";
 
-  @Autowired private IConfiguration basicConfig;
-  @Autowired private ResourceLoader resourceLoader;
-
-  private boolean isHsmFacadeInitialized = false;
+  private static final String HSM_FACADE_PROVIDER = "HsmFacade";
+  private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore";
 
+  @Autowired
+  private IConfiguration basicConfig;
+  @Autowired
+  private ResourceLoader resourceLoader;
 
+  private boolean isHsmFacadeInitialized = false;
 
+  /**
+   * Get a new KeyStore based on a KeyStore configuration-object.
+   *
+   * @param config KeyStore configuration
+   * @return new KeyStore instance
+   * @throws EaafException In case of a KeyStore initialization error
+   */
   public KeyStore buildNewKeyStore(KeyStoreConfiguration config) throws EaafException {
     log.trace("Starting KeyStore generation based on configuration object ... ");
-    if (KeyStoreType.SOFTWARE.equals(config.getKeyStoreType())) {
+    if (KeyStoreType.PKCS12.equals(config.getKeyStoreType())
+        || KeyStoreType.JKS.equals(config.getKeyStoreType())) {
       return getKeyStoreFromFileSystem(config);
 
     } else if (KeyStoreType.HSMFACADE.equals(config.getKeyStoreType())) {
       if (isHsmFacadeInitialized) {
-       getKeyStoreFromHsmFacade(config);
+        return getKeyStoreFromHsmFacade(config);
 
       } else {
         log.error("HSMFacade can NOT be used for KeyStore: {} because {} is not initialized",
             config.getFriendlyName());
         throw new EaafConfigurationException(ERRORCODE_00,
-            new Object[]{config.getFriendlyName()});
+            new Object[] { config.getFriendlyName() });
 
       }
 
     } else if (KeyStoreType.PKCS11.equals(config.getKeyStoreType())) {
       log.warn("KeyStoreType: {} is NOT supported", config.getKeyStoreType());
       throw new EaafConfigurationException(ERRORCODE_02,
-          new Object[]{config.getFriendlyName(), config.getKeyStoreType()});
+          new Object[] { config.getFriendlyName(), config.getKeyStoreType() });
 
     } else {
       log.warn("KeyStoreType: {} is unrecognized", config.getKeyStoreType());
       throw new EaafConfigurationException(ERRORCODE_01,
-          new Object[]{config.getFriendlyName()});
+          new Object[] { config.getFriendlyName() });
 
     }
-    return null;
+  }
+
+  /**
+   * Get the initialization state of the HSM Facade module.
+   *
+   * @return true if HSM Facade is available, otherwise false
+   */
+  public boolean isHsmFacadeInitialized() {
+    return isHsmFacadeInitialized;
+
   }
 
   @PostConstruct
@@ -93,7 +114,7 @@ public class EaafKeyStoreFactory {
     if (StringUtils.isNotEmpty(hsmFacadeHost)) {
       log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");
       try {
-        final int port = Integer.valueOf(
+        final int port = Integer.parseUnsignedInt(
             getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT));
         final String clientUsername =
             getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);
@@ -103,7 +124,8 @@ public class EaafKeyStoreFactory {
             getConfigurationParameter(CONFIG_PROP_HSM_FACADE_HSM_NAME);
 
         final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
-        provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port, hsmName);
+        provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port,
+            hsmName);
         Security.addProvider(provider);
         isHsmFacadeInitialized = true;
         log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
@@ -114,81 +136,91 @@ public class EaafKeyStoreFactory {
 
       } catch (final Exception e) {
         log.error("HSM Facade initialization FAILED with an generic error.", e);
-        throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e);
+        throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
       }
 
     } else {
-        log.info("HSM Facade is not configurated. {} can only provide software keystores",
-            EaafKeyStoreFactory.class.getSimpleName());
+      log.info("HSM Facade is not configurated. {} can only provide software keystores",
+          EaafKeyStoreFactory.class.getSimpleName());
 
     }
 
   }
 
-  private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException {
+  private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException,
+      EaafFactoryException {
     try {
-      final String keyStorePath = config.getKeyStoreFilePath();
-      final String keyStorePassword = config.getKeyStorePassword();
+      final String keyStorePath = checkConfigurationParameter(config.getSoftKeyStoreFilePath(),
+          ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing filepath to KeyStore");
 
-      //TODO: check config
+      final String keyStorePassword = checkConfigurationParameter(config.getSoftKeyStorePassword(),
+          ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing Password for KeyStore");
 
-      final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory());
+      final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig
+          .getConfigurationRootDirectory());
       final Resource ressource = resourceLoader.getResource(absKeyStorePath);
       if (!ressource.exists()) {
         throw new EaafConfigurationException(ERRORCODE_05,
-            new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST,
-                "File not found at: " + absKeyStorePath});
+            new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST,
+                "File not found at: " + absKeyStorePath });
 
