RemoteStoreProviderDriver.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.pdd.core.keystore;

  23. import java.io.ByteArrayOutputStream;
  24. import java.security.PublicKey;
  25. import java.util.Date;
  26. import java.util.HashMap;
  27. import java.util.Map;

  29. import org.openspcoop2.core.config.driver.db.DriverConfigurazioneDB;
  30. import org.openspcoop2.core.eventi.Evento;
  31. import org.openspcoop2.pdd.config.ConfigurazionePdDReader;
  32. import org.openspcoop2.pdd.config.OpenSPCoop2Properties;
  33. import org.openspcoop2.pdd.config.PDNDConfigUtilities;
  34. import org.openspcoop2.pdd.core.eventi.GestoreEventi;
  35. import org.openspcoop2.pdd.timers.TimerException;
  36. import org.openspcoop2.pdd.timers.pdnd.TimerGestoreChiaviPDNDEvent;
  37. import org.openspcoop2.pdd.timers.pdnd.TimerGestoreChiaviPDNDLib;
  38. import org.openspcoop2.utils.SemaphoreLock;
  39. import org.openspcoop2.utils.UtilsException;
  40. import org.openspcoop2.utils.certificate.ArchiveLoader;
  41. import org.openspcoop2.utils.certificate.Certificate;
  42. import org.openspcoop2.utils.certificate.JWK;
  43. import org.openspcoop2.utils.certificate.KeyUtils;
  44. import org.openspcoop2.utils.certificate.remote.IRemoteStoreProvider;
  45. import org.openspcoop2.utils.certificate.remote.RemoteKeyType;
  46. import org.openspcoop2.utils.certificate.remote.RemoteStoreClientInfo;
  47. import org.openspcoop2.utils.certificate.remote.RemoteStoreConfig;
  48. import org.openspcoop2.utils.certificate.remote.RemoteStoreUtils;
  49. import org.openspcoop2.utils.date.DateManager;
  50. import org.openspcoop2.utils.date.DateUtils;
  51. import org.slf4j.Logger;

  53. /**
  54.  * RemoteStoreProviderDriver
  55.  *
  56.  * @author Poli Andrea (apoli@link.it)
  57.  * @author $Author$
  58.  * @version $Rev$, $Date$
  59.  */
  60. public class RemoteStoreProviderDriver implements IRemoteStoreProvider {

  62.     private static int keyMaxLifeMinutes = -1; // infinito
  63.     public static int getKeyMaxLifeMinutes() {
  64.         return keyMaxLifeMinutes;
  65.     }
  66.     public static void setKeyMaxLifeMinutes(int keyMaxLifeMinutes) {
  67.         RemoteStoreProviderDriver.keyMaxLifeMinutes = keyMaxLifeMinutes;
  68.     }
  69.     
  70.     
  71.     private static int clientDetailsMaxLifeMinutes = -1; // infinito
  72.     public static int getClientDetailsMaxLifeMinutes() {
  73.         return clientDetailsMaxLifeMinutes;
  74.     }
  75.     public static void setClientDetailsMaxLifeMinutes(int clientDetailsMaxLifeMinutes) {
  76.         RemoteStoreProviderDriver.clientDetailsMaxLifeMinutes = clientDetailsMaxLifeMinutes;
  77.     }


  80.     private static final Map<String, RemoteStoreProviderDriver> _providerStore = new HashMap<>();
  81.     public static synchronized void initialize(Logger log, RemoteStoreConfig remoteStoreConfig) throws KeystoreException {
  82.         String storeConfigName = getRemoteStoreConfigName(remoteStoreConfig);
  83.         RemoteStoreProviderDriver s = new RemoteStoreProviderDriver(log, remoteStoreConfig);
  84.         _providerStore.put(storeConfigName, s);
  85.     }
  86.     static RemoteStoreProviderDriver getProviderStore(String storeConfigName) throws KeystoreException{
  87.         RemoteStoreProviderDriver s = _providerStore.get(storeConfigName);
  88.         if(s==null) {
  89.             throw new KeystoreException("ProviderStore '"+storeConfigName+"' not exists");
  90.         }
  91.         return s;
  92.     }
  93.     
