summaryrefslogtreecommitdiff
path: root/eaaf_core_utils/src
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_core_utils/src')
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java132
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java24
2 files changed, 101 insertions, 55 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 711a3517..504afc9f 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -172,69 +172,93 @@ public class EaafKeyStoreFactory {
@PostConstruct
private void initialize() throws EaafException {
- Class<?> hsmProviderClazz = getHsmProviderClass();
- final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST);
- if (hsmProviderClazz != null && StringUtils.isNotEmpty(hsmFacadeHost)) {
- log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");
- try {
- final int port = Integer.parseUnsignedInt(
- getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT));
- final String clientUsername =
- getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);
- final String clientPassword =
- getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD);
-
- //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade
- //has not be in ClassPath on every project
+ Class<?> hsmProviderClazz = getHsmProviderClass();
+ if (hsmProviderClazz != null) {
+ final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST);
+ Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER);
+ if (alreadyLoadedProvider != null
+ && alreadyLoadedProvider.getClass().isAssignableFrom(hsmProviderClazz)) {
+ //TODO: check isInitialized() flag, if the parameter is available in next version
- Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{});
- Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT,
- X509Certificate.class, String.class, String.class, String.class, int.class);
- if (initMethod != null && constructor != null) {
- Object rawProvider = constructor.invoke(hsmProviderClazz);
- initMethod.invoke(
- rawProvider, getHsmFacadeTrustSslCertificate(),
- clientUsername, clientPassword, hsmFacadeHost, port);
+
+ log.info("Find already initialized Java SecurityProvider: {}", alreadyLoadedProvider.getName());
+ log.info("HSM Facade is already initialized. {} can provide KeyStores based on remote HSM",
+ EaafKeyStoreFactory.class.getSimpleName());
+ isHsmFacadeInitialized = true;
+
+ } else if (StringUtils.isNotEmpty(hsmFacadeHost)) {
+ log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");
+ initializeHsmFacadeSecurityProvider(hsmProviderClazz, hsmFacadeHost);
+
+ } else {
+ log.info("HSM Facade is on ClassPath but not configurated. {} can only provide software keystores",
+ EaafKeyStoreFactory.class.getSimpleName());
+
+ }
+
+ } else {
+ log.info("HSM Facade is not on ClassPath. {} can only provide software keystores",
+ EaafKeyStoreFactory.class.getSimpleName());
+
+ }
+
+ }
+
+ private void initializeHsmFacadeSecurityProvider(Class<?> hsmProviderClazz, String hsmFacadeHost)
+ throws EaafException {
+ try {
+ final int port = Integer.parseUnsignedInt(
+ getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT));
+ final String clientUsername =
+ getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);
+ final String clientPassword =
+ getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD);
+
+ //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade
+ //has not be in ClassPath on every project
+ Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{});
+ Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT,
+ X509Certificate.class, String.class, String.class, String.class, int.class);
+ if (initMethod != null && constructor != null) {
+ Object rawProvider = constructor.invoke(hsmProviderClazz);
+ initMethod.invoke(
+ rawProvider, getHsmFacadeTrustSslCertificate(),
+ clientUsername, clientPassword, hsmFacadeHost, port);
+
+ if (rawProvider instanceof Provider) {
+ Security.insertProviderAt((Provider) rawProvider, 0);
+ isHsmFacadeInitialized = true;
+ log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
+ EaafKeyStoreFactory.class.getSimpleName());
- if (rawProvider instanceof Provider) {
- Security.insertProviderAt((Provider) rawProvider, 0);
- isHsmFacadeInitialized = true;
- log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
- EaafKeyStoreFactory.class.getSimpleName());
-
- } else {
- log.warn("Is HSM-Facade class type of 'java.security.Provider': {}",
- rawProvider instanceof Provider);
- throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS});
-
- }
-
- } else {
- log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG,
- HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, constructor != null);
- log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG,
- HSM_FACADE_PROVIDER_METHOD_INIT, initMethod != null);
+ } else {
+ log.warn("Is HSM-Facade class type of 'java.security.Provider': {}",
+ rawProvider instanceof Provider);
throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS});
}
-
- //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
- //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port);
-
- } catch (final EaafException e) {
- throw e;
-
- } catch (final Exception e) {
- log.error("HSM Facade initialization FAILED with an generic error.", e);
- throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
+
+ } else {
+ log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG,
+ HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, constructor != null);
+ log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG,
+ HSM_FACADE_PROVIDER_METHOD_INIT, initMethod != null);
+ throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS});
+
}
+
+ //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
+ //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port);
- } else {
- log.info("HSM Facade is not configurated. {} can only provide software keystores",
- EaafKeyStoreFactory.class.getSimpleName());
+ } catch (final EaafException e) {
+ throw e;
+ } catch (final Exception e) {
+ log.error("HSM Facade initialization FAILED with an generic error.", e);
+ throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
+
}
-
+
}
private Class<?> getHsmProviderClass() {
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index fc945fdd..6a24f6b4 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -4,6 +4,7 @@ import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Provider;
+import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.List;
@@ -27,6 +28,7 @@ import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
+import at.asitplus.hsmfacade.provider.HsmFacadeProvider;
import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
@@ -73,7 +75,8 @@ public class EaafKeyStoreFactoryTest {
@Before
public void testSetup() {
mapConfig.clearAllConfig();
-
+ Security.removeProvider(HsmFacadeProvider.getInstance().getName());
+
}
@Test
@@ -434,6 +437,14 @@ public class EaafKeyStoreFactoryTest {
Assert.assertNull("Provider is not null", key.getSecond());
}
+
+ @Test
+ @DirtiesContext
+ public void hsmFacadeNoHostConfig() {
+ context.getBean(EaafKeyStoreFactory.class);
+
+ }
+
@Test
@DirtiesContext
@@ -600,6 +611,17 @@ public class EaafKeyStoreFactoryTest {
@Test
@DirtiesContext
+ public void hsmFacadeAlreadLoaded() {
+ HsmFacadeProvider provider = HsmFacadeProvider.getInstance();
+ Security.addProvider(provider);
+
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ }
+
+ @Test
+ @DirtiesContext
public void hsmFacadeKeyStoreNoKeyStoreName() {
configureHsmFacade();