diff options
Diffstat (limited to 'eaaf_core_utils/src/main')
-rw-r--r-- | eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java | 89 | ||||
-rw-r--r-- | eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties | 1 |
2 files changed, 69 insertions, 21 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index e60c326c..4abf23e0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -2,8 +2,11 @@ package at.gv.egiz.eaaf.core.impl.credential; import java.io.IOException; import java.io.InputStream; +import java.lang.reflect.Constructor; +import java.lang.reflect.Method; import java.security.Key; import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; @@ -17,8 +20,11 @@ import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.annotation.PostConstruct; -import at.asitplus.hsmfacade.provider.HsmFacadeProvider; -import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -27,12 +33,6 @@ import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; - import lombok.extern.slf4j.Slf4j; @Slf4j @@ -52,7 +52,11 @@ public class EaafKeyStoreFactory { public static final String ERRORCODE_05 = "internal.keystore.05"; public static final String ERRORCODE_06 = "internal.keystore.06"; public static final String ERRORCODE_07 = "internal.keystore.07"; + public static final String ERRORCODE_10 = "internal.keystore.10"; + private static final String HSM_FACADE_PROVIDER_CLASS = "at.asitplus.hsmfacade.provider.HsmFacadeProvider"; + private static final String HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS + = "at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter"; private static final String HSM_FACADE_PROVIDER = "HsmFacade"; private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore"; @@ -115,10 +119,10 @@ public class EaafKeyStoreFactory { } @PostConstruct - private void initialize() throws EaafException { - + private void initialize() throws EaafException { + Class<?> hsmProviderClazz = getHsmProviderClass(); final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST); - if (StringUtils.isNotEmpty(hsmFacadeHost)) { + if (hsmProviderClazz != null && StringUtils.isNotEmpty(hsmFacadeHost)) { log.debug("Find host for HSMFacade. Starting crypto provider initialization ... "); try { final int port = Integer.parseUnsignedInt( @@ -127,14 +131,31 @@ public class EaafKeyStoreFactory { getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME); final String clientPassword = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD); - - final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); - provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port); - //Security.addProvider(provider); - Security.insertProviderAt(provider, 0); - isHsmFacadeInitialized = true; - log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", - EaafKeyStoreFactory.class.getSimpleName()); + + //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade + //has not be in ClassPath on every project + Method initMethod = hsmProviderClazz.getMethod("init", + X509Certificate.class, String.class, String.class, String.class, int.class); + Object rawProvider = + hsmProviderClazz.getMethod("getInstance", new Class[]{}).invoke(hsmProviderClazz); + if (rawProvider instanceof Provider && initMethod != null) { + initMethod.invoke( + rawProvider, getHsmFacadeTrustSslCertificate(), + clientUsername, clientPassword, hsmFacadeHost, port); + Security.insertProviderAt((Provider) rawProvider, 0); + isHsmFacadeInitialized = true; + log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", + EaafKeyStoreFactory.class.getSimpleName()); + + } else { + log.warn("HSM-Facade class is type of 'java.security.Provider': {}", rawProvider instanceof Provider); + log.warn("HSM-Facade class is supported 'init' method: {}", rawProvider instanceof Provider); + throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}); + + } + + //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); + //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port); } catch (final EaafException e) { throw e; @@ -152,6 +173,17 @@ public class EaafKeyStoreFactory { } + private Class<?> getHsmProviderClass() { + try { + return Class.forName(HSM_FACADE_PROVIDER_CLASS); + + } catch (ClassNotFoundException e1) { + log.debug("No HSM-Facade implemenation in ClassPath. HSM-Facade will not be available"); + return null; + + } + } + @Nonnull private Pair<KeyStore, Provider> getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException, EaafFactoryException { @@ -198,11 +230,11 @@ public class EaafKeyStoreFactory { try { final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER); - keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName)); + keyStore.load(getHsmFacadeKeyStoreParameter(keyStoreName)); return Pair.newInstance(keyStore, keyStore.getProvider()); } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException - | NoSuchProviderException e) { + | NoSuchProviderException | EaafException e) { log.error("Can not initialize KeyStore: {} with reason: {}", config.getFriendlyName(), e.getMessage()); throw new EaafFactoryException(ERRORCODE_06, @@ -211,6 +243,21 @@ public class EaafKeyStoreFactory { } } + private KeyStore.LoadStoreParameter getHsmFacadeKeyStoreParameter(String keyStoreName) throws EaafException { + try { + Class<?> clazz = Class.forName(HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS); + Constructor<?> constructor = clazz.getConstructor(String.class); + Object keyStoreParams = constructor.newInstance(keyStoreName); + return (LoadStoreParameter) keyStoreParams; + + } catch (Exception e) { + log.error("Can NOT build class: {} for HSM-Facade provider", HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS, e); + throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}, e); + + } + + } + private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException { try { final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST); diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties index b20c5f63..e0c86b03 100644 --- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties +++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties @@ -11,6 +11,7 @@ internal.keystore.06=KeyStore: {0} initialization failed. Reason: {1} internal.keystore.07=Validation of KeyStore: {0} failed. Reason: {1} internal.keystore.08=Can not access Key: {1} in KeyStore: {0} internal.keystore.09=Can not access Key: {1} in KeyStore: {0} Reason: {2} +internal.keystore.10=HSM-Facade NOT INITIALIZED. Find HSM-Facade class: {0} put that looks WRONG. internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set |