BYOKProvider.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it).
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */


  22. package org.openspcoop2.utils.certificate.byok;

  24. import java.util.ArrayList;
  25. import java.util.HashMap;
  26. import java.util.List;
  27. import java.util.Map;

  29. import org.apache.commons.lang.StringUtils;
  30. import org.openspcoop2.utils.SortedMap;
  31. import org.openspcoop2.utils.UtilsException;

  33. /**     
  34.  * BYOKProvider
  35.  *
  36.  * @author Poli Andrea (poli@link.it)
  37.  * @author $Author$
  38.  * @version $Rev$, $Date$
  39.  */
  40. public class BYOKProvider {
  41.     
  42.     public static final String BYOK_POLICY_UNDEFINED_EMPTY = "";
  43.     public static final String BYOK_POLICY_UNDEFINED = "-"; // nelle maschere generic_properties ho bisogno di usare questo valore
  44.     public static final String BYOK_POLICY_UNDEFINED_LABEL = BYOK_POLICY_UNDEFINED;
  45.     
  46.     private static boolean unwrapKeystoreFileEnabled = true;
  47.     public static boolean isUnwrapKeystoreFileEnabled() {
  48.         return unwrapKeystoreFileEnabled;
  49.     }
  50.     public static void setUnwrapKeystoreFileEnabled(boolean unwrapKeystoreFileEnabled) {
  51.         BYOKProvider.unwrapKeystoreFileEnabled = unwrapKeystoreFileEnabled;
  52.     }
  53.     
  54.     public static BYOKProvider getWrapInstance() throws UtilsException {
  55.         return new BYOKProvider(true);
  56.     }
  57.     public static BYOKProvider getUnwrapInstance() throws UtilsException {
  58.         return new BYOKProvider(false);
  59.     }
  60.     
  61.     private boolean byok = false;
  62.     public boolean isByokEnabled() {
  63.         return this.byok;
  64.     }
  65.     public boolean isUnwrapByokKeystoreEnabled() {
  66.         return this.byok && unwrapKeystoreFileEnabled;
  67.     }
  68.     private List<String> byokTypes = new ArrayList<>();
  69.     private List<String> byokLabels = new ArrayList<>();
  70.     private Map<String,BYOKSecurityConfig> byokSecurity = new HashMap<>();
  71.     private static final String NO_BYOK = "--no_byok--";
  72.     private static List<String> noBYOK = new ArrayList<>();
  73.     static{
  74.         noBYOK.add(NO_BYOK);    
  75.     }
  76.     private static final String DEFAULT_BYOK = "Default";
  77.     private BYOKProvider(boolean wrap) throws UtilsException {
  78.         BYOKManager byokManager = BYOKManager.getInstance();
  79.         SortedMap<String> sortedMap = wrap ? byokManager.getKeystoreWrapConfigTypesLabels() : byokManager.getKeystoreUnwrapConfigTypesLabels();
  80.         this.byok = sortedMap!=null && !sortedMap.isEmpty();
  81.         if(this.byok) {
  82.             List<String> byokTypesAdd = new ArrayList<>();
  83.             List<String> byokLabelsAdd = new ArrayList<>();
  84.             String typeDefault = null;
  85.             if(!sortedMap.isEmpty()) {
  86.                 for (String type : sortedMap.keys()) {
  87.                     if(init(byokManager, type, byokTypesAdd, byokLabelsAdd, sortedMap)) {
  88.                         typeDefault = type;
  89.                     }
  90.                 }
  91.             }
  92.             boolean byokEnabled = !byokTypesAdd.isEmpty();
  93.             if(byokEnabled) {
  94.                 fillList(typeDefault, byokTypesAdd, byokLabelsAdd);
  95.             }
  96.         }
  97.     }
  98.     private boolean init(BYOKManager byokManager, String type, List<String> byokTypesAdd, List<String> byokLabelsAdd, SortedMap<String> sortedMap) throws UtilsException {
  99.         
  100.         boolean addDefault = false;
  101.         
  102.         String label = sortedMap.get(type);
  103.         
  104.         StringBuilder securityId = new StringBuilder();
  105.         if(byokManager.isKMSUsedInSecurityUnwrapConfig(type, securityId)) {
  106.             String secId =  securityId.toString();
  107.             BYOKSecurityConfig secConfig = byokManager.getKMSSecurityConfig(secId);
  108.             
  109.             if( BYOKManager.getSecurityRemoteEngineGovWayPolicy()!=null &&
  110.                 BYOKManager.getSecurityRemoteEngineGovWayPolicy().equals(secId)) {
  111.                 addDefault = true;
  112.             }
  113.             
  114.             if(BYOKManager.getSecurityEngineGovWayPolicy()!=null && 
  115.                 BYOKManager.getSecurityEngineGovWayPolicy().equals(secId)) {
  116.                 if( BYOKManager.getSecurityRemoteEngineGovWayPolicy()!=null ) {
  117.                     return false;
  118.                 }
  119.                 else {
  120.                     addDefault = true;
  121.                 }
  122.             }

