RemoteStoreProviderDriver.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.pdd.core.keystore;

  23. import java.io.ByteArrayOutputStream;
  24. import java.security.PublicKey;
  25. import java.util.Date;
  26. import java.util.HashMap;
  27. import java.util.Map;

  29. import org.openspcoop2.core.config.driver.db.DriverConfigurazioneDB;
  30. import org.openspcoop2.core.eventi.Evento;
  31. import org.openspcoop2.pdd.config.ConfigurazionePdDReader;
  32. import org.openspcoop2.pdd.config.OpenSPCoop2Properties;
  33. import org.openspcoop2.pdd.config.PDNDConfigUtilities;
  34. import org.openspcoop2.pdd.core.eventi.GestoreEventi;
  35. import org.openspcoop2.pdd.timers.TimerException;
  36. import org.openspcoop2.pdd.timers.pdnd.TimerGestoreChiaviPDNDEvent;
  37. import org.openspcoop2.pdd.timers.pdnd.TimerGestoreChiaviPDNDLib;
  38. import org.openspcoop2.security.keystore.cache.RemoteStoreClientInfoCache;
  39. import org.openspcoop2.utils.SemaphoreLock;
  40. import org.openspcoop2.utils.UtilsException;
  41. import org.openspcoop2.utils.certificate.ArchiveLoader;
  42. import org.openspcoop2.utils.certificate.Certificate;
  43. import org.openspcoop2.utils.certificate.JWK;
  44. import org.openspcoop2.utils.certificate.KeyUtils;
  45. import org.openspcoop2.utils.certificate.remote.IRemoteStoreProvider;
  46. import org.openspcoop2.utils.certificate.remote.RemoteKeyType;
  47. import org.openspcoop2.utils.certificate.remote.RemoteStoreClientInfo;
  48. import org.openspcoop2.utils.certificate.remote.RemoteStoreConfig;
  49. import org.openspcoop2.utils.certificate.remote.RemoteStoreUtils;
  50. import org.openspcoop2.utils.date.DateManager;
  51. import org.openspcoop2.utils.date.DateUtils;
  52. import org.slf4j.Logger;

  54. /**
  55.  * RemoteStoreProviderDriver
  56.  *
  57.  * @author Poli Andrea (apoli@link.it)
  58.  * @author $Author$
  59.  * @version $Rev$, $Date$
  60.  */
  61. public class RemoteStoreProviderDriver implements IRemoteStoreProvider {

  63.     private static int keyMaxLifeMinutes = -1; // infinito
  64.     public static int getKeyMaxLifeMinutes() {
  65.         return keyMaxLifeMinutes;
  66.     }
  67.     public static void setKeyMaxLifeMinutes(int keyMaxLifeMinutes) {
  68.         RemoteStoreProviderDriver.keyMaxLifeMinutes = keyMaxLifeMinutes;
  69.     }
  70.     
  71.     
  72.     private static final Map<String, RemoteStoreProviderDriver> _providerStore = new HashMap<>();
  73.     public static synchronized void initialize(Logger log, RemoteStoreConfig remoteStoreConfig) throws KeystoreException {
  74.         String storeConfigName = getRemoteStoreConfigName(remoteStoreConfig);
  75.         RemoteStoreProviderDriver s = new RemoteStoreProviderDriver(log, remoteStoreConfig);
  76.         _providerStore.put(storeConfigName, s);
  77.     }
  78.     static RemoteStoreProviderDriver getProviderStore(String storeConfigName) throws KeystoreException{
  79.         RemoteStoreProviderDriver s = _providerStore.get(storeConfigName);
  80.         if(s==null) {
  81.             throw new KeystoreException("ProviderStore '"+storeConfigName+"' not exists");
  82.         }
  83.         return s;
  84.     }
  85.     
  86.     
