diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java')
| -rw-r--r-- | eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 5eda95cc..33873f43 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -57,7 +57,7 @@ public class JsonSecurityUtils implements IJOSETools{ private Key encPrivKey = null; private X509Certificate[] encCertChain = null; - private List<X509Certificate> trustedCerts = new ArrayList<X509Certificate>(); + private final List<X509Certificate> trustedCerts = new ArrayList<X509Certificate>(); private static JsonMapper mapper = new JsonMapper(); @@ -66,12 +66,12 @@ public class JsonSecurityUtils implements IJOSETools{ log.info("Initialize SL2.0 authentication security constrains ... "); try { if (getKeyStoreFilePath() != null) { - KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); //load signing key signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); - Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); + final Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); signCertChain = new X509Certificate[certChainSigning.length]; for (int i=0; i<certChainSigning.length; i++) { if (certChainSigning[i] instanceof X509Certificate) { @@ -85,7 +85,7 @@ public class JsonSecurityUtils implements IJOSETools{ try { encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); if (encPrivKey != null) { - Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); + final Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); encCertChain = new X509Certificate[certChainEncryption.length]; for (int i=0; i<certChainEncryption.length; i++) { if (certChainEncryption[i] instanceof X509Certificate) { @@ -96,18 +96,18 @@ public class JsonSecurityUtils implements IJOSETools{ } else log.info("No encryption key for SL2.0 found. End-to-End encryption is not used."); - } catch (Exception e) { + } catch (final Exception e) { log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e); } //load trusted certificates - Enumeration<String> aliases = keyStore.aliases(); + final Enumeration<String> aliases = keyStore.aliases(); while(aliases.hasMoreElements()) { - String el = aliases.nextElement(); + final String el = aliases.nextElement(); log.trace("Process TrustStoreEntry: " + el); if (keyStore.isCertificateEntry(el)) { - Certificate cert = keyStore.getCertificate(el); + final Certificate cert = keyStore.getCertificate(el); if (cert != null && cert instanceof X509Certificate) trustedCerts.add((X509Certificate) cert); else @@ -134,7 +134,7 @@ public class JsonSecurityUtils implements IJOSETools{ } else log.info("NO SL2.0 authentication security configuration. Initialization was skipped"); - } catch ( Exception e) { + } catch ( final Exception e) { log.error("SL2.0 security constrains initialization FAILED.", e); } @@ -145,7 +145,7 @@ public class JsonSecurityUtils implements IJOSETools{ @Override public String createSignature(String payLoad) throws SLCommandoBuildException { try { - JsonWebSignature jws = new JsonWebSignature(); + final JsonWebSignature jws = new JsonWebSignature(); //set payload jws.setPayload(payLoad); @@ -163,7 +163,7 @@ public class JsonSecurityUtils implements IJOSETools{ return jws.getCompactSerialization(); - } catch (JoseException e) { + } catch (final JoseException e) { log.warn("Can NOT sign SL2.0 command.", e); throw new SLCommandoBuildException("Can NOT sign SL2.0 command.", e); @@ -174,7 +174,7 @@ public class JsonSecurityUtils implements IJOSETools{ @Override public VerificationResult validateSignature(String serializedContent) throws SL20Exception { try { - JsonWebSignature jws = new JsonWebSignature(); + final JsonWebSignature jws = new JsonWebSignature(); //set payload jws.setCompactSerialization(serializedContent); @@ -184,12 +184,12 @@ public class JsonSecurityUtils implements IJOSETools{ //load signinc certs Key selectedKey = null; - List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue(); - String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); + final List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue(); + final String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); if (x5cCerts != null) { log.debug("Found x509 certificate in JOSE header ... "); log.trace("Sorting received X509 certificates ... "); - List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); if (trustedCerts.contains(sortedX5cCerts.get(0))) { selectedKey = sortedX5cCerts.get(0).getPublicKey(); @@ -199,7 +199,7 @@ public class JsonSecurityUtils implements IJOSETools{ log.