BYOKLocalConfig.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.utils.certificate.byok;

  23. import java.io.Serializable;
  24. import java.util.Properties;
  25. import java.util.UUID;

  27. import org.apache.commons.lang.StringUtils;
  28. import org.openspcoop2.utils.UtilsException;
  29. import org.openspcoop2.utils.certificate.KeystoreType;
  30. import org.openspcoop2.utils.certificate.hsm.HSMManager;
  31. import org.openspcoop2.utils.certificate.hsm.HSMUtils;
  32. import org.slf4j.Logger;

  34. /**
  35.  * BYOKLocalConfig
  36.  *
  37.  * @author Poli Andrea (apoli@link.it)
  38.  * @author $Author$
  39.  * @version $Rev$, $Date$
  40.  */
  41. public class BYOKLocalConfig implements Serializable {

  43.     /**
  44.      * 
  45.      */
  46.     private static final long serialVersionUID = -3572589461109860459L;
  47.             
  48.     protected String encryptionEngine;
  49.     
  50.     protected KeystoreType keystoreType;
  51.     protected String keystoreHsmType;
  52.     protected String keystorePath;
  53.     protected String keystorePassword;
  54.     
  55.     protected String keyPath;
  56.     protected String keyInline;
  57.     protected String keyEncoding;
  58.     protected String keyAlgorithm;
  59.     protected String keyAlias;
  60.     protected String keyPassword;
  61.     protected String keyId;
  62.     protected boolean keyWrap = false;
  63.     
  64.     protected String publicKeyPath;
  65.     protected String publicKeyInline;
  66.     protected String publicKeyEncoding;
  67.     
  68.     protected String pw; // password
  69.     protected String pwType; // passwordType
  70.     protected Integer pwIteration; // passwordIteration
  71.     
  72.     protected String contentAlgorithm;
  73.     
  74.     protected String encoding;

  76.     protected boolean joseIncludeCert;
  77.     protected boolean joseIncludePublicKey;
  78.     protected boolean joseIncludeKeyId;
  79.     protected boolean joseIncludeCertSha1;
  80.     protected boolean joseIncludeCertSha256;
  81.     
  82.     protected BYOKLocalConfig() {}
  83.     protected BYOKLocalConfig(String id, Properties p, Logger log, BYOKConfig config, String byokPropertyPrefix) throws UtilsException {
  84.                 
  85.         if(p==null || p.isEmpty()) {
  86.             log.error("Properties is null");
  87.             throw new UtilsException("Properties '"+byokPropertyPrefix+id+".*' undefined");
  88.         }
  89.         
  90.         initEngine(id, p, config, byokPropertyPrefix);
  91.         
  92.         initKeystore(id, p, config, byokPropertyPrefix);
  93.     }

