From fc8aab29eb278a1489a75847efa38ea72b941c79 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 5 Feb 2020 11:03:59 +0100 Subject: Extract interface from AbstractCredentialProvider.java Add new interface IPvpAddableChainingMetadataProvider.java and implement it in AbstractChainingMetadataProvider.java Fix possible nullPointer in Saml2Utils.java --- .../impl/utils/AbstractCredentialProvider.java | 25 ++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java') diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index 13124114..6959b6bd 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -39,6 +39,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; @@ -53,7 +54,7 @@ import org.springframework.core.io.ResourceLoader; import lombok.extern.slf4j.Slf4j; @Slf4j -public abstract class AbstractCredentialProvider { +public abstract class AbstractCredentialProvider implements IPvp2CredentialProvider { private static final String TRUSTED_CERTIFICATES_OPERATION = "Trusted Certificate Entries"; @@ -136,10 +137,11 @@ public abstract class AbstractCredentialProvider { * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ + @Override public EaafX509Credential getMetaDataSigningCredential() throws CredentialsNotAvailableException { try { final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, - getMetadataKeyAlias(), getMetadataKeyPassword().toCharArray(), getFriendlyName()); + getMetadataKeyAlias(), getPassCharArrayOrNull(getMetadataKeyPassword()), getFriendlyName()); credentials.setUsageType(UsageType.SIGNING); credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials)); credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials)); @@ -152,6 +154,8 @@ public abstract class AbstractCredentialProvider { } } + + /** * Get Credentials to sign SAML2 messages, like AuthnRequest, Response, * Assertions as some examples. @@ -159,10 +163,11 @@ public abstract class AbstractCredentialProvider { * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ + @Override public EaafX509Credential getMessageSigningCredential() throws CredentialsNotAvailableException { try { final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, - getSignatureKeyAlias(), getSignatureKeyPassword().toCharArray(), getFriendlyName()); + getSignatureKeyAlias(), getPassCharArrayOrNull(getSignatureKeyPassword()), getFriendlyName()); credentials.setUsageType(UsageType.SIGNING); credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials)); credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials)); @@ -181,6 +186,7 @@ public abstract class AbstractCredentialProvider { * @return Credentials * @throws CredentialsNotAvailableException In case of a credential error */ + @Override public EaafX509Credential getMessageEncryptionCredential() throws CredentialsNotAvailableException { // if no encryption key is configured return null @@ -190,7 +196,7 @@ public abstract class AbstractCredentialProvider { try { final EaafKeyStoreX509CredentialAdapter credentials = new EaafKeyStoreX509CredentialAdapter(keyStore, - getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray(), getFriendlyName()); + getEncryptionKeyAlias(), getPassCharArrayOrNull(getEncryptionKeyPassword()), getFriendlyName()); credentials.setUsageType(UsageType.ENCRYPTION); credentials.setSignatureAlgorithmForSigning(selectSigningAlgorithm(credentials)); credentials.setKeyEncryptionAlgorithmForDataEncryption(selectKeyEncryptionAlgorithm(credentials)); @@ -212,6 +218,7 @@ public abstract class AbstractCredentialProvider { * no certificates are available * @throws CredentialsNotAvailableException In case of a KeyStore error */ + @Override @Nonnull public List getTrustedCertificates() throws CredentialsNotAvailableException { @@ -288,4 +295,14 @@ public abstract class AbstractCredentialProvider { PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); } + private char[] getPassCharArrayOrNull(String metadataKeyPassword) { + char[] keyPassChar = null; + if (metadataKeyPassword != null) { + keyPassChar = metadataKeyPassword.toCharArray(); + + } + + return keyPassChar; + } + } -- cgit v1.2.3