FileTraceEncryptConfig.java

  1. /*
  2.  * GovWay - A customizable API Gateway
  3.  * https://govway.org
  4.  *
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it).
  6.  *
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */
  20. package org.openspcoop2.pdd.logger.filetrace;

  21. import java.security.cert.Certificate;
  22. import java.security.cert.X509Certificate;
  23. import java.util.ArrayList;
  24. import java.util.Enumeration;
  25. import java.util.HashMap;
  26. import java.util.List;
  27. import java.util.Map;
  28. import java.util.Properties;
  29. import java.util.UUID;

  30. import org.apache.commons.lang.StringUtils;
  31. import org.apache.cxf.rs.security.jose.jwk.JsonWebKeys;
  32. import org.openspcoop2.utils.UtilsException;
  33. import org.openspcoop2.utils.certificate.KeyStore;
  34. import org.openspcoop2.utils.certificate.KeystoreType;
  35. import org.openspcoop2.utils.certificate.byok.BYOKCostanti;
  36. import org.openspcoop2.utils.certificate.hsm.HSMManager;
  37. import org.openspcoop2.utils.certificate.hsm.HSMUtils;
  38. import org.openspcoop2.utils.properties.PropertiesReader;
  39. import org.openspcoop2.utils.security.JwtHeaders;

  40. /**    
  41.  * FileTraceEncryptConfig
  42.  *
  43.  * @author Poli Andrea (poli@link.it)
  44.  * @author $Author$
  45.  * @version $Rev$, $Date$
  46.  */
  47. public class FileTraceEncryptConfig {

  48.     private String name;
  49.     private String encryptionEngine;
  50.    
  51.     private KeystoreType  keystoreType;
  52.     private String keystoreHsmType;
  53.     private String keystorePath;
  54.     private String keystorePassword;
  55.    
  56.     private String keyInline;
  57.     private String keyPath;
  58.     private String keyEncoding;
  59.     private String keyAlgorithm;
  60.     private String keyAlias;
  61.     private String keyPassword;
  62.     private String keyId;
  63.     private boolean keyWrap = false;
  64.    
  65.     private String pw; // password
  66.     private String pwType; // passwordType
  67.     private Integer pwIteration; // passwordIteration
  68.    
  69.     private String contentAlgorithm;
  70.    
  71.     private String encoding;

