From 0d52fe861a46f8ba595bdd34b106c98096c4304b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 18 Jun 2020 14:39:29 +0200
Subject: add symmetric-key functionality into EaafKeyStoreFactory that
 supports passphrase based symmetric keys and keys from HSM-Facade

---
 .../impl/credential/SymmetricKeyConfiguration.java | 221 +++++++++++++++++++++
 1 file changed, 221 insertions(+)
 create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java

(limited to 'eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java')

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java
new file mode 100644
index 00000000..45b51975
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java
@@ -0,0 +1,221 @@
+package at.gv.egiz.eaaf.core.impl.credential;
+
+import java.util.Map;
+
+import javax.annotation.Nonnull;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+@Getter
+@Setter
+public class SymmetricKeyConfiguration {
+
+  public static final String PROP_CONFIG_KEY_TYPE =
+      "key.type";
+
+  public static final String PROP_CONFIG_HSMFACADE_NAME =
+      "keystore.name";
+  public static final String PROP_CONFIG_HSM_KEY_ALIAS =
+      "key.alias";
+  
+  public static final String PROP_CONFIG_SOFTWARE_KEY_PASSPHRASE =
+      "key.passphrase";
+  public static final String PROP_CONFIG_SOFTWARE_KEY_SALT =
+      "key.salt";
+  
+  /**
+   * FriendlyName for this KeyStore. Mainly used for logging.
+   */
+  private String friendlyName;
+
+  /**
+   * General type of the KeyStore that should be generated.
+   */
+  private SymmetricKeyType keyType;
+
+  /**
+   * Name of the KeyStore in HSM Facade.
+   */
+  private String keyStoreName;
+
+  /**
+   * Alias of the Key in HSM Facade keystore.
+   */
+  private String keyAlias;
+  
+  /**
+   * Software key passphrase.
+   */
+  private String softKeyPassphrase;
+
+  /**
+   * Software key salt.
+   */
+  private String softKeySalt;
+
+  /**
+   * Build a {@link SymmetricKeyConfiguration} from a configuration map. <br>
+   * <p>
+   * The configuration parameters defined in this class are used to load the
+   * configuration.
+   * </p>
+   *
+   * @param config       Configuration
+   * @param friendlyName FriendlyName for this KeyStore
+   * @return Configuration object for {@link EaafKeyStoreFactory}
+   * @throws EaafConfigurationException In case of a configuration error.
+   */
+  public static SymmetricKeyConfiguration buildFromConfigurationMap(Map<String, String> config,
+      String friendlyName) throws EaafConfigurationException {
+
+    final SymmetricKeyConfiguration internalConfig = new SymmetricKeyConfiguration();
+    internalConfig.setFriendlyName(friendlyName);
+
+    final SymmetricKeyType internalKeyStoreType = SymmetricKeyType.fromString(
+        getConfigurationParameter(config, PROP_CONFIG_KEY_TYPE));
+    if (internalKeyStoreType != null) {
+      internalConfig.setKeyType(internalKeyStoreType);
+
+    } else {
+      log.error("Symmetric Key-configuration: {} sets an unknown Keytype: {}",
+          friendlyName, getConfigurationParameter(config, PROP_CONFIG_KEY_TYPE));
+      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01,
+          new Object[] { friendlyName });
+
+    }
+
+    if (internalKeyStoreType.equals(SymmetricKeyType.HSMFACADE)) {
+      log.trace("Set-up HSM-Facade Symmentric-Key ... ");
+      internalConfig.setKeyStoreName(getConfigurationParameter(config, PROP_CONFIG_HSMFACADE_NAME));
+      internalConfig.setKeyAlias(getConfigurationParameter(config, PROP_CONFIG_HSM_KEY_ALIAS));
+      
+    } else {
+      log.trace("Set-up software passphrase based symmetric key ... ");
+      internalConfig.setSoftKeyPassphrase(getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEY_PASSPHRASE));
+      internalConfig.setSoftKeySalt(getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEY_SALT));
+
+    } 
+
+    return internalConfig;
+  }
+
+  /**
+   * Set the Type of the symmetric key based on String identifier.
+   *
+   * @param keyType String based KeyStore type
+   * @throws EaafConfigurationException In case of an unknown KeyStore type
+   */
+  public void setKeyType(@Nonnull String keyType) throws EaafConfigurationException {
+    final SymmetricKeyType internalKeyStoreType = SymmetricKeyType.fromString(keyType);
+    if (internalKeyStoreType != null) {
+      setKeyType(internalKeyStoreType);
+
+    } else {
+      log.error("KeyStore: {} sets an unknown KeyStore type: {}",
+          friendlyName, keyType);
+      throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01,
+          new Object[] { friendlyName });
+
+    }
+
+  }
+
+  /**
+   * Set the Type of the symmetric Key based on String identifier.
+   *
+   * @param type of tke symmetric key
+   */
+  public void setKeyType(@Nonnull SymmetricKeyType type) {
+    this.keyType = type;
+
+  }
+
+  /**
+   * Validate the internal state of this configuration object.
+   *
+   * @throws EaafConfigurationException In case of a configuration error
+   */
+  public void validate() throws EaafConfigurationException {
+    if (SymmetricKeyType.HSMFACADE.equals(keyType)) {
+      log.trace("Validate HSM-Facade symmetric key ... ");
+      checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07,
+          friendlyName, "Missing 'KeyStoreName' for HSM-Facade");
+      checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07,
+          friendlyName, "Missing 'KeyAlias' for HSM-Facade");
+      
+    } else {
+      log.trace("Validate passphrase based symmetric key ... ");
+      checkConfigurationValue(softKeyPassphrase, EaafKeyStoreFactory.ERRORCODE_07,
+          friendlyName, "Missing 'passphrase' for symmetric-key generation");
+      checkConfigurationValue(softKeySalt, EaafKeyStoreFactory.ERRORCODE_07,
+          friendlyName, "Missing 'salt' for symmetric-key generation");
+
+    } 
+  }
+
+  public enum SymmetricKeyType {
+    PASSPHRASE("passphrase"), HSMFACADE("hsmfacade");
+
+    private final String keyType;
+
+    SymmetricKeyType(final String keyStoreType) {
+      this.keyType = keyStoreType;
+    }
+
+    /**
+     * Get Type of this Key.
+     *
+     * @return
+     */
+    public String getKeyType() {
+      return this.keyType;
+    }
+
+    /**
+     * Get KeyType from String representation.
+     *
+     * @param s Config parameter
+     * @return
+     */
+    public static SymmetricKeyType fromString(final String s) {
+      try {
+        return SymmetricKeyType.valueOf(s.toUpperCase());
+
+      } catch (IllegalArgumentException | NullPointerException e) {
+        return null;
+      }
+    }
+
+    @Override
+    public String toString() {
+      return getKeyType();
+
+    }
+  }
+
+  @Nonnull
+  private static String getConfigurationParameter(@Nonnull Map<String, String> config,
+      @Nonnull String configParamKey)
+      throws EaafConfigurationException {
+    final String configValue = config.get(configParamKey);
+    checkConfigurationValue(configValue, EaafKeyStoreFactory.ERRORCODE_04, configParamKey);
+    return configValue;
+
+  }
+
+  private static void checkConfigurationValue(String configValue, String errorCode, String... params)
+      throws EaafConfigurationException {
+    if (StringUtils.isEmpty(configValue)) {
+      throw new EaafConfigurationException(errorCode,
+         params);
+
+    }
+
+  }
+}
-- 
cgit v1.2.3