From cbfadcc7681c9f362c1e7e2c3eab43980c1236ef Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Wed, 12 Feb 2020 19:01:59 +0100
Subject: add first untested version of EaafKeyStoreFactory that supports
Software-Keystore and HSM-Facade
---
.../core/impl/credential/EaafKeyStoreFactory.java | 216 +++++++++++++++++++++
.../impl/credential/KeyStoreConfiguration.java | 59 ++++++
2 files changed, 275 insertions(+)
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
(limited to 'eaaf_core_utils/src')
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
new file mode 100644
index 00000000..af184050
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -0,0 +1,216 @@
+package at.gv.egiz.eaaf.core.impl.credential;
+
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import javax.annotation.Nonnull;
+import javax.annotation.PostConstruct;
+
+import at.asitplus.hsmfacade.provider.HsmFacadeProvider;
+import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class EaafKeyStoreFactory {
+
+ public static final String CONFIG_PROP_HSM_FACADE_HOST = "security.hsmfacade.host";
+ public static final String CONFIG_PROP_HSM_FACADE_PORT = "security.hsmfacade.port";
+ public static final String CONFIG_PROP_HSM_FACADE_SSLTRUST = "security.hsmfacade.trustedsslcert";
+ public static final String CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME = "security.hsmfacade.username";
+ public static final String CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD = "security.hsmfacade.password";
+ public static final String CONFIG_PROP_HSM_FACADE_HSM_NAME = "security.hsmfacade.hsmname";
+
+ public static final String ERRORCODE_00 = "internal.keystore.00";
+ public static final String ERRORCODE_01 = "internal.keystore.01";
+ public static final String ERRORCODE_02 = "internal.keystore.02";
+ public static final String ERRORCODE_03 = "internal.keystore.03";
+ public static final String ERRORCODE_04 = "internal.keystore.04";
+ public static final String ERRORCODE_05 = "internal.keystore.05";
+ public static final String ERRORCODE_06 = "internal.keystore.06";
+
+ @Autowired private IConfiguration basicConfig;
+ @Autowired private ResourceLoader resourceLoader;
+
+ private boolean isHsmFacadeInitialized = false;
+
+
+
+ public KeyStore buildNewKeyStore(KeyStoreConfiguration config) throws EaafException {
+ log.trace("Starting KeyStore generation based on configuration object ... ");
+ if (KeyStoreType.SOFTWARE.equals(config.getKeyStoreType())) {
+ return getKeyStoreFromFileSystem(config);
+
+ } else if (KeyStoreType.HSMFACADE.equals(config.getKeyStoreType())) {
+ if (isHsmFacadeInitialized) {
+ getKeyStoreFromHsmFacade(config);
+
+ } else {
+ log.error("HSMFacade can NOT be used for KeyStore: {} because {} is not initialized",
+ config.getFriendlyName());
+ throw new EaafConfigurationException(ERRORCODE_00,
+ new Object[]{config.getFriendlyName()});
+
+ }
+
+ } else if (KeyStoreType.PKCS11.equals(config.getKeyStoreType())) {
+ log.warn("KeyStoreType: {} is NOT supported", config.getKeyStoreType());
+ throw new EaafConfigurationException(ERRORCODE_02,
+ new Object[]{config.getFriendlyName(), config.getKeyStoreType()});
+
+ } else {
+ log.warn("KeyStoreType: {} is unrecognized", config.getKeyStoreType());
+ throw new EaafConfigurationException(ERRORCODE_01,
+ new Object[]{config.getFriendlyName()});
+
+ }
+ return null;
+ }
+
+ @PostConstruct
+ private void initialize() throws EaafException {
+
+ final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST);
+ if (StringUtils.isNotEmpty(hsmFacadeHost)) {
+ log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");
+ try {
+ final int port = Integer.valueOf(
+ getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT));
+ final String clientUsername =
+ getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);
+ final String clientPassword =
+ getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD);
+ final String hsmName =
+ getConfigurationParameter(CONFIG_PROP_HSM_FACADE_HSM_NAME);
+
+ final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
+ provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port, hsmName);
+ Security.addProvider(provider);
+ isHsmFacadeInitialized = true;
+ log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
+ EaafKeyStoreFactory.class.getSimpleName());
+
+ } catch (final EaafException e) {
+ throw e;
+
+ } catch (final Exception e) {
+ log.error("HSM Facade initialization FAILED with an generic error.", e);
+ throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e);
+ }
+
+ } else {
+ log.info("HSM Facade is not configurated. {} can only provide software keystores",
+ EaafKeyStoreFactory.class.getSimpleName());
+
+ }
+
+ }
+
+ private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException {
+ try {
+ final String keyStorePath = config.getKeyStoreFilePath();
+ final String keyStorePassword = config.getKeyStorePassword();
+
+ //TODO: check config
+
+ final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory());
+ final Resource ressource = resourceLoader.getResource(absKeyStorePath);
+ if (!ressource.exists()) {
+ throw new EaafConfigurationException(ERRORCODE_05,
+ new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ "File not found at: " + absKeyStorePath});
+
+ }
+
+ return KeyStoreUtils.loadKeyStore(ressource.getInputStream(), keyStorePassword);
+
+ } catch (KeyStoreException | IOException e) {
+ log.error("Software KeyStore initialization FAILED with an generic error.", e);
+ throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e);
+
+ }
+ }
+
+ private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config) throws EaafFactoryException, EaafConfigurationException {
+ final String keyStoreName = config.getKeyStoreName();
+ if (StringUtils.isEmpty(keyStoreName)) {
+ throw new EaafConfigurationException(ERRORCODE_06,
+ new Object[] {config.getFriendlyName(), "No KeyStore name"});
+
+ }
+
+ try {
+ final KeyStore keyStore = KeyStore.getInstance("RemoteKeyStore", "HsmFacade");
+ keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName));
+ return keyStore;
+
+ } catch (NoSuchAlgorithmException | CertificateException | IOException |
+ KeyStoreException | NoSuchProviderException e) {
+ log.error("Can not initialize KeyStore: {} with reason: {}",
+ config.getFriendlyName(), e.getMessage());
+ throw new EaafFactoryException(ERRORCODE_06,
+ new Object[] {config.getFriendlyName(), e.getMessage()}, e);
+
+ }
+ }
+
+ private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException {
+ try {
+ final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST);
+
+ final String absolutCertFilePath = FileUtils.makeAbsoluteUrl(
+ certFilePath, basicConfig.getConfigurationRootDirectory());
+ final Resource certFile = resourceLoader.getResource(absolutCertFilePath);
+
+ if (!certFile.exists()) {
+ throw new EaafConfigurationException(ERRORCODE_05,
+ new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ "File not found at: " + absolutCertFilePath });
+
+ }
+
+ return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile.getInputStream());
+
+ } catch (final EaafConfigurationException e) {
+ throw e;
+
+ } catch (CertificateException | IOException e) {
+ log.error("Can not load trusted server-certificate for HSM-Facade. Reason: {}", e.getMessage());
+ throw new EaafConfigurationException(ERRORCODE_05,
+ new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST, e.getMessage()}, e);
+
+ }
+ }
+
+ @Nonnull
+ private String getConfigurationParameter(@Nonnull String configParamKey)
+ throws EaafConfigurationException{
+ final String configValue = basicConfig.getBasicConfiguration(configParamKey);
+ if (StringUtils.isEmpty(configValue)) {
+ throw new EaafConfigurationException(ERRORCODE_04, new Object[] {configParamKey});
+
+ }
+
+ return configValue;
+ }
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
new file mode 100644
index 00000000..c8489ac0
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -0,0 +1,59 @@
+package at.gv.egiz.eaaf.core.impl.credential;
+
+import lombok.Getter;
+
+@Getter
+public class KeyStoreConfiguration {
+
+ private String friendlyName;
+
+ private KeyStoreType keyStoreType;
+
+ private String keyStoreName;
+
+ private String keyStoreFilePath;
+
+ private String keyStorePassword;
+
+
+ public enum KeyStoreType {
+ SOFTWARE("software"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
+
+ private final String keyStoreType;
+
+ KeyStoreType(final String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
+
+ /**
+ * Get Type of this KeyStore.
+ *
+ * @return
+ */
+ public String getKeyStoreType() {
+ return this.keyStoreType;
+ }
+
+ /**
+ * Get KeyStore type from String representation.
+ *
+ * @param s Config parameter
+ * @return
+ */
+ public static KeyStoreType fromString(final String s) {
+ try {
+ return KeyStoreType.valueOf(s.toUpperCase());
+
+ } catch (IllegalArgumentException | NullPointerException e) {
+ return null;
+ }
+ }
+
+ @Override
+ public String toString() {
+ return getKeyStoreType();
+
+ }
+
+ }
+}
--
cgit v1.2.3
From e23226c47807be597bbbae3891dbb94069d56836 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 14 Feb 2020 08:46:52 +0100
Subject: Integrate HSM Facade from A-SIT+ The EaafKeyStoreFactory can be used
to build KeyStores from differend providers and types
---
.../core/impl/credential/EaafKeyStoreFactory.java | 160 +++---
.../impl/credential/KeyStoreConfiguration.java | 140 +++++-
.../idp/process/support/SecureRandomHolder.java | 5 +-
.../core/impl/logging/EaafUtilsMessageSource.java | 16 +
.../core/impl/logging/SimpleStatusMessager.java | 5 +-
.../egiz/eaaf/core/impl/utils/DataUrlBuilder.java | 16 +-
.../at/gv/egiz/eaaf/core/impl/utils/FileUtils.java | 20 +-
.../eaaf/core/impl/utils/HttpClientFactory.java | 122 ++---
.../at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java | 11 +-
.../eaaf/core/impl/utils/IHttpClientFactory.java | 6 +-
.../egiz/eaaf/core/impl/utils/KeyStoreUtils.java | 36 +-
.../egiz/eaaf/core/impl/utils/KeyValueUtils.java | 68 +--
.../eaaf/core/impl/utils/NodeIteratorAdapter.java | 13 +-
.../egiz/eaaf/core/impl/utils/NodeListAdapter.java | 5 +-
.../at/gv/egiz/eaaf/core/impl/utils/Random.java | 20 +-
.../SecurePendingRequestIdGenerationStrategy.java | 30 +-
.../SimplePendingRequestIdGenerationStrategy.java | 8 +-
.../gv/egiz/eaaf/core/impl/utils/StreamUtils.java | 52 +-
.../eaaf/core/impl/utils/TransactionIdUtils.java | 6 +-
.../at/gv/egiz/eaaf/core/impl/utils/X509Utils.java | 6 +-
.../messages/eaaf_utils_message.properties | 10 +
.../src/main/resources/spring/eaaf_utils.beans.xml | 20 +
.../impl/logging/EaafUtilsMessageSourceTest.java | 36 ++
.../impl/logging/JUnitTestStatusMessenger.java | 3 +-
.../core/impl/utils/test/KeyValueUtilsTest.java | 6 +-
.../test/credentials/EaafKeyStoreFactoryTest.java | 555 +++++++++++++++++++++
.../credentials/KeyStoreConfigurationTest.java | 190 +++++++
.../eaaf/core/test/dummy/DummyAuthConfigMap.java | 142 ++++++
.../resources/data/junit_without_trustcerts.jks | Bin 0 -> 2733 bytes
.../resources/data/junit_without_trustcerts.p12 | Bin 0 -> 3204 bytes
eaaf_core_utils/src/test/resources/data/test.crt | 3 +
.../resources/spring/test_eaaf_pvp_lazy.beans.xml | 23 +
.../spring/test_eaaf_pvp_not_lazy.beans.xml | 19 +
33 files changed, 1442 insertions(+), 310 deletions(-)
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java
create mode 100644 eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
create mode 100644 eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java
create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java
create mode 100644 eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java
create mode 100644 eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.jks
create mode 100644 eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.p12
create mode 100644 eaaf_core_utils/src/test/resources/data/test.crt
create mode 100644 eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml
create mode 100644 eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml
(limited to 'eaaf_core_utils/src')
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index af184050..f13013f5 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -1,6 +1,7 @@
package at.gv.egiz.eaaf.core.impl.credential;
import java.io.IOException;
+import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@@ -11,8 +12,14 @@ import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
import at.asitplus.hsmfacade.provider.HsmFacadeProvider;
import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
@@ -22,12 +29,6 @@ import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -48,42 +49,62 @@ public class EaafKeyStoreFactory {
public static final String ERRORCODE_05 = "internal.keystore.05";
public static final String ERRORCODE_06 = "internal.keystore.06";
- @Autowired private IConfiguration basicConfig;
- @Autowired private ResourceLoader resourceLoader;
-
- private boolean isHsmFacadeInitialized = false;
+ private static final String HSM_FACADE_PROVIDER = "HsmFacade";
+ private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore";
+ @Autowired
+ private IConfiguration basicConfig;
+ @Autowired
+ private ResourceLoader resourceLoader;
+ private boolean isHsmFacadeInitialized = false;
+ /**
+ * Get a new KeyStore based on a KeyStore configuration-object.