  72.     private boolean joseIncludeCert;
  73.     private boolean joseIncludePublicKey;
  74.     private boolean joseIncludeKeyId;
  75.     private boolean joseIncludeCertSha1;
  76.     private boolean joseIncludeCertSha256;
  77.    
  78.     private String kmsId;
  79.     private Map<String, String> kmsInput;
  80.    
  81.     private static final String ENCRYPTIONT_ENGINE_JAVA = BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JAVA;
  82.     private static final String ENCRYPTIONT_ENGINE_JOSE = BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JOSE;
  83.     private static final String ENCRYPTIONT_ENGINE_OPENSSL = BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_OPENSSL;
  84.    
  85.     private static final String ENCODING_BASE64 = BYOKCostanti.PROPERTY_LOCAL_ENCODING_BASE64;
  86.     private static final String ENCODING_HEX = BYOKCostanti.PROPERTY_LOCAL_ENCODING_HEX;
  87.    
  88.     private static final String PREFIX_ENCRYPT = "encrypt.";
  89.     private static final String DEBUG_PREFIX = "Property '"+PREFIX_ENCRYPT;
  90.     private static final String UNDEFINED = " undefined";
  91.     private static final String INVALID = " invalid";
  92.    
  93.     private static final String MODE = ".mode";
  94.    
  95.     private static final String KEYSTORE_TYPE = ".keystore.type";
  96.     private static final String KEYSTORE_PATH = ".keystore.path";
  97.     private static final String KEYSTORE_PASSWORD = ".keystore.password";
  98.    
  99.     private static final String KEY_PATH = ".key.path";
  100.     private static final String KEY_INLINE = ".key.inline";
  101.     private static final String KEY_ENCODING = ".key.encoding";
  102.     private static final String KEY_ALGORITHM = ".key.algorithm";
  103.     private static final String KEY_ALIAS = ".key.alias";
  104.     private static final String KEY_PASSWORD = ".key.password";
  105.     private static final String KEY_ID = ".key.id";
  106.     private static final String KEY_WRAP = ".key.wrap";
  107.    
  108.     private static final String PW_VALUE = ".password";
  109.     private static final String PW_TYPE = ".password.type";
  110.     /**public static final String PW_TYPE_OPENSSL_AES_128_CBC = BYOKCostanti.PROPERTY_LOCAL_PW_TYPE_OPENSSL_AES_128_CBC;
  111.     public static final String PW_TYPE_OPENSSL_AES_192_CBC = BYOKCostanti.PROPERTY_LOCAL_PW_TYPE_OPENSSL_AES_192_CBC;*/
  112.     public static final String PW_TYPE_OPENSSL_AES_256_CBC = BYOKCostanti.PROPERTY_LOCAL_PW_TYPE_OPENSSL_AES_256_CBC;
  113.     public static final String PW_TYPE_OPENSSL_PBKDF2_AES_128_CBC = BYOKCostanti.PROPERTY_LOCAL_PW_TYPE_OPENSSL_PBKDF2_AES_128_CBC;
  114.     public static final String PW_TYPE_OPENSSL_PBKDF2_AES_192_CBC = BYOKCostanti.PROPERTY_LOCAL_PW_TYPE_OPENSSL_PBKDF2_AES_192_CBC;
  115.     public static final String PW_TYPE_OPENSSL_PBKDF2_AES_256_CBC = BYOKCostanti.PROPERTY_LOCAL_PW_TYPE_OPENSSL_PBKDF2_AES_256_CBC;
  116.     public static List<String> getLocalPasswordTypes() {
  117.         return BYOKCostanti.getLocalPasswordTypes();
  118.     }
  119.     public static boolean isOpenSSLPasswordDerivationKeyMode(String mode) {
  120.         return BYOKCostanti.isOpenSSLPasswordDerivationKeyMode(mode);
  121.     }
  122.     public static boolean isOpenSSLPBKDF2PasswordDerivationKeyMode(String mode) {
  123.         return BYOKCostanti.isOpenSSLPBKDF2PasswordDerivationKeyMode(mode);
  124.     }
  125.     private static final String PW_TYPE_DEFAULT = BYOKCostanti.PROPERTY_LOCAL_PW_TYPE_DEFAULT;
  126.     private static final String PW_ITERATION = ".password.iter";
  127.    
  128.     private static final String CONTENT_ALGORITHM = ".algorithm";
  129.    
  130.     private static final String ENCODING_OUTPUT = ".encoding";

  131.     private static final String JOSE_INCLUDE_CERT = ".include.cert";
  132.     private static final String JOSE_INCLUDE_PUBLIC_KEY = ".include.public.key";
  133.     private static final String JOSE_INCLUDE_KEY_ID = ".include.key.id";
  134.     private static final String JOSE_INCLUDE_CERT_SHA1 = ".include.cert.sha1";
  135.     private static final String JOSE_INCLUDE_CERT_SHA256 = ".include.cert.sha256";
  136.    
  137.     private static final String KMS = ".kms";
  138.     private static final String KMS_PARAM = ".kms.param.";
  139.     private static final String KSM_DEPRECATED = ".ksm";
  140.     private static final String KSM_PARAM_DEPRECATED = ".ksm.param.";

