JOSEUtils.java
- /*
- * GovWay - A customizable API Gateway
- * https://govway.org
- *
- * Copyright (c) 2005-2025 Link.it srl (https://link.it).
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 3, as published by
- * the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- */
- package org.openspcoop2.security.message.jose;
- import java.net.Proxy;
- import java.net.URI;
- import java.security.cert.Certificate;
- import java.security.cert.X509Certificate;
- import java.util.ArrayList;
- import java.util.Enumeration;
- import java.util.HashMap;
- import java.util.List;
- import java.util.Map;
- import java.util.Properties;
- import org.apache.commons.lang.StringUtils;
- import org.apache.cxf.rt.security.rs.RSSecurityConstants;
- import org.openspcoop2.core.commons.DBUtils;
- import org.openspcoop2.core.constants.CostantiConnettori;
- import org.openspcoop2.core.mvc.properties.utils.MultiPropertiesUtilities;
- import org.openspcoop2.message.OpenSPCoop2Message;
- import org.openspcoop2.protocol.sdk.state.RequestInfo;
- import org.openspcoop2.security.SecurityException;
- import org.openspcoop2.security.keystore.BYOKUnwrapManager;
- import org.openspcoop2.security.keystore.CRLCertstore;
- import org.openspcoop2.security.keystore.HttpStore;
- import org.openspcoop2.security.keystore.KeyPairStore;
- import org.openspcoop2.security.keystore.MerlinKeystore;
- import org.openspcoop2.security.keystore.MerlinTruststore;
- import org.openspcoop2.security.keystore.PublicKeyStore;
- import org.openspcoop2.security.keystore.cache.GestoreKeystoreCache;
- import org.openspcoop2.security.message.constants.SecurityConstants;
- import org.openspcoop2.utils.LoggerWrapperFactory;
- import org.openspcoop2.utils.Utilities;
- import org.openspcoop2.utils.UtilsException;
- import org.openspcoop2.utils.certificate.JWKSet;
- import org.openspcoop2.utils.certificate.KeyStore;
- import org.openspcoop2.utils.certificate.KeystoreType;
- import org.openspcoop2.utils.certificate.KeystoreUtils;
- import org.openspcoop2.utils.certificate.byok.BYOKProvider;
- import org.openspcoop2.utils.certificate.byok.BYOKRequestParams;
- import org.openspcoop2.utils.certificate.remote.IRemoteStoreProvider;
- import org.openspcoop2.utils.certificate.remote.RemoteKeyType;
- import org.openspcoop2.utils.certificate.remote.RemoteStoreConfig;
- import org.openspcoop2.utils.security.JOSESerialization;
- import org.openspcoop2.utils.security.JWTOptions;
- import org.openspcoop2.utils.security.JwtHeaders;
- import org.openspcoop2.utils.transport.http.HttpForwardProxyConfig;
- import org.openspcoop2.utils.transport.http.HttpForwardProxyOptions;
- import org.openspcoop2.utils.transport.http.HttpOptions;
- import org.openspcoop2.utils.transport.http.HttpProxyOptions;
- import org.openspcoop2.utils.transport.http.HttpsOptions;
- import org.slf4j.Logger;
- /**
- * JOSEUtils
- *
- * @author Poli Andrea (poli@link.it)
- * @author $Author$
- * @version $Rev$, $Date$
- */
- public class JOSEUtils {
- private JOSEUtils() {}
-
- public static JOSESerialization toJOSESerialization(String mode) throws SecurityException {
- if(SecurityConstants.SIGNATURE_MODE_JSON.equals(mode)) {
- return JOSESerialization.JSON;
- }
- else if(SecurityConstants.SIGNATURE_MODE_COMPACT.equals(mode)) {
- return JOSESerialization.COMPACT;
- }
- else {
- throw new SecurityException("Mode '"+mode+"' unsupported");
- }
- }
-
- public static JwtHeaders getJwtHeaders(Map<String, Object> properties, OpenSPCoop2Message message) throws SecurityException {
- return getJwtHeaders(properties, message, null, null, null);
- }
- public static JwtHeaders getJwtHeaders(Map<String, Object> properties, OpenSPCoop2Message message,
- String alias) throws SecurityException {
- return getJwtHeaders(properties, message, alias, null, null);
- }
- public static JwtHeaders getJwtHeaders(Map<String, Object> properties, OpenSPCoop2Message message,
- String alias, JWKSet jwkSet) throws SecurityException {
- return getJwtHeaders(properties, message, alias, jwkSet, null);
- }
- public static JwtHeaders getJwtHeaders(Map<String, Object> properties, OpenSPCoop2Message message,
- String alias, KeyStore keystore) throws SecurityException {
- return getJwtHeaders(properties, message, alias, null, keystore);
- }
- private static JwtHeaders getJwtHeaders(Map<String, Object> properties, OpenSPCoop2Message message,
- String alias, JWKSet jwkSet,
- KeyStore keystore) throws SecurityException {
- JwtHeaders hdrs = new JwtHeaders();
-
- if(properties.containsKey(SecurityConstants.JOSE_KID)) {
- String value = (String) properties.get(SecurityConstants.JOSE_KID);
- if(value!=null) {
- value = value.trim();
- }
- if(SecurityConstants.JOSE_KID_TRUE.equalsIgnoreCase(value)) {
- hdrs.setKid(alias);
- }
- }
- else if(properties.containsKey(SecurityConstants.JOSE_KID_CUSTOM)) {
- String value = (String) properties.get(SecurityConstants.JOSE_KID_CUSTOM);
- if(value!=null) {
- value = value.trim();
- hdrs.setKid(value);
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_INCLUDE_CERT)) {
- String value = (String) properties.get(SecurityConstants.JOSE_INCLUDE_CERT);
- if(value!=null) {
- value = value.trim();
- }
- if(SecurityConstants.JOSE_INCLUDE_CERT_TRUE.equalsIgnoreCase(value)) {
- try {
- if(alias==null) {
- throw new SecurityException("Alias undefined (required for include cert)");
- }
- if(jwkSet!=null) {
- hdrs.setJwKey(jwkSet.getJsonWebKeys(), alias);
- }
- else if(keystore!=null) {
-
- boolean certChain = false;
- if(properties.containsKey(SecurityConstants.JOSE_INCLUDE_CERT_CHAIN)) {
- String valueChain = (String) properties.get(SecurityConstants.JOSE_INCLUDE_CERT_CHAIN);
- if(valueChain!=null) {
