From d41afe91ee59daf6b5f5037cecac52900fe2ccb2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 31 Jan 2020 20:41:54 +0100 Subject: a lot of more OpenSAML3 refactoring staff This version is also NOT stable! --- .../EaafKeyStoreX509CredentialAdapter.java | 58 ++++++++++++++++++++-- 1 file changed, 53 insertions(+), 5 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java index 92d8f4b9..7c433c1c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java @@ -21,7 +21,19 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; import java.security.KeyStore; -import org.opensaml.xml.security.x509.X509Credential; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + +import org.opensaml.security.x509.X509Credential; +import org.opensaml.security.x509.impl.KeyStoreX509CredentialAdapter; + +import lombok.extern.slf4j.Slf4j; /** * OpenSAML2 KeyStore adapter. @@ -29,8 +41,11 @@ import org.opensaml.xml.security.x509.X509Credential; * @author tlenz * */ -public class EaafKeyStoreX509CredentialAdapter - extends org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter { +@Slf4j +public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAdapter + implements EaafX509Credential { + + private String signatureAlgorithmtToUse; /** * Get an OpenSAML2 keystore. @@ -38,10 +53,31 @@ public class EaafKeyStoreX509CredentialAdapter * @param store Java KeyStore * @param alias Key alias * @param password key Password + * @param keyStoreFriendlyName Friendlyname of this keystore for logging purposes + * @throws CredentialsNotAvailableException In case of an initialization exception */ - public EaafKeyStoreX509CredentialAdapter(final KeyStore store, final String alias, - final char[] password) { + public EaafKeyStoreX509CredentialAdapter(@Nonnull final KeyStore store, @Nonnull final String alias, + @Nullable final char[] password, @Nonnull String keyStoreFriendlyName) throws CredentialsNotAvailableException { super(store, alias, password); + + if (getPrivateKey() == null && getSecretKey() == null) { + log.error("KeyStore: {} Key with alias: {} not found or contains no PrivateKey.", + keyStoreFriendlyName, alias); + throw new CredentialsNotAvailableException("internal.pvp.00", + new Object[] { keyStoreFriendlyName, alias}); + + } + + try { + setSignatureAlgorithmForSigning(Saml2Utils.getSignatureAlgorithm(this, + PvpConstants.DEFAULT_SIGNING_METHODE_RSA, + PvpConstants.DEFAULT_SIGNING_METHODE_EC)); + + } catch (final SamlSigningException e) { + throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] {keyStoreFriendlyName, alias}, e); + + } + } @Override @@ -49,4 +85,16 @@ public class EaafKeyStoreX509CredentialAdapter return X509Credential.class; } + @Override + public String getSignatureAlgorithmForSigning() { + return this.signatureAlgorithmtToUse; + + } + + @Override + public void setSignatureAlgorithmForSigning(String sigAlg) { + this.signatureAlgorithmtToUse = sigAlg; + + } + } -- cgit v1.2.3