  141.    
  142.     public static Map<String, FileTraceEncryptConfig> parse(PropertiesReader reader) throws UtilsException{
  143.        
  144.        
  145.         Properties propertiesMap = reader.readProperties_convertEnvProperties(PREFIX_ENCRYPT);
  146.        
  147.         Map<String, FileTraceEncryptConfig> result = new HashMap<>();
  148.        
  149.         List<String> keys = new ArrayList<>();
  150.         if(propertiesMap!=null && !propertiesMap.isEmpty()) {
  151.             for (Object s : propertiesMap.keySet()) {
  152.                 String key = (String) s;
  153.                 if(key.endsWith(MODE) && key.length()>MODE.length()) {
  154.                     String keyMode = key.substring(0,key.length()-MODE.length());
  155.                     if(keys.contains(keyMode)) {
  156.                         throw new UtilsException(DEBUG_PREFIX+key+"' already defined");
  157.                     }
  158.                     keys.add(keyMode);
  159.                 }
  160.             }
  161.         }
  162.        
  163.         parse(result, propertiesMap, keys);
  164.        
  165.         return result;
  166.     }
  167.     private static void parse(Map<String, FileTraceEncryptConfig> result, Properties propertiesMap, List<String> keys) throws UtilsException {
  168.         if(propertiesMap!=null && !keys.isEmpty()) {
  169.             for (String encMode : keys) {
  170.                 FileTraceEncryptConfig c = new FileTraceEncryptConfig();
  171.                 c.name = encMode;
  172.                
  173.                 parseEngine(encMode, propertiesMap, c);
  174.                
  175.                 parseKestore(encMode, propertiesMap, c);
  176.                
  177.                 parseKms(encMode, propertiesMap, c);
  178.                
  179.                 result.put(encMode, c);
  180.             }
  181.         }
  182.     }
  183.     private static void parseEngine(String encMode, Properties propertiesMap,
  184.             FileTraceEncryptConfig c) throws UtilsException {
  185.         String modePName = encMode+MODE;
  186.         c.encryptionEngine = propertiesMap.getProperty(modePName);
  187.         if(!ENCRYPTIONT_ENGINE_JAVA.equals(c.encryptionEngine) &&
  188.                 !ENCRYPTIONT_ENGINE_JOSE.equals(c.encryptionEngine) &&
  189.                 !ENCRYPTIONT_ENGINE_OPENSSL.equals(c.encryptionEngine)) {
  190.             throw new UtilsException(DEBUG_PREFIX+modePName+"' with unsupported engine mode '"+c.encryptionEngine+"'");
  191.         }
  192.        
  193.         String algoPName = encMode+CONTENT_ALGORITHM;
  194.         String algo = propertiesMap.getProperty(algoPName);
  195.         if(algo==null || StringUtils.isEmpty(algo.trim())) {
  196.             if(!ENCRYPTIONT_ENGINE_OPENSSL.equals(c.encryptionEngine)) {
  197.                 throw new UtilsException(DEBUG_PREFIX+algoPName+"'"+UNDEFINED);
  198.             }
  199.         }
  200.         else {
  201.             c.contentAlgorithm = algo.trim();
  202.         }
  203.        
  204.         if(ENCRYPTIONT_ENGINE_JAVA.equals(c.encryptionEngine) ||
  205.                 ENCRYPTIONT_ENGINE_OPENSSL.equals(c.encryptionEngine)) {
  206.             parseEncoding(encMode, propertiesMap, c);
  207.         }
  208.        
  209.         if(ENCRYPTIONT_ENGINE_JAVA.equals(c.encryptionEngine)) {    
  210.             String keyWrapPName = encMode+KEY_WRAP;
  211.             String keyWrap = propertiesMap.getProperty(keyWrapPName);
  212.             if(keyWrap!=null && StringUtils.isNotEmpty(keyWrap.trim())) {
  213.                 c.keyWrap = "true".equalsIgnoreCase(keyWrap);
  214.             }
  215.         }
  216.        
  217.         if(ENCRYPTIONT_ENGINE_JOSE.equals(c.encryptionEngine)) {
  218.             parseEngineJose(encMode, propertiesMap, c);
  219.         }
  220.     }
  221.     private static void parseEncoding(String encMode, Properties propertiesMap,
  222.             FileTraceEncryptConfig c) throws UtilsException {
  223.         String encodingPName = encMode+ENCODING_OUTPUT;
  224.         String encoding = propertiesMap.getProperty(encodingPName);
  225.         if(encoding==null || StringUtils.isEmpty(encoding.trim())) {
  226.             /**if(ENCRYPTIONT_ENGINE_JAVA.equals(c.encryptionEngine)) {
  227.              * In file trace e' sempre necessario produrre un output leggibile*/
  228.             throw new UtilsException(DEBUG_PREFIX+encodingPName+"'"+UNDEFINED);
  229.             /**}*/
  230.         }
  231.         else {
  232.             c.encoding = encoding.trim();
  233.             if(!ENCODING_BASE64.equals(c.encoding) &&
  234.                     !ENCODING_HEX.equals(c.encoding)) {