- valueChain = valueChain.trim();
- }
- if(SecurityConstants.JOSE_INCLUDE_CERT_CHAIN_TRUE.equalsIgnoreCase(valueChain)) {
- certChain = true;
- }
- }
-
- /**
- System.out.println("\n\n==============================================");
- System.out.println("ALIAS: ["+alias+"]");
- Certificate[] chain = keystore.getCertificateChain(alias);
- if(chain!=null) {
- System.out.println("CHAINS: ["+chain.length+"]");
- }
- for (int i = 0; i < chain.length; i++) {
- System.out.println("CHAIN["+i+"]: ["+(((X509Certificate)chain[i]).getSubjectX500Principal().toString()+"]"));
- }
- System.out.println("CERT: ["+(((X509Certificate)keystore.getCertificate(alias)).getSubjectX500Principal().toString()+"]"));
- */
- if(certChain) {
- Certificate[] certificateChain = keystore.getCertificateChain(alias);
- if(certificateChain!=null && certificateChain.length>0) {
- for (int i = 0; i < certificateChain.length; i++) {
- hdrs.addX509cert((X509Certificate)certificateChain[i]);
- }
- }
- else {
- hdrs.addX509cert((X509Certificate)keystore.getCertificate(alias));
- }
- }
- else {
- hdrs.addX509cert((X509Certificate)keystore.getCertificate(alias));
- }
- hdrs.setAddX5C(true);
- }
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_INCLUDE_CERT_SHA)) {
- String value = (String) properties.get(SecurityConstants.JOSE_INCLUDE_CERT_SHA);
- if(value!=null) {
- value = value.trim();
- }
- if(hdrs.getX509c()==null || hdrs.getX509c().isEmpty()) {
- if(keystore==null) {
- throw new SecurityException("Keystore undefined (required for digest '"+value+"')");
- }
- if(alias==null) {
- throw new SecurityException("Alias undefined (required for digest '"+value+"')");
- }
- Certificate cert = null;
- try {
- cert = keystore.getCertificate(alias);
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- if(cert==null) {
- throw new SecurityException("Certificate with alias '"+alias+"' not found (required for digest '"+value+"')");
- }
- hdrs.addX509cert((X509Certificate)cert);
- }
- if(SecurityConstants.JOSE_INCLUDE_CERT_SHA_1.equalsIgnoreCase(value)) {
- try {
- hdrs.setX509IncludeCertSha1(true);
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
- else if(SecurityConstants.JOSE_INCLUDE_CERT_SHA_256.equalsIgnoreCase(value)) {
- try {
- hdrs.setX509IncludeCertSha256(true);
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
- else {
- throw new SecurityException("Value '"+value+"' unknowkn for property '"+SecurityConstants.JOSE_INCLUDE_CERT_SHA+"'");
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_CONTENT_TYPE)) {
- String value = (String) properties.get(SecurityConstants.JOSE_CONTENT_TYPE);
- if(value!=null) {
- value = value.trim();
- }
- if(SecurityConstants.JOSE_CONTENT_TYPE_TRUE.equalsIgnoreCase(value)) {
- try {
- hdrs.setContentType(message.getContentType());
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_TYPE)) {
- String value = (String) properties.get(SecurityConstants.JOSE_TYPE);
- if(value!=null) {
- value = value.trim();
- }
- if(value!=null && !StringUtils.isEmpty(value)) {
- hdrs.setType(value);
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_X509_URL)) {
- String value = (String) properties.get(SecurityConstants.JOSE_X509_URL);
- if(value!=null) {
- value = value.trim();
- }
- if(value!=null && !StringUtils.isEmpty(value)) {
- try {
- hdrs.setX509Url(new URI(value));
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_JWK_SET_URL)) {
- String value = (String) properties.get(SecurityConstants.JOSE_JWK_SET_URL);
- if(value!=null) {
- value = value.trim();
- }
- if(value!=null && !StringUtils.isEmpty(value)) {
- try {
- hdrs.setJwkUrl(new URI(value));
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_CRITICAL_HEADERS)) {
- String value = (String) properties.get(SecurityConstants.JOSE_CRITICAL_HEADERS);
- if(value!=null) {
- value = value.trim();
- }
- if(value!=null && !StringUtils.isEmpty(value)) {
- if(value.contains(SecurityConstants.JOSE_CRITICAL_HEADERS_SEPARATOR)) {
- String [] tmp = value.split(SecurityConstants.JOSE_CRITICAL_HEADERS_SEPARATOR);
- for (String v : tmp) {
- if(v!=null) {
- v = v.trim();
- if(!StringUtils.isEmpty(v)) {
- hdrs.addCriticalHeader(v);
- }
- }
- }
- }
- else {
- hdrs.addCriticalHeader(value);
- }
- }
- }
-
- try {
- Properties pConvert = new Properties();
- pConvert.putAll(properties);
- Properties pExts = Utilities.readProperties(SecurityConstants.JOSE_EXT_HEADER_PREFIX, pConvert);
- if(pExts!=null && pExts.size()>0) {
- Enumeration<?> names = pExts.propertyNames();
- while (names.hasMoreElements()) {
- Object oName = names.nextElement();
- if(oName instanceof String) {
- String name = (String) oName;
- if(name!=null) {
- name = name.trim();
- if(name.endsWith(SecurityConstants.JOSE_EXT_HEADER_SUFFIX_NAME)) {
- String hdrName = pExts.getProperty(name);
- String confName = name.substring(0, name.indexOf(SecurityConstants.JOSE_EXT_HEADER_SUFFIX_NAME));
- String nameValue = confName+SecurityConstants.JOSE_EXT_HEADER_SUFFIX_VALUE;
- String hdrValue = pExts.getProperty(nameValue);
- if(hdrValue==null) {
- throw new SecurityException("Property '"+SecurityConstants.JOSE_EXT_HEADER_PREFIX+nameValue+"' not found");
- }
- hdrs.addExtension(hdrName, hdrValue);
- }
- }
- }
- }
- }
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
-
- return hdrs;
-
-
- }
-
- public static boolean useJwtHeadersMapProperties(Map<String, Properties> properties, JWTOptions options) {
- Properties defaultProperties = MultiPropertiesUtilities.getDefaultProperties(properties);
- return useJwtHeaders(defaultProperties, options);
- }
- public static boolean useJwtHeadersMap(Map<String, Object> propertiesParam, JWTOptions options) {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return useJwtHeaders(properties, options);
