From 6aca2453946bcc526e203ebded9ef437ffc7c53a Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 20 Sep 2021 17:35:53 +0200 Subject: switch to HSM-Facade 0.7.2 and add optional configuration property for gRPC deadline, see https://grpc.io/blog/deadlines/ --- eaaf_core_utils/pom.xml | 2 +- .../core/impl/credential/EaafKeyStoreFactory.java | 28 ++++++++++++++++++---- .../test/credentials/EaafKeyStoreFactoryTest.java | 28 ++++++++++++++++++++++ 3 files changed, 52 insertions(+), 6 deletions(-) (limited to 'eaaf_core_utils') diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index d43a5b5b..702f3cfa 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -39,7 +39,7 @@ at.gv.egiz.eaaf eaaf_core_api - + at.asitplus.hsmfacade diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index 40a74faa..623e9d2c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -52,6 +52,7 @@ public class EaafKeyStoreFactory { public static final String CONFIG_PROP_HSM_FACADE_SSLTRUST = "security.hsmfacade.trustedsslcert"; public static final String CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME = "security.hsmfacade.username"; public static final String CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD = "security.hsmfacade.password"; + public static final String CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE = "security.hsmfacade.grpc.deadline"; public static final String ERRORCODE_00 = "internal.keystore.00"; public static final String ERRORCODE_01 = "internal.keystore.01"; @@ -77,7 +78,8 @@ public class EaafKeyStoreFactory { = "Has HSM-Facade class supported '{}' method: {}"; private static final String HSM_FACADE_PROVIDER = "HsmFacade"; private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore"; - + private static final String HSM_FACADE_DEFAULT_DEADLINE = "30"; + public enum HsmFacadeStatus { UP, DOWN, UNKNOWN } @Autowired @@ -272,18 +274,21 @@ public class EaafKeyStoreFactory { final String clientUsername = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME); final String clientPassword = - getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD); - + getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD); + final long grpcDeadline = getConfigurationParameterLong(CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE, + HSM_FACADE_DEFAULT_DEADLINE); + + //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade //has not be in ClassPath on every project final Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{}); final Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT, - X509Certificate.class, String.class, String.class, String.class, int.class); + X509Certificate.class, String.class, String.class, String.class, int.class, long.class); if (initMethod != null && constructor != null) { final Object rawProvider = constructor.invoke(hsmProviderClazz); initMethod.invoke( rawProvider, getHsmFacadeTrustSslCertificate(), - clientUsername, clientPassword, hsmFacadeHost, port); + clientUsername, clientPassword, hsmFacadeHost, port, grpcDeadline); if (rawProvider instanceof Provider) { Security.addProvider((Provider) rawProvider); @@ -512,6 +517,19 @@ public class EaafKeyStoreFactory { } } + @Nonnull + private Long getConfigurationParameterLong(@Nonnull String configParamKey, String defaultValue) + throws EaafConfigurationException { + try { + return Long.valueOf(basicConfig.getBasicConfiguration(configParamKey, defaultValue)); + + } catch (NumberFormatException e) { + throw new EaafConfigurationException(ERRORCODE_05, new Object[] { configParamKey, e.getMessage()}); + + } + + } + @Nonnull private String getConfigurationParameter(@Nonnull String configParamKey) throws EaafConfigurationException { diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index 40825b0b..3e82c510 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -595,6 +595,32 @@ public class EaafKeyStoreFactoryTest { } } + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeWrongGrpcDeadlineParameter() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + "src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml"); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE, + RandomStringUtils.randomAlphabetic(5)); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e, "internal.keystore.05"); + + } + } + @Ignore @Test @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) @@ -609,6 +635,8 @@ public class EaafKeyStoreFactoryTest { RandomStringUtils.randomAlphanumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, PATH_TO_HSM_FACADE_TRUST_CERT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE, + RandomStringUtils.randomNumeric(2)); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); -- cgit v1.2.3