  235.                 throw new UtilsException(DEBUG_PREFIX+encodingPName+"' with unsupported encryption mode '"+c.encoding+"'");
  236.             }
  237.         }
  238.     }
  239.     private static void parseEngineJose(String encMode, Properties propertiesMap,
  240.             FileTraceEncryptConfig c)  {
  241.         c.joseIncludeCert = parseEngineJoseProperty(encMode+JOSE_INCLUDE_CERT, propertiesMap);
  242.         c.joseIncludePublicKey = parseEngineJoseProperty(encMode+JOSE_INCLUDE_PUBLIC_KEY, propertiesMap);
  243.         c.joseIncludeKeyId = parseEngineJoseProperty(encMode+JOSE_INCLUDE_KEY_ID, propertiesMap);
  244.         c.joseIncludeCertSha1 = parseEngineJoseProperty(encMode+JOSE_INCLUDE_CERT_SHA1, propertiesMap);
  245.         c.joseIncludeCertSha256 = parseEngineJoseProperty(encMode+JOSE_INCLUDE_CERT_SHA256, propertiesMap);
  246.        
  247.         String keyIdPName = encMode+KEY_ID;
  248.         String keyId = propertiesMap.getProperty(keyIdPName);
  249.         if(keyId!=null) {
  250.             c.keyId = keyId.trim();
  251.         }
  252.     }
  253.     private static boolean parseEngineJoseProperty(String pName, Properties propertiesMap) {
  254.         String v = propertiesMap.getProperty(pName);
  255.         return "true".equalsIgnoreCase(v);
  256.     }
  257.     private static void parseKestore(String encMode, Properties propertiesMap,
  258.             FileTraceEncryptConfig c) throws UtilsException {
  259.         String keystoreTypePName = encMode+KEYSTORE_TYPE;
  260.         String keystoreType = propertiesMap.getProperty(keystoreTypePName);
  261.         if(keystoreType==null || StringUtils.isEmpty(keystoreType.trim())) {
  262.             throw new UtilsException(DEBUG_PREFIX+keystoreTypePName+"'"+UNDEFINED);
  263.         }
  264.         keystoreType = keystoreType.trim();
  265.         c.keystoreType = KeystoreType.toEnumFromName(keystoreType);
  266.         if(c.keystoreType==null) {
  267.             if(keystoreType!=null) {
  268.                 HSMManager hsmManager = HSMManager.getInstance();
  269.                 if(hsmManager.existsKeystoreType(keystoreType)) {
  270.                     c.keystoreType = KeystoreType.PKCS11;
  271.                     c.keystoreHsmType = keystoreType;
  272.                 }
  273.                 else {
  274.                     throw new UtilsException(DEBUG_PREFIX+keystoreTypePName+"' with unsupported value '"+keystoreType+"'");
  275.                 }
  276.             }
  277.             else {
  278.                 throw new UtilsException(DEBUG_PREFIX+keystoreTypePName+"'"+UNDEFINED);
  279.             }
  280.         }
  281.         parseKestore(encMode, propertiesMap,
  282.                 c, keystoreTypePName, keystoreType);
  283.     }
  284.     private static void parseKestore(String encMode, Properties propertiesMap,
  285.             FileTraceEncryptConfig c, String keystoreTypePName, String keystoreType) throws UtilsException {
  286.         String errorUnsupported = "' unsupported with "+encMode+MODE;
  287.         switch (c.keystoreType) {
  288.         case JKS:
  289.         case PKCS12:
  290.         case PKCS11:
  291.         case JWK_SET:
  292.         case JCEKS:
  293.            
  294.             if(c.isOpenSSLEngine()) {
  295.                 throw new UtilsException(DEBUG_PREFIX+keystoreTypePName+"' '"+keystoreType+errorUnsupported+" '"+ENCRYPTIONT_ENGINE_OPENSSL+"'");
  296.             }
  297.            
  298.             parseKeystore(encMode, propertiesMap, c);
  299.            
  300.             break;
  301.         case PUBLIC_KEY:
  302.         case SYMMETRIC_KEY:
  303.            
  304.             if(c.isOpenSSLEngine()) {
  305.                 throw new UtilsException(DEBUG_PREFIX+keystoreTypePName+"' '"+keystoreType+errorUnsupported+" '"+ENCRYPTIONT_ENGINE_OPENSSL+"'");
  306.             }
  307.            
  308.             parseKey(encMode, propertiesMap, c);
  309.            
  310.             break;
  311.            
  312.         case PASSWORD_KEY_DERIVATION:
  313.            
  314.             if(c.isJoseEngine()) {
  315.                 throw new UtilsException(DEBUG_PREFIX+keystoreTypePName+"' '"+keystoreType+errorUnsupported+" '"+ENCRYPTIONT_ENGINE_JOSE+"'");
  316.             }
  317.            
  318.             parsePassword(encMode, propertiesMap, c);
  319.            
  320.             break;
  321.        
  322.         default:
  323.             throw new UtilsException(DEBUG_PREFIX+encMode+KEYSTORE_TYPE+"' with unsupported value '"+keystoreType+"'");
  324.         }
  325.     }
  326.     private static void parseKeystore(String encMode, Properties propertiesMap,