- }
- public static boolean useJwtHeaders(Properties properties, JWTOptions options) {
-
- boolean useJwtHeaders = false;
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS)) {
- String value = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS);
- if(value!=null) {
- value = value.trim();
- useJwtHeaders = SecurityConstants.JOSE_USE_HEADERS_TRUE.equalsIgnoreCase(value);
- }
-
- if(useJwtHeaders) {
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_X5C)) {
- value = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_X5C);
- if(value!=null) {
- value = value.trim();
- options.setPermitUseHeaderX5C(SecurityConstants.JOSE_USE_HEADERS_TRUE.equalsIgnoreCase(value));
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_X5U)) {
- value = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_X5U);
- if(value!=null) {
- value = value.trim();
- options.setPermitUseHeaderX5U(SecurityConstants.JOSE_USE_HEADERS_TRUE.equalsIgnoreCase(value));
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_X5T)) {
- value = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_X5T);
- if(value!=null) {
- value = value.trim();
- options.setPermitUseHeaderX5T(SecurityConstants.JOSE_USE_HEADERS_TRUE.equalsIgnoreCase(value));
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_X5T_256)) {
- value = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_X5T_256);
- if(value!=null) {
- value = value.trim();
- options.setPermitUseHeaderX5T_256(SecurityConstants.JOSE_USE_HEADERS_TRUE.equalsIgnoreCase(value));
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_JWK)) {
- value = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_JWK);
- if(value!=null) {
- value = value.trim();
- options.setPermitUseHeaderJWK(SecurityConstants.JOSE_USE_HEADERS_TRUE.equalsIgnoreCase(value));
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_JKU)) {
- value = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_JKU);
- if(value!=null) {
- value = value.trim();
- options.setPermitUseHeaderJKU(SecurityConstants.JOSE_USE_HEADERS_TRUE.equalsIgnoreCase(value));
- }
- }
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_KID)) {
- value = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_KID);
- if(value!=null) {
- value = value.trim();
- options.setPermitUseHeaderKID(SecurityConstants.JOSE_USE_HEADERS_TRUE.equalsIgnoreCase(value));
- }
- }
-
- }
- }
-
- return useJwtHeaders;
- }
-
- public static Properties toSslConfigJwtUrlHeader(Map<String, Object> propertiesParam) {
- Properties properties = null;
- if(propertiesParam.containsKey(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_FILE)) {
- String keystoreFile = (String) propertiesParam.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_FILE);
- if(keystoreFile!=null) {
-
- properties = new Properties();
-
- properties.put(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_FILE, keystoreFile);
-
- String keystoreType = (String) propertiesParam.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_TYPE);
- if(keystoreType!=null) {
- properties.put(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_TYPE, keystoreType);
- }
-
- String keystorePassword = (String) propertiesParam.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_PASSWORD);
- if(keystorePassword!=null) {
- properties.put(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_PASSWORD, keystorePassword);
- }
- }
- }
- return properties;
- }
- public static KeyStore readTrustStoreSsl(RequestInfo requestInfo, Map<String, Object> propertiesParam) throws SecurityException {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return readTrustStoreSsl(requestInfo, properties);
- }
- public static KeyStore readTrustStoreSsl(RequestInfo requestInfo, Properties properties) throws SecurityException {
- return readTrustStoreEngine(requestInfo, properties, SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_FILE,
- SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_TYPE,
- SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_SSL_PASSWORD);
- }
- public static KeyStore readTrustStoreJwtX509Cert(RequestInfo requestInfo, Map<String, Object> propertiesParam) throws SecurityException {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return readTrustStoreJwtX509Cert(requestInfo, properties);
- }
- public static KeyStore readTrustStoreJwtX509Cert(RequestInfo requestInfo, Properties properties) throws SecurityException {
- return readTrustStoreEngine(requestInfo, properties, SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_FILE,
- SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_TYPE,
- SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_PASSWORD);
- }
- public static boolean isJWKSetTrustStore(Map<String, Object> propertiesParam) {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return isJWKSetTrustStore(properties);
- }
- public static boolean isJWKSetTrustStore(Properties properties) {
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_TYPE)) {
- String truststoreType = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_TYPE);
- if(truststoreType!=null) {
- return SecurityConstants.KEYSTORE_TYPE_JWK_VALUE.equalsIgnoreCase(truststoreType);
- }
- }
- return false;
- }
-
- public static JWKSet readTrustStoreJwtJsonWebKeysCert(RequestInfo requestInfo, Map<String, Object> propertiesParam) throws SecurityException {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return readTrustStoreJwtJsonWebKeysCert(requestInfo, properties);
- }
- public static JWKSet readTrustStoreJwtJsonWebKeysCert(RequestInfo requestInfo, Properties properties) throws SecurityException {
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_FILE)) {
