AttributeAuthorityUtilities.java

/*
 * GovWay - A customizable API Gateway 
 * https://govway.org
 * 
 * Copyright (c) 2005-2025 Link.it srl (https://link.it).
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 3, as published by
 * the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 *
 */


package org.openspcoop2.pdd.core.token.attribute_authority;

import java.util.HashMap;
import java.util.Map;
import java.util.Properties;

import org.apache.cxf.rt.security.rs.RSSecurityConstants;
import org.openspcoop2.core.commons.DBUtils;
import org.openspcoop2.core.config.GenericProperties;
import org.openspcoop2.core.config.Property;
import org.openspcoop2.core.mvc.properties.utils.DBPropertiesUtils;
import org.openspcoop2.pdd.core.token.TokenException;
import org.openspcoop2.security.message.constants.SecurityConstants;
import org.openspcoop2.utils.certificate.KeystoreParams;
import org.openspcoop2.utils.certificate.KeystoreType;

/**     
 * AttributeAuthorityUtilities
 *
 * @author Poli Andrea (poli@link.it)
 * @author $Author$
 * @version $Rev$, $Date$
 */
public class AttributeAuthorityUtilities {
    
    private AttributeAuthorityUtilities() {}
    
    public static KeystoreParams getRequestJwsKeystoreParams(GenericProperties gp) throws TokenException {
        PolicyAttributeAuthority policy = AttributeAuthorityUtilities.convertTo(gp);
        return getRequestJwsKeystoreParams(policy);
    }
    public static KeystoreParams getRequestJwsKeystoreParams(PolicyAttributeAuthority policy) throws TokenException {
    
        if(!policy.isRequestJws()) {
            throw new TokenException("La configurazione nell'AttributeAuthority "+policy.getName()+" non definisce il tipo di richiesta come JWS");
        }
        
        String keystoreType = policy.getRequestJwtSignKeystoreType();
        if(keystoreType==null) {
            throw new TokenException("JWS Signature keystore type undefined");
        }
        String keystoreFile = policy.getRequestJwtSignKeystoreFile();
        if(keystoreFile==null) {
            throw new TokenException("JWS Signature keystore file undefined");
        }
        String keystorePassword = policy.getRequestJwtSignKeystorePassword();
        if(keystorePassword==null && 
                !SecurityConstants.KEYSTORE_TYPE_JWK_VALUE.equalsIgnoreCase(keystoreType) && 
                !SecurityConstants.KEYSTORE_TYPE_KEY_PAIR_VALUE.equalsIgnoreCase(keystoreType) && 
                !SecurityConstants.KEYSTORE_TYPE_PUBLIC_KEY_VALUE.equalsIgnoreCase(keystoreType)) {
            boolean required = true;
            if(KeystoreType.JKS.isType(keystoreType)) {
                required = DBUtils.isKeystoreJksPasswordRequired();
            }
            else if(KeystoreType.PKCS12.isType(keystoreType)) {
                required = DBUtils.isKeystorePkcs12PasswordRequired();
            }
            if(required) {
                throw new TokenException("JWS Signature keystore password undefined");
            }
        }
        String keyAlias = policy.getRequestJwtSignKeyAlias();
        if(keyAlias==null && 
                !SecurityConstants.KEYSTORE_TYPE_KEY_PAIR_VALUE.equalsIgnoreCase(keystoreType) && 
                !SecurityConstants.KEYSTORE_TYPE_PUBLIC_KEY_VALUE.equalsIgnoreCase(keystoreType)) {
            throw new TokenException("JWS Signature key alias undefined");
        }
        String keyPassword = policy.getRequestJwtSignKeyPassword();
        if(keyPassword==null && 
                !SecurityConstants.KEYSTORE_TYPE_JWK_VALUE.equalsIgnoreCase(keystoreType) && 
                !SecurityConstants.KEYSTORE_TYPE_KEY_PAIR_VALUE.equalsIgnoreCase(keystoreType) && 
                !SecurityConstants.KEYSTORE_TYPE_PUBLIC_KEY_VALUE.equalsIgnoreCase(keystoreType)) {
            boolean required = true;
            if(KeystoreType.JKS.isType(keystoreType)) {
                required = DBUtils.isKeystoreJksKeyPasswordRequired();
            }
            else if(KeystoreType.PKCS12.isType(keystoreType)) {
                required = DBUtils.isKeystorePkcs12KeyPasswordRequired();
            }
            if(required) {
                throw new TokenException("JWS Signature key password undefined");
            }
        }
        
        String keystoreByokPolicy = policy.getRequestJwtSignKeystoreByokPolicy();
        
        KeystoreParams keystoreParams = new KeystoreParams();
        keystoreParams.setPath(keystoreFile);
        keystoreParams.setType(keystoreType);
        keystoreParams.setPassword(keystorePassword);
        keystoreParams.setKeyAlias(keyAlias);
        keystoreParams.setKeyPassword(keyPassword);
        keystoreParams.setByokPolicy(keystoreByokPolicy);
        
        fillKeyPairParamters(keystoreParams, keystoreType, policy);
        
        return keystoreParams;
        
