From 495403c917a39fdeb3906f10ac8b997f68eb3875 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Mon, 28 Dec 2020 15:51:42 +0100
Subject: update to HSM-Facade v0.6.0 and add HealthCheck functionality

---
 eaaf_core_utils/pom.xml                            |  2 +-
 .../core/impl/credential/EaafKeyStoreFactory.java  | 43 +++++++++++++++++++++-
 .../test/credentials/EaafKeyStoreFactoryTest.java  | 34 ++++++++++++++++-
 3 files changed, 76 insertions(+), 3 deletions(-)

(limited to 'eaaf_core_utils')

diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index c7cefa8d..0afd56d0 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -45,7 +45,7 @@
       <groupId>at.asitplus.hsmfacade</groupId>
       <artifactId>provider</artifactId>
       <scope>provided</scope>
-    </dependency> 
+    </dependency>  
     <dependency>
       <groupId>io.grpc</groupId>
       <artifactId>grpc-core</artifactId>
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 1c6e6e76..63ad3d98 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -72,11 +72,14 @@ public class EaafKeyStoreFactory {
   private static final String HSM_FACADE_PROVIDER_METHOD_CONSTRUCT = "getInstance";
   private static final String HSM_FACADE_PROVIDER_METHOD_INIT = "init";
   private static final String HSM_FACADE_PROVIDER_METHOD_ISINITIALIZED = "isInitialized";
+  private static final String HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK = "healthcheck";  
   private static final String HSM_FACADE_PROVIDER_INIT_ERROR_MSG
       = "Has HSM-Facade class supported '{}' method: {}";
   private static final String HSM_FACADE_PROVIDER = "HsmFacade";
   private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore";
 
+  public enum HsmFacadeStatus { UP, DOWN, UNKNOWN }
+  
   @Autowired
   private IConfiguration basicConfig;
   @Autowired
@@ -171,6 +174,44 @@ public class EaafKeyStoreFactory {
     return isHsmFacadeInitialized;
 
   }
+  
+  /**
+   * Get the current status for HSM-Facade interaction.
+   * 
+   * @return {@link HsmFacadeStatus} to indicate the current status.
+   */
+  public HsmFacadeStatus checkHsmFacadeStatus() {
+    if (isHsmFacadeInitialized()) {
+      final Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER);
+      if (alreadyLoadedProvider != null) {
+        try {
+          final Method healthCheck =
+              alreadyLoadedProvider.getClass().getMethod(HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK, new Class[]{});
+          boolean currentHealthStatus = (boolean) healthCheck.invoke(alreadyLoadedProvider);         
+          HsmFacadeStatus status = currentHealthStatus ? HsmFacadeStatus.UP : HsmFacadeStatus.DOWN;
+          log.trace("Current HSM-Facade status is: ", status);          
+          return status;
+
+        } catch (final Exception e) {
+          log.info("Can not determine state of alreay loaded HSM Facade: {} because HealthCheck not support", 
+              alreadyLoadedProvider.getVersion());
+          log.debug("Full HSM-Facade health-check exception", e);
+          return HsmFacadeStatus.UNKNOWN;
+          
+        }
+        
+      } else {
+        log.warn("HSM-Facade is marked as 'initialized', but not load as Security-Provider");
+        return HsmFacadeStatus.DOWN;        
+      }
+            
+    } else {
+      log.trace("HSM-Facade is not initialized. Set status do 'unknown'");
+      return HsmFacadeStatus.UNKNOWN;
+      
+    }        
+  }
+  
 
   @PostConstruct
   private void initialize() throws EaafException {
@@ -354,7 +395,7 @@ public class EaafKeyStoreFactory {
   private Pair<KeyStore, Provider> getKeyStoreFromHsmFacade(String keyStoreName, String friendlyName)
       throws EaafFactoryException, EaafConfigurationException {
     final String validatedKeyStoreName = checkConfigurationParameter(keyStoreName,
-        ERRORCODE_06, friendlyName, "KeyStoreName missing for HSM Facade");
+        ERRORCODE_06, friendlyName, "KeyStoreName missing for HSM Fac)ade");
 
     try {
       final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER);
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index 6d1b63d7..24fb271f 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -288,6 +288,9 @@ public class EaafKeyStoreFactoryTest {
     Assert.assertNotNull("KeyStore is null", keyStore.getFirst());
     Assert.assertNull("KeyStore is null", keyStore.getSecond());
 
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UNKNOWN, 
+        keyStoreFactory.checkHsmFacadeStatus());
+    
   }
 
   @Test
@@ -607,9 +610,34 @@ public class EaafKeyStoreFactoryTest {
 
     final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
     Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, 
+        keyStoreFactory.checkHsmFacadeStatus());
 
   }
 
+  @Test
+  @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
+  public void hsmFacadeHealthCheckNoProvider() {
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+        RandomStringUtils.randomNumeric(4));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+        RandomStringUtils.randomNumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+        RandomStringUtils.randomAlphanumeric(10));
+    mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+        PATH_TO_HSM_FACADE_TRUST_CERT);
+
+    final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
+    Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+    
+    Security.removeProvider("HsmFacade");
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.DOWN, 
+        keyStoreFactory.checkHsmFacadeStatus());
+
+  }
+  
   @Test
   @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
   public void hsmFacadeAlreadLoaded() {
@@ -618,6 +646,8 @@ public class EaafKeyStoreFactoryTest {
     
     final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
     Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, 
+        keyStoreFactory.checkHsmFacadeStatus());
 
   }
   
@@ -769,7 +799,9 @@ public class EaafKeyStoreFactoryTest {
 
     final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
     Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
-
+    Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, 
+        keyStoreFactory.checkHsmFacadeStatus());
+    
     final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration();
     keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE);
     keyStoreConfig.setKeyStoreName("authhandler");
-- 
cgit v1.2.3