+ *
+ * @param config KeyStore configuration
+ * @return new KeyStore instance
+ * @throws EaafException In case of a KeyStore initialization error
+ */
public KeyStore buildNewKeyStore(KeyStoreConfiguration config) throws EaafException {
log.trace("Starting KeyStore generation based on configuration object ... ");
- if (KeyStoreType.SOFTWARE.equals(config.getKeyStoreType())) {
+ if (KeyStoreType.PKCS12.equals(config.getKeyStoreType())
+ || KeyStoreType.JKS.equals(config.getKeyStoreType())) {
return getKeyStoreFromFileSystem(config);
} else if (KeyStoreType.HSMFACADE.equals(config.getKeyStoreType())) {
if (isHsmFacadeInitialized) {
- getKeyStoreFromHsmFacade(config);
+ return getKeyStoreFromHsmFacade(config);
} else {
log.error("HSMFacade can NOT be used for KeyStore: {} because {} is not initialized",
config.getFriendlyName());
throw new EaafConfigurationException(ERRORCODE_00,
- new Object[]{config.getFriendlyName()});
+ new Object[] { config.getFriendlyName() });
}
} else if (KeyStoreType.PKCS11.equals(config.getKeyStoreType())) {
log.warn("KeyStoreType: {} is NOT supported", config.getKeyStoreType());
throw new EaafConfigurationException(ERRORCODE_02,
- new Object[]{config.getFriendlyName(), config.getKeyStoreType()});
+ new Object[] { config.getFriendlyName(), config.getKeyStoreType() });
} else {
log.warn("KeyStoreType: {} is unrecognized", config.getKeyStoreType());
throw new EaafConfigurationException(ERRORCODE_01,
- new Object[]{config.getFriendlyName()});
+ new Object[] { config.getFriendlyName() });
}
- return null;
+ }
+
+ /**
+ * Get the initialization state of the HSM Facade module.
+ *
+ * @return true if HSM Facade is available, otherwise false
+ */
+ public boolean isHsmFacadeInitialized() {
+ return isHsmFacadeInitialized;
+
}
@PostConstruct
@@ -93,7 +114,7 @@ public class EaafKeyStoreFactory {
if (StringUtils.isNotEmpty(hsmFacadeHost)) {
log.debug("Find host for HSMFacade. Starting crypto provider initialization ... ");
try {
- final int port = Integer.valueOf(
+ final int port = Integer.parseUnsignedInt(
getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT));
final String clientUsername =
getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);
@@ -103,7 +124,8 @@ public class EaafKeyStoreFactory {
getConfigurationParameter(CONFIG_PROP_HSM_FACADE_HSM_NAME);
final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance();
- provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port, hsmName);
+ provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port,
+ hsmName);
Security.addProvider(provider);
isHsmFacadeInitialized = true;
log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
@@ -114,81 +136,91 @@ public class EaafKeyStoreFactory {
} catch (final Exception e) {
log.error("HSM Facade initialization FAILED with an generic error.", e);
- throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e);
+ throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
}
} else {
- log.info("HSM Facade is not configurated. {} can only provide software keystores",
- EaafKeyStoreFactory.class.getSimpleName());
+ log.info("HSM Facade is not configurated. {} can only provide software keystores",
+ EaafKeyStoreFactory.class.getSimpleName());
}
}
- private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException {
+ private KeyStore getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException,
+ EaafFactoryException {
try {
- final String keyStorePath = config.getKeyStoreFilePath();
- final String keyStorePassword = config.getKeyStorePassword();
+ final String keyStorePath = checkConfigurationParameter(config.getSoftKeyStoreFilePath(),
+ ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing filepath to KeyStore");
- //TODO: check config
+ final String keyStorePassword = checkConfigurationParameter(config.getSoftKeyStorePassword(),
+ ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing Password for KeyStore");
- final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig.getConfigurationRootDirectory());
+ final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig
+ .getConfigurationRootDirectory());
final Resource ressource = resourceLoader.getResource(absKeyStorePath);
if (!ressource.exists()) {
throw new EaafConfigurationException(ERRORCODE_05,
- new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST,
- "File not found at: " + absKeyStorePath});
+ new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ "File not found at: " + absKeyStorePath });
}
- return KeyStoreUtils.loadKeyStore(ressource.getInputStream(), keyStorePassword);
+ final InputStream is = ressource.getInputStream();
+ final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword);
+ is.close();
+ if (keyStore == null) {
+ throw new EaafFactoryException(ERRORCODE_06,
+ new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" });
+
+ }
+
+ return keyStore;
} catch (KeyStoreException | IOException e) {
log.error("Software KeyStore initialization FAILED with an generic error.", e);
- throw new EaafConfigurationException(ERRORCODE_03, new Object[] {e.getMessage()}, e);
+ throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e);
}
}
- private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config) throws EaafFactoryException, EaafConfigurationException {
- final String keyStoreName = config.getKeyStoreName();
- if (StringUtils.isEmpty(keyStoreName)) {
- throw new EaafConfigurationException(ERRORCODE_06,
- new Object[] {config.getFriendlyName(), "No KeyStore name"});
-
- }
+ private KeyStore getKeyStoreFromHsmFacade(KeyStoreConfiguration config)
+ throws EaafFactoryException, EaafConfigurationException {
+ final String keyStoreName = checkConfigurationParameter(config.getKeyStoreName(),
+ ERRORCODE_06, config.getFriendlyName(), "KeyStoreName missing for HSM Facade");
try {
- final KeyStore keyStore = KeyStore.getInstance("RemoteKeyStore", "HsmFacade");
+ final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER);
keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName));
return keyStore;
- } catch (NoSuchAlgorithmException | CertificateException | IOException |
- KeyStoreException | NoSuchProviderException e) {
- log.error("Can not initialize KeyStore: {} with reason: {}",
- config.getFriendlyName(), e.getMessage());
- throw new EaafFactoryException(ERRORCODE_06,
- new Object[] {config.getFriendlyName(), e.getMessage()}, e);
+ } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException
+ | NoSuchProviderException e) {
+ log.error("Can not initialize KeyStore: {} with reason: {}",
+ config.getFriendlyName(), e.getMessage());
+ throw new EaafFactoryException(ERRORCODE_06,
+ new Object[] { config.getFriendlyName(), e.getMessage() }, e);
- }
+ }
}
private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException {
try {
final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST);
- final String absolutCertFilePath = FileUtils.makeAbsoluteUrl(
- certFilePath, basicConfig.getConfigurationRootDirectory());
- final Resource certFile = resourceLoader.getResource(absolutCertFilePath);
+ final String absolutCertFilePath = FileUtils.makeAbsoluteUrl(
+ certFilePath, basicConfig.getConfigurationRootDirectory());
+ final Resource certFile = resourceLoader.getResource(absolutCertFilePath);
- if (!certFile.exists()) {
- throw new EaafConfigurationException(ERRORCODE_05,
- new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST,
- "File not found at: " + absolutCertFilePath });
+ if (!certFile.exists()) {
+ throw new EaafConfigurationException(ERRORCODE_05,
+ new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ "File not found at: " + absolutCertFilePath });
- }
+ }
- return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile.getInputStream());
+ return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(certFile
+ .getInputStream());
} catch (final EaafConfigurationException e) {
throw e;
@@ -196,21 +228,29 @@ public class EaafKeyStoreFactory {
} catch (CertificateException | IOException e) {
log.error("Can not load trusted server-certificate for HSM-Facade. Reason: {}", e.getMessage());
throw new EaafConfigurationException(ERRORCODE_05,
- new Object[] {CONFIG_PROP_HSM_FACADE_SSLTRUST, e.getMessage()}, e);
+ new Object[] { CONFIG_PROP_HSM_FACADE_SSLTRUST, e.getMessage() }, e);
}
}
@Nonnull
private String getConfigurationParameter(@Nonnull String configParamKey)
- throws EaafConfigurationException{
- final String configValue = basicConfig.getBasicConfiguration(configParamKey);
- if (StringUtils.isEmpty(configValue)) {
- throw new EaafConfigurationException(ERRORCODE_04, new Object[] {configParamKey});
+ throws EaafConfigurationException {
+ return checkConfigurationParameter(
+ basicConfig.getBasicConfiguration(configParamKey), ERRORCODE_04, configParamKey);
+
+ }
+
+ @Nonnull
+ private String checkConfigurationParameter(@Nullable String configParam, @Nonnull String errorCode,
+ @Nonnull String... errorParams)
+ throws EaafConfigurationException {
+ if (StringUtils.isEmpty(configParam)) {
+ throw new EaafConfigurationException(errorCode, new Object[] { errorParams });
}
+ return configParam;
- return configValue;
}
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index c8489ac0..400b724f 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -1,23 +1,144 @@
package at.gv.egiz.eaaf.core.impl.credential;
+import java.util.Map;
+
+import javax.annotation.Nonnull;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import lombok.Getter;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
@Getter
+@Setter
public class KeyStoreConfiguration {
+ public static final String PROP_CONFIG_KEYSTORE_TYPE =
+ "keystore.type";
+
+ public static final String PROP_CONFIG_HSMFACADE_NAME =
+ "keystore.name";
+
+ public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PATH =
+ "keystore.path";
+ public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD =
+ "keystore.password";
+
+ /**
+ * FriendlyName for this KeyStore. Mainly used for logging.
+ */
private String friendlyName;
+ /**
+ * General type of the KeyStore that should be generated.
+ */
private KeyStoreType keyStoreType;
+ /**
+ * Name of the KeyStore in HSM Facade.
+ */
private String keyStoreName;
- private String keyStoreFilePath;
+ /**
+ * Path to software KeyStore in case of a PKCS12 or JKS KeyStore.
+ */
+ private String softKeyStoreFilePath;
+
+ /**
+ * Password of a software KeyStore in case of a PKCS12 or JKS KeyStore.
+ */
+ private String softKeyStorePassword;
+
+ /**
+ * Build a {@link KeyStoreConfiguration} from a configuration map.
+ *
+ * The configuration parameters defined in this class are used to load the
+ * configuration.
+ *
+ *
+ * @param config Configuration
+ * @param friendlyName FriendlyName for this KeyStore
+ * @return Configuration object for {@link EaafKeyStoreFactory}
+ * @throws EaafConfigurationException In case of a configuration error.
