From 6aca2453946bcc526e203ebded9ef437ffc7c53a Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Mon, 20 Sep 2021 17:35:53 +0200
Subject: switch to HSM-Facade 0.7.2 and add optional configuration property
for gRPC deadline, see https://grpc.io/blog/deadlines/
---
eaaf_core_utils/pom.xml | 2 +-
.../core/impl/credential/EaafKeyStoreFactory.java | 28 ++++++++++++++++++----
.../test/credentials/EaafKeyStoreFactoryTest.java | 28 ++++++++++++++++++++++
3 files changed, 52 insertions(+), 6 deletions(-)
(limited to 'eaaf_core_utils')
diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml
index d43a5b5b..702f3cfa 100644
--- a/eaaf_core_utils/pom.xml
+++ b/eaaf_core_utils/pom.xml
@@ -39,7 +39,7 @@
at.gv.egiz.eaaf
eaaf_core_api
-
+
at.asitplus.hsmfacade
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 40a74faa..623e9d2c 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -52,6 +52,7 @@ public class EaafKeyStoreFactory {
public static final String CONFIG_PROP_HSM_FACADE_SSLTRUST = "security.hsmfacade.trustedsslcert";
public static final String CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME = "security.hsmfacade.username";
public static final String CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD = "security.hsmfacade.password";
+ public static final String CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE = "security.hsmfacade.grpc.deadline";
public static final String ERRORCODE_00 = "internal.keystore.00";
public static final String ERRORCODE_01 = "internal.keystore.01";
@@ -77,7 +78,8 @@ public class EaafKeyStoreFactory {
= "Has HSM-Facade class supported '{}' method: {}";
private static final String HSM_FACADE_PROVIDER = "HsmFacade";
private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore";
-
+ private static final String HSM_FACADE_DEFAULT_DEADLINE = "30";
+
public enum HsmFacadeStatus { UP, DOWN, UNKNOWN }
@Autowired
@@ -272,18 +274,21 @@ public class EaafKeyStoreFactory {
final String clientUsername =
getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME);
final String clientPassword =
- getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD);
-
+ getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD);
+ final long grpcDeadline = getConfigurationParameterLong(CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE,
+ HSM_FACADE_DEFAULT_DEADLINE);
+
+
//initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade
//has not be in ClassPath on every project
final Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{});
final Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT,
- X509Certificate.class, String.class, String.class, String.class, int.class);
+ X509Certificate.class, String.class, String.class, String.class, int.class, long.class);
if (initMethod != null && constructor != null) {
final Object rawProvider = constructor.invoke(hsmProviderClazz);
initMethod.invoke(
rawProvider, getHsmFacadeTrustSslCertificate(),
- clientUsername, clientPassword, hsmFacadeHost, port);
+ clientUsername, clientPassword, hsmFacadeHost, port, grpcDeadline);
if (rawProvider instanceof Provider) {
Security.addProvider((Provider) rawProvider);
@@ -512,6 +517,19 @@ public class EaafKeyStoreFactory {
}
}
+ @Nonnull
+ private Long getConfigurationParameterLong(@Nonnull String configParamKey, String defaultValue)
+ throws EaafConfigurationException {
+ try {
+ return Long.valueOf(basicConfig.getBasicConfiguration(configParamKey, defaultValue));
+
+ } catch (NumberFormatException e) {
+ throw new EaafConfigurationException(ERRORCODE_05, new Object[] { configParamKey, e.getMessage()});
+
+ }
+
+ }
+
@Nonnull
private String getConfigurationParameter(@Nonnull String configParamKey)
throws EaafConfigurationException {
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index 40825b0b..3e82c510 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -595,6 +595,32 @@ public class EaafKeyStoreFactoryTest {
}
}
+ @Test
+ @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
+ public void hsmFacadeWrongGrpcDeadlineParameter() {
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT,
+ RandomStringUtils.randomNumeric(4));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME,
+ RandomStringUtils.randomNumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD,
+ RandomStringUtils.randomAlphanumeric(10));
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
+ "src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml");
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE,
+ RandomStringUtils.randomAlphabetic(5));
+
+ try {
+ context.getBean(EaafKeyStoreFactory.class);
+ Assert.fail("Missing HSM Facade not detected");
+
+ } catch (final BeansException e) {
+ checkMissingConfigException(e, "internal.keystore.05");
+
+ }
+ }
+
@Ignore
@Test
@DirtiesContext(methodMode = MethodMode.BEFORE_METHOD)
@@ -609,6 +635,8 @@ public class EaafKeyStoreFactoryTest {
RandomStringUtils.randomAlphanumeric(10));
mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST,
PATH_TO_HSM_FACADE_TRUST_CERT);
+ mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE,
+ RandomStringUtils.randomNumeric(2));
final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized());
--
cgit v1.2.3