  87.     private static final Map<String, org.openspcoop2.utils.Semaphore> _lockStore = new HashMap<>();
  88.     private static synchronized org.openspcoop2.utils.Semaphore initLockStore(String nomeRemoteStore){
  89.         org.openspcoop2.utils.Semaphore s = _lockStore.get(nomeRemoteStore);
  90.         if(s==null) {
  91.             Integer permits = OpenSPCoop2Properties.getInstance().getGestioneTokenValidazioneJWTLockPermits();
  92.             if(permits!=null && permits.intValue()>1) {
  93.                 s = new org.openspcoop2.utils.Semaphore("GestoreTokenValidazioneJWT_"+nomeRemoteStore, permits);
  94.             }
  95.             else {
  96.                 s = new org.openspcoop2.utils.Semaphore("GestoreTokenValidazioneJWT_"+nomeRemoteStore);
  97.             }
  98.             _lockStore.put(nomeRemoteStore, s);
  99.         }
  100.         return s;
  101.     }
  102.     private static org.openspcoop2.utils.Semaphore getLockStore(String nomeRemoteStore){
  103.         org.openspcoop2.utils.Semaphore s = _lockStore.get(nomeRemoteStore);
  104.         if(s==null) {
  105.             s = initLockStore(nomeRemoteStore);
  106.         }
  107.         return s;
  108.     }
  109.     
  110.     
  111.     static String getRemoteStoreConfigName(RemoteStoreConfig remoteStoreConfig) throws KeystoreException {
  112.         if(remoteStoreConfig==null) {
  113.             throw new KeystoreException("RemoteStoreConfig undefined");
  114.         }
  115.         String remoteStoreName = remoteStoreConfig.getStoreName();
  116.         if(remoteStoreName==null) {
  117.             throw new KeystoreException("RemoteStoreConfig name undefined");
  118.         }
  119.         return remoteStoreName;
  120.     }
  121.     
  122.     
  123.     
  124.     private DriverConfigurazioneDB driverConfigurazioneDB = null;
  125.     
  126.     private Logger log;
  127.     
  128.     private RemoteStoreConfig remoteStoreConfig;
  129.     private String keyAlgorithm;
  130.     private long remoteStoreId;
  131.     
  132.     private RemoteStoreProviderDriver(Logger log, RemoteStoreConfig remoteStoreConfig) throws KeystoreException {
  133.         
  134.         this.log = log;
  135.         
  136.         getRemoteStoreConfigName(remoteStoreConfig);
  137.         this.remoteStoreConfig = remoteStoreConfig;
  138.         
  139.         this.keyAlgorithm = remoteStoreConfig.getKeyAlgorithm();
  140.         if(this.keyAlgorithm==null) {
  141.             this.keyAlgorithm = KeyUtils.ALGO_RSA;
  142.         }
  143.             
  144.         Object oConfig = ConfigurazionePdDReader.getDriverConfigurazionePdD();
  145.         if(oConfig instanceof DriverConfigurazioneDB) {
  146.             this.driverConfigurazioneDB = (DriverConfigurazioneDB) oConfig;
  147.         }
  148.         else {
  149.             throw new KeystoreException("RemoteStoreProvider utilizzabile solamente con una configurazione su database");
  150.         }
  151.         
  152.         this.remoteStoreId = RemoteStoreProviderDriverUtils.registerIfNotExistsRemoteStore(this.driverConfigurazioneDB, this.remoteStoreConfig);
  153.     }
  154.     
  155.     
  156.     private String getPrefixKid(String keyId) {
  157.         return "Chiave con kid '"+keyId+"'";
  158.     }
  159.     
  160.     private Object readKey(RemoteKeyType remoteStoreKeyType, String keyId, ByteArrayOutputStream bout, RemoteStoreConfig remoteConfig) throws KeystoreException {
  161.         
