From cbfadcc7681c9f362c1e7e2c3eab43980c1236ef Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 12 Feb 2020 19:01:59 +0100
Subject: add first untested version of EaafKeyStoreFactory that supports
 Software-Keystore and HSM-Facade

---
 .../impl/credential/KeyStoreConfiguration.java     | 59 ++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java

(limited to 'eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java')

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
new file mode 100644
index 00000000..c8489ac0
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -0,0 +1,59 @@
+package at.gv.egiz.eaaf.core.impl.credential;
+
+import lombok.Getter;
+
+@Getter
+public class KeyStoreConfiguration {
+
+  private String friendlyName;
+
+  private KeyStoreType keyStoreType;
+
+  private String keyStoreName;
+
+  private String keyStoreFilePath;
+
+  private String keyStorePassword;
+
+
+  public enum KeyStoreType {
+    SOFTWARE("software"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
+
+    private final String keyStoreType;
+
+    KeyStoreType(final String keyStoreType) {
+      this.keyStoreType = keyStoreType;
+    }
+
+    /**
+     * Get Type of this KeyStore.
+     *
+     * @return
+     */
+    public String getKeyStoreType() {
+      return this.keyStoreType;
+    }
+
+    /**
+     * Get KeyStore type from String representation.
+     *
+     * @param s Config parameter
+     * @return
+     */
+    public static KeyStoreType fromString(final String s) {
+      try {
+        return KeyStoreType.valueOf(s.toUpperCase());
+
+      } catch (IllegalArgumentException | NullPointerException e) {
+        return null;
+      }
+    }
+
+    @Override
+    public String toString() {
+      return getKeyStoreType();
+
+    }
+
+  }
+}
-- 
cgit v1.2.3


From e23226c47807be597bbbae3891dbb94069d56836 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 14 Feb 2020 08:46:52 +0100
Subject: Integrate HSM Facade from A-SIT+ The EaafKeyStoreFactory can be used
 to build KeyStores from differend providers and types

---
 .../impl/credential/KeyStoreConfiguration.java     | 140 ++++++++++++++++++++-
 1 file changed, 137 insertions(+), 3 deletions(-)

(limited to 'eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java')

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index c8489ac0..400b724f 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -1,23 +1,144 @@
 package at.gv.egiz.eaaf.core.impl.credential;
 
+import java.util.Map;
+
+import javax.annotation.Nonnull;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
 
+@Slf4j
 @Getter
+@Setter
 public class KeyStoreConfiguration {
 
+  public static final String PROP_CONFIG_KEYSTORE_TYPE =
+      "keystore.type";
+
+  public static final String PROP_CONFIG_HSMFACADE_NAME =
+      "keystore.name";
+
+  public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PATH =
+      "keystore.path";
+  public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD =
+      "keystore.password";
+
+  /**
+   * FriendlyName for this KeyStore. Mainly used for logging.
+   */
   private String friendlyName;
 
+  /**
+   * General type of the KeyStore that should be generated.
+   */
   private KeyStoreType keyStoreType;
 
+  /**
+   * Name of the KeyStore in HSM Facade.
+   */
   private String keyStoreName;
 
-  private String keyStoreFilePath;
+  /**
+   * Path to software KeyStore in case of a PKCS12 or JKS KeyStore.
+   */
+  private String softKeyStoreFilePath;
+
+  /**
+   * Password of a software KeyStore in case of a PKCS12 or JKS KeyStore.
+   */
+  private String softKeyStorePassword;
+
+  /**
+   * Build a {@link KeyStoreConfiguration} from a configuration map. <br>
+   * <p>
+   * The configuration parameters defined in this class are used to load the
+   * configuration.
+   * </p>
+   *
+   * @param config       Configuration
+   * @param friendlyName FriendlyName for this KeyStore
+   * @return Configuration object for {@link EaafKeyStoreFactory}
+   * @throws EaafConfigurationException In case of a configuration error.
+   */
+  public static KeyStoreConfiguration buildFromConfigurationMap(Map<String, String> config,
+      String friendlyName) throws EaafConfigurationException {
+
+    final KeyStoreConfiguration internalConfig = new KeyStoreConfiguration();
+    internalConfig.setFriendlyName(friendlyName);
+
+    final KeyStoreType internalKeyStoreType = KeyStoreType.fromString(
+        getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE));
+    if (internalKeyStoreType != null) {
+      internalConfig.setKeyStoreType(internalKeyStoreType);
+
+    } else {
+      log.error("KeyStore: {} sets an unknown KeyStore type: {}",
+          friendlyName, getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE));
+      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01,
+          new Object[] { friendlyName });
+
+    }
+
+    if (internalKeyStoreType.equals(KeyStoreType.HSMFACADE)) {
+      log.trace("Set-up HSM-Facade KeyStore ... ");
+      internalConfig.setKeyStoreName(
+          getConfigurationParameter(config, PROP_CONFIG_HSMFACADE_NAME));
+
+    } else if (internalKeyStoreType.equals(KeyStoreType.PKCS12)
+        || internalKeyStoreType.equals(KeyStoreType.JKS)) {
+      log.trace("Set-up software KeyStore ... ");
+      internalConfig.setSoftKeyStoreFilePath(
+          getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PATH));
+      internalConfig.setSoftKeyStorePassword(
+          getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD));
+
+    } else {
+      log.info("Configuration of type: {} not supported yet", internalKeyStoreType);
+      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_02,
+          new Object[] { friendlyName, config.get(PROP_CONFIG_KEYSTORE_TYPE) });
+
+    }
+
+    return internalConfig;
+  }
 