+ */
+ public static KeyStoreConfiguration buildFromConfigurationMap(Map config,
+ String friendlyName) throws EaafConfigurationException {
+
+ final KeyStoreConfiguration internalConfig = new KeyStoreConfiguration();
+ internalConfig.setFriendlyName(friendlyName);
+
+ final KeyStoreType internalKeyStoreType = KeyStoreType.fromString(
+ getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE));
+ if (internalKeyStoreType != null) {
+ internalConfig.setKeyStoreType(internalKeyStoreType);
+
+ } else {
+ log.error("KeyStore: {} sets an unknown KeyStore type: {}",
+ friendlyName, getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE));
+ throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01,
+ new Object[] { friendlyName });
+
+ }
+
+ if (internalKeyStoreType.equals(KeyStoreType.HSMFACADE)) {
+ log.trace("Set-up HSM-Facade KeyStore ... ");
+ internalConfig.setKeyStoreName(
+ getConfigurationParameter(config, PROP_CONFIG_HSMFACADE_NAME));
+
+ } else if (internalKeyStoreType.equals(KeyStoreType.PKCS12)
+ || internalKeyStoreType.equals(KeyStoreType.JKS)) {
+ log.trace("Set-up software KeyStore ... ");
+ internalConfig.setSoftKeyStoreFilePath(
+ getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PATH));
+ internalConfig.setSoftKeyStorePassword(
+ getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD));
+
+ } else {
+ log.info("Configuration of type: {} not supported yet", internalKeyStoreType);
+ throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_02,
+ new Object[] { friendlyName, config.get(PROP_CONFIG_KEYSTORE_TYPE) });
+
+ }
+
+ return internalConfig;
+ }
- private String keyStorePassword;
+ /**
+ * Set the Type of the KeyStore based on String identifier.
+ *
+ * @param keyStoreType String based KeyStore type
+ * @throws EaafConfigurationException In case of an unknown KeyStore type
+ */
+ public void setKeyStoreType(@Nonnull String keyStoreType) throws EaafConfigurationException {
+ final KeyStoreType internalKeyStoreType = KeyStoreType.fromString(keyStoreType);
+ if (internalKeyStoreType != null) {
+ setKeyStoreType(internalKeyStoreType);
+
+ } else {
+ log.error("KeyStore: {} sets an unknown KeyStore type: {}",
+ friendlyName, keyStoreType);
+ throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01,
+ new Object[] { friendlyName });
+ }
+
+ }
+
+ /**
+ * Set the Type of the KeyStore based on String identifier.
+ *
+ * @param type String based KeyStore type
+ */
+ public void setKeyStoreType(@Nonnull KeyStoreType type) {
+ this.keyStoreType = type;
+
+ }
public enum KeyStoreType {
- SOFTWARE("software"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
+ PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
private final String keyStoreType;
@@ -54,6 +175,19 @@ public class KeyStoreConfiguration {
return getKeyStoreType();
}
+ }
+
+ @Nonnull
+ private static String getConfigurationParameter(@Nonnull Map config,
+ @Nonnull String configParamKey)
+ throws EaafConfigurationException {
+ final String configValue = config.get(configParamKey);
+ if (StringUtils.isEmpty(configValue)) {
+ throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_04, new Object[] { configParamKey });
+
+ }
+ return configValue;
}
+
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java
index 8584d63f..67d87b0d 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/support/SecureRandomHolder.java
@@ -23,8 +23,9 @@ import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
/**
- * Holder for a secure random instance following the initialization on demand holder design pattern.
- * The secure random instance is a singleton that is initialized on first usage.
+ * Holder for a secure random instance following the initialization on demand
+ * holder design pattern. The secure random instance is a singleton that is
+ * initialized on first usage.
*
* @author tknall
*
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java
new file mode 100644
index 00000000..5aa5b3b5
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSource.java
@@ -0,0 +1,16 @@
+package at.gv.egiz.eaaf.core.impl.logging;
+
+import java.util.Arrays;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+public class EaafUtilsMessageSource implements IMessageSourceLocation {
+
+ @Override
+ public List getMessageSourceLocation() {
+ return Arrays.asList("classpath:messages/eaaf_utils_message");
+
+ }
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java
index 5715a7b6..0d394d19 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/logging/SimpleStatusMessager.java
@@ -1,11 +1,12 @@
package at.gv.egiz.eaaf.core.impl.logging;
import java.text.MessageFormat;
+
import at.gv.egiz.eaaf.core.api.IStatusMessenger;
/**
- * Simple {@link IStatusMessenger} implementation that formats messages by using.
- * {@link MessageFormat}
+ * Simple {@link IStatusMessenger} implementation that formats messages by
+ * using. {@link MessageFormat}
*
* @author tlenz
*
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java
index 8090585f..ef1f3fdc 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DataUrlBuilder.java
@@ -23,7 +23,8 @@ import org.apache.commons.lang3.StringUtils;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
/**
- * Builds a DataURL parameter meant for the security layer implementation to respond to.
+ * Builds a DataURL parameter meant for the security layer implementation to
+ * respond to.
*
* @author Paul Ivancsics
* @version $Id$
@@ -39,12 +40,13 @@ public class DataUrlBuilder {
/**
* Constructs a data URL for VerifyIdentityLink
or
- * VerifyAuthenticationBlock
, including the MOASessionID
as a parameter.
+ * VerifyAuthenticationBlock
, including the
+ * MOASessionID
as a parameter.
*
- * @param authBaseUrl base URL (context path) of the MOA ID Authentication component, including a
- * trailing '/'
+ * @param authBaseUrl base URL (context path) of the MOA ID Authentication
+ * component, including a trailing '/'
* @param authServletName request part of the data URL
- * @param pendingReqId sessionID to be included in the dataURL
+ * @param pendingReqId sessionID to be included in the dataURL
* @return String
*/
public String buildDataUrl(String authBaseUrl, String authServletName,
@@ -70,10 +72,10 @@ public class DataUrlBuilder {
/**
* Method addParameter.
- *
+ *
* @param urlString represents the url
* @param paramname is the parameter to be added
- * @param value is the value of that parameter
+ * @param value is the value of that parameter
* @return String
*/
private String addParameter(final String urlString, final String paramname, final String value) {
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java
index 943d3dad..7cb551e2 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/FileUtils.java
@@ -17,8 +17,6 @@
* works that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
-
package at.gv.egiz.eaaf.core.impl.utils;
import java.io.BufferedInputStream;
@@ -31,6 +29,7 @@ import java.io.OutputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
+
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -38,7 +37,6 @@ import org.slf4j.LoggerFactory;
public class FileUtils {
private static final Logger log = LoggerFactory.getLogger(FileUtils.class);
-
/**
* Reads a file, given by URL, into a byte array.
*
@@ -72,7 +70,7 @@ public class FileUtils {
/**
* Reads a file from a resource.
*
- * @param name filename
+ * @param name filename
* @param encoding character encoding
* @return file content
* @throws IOException on any exception thrown
@@ -82,11 +80,11 @@ public class FileUtils {
return new String(content, encoding);
}
-
/**
- * Returns the absolute URL of a given url which is relative to the parameter root.
+ * Returns the absolute URL of a given url which is relative to the parameter
+ * root.
*
- * @param url Filepath
+ * @param url Filepath
* @param root configuration root context
* @return absolut filepath
* @throws MalformedURLException In case of a filepath error
@@ -102,9 +100,10 @@ public class FileUtils {
}
/**
- * Returns the absolute URL of a given url which is relative to the parameter root.
+ * Returns the absolute URL of a given url which is relative to the parameter
+ * root.
*
- * @param url Filepath
+ * @param url Filepath
* @param root configuration root context
* @return absolut filepath
*/
@@ -145,7 +144,6 @@ public class FileUtils {
}
}
-
private static void copy(final InputStream fis, final OutputStream fos) {
try {
final byte[] buffer = new byte[0xFFFF];
@@ -161,7 +159,7 @@ public class FileUtils {
/**
* Copy file from source to destination.
*
- * @param src File source
+ * @param src File source
* @param dest file destination
*/
public static void copyFile(final File src, final File dest) {
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
index c60fcd7f..ade0c28d 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpClientFactory.java
@@ -1,18 +1,15 @@
package at.gv.egiz.eaaf.core.impl.utils;
-import java.io.IOException;
-import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
+
import javax.annotation.PostConstruct;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
@@ -38,18 +35,27 @@ import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContexts;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
public class HttpClientFactory implements IHttpClientFactory {
- private static final Logger log = LoggerFactory.getLogger(HttpClientFactory.class);
+
@Autowired(required = true)
private IConfiguration basicConfig;
+
@Autowired(required = true)
ResourceLoader resourceLoader;
+
+ @Autowired private EaafKeyStoreFactory keyStoreFactory;
public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE =
"client.http.connection.pool.use";
@@ -73,6 +79,8 @@ public class HttpClientFactory implements IHttpClientFactory {
"client.auth.ssl.keystore.path";
public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD =
"client.auth.ssl.keystore.password";
+ private static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME =
+ "client.auth.ssl.keystore.name";
public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE =
"client.auth.ssl.keystore.type";
public static final String PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD =
@@ -127,47 +135,6 @@ public class HttpClientFactory implements IHttpClientFactory {
}
- public enum KeyStoreType {
- PKCS12("pkcs12"), JKS("jks");
-
- private final String type;
-
- KeyStoreType(final String type) {
- this.type = type;
- }
-
- /**
- * Get the KeyStore type.
- *
- * @return
- */
- public String getType() {
- return this.type;
- }
-
- /**
- * Get Keystore type from configuration.
- *
- * @param s String representation for keyStore type
- * @return
- */
- public static KeyStoreType fromString(final String s) {
- try {
- return KeyStoreType.valueOf(s.toUpperCase());
-
- } catch (IllegalArgumentException | NullPointerException e) {
- return null;
- }
- }
-
- @Override
- public String toString() {
- return getType();
-
- }
-
- }
-
private HttpClientBuilder httpClientBuilder = null;
/*
@@ -246,7 +213,6 @@ public class HttpClientFactory implements IHttpClientFactory {
// set pool connection if required
injectConnectionPoolIfRequired(sslConnectionFactory);
-
}
private void injectBasicAuthenticationIfRequired(final ClientAuthMode clientAuthMode) {
@@ -286,54 +252,39 @@ public class HttpClientFactory implements IHttpClientFactory {
final String keyPasswordString =
basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEY_PASSWORD);
log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString);
- final char[] keyPassword = (keyPasswordString == null) ? StringUtils.EMPTY.toCharArray()
+ final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray()
: keyPasswordString.toCharArray();
return SSLContexts.custom().loadKeyMaterial(keystore, keyPassword).build();
}
private KeyStore getSslAuthKeyStore() throws EaafConfigurationException {
- final KeyStoreType keyStoreType = KeyStoreType.fromString(basicConfig.getBasicConfiguration(
- PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getType()));
+ final String keyStoreType = basicConfig.getBasicConfiguration(
+ PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_TYPE, KeyStoreType.PKCS12.getKeyStoreType());
final String localKeyStorePath = basicConfig
.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PATH, StringUtils.EMPTY);
final String keyStorePassword = basicConfig
.getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_PASSORD, StringUtils.EMPTY);
+ final String keyStoreName = basicConfig
+ .getBasicConfiguration(PROP_CONFIG_CLIENT_AUTH_SSL_KEYSTORE_NAME, StringUtils.EMPTY);
try {
+ KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(keyStoreType);
+ keyStoreConfig.setFriendlyName("HttpClient Keystore");
+ keyStoreConfig.setSoftKeyStoreFilePath(localKeyStorePath);
+ keyStoreConfig.setSoftKeyStorePassword(keyStorePassword);
+ keyStoreConfig.setKeyStoreName(keyStoreName);
+
log.debug("Open keyStore with type: {}", keyStoreType);
- KeyStore clientStore;
- if (keyStoreType.equals(KeyStoreType.PKCS12)) {
- clientStore = KeyStore.getInstance("pkcs12");
- } else {
- clientStore = KeyStore.getInstance("JKS");
- }
-
-
- log.debug("Read keyStore path: {} from configuration", localKeyStorePath);
- if (StringUtils.isNotEmpty(localKeyStorePath)) {
- final String absFilePath = FileUtils.makeAbsoluteUrl(localKeyStorePath,
- basicConfig.getConfigurationRootDirectory());
- final Resource ressource = resourceLoader.getResource(absFilePath);
- final InputStream is = ressource.getInputStream();
- log.trace("Load keyStore: {} with password: {}", absFilePath, keyStorePassword);
- clientStore.load(is, keyStorePassword.toCharArray());
- is.close();
-
- return clientStore;
-
- } else {
- log.warn("Path to keyStore for SSL Client-Authentication is empty or null");
- throw new EaafConfigurationException(
- "Path to keyStore for SSL Client-Authentication is empty or null", new Object[] {});
-
- }
-
- } catch (final KeyStoreException | NoSuchAlgorithmException | CertificateException
- | IOException e) {
+ KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+
+ return keyStore;
+
+ } catch (final EaafException e) {
log.warn("Can NOT read keyStore: {} from filesystem", localKeyStorePath, null, e);
throw new EaafConfigurationException("Can NOT read keyStore: {} from filesystem",
- new Object[] {localKeyStorePath}, e);
+ new Object[] { localKeyStorePath }, e);
}
@@ -413,9 +364,6 @@ public class HttpClientFactory implements IHttpClientFactory {
}
-
}
-
-
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java
index 1f7601d8..66356ba0 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/HttpUtils.java
@@ -19,18 +19,17 @@
package at.gv.egiz.eaaf.core.impl.utils;
import javax.servlet.http.HttpServletRequest;
-import org.apache.commons.lang3.StringUtils;
-
+import org.apache.commons.lang3.StringUtils;
public class HttpUtils {
-
/**
* Helper method to retrieve server URL including context path.