  94.     
  95.     private static final Map<String, org.openspcoop2.utils.Semaphore> _lockStore = new HashMap<>();
  96.     private static synchronized org.openspcoop2.utils.Semaphore initLockStore(String nomeRemoteStore){
  97.         org.openspcoop2.utils.Semaphore s = _lockStore.get(nomeRemoteStore);
  98.         if(s==null) {
  99.             Integer permits = OpenSPCoop2Properties.getInstance().getGestioneTokenValidazioneJWTLockPermits();
  100.             if(permits!=null && permits.intValue()>1) {
  101.                 s = new org.openspcoop2.utils.Semaphore("GestoreTokenValidazioneJWT_"+nomeRemoteStore, permits);
  102.             }
  103.             else {
  104.                 s = new org.openspcoop2.utils.Semaphore("GestoreTokenValidazioneJWT_"+nomeRemoteStore);
  105.             }
  106.             _lockStore.put(nomeRemoteStore, s);
  107.         }
  108.         return s;
  109.     }
  110.     private static org.openspcoop2.utils.Semaphore getLockStore(String nomeRemoteStore){
  111.         org.openspcoop2.utils.Semaphore s = _lockStore.get(nomeRemoteStore);
  112.         if(s==null) {
  113.             s = initLockStore(nomeRemoteStore);
  114.         }
  115.         return s;
  116.     }
  117.     
  118.     
  119.     static String getRemoteStoreConfigName(RemoteStoreConfig remoteStoreConfig) throws KeystoreException {
  120.         if(remoteStoreConfig==null) {
  121.             throw new KeystoreException("RemoteStoreConfig undefined");
  122.         }
  123.         String remoteStoreName = remoteStoreConfig.getStoreName();
  124.         if(remoteStoreName==null) {
  125.             throw new KeystoreException("RemoteStoreConfig name undefined");
  126.         }
  127.         return remoteStoreName;
  128.     }
  129.     
  130.     
  131.     
  132.     private DriverConfigurazioneDB driverConfigurazioneDB = null;
  133.     
  134.     private Logger log;
  135.     
  136.     private RemoteStoreConfig remoteStoreConfig;
  137.     private String keyAlgorithm;
  138.     private long remoteStoreId;
  139.     
  140.     private RemoteStoreProviderDriver(Logger log, RemoteStoreConfig remoteStoreConfig) throws KeystoreException {
  141.         
  142.         this.log = log;
  143.         
  144.         getRemoteStoreConfigName(remoteStoreConfig);
  145.         this.remoteStoreConfig = remoteStoreConfig;
  146.         
  147.         this.keyAlgorithm = remoteStoreConfig.getKeyAlgorithm();
  148.         if(this.keyAlgorithm==null) {
  149.             this.keyAlgorithm = KeyUtils.ALGO_RSA;
  150.         }
  151.             
  152.         Object oConfig = ConfigurazionePdDReader.getDriverConfigurazionePdD();
  153.         if(oConfig instanceof DriverConfigurazioneDB) {
  154.             this.driverConfigurazioneDB = (DriverConfigurazioneDB) oConfig;
  155.         }
  156.         else {
  157.             throw new KeystoreException("RemoteStoreProvider utilizzabile solamente con una configurazione su database");
  158.         }
  159.         
  160.         this.remoteStoreId = RemoteStoreProviderDriverUtils.registerIfNotExistsRemoteStore(this.driverConfigurazioneDB, this.remoteStoreConfig);
  161.     }
  162.     
  163.     
  164.     private String getPrefixKid(String keyId) {
  165.         return "Chiave con kid '"+keyId+"'";
  166.     }
  167.     