-  private String keyStorePassword;
+  /**
+   * Set the Type of the KeyStore based on String identifier.
+   *
+   * @param keyStoreType String based KeyStore type
+   * @throws EaafConfigurationException In case of an unknown KeyStore type
+   */
+  public void setKeyStoreType(@Nonnull String keyStoreType) throws EaafConfigurationException {
+    final KeyStoreType internalKeyStoreType = KeyStoreType.fromString(keyStoreType);
+    if (internalKeyStoreType != null) {
+      setKeyStoreType(internalKeyStoreType);
+
+    } else {
+      log.error("KeyStore: {} sets an unknown KeyStore type: {}",
+          friendlyName, keyStoreType);
+      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01,
+          new Object[] { friendlyName });
 
+    }
+
+  }
+
+  /**
+   * Set the Type of the KeyStore based on String identifier.
+   *
+   * @param type String based KeyStore type
+   */
+  public void setKeyStoreType(@Nonnull KeyStoreType type) {
+    this.keyStoreType = type;
+
+  }
 
   public enum KeyStoreType {
-    SOFTWARE("software"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
+    PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
 
     private final String keyStoreType;
 
@@ -54,6 +175,19 @@ public class KeyStoreConfiguration {
       return getKeyStoreType();
 
     }
+  }
+
+  @Nonnull
+  private static String getConfigurationParameter(@Nonnull Map<String, String> config,
+      @Nonnull String configParamKey)
+      throws EaafConfigurationException {
+    final String configValue = config.get(configParamKey);
+    if (StringUtils.isEmpty(configValue)) {
+      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_04, new Object[] { configParamKey });
+
+    }
 
+    return configValue;
   }
+
 }
-- 
cgit v1.2.3


From c4e1a45e7958cab402d83f6f4ae208df1bb2ab58 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 14 Feb 2020 15:22:13 +0100
Subject: add common-code for KeyStore and Credential handling

---
 .../impl/credential/KeyStoreConfiguration.java     | 41 +++++++++++++++++++---
 1 file changed, 36 insertions(+), 5 deletions(-)

(limited to 'eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java')

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index 400b724f..6dbbba3e 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -137,6 +137,31 @@ public class KeyStoreConfiguration {
 
   }
 
+  /**
+   * Validate the internal state of this configuration object.
+   * 
+   * @throws EaafConfigurationException In case of a configuration error
+   */
+  public void validate() throws EaafConfigurationException {
+    if (KeyStoreType.HSMFACADE.equals(keyStoreType)) {
+      log.trace("Validate HSM-Facade KeyStore ... ");
+      checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07,
+          friendlyName, "Missing 'KeyName' for HSM-Facade");
+     
+    } else if (KeyStoreType.PKCS12.equals(keyStoreType)
+        || KeyStoreType.JKS.equals(keyStoreType)) {
+      log.trace("Validate software KeyStore ... ");
+      checkConfigurationValue(softKeyStoreFilePath, EaafKeyStoreFactory.ERRORCODE_07,
+          friendlyName, "Missing 'KeyPath' for software keystore");
+      checkConfigurationValue(softKeyStorePassword, EaafKeyStoreFactory.ERRORCODE_07,
+          friendlyName, "Missing 'KeyPassword' for software keystore");
+      
+    } else {
+      log.info("Validation of type: {} not supported yet", keyStoreType);
+      
+    }
+  }
+  
   public enum KeyStoreType {
     PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
 
@@ -182,12 +207,18 @@ public class KeyStoreConfiguration {
       @Nonnull String configParamKey)
       throws EaafConfigurationException {
     final String configValue = config.get(configParamKey);
-    if (StringUtils.isEmpty(configValue)) {
-      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_04, new Object[] { configParamKey });
-
-    }
-
+    checkConfigurationValue(configValue, EaafKeyStoreFactory.ERRORCODE_04, configParamKey);
     return configValue;
+    
   }
 
+  private static void checkConfigurationValue(String configValue, String errorCode, String... params) 
+      throws EaafConfigurationException {
+    if (StringUtils.isEmpty(configValue)) {
+      throw new EaafConfigurationException(errorCode, 
+          new Object[] { params});
+      
+    }
+    
+  }
 }
-- 
cgit v1.2.3