From 514747e925abddcb320a8433908dbae32dc5049b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 28 Jun 2019 09:25:09 +0200
Subject: some small updates

---
 .../modules/auth/sl20/utils/JsonSecurityUtils.java | 58 +++++++++++-----------
 1 file changed, 29 insertions(+), 29 deletions(-)

(limited to 'eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java')

diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
index 5eda95cc..33873f43 100644
--- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
+++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java
@@ -57,7 +57,7 @@ public class JsonSecurityUtils implements IJOSETools{
 	private Key encPrivKey = null;
 	private X509Certificate[] encCertChain = null;
 	
-	private List<X509Certificate> trustedCerts = new ArrayList<X509Certificate>();
+	private final List<X509Certificate> trustedCerts = new ArrayList<X509Certificate>();
 	
 	private static JsonMapper mapper = new JsonMapper();
 	
@@ -66,12 +66,12 @@ public class JsonSecurityUtils implements IJOSETools{
 		log.info("Initialize SL2.0 authentication security constrains ... ");
 		try {
 			if (getKeyStoreFilePath() != null) { 			
-				KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
+				final KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), 
 						getKeyStorePassword());
 				
 				//load signing key
 				signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray());
-				Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias());
+				final Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias());
 				signCertChain = new X509Certificate[certChainSigning.length];
 				for (int i=0; i<certChainSigning.length; i++) {
 					if (certChainSigning[i] instanceof X509Certificate) {
@@ -85,7 +85,7 @@ public class JsonSecurityUtils implements IJOSETools{
 				try {
 					encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
 					if (encPrivKey != null) {
-						Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias());
+						final Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias());
 						encCertChain = new X509Certificate[certChainEncryption.length];
 						for (int i=0; i<certChainEncryption.length; i++) {
 							if (certChainEncryption[i] instanceof X509Certificate) {
@@ -96,18 +96,18 @@ public class JsonSecurityUtils implements IJOSETools{
 					} else
 						log.info("No encryption key for SL2.0 found. End-to-End encryption is not used.");
 					
-				} catch (Exception e) {
+				} catch (final Exception e) {
 					log.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e);
 			
 				}
 				
 				//load trusted certificates
-				Enumeration<String> aliases = keyStore.aliases();
+				final Enumeration<String> aliases = keyStore.aliases();
 				while(aliases.hasMoreElements()) {
-					String el = aliases.nextElement();
+					final String el = aliases.nextElement();
 					log.trace("Process TrustStoreEntry: " + el);
 					if (keyStore.isCertificateEntry(el)) {
-						Certificate cert = keyStore.getCertificate(el); 
+						final Certificate cert = keyStore.getCertificate(el); 
 						if (cert != null && cert instanceof X509Certificate)
 							trustedCerts.add((X509Certificate) cert);
 						else
@@ -134,7 +134,7 @@ public class JsonSecurityUtils implements IJOSETools{
 			} else
 				log.info("NO SL2.0 authentication security configuration. Initialization was skipped");
 							
-		} catch ( Exception e) {
+		} catch ( final Exception e) {
 			log.error("SL2.0 security constrains initialization FAILED.", e);
 			
 		}
@@ -145,7 +145,7 @@ public class JsonSecurityUtils implements IJOSETools{
 	@Override
 	public String createSignature(String payLoad) throws SLCommandoBuildException {
 		try {
-			JsonWebSignature jws = new JsonWebSignature();
+			final JsonWebSignature jws = new JsonWebSignature();
 			
 			//set payload
 			jws.setPayload(payLoad);
@@ -163,7 +163,7 @@ public class JsonSecurityUtils implements IJOSETools{
 		
 			return jws.getCompactSerialization();
 			
-		} catch (JoseException e) {
+		} catch (final JoseException e) {
 			log.warn("Can NOT sign SL2.0 command.", e);
 			throw new SLCommandoBuildException("Can NOT sign SL2.0 command.", e);
 			
@@ -174,7 +174,7 @@ public class JsonSecurityUtils implements IJOSETools{
 	@Override
 	public VerificationResult validateSignature(String serializedContent) throws SL20Exception {
 		try {
-			JsonWebSignature jws = new JsonWebSignature();
+			final JsonWebSignature jws = new JsonWebSignature();
 			//set payload
 			jws.setCompactSerialization(serializedContent);
 				
@@ -184,12 +184,12 @@ public class JsonSecurityUtils implements IJOSETools{
 			
 			//load signinc certs
 			Key selectedKey = null;
-			List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue();
-			String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue();
+			final List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue();
+			final String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue();
 			if (x5cCerts != null) {
 				log.debug("Found x509 certificate in JOSE header ... ");
 			log.trace("Sorting received X509 certificates ... ");
-				List<X509Certificate> sortedX5cCerts  = X509Utils.sortCertificates(x5cCerts);
+				final List<X509Certificate> sortedX5cCerts  = X509Utils.sortCertificates(x5cCerts);
 							
 				if (trustedCerts.contains(sortedX5cCerts.get(0))) {
 					selectedKey = sortedX5cCerts.get(0).getPublicKey();
@@ -199,7 +199,7 @@ public class JsonSecurityUtils implements IJOSETools{
 					log.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString());
 					try {
 						log.debug("Cert: " + Base64Utils.encodeToString(sortedX5cCerts.get(0).getEncoded()));
-					} catch (CertificateEncodingException e) {
+					} catch (final CertificateEncodingException e) {
 						e.printStackTrace();
 					}
 					