  327.             FileTraceEncryptConfig c) throws UtilsException {
  328.        
  329.         if(KeystoreType.PKCS11.equals(c.getKeystoreType())) {
  330.             c.keystorePath = HSMUtils.KEYSTORE_HSM_STORE_PASSWORD_UNDEFINED;
  331.         }
  332.         else {
  333.             String keystorePathPName = encMode+KEYSTORE_PATH;
  334.             String keystorePath = propertiesMap.getProperty(keystorePathPName);
  335.             if(keystorePath==null || StringUtils.isEmpty(keystorePath.trim())) {
  336.                 throw new UtilsException(DEBUG_PREFIX+keystorePathPName+"'"+UNDEFINED);
  337.             }
  338.             c.keystorePath = keystorePath.trim();
  339.         }
  340.        
  341.         if(KeystoreType.PKCS11.equals(c.getKeystoreType())) {
  342.             c.keystorePassword = HSMUtils.KEYSTORE_HSM_STORE_PASSWORD_UNDEFINED;
  343.         }
  344.         else if(!KeystoreType.JWK_SET.equals(c.getKeystoreType())) {
  345.             String keystorePasswordPName = encMode+KEYSTORE_PASSWORD;
  346.             String keystorePassword = propertiesMap.getProperty(keystorePasswordPName);
  347.             if(keystorePassword==null) {
  348.                 throw new UtilsException(DEBUG_PREFIX+keystorePasswordPName+"'"+UNDEFINED);
  349.             }
  350.             c.keystorePassword = keystorePassword.trim();
  351.         }
  352.        
  353.         parseKeystoreKey(encMode, propertiesMap, c);
  354.     }
  355.     private static void parseKeystoreKey(String encMode, Properties propertiesMap,
  356.             FileTraceEncryptConfig c) throws UtilsException {
  357.         String keyAliasPName = encMode+KEY_ALIAS;
  358.         String keyAlias = propertiesMap.getProperty(keyAliasPName);
  359.         if(keyAlias==null || StringUtils.isEmpty(keyAlias.trim())) {
  360.             throw new UtilsException(DEBUG_PREFIX+keyAliasPName+"'"+UNDEFINED);
  361.         }
  362.         c.keyAlias = keyAlias.trim();
  363.        
  364.         if(KeystoreType.JCEKS.equals(c.getKeystoreType())) {
  365.             String keyPasswordPName = encMode+KEY_PASSWORD;
  366.             String keyPassword = propertiesMap.getProperty(keyPasswordPName);
  367.             if(keyPassword!=null) {
  368.                 c.keyPassword = keyPassword.trim();
  369.             }
  370.         }
  371.        
  372.         String keyAlgoPName = encMode+KEY_ALGORITHM;
  373.         String keyAlgo = propertiesMap.getProperty(keyAlgoPName);
  374.         if(keyAlgo==null || StringUtils.isEmpty(keyAlgo.trim())) {
  375.             throw new UtilsException(DEBUG_PREFIX+keyAlgoPName+"'"+UNDEFINED);
  376.         }
  377.         c.keyAlgorithm = keyAlgo.trim();
  378.        
  379.     }
  380.     private static void parseKey(String encMode, Properties propertiesMap,
  381.             FileTraceEncryptConfig c) throws UtilsException {
  382.        
  383.         String keyInLinePName = encMode+KEY_INLINE;
  384.         String keyInLine = propertiesMap.getProperty(keyInLinePName);
  385.         if(keyInLine!=null && StringUtils.isNotEmpty(keyInLine.trim())) {
  386.             c.keyInline = keyInLine.trim();
  387.         }
  388.         else {
  389.             String keyPathPName = encMode+KEY_PATH;
  390.             String keyPath = propertiesMap.getProperty(keyPathPName);
  391.             if(keyPath==null || StringUtils.isEmpty(keyPath.trim())) {
  392.                 throw new UtilsException(DEBUG_PREFIX+keyPathPName+"'"+UNDEFINED);
  393.             }
  394.             c.keyPath = keyPath.trim();
  395.         }
  396.        
  397.         String keyEncodingPName = encMode+KEY_ENCODING;
  398.         String keyEncoding = propertiesMap.getProperty(keyEncodingPName);
  399.         if(keyEncoding!=null && StringUtils.isNotEmpty(keyEncoding.trim())) {
  400.             c.keyEncoding = keyEncoding.trim();
  401.             if(!ENCODING_BASE64.equals(c.keyEncoding) &&
  402.                     !ENCODING_HEX.equals(c.keyEncoding)) {
  403.                 throw new UtilsException(DEBUG_PREFIX+keyEncodingPName+"' with unsupported encryption mode '"+c.keyEncoding+"'");
  404.             }
  405.         }
  406.        
  407.         String keyAlgoPName = encMode+KEY_ALGORITHM;
  408.         String keyAlgo = propertiesMap.getProperty(keyAlgoPName);
  409.         if(keyAlgo==null || StringUtils.isEmpty(keyAlgo.trim())) {
  410.             throw new UtilsException(DEBUG_PREFIX+keyAlgoPName+"'"+UNDEFINED);
  411.         }
  412.         c.keyAlgorithm = keyAlgo.trim();
  413.     }
  414.    
  415.     private static void parsePassword(String encMode, Properties propertiesMap,
  416.             FileTraceEncryptConfig c) throws UtilsException {