- String truststoreFile = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_FILE);
- if(truststoreFile!=null) {
- truststoreFile = truststoreFile.trim();
- }
- else {
- throw new SecurityException("Truststore value in property '"+SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_FILE+"' is null");
- }
- try {
- return GestoreKeystoreCache.getJwkSetStore(requestInfo, truststoreFile).getJwkSet();
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
-
- return null;
- }
-
- public static boolean isPublicKeyTrustStore(Map<String, Object> propertiesParam) {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return isPublicKeyTrustStore(properties);
- }
- public static boolean isPublicKeyTrustStore(Properties properties) {
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_TYPE)) {
- String truststoreType = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_TYPE);
- if(truststoreType!=null) {
- return SecurityConstants.KEYSTORE_TYPE_PUBLIC_KEY_VALUE.equalsIgnoreCase(truststoreType);
- }
- }
- return false;
- }
-
- public static JWKSet readTrustStorePublicKey(RequestInfo requestInfo, Map<String, Object> propertiesParam) throws SecurityException {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return readTrustStorePublicKey(requestInfo, properties);
- }
- public static JWKSet readTrustStorePublicKey(RequestInfo requestInfo, Properties properties) throws SecurityException {
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_FILE)) {
- String truststoreFile = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_FILE);
- if(truststoreFile!=null) {
- truststoreFile = truststoreFile.trim();
- }
- else {
- throw new SecurityException("Truststore value in property '"+SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_FILE+"' is null");
- }
- String truststoreAlgo = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_KEY_PAIR_ALGORITHM);
- if(truststoreAlgo!=null) {
- truststoreAlgo = truststoreAlgo.trim();
- }
- else {
- throw new SecurityException("Key algorithm value in property '"+SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_KEY_PAIR_ALGORITHM+"' is null");
- }
- try {
- return GestoreKeystoreCache.getPublicKeyStore(requestInfo, truststoreFile, truststoreAlgo).getJwkSet();
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
-
- return null;
- }
-
- public static boolean isRemoteStore(Map<String, Object> propertiesParam) {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return isRemoteStore(properties);
- }
- public static boolean isRemoteStore(Properties properties) {
- try {
- IRemoteStoreProvider provider = null;
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_REMOTE_STORE_PROVIDER)) {
- provider = (IRemoteStoreProvider) properties.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_REMOTE_STORE_PROVIDER);
- }
-
- RemoteKeyType keyType = null;
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_REMOTE_STORE_KEY_TYPE)) {
- keyType = (RemoteKeyType) properties.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_REMOTE_STORE_KEY_TYPE);
- }
-
- RemoteStoreConfig config = null;
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_REMOTE_STORE_CONFIG)) {
- config = (RemoteStoreConfig) properties.get(SecurityConstants.JOSE_USE_HEADERS_TRUSTSTORE_REMOTE_STORE_CONFIG);
- }
-
- return provider!=null && keyType!=null && config!=null;
-
- }catch(Exception e) {
- return false;
- }
-
- }
-
-
- public static boolean isKeyPairKeystore(Map<String, Object> propertiesParam) {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return isKeyPairKeystore(properties);
- }
- public static boolean isKeyPairKeystore(Properties properties) {
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_TYPE)) {
- String keystoreType = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_TYPE);
- if(keystoreType!=null) {
- return SecurityConstants.KEYSTORE_TYPE_KEY_PAIR_VALUE.equalsIgnoreCase(keystoreType);
- }
- }
- return false;
- }
-
- public static boolean isJWKSetKeyStore(Map<String, Object> propertiesParam) {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return isJWKSetKeyStore(properties);
- }
- public static boolean isJWKSetKeyStore(Properties properties) {
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_TYPE)) {
- String truststoreType = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_TYPE);
- if(truststoreType!=null) {
- return SecurityConstants.KEYSTORE_TYPE_JWK_VALUE.equalsIgnoreCase(truststoreType);
- }
- }
- return false;
- }
-
- public static JWKSet readKeyStoreJwtJsonWebKeysCert(RequestInfo requestInfo, Map<String, Object> propertiesParam) throws SecurityException {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return readKeyStoreJwtJsonWebKeysCert(requestInfo, properties);
- }
- public static JWKSet readKeyStoreJwtJsonWebKeysCert(RequestInfo requestInfo, Properties properties) throws SecurityException {
-
- if(properties.containsKey(SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_FILE)) {
- String keystoreFile = (String) properties.get(SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_FILE);
- if(keystoreFile!=null) {
- keystoreFile = keystoreFile.trim();
- }
- else {
- throw new SecurityException("Keystore value in property '"+SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_FILE+"' is null");
- }
- try {
- return GestoreKeystoreCache.getJwkSetStore(requestInfo, keystoreFile).getJwkSet();
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
-
- return null;
- }
-
- public static KeyStore readKeyStoreJwtX509Cert(RequestInfo requestInfo, Map<String, Object> propertiesParam) throws SecurityException {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return readKeyStoreJwtX509Cert(requestInfo, properties);