*
* @param request HttpServletRequest
- * @return Server URL including context path (e.g. http://localhost:8443/moa-id-auth
+ * @return Server URL including context path (e.g.
+ * http://localhost:8443/moa-id-auth
*/
public static String getBaseUrl(final HttpServletRequest request) {
final StringBuffer buffer = new StringBuffer(getServerUrl(request));
@@ -101,8 +100,8 @@ public class HttpUtils {
/**
* Add a http GET parameter to URL.
*
- * @param url URL
- * @param paramname Name of the parameter.
+ * @param url URL
+ * @param paramname Name of the parameter.
* @param paramvalue Value of the parameter.
* @return
*/
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java
index 0dc00573..f922e1ac 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/IHttpClientFactory.java
@@ -5,7 +5,8 @@ import org.apache.http.impl.client.CloseableHttpClient;
public interface IHttpClientFactory {
/**
- * Return an instance of a Apache HTTP client that follows http redirects automatically.
+ * Return an instance of a Apache HTTP client that follows http redirects
+ * automatically.
*
* @return
*/
@@ -14,7 +15,8 @@ public interface IHttpClientFactory {
/**
* Return an instance of a Apache HTTP client.
*
- * @param followRedirects if false
, the client does not flow 30x http redirects
+ * @param followRedirects if false
, the client does not flow 30x
+ * http redirects
* @return
*/
CloseableHttpClient getHttpClient(boolean followRedirects);
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
index 18ddf422..99b87819 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java
@@ -17,8 +17,6 @@
* works that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
-
package at.gv.egiz.eaaf.core.impl.utils;
import java.io.BufferedInputStream;
@@ -50,16 +48,14 @@ public class KeyStoreUtils {
*/
private static final String KEYSTORE_TYPE_PKCS12 = "PKCS12";
-
-
/**
* Loads a key store from file.
*
* @param keystoreType key store type
- * @param urlString URL of key store
- * @param password password protecting the key store
+ * @param urlString URL of key store
+ * @param password password protecting the key store
* @return key store loaded
- * @throws IOException thrown while reading the key store from file
+ * @throws IOException thrown while reading the key store from file
* @throws GeneralSecurityException thrown while creating the key store
*/
public static KeyStore loadKeyStore(final String keystoreType, final String urlString,
@@ -74,10 +70,10 @@ public class KeyStoreUtils {
* Load a KeyStore from Filesystem.
*
* @param keyStorePath Path to KeyStore
- * @param password KeyStore password
+ * @param password KeyStore password
* @return KeyStore
* @throws KeyStoreException In case of a keystore error
- * @throws IOException In case of a general read error
+ * @throws IOException In case of a general read error
*/
public static KeyStore loadKeyStore(final String keyStorePath, final String password)
throws KeyStoreException, IOException {
@@ -89,13 +85,15 @@ public class KeyStoreUtils {
}
/**
- * Loads a key store from an InputStream
, and closes the InputStream
.
+ * Loads a key store from an InputStream
, and closes the
+ * InputStream
.
*
* @param keystoreType key store type
- * @param in input stream
- * @param password password protecting the key store
+ * @param in input stream
+ * @param password password protecting the key store
* @return key store loaded
- * @throws IOException thrown while reading the key store from the stream
+ * @throws IOException thrown while reading the key store from the
+ * stream
* @throws GeneralSecurityException thrown while creating the key store
*/
public static KeyStore loadKeyStore(final String keystoreType, final InputStream in,
@@ -114,11 +112,11 @@ public class KeyStoreUtils {
/**
* Loads a keyStore without knowing the keyStore type.
*
- * @param is input stream
+ * @param is input stream
* @param password Password protecting the keyStore
* @return keyStore loaded
* @throws KeyStoreException thrown if keyStore cannot be loaded
- * @throws IOException In case of a general error
+ * @throws IOException In case of a general error
*/
public static KeyStore loadKeyStore(final InputStream is, final String password)
throws KeyStoreException, IOException {
@@ -140,10 +138,10 @@ public class KeyStoreUtils {
}
/**
- * Creates a key store from X509 certificate files, aliasing them with the index in the
- * String[]
, starting with "0"
.
+ * Creates a key store from X509 certificate files, aliasing them with the index
+ * in the String[]
, starting with "0"
.
*
- * @param keyStoreType key store type
+ * @param keyStoreType key store type
* @param certFilenames certificate filenames
* @return key store created
* @throws Exception In case of an error
@@ -192,6 +190,4 @@ public class KeyStoreUtils {
}
}
-
-
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java
index 929d2994..0c5eeb40 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java
@@ -28,8 +28,10 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
+
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
+
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -49,8 +51,7 @@ public class KeyValueUtils {
public static final String DEFAULT_VALUE = "default";
/**
- * Convert Java properties into a Map String/String.
- *
+ * Convert Java properties into a Map String/String.
* Important: The key/values from properties must be of type String!
*
* @param properties Java {@link Properties} that should be converted
@@ -72,7 +73,7 @@ public class KeyValueUtils {
/**
* Extract the first child of an input key after a the prefix.
*
- * @param key Full input key
+ * @param key Full input key
* @param prefix Prefix
* @return Child key {String} if it exists or null
*/
@@ -82,11 +83,11 @@ public class KeyValueUtils {
final int index = idAfterPrefix.indexOf(KEY_DELIMITER);
if (index > 0) {
final String adding = idAfterPrefix.substring(0, index);
- if (!(adding.isEmpty())) {
+ if (!adding.isEmpty()) {
return adding;
}
- } else if (!(idAfterPrefix.isEmpty())) {
+ } else if (!idAfterPrefix.isEmpty()) {
return idAfterPrefix;
}
@@ -98,9 +99,10 @@ public class KeyValueUtils {
/**
* Extract the prefix from an input key.
*
- * @param key Full input key
+ * @param key Full input key
* @param suffix Suffix of this key
- * @return Prefix {String} of the key or null if input key does not ends with postfix string
+ * @return Prefix {String} of the key or null if input key does not ends with
+ * postfix string
*/
public static String getPrefixFromKey(final String key, final String suffix) {
if (key != null && suffix != null && key.endsWith(suffix)) {
@@ -118,9 +120,10 @@ public class KeyValueUtils {
/**
* Remove a prefix string from a key.
*
- * @param key Full input key
+ * @param key Full input key
* @param prefix Prefix, which should be removed
- * @return The suffix of the input key or null if the input does not starts with the prefix
+ * @return The suffix of the input key or null if the input does not starts with
+ * the prefix
*/
public static String removePrefixFromKey(final String key, String prefix) {
if (prefix == null) {
@@ -145,9 +148,10 @@ public class KeyValueUtils {
/**
* Remove a prefix string from all keys in Map String/String of key/value pairs.
*
- * @param keys Input data of key/value pairs
+ * @param keys Input data of key/value pairs
* @param prefix Prefix which should be removed
- * @return Map String/String of key/value pairs without prefix in key, but never null
+ * @return Map String/String of key/value pairs without prefix in key, but never
+ * null
*/
public static Map removePrefixFromKeys(final Map keys,
final String prefix) {
@@ -165,26 +169,29 @@ public class KeyValueUtils {
}
/**
- * Get a subset of key/value pairs which starts with a prefix string The Prefix is removed from
- * the key.
+ * Get a subset of key/value pairs which starts with a prefix string The Prefix
+ * is removed from the key.
*
- * @param keys Input data of key/value pairs
+ * @param keys Input data of key/value pairs
* @param prefix Prefix string
- * @return Map String/String of key/value pairs without prefix in key, but never null
+ * @return Map String/String of key/value pairs without prefix in key, but never
+ * null
*/
public static Map getSubSetWithPrefix(final Map keys,
final String prefix) {
return removePrefixFromKeys(keys, prefix);
}
-
/**
- * Add a prefix to key/value pairs to make the key absolute according to key namespace convention.
+ * Add a prefix to key/value pairs to make the key absolute according to key
+ * namespace convention.
*
- * @param input Input key/value pairs which should be updated
- * @param prefix Key prefix, which should be added if the key is not absolute
+ * @param input Input key/value pairs which should be updated
+ * @param prefix Key prefix, which should be added if the key is not
+ * absolute
* @param absolutIdentifier Key identifier, which indicates an absolute key
- * @return Map String/String of key/value pairs in which all keys are absolute but never null
+ * @return Map String/String of key/value pairs in which all keys are absolute
+ * but never null
*/
public static Map makeKeysAbsolut(final Map input,
final String prefix, final String absolutIdentifier) {
@@ -225,7 +232,7 @@ public class KeyValueUtils {
/**
* Find the highest free list counter.
*
- * @param input Array of list keys
+ * @param input Array of list keys
* @param listPrefix {String} prefix of the list
* @return {int} highest free list counter
*/
@@ -247,7 +254,7 @@ public class KeyValueUtils {
/**
* Find the highest free list counter.
*
- * @param keySet Set of list keys
+ * @param keySet Set of list keys
* @param listPrefix {String} prefix of the list
* @return {int} highest free list counter
*/
@@ -261,13 +268,12 @@ public class KeyValueUtils {
return findNextFreeListCounter(array, listPrefix);
}
-
/**
* Normalize a CSV encoded list of value of an key/value pair.
*
*
- * This method removes all whitespace at the begin or the end of CSV values and remove newLine
- * signs at the end of value. The ',' is used as list delimiter
+ * This method removes all whitespace at the begin or the end of CSV values and
+ * remove newLine signs at the end of value. The ',' is used as list delimiter
*
*
* @param value CSV encoded input data
@@ -289,7 +295,6 @@ public class KeyValueUtils {
return normalizedCodes;
}
-
/**
* Check a String if it is a comma separated list of values.
*
@@ -298,7 +303,8 @@ public class KeyValueUtils {
*
*
* @param value CSV encoded input data
- * @return true if the input data contains a ',' and has more then 1 list element, otherwise false
+ * @return true if the input data contains a ',' and has more then 1 list
+ * element, otherwise false
*/
public static boolean isCsvValueString(final String value) {
if (StringUtils.isNotEmpty(value)) {
@@ -316,8 +322,8 @@ public class KeyValueUtils {
/**
* Convert a CSV list to a List of CSV values.