  168.     private Object readKey(RemoteKeyType remoteStoreKeyType, String keyId, ByteArrayOutputStream bout, RemoteStoreConfig remoteConfig) throws KeystoreException {
  169.         
  170.         RemoteStoreKey key = null;
  171.         try {
  172.             key = RemoteStoreProviderDriverUtils.getRemoteStoreKey(this.driverConfigurazioneDB, this.remoteStoreId, keyId);
  173.         }catch(KeystoreNotFoundException notFound) {
  174.             String msg = getPrefixKid(keyId)+" non presente su database";
  175.             this.log.debug(msg);
  176.             // ignore
  177.         }
  178.         boolean updateRequired = isUpdateRequired(key, keyId);
  179.         if(!updateRequired && key!=null && key.getKey()!=null) {
  180.             try {
  181.                 switch (remoteStoreKeyType) {
  182.                     case JWK:
  183.                         return new JWK(new String(key.getKey()));
  184.                     case PUBLIC_KEY:
  185.                         return KeyUtils.getInstance(this.keyAlgorithm).getPublicKey(key.getKey());
  186.                     case X509:
  187.                         return ArchiveLoader.load(key.getKey());
  188.                 }
  189.             }catch(Exception e) {
  190.                 throw new KeystoreException(e.getMessage(),e);
  191.             }
  192.         }
  193.         
  194.         org.openspcoop2.utils.Semaphore semaphore = getLockStore(this.remoteStoreConfig.getStoreName());
  195.         SemaphoreLock lock = null;
  196.         try {
  197.             lock = semaphore.acquire("readKey");
  198.         }catch(Exception e) {
  199.             throw new KeystoreException(e.getMessage(),e);
  200.         }
  201.         try (ByteArrayOutputStream boutInternal = new ByteArrayOutputStream()){
  202.             
  203.             ByteArrayOutputStream b = bout!=null ? bout : boutInternal;
  204.             
  205.             RemoteStoreConfig remoteConfigUse = (remoteConfig!=null && remoteConfig.isMultitenant()) ? remoteConfig : this.remoteStoreConfig;
  206.             
  207.             Object objectKey = null;
  208.             switch (remoteStoreKeyType) {
  209.             case JWK:
  210.                 objectKey = RemoteStoreUtils.readJWK(keyId, remoteConfigUse, b);
  211.                 break;
  212.             case PUBLIC_KEY:
  213.                 objectKey = RemoteStoreUtils.readPublicKey(keyId, remoteConfigUse, b);
  214.                 break;
  215.             case X509:
  216.                 objectKey = RemoteStoreUtils.readX509(keyId, remoteConfigUse, b);
  217.                 break;
  218.             }
  219.             
  220.             saveKey(updateRequired, keyId, b);
  221.             
  222.             return objectKey;
  223.             
  224.         }catch(Exception e) {
  225.             throw new KeystoreException(e.getMessage(),e);
  226.         }finally {
  227.             semaphore.release(lock, "readKey");
  228.         }
  229.         
  230.     }
  231.     private void saveKey(boolean updateRequired, String keyId, ByteArrayOutputStream b) throws KeystoreException, TimerException {
  232.         if(updateRequired) {
  233.             String msg = getPrefixKid(keyId)+" ottenuta da remote store config, aggiornamento entry sul db ...";
  234.             this.log.debug(msg);
  235.             int rows = RemoteStoreProviderDriverUtils.updateRemoteStoreKey(this.driverConfigurazioneDB, this.remoteStoreId, keyId, b.toByteArray());
  236.             msg = getPrefixKid(keyId)+" ottenuta da remote store config, aggiornata entry sul db (updateRows:"+rows+")";
  237.             this.log.debug(msg);
  238.         }
  239.         else {
  240.             String msg = getPrefixKid(keyId)+" ottenuta da remote store config, registrazione sul db ...";
  241.             this.log.debug(msg);
  242.             int rows = RemoteStoreProviderDriverUtils.addRemoteStoreKey(this.driverConfigurazioneDB, this.remoteStoreId, keyId, b.toByteArray());
  243.             msg = getPrefixKid(keyId)+" ottenuta da remote store config, registrata entry sul db (updateRows:"+rows+")";
  244.             this.log.debug(msg);
  245.             
