Truststore object is set even if is not configured correctly. Add...

Truststore object is set even if is not configured correctly. Add truststore/keystore type as configuration option

Truststore object is set even if is not configured correctly. Add...
dd0a0a7d · Joze RIHTARSIC · 66cc8409 · dd0a0a7d · dd0a0a7d · dd0a0a7d
Commit dd0a0a7d authored 2 years ago by Joze RIHTARSIC
--- a/changelog.txt
+++ b/changelog.txt
+eDelivery SMP 5.0
+- added new properties:
+    smp.truststore.type: Truststore type as JKS/PKCS12
+    smp.keystore.type: Keystore type as JKS/PKCS12
+
+
 eDelivery SMP 4.2
 - added new properties:
    smp.passwordPolicy.validationRegex: Regular expression do define password minimum complexity rules!
@@ -12,7 +18,7 @@ eDelivery SMP 4.2
    smp.ui.session.idle_timeout.admin: Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System)!
    smp.ui.session.idle_timeout.user: Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group, SMP Admin)
    smp.sso.cas.ui.label: The SSO service provider label.
-    smp.sso.cas.url: The SSO CAS URL enpoint
+    smp.sso.cas.url: The SSO CAS URL endpoint
    smp.sso.cas.urlpath.login: The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.login}.
    smp.sso.cas.callback.url: The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/rest/security/cas'
    smp.sso.cas.token.validation.urlpath: The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.token.validation}.

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -46,7 +46,9 @@ public enum SMPPropertyEnum {
    SML_PHYSICAL_ADDRESS("bdmsl.integration.physical.address", "0.0.0.0", "Physical SMP endpoint which will be registered on SML when registering new domain.", false, false, false, STRING),
    // keystore truststore
    KEYSTORE_PASSWORD("smp.keystore.password", "", "Encrypted keystore (and keys) password ", false, true, false, STRING),
+    KEYSTORE_TYPE("smp.keystore.type", "JKS", "Keystore type as JKS/PKCS12", false, true, false, STRING),
    KEYSTORE_FILENAME("smp.keystore.filename", "smp-keystore.jks", "Keystore filename ", true, false, false, FILENAME),
+    TRUSTSTORE_TYPE("smp.truststore.type", "JKS", "Truststore type as JKS/PKCS12", false, true, false, STRING),
    TRUSTSTORE_PASSWORD("smp.truststore.password", "", "Encrypted truststore password ", false, true, false, STRING),
    TRUSTSTORE_FILENAME("smp.truststore.filename", "", "Truststore filename ", false, false, false, FILENAME),
    TRUSTSTORE_ADD_CERT_ON_USER_UPDATE("smp.truststore.add.cert.onUserRegistration",

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -259,10 +259,18 @@ public class ConfigurationService {
        return (File) configurationDAO.getCachedPropertyValue(TRUSTSTORE_FILENAME);
    }

+    public String getTruststoreType() {
+        return (String) configurationDAO.getCachedPropertyValue(TRUSTSTORE_TYPE);
+    }
+
    public File getKeystoreFile() {
        return (File) configurationDAO.getCachedPropertyValue(KEYSTORE_FILENAME);
    }

+    public String getKeystoreType() {
+        return (String) configurationDAO.getCachedPropertyValue(KEYSTORE_TYPE);
+    }
+
    public String getTruststoreCredentialToken() {
        return (String) configurationDAO.getCachedPropertyValue(TRUSTSTORE_PASSWORD);
    }

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
@@ -7,6 +7,7 @@ import eu.europa.ec.edelivery.smp.logging.SMPLogger;
 import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
 import eu.europa.ec.edelivery.smp.services.ConfigurationService;
 import eu.europa.ec.edelivery.smp.utils.SecurityUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.convert.ConversionService;
@@ -140,13 +141,16 @@ public class UIKeystoreService {
        }


-        KeyStore keyStore = null;
+        KeyStore keyStore;
        try (InputStream keystoreInputStream = new FileInputStream(keyStoreFile)) {
-            keyStore = KeyStore.getInstance("JKS");
+            String type = StringUtils.defaultIfEmpty(configurationService.getKeystoreType(), "JKS");
+            LOG.info("Load keystore [{}] with type [{}].", keyStoreFile, type);
+            keyStore = KeyStore.getInstance(type);
            keyStore.load(keystoreInputStream, keystoreSecToken.toCharArray());
        } catch (Exception exception) {
            LOG.error("Could not load signing certificate with private key from keystore file:"
                    + keyStoreFile + " Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
+            keyStore = null;
        }
        return keyStore;
    }

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
@@ -377,13 +377,16 @@ public class UITruststoreService {
            return null;
        }

-        KeyStore truststore = null;
+        KeyStore truststore;
        try (InputStream truststoreInputStream = new FileInputStream(truststoreFile)) {
-            truststore = KeyStore.getInstance("JKS");
+            String type = StringUtils.defaultIfEmpty(configurationService.getTruststoreType(),"JKS");
+            LOG.info("Load truststore [{}] with type [{}].", truststoreFile, type);
+            truststore = KeyStore.getInstance(type);
            truststore.load(truststoreInputStream, token.toCharArray());
        } catch (Exception exception) {
            LOG.error("Could not load truststore:"
                    + truststoreFile + " Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
+            truststore = null;
        }
        return truststore;
    }

--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
@@ -70,7 +70,7 @@ public class KeystoreResource {
        payloadValidatorService.validateUploadedContent(new ByteArrayInputStream(fileBytes), MimeTypeUtils.APPLICATION_OCTET_STREAM_VALUE);
        // try to open keystore
        KeystoreImportResult keystoreImportResult = new KeystoreImportResult();
-        KeyStore keyStore = null;
+        KeyStore keyStore;
        try {
            keyStore = KeyStore.getInstance(keystoreType);
            keyStore.load(new ByteArrayInputStream(fileBytes), password.toCharArray());
@@ -81,7 +81,6 @@ public class KeystoreResource {
            LOG.error(msg, e);
            keystoreImportResult.setErrorMessage(msg);
        }
-
        return keystoreImportResult;
    }