  95.     private static final String UNSUPPORTED_KEYSTORE_PREFIX = "Unsupported keystore '";
  96.     private static final String UNSUPPORTED_PROPERTY_PREFIX = "Unsupported property '";
  97.     private static final String VALUE_SEPARATOR = "' value '";
  98.     private static final String TYPE_SEPARATOR = "' type '";
  99.     
  100.     private void initEngine(String id, Properties p, BYOKConfig config, String byokPropertyPrefix) throws UtilsException {
  101.         
  102.         if(config!=null) {
  103.             // nop
  104.         }
  105.         
  106.         this.encryptionEngine = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_IMPL, true, byokPropertyPrefix);
  107.         if(!BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JAVA.equals(this.encryptionEngine) &&
  108.                 !BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JOSE.equals(this.encryptionEngine) &&
  109.                 !BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_OPENSSL.equals(this.encryptionEngine)) {
  110.             throw new UtilsException(UNSUPPORTED_PROPERTY_PREFIX+byokPropertyPrefix+id+"."+BYOKCostanti.PROPERTY_SUFFIX_LOCAL_IMPL+VALUE_SEPARATOR+this.encryptionEngine+"'");
  111.         }
  112.         
  113.         this.contentAlgorithm = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_CONTENT_ALGORITHM, 
  114.                 !BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_OPENSSL.equals(this.encryptionEngine), byokPropertyPrefix);
  115.         
  116.         if(BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JAVA.equals(this.encryptionEngine) ||
  117.                 BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_OPENSSL.equals(this.encryptionEngine)) {
  118.             boolean required = BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JAVA.equals(this.encryptionEngine);
  119.                     /**|| 
  120.                     BYOKMode.WRAP.equals(config.getMode()); // il wrap richiede e produce un valore leggibile per l'unwrap*/
  121.             this.encoding = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_ENCODING, required, byokPropertyPrefix);
  122.             if(this.encoding!=null && StringUtils.isNotEmpty(this.encoding) &&
  123.                     !BYOKCostanti.PROPERTY_LOCAL_ENCODING_BASE64.equals(this.encoding) &&
  124.                     !BYOKCostanti.PROPERTY_LOCAL_ENCODING_HEX.equals(this.encoding)) {
  125.                 throw new UtilsException(UNSUPPORTED_PROPERTY_PREFIX+byokPropertyPrefix+id+"."+BYOKCostanti.PROPERTY_SUFFIX_LOCAL_ENCODING+VALUE_SEPARATOR+this.encoding+"'");
  126.             }
  127.         }
  128.         
  129.         if(BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JAVA.equals(this.encryptionEngine)) {      
  130.             this.keyWrap = BYOKConfig.getBooleanProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_WRAP, false, false, byokPropertyPrefix);
  131.         }
  132.         
  133.         if(BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JOSE.equals(this.encryptionEngine)) {      
  134.             
  135.             this.joseIncludeCert = BYOKConfig.getBooleanProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_JOSE_INCLUDE_CERT, false, false, byokPropertyPrefix);
  136.             this.joseIncludePublicKey = BYOKConfig.getBooleanProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_JOSE_INCLUDE_PUBLIC_KEY, false, false, byokPropertyPrefix);
  137.             this.joseIncludeKeyId = BYOKConfig.getBooleanProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_JOSE_INCLUDE_KEY_ID, false, false, byokPropertyPrefix);
  138.             this.joseIncludeCertSha1 = BYOKConfig.getBooleanProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_JOSE_INCLUDE_CERT_SHA1, false, false, byokPropertyPrefix);
  139.             this.joseIncludeCertSha256 = BYOKConfig.getBooleanProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_JOSE_INCLUDE_CERT_SHA256, false, false, byokPropertyPrefix);
  140.             
  141.             String keyIdTmp = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_ID, false, byokPropertyPrefix);
  142.             if(keyIdTmp!=null) {
  143.                 this.keyId = keyIdTmp.trim();
  144.             }
  145.             
  146.         }
  147.     }
  148.     
  149.     private void initKeystore(String id, Properties p, BYOKConfig config, String byokPropertyPrefix) throws UtilsException {
  150.         