  417.        
  418.         String passwordPName = encMode+PW_VALUE;
  419.         String password = propertiesMap.getProperty(passwordPName);
  420.         if(password==null || StringUtils.isEmpty(password.trim())) {
  421.             throw new UtilsException(DEBUG_PREFIX+passwordPName+"'"+UNDEFINED);
  422.         }
  423.         c.pw = password.trim();
  424.        
  425.         String passwordTypePName = encMode+PW_TYPE;
  426.         String passwordType = propertiesMap.getProperty(passwordTypePName);
  427.         if(passwordType==null || StringUtils.isEmpty(passwordType.trim())) {
  428.             c.pwType = PW_TYPE_DEFAULT;
  429.         }
  430.         else {
  431.             c.pwType = passwordType.trim();
  432.             if(!getLocalPasswordTypes().contains(c.pwType)) {
  433.                 throw new UtilsException(DEBUG_PREFIX+passwordTypePName+"'"+INVALID);
  434.             }
  435.         }
  436.        
  437.         String passwordIterationPName = encMode+PW_ITERATION;
  438.         String passwordIteration = propertiesMap.getProperty(passwordIterationPName);
  439.         if(passwordIteration!=null && StringUtils.isNotEmpty(passwordIteration.trim())) {
  440.             try {
  441.                 c.pwIteration = Integer.valueOf(passwordIteration);
  442.             }catch(Exception e) {
  443.                 throw new UtilsException(DEBUG_PREFIX+passwordIterationPName+"'"+INVALID+": "+e.getMessage());
  444.             }
  445.         }
  446.     }
  447.    
  448.     private static void parseKms(String encMode, Properties propertiesMap,
  449.             FileTraceEncryptConfig c) {
  450.        
  451.         String prefixKMSparams = KMS_PARAM;
  452.        
  453.         String kmsPName = encMode+KMS;
  454.         String kms = propertiesMap.getProperty(kmsPName);
  455.         if(kms!=null && StringUtils.isNotEmpty(kms.trim())) {
  456.             c.kmsId = kms.trim();
  457.         }
  458.         else {
  459.             // provo precedente modalità
  460.             kmsPName = encMode+KSM_DEPRECATED;
  461.             kms = propertiesMap.getProperty(kmsPName);
  462.             if(kms!=null && StringUtils.isNotEmpty(kms.trim())) {
  463.                 c.kmsId = kms.trim();
  464.                 prefixKMSparams = KSM_PARAM_DEPRECATED;
  465.             }
  466.         }
  467.        
  468.         List<String> inputParams = new ArrayList<>();
  469.         initKmsParamsInput(encMode, propertiesMap, inputParams, prefixKMSparams);
  470.         if(!inputParams.isEmpty()) {
  471.             c.kmsInput = new HashMap<>();
  472.             for (String inputId : inputParams) {
  473.                 String value = propertiesMap.getProperty(encMode+prefixKMSparams+inputId);
  474.                 if(value!=null) {
  475.                     c.kmsInput.put(inputId, value.trim());
  476.                 }
  477.             }
  478.         }
  479.     }
  480.     private static void initKmsParamsInput(String encMode, Properties propertiesMap, List<String> idKeystore, String prefixKMSparams) {
  481.         String kmsParam = encMode+prefixKMSparams;
  482.         Enumeration<?> enKeys = propertiesMap.keys();
  483.         while (enKeys.hasMoreElements()) {
  484.             Object object = enKeys.nextElement();
  485.             if(object instanceof String) {
  486.                 String key = (String) object;
  487.                 initKmsParamsInput(key, kmsParam, idKeystore);  
  488.             }
  489.         }
  490.     }
  491.     private static void initKmsParamsInput(String key, String prefix, List<String> idKeystore) {
  492.         if(key.startsWith(prefix) && key.length()>(prefix.length())) {
  493.             String tmp = key.substring(prefix.length());
  494.             if(tmp!=null && StringUtils.isNotEmpty(tmp) &&
  495.                 !idKeystore.contains(tmp)) {
  496.                 idKeystore.add(tmp);
  497.             }
  498.         }
  499.     }
  500.    
  501.    
  502.     public String getName() {
  503.         return this.name;
  504.     }
  505.    
  506.     public boolean isJavaEngine() {
  507.         return ENCRYPTIONT_ENGINE_JAVA.equals(this.encryptionEngine);
  508.     }
  509.     public boolean isJoseEngine() {
  510.         return ENCRYPTIONT_ENGINE_JOSE.equals(this.encryptionEngine);
  511.     }
  512.     public boolean isOpenSSLEngine() {
  513.         return ENCRYPTIONT_ENGINE_OPENSSL.equals(this.encryptionEngine);
  514.     }
  515.    
  516.     public KeystoreType getKeystoreType() {
  517.         return this.keystoreType;
  518.     }
  519.    
  520.     public String getKeystoreHsmType() {
  521.         return this.keystoreHsmType;
  522.     }

