From 103338c59196060b64402048b3073cb8132f3dca Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 3 Jul 2020 10:45:45 +0200 Subject: updaste KeyStoreFactory and KeyStoreUtils to fix incompatibility with Shibboleth IDP implementation --- .../core/impl/credential/EaafKeyStoreFactory.java | 37 ++++++++++++++------- .../impl/credential/KeyStoreConfiguration.java | 9 +++-- .../egiz/eaaf/core/impl/utils/KeyStoreUtils.java | 38 ++++++++++++++++++++-- 3 files changed, 68 insertions(+), 16 deletions(-) diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index 8cbf1375..743a7318 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -300,28 +300,41 @@ public class EaafKeyStoreFactory { final String keyStorePassword = checkConfigurationParameter(config.getSoftKeyStorePassword(), ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing Password for KeyStore"); - final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig - .getConfigurationRootDirectory()); - final Resource ressource = resourceLoader.getResource(absKeyStorePath); + Resource ressource; + if (config.isSkipMakeAbsolutPaths()) { + log.debug("Use filepath from config: {}", keyStorePath); + ressource = resourceLoader.getResource(keyStorePath); + + } else { + final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig + .getConfigurationRootDirectory()); + log.debug("Use filepath from config: {}", absKeyStorePath); + + ressource = resourceLoader.getResource(absKeyStorePath); + + } + if (!ressource.exists()) { throw new EaafConfigurationException(ERRORCODE_05, new Object[] { config.getFriendlyName(), - "File not found at: " + absKeyStorePath }); + "RessourceLoader does NOT find File at: " + ressource.getURI() }); } final InputStream is = ressource.getInputStream(); - final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword); + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword, config.getKeyStoreType()); is.close(); - if (keyStore == null) { - throw new EaafFactoryException(ERRORCODE_06, - new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" }); - - } return Pair.newInstance(keyStore, null); - - } catch (KeyStoreException | IOException e) { + + } catch (EaafException e) { + throw e; + + } catch (IOException e) { + throw new EaafFactoryException(ERRORCODE_06, + new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" }); + + } catch (Exception e) { log.error("Software KeyStore initialization FAILED with an generic error.", e); throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java index 970efd22..c1a1d917 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java @@ -4,10 +4,9 @@ import java.util.Map; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; - import org.apache.commons.lang3.StringUtils; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import lombok.Getter; import lombok.Setter; import lombok.extern.slf4j.Slf4j; @@ -53,6 +52,12 @@ public class KeyStoreConfiguration { */ private String softKeyStorePassword; + + /** + * Use filePaths as it is and does not make it absolut. + */ + private boolean skipMakeAbsolutPaths = false; + /** * Build a {@link KeyStoreConfiguration} from a configuration map.
*

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java index 99b87819..be51426c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java @@ -30,12 +30,16 @@ import java.security.KeyStoreException; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import lombok.extern.slf4j.Slf4j; + /** * Utility for creating and loading key stores. * * @author Paul Ivancsics * @version $Id$ */ +@Slf4j public class KeyStoreUtils { /** @@ -109,6 +113,32 @@ public class KeyStoreUtils { return ks; } + /** + * Loads a keyStore with known keyStore type. + * + * @param is input stream + * @param password Password protecting the keyStore + * @param keyStoreType Type of the KeyStore + * @return loaded KeyStore + * @throws IOException In case of a general error + * @throws GeneralSecurityException In case of a KeyStore access error + */ + public static KeyStore loadKeyStore(final InputStream is, final String password, KeyStoreType keyStoreType) + throws IOException, GeneralSecurityException { + String internalType = KEYSTORE_TYPE_PKCS12; + if (keyStoreType.equals(KeyStoreType.JKS)) { + internalType = KEYSTORE_TYPE_JKS; + + } else if (keyStoreType.equals(KeyStoreType.PKCS12)) { + internalType = KEYSTORE_TYPE_PKCS12; + + } + + return loadKeyStore(internalType, is, password); + + } + + /** * Loads a keyStore without knowing the keyStore type. * @@ -125,14 +155,18 @@ public class KeyStoreUtils { try { try { ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password); + } catch (final IOException e2) { is.reset(); ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password); + } + } catch (final Exception e) { - e.printStackTrace(); - + log.warn("Can not load keystore", e); + } + return ks; } -- cgit v1.2.3