*
- * This method removes all whitespace at the begin or the end of CSV values and remove newLine
- * signs at the end of value. The ',' is used as list delimiter
+ * This method removes all whitespace at the begin or the end of CSV values and
+ * remove newLine signs at the end of value. The ',' is used as list delimiter
*
* @param csv CSV encoded input data
* @return List of CSV normalized values, but never null
@@ -338,8 +344,8 @@ public class KeyValueUtils {
/**
* Convert a List of String elements to a Map of Key/Value pairs.
- * Every List element used as a key/value pair and the '=' sign represents the delimiter between
- * key and value
+ * Every List element used as a key/value pair and the '=' sign represents the
+ * delimiter between key and value
*
* @param elements List of key/value elements
* @return Map of Key / Value pairs, but never null
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java
index 755c4431..5d2a11d0 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeIteratorAdapter.java
@@ -17,18 +17,18 @@
* works that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
-
package at.gv.egiz.eaaf.core.impl.utils;
import java.util.ListIterator;
+
import org.w3c.dom.DOMException;
import org.w3c.dom.Node;
import org.w3c.dom.traversal.NodeFilter;
import org.w3c.dom.traversal.NodeIterator;
/**
- * A NodeIterator
implementation based on a ListIterator
.
+ * A NodeIterator
implementation based on a
+ * ListIterator
.
*
* @see java.util.ListIterator
* @see org.w3c.dom.traversal.NodeIterator
@@ -48,31 +48,26 @@ public class NodeIteratorAdapter implements NodeIterator {
this.nodeIterator = nodeIterator;
}
-
@Override
public Node getRoot() {
return null;
}
-
@Override
public int getWhatToShow() {
return NodeFilter.SHOW_ALL;
}
-
@Override
public NodeFilter getFilter() {
return null;
}
-
@Override
public boolean getExpandEntityReferences() {
return false;
}
-
@Override
public Node nextNode() throws DOMException {
if (nodeIterator.hasNext()) {
@@ -81,7 +76,6 @@ public class NodeIteratorAdapter implements NodeIterator {
return null;
}
-
@Override
public Node previousNode() throws DOMException {
if (nodeIterator.hasPrevious()) {
@@ -90,7 +84,6 @@ public class NodeIteratorAdapter implements NodeIterator {
return null;
}
-
@Override
public void detach() {
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java
index a942f75e..83a6725c 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/NodeListAdapter.java
@@ -17,11 +17,10 @@
* works that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
-
package at.gv.egiz.eaaf.core.impl.utils;
import java.util.List;
+
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -45,13 +44,11 @@ public class NodeListAdapter implements NodeList {
this.nodeList = nodeList;
}
-
@Override
public Node item(final int index) {
return (Node) nodeList.get(index);
}
-
@Override
public int getLength() {
return nodeList.size();
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java
index 14d54b0b..aedbbb7f 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/Random.java
@@ -19,7 +19,6 @@
package at.gv.egiz.eaaf.core.impl.utils;
-
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
@@ -27,12 +26,13 @@ import java.security.SecureRandom;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Date;
-import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder;
+
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egiz.eaaf.core.impl.idp.process.support.SecureRandomHolder;
/**
* Random number generator used to generate ID's.
@@ -44,9 +44,9 @@ public class Random {
private static final Logger log = LoggerFactory.getLogger(Random.class);
private static final char[] allowedPreFix =
- {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
+ { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
- 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'};
+ 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z' };
/** random number generator used. */
private static SecureRandom random;
@@ -63,14 +63,14 @@ public class Random {
}
-
// random = iaik.security.random.SHA256FIPS186Random.getDefault();
}
/**
- * Generate a unique process reference-value [160bit], which always starts with a letter
- * This unique ID consists of single letter, a 64bit date String[yyyyddMM], and a 88bit random
- * value.
+ * Generate a unique process reference-value [160bit], which always starts with
+ * a letter
+ * This unique ID consists of single letter, a 64bit date String[yyyyddMM], and
+ * a 88bit random value.
*
* @return 160bit ID, which is hex encoded
*/
@@ -98,12 +98,8 @@ public class Random {
}
-
-
}
-
-
/**
* Creates a new random number [256bit], and encode it as hex value.
*
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
index ee88c4bb..bc770a8c 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java
@@ -8,17 +8,13 @@ import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import java.util.Base64;
+
import javax.annotation.PostConstruct;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
-import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException;
-import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
+
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.joda.time.DurationFieldType;
@@ -30,9 +26,16 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException;
+import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
+
/**
- * PendingRequestId generation strategy based on signed tokens that facilitates extended token
- * validation.
+ * PendingRequestId generation strategy based on signed tokens that facilitates
+ * extended token validation.
*
* @author tlenz
*
@@ -78,7 +81,7 @@ public class SecurePendingRequestIdGenerationStrategy
.encodeToString(externalPendingRequestId.toString().getBytes("UTF-8"));
} catch (final UnsupportedEncodingException e) {
- throw new EaafException("internal.99", new Object[] {e.getMessage()}, e);
+ throw new EaafException("internal.99", new Object[] { e.getMessage() }, e);
}
@@ -131,7 +134,6 @@ public class SecurePendingRequestIdGenerationStrategy
return internalPendingReqId;
-
} catch (final IllegalArgumentException | EaafIllegalStateException e) {
log.warn("Token is NOT a valid String. Msg: {}", e.getMessage());
log.debug("TokenValue: {}", externalPendingReqId);
@@ -177,7 +179,6 @@ public class SecurePendingRequestIdGenerationStrategy
}
-
@PostConstruct
private void initialize() throws EaafConfigurationException {
log.debug("Initializing " + this.getClass().getName() + " ... ");
@@ -186,7 +187,7 @@ public class SecurePendingRequestIdGenerationStrategy
baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET);
if (StringUtils.isEmpty(pendingReqIdDigistSecret)) {
throw new EaafConfigurationException("config.08",
- new Object[] {CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET});
+ new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET });
}
digistAlgorithm = baseConfig.getBasicConfiguration(
@@ -201,11 +202,10 @@ public class SecurePendingRequestIdGenerationStrategy
final KeySpec spec = new PBEKeySpec(pendingReqIdDigistSecret.toCharArray(), salt, 10000, 128);
key = keyFactory.generateSecret(spec);
-
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
log.error("Can NOT initialize TokenService with configuration object", e);
throw new EaafConfigurationException("config.09",
- new Object[] {CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key"},
+ new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key" },
e);
}
@@ -229,7 +229,7 @@ public class SecurePendingRequestIdGenerationStrategy
} catch (UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeyException e) {
log.error("Can NOT generate secure pendingRequestId", e);
throw new EaafIllegalStateException(
- new Object[] {"Can NOT caluclate digist for secure pendingRequestId"}, e);
+ new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e);
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java
index 049f7175..78f0cdec 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SimplePendingRequestIdGenerationStrategy.java
@@ -1,11 +1,13 @@
package at.gv.egiz.eaaf.core.impl.utils;
+import org.apache.commons.lang3.StringUtils;
+
import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy;
import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
-import org.apache.commons.lang3.StringUtils;
/**
- * Simple pendingRequestId generation strategy that facilitates no extended validation.
+ * Simple pendingRequestId generation strategy that facilitates no extended
+ * validation.
*
* @author tlenz
*
@@ -34,8 +36,6 @@ public class SimplePendingRequestIdGenerationStrategy
"PendingRequestId is empty or null");
}
-
-
return externalPendingReqId;
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java
index 795b71f7..22a6de2b 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/StreamUtils.java
@@ -17,8 +17,6 @@
* works that you distribute must include a readable copy of the "NOTICE" text file.
*/
-
-
package at.gv.egiz.eaaf.core.impl.utils;
import java.io.ByteArrayOutputStream;
@@ -39,8 +37,8 @@ public class StreamUtils {
*
* @param is1 The 1st InputStream
to compare.
* @param is2 The 2nd InputStream
to compare.
- * @return boolean true
, if both streams contain the exactly the same content,
- * false
otherwise.
+ * @return boolean true
, if both streams contain the exactly the
+ * same content, false
otherwise.
* @throws IOException An error occurred reading one of the streams.
*/
public static boolean compareStreams(final InputStream is1, final InputStream is2)
@@ -83,10 +81,11 @@ public class StreamUtils {
/**
* Compare two byte arrays, up to a given maximum length.
*
- * @param b1 1st byte array to compare.
- * @param b2 2nd byte array to compare.
+ * @param b1 1st byte array to compare.
+ * @param b2 2nd byte array to compare.
* @param length The maximum number of bytes to compare.
- * @return true
, if the byte arrays are equal, false
otherwise.
+ * @return true
, if the byte arrays are equal, false
+ * otherwise.
*/
private static boolean compareBytes(final byte[] b1, final byte[] b2, final int length) {
if (b1.length != b2.length) {
@@ -115,8 +114,8 @@ public class StreamUtils {
copyStream(in, out, null);
/*
- * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = in.read()) >= 0)
- * out.write(b);
+ * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b =
+ * in.read()) >= 0) out.write(b);
*
*/
in.close();
@@ -126,10 +125,11 @@ public class StreamUtils {
/**
* Reads a String
from a stream, using given encoding.
*
- * @param in The InputStream
to read.
+ * @param in The InputStream
to read.
* @param encoding The character encoding to use for converting the bytes of the
- * InputStream
into a String
.
- * @return The content of the given InputStream
converted into a String
.
+ * InputStream
into a String
.
+ * @return The content of the given InputStream
converted into a
+ * String
.
* @throws IOException on any exception thrown
*/
public static String readStream(final InputStream in, final String encoding) throws IOException {
@@ -137,23 +137,26 @@ public class StreamUtils {
copyStream(in, out, null);
/*
- * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b = in.read()) >= 0)
- * out.write(b);
+ * ByteArrayOutputStream out = new ByteArrayOutputStream(); int b; while ((b =
+ * in.read()) >= 0) out.write(b);
*/
in.close();
return out.toString(encoding);
}
/**
- * Reads all data (until EOF is reached) from the given source to the destination stream. If the
- * destination stream is null, all data is dropped. It uses the given buffer to read data and
- * forward it. If the buffer is null, this method allocates a buffer.
+ * Reads all data (until EOF is reached) from the given source to the
+ * destination stream. If the destination stream is null, all data is dropped.
+ * It uses the given buffer to read data and forward it. If the buffer is null,
+ * this method allocates a buffer.
*
- * @param source The stream providing the data.
- * @param destination The stream that takes the data. If this is null, all data from source will
- * be read and discarded.
- * @param buffer The buffer to use for forwarding. If it is null, the method allocates a buffer.
- * @exception IOException If reading from the source or writing to the destination fails.
+ * @param source The stream providing the data.
+ * @param destination The stream that takes the data. If this is null, all data
+ * from source will be read and discarded.
+ * @param buffer The buffer to use for forwarding. If it is null, the
+ * method allocates a buffer.
+ * @exception IOException If reading from the source or writing to the
+ * destination fails.
*/
private static void copyStream(final InputStream source, final OutputStream destination,
byte[] buffer) throws IOException {
@@ -169,14 +172,15 @@ public class StreamUtils {
while ((bytesRead = source.read(buffer)) >= 0) {
destination.write(buffer, 0, bytesRead);
}
- }
+ }
}
// /**
// * Gets the stack trace of the Throwable
passed in as a string.
// *
// * @param t The Throwable
.
- // * @return a String representing the stack trace of the Throwable
.
+ // * @return a String representing the stack trace of the
+ // Throwable
.