    }
    
    private static void fillKeyPairParamters(KeystoreParams keystoreParams, String keystoreType, PolicyAttributeAuthority policy) throws TokenException {
        if(SecurityConstants.KEYSTORE_TYPE_KEY_PAIR_VALUE.equalsIgnoreCase(keystoreType)) {
            String keystorePublicKeyFile = policy.getRequestJwtSignKeystoreFilePublicKey();
            if(keystorePublicKeyFile==null) {
                throw new TokenException("JWT Signature public key file undefined");
            }
            keystoreParams.setKeyPairPublicKeyPath(keystorePublicKeyFile);
        }
        
        if(SecurityConstants.KEYSTORE_TYPE_KEY_PAIR_VALUE.equalsIgnoreCase(keystoreType)
                ||
            SecurityConstants.KEYSTORE_TYPE_PUBLIC_KEY_VALUE.equalsIgnoreCase(keystoreType)) {
            String keyPairAlgorithm = policy.getRequestJwtSignKeystoreFileAlgorithm();
            if(keyPairAlgorithm==null) {
                throw new TokenException("JWT Signature key pair algorithm undefined");
            }
            keystoreParams.setKeyPairAlgorithm(keyPairAlgorithm);
        }
    }
    
    public static KeystoreParams getResponseJwsKeystoreParams(GenericProperties gp) throws TokenException {
        PolicyAttributeAuthority policy = AttributeAuthorityUtilities.convertTo(gp);
        return getResponseJwsKeystoreParams(policy);
    }
    public static KeystoreParams getResponseJwsKeystoreParams(PolicyAttributeAuthority policy) throws TokenException {
    
        if(!policy.isResponseJws()) {
            throw new TokenException("La configurazione nell'AttributeAuthority "+policy.getName()+" non definisce il tipo di risposta come JWS");
        }
        Properties p = policy.getProperties().get(org.openspcoop2.pdd.core.token.attribute_authority.Costanti.POLICY_VALIDAZIONE_JWS_VERIFICA_PROP_REF_ID);
        if(p!=null && p.containsKey(SecurityConstants.JOSE_KEYSTORE_FILE)) {
            KeystoreParams keystoreParams = new KeystoreParams();
            keystoreParams.setPath(p.getProperty(SecurityConstants.JOSE_KEYSTORE_FILE));
            String type = p.getProperty(SecurityConstants.JOSE_KEYSTORE_TYPE);
            if(type==null) {
                type = KeystoreType.JKS.getNome();
            }
            keystoreParams.setType(type);
            keystoreParams.setPassword(p.getProperty(SecurityConstants.JOSE_KEYSTORE_PSWD));
            keystoreParams.setKeyAlias(p.getProperty(SecurityConstants.JOSE_KEYSTORE_KEY_ALIAS));
            keystoreParams.setKeyPassword(p.getProperty(RSSecurityConstants.RSSEC_KEY_PSWD));
            
            fillKeyPairParamters(keystoreParams, type, p);
            
            return keystoreParams;
        }
        return null;
        
    }
    private static void fillKeyPairParamters(KeystoreParams keystoreParams, String type, Properties p) throws TokenException {
        if(SecurityConstants.KEYSTORE_TYPE_KEY_PAIR_VALUE.equalsIgnoreCase(type)) {
            String keystorePublicKeyFile = p.getProperty(SecurityConstants.JOSE_KEYSTORE_PUBLIC_KEY);
            if(keystorePublicKeyFile==null) {
                throw new TokenException("Public key file undefined");
            }
            keystoreParams.setKeyPairPublicKeyPath(keystorePublicKeyFile);
        }
        
        if(SecurityConstants.KEYSTORE_TYPE_KEY_PAIR_VALUE.equalsIgnoreCase(type)
                ||
            SecurityConstants.KEYSTORE_TYPE_PUBLIC_KEY_VALUE.equalsIgnoreCase(type)) {
            String keyPairAlgorithm = p.getProperty(SecurityConstants.JOSE_KEYSTORE_KEY_ALGORITHM);
            if(keyPairAlgorithm==null) {
                throw new TokenException("Key pair algorithm undefined");
            }
            keystoreParams.setKeyPairAlgorithm(keyPairAlgorithm);
        }
    }
    
    public static PolicyAttributeAuthority convertTo(GenericProperties gp) throws TokenException { 
        
        PolicyAttributeAuthority policy = new PolicyAttributeAuthority();
        policy.setName(gp.getNome());
        policy.setDescrizione(gp.getDescrizione());
        
        HashMap<String, String> properties = new HashMap<>();
        for (Property pConfig : gp.getPropertyList()) {
            properties.put(pConfig.getNome(), pConfig.getValore());
        }
        try {
            Map<String, Properties> multiProperties = DBPropertiesUtils.toMultiMap(properties);
            policy.setProperties(multiProperties);
        }catch(Exception e) {
            throw new TokenException(e.getMessage(),e);
        }
        
        return policy;

    }
}