HSMKeystore.java

  1. /*
  2.  * GovWay - A customizable API Gateway 
  3.  * https://govway.org
  4.  * 
  5.  * Copyright (c) 2005-2025 Link.it srl (https://link.it). 
  6.  * 
  7.  * This program is free software: you can redistribute it and/or modify
  8.  * it under the terms of the GNU General Public License version 3, as published by
  9.  * the Free Software Foundation.
  10.  *
  11.  * This program is distributed in the hope that it will be useful,
  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14.  * GNU General Public License for more details.
  15.  *
  16.  * You should have received a copy of the GNU General Public License
  17.  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18.  *
  19.  */

  21. package org.openspcoop2.utils.certificate.hsm;

  23. import java.io.File;
  24. import java.io.Serializable;
  25. import java.security.Provider;
  26. import java.security.Security;
  27. import java.util.Properties;

  29. import org.openspcoop2.utils.UtilsException;
  30. import org.openspcoop2.utils.certificate.KeyStore;
  31. import org.slf4j.Logger;

  33. /**
  34.  * HSMKeystore
  35.  *
  36.  * @author Poli Andrea (apoli@link.it)
  37.  * @author $Author$
  38.  * @version $Rev$, $Date$
  39.  */
  40. public class HSMKeystore implements Serializable {

  42.     /**
  43.      * 
  44.      */
  45.     private static final long serialVersionUID = -3572589461109860459L;

  47.     private transient Boolean uniqueProviderInstance;
  48.     private transient Provider providerInstance;
  49.         
  50.     private String id;

  52.     private String provider;
  53.     private boolean providerAdd = false;
  54.     private String configFile;
  55.     private String config;
  56.     private String pin;
  57.     private String keystoreTypeLabel;
  58.     private String keystoreType;
  59.     private boolean usableAsTrustStore = false;
  60.     private boolean usableAsSecretKeyStore = false;
  61.     
  62.     protected HSMKeystore(String id, Properties p, Logger log, boolean accessKeystore) throws UtilsException {
  63.         this.id = id;
  64.         
  65.         if(p==null || p.isEmpty()) {
  66.             log.error("Properties is null");
  67.         }
  68.         
  69.         String prefix = "Property '"+HSMCostanti.PROPERTY_PREFIX+id;
  70.         String uncorrect = "' uncorrect: ";
  71.         
  72.         if(p==null || p.isEmpty()) {
  73.             throw new UtilsException("Properties '"+HSMCostanti.PROPERTY_PREFIX+id+".*' undefined");
  74.         }
  75.         
  76.         this.provider = getProperty(id, p, HSMCostanti.PROPERTY_SUFFIX_PROVIDER, accessKeystore);   
  77.         
  78.         String tmp = getProperty(id, p, HSMCostanti.PROPERTY_SUFFIX_PROVIDER_ADD, false);
  79.         if(tmp!=null) {
  80.             try {
  81.                 this.providerAdd = Boolean.parseBoolean(tmp);
  82.             }catch(Exception e) {
  83.                 throw new UtilsException(prefix+"."+HSMCostanti.PROPERTY_SUFFIX_PROVIDER_ADD+uncorrect+e.getMessage(),e);
  84.             }
  85.         }
  86.         
  87.         this.configFile = getProperty(id, p, HSMCostanti.PROPERTY_SUFFIX_PROVIDER_CONFIG_FILE, false);
  88.         this.config = getProperty(id, p, HSMCostanti.PROPERTY_SUFFIX_PROVIDER_CONFIG, false);
  89.         
  90.         this.pin = getProperty(id, p, HSMCostanti.PROPERTY_SUFFIX_PIN, accessKeystore);
  91.         
  92.         this.keystoreType = getProperty(id, p, HSMCostanti.PROPERTY_SUFFIX_KEYSTORE_TYPE, accessKeystore);  
  93.         this.keystoreTypeLabel = getProperty(id, p, HSMCostanti.PROPERTY_SUFFIX_KEYSTORE_TYPE_LABEL, true);
  94.         
  95.         tmp = getProperty(id, p, HSMCostanti.PROPERTY_SUFFIX_USABLE_AS_TRUST_STORE, false);
  96.         if(tmp!=null) {
  97.             try {
  98.                 this.usableAsTrustStore = Boolean.parseBoolean(tmp);
  99.             }catch(Exception e) {
  100.                 throw new UtilsException(prefix+"."+HSMCostanti.PROPERTY_SUFFIX_USABLE_AS_TRUST_STORE+uncorrect+e.getMessage(),e);
  101.             }
  102.         }
  103.         
  104.         tmp = getProperty(id, p, HSMCostanti.PROPERTY_SUFFIX_USABLE_AS_SECRET_KEY_STORE, false);
  105.         if(tmp!=null) {
  106.             try {
  107.                 this.usableAsSecretKeyStore = Boolean.parseBoolean(tmp);
  108.             }catch(Exception e) {
  109.                 throw new UtilsException(prefix+"."+HSMCostanti.PROPERTY_SUFFIX_USABLE_AS_SECRET_KEY_STORE+uncorrect+e.getMessage(),e);
  110.             }
  111.         }
  112.     }

