diff options
Diffstat (limited to 'eaaf_core_utils/src/main')
| -rw-r--r-- | eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java | 89 | ||||
| -rw-r--r-- | eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties | 1 | 
2 files changed, 69 insertions, 21 deletions
| diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index e60c326c..4abf23e0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -2,8 +2,11 @@ package at.gv.egiz.eaaf.core.impl.credential;  import java.io.IOException;  import java.io.InputStream; +import java.lang.reflect.Constructor; +import java.lang.reflect.Method;  import java.security.Key;  import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter;  import java.security.KeyStoreException;  import java.security.NoSuchAlgorithmException;  import java.security.NoSuchProviderException; @@ -17,8 +20,11 @@ import javax.annotation.Nonnull;  import javax.annotation.Nullable;  import javax.annotation.PostConstruct; -import at.asitplus.hsmfacade.provider.HsmFacadeProvider; -import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +  import at.gv.egiz.eaaf.core.api.idp.IConfiguration;  import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;  import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -27,12 +33,6 @@ import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;  import at.gv.egiz.eaaf.core.impl.data.Pair;  import at.gv.egiz.eaaf.core.impl.utils.FileUtils;  import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; -  import lombok.extern.slf4j.Slf4j;  @Slf4j @@ -52,7 +52,11 @@ public class EaafKeyStoreFactory {    public static final String ERRORCODE_05 = "internal.keystore.05";    public static final String ERRORCODE_06 = "internal.keystore.06";    public static final String ERRORCODE_07 = "internal.keystore.07"; +  public static final String ERRORCODE_10 = "internal.keystore.10"; +  private static final String HSM_FACADE_PROVIDER_CLASS = "at.asitplus.hsmfacade.provider.HsmFacadeProvider"; +  private static final String HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS  +      = "at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter";    private static final String HSM_FACADE_PROVIDER = "HsmFacade";    private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore"; @@ -115,10 +119,10 @@ public class EaafKeyStoreFactory {    }    @PostConstruct -  private void initialize() throws EaafException { - +  private void initialize() throws EaafException {     +    Class<?> hsmProviderClazz = getHsmProviderClass();          final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST); -    if (StringUtils.isNotEmpty(hsmFacadeHost)) { +    if (hsmProviderClazz != null && StringUtils.isNotEmpty(hsmFacadeHost)) {        log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");        try {          final int port = Integer.parseUnsignedInt( @@ -127,14 +131,31 @@ public class EaafKeyStoreFactory {              getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);          final String clientPassword =              getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD); - -        final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); -        provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port); -        //Security.addProvider(provider); -        Security.insertProviderAt(provider, 0); -        isHsmFacadeInitialized = true; -        log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", -            EaafKeyStoreFactory.class.getSimpleName()); +                 +        //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade  +        //has not be in ClassPath on every project +        Method initMethod = hsmProviderClazz.getMethod("init",  +            X509Certificate.class, String.class, String.class, String.class, int.class);                +        Object rawProvider =  +            hsmProviderClazz.getMethod("getInstance", new Class[]{}).invoke(hsmProviderClazz);                 +        if (rawProvider instanceof Provider && initMethod != null) {                     +          initMethod.invoke( +              rawProvider, getHsmFacadeTrustSslCertificate(),  +              clientUsername, clientPassword, hsmFacadeHost, port); +          Security.insertProviderAt((Provider) rawProvider, 0); +          isHsmFacadeInitialized = true; +          log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", +              EaafKeyStoreFactory.class.getSimpleName()); +                              +        } else { +          log.warn("HSM-Facade class is type of 'java.security.Provider': {}", rawProvider instanceof Provider); +          log.warn("HSM-Facade class is supported 'init' method: {}", rawProvider instanceof Provider); +          throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}); +           +        } +                 +        //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); +        //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port);        } catch (final EaafException e) {          throw e; @@ -152,6 +173,17 @@ public class EaafKeyStoreFactory {    } +  private Class<?> getHsmProviderClass() { +    try { +      return Class.forName(HSM_FACADE_PROVIDER_CLASS); +             +    } catch (ClassNotFoundException e1) { +      log.debug("No HSM-Facade implemenation in ClassPath. HSM-Facade will not be available"); +      return null; +       +    } +  } +    @Nonnull    private Pair<KeyStore, Provider> getKeyStoreFromFileSystem(KeyStoreConfiguration config)        throws EaafConfigurationException, EaafFactoryException { @@ -198,11 +230,11 @@ public class EaafKeyStoreFactory {      try {        final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER); -      keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName)); +      keyStore.load(getHsmFacadeKeyStoreParameter(keyStoreName));        return Pair.newInstance(keyStore, keyStore.getProvider());      } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException -        | NoSuchProviderException e) { +        | NoSuchProviderException | EaafException e) {        log.error("Can not initialize KeyStore: {} with reason: {}",            config.getFriendlyName(), e.getMessage());        throw new EaafFactoryException(ERRORCODE_06, @@ -211,6 +243,21 @@ public class EaafKeyStoreFactory {      }    } +  private KeyStore.LoadStoreParameter getHsmFacadeKeyStoreParameter(String keyStoreName) throws EaafException { +    try { +      Class<?> clazz = Class.forName(HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS); +      Constructor<?> constructor = clazz.getConstructor(String.class);       +      Object keyStoreParams = constructor.newInstance(keyStoreName);       +      return (LoadStoreParameter) keyStoreParams; +             +    } catch (Exception e) { +      log.error("Can NOT build class: {} for HSM-Facade provider", HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS, e); +      throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}, e); +       +    } +         +  } +      private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException {      try {        final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST); diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties index b20c5f63..e0c86b03 100644 --- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties +++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties @@ -11,6 +11,7 @@ internal.keystore.06=KeyStore: {0} initialization failed. Reason: {1}  internal.keystore.07=Validation of KeyStore: {0} failed. Reason: {1}  internal.keystore.08=Can not access Key: {1} in KeyStore: {0}  internal.keystore.09=Can not access Key: {1} in KeyStore: {0} Reason: {2} +internal.keystore.10=HSM-Facade NOT INITIALIZED. Find HSM-Facade class: {0} put that looks WRONG.  internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set  internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set | 