  162.         RemoteStoreKey key = null;
  163.         try {
  164.             key = RemoteStoreProviderDriverUtils.getRemoteStoreKey(this.driverConfigurazioneDB, this.remoteStoreId, keyId);
  165.         }catch(KeystoreNotFoundException notFound) {
  166.             String msg = getPrefixKid(keyId)+" non presente su database";
  167.             this.log.debug(msg);
  168.             // ignore
  169.         }
  170.         boolean updateRequired = isUpdateRequired(key, keyId);
  171.         if(!updateRequired && key!=null && key.getKey()!=null) {
  172.             try {
  173.                 switch (remoteStoreKeyType) {
  174.                     case JWK:
  175.                         return new JWK(new String(key.getKey()));
  176.                     case PUBLIC_KEY:
  177.                         return KeyUtils.getInstance(this.keyAlgorithm).getPublicKey(key.getKey());
  178.                     case X509:
  179.                         return ArchiveLoader.load(key.getKey());
  180.                 }
  181.             }catch(Exception e) {
  182.                 throw new KeystoreException(e.getMessage(),e);
  183.             }
  184.         }
  185.         
  186.         org.openspcoop2.utils.Semaphore semaphore = getLockStore(this.remoteStoreConfig.getStoreName());
  187.         SemaphoreLock lock = null;
  188.         try {
  189.             lock = semaphore.acquire("readKey");
  190.         }catch(Exception e) {
  191.             throw new KeystoreException(e.getMessage(),e);
  192.         }
  193.         try (ByteArrayOutputStream boutInternal = new ByteArrayOutputStream()){
  194.             
  195.             ByteArrayOutputStream b = bout!=null ? bout : boutInternal;
  196.             
  197.             RemoteStoreConfig remoteConfigUse = (remoteConfig!=null && remoteConfig.isMultitenant()) ? remoteConfig : this.remoteStoreConfig;
  198.             
  199.             Object objectKey = null;
  200.             switch (remoteStoreKeyType) {
  201.             case JWK:
  202.                 objectKey = RemoteStoreUtils.readJWK(keyId, remoteConfigUse, b);
  203.                 break;
  204.             case PUBLIC_KEY:
  205.                 objectKey = RemoteStoreUtils.readPublicKey(keyId, remoteConfigUse, b);
  206.                 break;
  207.             case X509:
  208.                 objectKey = RemoteStoreUtils.readX509(keyId, remoteConfigUse, b);
  209.                 break;
  210.             }
  211.             
  212.             saveKey(updateRequired, keyId, b);
  213.             
  214.             return objectKey;
  215.             
  216.         }catch(Exception e) {
  217.             throw new KeystoreException(e.getMessage(),e);
  218.         }finally {
  219.             semaphore.release(lock, "readKey");
  220.         }
  221.         
  222.     }
  223.     private void saveKey(boolean updateRequired, String keyId, ByteArrayOutputStream b) throws KeystoreException, TimerException {
  224.         if(updateRequired) {
  225.             String msg = getPrefixKid(keyId)+" ottenuta da remote store config, aggiornamento entry sul db ...";
  226.             this.log.debug(msg);
  227.             int rows = RemoteStoreProviderDriverUtils.updateRemoteStoreKey(this.driverConfigurazioneDB, this.remoteStoreId, keyId, b.toByteArray());
  228.             msg = getPrefixKid(keyId)+" ottenuta da remote store config, aggiornata entry sul db (updateRows:"+rows+")";
  229.             this.log.debug(msg);
  230.         }
  231.         else {
  232.             String msg = getPrefixKid(keyId)+" ottenuta da remote store config, registrazione sul db ...";
  233.             this.log.debug(msg);
  234.             int rows = RemoteStoreProviderDriverUtils.addRemoteStoreKey(this.driverConfigurazioneDB, this.remoteStoreId, keyId, b.toByteArray());
  235.             msg = getPrefixKid(keyId)+" ottenuta da remote store config, registrata entry sul db (updateRows:"+rows+")";
  236.             this.log.debug(msg);
  237.             
