package at.gv.egiz.eaaf.core.impl.credential;
import java.util.Map;
import javax.annotation.Nonnull;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import org.apache.commons.lang3.StringUtils;
import lombok.Getter;
import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
@Slf4j
@Getter
@Setter
public class KeyStoreConfiguration {
public static final String PROP_CONFIG_KEYSTORE_TYPE =
"keystore.type";
public static final String PROP_CONFIG_HSMFACADE_NAME =
"keystore.name";
public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PATH =
"keystore.path";
public static final String PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD =
"keystore.password";
/**
* FriendlyName for this KeyStore. Mainly used for logging.
*/
private String friendlyName;
/**
* General type of the KeyStore that should be generated.
*/
private KeyStoreType keyStoreType;
/**
* Name of the KeyStore in HSM Facade.
*/
private String keyStoreName;
/**
* Path to software KeyStore in case of a PKCS12 or JKS KeyStore.
*/
private String softKeyStoreFilePath;
/**
* Password of a software KeyStore in case of a PKCS12 or JKS KeyStore.
*/
private String softKeyStorePassword;
/**
* Build a {@link KeyStoreConfiguration} from a configuration map.
*
* The configuration parameters defined in this class are used to load the
* configuration.
*
*
* @param config Configuration
* @param friendlyName FriendlyName for this KeyStore
* @return Configuration object for {@link EaafKeyStoreFactory}
* @throws EaafConfigurationException In case of a configuration error.
*/
public static KeyStoreConfiguration buildFromConfigurationMap(Map config,
String friendlyName) throws EaafConfigurationException {
final KeyStoreConfiguration internalConfig = new KeyStoreConfiguration();
internalConfig.setFriendlyName(friendlyName);
final KeyStoreType internalKeyStoreType = KeyStoreType.fromString(
getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE));
if (internalKeyStoreType != null) {
internalConfig.setKeyStoreType(internalKeyStoreType);
} else {
log.error("KeyStore: {} sets an unknown KeyStore type: {}",
friendlyName, getConfigurationParameter(config, PROP_CONFIG_KEYSTORE_TYPE));
throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01,
new Object[] { friendlyName });
}
if (internalKeyStoreType.equals(KeyStoreType.HSMFACADE)) {
log.trace("Set-up HSM-Facade KeyStore ... ");
internalConfig.setKeyStoreName(
getConfigurationParameter(config, PROP_CONFIG_HSMFACADE_NAME));
} else if (internalKeyStoreType.equals(KeyStoreType.PKCS12)
|| internalKeyStoreType.equals(KeyStoreType.JKS)) {
log.trace("Set-up software KeyStore ... ");
internalConfig.setSoftKeyStoreFilePath(
getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PATH));
internalConfig.setSoftKeyStorePassword(
getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEYSTORE_PASSORD));
} else {
log.info("Configuration of type: {} not supported yet", internalKeyStoreType);
throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_02,
new Object[] { friendlyName, config.get(PROP_CONFIG_KEYSTORE_TYPE) });
}
return internalConfig;
}
/**
* Set the Type of the KeyStore based on String identifier.
*
* @param keyStoreType String based KeyStore type
* @throws EaafConfigurationException In case of an unknown KeyStore type
*/
public void setKeyStoreType(@Nonnull String keyStoreType) throws EaafConfigurationException {
final KeyStoreType internalKeyStoreType = KeyStoreType.fromString(keyStoreType);
if (internalKeyStoreType != null) {
setKeyStoreType(internalKeyStoreType);
} else {
log.error("KeyStore: {} sets an unknown KeyStore type: {}",
friendlyName, keyStoreType);
throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01,
new Object[] { friendlyName });
}
}
/**
* Set the Type of the KeyStore based on String identifier.
*
* @param type String based KeyStore type
*/
public void setKeyStoreType(@Nonnull KeyStoreType type) {
this.keyStoreType = type;
}
/**
* Validate the internal state of this configuration object.
*
* @throws EaafConfigurationException In case of a configuration error
*/
public void validate() throws EaafConfigurationException {
if (KeyStoreType.HSMFACADE.equals(keyStoreType)) {
log.trace("Validate HSM-Facade KeyStore ... ");
checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07,
friendlyName, "Missing 'KeyName' for HSM-Facade");
} else if (KeyStoreType.PKCS12.equals(keyStoreType)
|| KeyStoreType.JKS.equals(keyStoreType)) {
log.trace("Validate software KeyStore ... ");
checkConfigurationValue(softKeyStoreFilePath, EaafKeyStoreFactory.ERRORCODE_07,
friendlyName, "Missing 'KeyPath' for software keystore");
checkConfigurationValue(softKeyStorePassword, EaafKeyStoreFactory.ERRORCODE_07,
friendlyName, "Missing 'KeyPassword' for software keystore");
} else {
log.info("Validation of type: {} not supported yet", keyStoreType);
}
}
public enum KeyStoreType {
PKCS12("pkcs12"), JKS("jks"), HSMFACADE("hsmfacade"), PKCS11("pkcs11");
private final String keyStoreType;
KeyStoreType(final String keyStoreType) {
this.keyStoreType = keyStoreType;
}
/**
* Get Type of this KeyStore.
*
* @return
*/
public String getKeyStoreType() {
return this.keyStoreType;
}
/**
* Get KeyStore type from String representation.
*
* @param s Config parameter
* @return
*/
public static KeyStoreType fromString(final String s) {
try {
return KeyStoreType.valueOf(s.toUpperCase());
} catch (IllegalArgumentException | NullPointerException e) {
return null;
}
}
@Override
public String toString() {
return getKeyStoreType();
}
}
@Nonnull
private static String getConfigurationParameter(@Nonnull Map config,
@Nonnull String configParamKey)
throws EaafConfigurationException {
final String configValue = config.get(configParamKey);
checkConfigurationValue(configValue, EaafKeyStoreFactory.ERRORCODE_04, configParamKey);
return configValue;
}
private static void checkConfigurationValue(String configValue, String errorCode, String... params)
throws EaafConfigurationException {
if (StringUtils.isEmpty(configValue)) {
throw new EaafConfigurationException(errorCode,
params);
}
}
}