@@ -207,7 +207,7 @@ public class JsonSecurityUtils implements IJOSETools{
 				
 			} else if (StringUtils.isNotEmpty(x5t256)) {
 				log.debug("Found x5t256 fingerprint in JOSE header .... ");
-				X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts);
+				final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts);
 				selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList());
 				
 			} else {
@@ -226,7 +226,7 @@ public class JsonSecurityUtils implements IJOSETools{
 			jws.setKey(selectedKey);
 			
 			//validate signature
-			boolean valid = jws.verifySignature();
+			final boolean valid = jws.verifySignature();
 			if (!valid) {
 				log.info("JWS signature invalide. Stopping authentication process ...");
 				log.debug("Received JWS msg: " + serializedContent);
@@ -237,7 +237,7 @@ public class JsonSecurityUtils implements IJOSETools{
 			
 			//load payLoad
 			log.debug("SL2.0 commando signature validation sucessfull");
-			JsonNode sl20Req = mapper.getMapper().readTree(jws.getPayload());
+			final JsonNode sl20Req = mapper.getMapper().readTree(jws.getPayload());
 			
 			return new VerificationResult(sl20Req, null, valid) ;
 			
@@ -245,7 +245,7 @@ public class JsonSecurityUtils implements IJOSETools{
 			log.warn("SL2.0 commando signature validation FAILED", e);
 			throw new SL20SecurityException(new Object[]{e.getMessage()}, e);
 			
-		} catch (IOException e) {
+		} catch (final IOException e) {
 			log.warn("Decrypted SL2.0 result can not be parsed.", e);
 			throw new SLCommandoParserException("Decrypted SL2.0 result can not be parsed", e);
 			
@@ -257,7 +257,7 @@ public class JsonSecurityUtils implements IJOSETools{
 	@Override
 	public JsonNode decryptPayload(String compactSerialization) throws SL20Exception {
 		try {			
-			JsonWebEncryption receiverJwe = new JsonWebEncryption();
+			final JsonWebEncryption receiverJwe = new JsonWebEncryption();
 		
 			//set security constrains
 			receiverJwe.setAlgorithmConstraints(
@@ -272,12 +272,12 @@ public class JsonSecurityUtils implements IJOSETools{
 
 					
 			//validate key from header against key from config
-			List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue();
-			String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue();
+			final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue();
+			final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue();
 			if (x5cCerts != null) {
 				log.debug("Found x509 certificate in JOSE header ... ");
 				log.trace("Sorting received X509 certificates ... ");
-				List<X509Certificate> sortedX5cCerts  = X509Utils.sortCertificates(x5cCerts);
+				final List<X509Certificate> sortedX5cCerts  = X509Utils.sortCertificates(x5cCerts);
 		
 				if (!sortedX5cCerts.get(0).equals(encCertChain[0])) {
 					log.info("Certificate from JOSE header does NOT match encryption certificate");
@@ -285,7 +285,7 @@ public class JsonSecurityUtils implements IJOSETools{
 					
 					try {
 						log.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
-					} catch (CertificateEncodingException e) {
+					} catch (final CertificateEncodingException e) {
 						e.printStackTrace();
 					}
 					throw new SL20Exception("sl20.05", new Object[]{"Certificate from JOSE header does NOT match encryption certificate"});
@@ -293,7 +293,7 @@ public class JsonSecurityUtils implements IJOSETools{
 				
 			} else if (StringUtils.isNotEmpty(x5t256)) {
 				log.debug("Found x5t256 fingerprint in JOSE header .... ");
-				String certFingerPrint = X509Util.x5tS256(encCertChain[0]);
+				final String certFingerPrint = X509Util.x5tS256(encCertChain[0]);
 				if (!certFingerPrint.equals(x5t256)) {
 					log.info("X5t256 from JOSE header does NOT match encryption certificate");
 					log.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint);
@@ -314,15 +314,15 @@ public class JsonSecurityUtils implements IJOSETools{
 			//decrypt payload			
 			return mapper.getMapper().readTree(receiverJwe.getPlaintextString());
 			
-		} catch (JoseException e) {
+		} catch (final JoseException e) {
 			log.warn("SL2.0 result decryption FAILED", e);
 			throw new SL20SecurityException(new Object[]{e.getMessage()}, e);
 			
-		} catch ( JsonParseException e) {
+		} catch ( final JsonParseException e) {
 			log.warn("Decrypted SL2.0 result is NOT a valid JSON.", e);
 			throw new SLCommandoParserException("Decrypted SL2.0 result is NOT a valid JSON.", e);
 			
-		} catch (IOException e) {
+		} catch (final IOException e) {
 			log.warn("Decrypted SL2.0 result can not be parsed.", e);
 			throw new SLCommandoParserException("Decrypted SL2.0 result can not be parsed", e);
 		}
-- 
cgit v1.2.3