  246.             if(OpenSPCoop2Properties.getInstance().isGestoreChiaviPDNDEventiAdd()) {
  247.                 Evento evento = TimerGestoreChiaviPDNDLib.buildEvento(TimerGestoreChiaviPDNDEvent.EVENT_TYPE_ADDED, keyId, "La chiave è stata aggiunta al repository locale");
  248.                 registerEvent(evento, keyId);
  249.             }
  250.         }
  251.     }
  252.     private void registerEvent(Evento evento, String keyId) {
  253.         try {
  254.             GestoreEventi.getInstance().log(evento);
  255.         }catch(Exception e) {
  256.             String msgError = "Registrazione evento per kid '"+keyId+"' (eventType:"+TimerGestoreChiaviPDNDEvent.EVENT_TYPE_ADDED+") non riuscita: "+e.getMessage();
  257.             this.log.error(msgError,e);
  258.         }
  259.     }
  260.     private boolean isUpdateRequired(RemoteStoreKey key, String keyId) {
  261.         if(key!=null && key.isInvalid()) {
  262.             String msg = getPrefixKid(keyId)+" non è valida";
  263.             this.log.debug(msg);
  264.             return true;
  265.         }
  266.         if(key!=null && keyMaxLifeMinutes>0 && key.getDataAggiornamento()!=null) {
  267.             long maxLifeSeconds = keyMaxLifeMinutes * 60l;
  268.             long maxLifeMs = maxLifeSeconds * 1000l;
  269.             Date tooOld = new Date(DateManager.getTimeMillis()-maxLifeMs);
  270.             if(key.getDataAggiornamento().before(tooOld)) {
  271.                 String msg = getPrefixKid(keyId)+" è più vecchia di "+keyMaxLifeMinutes+" minuti (data aggiornamento: "+DateUtils.getSimpleDateFormatMs().format(key.getDataAggiornamento())+")";
  272.                 this.log.debug(msg);
  273.                 return true;
  274.             }
  275.         }
  276.         return false;
  277.     }
  278.     
  279.     @Override
  280.     public JWK readJWK(String keyId, RemoteStoreConfig remoteConfig) throws UtilsException {
  281.         try {
  282.             return (JWK) readKey(RemoteKeyType.JWK, keyId, null, remoteConfig);
  283.         }catch(Exception e) {
  284.             throw new UtilsException(e.getMessage(),e);
  285.         }
  286.     }
  287.     @Override
  288.     public JWK readJWK(String keyId, RemoteStoreConfig remoteConfig, ByteArrayOutputStream bout) throws UtilsException {
  289.         try {
  290.             return (JWK) readKey(RemoteKeyType.JWK, keyId, bout, remoteConfig);
  291.         }catch(Exception e) {
  292.             throw new UtilsException(e.getMessage(),e);
  293.         }
  294.     }
  295.     @Override
  296.     public Certificate readX509(String keyId, RemoteStoreConfig remoteConfig) throws UtilsException {
  297.         try {
  298.             return (Certificate) readKey(RemoteKeyType.X509, keyId, null, remoteConfig);
  299.         }catch(Exception e) {
  300.             throw new UtilsException(e.getMessage(),e);
  301.         }
  302.     }
  303.     @Override
  304.     public Certificate readX509(String keyId, RemoteStoreConfig remoteConfig, ByteArrayOutputStream bout)
  305.             throws UtilsException {
  306.         try {
  307.             return (Certificate) readKey(RemoteKeyType.X509, keyId, bout, remoteConfig);
  308.         }catch(Exception e) {
  309.             throw new UtilsException(e.getMessage(),e);
  310.         }
  311.     }
  312.     @Override
  313.     public PublicKey readPublicKey(String keyId, RemoteStoreConfig remoteConfig) throws UtilsException {
  314.         try {
  315.             return (PublicKey) readKey(RemoteKeyType.PUBLIC_KEY, keyId, null, remoteConfig);
  316.         }catch(Exception e) {
  317.             throw new UtilsException(e.getMessage(),e);
  318.         }
  319.     }
  320.     @Override
  321.     public PublicKey readPublicKey(String keyId, RemoteStoreConfig remoteConfig, ByteArrayOutputStream bout)
  322.             throws UtilsException {
  323.         try {
  324.             return (PublicKey) readKey(RemoteKeyType.PUBLIC_KEY, keyId, bout, remoteConfig);
  325.         }catch(Exception e) {
  326.             throw new UtilsException(e.getMessage(),e);
  327.         }
  328.     }
  329.     