  151.         String tmpKeystoreType = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEYSTORE_TYPE, true, byokPropertyPrefix);
  152.         this.keystoreType = KeystoreType.toEnumFromName(tmpKeystoreType);
  153.         if(this.keystoreType==null) {
  154.             HSMManager hsmManager = HSMManager.getInstance();
  155.             if(hsmManager.existsKeystoreType(tmpKeystoreType)) {
  156.                 this.keystoreType = KeystoreType.PKCS11;
  157.                 this.keystoreHsmType = tmpKeystoreType;
  158.             }
  159.             else {
  160.                 throw new UtilsException(UNSUPPORTED_KEYSTORE_PREFIX+byokPropertyPrefix+id+"."+BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEYSTORE_TYPE+TYPE_SEPARATOR+tmpKeystoreType+"'");
  161.             }
  162.         }
  163.         String unsupportedError = UNSUPPORTED_KEYSTORE_PREFIX+byokPropertyPrefix+id+"."+BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEYSTORE_TYPE+TYPE_SEPARATOR+tmpKeystoreType+"' with "+
  164.                 byokPropertyPrefix+id+"."+BYOKCostanti.PROPERTY_SUFFIX_LOCAL_IMPL+" '";
  165.         switch (this.keystoreType) {
  166.         case JKS:
  167.         case PKCS12:
  168.         case PKCS11:
  169.         case JWK_SET:
  170.         case JCEKS:
  171.             
  172.             if(config!=null && config.getLocalConfig()!=null && config.getLocalConfig().isOpenSSLEngine()) {
  173.                 throw new UtilsException(unsupportedError+BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_OPENSSL+"'");
  174.             }
  175.             
  176.             initKeystoreEngine(id, p, config, byokPropertyPrefix);
  177.             break;
  178.         case KEY_PAIR:
  179.         case PUBLIC_KEY:
  180.         case SYMMETRIC_KEY:
  181.             
  182.             if(config!=null && config.getLocalConfig()!=null && config.getLocalConfig().isOpenSSLEngine()) {
  183.                 throw new UtilsException(unsupportedError+BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_OPENSSL+"'");
  184.             }
  185.             
  186.             initKeyEngine(id, p, byokPropertyPrefix);
  187.             break;
  188.         case PASSWORD_KEY_DERIVATION:
  189.             
  190.             if(BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JOSE.equals(this.encryptionEngine)) {
  191.                 throw new UtilsException(unsupportedError+BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JOSE+"'");
  192.             }
  193.             
  194.             initPasswordEngine(id, p, byokPropertyPrefix);
  195.             break;
  196.         default:
  197.             throw new UtilsException(UNSUPPORTED_KEYSTORE_PREFIX+byokPropertyPrefix+id+"."+BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEYSTORE_TYPE+TYPE_SEPARATOR+this.keystoreType+"'");
  198.         }
  199.     }
  200.     private void initKeystoreEngine(String id, Properties p, BYOKConfig config, String byokPropertyPrefix) throws UtilsException {
  201.         
  202.         if(KeystoreType.PKCS11.equals(this.keystoreType)) {
  203.             this.keystorePath = HSMUtils.KEYSTORE_HSM_STORE_PASSWORD_UNDEFINED;
  204.         }
  205.         else {
  206.             this.keystorePath = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEYSTORE_PATH, true, byokPropertyPrefix);
  207.         }
  208.         
  209.         if(KeystoreType.PKCS11.equals(this.keystoreType)) {
  210.             this.keystorePassword = HSMUtils.KEYSTORE_HSM_STORE_PASSWORD_UNDEFINED;
  211.         }
  212.         else if(!KeystoreType.JWK_SET.equals(this.keystoreType)) {
  213.             this.keystorePassword = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEYSTORE_PASSWORD, true, byokPropertyPrefix);
  214.         }
  215.         
  216.         initKeystoreKey(id, p, config, byokPropertyPrefix);
  217.     }
  218.     private void initKeystoreKey(String id, Properties p, BYOKConfig config, String byokPropertyPrefix) throws UtilsException {
  219.         
  220.         this.keyAlias = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_ALIAS, true, byokPropertyPrefix);
  221.                 
  222.         if(KeystoreType.JCEKS.equals(this.keystoreType) || BYOKMode.UNWRAP.equals(config.getMode())) {
  223.             
  224.             this.keyPassword = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_PASSWORD, false, byokPropertyPrefix);
  225.             
  226.         }