  114.     private static String getProperty(String id, Properties p, String name, boolean required) throws UtilsException {
  115.         String tmp = p.getProperty(name);
  116.         if(tmp!=null) {
  117.             return tmp.trim();
  118.         }
  119.         else {
  120.             if(required) {
  121.                 throw new UtilsException("Property '"+HSMCostanti.PROPERTY_PREFIX+id+"."+name+"' notFound");
  122.             }
  123.             return null;
  124.         }
  125.     }
  126.     
  127.     public String getId() {
  128.         return this.id;
  129.     }
  130.     
  131.     public String getProvider() {
  132.         return this.provider;
  133.     }

  135.     public boolean isProviderAdd() {
  136.         return this.providerAdd;
  137.     }

  139.     public String getConfigFile() {
  140.         return this.configFile;
  141.     }

  143.     public String getConfig() {
  144.         return this.config;
  145.     }

  147.     public String getKeystoreTypeLabel() {
  148.         return this.keystoreTypeLabel;
  149.     }

  151.     public String getKeystoreType() {
  152.         return this.keystoreType;
  153.     }   
  154.     
  155.     public String getPrefixForLog() {
  156.         return "[Keystore '"+this.getId()+"' type:"+this.getKeystoreTypeLabel()+"] ";
  157.     }
  158.     
  159.     // ******* Keystore engine ********
  160.     
  161.     public void init(Logger log, boolean uniqueProviderInstance) throws UtilsException {
  162.         if(this.uniqueProviderInstance==null) {
  163.             initInstance(log, uniqueProviderInstance);
  164.         }
  165.     }
  166.     private synchronized void initInstance(Logger log, boolean uniqueProviderInstance) throws UtilsException {
  167.         if(this.uniqueProviderInstance==null) {
  168.             Provider providerNew = newProviderInstance();
  169.             if(this.isProviderAdd()) {
  170.                 Provider providerCheck = null;
  171.                 try {
  172.                     providerCheck = Security.getProvider(providerNew.getName());
  173.                 }catch(Throwable t) {
  174.                     // ignore
  175.                 }
  176.                 if(providerCheck==null) {
  177.                     Security.addProvider(providerNew);
  178.                     String d = "Registered provider: "+providerNew.getName();
  179.                     log.info(d);
  180.                 }
  181.                 else {
  182.                     String d = "Loaded provider (not registered, already exists): "+providerNew.getName();
  183.                     log.info(d);
  184.                 }
  185.             }
  186.             else {
  187.                 String d = "Loaded provider: "+providerNew.getName();
  188.                 log.info(d);
  189.             }
  190.             
  191.             this.uniqueProviderInstance = uniqueProviderInstance;
  192.             if(this.uniqueProviderInstance!=null && this.uniqueProviderInstance.booleanValue()) {
  193.                 this.providerInstance = providerNew;
  194.             }
  195.         }
  196.     }
  197.     private Provider newProviderInstance() throws UtilsException{
  198.         Provider providerNew = Security.getProvider(this.getProvider());
  199.         String prefix = this.getPrefixForLog();
  200.         if(this.getConfigFile()!=null) {
  201.             File f = new File(this.getConfigFile());
  202.             if(!f.exists()) {
  203.                 throw new UtilsException(prefix+"Configuration file '"+f.getAbsolutePath()+"' not exists");
  204.             }
  205.             else {
  206.                 if(!f.canRead()) {
  207.                     throw new UtilsException(prefix+"Configuration file '"+f.getAbsolutePath()+"' cannot read");
  208.                 }
  209.             }
  210.             providerNew = providerNew.configure(this.getConfigFile());
  211.         }
  212.         else if(this.getConfig()!=null) {
  213.             providerNew = providerNew.configure(this.getConfig());
  214.         }
  215.         return providerNew;
  216.     }
  217.     
  218.     public KeyStore getInstance() throws UtilsException {
  219.         String prefix = this.getPrefixForLog();
  220.         
  221.         Provider providerInstanceGet = null;
  222.         if(this.uniqueProviderInstance==null) {
  223.             throw new UtilsException(prefix+"Provider not initialized");
  224.         }
  225.         if(this.uniqueProviderInstance.booleanValue()) {
  226.             if(this.providerInstance==null) {
  227.                 throw new UtilsException(prefix+"Provider not initialized");
  228.             }
  229.             providerInstanceGet = this.providerInstance;
  230.         }
  231.         else {
  232.             providerInstanceGet = newProviderInstance();
  233.         }
  234.         
  235.         java.security.KeyStore hsmKeyStore = null;
  236.         try {
  237.             hsmKeyStore = java.security.KeyStore.getInstance(this.keystoreType, providerInstanceGet);
  238.             hsmKeyStore.load(null, this.pin.toCharArray());
  239.         }catch(Throwable t) {
  240.             throw new UtilsException(prefix+t.getMessage(),t);
  241.         }
  242.         return new KeyStore(hsmKeyStore, true);
  243.     }
  244.     
  245.     public boolean isUsableAsTrustStore() {
  246.         return this.usableAsTrustStore;
  247.     }
  248.     public boolean isUsableAsSecretKeyStore() {
  249.         return this.usableAsSecretKeyStore;
  250.     }
  251. }
Created with JaCoCo 0.8.8.202204050719