From 0cf9926282ba4aa46bad3f4e8020cec72683492f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 28 Jan 2020 16:24:27 +0100 Subject: first steps in openSAML3 refactoring --- .../impl/utils/AbstractCredentialProvider.java | 67 ++++++++++++++-------- 1 file changed, 43 insertions(+), 24 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index 5c9bb6be..c0b015be 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -19,11 +19,22 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.utils; +import java.io.IOException; +import java.io.InputStream; import java.security.KeyStore; +import java.security.KeyStoreException; import java.security.PrivateKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.RSAPrivateKey; +import javax.annotation.PostConstruct; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; + import org.apache.commons.lang3.StringUtils; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; @@ -32,14 +43,15 @@ import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; - -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; public abstract class AbstractCredentialProvider { + @Autowired protected ResourceLoader resourceLoader; + private static final Logger log = LoggerFactory.getLogger(AbstractCredentialProvider.class); private KeyStore keyStore = null; @@ -117,11 +129,6 @@ public abstract class AbstractCredentialProvider { */ public X509Credential getIdpMetaDataSigningCredential() throws CredentialsNotAvailableException { try { - - if (keyStore == null) { - keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); - } - final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray()); @@ -136,8 +143,7 @@ public abstract class AbstractCredentialProvider { } return credentials; } catch (final Exception e) { - log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials"); - e.printStackTrace(); + log.error("Failed to generate " + getFriendlyName() + " Metadata Signing credentials", e); throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -150,10 +156,6 @@ public abstract class AbstractCredentialProvider { */ public X509Credential getIdpAssertionSigningCredential() throws CredentialsNotAvailableException { try { - if (keyStore == null) { - keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); - } - final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray()); @@ -169,8 +171,7 @@ public abstract class AbstractCredentialProvider { return credentials; } catch (final Exception e) { - log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials"); - e.printStackTrace(); + log.error("Failed to generate " + getFriendlyName() + " Assertion Signing credentials", e); throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -184,10 +185,6 @@ public abstract class AbstractCredentialProvider { public X509Credential getIdpAssertionEncryptionCredential() throws CredentialsNotAvailableException { try { - if (keyStore == null) { - keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), getKeyStorePassword()); - } - // if no encryption key is configured return null if (StringUtils.isEmpty(getEncryptionKeyAlias())) { return null; @@ -210,8 +207,7 @@ public abstract class AbstractCredentialProvider { return credentials; } catch (final Exception e) { - log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials"); - e.printStackTrace(); + log.error("Failed to generate " + getFriendlyName() + " Assertion Encryption credentials", e); throw new CredentialsNotAvailableException("config.27", new Object[] { e.getMessage() }, e); } } @@ -243,4 +239,27 @@ public abstract class AbstractCredentialProvider { return signer; } + + @Lazy + @PostConstruct + private void initialize() throws Exception { + try { + final Resource ressource = resourceLoader.getResource(getKeyStoreFilePath()); + final InputStream is = ressource.getInputStream(); + keyStore = KeyStoreUtils.loadKeyStore(is, getKeyStorePassword()); + + if (keyStore == null) { + throw new EaafConfigurationException("module.00", + new Object[] {getFriendlyName(), "KeyStore initialization failed. Maybe wrong password"}); + + } + + } catch (IOException | KeyStoreException | EaafException e) { + log.error("Can not initialize KeyStore for eIDAS authentication client.", e); + throw e; + + } + + } + } -- cgit v1.2.3