summaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
Diffstat (limited to 'id/server')
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java150
1 files changed, 87 insertions, 63 deletions
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index 42783468d..a02f86376 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -61,71 +61,75 @@ public class JsonSecurityUtils implements IJOSETools{
protected void initalize() {
Logger.info("Initialize SL2.0 authentication security constrains ... ");
try {
- KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(),
- getKeyStorePassword());
-
- //load signing key
- signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray());
- Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias());
- signCertChain = new X509Certificate[certChainSigning.length];
- for (int i=0; i<certChainSigning.length; i++) {
- if (certChainSigning[i] instanceof X509Certificate) {
- signCertChain[i] = (X509Certificate)certChainSigning[i];
- } else
- Logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType());
+ if (getKeyStoreFilePath() != null) {
+ KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(),
+ getKeyStorePassword());
- }
-
- //load encryption key
- try {
- encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
- if (encPrivKey != null) {
- Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias());
- encCertChain = new X509Certificate[certChainEncryption.length];
- for (int i=0; i<certChainEncryption.length; i++) {
- if (certChainEncryption[i] instanceof X509Certificate) {
- encCertChain[i] = (X509Certificate)certChainEncryption[i];
- } else
- Logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType());
- }
- } else
- Logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used.");
+ //load signing key
+ signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray());
+ Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias());
+ signCertChain = new X509Certificate[certChainSigning.length];
+ for (int i=0; i<certChainSigning.length; i++) {
+ if (certChainSigning[i] instanceof X509Certificate) {
+ signCertChain[i] = (X509Certificate)certChainSigning[i];
+ } else
+ Logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType());
+
+ }
- } catch (Exception e) {
- Logger.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e);
-
- }
+ //load encryption key
+ try {
+ encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
+ if (encPrivKey != null) {
+ Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias());
+ encCertChain = new X509Certificate[certChainEncryption.length];
+ for (int i=0; i<certChainEncryption.length; i++) {
+ if (certChainEncryption[i] instanceof X509Certificate) {
+ encCertChain[i] = (X509Certificate)certChainEncryption[i];
+ } else
+ Logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType());
+ }
+ } else
+ Logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used.");
+
+ } catch (Exception e) {
+ Logger.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e);
- //load trusted certificates
- Enumeration<String> aliases = keyStore.aliases();
- while(aliases.hasMoreElements()) {
- String el = aliases.nextElement();
- Logger.trace("Process TrustStoreEntry: " + el);
- if (keyStore.isCertificateEntry(el)) {
- Certificate cert = keyStore.getCertificate(el);
- if (cert != null && cert instanceof X509Certificate)
- trustedCerts.add((X509Certificate) cert);
- else
- Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString());
+ }
+
+ //load trusted certificates
+ Enumeration<String> aliases = keyStore.aliases();
+ while(aliases.hasMoreElements()) {
+ String el = aliases.nextElement();
+ Logger.trace("Process TrustStoreEntry: " + el);
+ if (keyStore.isCertificateEntry(el)) {
+ Certificate cert = keyStore.getCertificate(el);
+ if (cert != null && cert instanceof X509Certificate)
+ trustedCerts.add((X509Certificate) cert);
+ else
+ Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString());
+
+ }
+ }
+
+ //some short validation
+ if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) {
+ Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
+ throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"});
}
- }
-
- //some short validation
- if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) {
- Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
- throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"});
- }
-
- if (signCertChain == null || signCertChain.length == 0) {
- Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
- throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"});
+ if (signCertChain == null || signCertChain.length == 0) {
+ Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
+ throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"});
+
+ }
- }
-
- Logger.info("SL2.0 authentication security constrains initialized.");
-
+ Logger.info("SL2.0 authentication security constrains initialized.");
+
+ } else
+ Logger.info("NO SL2.0 authentication security configuration. Initialization was skipped");
+
} catch ( Exception e) {
Logger.error("SL2.0 security constrains initialization FAILED.", e);
@@ -332,28 +336,48 @@ public class JsonSecurityUtils implements IJOSETools{
}
private String getKeyStorePassword() {
- return authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim();
+ String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD);
+ if (value != null)
+ value = value.trim();
+
+ return value;
}
private String getSigningKeyAlias() {
- return authConfig.getBasicConfiguration(
+ String value = authConfig.getBasicConfiguration(
Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim();
+ if (value != null)
+ value = value.trim();
+
+ return value;
}
private String getSigningKeyPassword() {
- return authConfig.getBasicConfiguration(
+ String value = authConfig.getBasicConfiguration(
Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim();
+ if (value != null)
+ value = value.trim();
+
+ return value;
}
private String getEncryptionKeyAlias() {
- return authConfig.getBasicConfiguration(
+ String value = authConfig.getBasicConfiguration(
Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim();
+ if (value != null)
+ value = value.trim();
+
+ return value;
}
private String getEncryptionKeyPassword() {
- return authConfig.getBasicConfiguration(
+ String value = authConfig.getBasicConfiguration(
Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim();
+ if (value != null)
+ value = value.trim();
+
+ return value;
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 06:03:00 +0000