From bf864776d6abd52529ba171a4ef49dcc538711da Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 1 Jul 2020 15:21:54 +0200 Subject: switch to HSM-Facade v0.5.0 --- .../core/impl/credential/EaafKeyStoreFactory.java | 34 +++++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) (limited to 'eaaf_core_utils/src/main/java/at') diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index 504afc9f..8cbf1375 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -70,6 +70,7 @@ public class EaafKeyStoreFactory { = "at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter"; private static final String HSM_FACADE_PROVIDER_METHOD_CONSTRUCT = "getInstance"; private static final String HSM_FACADE_PROVIDER_METHOD_INIT = "init"; + private static final String HSM_FACADE_PROVIDER_METHOD_ISINITIALIZED = "isInitialized"; private static final String HSM_FACADE_PROVIDER_INIT_ERROR_MSG = "Has HSM-Facade class supported '{}' method: {}"; private static final String HSM_FACADE_PROVIDER = "HsmFacade"; @@ -177,15 +178,32 @@ public class EaafKeyStoreFactory { final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST); Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER); if (alreadyLoadedProvider != null - && alreadyLoadedProvider.getClass().isAssignableFrom(hsmProviderClazz)) { - //TODO: check isInitialized() flag, if the parameter is available in next version - - + && alreadyLoadedProvider.getClass().isAssignableFrom(hsmProviderClazz)) { log.info("Find already initialized Java SecurityProvider: {}", alreadyLoadedProvider.getName()); - log.info("HSM Facade is already initialized. {} can provide KeyStores based on remote HSM", - EaafKeyStoreFactory.class.getSimpleName()); - isHsmFacadeInitialized = true; - + //mark it as initialized if the state can not be determined + boolean isAlreadyInitialized = true; + try { + Method initializeCheck = + alreadyLoadedProvider.getClass().getMethod(HSM_FACADE_PROVIDER_METHOD_ISINITIALIZED, new Class[]{}); + isAlreadyInitialized = (boolean) initializeCheck.invoke(alreadyLoadedProvider); + + } catch (Exception e) { + log.warn("Can not determine state of alreay loaded HSM Facade. Mark it as 'initialized'"); + log.debug("HSM Facade check error: {}", e.getMessage()); + + } + isHsmFacadeInitialized = isAlreadyInitialized; + + if (isHsmFacadeInitialized) { + log.info("HSM Facade is already initialized. {} can provide KeyStores based on remote HSM", + EaafKeyStoreFactory.class.getSimpleName()); + + } else { + log.info("HSM Facade is already loaded but not initialized. {} can NOT provide KeyStores based on remote HSM", + EaafKeyStoreFactory.class.getSimpleName()); + + } + } else if (StringUtils.isNotEmpty(hsmFacadeHost)) { log.debug("Find host for HSMFacade. Starting crypto provider initialization ... "); initializeHsmFacadeSecurityProvider(hsmProviderClazz, hsmFacadeHost); -- cgit v1.2.3