  238.             if(OpenSPCoop2Properties.getInstance().isGestoreChiaviPDNDEventiAdd()) {
  239.                 Evento evento = TimerGestoreChiaviPDNDLib.buildEvento(TimerGestoreChiaviPDNDEvent.EVENT_TYPE_ADDED, keyId, "La chiave è stata aggiunta al repository locale");
  240.                 registerEvent(evento, keyId);
  241.             }
  242.         }
  243.     }
  244.     private void registerEvent(Evento evento, String keyId) {
  245.         try {
  246.             GestoreEventi.getInstance().log(evento);
  247.         }catch(Exception e) {
  248.             String msgError = "Registrazione evento per kid '"+keyId+"' (eventType:"+TimerGestoreChiaviPDNDEvent.EVENT_TYPE_ADDED+") non riuscita: "+e.getMessage();
  249.             this.log.error(msgError,e);
  250.         }
  251.     }
  252.     private boolean isUpdateRequired(RemoteStoreKey key, String keyId) {
  253.         if(key!=null && key.isInvalid()) {
  254.             String msg = getPrefixKid(keyId)+" non è valida";
  255.             this.log.debug(msg);
  256.             return true;
  257.         }
  258.         if(key!=null && keyMaxLifeMinutes>0 && key.getDataAggiornamento()!=null) {
  259.             long maxLifeSeconds = keyMaxLifeMinutes * 60l;
  260.             long maxLifeMs = maxLifeSeconds * 1000l;
  261.             Date tooOld = new Date(DateManager.getTimeMillis()-maxLifeMs);
  262.             if(key.getDataAggiornamento().before(tooOld)) {
  263.                 String msg = getPrefixKid(keyId)+" è più vecchia di "+keyMaxLifeMinutes+" minuti (data aggiornamento: "+DateUtils.getSimpleDateFormatMs().format(key.getDataAggiornamento())+")";
  264.                 this.log.debug(msg);
  265.                 return true;
  266.             }
  267.         }
  268.         return false;
  269.     }
  270.     
  271.     @Override
  272.     public JWK readJWK(String keyId, RemoteStoreConfig remoteConfig) throws UtilsException {
  273.         try {
  274.             return (JWK) readKey(RemoteKeyType.JWK, keyId, null, remoteConfig);
  275.         }catch(Exception e) {
  276.             throw new UtilsException(e.getMessage(),e);
  277.         }
  278.     }
  279.     @Override
  280.     public JWK readJWK(String keyId, RemoteStoreConfig remoteConfig, ByteArrayOutputStream bout) throws UtilsException {
  281.         try {
  282.             return (JWK) readKey(RemoteKeyType.JWK, keyId, bout, remoteConfig);
  283.         }catch(Exception e) {
  284.             throw new UtilsException(e.getMessage(),e);
  285.         }
  286.     }
  287.     @Override
  288.     public Certificate readX509(String keyId, RemoteStoreConfig remoteConfig) throws UtilsException {
  289.         try {
  290.             return (Certificate) readKey(RemoteKeyType.X509, keyId, null, remoteConfig);
  291.         }catch(Exception e) {
  292.             throw new UtilsException(e.getMessage(),e);
  293.         }
  294.     }
  295.     @Override
  296.     public Certificate readX509(String keyId, RemoteStoreConfig remoteConfig, ByteArrayOutputStream bout)
  297.             throws UtilsException {
  298.         try {
  299.             return (Certificate) readKey(RemoteKeyType.X509, keyId, bout, remoteConfig);
  300.         }catch(Exception e) {
  301.             throw new UtilsException(e.getMessage(),e);
  302.         }
  303.     }
  304.     @Override
  305.     public PublicKey readPublicKey(String keyId, RemoteStoreConfig remoteConfig) throws UtilsException {
  306.         try {
  307.             return (PublicKey) readKey(RemoteKeyType.PUBLIC_KEY, keyId, null, remoteConfig);
  308.         }catch(Exception e) {
  309.             throw new UtilsException(e.getMessage(),e);
  310.         }
  311.     }
  312.     @Override
  313.     public PublicKey readPublicKey(String keyId, RemoteStoreConfig remoteConfig, ByteArrayOutputStream bout)
  314.             throws UtilsException {
  315.         try {
  316.             return (PublicKey) readKey(RemoteKeyType.PUBLIC_KEY, keyId, bout, remoteConfig);
  317.         }catch(Exception e) {
  318.             throw new UtilsException(e.getMessage(),e);
  319.         }
  320.     }
  321.     