- }
- public static KeyStore readKeyStoreJwtX509Cert(RequestInfo requestInfo, Properties properties) throws SecurityException {
- return readTrustStoreEngine(requestInfo, properties, SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_FILE,
- SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_TYPE,
- SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_PASSWORD);
- }
-
- public static Map<String, String> covertToJwtX509CertMapAliasPassword(Map<String, Object> propertiesParam) throws SecurityException, UtilsException {
- Properties properties = new Properties();
- properties.putAll(propertiesParam);
- return readJwtX509CertMapAliasPassword(properties);
- }
- public static Map<String, String> readJwtX509CertMapAliasPassword(Properties properties) throws SecurityException, UtilsException {
- try {
- HashMap<String, String> map = new HashMap<>();
- Properties pMap = Utilities.readProperties(SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_MAP_ALIAS_PW, properties);
- if(pMap!=null && pMap.size()>0) {
- Enumeration<?> names = pMap.propertyNames();
- while (names.hasMoreElements()) {
- Object oName = names.nextElement();
- if(oName instanceof String) {
- String name = (String) oName;
- name = name.trim();
- if(name.endsWith(SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_MAP_ALIAS_PW_SUFFIX_ALIAS)) {
- String alias = pMap.getProperty(name);
- String confName = name.substring(0, name.indexOf(SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_MAP_ALIAS_PW_SUFFIX_ALIAS));
- String namePassword = confName+SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_MAP_ALIAS_PW_SUFFIX_PW;
- String password = pMap.getProperty(namePassword);
- if(password==null) {
- throw new SecurityException("Property '"+SecurityConstants.JOSE_USE_HEADERS_KEYSTORE_MAP_ALIAS_PW+namePassword+"' not found");
- }
- map.put(alias, password);
- }
- }
- }
- }
- if(!map.isEmpty()) {
- return map;
- }
- else {
- return null;
- }
- }catch(Exception e) {
- throw new SecurityException(e.getMessage(),e);
- }
- }
-
- private static KeyStore readTrustStoreEngine(RequestInfo requestInfo, Properties properties, String file, String type, String password) throws SecurityException {
-
- KeyStore keystore = null;
-
- String requiredPropertyPrefix = "Required property '";
-
- if(properties.containsKey(file)) {
- String keystoreFile = (String) properties.get(file);
- if(keystoreFile!=null) {
- keystoreFile = keystoreFile.trim();
-
- if(!properties.containsKey(type)) {
- throw new SecurityException(requiredPropertyPrefix+type+"' not found");
- }
- String keystoreType = (String) properties.get(type);
- if(keystoreType==null) {
- throw new SecurityException(requiredPropertyPrefix+type+"' is empty");
- }
- keystoreType = keystoreType.trim();
-
- boolean requiredPassword = true;
- if(!properties.containsKey(password)) {
- if(
- (KeystoreType.JKS.isType(keystoreType) && !DBUtils.isTruststoreJksPasswordRequired())
- ||
- (KeystoreType.PKCS12.isType(keystoreType) && !DBUtils.isTruststorePkcs12PasswordRequired())
- ) {
- requiredPassword = false;
- }
- if(requiredPassword) {
- throw new SecurityException(requiredPropertyPrefix+password+"' not found");
- }
- }
- String keystorePassword = (String) properties.get(password);
- if(keystorePassword==null && requiredPassword) {
- throw new SecurityException(requiredPropertyPrefix+password+"' is empty");
- }
- else if(keystorePassword!=null) {
- keystorePassword = keystorePassword.trim();
- }
-
- keystore = GestoreKeystoreCache.getMerlinTruststore(requestInfo, keystoreFile, keystoreType, keystorePassword).getTrustStore();
- }
- }
-
- return keystore;
- }
-
- public static final String HTTP_PROTOCOL = "http";
- public static final String HTTPS_PROTOCOL = "https";
-
- public static void injectKeystore(RequestInfo requestInfo, Map<String, Object> dynamicMap, Properties properties, Logger log) {
- try {
- injectKeystore(requestInfo, dynamicMap, properties, log, false);
- }catch(SecurityException e) {
- // ignore per default
- }
- }
- public static void injectKeystore(RequestInfo requestInfo, Map<String, Object> dynamicMap, Properties properties, Logger log, boolean throwError) throws SecurityException {
-
- if(log==null) {
- log = LoggerWrapperFactory.getLogger(JOSEUtils.class);
- }
-
- if(properties!=null && properties.containsKey(SecurityConstants.JOSE_KEYSTORE_FILE)) {
-
- String file = properties.getProperty(SecurityConstants.JOSE_KEYSTORE_FILE);
- String type = properties.getProperty(SecurityConstants.JOSE_KEYSTORE_TYPE);
- if(type==null) {
- type = SecurityConstants.KEYSTORE_TYPE_JKS_VALUE;
- }
- String password = properties.getProperty(SecurityConstants.JOSE_KEYSTORE_PSWD);
- boolean passwordDefined = (password!=null && !"".equals(password));
-
- String byokPropertyName = SecurityConstants.JOSE_KEYSTORE_BYOK_POLICY;
- String byokProperty = properties.getProperty(byokPropertyName);
- BYOKRequestParams byokParams = null;
- BYOKUnwrapManager byokManager = null;
- if(BYOKProvider.isPolicyDefined(byokProperty)){
- try {
- byokParams = BYOKProvider.getBYOKRequestParamsByUnwrapBYOKPolicy(byokProperty,
- dynamicMap!=null ? dynamicMap : new HashMap<>() );
- byokManager = new BYOKUnwrapManager(byokProperty, byokParams);
- }catch(Exception e) {
- String error = "Errore durante istanziazione del byok unwrap manager '"+byokProperty+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- }
-
- if(file!=null && !"".equals(file) ) {
-
- if(SecurityConstants.KEYSTORE_TYPE_KEY_PAIR_VALUE.equalsIgnoreCase(type)) {
-
- String privateKeyPassword = properties.getProperty(RSSecurityConstants.RSSEC_KEY_PSWD);
-