  227.         
  228.         this.keyAlgorithm = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_ALGORITHM, true, byokPropertyPrefix);
  229.         
  230.     }
  231.     
  232.     private void initKeyEngine(String id, Properties p, String byokPropertyPrefix) throws UtilsException {
  233.         
  234.         this.keyInline = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_INLINE, false, byokPropertyPrefix);
  235.         this.keyPath = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_PATH, (this.keyInline==null || StringUtils.isEmpty(this.keyInline)), byokPropertyPrefix);
  236.         
  237.         this.keyEncoding = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_ENCODING, false, byokPropertyPrefix);
  238.         if(this.keyEncoding!=null && StringUtils.isNotEmpty(this.keyEncoding) &&
  239.             !BYOKCostanti.PROPERTY_LOCAL_ENCODING_BASE64.equals(this.keyEncoding) &&
  240.             !BYOKCostanti.PROPERTY_LOCAL_ENCODING_HEX.equals(this.keyEncoding)) {
  241.             throw new UtilsException(UNSUPPORTED_PROPERTY_PREFIX+byokPropertyPrefix+id+"."+BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_ENCODING+VALUE_SEPARATOR+this.keyEncoding+"'");
  242.         }
  243.         
  244.         this.keyAlgorithm = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_ALGORITHM, true, byokPropertyPrefix);
  245.         
  246.         if(KeystoreType.KEY_PAIR.equals(this.keystoreType)) {
  247.             this.publicKeyInline = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_PUBLIC_KEY_INLINE, false, byokPropertyPrefix);
  248.             this.publicKeyPath = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_PUBLIC_KEY_PATH, (this.publicKeyInline==null || StringUtils.isEmpty(this.publicKeyInline)), byokPropertyPrefix);
  249.             
  250.             this.publicKeyEncoding = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_PUBLIC_KEY_ENCODING, false, byokPropertyPrefix);
  251.             if(this.publicKeyEncoding!=null && StringUtils.isNotEmpty(this.publicKeyEncoding) &&
  252.                 !BYOKCostanti.PROPERTY_LOCAL_ENCODING_BASE64.equals(this.publicKeyEncoding) &&
  253.                 !BYOKCostanti.PROPERTY_LOCAL_ENCODING_HEX.equals(this.publicKeyEncoding)) {
  254.                 throw new UtilsException(UNSUPPORTED_PROPERTY_PREFIX+byokPropertyPrefix+id+"."+BYOKCostanti.PROPERTY_SUFFIX_LOCAL_PUBLIC_KEY_ENCODING+VALUE_SEPARATOR+this.publicKeyEncoding+"'");
  255.             }
  256.             
  257.             this.keyPassword = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_KEY_PASSWORD, false, byokPropertyPrefix);
  258.         }
  259.     
  260.     }
  261.     
  262.     private void initPasswordEngine(String id, Properties p, String byokPropertyPrefix) throws UtilsException {
  263.         
  264.         this.pw = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_PW, true, byokPropertyPrefix);
  265.         
  266.         this.pwType = BYOKConfig.getProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_PW_TYPE, false, byokPropertyPrefix);
  267.         if(this.pwType==null || StringUtils.isEmpty(this.pwType.trim())) {
  268.             this.pwType = BYOKCostanti.PROPERTY_LOCAL_PW_TYPE_DEFAULT;
  269.         }
  270.         else if(!BYOKCostanti.getLocalPasswordTypes().contains(this.pwType)) {
  271.             throw new UtilsException(UNSUPPORTED_PROPERTY_PREFIX+byokPropertyPrefix+id+"."+BYOKCostanti.PROPERTY_SUFFIX_LOCAL_PW_TYPE+VALUE_SEPARATOR+this.pwType+"'");
  272.         }
  273.         
  274.         this.pwIteration = BYOKConfig.getIntegerProperty(id, p, BYOKCostanti.PROPERTY_SUFFIX_LOCAL_PWD_ITERATION, false, byokPropertyPrefix);
  275.     }
  276.     
  277.     
  278.     public boolean isJavaEngine() {
  279.         return BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JAVA.equals(this.encryptionEngine);
  280.     }
  281.     public boolean isJoseEngine() {
  282.         return BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_JOSE.equals(this.encryptionEngine);
  283.     }
  284.     public boolean isOpenSSLEngine() {
  285.         return BYOKCostanti.PROPERTY_LOCAL_ENCRYPTION_ENGINE_OPENSSL.equals(this.encryptionEngine);
  286.     }
  287.     
  288.     public KeystoreType getKeystoreType() {
  289.         return this.keystoreType;
  290.     }
  291.     
  292.     public String getKeystoreHsmType() {
  293.         return this.keystoreHsmType;
  294.     }