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); try { log.debug("Cert: " + Base64Utils.encodeToString(sortedX5cCerts.get(0).getEncoded())); - } catch (CertificateEncodingException e) { + } catch (final CertificateEncodingException e) { e.printStackTrace(); } @@ -207,7 +207,7 @@ public class JsonSecurityUtils implements IJOSETools{ } else if (StringUtils.isNotEmpty(x5t256)) { log.debug("Found x5t256 fingerprint in JOSE header .... "); - X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); + final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); } else { @@ -226,7 +226,7 @@ public class JsonSecurityUtils implements IJOSETools{ jws.setKey(selectedKey); //validate signature - boolean valid = jws.verifySignature(); + final boolean valid = jws.verifySignature(); if (!valid) { log.info("JWS signature invalide. Stopping authentication process ..."); log.debug("Received JWS msg: " + serializedContent); @@ -237,7 +237,7 @@ public class JsonSecurityUtils implements IJOSETools{ //load payLoad log.debug("SL2.0 commando signature validation sucessfull"); - JsonNode sl20Req = mapper.getMapper().readTree(jws.getPayload()); + final JsonNode sl20Req = mapper.getMapper().readTree(jws.getPayload()); return new VerificationResult(sl20Req, null, valid) ; @@ -245,7 +245,7 @@ public class JsonSecurityUtils implements IJOSETools{ log.warn("SL2.0 commando signature validation FAILED", e); throw new SL20SecurityException(new Object[]{e.getMessage()}, e); - } catch (IOException e) { + } catch (final IOException e) { log.warn("Decrypted SL2.0 result can not be parsed.", e); throw new SLCommandoParserException("Decrypted SL2.0 result can not be parsed", e); @@ -257,7 +257,7 @@ public class JsonSecurityUtils implements IJOSETools{ @Override public JsonNode decryptPayload(String compactSerialization) throws SL20Exception { try { - JsonWebEncryption receiverJwe = new JsonWebEncryption(); + final JsonWebEncryption receiverJwe = new JsonWebEncryption(); //set security constrains receiverJwe.setAlgorithmConstraints( @@ -272,12 +272,12 @@ public class JsonSecurityUtils implements IJOSETools{ //validate key from header against key from config - List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); - String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); + final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); + final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); if (x5cCerts != null) { log.debug("Found x509 certificate in JOSE header ... "); log.trace("Sorting received X509 certificates ... "); - List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { log.info("Certificate from JOSE header does NOT match encryption certificate"); @@ -285,7 +285,7 @@ public class JsonSecurityUtils implements IJOSETools{ try { log.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); - } catch (CertificateEncodingException e) { + } catch (final CertificateEncodingException e) { e.printStackTrace(); } throw new SL20Exception("sl20.05", new Object[]{"Certificate from JOSE header does NOT match encryption certificate"}); @@ -293,7 +293,7 @@ public class JsonSecurityUtils implements IJOSETools{ } else if (StringUtils.isNotEmpty(x5t256)) { log.debug("Found x5t256 fingerprint in JOSE header .... "); - String certFingerPrint = X509Util.x5tS256(encCertChain[0]); + final String certFingerPrint = X509Util.x5tS256(encCertChain[0]); if (!certFingerPrint.equals(x5t256)) { log.info("X5t256 from JOSE header does NOT match encryption certificate"); log.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); @@ -314,15 +314,15 @@ public class JsonSecurityUtils implements IJOSETools{ //decrypt payload return mapper.getMapper().readTree(receiverJwe.getPlaintextString()); - } catch (JoseException e) { + } catch (final JoseException e) { log.warn("SL2.0 result decryption FAILED", e); throw new SL20SecurityException(new Object[]{e.getMessage()}, e); - } catch ( JsonParseException e) { + } catch ( final JsonParseException e) { log.warn("Decrypted SL2.0 result is NOT a valid JSON.", e); throw new SLCommandoParserException("Decrypted SL2.0 result is NOT a valid JSON.", e); - } catch (IOException e) { + } catch (final IOException e) { log.warn("Decrypted SL2.0 result can not be parsed.", e); throw new SLCommandoParserException("Decrypted SL2.0 result can not be parsed", e); } |