  330.     
  331.     
  332.     @Override
  333.     public RemoteStoreClientInfo readClientInfo(String keyId, String clientId, RemoteStoreConfig remoteConfig, org.openspcoop2.utils.Map<Object> context)
  334.             throws UtilsException {
  335.         try {
  336.             return readClientInfoEngine(keyId, clientId, remoteConfig, context);
  337.         }catch(Exception e) {
  338.             throw new UtilsException(e.getMessage(),e);
  339.         }
  340.     }
  341.     private static boolean createEntryIfNotExists = true;
  342.     public static void setCreateEntryIfNotExists(boolean createEntryIfNotExists) {
  343.         RemoteStoreProviderDriver.createEntryIfNotExists = createEntryIfNotExists;
  344.     }
  345.     private RemoteStoreClientInfo readClientInfoEngine(String keyId, String clientId, RemoteStoreConfig remoteConfig, org.openspcoop2.utils.Map<Object> context) throws KeystoreException {
  346.         
  347.         RemoteStoreClientDetails clientDetails = null;
  348.         try {
  349.             clientDetails = RemoteStoreProviderDriverUtils.getRemoteStoreClientDetails(this.driverConfigurazioneDB, this.remoteStoreId, keyId, this.log, createEntryIfNotExists);
  350.             if(clientDetails==null) {
  351.                 throw new KeystoreNotFoundException("Client details not found");
  352.             }
  353.         }catch(KeystoreNotFoundException notFound) {
  354.             String msg = getPrefixKidClientDetails(keyId)+" non presente su database";
  355.             this.log.error(msg);
  356.             return null;
  357.         }
  358.         boolean updateRequired = isUpdateRequired(clientDetails, keyId, clientId);
  359.         if(!updateRequired) {
  360.             return clientDetails.getClientInfo();
  361.         }
  362.         
  363.         org.openspcoop2.utils.Semaphore semaphore = getLockStore(this.remoteStoreConfig.getStoreName());
  364.         SemaphoreLock lock = null;
  365.         try {
  366.             lock = semaphore.acquire("readClientDetails");
  367.         }catch(Exception e) {
  368.             throw new KeystoreException(e.getMessage(),e);
  369.         }
  370.         try {
  371.             
  372.             OpenSPCoop2Properties propertiesReader = OpenSPCoop2Properties.getInstance();
  373.             
  374.             RemoteStoreConfig remoteConfigUse = (remoteConfig!=null && remoteConfig.isMultitenant()) ? remoteConfig : this.remoteStoreConfig;
  375.             
  376.             String clientJson = PDNDConfigUtilities.readClientDetails(remoteConfigUse, propertiesReader, context, clientId, this.log);
  377.             String organizationId = null;
  378.             String organizationJson = null;
  379.             if(clientJson!=null) {
  380.                 organizationId = PDNDConfigUtilities.readOrganizationId(propertiesReader, context, clientJson, this.log);
  381.                 if(organizationId!=null) {
  382.                     organizationJson = PDNDConfigUtilities.readOrganizationDetails(remoteConfigUse, propertiesReader, context, organizationId, this.log);
  383.                 }
  384.             }
  385.             