- String algorithmPropertyName = SecurityConstants.JOSE_KEYSTORE_KEY_ALGORITHM;
- String algorithmProperty = properties.getProperty(algorithmPropertyName);
-
- String publicKeyPropertyName = SecurityConstants.JOSE_KEYSTORE_PUBLIC_KEY;
- String publicKeyProperty = properties.getProperty(publicKeyPropertyName);
- if(publicKeyProperty==null || "".equals(publicKeyProperty) ) {
- String error = "Errore durante l'accesso al keyPair '"+file+"': property public key file ("+publicKeyPropertyName+") undefined";
- log.error(error);
- if(throwError) {
- throw new SecurityException(error);
- }
- }
- else {
- KeyPairStore keyPair = null;
- if(file.startsWith(HTTP_PROTOCOL) || file.startsWith(HTTPS_PROTOCOL)) {
- byte[] privateKey = readHttpStore(properties, requestInfo, file, log, throwError);
-
- byte[] publicKey = null;
- if(publicKeyProperty.startsWith(HTTP_PROTOCOL) || publicKeyProperty.startsWith(HTTPS_PROTOCOL)) {
- publicKey = readHttpStore(properties, requestInfo, publicKeyProperty, log, throwError);
- }
- else {
- String error = "Errore durante l'accesso al keyPair '"+file+"': property public key file ("+publicKeyPropertyName+") expected as http resource: '"+publicKeyProperty+"'";
- log.error(error);
- if(throwError) {
- throw new SecurityException(error);
- }
- }
-
- try {
- keyPair = new KeyPairStore(privateKey, publicKey, privateKeyPassword, algorithmProperty, byokParams);
- }catch(Exception e) {
- String error = "Errore durante istanziazione del keyPair (http resource) '"+file+"'/'"+publicKeyProperty+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- }
- else {
- try {
- keyPair = GestoreKeystoreCache.getKeyPairStore(requestInfo, file, publicKeyProperty, privateKeyPassword, algorithmProperty, byokParams);
- }catch(Exception e) {
- String error = "Errore durante istanziazione del keyPair '"+file+"'/'"+publicKeyProperty+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- }
- if(keyPair!=null) {
- try {
- String jwkSet = keyPair.getJwkSet().getJson();
- String jwkSetKid = keyPair.getJwkSetKid();
-
- properties.remove(SecurityConstants.JOSE_KEYSTORE_FILE);
- properties.remove(SecurityConstants.JOSE_KEYSTORE_PSWD);
- properties.remove(algorithmPropertyName);
- properties.remove(publicKeyPropertyName);
- properties.remove(RSSecurityConstants.RSSEC_KEY_PSWD);
- properties.remove(SecurityConstants.JOSE_KEYSTORE_KEY_ALIAS);
- properties.remove(SecurityConstants.JOSE_KEYSTORE_TYPE);
- properties.put(SecurityConstants.JOSE_KEYSTORE_JWKSET, jwkSet);
- properties.put(SecurityConstants.JOSE_KEYSTORE_KEY_ALIAS, jwkSetKid);
- properties.put(SecurityConstants.JOSE_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE_JWK_VALUE);
- }catch(Exception e) {
- String error = "Errore durante istanziazione del keyPair '"+file+"'/'"+publicKeyProperty+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- }
- }
-
- }
-
- else if(SecurityConstants.KEYSTORE_TYPE_PUBLIC_KEY_VALUE.equalsIgnoreCase(type)) {
-
- String algorithmPropertyName = SecurityConstants.JOSE_KEYSTORE_KEY_ALGORITHM;
- String algorithmProperty = properties.getProperty(algorithmPropertyName);
-
- PublicKeyStore publicKeyStore = null;
- if(file.startsWith(HTTP_PROTOCOL) || file.startsWith(HTTPS_PROTOCOL)) {
- byte[] publicKey = readHttpStore(properties, requestInfo, file, log, throwError);
-
- try {
- publicKeyStore = new PublicKeyStore(publicKey, algorithmProperty);
- }catch(Exception e) {
- String error = "Errore durante istanziazione della chiave pubblica (http resource) '"+file+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- }
- else {
- try {
- publicKeyStore = GestoreKeystoreCache.getPublicKeyStore(requestInfo, file, algorithmProperty);
- }catch(Exception e) {
- String error = "Errore durante istanziazione della chiave pubblica '"+file+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- }
- if(publicKeyStore!=null) {
- try {
- String jwkSet = publicKeyStore.getJwkSet().getJson();
- String jwkSetKid = publicKeyStore.getJwkSetKid();
-
- properties.remove(SecurityConstants.JOSE_KEYSTORE_FILE);
- properties.remove(SecurityConstants.JOSE_KEYSTORE_PSWD);
- properties.remove(algorithmPropertyName);
- properties.remove(RSSecurityConstants.RSSEC_KEY_PSWD);
- properties.remove(SecurityConstants.JOSE_KEYSTORE_KEY_ALIAS);
- properties.remove(SecurityConstants.JOSE_KEYSTORE_TYPE);
- properties.put(SecurityConstants.JOSE_KEYSTORE_JWKSET, jwkSet);
- properties.put(SecurityConstants.JOSE_KEYSTORE_KEY_ALIAS, jwkSetKid);
- properties.put(SecurityConstants.JOSE_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE_JWK_VALUE);
- }catch(Exception e) {
- String error = "Errore durante istanziazione della chiave pubblica '"+file+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- }
-
- }
-
- else if( passwordDefined
- ||
- ((!DBUtils.isKeystoreJksPasswordRequired()) && SecurityConstants.KEYSTORE_TYPE_JKS_VALUE.equalsIgnoreCase(type))
- ||
- ((!DBUtils.isKeystorePkcs12PasswordRequired()) && SecurityConstants.KEYSTORE_TYPE_PKCS12_VALUE.equalsIgnoreCase(type))
- ||
- SecurityConstants.KEYSTORE_TYPE_JWK_VALUE.equalsIgnoreCase(type)) {
-
- if(file.startsWith(HTTP_PROTOCOL) || file.startsWith(HTTPS_PROTOCOL)) {
-
- byte[]content = readHttpStore(properties, requestInfo, file, log, throwError);
-
- if(byokManager!=null) {
- try {
- content = byokManager.unwrap(content);
- }catch(Exception e) {
- String error = "Errore durante l'unwrap del keystore ottenuto via http '"+file+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- }
-
- if(content!=null) {
- if(SecurityConstants.KEYSTORE_TYPE_JWK_VALUE.equalsIgnoreCase(type)) {
- properties.remove(SecurityConstants.JOSE_KEYSTORE_FILE);
- properties.remove(SecurityConstants.JOSE_KEYSTORE_PSWD);