// */
// public static String getStackTraceAsString(final Throwable t) {
// final ByteArrayOutputStream stackTraceBis = new ByteArrayOutputStream();
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
index 3875e587..d8976548 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java
@@ -19,7 +19,6 @@
package at.gv.egiz.eaaf.core.impl.utils;
-
import at.gv.egiz.eaaf.core.api.IRequest;
/**
@@ -37,7 +36,8 @@ public class TransactionIdUtils {
/**
* Set all MDC variables from pending request to this threat context.
- * These includes SessionID, TransactionID, and unique service-provider identifier
+ * These includes SessionID, TransactionID, and unique service-provider
+ * identifier
*
* @param pendingRequest Http request object
*/
@@ -59,7 +59,6 @@ public class TransactionIdUtils {
}
-
public static void setServiceProviderId(final String oaUniqueId) {
org.slf4j.MDC.put(MDC_SERVICEPROVIDER_ID, oaUniqueId);
@@ -90,5 +89,4 @@ public class TransactionIdUtils {
}
-
}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java
index 00a31a13..72c183bf 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java
@@ -8,9 +8,9 @@ import javax.security.auth.x500.X500Principal;
public class X509Utils {
/**
- * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should be the Hostname,
- * the last Element should be the Root Certificate.
- *
+ * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should
+ * be the Hostname, the last Element should be the Root Certificate.
+ *
* @param certs The first element must be the correct one.
* @return sorted Certificate Chain
*/
diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
new file mode 100644
index 00000000..970b8e5a
--- /dev/null
+++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
@@ -0,0 +1,10 @@
+internal.keystore.00=HSM-Facade NOT INITIALIZED. KeyStore:{0} initialization failed
+internal.keystore.01=KeyStore:{0} configuration has an unsupported type in configuration.
+internal.keystore.02=Type:{1} of KeyStore:{0} is NOT SUPPORTED yet.
+internal.keystore.03=HSM-Facade initialization failed with a generic error: {0}
+internal.keystore.04=HSM-Facade has a wrong configuration. Missing property: {0}
+internal.keystore.05=HSM-Facade has a wrong configuration. Property: {0} Reason:{1}
+internal.keystore.06=KeyStore: {0} initialization failed. Reason: {1}
+
+
+
diff --git a/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
new file mode 100644
index 00000000..7568f423
--- /dev/null
+++ b/eaaf_core_utils/src/main/resources/spring/eaaf_utils.beans.xml
@@ -0,0 +1,20 @@
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java
new file mode 100644
index 00000000..f6df60ae
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java
@@ -0,0 +1,36 @@
+package at.gv.egiz.eaaf.core.impl.logging;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml")
+public class EaafUtilsMessageSourceTest {
+
+ @Autowired
+ private ResourceLoader loader;
+ @Autowired(required = false)
+ private IMessageSourceLocation messageSource;
+
+ @Test
+ public void simpleTests() {
+ Assert.assertNotNull("No messageSource", messageSource);
+
+ Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation());
+
+ for (final String el : messageSource.getMessageSourceLocation()) {
+ final Resource messages = loader.getResource(el + ".properties");
+ Assert.assertTrue("Source not exist", messages.exists());
+
+ }
+
+ }
+}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java
index be5d95b1..9c1d0c82 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/JUnitTestStatusMessenger.java
@@ -3,6 +3,7 @@ package at.gv.egiz.eaaf.core.impl.logging;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.Map;
+
import at.gv.egiz.eaaf.core.api.IStatusMessenger;
public class JUnitTestStatusMessenger implements IStatusMessenger {
@@ -48,7 +49,7 @@ public class JUnitTestStatusMessenger implements IStatusMessenger {
* Add a message into Message-Store.
*
* @param msgCode message-code
- * @param msg message
+ * @param msg message
*/
public void addMsg(final String msgCode, final String msg) {
if (!msgStore.containsKey(msgCode)) {
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java
index 258c3210..58788392 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java
@@ -6,14 +6,17 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.BlockJUnit4ClassRunner;
+
import com.google.common.collect.Sets;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
@RunWith(BlockJUnit4ClassRunner.class)
public class KeyValueUtilsTest {
@@ -442,5 +445,4 @@ public class KeyValueUtilsTest {
}
-
}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
new file mode 100644
index 00000000..805000cb
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -0,0 +1,555 @@
+package at.gv.egiz.eaaf.core.test.credentials;
+
+import java.security.KeyStore;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.MethodMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Predicates;
+import com.google.common.base.Throwables;
+import com.google.common.collect.FluentIterable;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
+import io.grpc.StatusRuntimeException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/spring/test_eaaf_pvp_lazy.beans.xml")
+@DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
+public class EaafKeyStoreFactoryTest {
+
+ private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS =
+ "src/test/resources/data/junit_without_trustcerts.jks";
+ private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 =
+ "src/test/resources/data/junit_without_trustcerts.p12";
+ private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/test.crt";
+ private static final String SOFTWARE_KEYSTORE_PASSWORD = "password";
+
+ @Autowired
+ private DummyAuthConfigMap mapConfig;
+ @Autowired
+ private ApplicationContext context;
+
+ /**
+ * jUnit test set-up.
+ */
+ @Before
+ public void testSetup() {
+ mapConfig.clearAllConfig();
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void startWithoutConfigHsmFacadeConfig() {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void buildyStoreWithOutConfig() {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ try {
+ keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+ Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void buildyStoreWithPkcs11() {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS11);
+ try {
+ keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+ Assert.assertEquals("wrong errorCode", "internal.keystore.02", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreWithoutConfig() {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+ try {
+ keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+ Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreWithoutConfigSecond() {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS12);
+ try {
+ keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+ Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreWithoutPassword() {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+ keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
+
+ try {
+ keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+ Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreWithoutPath() {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+ keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+
+
+ try {
+ keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+ Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreWithoutType() throws EaafException {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+ keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
+ keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.assertNotNull("KeyStore is null", keyStore);
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreWithWrongPath() {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+ keyStoreConfig.setSoftKeyStoreFilePath("src/test/resources/notexist.jks");
+ keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+
+
+ try {
+ keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+ Assert.assertEquals("wrong errorCode", "internal.keystore.05", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreWithWrongPassword() {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+ keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
+ keyStoreConfig.setSoftKeyStorePassword("wrong password");
+
+
+ try {
+ keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafFactoryException.class, e, "Wong ExceptionType");
+ Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreSuccessJks() throws EaafException {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+ keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
+ keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+
+
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.assertNotNull("KeyStore is null", keyStore);
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreSuccessPkcs12() throws EaafException {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.PKCS12);
+ keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_PKCS12);
+ keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.assertNotNull("KeyStore is null", keyStore);
+
+ }
+
+ @Test
+ public void hsmFacadeOnlyHostConfig() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ try {
+ context.getBean(EaafKeyStoreFactory.class);
+ Assert.fail("Missing HSM Facade not detected");
+
+ } catch (final BeansException e) {
+ checkMissingConfigException(e);
+
+ }
+ }
+
+ @Test
+ public void hsmFacadeMissingPort() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+ RandomStringUtils.randomAlphanumeric(10));
+
+ try {
+ context.getBean(EaafKeyStoreFactory.class);
+ Assert.fail("Missing HSM Facade not detected");
+
+ } catch (final BeansException e) {
+ checkMissingConfigException(e);
+
+ }
+ }
+
+ @Test
+ public void hsmFacadeMissingUsername() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+ RandomStringUtils.randomAlphanumeric(10));
+
+ try {
+ context.getBean(EaafKeyStoreFactory.class);
+ Assert.fail("Missing HSM Facade not detected");
+
+ } catch (final BeansException e) {
+ checkMissingConfigException(e);
+
+ }
+ }
+
+ @Test
+ public void hsmFacadeMissingPassword() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+ RandomStringUtils.randomAlphanumeric(10));
+
+ try {
+ context.getBean(EaafKeyStoreFactory.class);
+ Assert.fail("Missing HSM Facade not detected");
+
+ } catch (final BeansException e) {
+ checkMissingConfigException(e);
+
+ }
+ }
+
+ @Test
+ public void hsmFacadeMissingKeyStoreName() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomAlphanumeric(10));
+
+ try {
+ context.getBean(EaafKeyStoreFactory.class);
+ Assert.fail("Missing HSM Facade not detected");
+
+ } catch (final BeansException e) {
+ checkMissingConfigException(e);
+
+ }
+ }
+
+ @Test
+ public void hsmFacadeMissingTrustedCertificate() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+ RandomStringUtils.randomAlphanumeric(10));
+
+ try {
+ context.getBean(EaafKeyStoreFactory.class);
+ Assert.fail("Missing HSM Facade not detected");
+
+ } catch (final BeansException e) {
+ checkMissingConfigException(e);
+
+ }
+ }
+
+ @Test
+ public void hsmFacadeMissingTrustedCertificateFile() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ "src/test/resources/data/notexist.crt");
+
+ try {
+ context.getBean(EaafKeyStoreFactory.class);
+ Assert.fail("Missing HSM Facade not detected");
+
+ } catch (final BeansException e) {
+ checkMissingConfigException(e, "internal.keystore.05");
+
+ }
+ }
+
+ @Test
+ public void hsmFacadeMissingWrongTrustedCertificate() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ "src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml");
+
+ try {
+ context.getBean(EaafKeyStoreFactory.class);
+ Assert.fail("Missing HSM Facade not detected");
+
+ } catch (final BeansException e) {
+ checkMissingConfigException(e, "internal.keystore.05");
+
+ }
+ }
+
+ @Test
+ @DirtiesContext
+ public void hsmFacadeInitialized() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ PATH_TO_HSM_FACADE_TRUST_CERT);
+
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void hsmFacadeKeyStoreNoKeyStoreName() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ PATH_TO_HSM_FACADE_TRUST_CERT);
+
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
+
+ try {
+ keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType");
+ Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId());
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void hsmFacadeKeyStoreSuccess() throws EaafException {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ PATH_TO_HSM_FACADE_TRUST_CERT);
+
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
+ keyStoreConfig.setKeyStoreName("testkeyStore");
+
+ try {
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.assertNotNull("KeyStore is null", keyStore);
+
+ } catch (final StatusRuntimeException e) {
+ // because there is no mockup of HSM facade available
+ // Assert.assertTrue("Wrong exception", e.getMessage().contains("io
+ // exception"));
+
+ }
+
+ }
+
+ private void checkMissingConfigException(Exception e) {
+ checkMissingConfigException(e, "internal.keystore.04");
+
+ }
+
+ private void checkMissingConfigException(Exception e, String errorCode) {
+ final Optional eaafException = FluentIterable.from(
+ Throwables.getCausalChain(e)).filter(
+ Predicates.instanceOf(EaafConfigurationException.class)).first();
+ Assert.assertTrue("Wrong exception", eaafException.isPresent());
+ Assert.assertEquals("Wrong errorCode",
+ errorCode, ((EaafException) eaafException.get()).getErrorId());
+
+ }
+
+}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java
new file mode 100644
index 00000000..8cb81107