  523.     public String getKeystorePath() {
  524.         return this.keystorePath;
  525.     }
  526.    
  527.     public String getKeystorePassword() {
  528.         return this.keystorePassword;
  529.     }

  530.     public String getKeyInline() {
  531.         return this.keyInline;
  532.     }
  533.     public String getKeyPath() {
  534.         return this.keyPath;
  535.     }
  536.     public boolean isKeyBase64Encoding() {
  537.         return ENCODING_BASE64.equals(this.keyEncoding);
  538.     }
  539.     public boolean isKeyHexEncoding() {
  540.         return ENCODING_HEX.equals(this.keyEncoding);
  541.     }

  542.     public String getKeyAlgorithm() {
  543.         return this.keyAlgorithm;
  544.     }

  545.     public String getKeyAlias() {
  546.         return this.keyAlias;
  547.     }
  548.     public void setKeyAlias(String keyAlias) {
  549.         this.keyAlias = keyAlias;
  550.     }
  551.     public void generateKeyAlias() {
  552.         this.keyAlias = UUID.randomUUID().toString();
  553.     }
  554.    
  555.     public String getKeyPassword() {
  556.         return this.keyPassword;
  557.     }
  558.    
  559.     public String getKeyId() {
  560.         return this.keyId;
  561.     }
  562.    
  563.     public boolean isKeyWrap() {
  564.         return this.keyWrap;
  565.     }
  566.    
  567.     public String getPassword() {
  568.         return this.pw;
  569.     }
  570.    
  571.     public String getPasswordType() {
  572.         return this.pwType;
  573.     }
  574.    
  575.     public Integer getPasswordIteration() {
  576.         return this.pwIteration;
  577.     }
  578.    
  579.     public String getContentAlgorithm() {
  580.         return this.contentAlgorithm;
  581.     }
  582.    
  583.     public boolean isBase64Encoding() {
  584.         return ENCODING_BASE64.equals(this.encoding);
  585.     }
  586.     public boolean isHexEncoding() {
  587.         return ENCODING_HEX.equals(this.encoding);
  588.     }