  124.             this.byokSecurity.put(type,secConfig);
  125.                         
  126.             if(!addDefault) {
  127.                 byokTypesAdd.add(type);
  128.                 byokLabelsAdd.add(label);
  129.             }

  131.         }
  132.         else {
  133.             byokTypesAdd.add(type);
  134.             byokLabelsAdd.add(label);
  135.         }
  136.         
  137.         return addDefault;
  138.     }
  139.     private void fillList(String typeDefault, List<String> byokTypesAdd, List<String> byokLabelsAdd) {
  140.         this.byokTypes.add(BYOK_POLICY_UNDEFINED_EMPTY);
  141.         if(typeDefault!=null) {
  142.             this.byokTypes.add(typeDefault);
  143.         }
  144.         this.byokTypes.addAll(byokTypesAdd);
  145.         this.byokLabels.add(BYOK_POLICY_UNDEFINED_LABEL);
  146.         if(typeDefault!=null) {
  147.             this.byokLabels.add(DEFAULT_BYOK);
  148.         }
  149.         this.byokLabels.addAll(byokLabelsAdd);
  150.     }
  151.     
  152.     public List<String> getValues() {
  153.         return this.byok ? this.byokTypes : noBYOK;
  154.     }

  156.     public List<String> getLabels() {
  157.         return this.byok ? this.byokLabels : noBYOK;
  158.     }

  160.     public Map<String, String> getInputMap(String kmsId) {
  161.         Map<String, String> inputMap = new HashMap<>();
  162.         BYOKSecurityConfig secConfig = this.byokSecurity.get(kmsId);
  163.         if(secConfig!=null && secConfig.getInputParameters()!=null && !secConfig.getInputParameters().isEmpty()) {
  164.             for (BYOKSecurityConfigParameter param : secConfig.getInputParameters()) {
  165.                 inputMap.put(param.getName(), param.getValue());
  166.             }
  167.         }
  168.         return inputMap;
  169.     }
  170.     
  171.     public static boolean isPolicyDefined(String kmsId) {
  172.         return kmsId!=null && StringUtils.isNotEmpty(kmsId) && !BYOK_POLICY_UNDEFINED_EMPTY.equals(kmsId) && !BYOK_POLICY_UNDEFINED.equals(kmsId);
  173.     }
  174.     
  175.     public static BYOKRequestParams getBYOKRequestParamsByUnwrapBYOKPolicy(String kmsId,
  176.             Map<String,Object> dynamicMap) throws UtilsException {
  177.         // configurato via console
  178.         
  179.         if(!isPolicyDefined(kmsId)) {
  180.             return null;
  181.         }
  182.         
  183.         BYOKProvider provider = BYOKProvider.getUnwrapInstance();
  184.         Map<String, String> inputMap = provider.getInputMap(kmsId);
  185.         
  186.         return BYOKRequestParams.getBYOKRequestParamsByKmsId(kmsId, 
  187.                 inputMap, dynamicMap);
  188.     }
  189.     
  190. }
Created with JaCoCo 0.8.8.202204050719