  386.             clientDetails.setDataAggiornamento(DateManager.getDate());
  387.             
  388.             if(clientDetails.getClientInfo()==null) {
  389.                 clientDetails.setClientInfo(new RemoteStoreClientInfo());
  390.             }
  391.             clientDetails.getClientInfo().setClientId(clientId);
  392.             clientDetails.getClientInfo().setClientDetails(clientJson);
  393.             clientDetails.getClientInfo().setOrganizationId(organizationId);
  394.             clientDetails.getClientInfo().setOrganizationDetails(organizationJson);
  395.             
  396.             String msg = getPrefixKidClientDetails(keyId)+" ottenuta da remote store config, aggiornamento entry sul db ...";
  397.             this.log.debug(msg);
  398.             int rows = RemoteStoreProviderDriverUtils.updateRemoteStoreClientDetails(this.driverConfigurazioneDB, this.remoteStoreId, keyId, clientDetails);
  399.             msg = getPrefixKidClientDetails(keyId)+" ottenuta da remote store config, aggiornata entry sul db (updateRows:"+rows+")";
  400.             this.log.debug(msg);
  401.                         
  402.             return clientDetails.getClientInfo();
  403.             
  404.         }catch(Exception e) {
  405.             throw new KeystoreException(e.getMessage(),e);
  406.         }finally {
  407.             semaphore.release(lock, "readClientDetails");
  408.         }
  409.         
  410.     }
  411.     
  412.     private String getPrefixKidClientDetails(String keyId) {
  413.         return "ClientDetails con kid '"+keyId+"'";
  414.     }
  415.     
  416.     private boolean isUpdateRequired(RemoteStoreClientDetails clientDetails, String keyId, String clientId) {
  417.         if(clientDetails!=null && clientDetails.isInvalid()) {
  418.             String msg = getPrefixKidClientDetails(keyId)+" non è valida";
  419.             this.log.debug(msg);
  420.             return true;
  421.         }
  422.         if(clientDetails!=null && clientDetails.getClientInfo()==null) {
  423.             String msg = getPrefixKidClientDetails(keyId)+" client info non presente";
  424.             this.log.debug(msg);
  425.             return true;
  426.         }
  427.         if(clientDetails!=null && clientDetails.getClientInfo().getClientId()==null) {
  428.             String msg = getPrefixKidClientDetails(keyId)+" client id non presente";
  429.             this.log.debug(msg);
  430.             return true;
  431.         }
  432.         if(clientDetails!=null && !clientDetails.getClientInfo().getClientId().equals(clientId)) {
  433.             String msg = getPrefixKidClientDetails(keyId)+" client id differente da quello presente su database";
  434.             this.log.debug(msg);
  435.             return true;
  436.         }
  437.         if(clientDetails!=null && clientDetailsMaxLifeMinutes>0 && clientDetails.getDataAggiornamento()!=null) {
  438.             long maxLifeSeconds = clientDetailsMaxLifeMinutes * 60l;
  439.             long maxLifeMs = maxLifeSeconds * 1000l;
  440.             Date tooOld = new Date(DateManager.getTimeMillis()-maxLifeMs);
  441.             if(clientDetails.getDataAggiornamento().before(tooOld)) {
  442.                 String msg = getPrefixKidClientDetails(keyId)+" è più vecchia di "+clientDetailsMaxLifeMinutes+" minuti (data aggiornamento: "+DateUtils.getSimpleDateFormatMs().format(clientDetails.getDataAggiornamento())+")";
  443.                 this.log.debug(msg);
  444.                 return true;
  445.             }
  446.         }
  447.         return false;
  448.     }
  449. }
Created with JaCoCo 0.8.8.202204050719