  322.     
  323.     
  324.     @Override
  325.     public RemoteStoreClientInfo readClientInfo(String keyId, String clientId, RemoteStoreConfig remoteConfig, org.openspcoop2.utils.Map<Object> context)
  326.             throws UtilsException {
  327.         try {
  328.             return readClientInfoEngine(keyId, clientId, remoteConfig, context);
  329.         }catch(Exception e) {
  330.             throw new UtilsException(e.getMessage(),e);
  331.         }
  332.     }
  333.     private static boolean createEntryIfNotExists = true;
  334.     public static void setCreateEntryIfNotExists(boolean createEntryIfNotExists) {
  335.         RemoteStoreProviderDriver.createEntryIfNotExists = createEntryIfNotExists;
  336.     }
  337.     private RemoteStoreClientInfo readClientInfoEngine(String keyId, String clientId, RemoteStoreConfig remoteConfig, org.openspcoop2.utils.Map<Object> context) throws KeystoreException {
  338.         
  339.         RemoteStoreClientDetails clientDetails = null;
  340.         try {
  341.             clientDetails = RemoteStoreProviderDriverUtils.getRemoteStoreClientDetails(this.driverConfigurazioneDB, this.remoteStoreId, keyId, this.log, createEntryIfNotExists);
  342.             if(clientDetails==null) {
  343.                 throw new KeystoreNotFoundException("Client details not found");
  344.             }
  345.         }catch(KeystoreNotFoundException notFound) {
  346.             String msg = getPrefixKidClientDetails(keyId)+" non presente su database";
  347.             this.log.error(msg);
  348.             return null;
  349.         }
  350.         boolean updateRequired = isUpdateRequired(clientDetails, keyId, clientId);
  351.         if(!updateRequired) {
  352.             return clientDetails.getClientInfo();
  353.         }
  354.         
  355.         org.openspcoop2.utils.Semaphore semaphore = getLockStore(this.remoteStoreConfig.getStoreName());
  356.         SemaphoreLock lock = null;
  357.         try {
  358.             lock = semaphore.acquire("readClientDetails");
  359.         }catch(Exception e) {
  360.             throw new KeystoreException(e.getMessage(),e);
  361.         }
  362.         try {
  363.             
  364.             OpenSPCoop2Properties propertiesReader = OpenSPCoop2Properties.getInstance();
  365.             
  366.             RemoteStoreConfig remoteConfigUse = (remoteConfig!=null && remoteConfig.isMultitenant()) ? remoteConfig : this.remoteStoreConfig;
  367.             
  368.             String clientJson = PDNDConfigUtilities.readClientDetails(remoteConfigUse, propertiesReader, context, clientId, this.log);
  369.             String organizationId = null;
  370.             String organizationJson = null;
  371.             if(clientJson!=null) {
  372.                 organizationId = PDNDConfigUtilities.readOrganizationId(propertiesReader, context, clientJson, this.log);
  373.                 if(organizationId!=null) {
  374.                     organizationJson = PDNDConfigUtilities.readOrganizationDetails(remoteConfigUse, propertiesReader, context, organizationId, this.log);
  375.                 }
  376.             }
  377.             
  378.             clientDetails.setDataAggiornamento(DateManager.getDate());
  379.             