  296.     public String getKeystorePath() {
  297.         return this.keystorePath;
  298.     }
  299.     
  300.     public String getKeystorePassword() {
  301.         return this.keystorePassword;
  302.     }

  304.     public String getKeyPath() {
  305.         return this.keyPath;
  306.     }
  307.     public String getKeyInline() {
  308.         return this.keyInline;
  309.     }
  310.     public boolean isKeyBase64Encoding() {
  311.         return BYOKCostanti.PROPERTY_LOCAL_ENCODING_BASE64.equals(this.keyEncoding);
  312.     }
  313.     public boolean isKeyHexEncoding() {
  314.         return BYOKCostanti.PROPERTY_LOCAL_ENCODING_HEX.equals(this.keyEncoding);
  315.     }
  316.     public String getKeyEncoding() {
  317.         return this.keyEncoding;
  318.     }

  320.     public String getKeyAlgorithm() {
  321.         return this.keyAlgorithm;
  322.     }

  324.     public String getKeyAlias() {
  325.         return this.keyAlias;
  326.     }
  327.     public void setKeyAlias(String keyAlias) {
  328.         this.keyAlias = keyAlias;
  329.     }
  330.     public void generateKeyAlias() {
  331.         this.keyAlias = UUID.randomUUID().toString();
  332.     }
  333.     
  334.     public String getKeyPassword() {
  335.         return this.keyPassword;
  336.     }
  337.     
  338.     public String getKeyId() {
  339.         return this.keyId;
  340.     }
  341.     
  342.     public boolean isKeyWrap() {
  343.         return this.keyWrap;
  344.     }
  345.     
  346.     public String getPublicKeyPath() {
  347.         return this.publicKeyPath;
  348.     }
  349.     public String getPublicKeyInline() {
  350.         return this.publicKeyInline;
  351.     }
  352.     public boolean isPublicKeyBase64Encoding() {
  353.         return BYOKCostanti.PROPERTY_LOCAL_ENCODING_BASE64.equals(this.publicKeyEncoding);
  354.     }
  355.     public boolean isPublicKeyHexEncoding() {
  356.         return BYOKCostanti.PROPERTY_LOCAL_ENCODING_HEX.equals(this.publicKeyEncoding);
  357.     }
  358.     public String getPublicKeyEncoding() {
  359.         return this.publicKeyEncoding;
  360.     }
  361.     
  362.     public String getPassword() {
  363.         return this.pw;
  364.     }
  365.     
  366.     public String getPasswordType() {
  367.         return this.pwType;
  368.     }
  369.     
  370.     public Integer getPasswordIteration() {
  371.         return this.pwIteration;
  372.     }
  373.     
  374.     public String getContentAlgorithm() {
  375.         return this.contentAlgorithm;
  376.     }
  377.     
  378.     public boolean isBase64Encoding() {
  379.         return BYOKCostanti.PROPERTY_LOCAL_ENCODING_BASE64.equals(this.encoding);
  380.     }
  381.     public boolean isHexEncoding() {
  382.         return BYOKCostanti.PROPERTY_LOCAL_ENCODING_HEX.equals(this.encoding);
  383.     }
  384.     public String getEncoding() {
  385.         return this.encoding;
  386.     }

  388.     public boolean isJoseIncludeCert() {
  389.         return this.joseIncludeCert;
  390.     }
  391.     public boolean isJoseIncludePublicKey() {
  392.         return this.joseIncludePublicKey;
  393.     }
  394.     public boolean isJoseIncludeKeyId() {
  395.         return this.joseIncludeKeyId;
  396.     }
  397.     public boolean isJoseIncludeCertSha1() {
  398.         return this.joseIncludeCertSha1;
  399.     }
  400.     public boolean isJoseIncludeCertSha256() {
  401.         return this.joseIncludeCertSha256;
  402.     }
  403. }
Created with JaCoCo 0.8.8.202204050719