- properties.put(SecurityConstants.JOSE_KEYSTORE_JWKSET, new String(content));
- }
- else {
- java.security.KeyStore keystore = null;
- try {
- keystore = KeystoreUtils.readKeystore(content, type, password);
- }catch(Exception e) {
- String error = "Errore durante istanziazione del keystore ottenuto via http '"+file+"': "+e.getMessage();
- log.error(error,e);
- keystore = null;
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- if(keystore!=null) {
- properties.remove(SecurityConstants.JOSE_KEYSTORE_FILE);
- // properties.remove(SecurityConstants.JOSE_KEYSTORE_TYPE); non va rimosso, serve per jceks
- properties.remove(SecurityConstants.JOSE_KEYSTORE_PSWD);
- properties.put(SecurityConstants.JOSE_KEYSTORE, keystore);
- }
- }
- }
- }
- else {
- if(SecurityConstants.KEYSTORE_TYPE_JWK_VALUE.equalsIgnoreCase(type)) {
- String jwkSet = null;
- try {
- jwkSet = GestoreKeystoreCache.getJwkSetStore(requestInfo, file, byokParams).getJwkSetContent();
- }catch(Exception e) {
- String error = "Errore durante l'accesso al jwk set '"+file+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- if(jwkSet!=null) {
- properties.remove(SecurityConstants.JOSE_KEYSTORE_FILE);
- properties.remove(SecurityConstants.JOSE_KEYSTORE_PSWD);
- properties.put(SecurityConstants.JOSE_KEYSTORE_JWKSET, jwkSet);
- }
- }
- else {
- java.security.KeyStore keystore = null;
- try {
- MerlinKeystore merlinKeystore = GestoreKeystoreCache.getMerlinKeystore(requestInfo, file, type, password, byokParams);
- if(merlinKeystore==null) {
- throw new SecurityException("Keystore '"+file+"' undefined");
- }
- KeyStore keystoreUtils = merlinKeystore.getKeyStore();
- if(keystoreUtils==null) {
- throw new SecurityException("Keystore '"+file+"' undefined");
- }
- keystore = keystoreUtils.getKeystore();
- }catch(Exception e) {
- String error = "Errore durante l'accesso al keystore '"+file+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- if(keystore!=null) {
- properties.remove(SecurityConstants.JOSE_KEYSTORE_FILE);
- // properties.remove(SecurityConstants.JOSE_KEYSTORE_TYPE); non va rimosso, serve per jceks
- properties.remove(SecurityConstants.JOSE_KEYSTORE_PSWD);
- properties.put(SecurityConstants.JOSE_KEYSTORE, keystore);
- }
- }
- }
- }
- }
- }
-
- }
-
- public static byte[] readHttpStore(Properties properties, RequestInfo requestInfo, String file, Logger log, boolean throwError) throws SecurityException {
- return readHttpStore( properties, requestInfo, file, log, throwError, false);
- }
- public static byte[] readHttpStore(Properties properties, RequestInfo requestInfo, String file, Logger log, boolean throwError, boolean forceNoCache) throws SecurityException {
- byte[]content = null;
- try {
- boolean trustAll = false;
- String trustStoreAllSslProperty = properties.getProperty(JOSECostanti.ID_TRUSTSTORE_SSL_KEYSTORE_TRUSTALL);
- trustAll = trustStoreAllSslProperty!=null && "true".equalsIgnoreCase(trustStoreAllSslProperty);
-
- String trustStoreSslPropertyName = JOSECostanti.ID_TRUSTSTORE_SSL_KEYSTORE_FILE;
- String trustStoreSslProperty = properties.getProperty(trustStoreSslPropertyName);
- MerlinTruststore trustStoreSsl = null;
- if(trustStoreSslProperty!=null) {
- String trustStoreSslPasswordPropertyName = JOSECostanti.ID_TRUSTSTORE_SSL_KEYSTORE_PASSWORD;
- String trustStoreSslTypePropertyName = JOSECostanti.ID_TRUSTSTORE_SSL_KEYSTORE_TYPE;
- String trustStoreSslPasswordProperty = properties.getProperty(trustStoreSslPasswordPropertyName);
- String trustStoreSslTypeProperty = properties.getProperty(trustStoreSslTypePropertyName);
- if(trustStoreSslTypeProperty==null) {
- throw new SecurityException("TrustStore ssl type undefined");
- }
- if(trustStoreSslPasswordProperty==null) {
- boolean required = true;
- if(KeystoreType.JKS.isType(trustStoreSslTypeProperty)) {
- required = DBUtils.isTruststoreJksPasswordRequired();
- }
- else if(KeystoreType.PKCS12.isType(trustStoreSslTypeProperty)) {
- required = DBUtils.isTruststorePkcs12PasswordRequired();
- }
- if(required) {
- throw new SecurityException("TrustStore ssl password undefined");
- }
- }
- trustStoreSsl = GestoreKeystoreCache.getMerlinTruststore(requestInfo, trustStoreSslProperty, trustStoreSslTypeProperty, trustStoreSslPasswordProperty);
- }
-
- String trustStoreSslCrlPropertyName = JOSECostanti.ID_TRUSTSTORE_SSL_KEYSTORE_CRL;
- String trustStoreSslCrlProperty = properties.getProperty(trustStoreSslCrlPropertyName);
- CRLCertstore crlStore = null;
- if(trustStoreSslCrlProperty!=null) {
- crlStore = GestoreKeystoreCache.getCRLCertstore(requestInfo, trustStoreSslCrlProperty);
- }
-
- String trustStoreSslConnectionTimeoutPropertyName = JOSECostanti.ID_TRUSTSTORE_SSL_KEYSTORE_CONNECTION_TIMEOUT;
- String trustStoreSslReadTimeoutPropertyName = JOSECostanti.ID_TRUSTSTORE_SSL_KEYSTORE_READ_TIMEOUT;
- String trustStoreSslConnectionTimeoutProperty = properties.getProperty(trustStoreSslConnectionTimeoutPropertyName);
- String trustStoreSslReadTimeoutProperty = properties.getProperty(trustStoreSslReadTimeoutPropertyName);
- Integer connectionTimeout = null;
- Integer readTimeout = null;
- if(trustStoreSslConnectionTimeoutProperty!=null && trustStoreSslReadTimeoutProperty!=null) {
- connectionTimeout = Integer.valueOf(trustStoreSslConnectionTimeoutProperty);
- readTimeout = Integer.valueOf(trustStoreSslReadTimeoutProperty);
- }
-
- List<HttpOptions> list = new ArrayList<>();
-
- String trustStoreSslHostnameVerifier = properties.getProperty(JOSECostanti.ID_TRUSTSTORE_SSL_KEYSTORE_HOSTNAME_VERIFIER);
- if(trustStoreSslHostnameVerifier!=null && StringUtils.isNotEmpty(trustStoreSslHostnameVerifier)) {
- HttpsOptions op = new HttpsOptions();
- op.setHostnameVerifier("true".equals(trustStoreSslHostnameVerifier)); // lascio default a false
