From adc58a6ecb2d3d5bb0dc17f0e4a7a0e7803ebbb1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 19 Jun 2020 10:28:58 +0200 Subject: activates HSM-Facade, if HSM-Facade-Provider is an already loaded Java Security-Provider --- .../core/impl/credential/EaafKeyStoreFactory.java | 132 ++++++++++++--------- 1 file changed, 78 insertions(+), 54 deletions(-) (limited to 'eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java') diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index 711a3517..504afc9f 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -172,69 +172,93 @@ public class EaafKeyStoreFactory { @PostConstruct private void initialize() throws EaafException { - Class hsmProviderClazz = getHsmProviderClass(); - final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST); - if (hsmProviderClazz != null && StringUtils.isNotEmpty(hsmFacadeHost)) { - log.debug("Find host for HSMFacade. Starting crypto provider initialization ... "); - try { - final int port = Integer.parseUnsignedInt( - getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT)); - final String clientUsername = - getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME); - final String clientPassword = - getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD); - - //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade - //has not be in ClassPath on every project + Class hsmProviderClazz = getHsmProviderClass(); + if (hsmProviderClazz != null) { + final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST); + Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER); + if (alreadyLoadedProvider != null + && alreadyLoadedProvider.getClass().isAssignableFrom(hsmProviderClazz)) { + //TODO: check isInitialized() flag, if the parameter is available in next version - Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{}); - Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT, - X509Certificate.class, String.class, String.class, String.class, int.class); - if (initMethod != null && constructor != null) { - Object rawProvider = constructor.invoke(hsmProviderClazz); - initMethod.invoke( - rawProvider, getHsmFacadeTrustSslCertificate(), - clientUsername, clientPassword, hsmFacadeHost, port); + + log.info("Find already initialized Java SecurityProvider: {}", alreadyLoadedProvider.getName()); + log.info("HSM Facade is already initialized. {} can provide KeyStores based on remote HSM", + EaafKeyStoreFactory.class.getSimpleName()); + isHsmFacadeInitialized = true; + + } else if (StringUtils.isNotEmpty(hsmFacadeHost)) { + log.debug("Find host for HSMFacade. Starting crypto provider initialization ... "); + initializeHsmFacadeSecurityProvider(hsmProviderClazz, hsmFacadeHost); + + } else { + log.info("HSM Facade is on ClassPath but not configurated. {} can only provide software keystores", + EaafKeyStoreFactory.class.getSimpleName()); + + } + + } else { + log.info("HSM Facade is not on ClassPath. {} can only provide software keystores", + EaafKeyStoreFactory.class.getSimpleName()); + + } + + } + + private void initializeHsmFacadeSecurityProvider(Class hsmProviderClazz, String hsmFacadeHost) + throws EaafException { + try { + final int port = Integer.parseUnsignedInt( + getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT)); + final String clientUsername = + getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME); + final String clientPassword = + getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD); + + //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade + //has not be in ClassPath on every project + Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{}); + Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT, + X509Certificate.class, String.class, String.class, String.class, int.class); + if (initMethod != null && constructor != null) { + Object rawProvider = constructor.invoke(hsmProviderClazz); + initMethod.invoke( + rawProvider, getHsmFacadeTrustSslCertificate(), + clientUsername, clientPassword, hsmFacadeHost, port); + + if (rawProvider instanceof Provider) { + Security.insertProviderAt((Provider) rawProvider, 0); + isHsmFacadeInitialized = true; + log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", + EaafKeyStoreFactory.class.getSimpleName()); - if (rawProvider instanceof Provider) { - Security.insertProviderAt((Provider) rawProvider, 0); - isHsmFacadeInitialized = true; - log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", - EaafKeyStoreFactory.class.getSimpleName()); - - } else { - log.warn("Is HSM-Facade class type of 'java.security.Provider': {}", - rawProvider instanceof Provider); - throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}); - - } - - } else { - log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, - HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, constructor != null); - log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, - HSM_FACADE_PROVIDER_METHOD_INIT, initMethod != null); + } else { + log.warn("Is HSM-Facade class type of 'java.security.Provider': {}", + rawProvider instanceof Provider); throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}); } - - //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); - //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port); - - } catch (final EaafException e) { - throw e; - - } catch (final Exception e) { - log.error("HSM Facade initialization FAILED with an generic error.", e); - throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e); + + } else { + log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, + HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, constructor != null); + log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, + HSM_FACADE_PROVIDER_METHOD_INIT, initMethod != null); + throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}); + } + + //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); + //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port); - } else { - log.info("HSM Facade is not configurated. {} can only provide software keystores", - EaafKeyStoreFactory.class.getSimpleName()); + } catch (final EaafException e) { + throw e; + } catch (final Exception e) { + log.error("HSM Facade initialization FAILED with an generic error.", e); + throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e); + } - + } private Class getHsmProviderClass() { -- cgit v1.2.3