  589.     public JwtHeaders getJwtHeaders(KeyStore ks) throws UtilsException {
  590.         return getJwtHeaders(ks, null);
  591.     }
  592.     public JwtHeaders getJwtHeaders(JsonWebKeys jsonWebKeys) throws UtilsException {
  593.         return getJwtHeaders(null, jsonWebKeys);
  594.     }
  595.     private JwtHeaders getJwtHeaders(KeyStore ks, JsonWebKeys jsonWebKeys) throws UtilsException {
  596.         JwtHeaders jwtHeaders = new JwtHeaders();
  597.         if(this.joseIncludeKeyId) {
  598.             jwtHeaders.setKid(this.keyAlias);
  599.         }

  600.         if(this.joseIncludeCert) {
  601.             jwtHeaders.setAddX5C(true);
  602.         }
  603.         if(this.joseIncludeCertSha1) {
  604.             jwtHeaders.setX509IncludeCertSha1(true);
  605.         }
  606.         if(this.joseIncludeCertSha256) {
  607.             jwtHeaders.setX509IncludeCertSha256(true);
  608.         }
  609.         if(ks!=null && (this.joseIncludeCert || this.joseIncludeCertSha1 || this.joseIncludeCertSha256)) {
  610.             Certificate cert = ks.getCertificate(this.keyAlias);
  611.             if(cert instanceof X509Certificate) {
  612.                 jwtHeaders.addX509cert((X509Certificate)cert);
  613.             }
  614.         }
  615.        
  616.         if(jsonWebKeys!=null && this.joseIncludePublicKey) {
  617.             jwtHeaders.setJwKey(jsonWebKeys, this.keyAlias);
  618.         }
  619.        
  620.         return jwtHeaders;
  621.     }

  622.     public String getKmsId() {
  623.         return this.kmsId;
  624.     }
  625.     public Map<String, String> getKmsInput() {
  626.         return this.kmsInput;
  627.     }

  628. }