- list.add(op);
- }
-
- String forwardProxyEndpoint = properties.getProperty(JOSECostanti.ID_FORWARD_PROXY_ENDPOINT);
- if(forwardProxyEndpoint!=null && StringUtils.isNotEmpty(forwardProxyEndpoint)) {
- HttpForwardProxyOptions op = new HttpForwardProxyOptions();
- op.setForwardProxyEndpoint(forwardProxyEndpoint);
-
- HttpForwardProxyConfig c = new HttpForwardProxyConfig();
- String forwardProxyHeader = properties.getProperty(JOSECostanti.ID_FORWARD_PROXY_HEADER);
- String forwardProxyQuery = properties.getProperty(JOSECostanti.ID_FORWARD_PROXY_QUERY);
- if(forwardProxyHeader!=null && StringUtils.isNotEmpty(forwardProxyHeader)) {
- c.setHeader(forwardProxyHeader);
- String forwardProxyHeaderBase64 = properties.getProperty(JOSECostanti.ID_FORWARD_PROXY_HEADER_BASE64);
- if(forwardProxyHeaderBase64!=null && StringUtils.isNotEmpty(forwardProxyHeaderBase64)) {
- c.setHeaderBase64("false".equals(forwardProxyHeaderBase64)); // default true
- }
- }
- else if(forwardProxyQuery!=null && StringUtils.isNotEmpty(forwardProxyQuery)) {
- c.setQuery(forwardProxyQuery);
- String forwardProxyQueryBase64 = properties.getProperty(JOSECostanti.ID_FORWARD_PROXY_QUERY_BASE64);
- if(forwardProxyQueryBase64!=null && StringUtils.isNotEmpty(forwardProxyQueryBase64)) {
- c.setQueryBase64("false".equals(forwardProxyQueryBase64)); // default true
- }
- }
- else {
- throw new SecurityException("ForwardProxy header o query required");
- }
- op.setForwardProxyConfig(c);
-
- list.add(op);
- }
-
- String proxyType = properties.getProperty(JOSECostanti.ID_PROXY_TYPE);
- if(proxyType!=null && StringUtils.isNotEmpty(proxyType)) {
- HttpProxyOptions op = new HttpProxyOptions();
- if(CostantiConnettori.CONNETTORE_HTTP_PROXY_TYPE_VALUE_HTTP.equals(proxyType)){
- op.setProxyType(Proxy.Type.HTTP);
- }
- else if(CostantiConnettori.CONNETTORE_HTTP_PROXY_TYPE_VALUE_HTTPS.equals(proxyType)){
- op.setProxyType(Proxy.Type.HTTP); // voluto
- }
- else{
- throw new SecurityException("Proxy type '"+proxyType+"' unsupported");
- }
-
- String proxyHostname = properties.getProperty(JOSECostanti.ID_PROXY_HOSTNAME);
- if(proxyHostname!=null && StringUtils.isNotEmpty(proxyHostname)) {
- op.setProxyHostname(proxyHostname);
- }
- else{
- throw new SecurityException("Proxy hostname undefined");
- }
-
- String proxyPort = properties.getProperty(JOSECostanti.ID_PROXY_HOSTNAME);
- if(proxyPort!=null && StringUtils.isNotEmpty(proxyPort)) {
- try {
- op.setProxyPort(Integer.valueOf(proxyPort));
- }catch(Exception e) {
- throw new SecurityException("Proxy port '"+proxyPort+"' invalid: "+e.getMessage());
- }
- }
- else{
- throw new SecurityException("Proxy port undefined");
- }
-
- String proxyUsername = properties.getProperty(JOSECostanti.ID_PROXY_USERNAME);
- if(proxyUsername!=null && StringUtils.isNotEmpty(proxyUsername)) {
- op.setProxyUsername(proxyUsername);
- String proxyPassword = properties.getProperty(JOSECostanti.ID_PROXY_USERNAME);
- if(proxyPassword!=null) {
- op.setProxyPassword(proxyPassword);
- }
- }
-
- list.add(op);
- }
-
- HttpOptions [] options = null;
- if(!list.isEmpty()) {
- options = list.toArray(new HttpOptions[1]);
- }
- if(forceNoCache) {
- if(connectionTimeout!=null && readTimeout!=null) {
- if(trustStoreSsl!=null) {
- if(crlStore!=null) {
- content = new HttpStore(file, connectionTimeout, readTimeout, trustStoreSsl, crlStore, options).getStoreBytes();
- }
- else {
- content = new HttpStore(file, connectionTimeout, readTimeout, trustStoreSsl, options).getStoreBytes();
- }
- }
- else if(trustAll) {
- content = new HttpStore(file, connectionTimeout, readTimeout, trustAll, options).getStoreBytes();
- }
- else {
- content = new HttpStore(file, connectionTimeout, readTimeout, options).getStoreBytes();
- }
- }
- else {
- if(trustStoreSsl!=null) {
- if(crlStore!=null) {
- content = new HttpStore(file, trustStoreSsl, crlStore, options).getStoreBytes();
- }
- else {
- content = new HttpStore(file, trustStoreSsl, options).getStoreBytes();
- }
- }
- else if(trustAll) {
- content = new HttpStore(file, trustAll, options).getStoreBytes();
- }
- else {
- content = new HttpStore(file, options).getStoreBytes();
- }
- }
- }
- else {
- if(connectionTimeout!=null && readTimeout!=null) {
- if(trustStoreSsl!=null) {
- if(crlStore!=null) {
- content = GestoreKeystoreCache.getHttpStore(requestInfo, file, connectionTimeout, readTimeout, trustStoreSsl, crlStore, options).getStoreBytes();
- }
- else {
- content = GestoreKeystoreCache.getHttpStore(requestInfo, file, connectionTimeout, readTimeout, trustStoreSsl, options).getStoreBytes();
- }
- }
- else if(trustAll) {
- content = GestoreKeystoreCache.getHttpStore(requestInfo, file, connectionTimeout, readTimeout, trustAll, options).getStoreBytes();
- }
- else {
- content = GestoreKeystoreCache.getHttpStore(requestInfo, file, connectionTimeout, readTimeout, options).getStoreBytes();
- }
- }
- else {
- if(trustStoreSsl!=null) {
- if(crlStore!=null) {
- content = GestoreKeystoreCache.getHttpStore(requestInfo, file, trustStoreSsl, crlStore, options).getStoreBytes();
- }
- else {
- content = GestoreKeystoreCache.getHttpStore(requestInfo, file, trustStoreSsl, options).getStoreBytes();
- }
- }
- else if(trustAll) {
- content = GestoreKeystoreCache.getHttpStore(requestInfo, file, trustAll, options).getStoreBytes();
- }
- else {
- content = GestoreKeystoreCache.getHttpStore(requestInfo, file, options).getStoreBytes();
- }
- }
- }
- }catch(Exception e) {
- String error = "Errore durante l'accesso al keystore via http '"+file+"': "+e.getMessage();
- log.error(error,e);
- if(throwError) {
- throw new SecurityException(error, e);
- }
- }
- return content;
- }
- }