MerlinTruststore.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.security.keystore;

  23. import java.io.Serializable;
  24. import java.security.KeyStore;
  25. import java.security.cert.Certificate;
  26. import java.util.Properties;

  28. import org.openspcoop2.core.commons.DBUtils;
  29. import org.openspcoop2.security.SecurityException;
  30. import org.openspcoop2.utils.certificate.KeystoreType;
  31. import org.openspcoop2.utils.certificate.hsm.HSMManager;

  33. /**
  34.  * MerlinTruststore
  35.  *
  36.  * @author Andrea Poli (apoli@link.it)
  37.  * @author $Author$
  38.  * @version $Rev$, $Date$
  39.  */
  40. public class MerlinTruststore implements Serializable {

  42.     /**
  43.      * 
  44.      */
  45.     private static final long serialVersionUID = 1L;
  46.     
  47.     private transient org.openspcoop2.utils.certificate.KeyStore ks = null;
  48.     private byte[] ksBytes;
  49.     private String tipoStore = null;
  50.     private String pathStore = null;
  51.     private String passwordStore = null;
  52.     
  53.     private boolean hsm;
  54.     
  55.     @Override
  56.     public String toString() {
  57.         StringBuilder bf = new StringBuilder();
  58.         bf.append("TrustStore (").append(this.tipoStore).append(") ").append(this.pathStore);
  59.         return bf.toString();
  60.     }
  61.     
  62.     public MerlinTruststore(String propertyFilePath) throws SecurityException{
  63.         
  64.         Properties propStore = StoreUtils.readProperties("PropertyFilePath", propertyFilePath);
  65.         initMerlinTruststoreEngine(propStore);
  66.                 
  67.     }
  68.     public MerlinTruststore(Properties propStore) throws SecurityException{
  69.         
  70.         initMerlinTruststoreEngine(propStore);
  71.         
  72.     }
  73.     
  74.     private void initMerlinTruststoreEngine(Properties propStore) throws SecurityException{
  75.         
  76.         try{
  77.             if(propStore==null){
  78.                 throw new SecurityException("Properties per lo Store non indicato");
  79.             }
  80.             
  81.             this.tipoStore = propStore.getProperty(KeystoreConstants.PROPERTY_KEYSTORE_TYPE);
  82.             if(this.tipoStore!=null){
  83.                 this.tipoStore = this.tipoStore.trim();
  84.             }else{
  85.                 this.tipoStore = KeyStore.getDefaultType();
  86.             }
  87.             
  88.             this.pathStore = propStore.getProperty(KeystoreConstants.PROPERTY_KEYSTORE_PATH);
  89.             
  90.             this.passwordStore = propStore.getProperty(KeystoreConstants.PROPERTY_KEYSTORE_PASSWORD);
  91.             
  92.             init();
  93.             
  94.         }catch(Exception e){
  95.             throw new SecurityException(e.getMessage(),e);
  96.         }
  97.         
  98.     }
  99.         
  100.     public MerlinTruststore(String pathStore,String tipoStore,String passwordStore) throws SecurityException{
  101.         
  102.         this.pathStore = pathStore;
  103.         this.tipoStore = tipoStore;
  104.         this.passwordStore = passwordStore;
  105.         
  106.         init();
  107.         
  108.     }
  109.     
  110.     public MerlinTruststore(byte[]bytesKeystore,String tipoStore,String passwordStore) throws SecurityException{
  111.         
  112.         this.ksBytes = bytesKeystore;
  113.         this.tipoStore = tipoStore;
  114.         this.passwordStore = passwordStore;
  115.         
  116.         init();
  117.         
  118.     }
  119.     
  120.     private void init() throws SecurityException{
  121.         try{
  122.             if(this.tipoStore==null){
  123.                 throw new SecurityException("Tipo dello Store non indicato");
  124.             }
  125.             if(this.passwordStore==null){
  126.                 boolean required = true;
  127.                 if(KeystoreType.JKS.isType(this.tipoStore)) {
  128.                     required = DBUtils.isTruststoreJksPasswordRequired();
  129.                 }
  130.                 else if(KeystoreType.PKCS12.isType(this.tipoStore)) {
  131.                     required = DBUtils.isTruststorePkcs12PasswordRequired();
  132.                 }
  133.                 if(required) {
  134.                     throw new SecurityException("Password dello Store non indicata");
  135.                 }
  136.             }
  137.             
  138.             HSMManager hsmManager = HSMManager.getInstance();
  139.             if(hsmManager!=null) {
  140.                 this.hsm = hsmManager.existsKeystoreType(this.tipoStore);
  141.             }
  142.             
  143.             if(!this.hsm) {
  144.             
  145.                 if(this.ksBytes==null && this.pathStore==null){
  146.                     throw new SecurityException("Path per lo Store non indicato");
  147.                 }
  148.                 
  149.                 if(this.ksBytes==null) {
  150.                     this.ksBytes = StoreUtils.readContent("Path", this.pathStore);
  151.                 }
  152.                 
  153.             }

  155.             this.initKS();
  156.             
  157.         }catch(Exception e){
  158.             throw new SecurityException(e.getMessage(),e);
  159.         }
  160.     }
  161.     
  162.     public boolean isHsm() {
  163.         return this.hsm;
  164.     }
  165.     
  166.     private void checkInit() throws SecurityException{
  167.         if(this.ks==null) {
  168.             this.initKS();
  169.         }
  170.     }
  171.     private synchronized void initKS() throws SecurityException{
  172.         if(this.ks==null) {
  173.             try {
  174.                 if(this.hsm) {
  175.                     this.ks = HSMManager.getInstance().getKeystore(this.tipoStore);
  176.                 }
  177.                 else {
  178.                     this.ks = new org.openspcoop2.utils.certificate.KeyStore(this.ksBytes, this.tipoStore, this.passwordStore);
  179.                     
  180.                     // non utilizzabile in hsm, si ottiene errore: java.lang.UnsupportedOperationException: trusted certificates may only be set by token initialization application
  181.                     // at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1022)
  182.                     FixTrustAnchorsNotEmpty.addCertificate(this.ks.getKeystore());
  183.                 }
  184.             }
  185.             catch(Exception e){
  186.                 throw new SecurityException(e.getMessage(),e);
  187.             }
  188.         }
  189.     }
  190.     
  191.     
  192.     public Certificate getCertificate(String alias) throws SecurityException {
  193.         if(alias==null) {
  194.             throw new SecurityException("Alias non fornito");
  195.         }
  196.         this.checkInit(); // per ripristino da Serializable
  197.         try{
  198.             return this.ks.getCertificate(alias);
  199.         }catch(Exception e){
  200.             throw new SecurityException(e.getMessage(),e);
  201.         }
  202.     }
  203.     
  204.     public org.openspcoop2.utils.certificate.KeyStore getTrustStore() throws SecurityException {
  205.         this.checkInit(); // per ripristino da Serializable
  206.         try{
  207.             return this.ks;
  208.         }catch(Exception e){
  209.             throw new SecurityException(e.getMessage(),e);
  210.         }
  211.     }

  213.     public String getTipoStore() {
  214.         return this.tipoStore;
  215.     }

  217.     public String getPathStore() {
  218.         return this.pathStore;
  219.     }

  221.     public String getPasswordStore() {
  222.         return this.passwordStore;
  223.     }
  224. }
Created with JaCoCo 0.8.8.202204050719