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyStoreConfigurationTest.java
@@ -0,0 +1,190 @@
+package at.gv.egiz.eaaf.core.test.credentials;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class KeyStoreConfigurationTest {
+
+ private Map config;
+
+ @Before
+ public void testSetup() {
+ config = new HashMap<>();
+
+ }
+
+ @Test
+ public void emptyConfigMap() {
+ try {
+ KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafConfigurationException e) {
+ Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void emptyKeyStoreType() {
+ try {
+ config.put("keystore.type", "");
+
+ KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafConfigurationException e) {
+ Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void unknownKeyStoreType() {
+ try {
+ config.put("keystore.type", "test");
+
+ KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafConfigurationException e) {
+ Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void pkcs11KeyStoreType() throws EaafConfigurationException {
+ config.put("keystore.type", "pkcs11");
+ try {
+ final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config,
+ "jUnitTest");
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafConfigurationException e) {
+ Assert.assertEquals("wrong errorCode", "internal.keystore.02", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void hsmFacadeKeyStoreTypeMissingName() {
+ try {
+ config.put("keystore.type", "hsmfacade");
+
+ KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafConfigurationException e) {
+ Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void hsmFacadeKeyStoreTypeSucces() throws EaafConfigurationException {
+ final String keyStoreName = RandomStringUtils.randomAlphabetic(5);
+ config.put("keystore.type", "hsmfacade");
+ config.put("keystore.name", keyStoreName);
+
+ final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config,
+ "jUnitTest");
+
+ Assert.assertNotNull("KeyStore config object", keyStoreConfig);
+ Assert.assertEquals("Wrong Type", KeyStoreType.HSMFACADE, keyStoreConfig.getKeyStoreType());
+ Assert.assertEquals("Wrong KeyStoreName", keyStoreName, keyStoreConfig.getKeyStoreName());
+
+ }
+
+ @Test
+ public void softwareKeyStoreTypeMissingPath() {
+ try {
+ final String keyStorePass = RandomStringUtils.randomAlphabetic(5);
+ config.put("keystore.type", "software");
+ config.put("keystore.password", keyStorePass);
+ config.put("keystore.type", "jks");
+
+ KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafConfigurationException e) {
+ Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void softwareKeyStoreTypeMissingPassword() {
+ try {
+ final String keyStorePath = RandomStringUtils.randomAlphabetic(5);
+ config.put("keystore.type", "software");
+ config.put("keystore.software.path", keyStorePath);
+ config.put("keystore.type", "jks");
+
+ KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafConfigurationException e) {
+ Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void softwareKeyStoreTypeUnknownType() {
+ try {
+ final String keyStorePath = RandomStringUtils.randomAlphabetic(5);
+ final String keyStorePass = RandomStringUtils.randomAlphabetic(5);
+ config.put("keystore.path", keyStorePath);
+ config.put("keystore.password", keyStorePass);
+ config.put("keystore.type", RandomStringUtils.randomAlphabetic(4));
+
+ KeyStoreConfiguration.buildFromConfigurationMap(config, "jUnitTest");
+ Assert.fail("Wrong config not detected");
+
+ } catch (final EaafConfigurationException e) {
+ Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId());
+ }
+ }
+
+ @Test
+ public void softwareKeyStoreTypeSuccesJks() throws EaafConfigurationException {
+ final String keyStorePath = RandomStringUtils.randomAlphabetic(5);
+ final String keyStorePass = RandomStringUtils.randomAlphabetic(5);
+ config.put("keystore.type", "jks");
+ config.put("keystore.path", keyStorePath);
+ config.put("keystore.password", keyStorePass);
+
+ final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config,
+ "jUnitTest");
+
+ Assert.assertNotNull("KeyStore config object", keyStoreConfig);
+ Assert.assertEquals("Wrong Type", KeyStoreType.JKS, keyStoreConfig.getKeyStoreType());
+ Assert.assertEquals("Wrong KeyStoreName", keyStorePath, keyStoreConfig.getSoftKeyStoreFilePath());
+ Assert.assertEquals("Wrong KeyStoreName", keyStorePass, keyStoreConfig.getSoftKeyStorePassword());
+
+ }
+
+ @Test
+ public void softwareKeyStoreTypeSuccesPkcs12() throws EaafConfigurationException {
+ final String keyStorePath = RandomStringUtils.randomAlphabetic(5);
+ final String keyStorePass = RandomStringUtils.randomAlphabetic(5);
+ config.put("keystore.type", "pkcs12");
+ config.put("keystore.path", keyStorePath);
+ config.put("keystore.password", keyStorePass);
+
+ final KeyStoreConfiguration keyStoreConfig = KeyStoreConfiguration.buildFromConfigurationMap(config,
+ "jUnitTest");
+
+ Assert.assertNotNull("KeyStore config object", keyStoreConfig);
+ Assert.assertEquals("Wrong Type", KeyStoreType.PKCS12, keyStoreConfig.getKeyStoreType());
+ Assert.assertEquals("Wrong KeyStoreName", keyStorePath, keyStoreConfig.getSoftKeyStoreFilePath());
+ Assert.assertEquals("Wrong KeyStoreName", keyStorePass, keyStoreConfig.getSoftKeyStorePassword());
+
+ }
+}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java
new file mode 100644
index 00000000..bf1dfd03
--- /dev/null
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java
@@ -0,0 +1,142 @@
+package at.gv.egiz.eaaf.core.test.dummy;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+ private Map config = new HashMap<>();
+
+ /**
+ * Creates an emptry configuration.
+ *
+ */
+ public DummyAuthConfigMap() {
+
+ }
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param configIs Property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(configIs);
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param path Path to property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final String path) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(this.getClass().getResourceAsStream(path));
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+ @Override
+ public String getBasicConfiguration(final String key) {
+ return config.get(key);
+
+ }
+
+ @Override
+ public String getBasicConfiguration(final String key, final String defaultValue) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return defaultValue;
+ } else {
+ return value;
+ }
+
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(final String key) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return false;
+ } else {
+ return Boolean.valueOf(value);
+ }
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+ return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+ }
+
+ @Override
+ public Map getBasicConfigurationWithPrefix(final String prefix) {
+ return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+ }
+
+ @Override
+ public ISpConfiguration getServiceProviderConfiguration(final String uniqueID)
+ throws EaafConfigurationException {
+ return null;
+ }
+
+ @Override
+ public T getServiceProviderConfiguration(final String spIdentifier, final Class decorator)
+ throws EaafConfigurationException {
+ return null;
+ }
+
+ @Override
+ public URI getConfigurationRootDirectory() {
+ return new java.io.File(".").toURI();
+
+ }
+
+ @Override
+ public String validateIdpUrl(final URL authReqUrl) throws EaafException {
+ return null;
+ }
+
+ public void putConfigValue(final String key, final String value) {
+ config.put(key, value);
+ }
+
+ public void removeConfigValue(final String key) {
+ config.remove(key);
+
+ }
+
+ public void clearAllConfig() {
+ config.clear();
+ }
+
+}
diff --git a/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.jks b/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.jks
new file mode 100644
index 00000000..b5262cb8
Binary files /dev/null and b/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.jks differ
diff --git a/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.p12 b/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.p12
new file mode 100644
index 00000000..c3fe2681
Binary files /dev/null and b/eaaf_core_utils/src/test/resources/data/junit_without_trustcerts.p12 differ
diff --git a/eaaf_core_utils/src/test/resources/data/test.crt b/eaaf_core_utils/src/test/resources/data/test.crt
new file mode 100644
index 00000000..76c18361
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/data/test.crt
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIIEXDCCA0SgAwIBAgIEY4Qn3zANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCQVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEmMCQGA1UECwwdYS1zaWduLVRlc3QtUHJlbWl1bS1Nb2JpbGUtMDUxJjAkBgNVBAMMHWEtc2lnbi1UZXN0LVByZW1pdW0tTW9iaWxlLTA1MB4XDTE5MTIxMzEzNDg0N1oXDTI0MTIxMzEzNDg0N1owYDELMAkGA1UEBhMCQVQxFzAVBgNVBAMMDk1heCBNdXN0ZXJtYW5uMRMwEQYDVQQEDApNdXN0ZXJtYW5uMQwwCgYDVQQqDANNYXgxFTATBgNVBAUTDDgxNjkyMjY1ODM0ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAUAVvbow4O/DMA5ZZoPHQXe0rtf86lvH8GLM/Crz1vvRYyQ5D4ESYRFy+s3zHdLqhE4l8I95i9jz2qTvof46mqjggGfMIIBmzCBggYIKwYBBQUHAQEEdjB0MEkGCCsGAQUFBzAChj1odHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXRlc3QtcHJlbWl1bS1tb2JpbGUtMDUuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5hLXRydXN0LmF0L29jc3AwEwYDVR0jBAwwCoAITuhoD/7N29AwEQYDVR0OBAoECEyqhgBwLul2MA4GA1UdDwEB/wQEAwIGwDAJBgNVHRMEAjAAMIGGBgNVHSAEfzB9MHsGBiooABEBBDBxMDgGCCsGAQUFBwICMCwaKkRpZXNlcyBaZXJ0aWZpa2F0IGRpZW50IG51ciB6dSBUZXN0endlY2tlbjA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVRFU1QwSAYDVR0fBEEwPzA9oDugOYY3aHR0cDovL2NybC5hLXRydXN0LmF0L2NybC9hLXNpZ24tdGVzdC1wcmVtaXVtLW1vYmlsZS0wNTANBgkqhkiG9w0BAQsFAAOCAQEATD4ZnrEV+xeT7PFI/idqHdElLZ1BVUO9G9qfQQn4oKNCWWHxMo/ZXSlvsOtTjFezCQFkcFO1eJtXNHCyqfr69jorzhZcicscNRMrDlJoB/sJr0l/Ekjlt/dgRaTuZ7NzWE/oTefI3M3xkkLd0ydAMrhrZx+9f82VE3k63I1fmT90kQ8PfDzAMMRmlwbZDA+2TB8iF7SQkOOL6H1j2L9qrhjlG2ekU4cyx6KMkRjLLbr1JVgS07qOzUkeQPR2KTJcWWR+/NQZWDKdOz97eVOulxeI+Y3y96arraGM7lIbV9ZrpkbUn/IxQ9TQTE5X02EipgnZdR7bZrwJ7hJ27vwnfQ==
+-----END CERTIFICATE-----
diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml
new file mode 100644
index 00000000..210b88be
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml
@@ -0,0 +1,23 @@
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml
new file mode 100644
index 00000000..402e07f9
--- /dev/null
+++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml
@@ -0,0 +1,19 @@
+
+
+
+
+
+
+
+
+
\ No newline at end of file
--
cgit v1.2.3
From c4e1a45e7958cab402d83f6f4ae208df1bb2ab58 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 14 Feb 2020 15:22:13 +0100
Subject: add common-code for KeyStore and Credential handling
---
.../core/exception/EaafKeyAccessException.java | 22 +++
.../core/impl/credential/EaafKeyStoreFactory.java | 1 +
.../core/impl/credential/EaafKeyStoreUtils.java | 147 +++++++++++++++++++++
.../impl/credential/KeyStoreConfiguration.java | 41 +++++-
.../messages/eaaf_utils_message.properties | 4 +-
.../test/credentials/EaafKeyStoreFactoryTest.java | 81 ++++++++++++
eaaf_core_utils/src/test/resources/data/junit.jks | Bin 0 -> 3980 bytes
7 files changed, 290 insertions(+), 6 deletions(-)
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/exception/EaafKeyAccessException.java
create mode 100644 eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreUtils.java
create mode 100644 eaaf_core_utils/src/test/resources/data/junit.jks
(limited to 'eaaf_core_utils/src')
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/exception/EaafKeyAccessException.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/exception/EaafKeyAccessException.java
new file mode 100644
index 00000000..f9abd6d9
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/exception/EaafKeyAccessException.java
@@ -0,0 +1,22 @@
+package at.gv.egiz.eaaf.core.exception;
+
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+public class EaafKeyAccessException extends EaafException {
+
+ private static final long serialVersionUID = -2641273589744430903L;
+
+ public static final String ERROR_CODE_08 = "internal.keystore.08";
+ public static final String ERROR_CODE_09 = "internal.keystore.09";
+
+ public EaafKeyAccessException(String errorCode, String... params) {
+ super(errorCode, new Object[] {params});
+
+ }
+
+ public EaafKeyAccessException(String errorCode, Throwable e, String... params) {
+ super(errorCode, new Object[] {params}, e);
+
+ }
+
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index f13013f5..5e6ca34b 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -48,6 +48,7 @@ public class EaafKeyStoreFactory {
public static final String ERRORCODE_04 = "internal.keystore.04";
public static final String ERRORCODE_05 = "internal.keystore.05";
public static final String ERRORCODE_06 = "internal.keystore.06";
+ public static final String ERRORCODE_07 = "internal.keystore.07";
private static final String HSM_FACADE_PROVIDER = "HsmFacade";
private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore";
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreUtils.java
new file mode 100644
index 00000000..b4b44724
--- /dev/null
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreUtils.java
@@ -0,0 +1,147 @@
+package at.gv.egiz.eaaf.core.impl.credential;
+
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.List;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class EaafKeyStoreUtils {
+ private static final String ERROR_MSG_REASON = "Maybe 'Alias' is not valid";
+ private static final String ERROR_MSG_1 = "Can NOT access key: {} in KeyStore: {}. Reason: {}";
+ private static final String ERROR_MSG_2 = "Key: {} will be NOT available";
+
+ /**
+ * Read all certificates from a {@link KeyStore}.