       }
 
-      return KeyStoreUtils.loadKeyStore(ressource.getInputStream(), keyStorePassword);
+      final InputStream is = ressource.getInputStream();
+      final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword);
+      is.close();
+      if (keyStore == null) {
+        throw new EaafFactoryException(ERRORCODE_06,
+            new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" });
+
+      }
+
+      return keyStore;
 
     } catch (KeyStoreException | IOException e) {
       log.error("Software KeyStore initialization FAILED with an generic error.", e);
-      throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e);
+      throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
 
     }
   }
 
-  private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config) throws EaafFactoryException, EaafConfigurationException {
-    final String keyStoreName = config.getKeyStoreName();
-    if (StringUtils.isEmpty(keyStoreName)) {
-      throw new EaafConfigurationException(ERRORCODE_06,
-          new Object[] {config.getFriendlyName(), "No KeyStore name"});
-
-    }
+  private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config)
+      throws EaafFactoryException, EaafConfigurationException {
+    final String keyStoreName = checkConfigurationParameter(config.getKeyStoreName(),
+        ERRORCODE_06, config.getFriendlyName(), "KeyStoreName missing for HSM Facade");
 
     try {
-      final KeyStore keyStore = KeyStore.getInstance("RemoteKeyStore", "HsmFacade");
+      final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER);
       keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName));
       return keyStore;
 
-      } catch (NoSuchAlgorithmException | CertificateException | IOException |
-          KeyStoreException | NoSuchProviderException e) {
-        log.error("Can not initialize KeyStore: {} with reason: {}",
-            config.getFriendlyName(), e.getMessage());
-        throw new EaafFactoryException(ERRORCODE_06,
-            new Object[] {config.getFriendlyName(), e.getMessage()}, e);
+    } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException
+        | NoSuchProviderException e) {
+      log.error("Can not initialize KeyStore: {} with reason: {}",
+          config.getFriendlyName(), e.getMessage());
+      throw new EaafFactoryException(ERRORCODE_06,
+          new Object[] { config.getFriendlyName(), e.getMessage() }, e);
 
-      }
+    }
   }
 
   private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException {
     try {
       final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST);
 
-    final String absolutCertFilePath = FileUtils.makeAbsoluteUrl(
-        certFilePath, basicConfig.getConfigurationRootDirectory());
-    final Resource certFile = resourceLoader.getResource(absolutCertFilePath);
+      final String absolutCertFilePath = FileUtils.makeAbsoluteUrl(
+          certFilePath, basicConfig.getConfigurationRootDirectory());
+      final Resource certFile = resourceLoader.getResource(absolutCertFilePath);
 
-    if (!certFile.exists()) {
-      throw new EaafConfigurationException(ERRORCODE_05,
-          new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST,
-              "File not found at: " + absolutCertFilePath });
+      if (!certFile.exists()) {
+        throw new EaafConfigurationException(ERRORCODE_05,
+            new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST,
+                "File not found at: " + absolutCertFilePath });
 
-    }
+      }
 
-    return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile.getInputStream());
+      return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile
+          .getInputStream());
 
     } catch (final EaafConfigurationException e) {
       throw e;
@@ -196,21 +228,29 @@ public class EaafKeyStoreFactory {
     } catch (CertificateException | IOException e) {
       log.error("Can not load trusted server-certificate for HSM-Facade. Reason: {}", e.getMessage());
       throw new EaafConfigurationException(ERRORCODE_05,
-          new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST, e.getMessage()}, e);
+          new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, e.getMessage() }, e);
 
     }
   }
 
   @Nonnull
   private String getConfigurationParameter(@Nonnull String configParamKey)
-      throws EaafConfigurationException{
-    final String configValue = basicConfig.getBasicConfiguration(configParamKey);
-    if (StringUtils.isEmpty(configValue)) {
-      throw new EaafConfigurationException(ERRORCODE_04, new Object[] {configParamKey});
+      throws EaafConfigurationException {
+    return checkConfigurationParameter(
+        basicConfig.getBasicConfiguration(configParamKey), ERRORCODE_04, configParamKey);
+
+  }
+
+  @Nonnull
+  private String checkConfigurationParameter(@Nullable String configParam, @Nonnull String errorCode,
+      @Nonnull String... errorParams)
+      throws EaafConfigurationException {
+    if (StringUtils.isEmpty(configParam)) {
+      throw new EaafConfigurationException(errorCode, new Object[] { errorParams });
 
     }
+    return configParam;
 
-    return configValue;
   }
 
 }