  380.             if(clientDetails.getClientInfo()==null) {
  381.                 clientDetails.setClientInfo(new RemoteStoreClientInfo());
  382.             }
  383.             clientDetails.getClientInfo().setClientId(clientId);
  384.             clientDetails.getClientInfo().setClientDetails(clientJson);
  385.             clientDetails.getClientInfo().setOrganizationId(organizationId);
  386.             clientDetails.getClientInfo().setOrganizationDetails(organizationJson);
  387.             
  388.             String msg = getPrefixKidClientDetails(keyId)+" ottenuta da remote store config, aggiornamento entry sul db ...";
  389.             this.log.debug(msg);
  390.             int rows = RemoteStoreProviderDriverUtils.updateRemoteStoreClientDetails(this.driverConfigurazioneDB, this.remoteStoreId, keyId, clientDetails);
  391.             msg = getPrefixKidClientDetails(keyId)+" ottenuta da remote store config, aggiornata entry sul db (updateRows:"+rows+")";
  392.             this.log.debug(msg);
  393.                         
  394.             return clientDetails.getClientInfo();
  395.             
  396.         }catch(Exception e) {
  397.             throw new KeystoreException(e.getMessage(),e);
  398.         }finally {
  399.             semaphore.release(lock, "readClientDetails");
  400.         }
  401.         
  402.     }
  403.     
  404.     private String getPrefixKidClientDetails(String keyId) {
  405.         return "ClientDetails con kid '"+keyId+"'";
  406.     }
  407.     
  408.     private boolean isUpdateRequired(RemoteStoreClientDetails clientDetails, String keyId, String clientId) {
  409.         if(clientDetails!=null && clientDetails.isInvalid()) {
  410.             String msg = getPrefixKidClientDetails(keyId)+" non è valida";
  411.             this.log.debug(msg);
  412.             return true;
  413.         }
  414.         if(clientDetails!=null && clientDetails.getClientInfo()==null) {
  415.             String msg = getPrefixKidClientDetails(keyId)+" client info non presente";
  416.             this.log.debug(msg);
  417.             return true;
  418.         }
  419.         if(clientDetails!=null && clientDetails.getClientInfo().getClientId()==null) {
  420.             String msg = getPrefixKidClientDetails(keyId)+" client id non presente";
  421.             this.log.debug(msg);
  422.             return true;
  423.         }
  424.         if(clientDetails!=null && !clientDetails.getClientInfo().getClientId().equals(clientId)) {
  425.             String msg = getPrefixKidClientDetails(keyId)+" client id differente da quello presente su database";
  426.             this.log.debug(msg);
  427.             return true;
  428.         }
  429.         return isUpdateRequiredByMaxLife(clientDetails, keyId);
  430.     }
  431.     
  432.     private boolean isUpdateRequiredByMaxLife(RemoteStoreClientDetails clientDetails, String keyId) {
  433.         if(clientDetails!=null) {
  434.             int maxLife =  clientDetails.isInfoComplete() ? RemoteStoreClientInfoCache.getClientDetailsMaxLifeMinutes() : RemoteStoreClientInfoCache.getClientDetailsCacheFallbackMaxLifeMinutes();
  435.             if(maxLife>0 && clientDetails.getDataAggiornamento()!=null) {
  436.                 long maxLifeSeconds = maxLife * 60l;
  437.                 long maxLifeMs = maxLifeSeconds * 1000l;
  438.                 Date tooOld = new Date(DateManager.getTimeMillis()-maxLifeMs);
  439.                 if(clientDetails.getDataAggiornamento().before(tooOld)) {
  440.                     String msg = getPrefixKidClientDetails(keyId)+" è più vecchia di "+maxLife+" minuti (data aggiornamento: "+DateUtils.getSimpleDateFormatMs().format(clientDetails.getDataAggiornamento())+")(info-complete:"+clientDetails.isInfoComplete()+")";
  441.                     this.log.debug(msg);
  442.                     return true;
  443.                 }
  444.             }
  445.         }
  446.             
  447.         return false;
  448.     }
  449. }
Created with JaCoCo 0.8.8.202204050719