+ *
+ * @param keyStore KeyStore with certificates
+ * @return {@link List} of {@link X509Certificate}, but never null
+ * @throws KeyStoreException In case of an error during KeyStore operations
+ */
+ @Nonnull
+ public static List readCertsFromKeyStore(@Nonnull final KeyStore keyStore) throws KeyStoreException {
+ final List result = new ArrayList<>();
+
+ final Enumeration aliases = keyStore.aliases();
+ while (aliases.hasMoreElements()) {
+ final String el = aliases.nextElement();
+ log.trace("Process TrustStoreEntry: " + el);
+ if (keyStore.isCertificateEntry(el)) {
+ final Certificate cert = keyStore.getCertificate(el);
+ if (cert != null && cert instanceof X509Certificate) {
+ result.add((X509Certificate) cert);
+ } else {
+ log.info("Can not process entry: {}. Reason: {}", el, cert != null ? cert.getType() : "cert is null");
+ }
+
+ }
+ }
+
+ return Collections.unmodifiableList(result);
+ }
+
+ /**
+ * Get a specific private Key and the corresponding certificate from a {@link KeyStore}.
+ *
+ * @param keyStore KeyStore with certificates
+ * @param keyAlias Alias of the entry
+ * @param keyPassword Password to access the Key
+ * @param isRequired if true, the method throw an {@link EaafKeyAccessException}
+ * if the key is not available or invalid
+ * @param friendlyName Name of the KeyStore for logging purposes
+ * @return A {@link Pair} of {@link Key} and {@link X509Certificate} for this alias,
+ * or maybe null if isRequired was false
+ * @throws EaafKeyAccessException In case of an error during KeyStore operations
+ */
+ @Nullable
+ public static Pair getPrivateKeyAndCertificates(@Nonnull KeyStore keyStore,
+ @Nonnull String keyAlias, @Nullable char[] keyPassword, boolean isRequired, @Nonnull String friendlyName)
+ throws EaafKeyAccessException {
+ try {
+ Key privKey = keyStore.getKey(keyAlias, keyPassword);
+ if (privKey != null) {
+ final Certificate[] certChainSigning = keyStore.getCertificateChain(keyAlias);
+ X509Certificate[] certChain = new X509Certificate[certChainSigning.length];
+
+ for (int i = 0; i < certChainSigning.length; i++) {
+ if (certChainSigning[i] instanceof X509Certificate) {
+ certChain[i] = (X509Certificate) certChainSigning[i];
+ } else {
+ log.warn("NO X509 certificate for signing: " + certChainSigning[i].getType());
+ }
+
+ }
+
+ Pair keyResult = Pair.newInstance(privKey, certChain);
+ validateKeyResult(keyResult, friendlyName, keyAlias);
+ return keyResult;
+
+ } else {
+ if (isRequired) {
+ log.warn(ERROR_MSG_1,
+ keyAlias, friendlyName, ERROR_MSG_REASON);
+ throw new EaafKeyAccessException(EaafKeyAccessException.ERROR_CODE_09,
+ friendlyName, keyAlias, ERROR_MSG_REASON);
+
+ } else {
+ log.info(ERROR_MSG_1,
+ keyAlias, friendlyName, ERROR_MSG_REASON);
+ log.info(ERROR_MSG_2, keyAlias);
+
+ }
+ }
+
+ } catch (KeyStoreException | UnrecoverableKeyException | NoSuchAlgorithmException e) {
+ if (isRequired) {
+ log.warn(ERROR_MSG_1,
+ keyAlias, friendlyName, e.getMessage());
+ throw new EaafKeyAccessException(
+ EaafKeyAccessException.ERROR_CODE_09, e, friendlyName, keyAlias, e.getMessage());
+
+ } else {
+ log.info(ERROR_MSG_1,
+ keyAlias, friendlyName, e.getMessage());
+ log.info(ERROR_MSG_2, keyAlias);
+
+ }
+ }
+
+ return null;
+
+ }
+
+ private static void validateKeyResult(Pair keyResult,
+ String friendlyName, String keyAlias) throws EaafKeyAccessException {
+ // some short validation
+ if (!(keyResult.getFirst() instanceof PrivateKey)) {
+ log.info("PrivateKey: {} in KeyStore: {} is of wrong type", keyAlias, friendlyName);
+ throw new EaafKeyAccessException(
+ EaafKeyAccessException.ERROR_CODE_09,
+ friendlyName, keyAlias, "Wrong PrivateKey type ");
+
+ }
+
+ if (keyResult.getSecond() == null || keyResult.getSecond().length == 0) {
+ log.info("NO certificate for Key: {} in KeyStore: {}", keyAlias, friendlyName);
+ throw new EaafKeyAccessException(
+ EaafKeyAccessException.ERROR_CODE_09,
+ friendlyName, keyAlias, "NO certificate for PrivateKey");
+
+ }
+ }
+}
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
index 400b724f..6dbbba3e 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java
@@ -137,6 +137,31 @@ public class KeyStoreConfiguration {
}
+ /**
+ * Validate the internal state of this configuration object.
+ *
+ * @throws EaafConfigurationException In case of a configuration error
+ */
+ public void validate() throws EaafConfigurationException {
+ if (KeyStoreType.HSMFACADE.equals(keyStoreType)) {
+ log.trace("Validate HSM-Facade KeyStore ... ");
+ checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07,
+ friendlyName, "Missing 'KeyName' for HSM-Facade");
+
+ } else if (KeyStoreType.PKCS12.equals(keyStoreType)
+ || KeyStoreType.JKS.equals(keyStoreType)) {
+ log.trace("Validate software KeyStore ... ");
+ checkConfigurationValue(softKeyStoreFilePath, EaafKeyStoreFactory.ERRORCODE_07,
+ friendlyName, "Missing 'KeyPath' for software keystore");
+ checkConfigurationValue(softKeyStorePassword, EaafKeyStoreFactory.ERRORCODE_07,
+ friendlyName, "Missing 'KeyPassword' for software keystore");
+
+ } else {
+ log.info("Validation of type: {} not supported yet", keyStoreType);
+
+ }
+ }
+
public enum KeyStoreType {
PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
@@ -182,12 +207,18 @@ public class KeyStoreConfiguration {
@Nonnull String configParamKey)
throws EaafConfigurationException {
final String configValue = config.get(configParamKey);
- if (StringUtils.isEmpty(configValue)) {
- throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_04, new Object[] { configParamKey });
-
- }
-
+ checkConfigurationValue(configValue, EaafKeyStoreFactory.ERRORCODE_04, configParamKey);
return configValue;
+
}
+ private static void checkConfigurationValue(String configValue, String errorCode, String... params)
+ throws EaafConfigurationException {
+ if (StringUtils.isEmpty(configValue)) {
+ throw new EaafConfigurationException(errorCode,
+ new Object[] { params});
+
+ }
+
+ }
}
diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
index 970b8e5a..2d9a863a 100644
--- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
+++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties
@@ -5,6 +5,8 @@ internal.keystore.03=HSM-Facade initialization failed with a generic error: {0}
internal.keystore.04=HSM-Facade has a wrong configuration. Missing property: {0}
internal.keystore.05=HSM-Facade has a wrong configuration. Property: {0} Reason:{1}
internal.keystore.06=KeyStore: {0} initialization failed. Reason: {1}
-
+internal.keystore.07=Validation of KeyStore: {0} failed. Reason: {1}
+internal.keystore.08=Can not access Key: {1} in KeyStore: {0}
+internal.keystore.09=Can not access Key: {1} in KeyStore: {0} Reason: {2}
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index 805000cb..c47805e8 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -1,6 +1,10 @@
package at.gv.egiz.eaaf.core.test.credentials;
+import java.security.Key;
import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.cert.X509Certificate;
+import java.util.List;
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
@@ -20,12 +24,15 @@ import com.google.common.base.Predicates;
import com.google.common.base.Throwables;
import com.google.common.collect.FluentIterable;
+import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap;
import io.grpc.StatusRuntimeException;
@@ -34,6 +41,8 @@ import io.grpc.StatusRuntimeException;
@DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
public class EaafKeyStoreFactoryTest {
+ private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS =
+ "src/test/resources/data/junit.jks";
private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS =
"src/test/resources/data/junit_without_trustcerts.jks";
private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 =
@@ -254,10 +263,78 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS);
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+ keyStoreConfig.validate();
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
+ }
+
+ @Test
+ @DirtiesContext
+ public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException {
+ final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+ Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+
+ final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
+ keyStoreConfig.setKeyStoreType(KeyStoreType.JKS);
+ keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS);
+ keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+
+ keyStoreConfig.validate();
+
+ final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
+ Assert.assertNotNull("KeyStore is null", keyStore);
+
+ //read trusted certs
+ List trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore);
+ Assert.assertNotNull("Trusted certs", trustedCerts);
+ Assert.assertEquals("Trusted certs size", 2, trustedCerts.size());
+
+ //read priv. key
+ Pair privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore, "meta", "password".toCharArray(), true, "jUnit test");
+ Assert.assertNotNull("Credential 1", privCred1);
+ Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst());
+ Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond());
+
+ //read priv. key
+ Pair privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore, "sig", "password".toCharArray(), true, "jUnit test");
+ Assert.assertNotNull("Credential 2", privCred2);
+ Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst());
+ Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond());
+
+
+ //read priv. key
+ Pair privCred3 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore, "notexist", "password".toCharArray(), false, "jUnit test");
+ Assert.assertNull("Credential 3", privCred3);
+
+ //read priv. key
+ Pair privCred4 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore, "meta", "wrong".toCharArray(), false, "jUnit test");
+ Assert.assertNull("Credential 3", privCred4);
+
+ try {
+ EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore, "meta", "wrong".toCharArray(), true, "jUnit test");
+ Assert.fail("Wrong password not detected");
+
+ } catch (EaafKeyAccessException e) {
+ Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
+ }
+
+ try {
+ EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore, "wrong", "password".toCharArray(), true, "jUnit test");
+ Assert.fail("Wrong alias not detected");
+
+ } catch (EaafKeyAccessException e) {
+ Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
+ }
+
+
}
@Test
@@ -271,6 +348,8 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setSoftKeyStoreFilePath(PATH_TO_SOFTWARE_KEYSTORE_PKCS12);
keyStoreConfig.setSoftKeyStorePassword(SOFTWARE_KEYSTORE_PASSWORD);
+ keyStoreConfig.validate();
+
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
@@ -524,6 +603,8 @@ public class EaafKeyStoreFactoryTest {
keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
keyStoreConfig.setKeyStoreName("testkeyStore");
+ keyStoreConfig.validate();
+
try {
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
diff --git a/eaaf_core_utils/src/test/resources/data/junit.jks b/eaaf_core_utils/src/test/resources/data/junit.jks
new file mode 100644
index 00000000..59e6ad13
Binary files /dev/null and b/eaaf_core_utils/src/test/resources/data/junit.jks differ
--
cgit v1.2.3