From 49cb8adfd8992dc8d21ff208d8dd93e0592e1be4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 5 May 2020 12:28:28 +0200
Subject: first tests for SSL Client Auth. with HSM-Facade

---
 .../java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java     | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java')

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
index 06b8dfd2..b357bb01 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java
@@ -23,6 +23,7 @@ import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
+import java.security.Security;
 import java.security.UnrecoverableKeyException;
 
 import javax.annotation.Nonnull;
@@ -35,6 +36,7 @@ import org.apache.http.conn.ssl.TrustAllStrategy;
 import org.apache.http.ssl.SSLContextBuilder;
 import org.apache.http.ssl.SSLContexts;
 import org.apache.http.ssl.TrustStrategy;
+import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
 
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
@@ -166,8 +168,16 @@ public class HttpUtils {
           : keyPasswordString.toCharArray();
 
       SSLContextBuilder sslContextBuilder = SSLContexts.custom();
-      Provider provider = null;
-      sslContextBuilder.setProvider(provider);
+      if (keyStore.getSecond() != null) {        
+        Provider provider = new BouncyCastleJsseProvider(keyStore.getSecond());
+        
+        log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext",
+            friendlyName, provider.getName());
+        sslContextBuilder.setProvider(provider);
+        Security.addProvider(provider);
+        //sslContextBuilder.setSecureRandom(SecureRandom.getInstanceStrong());
+        
+      }
       if (StringUtils.isNotEmpty(keyAlias)) {
         sslContextBuilder = sslContextBuilder
             .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias));
-- 
cgit v1.2.3