diff --git a/pom.xml b/pom.xml index 7484102..0e7fc2f 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ se.swedenconnect.security credentials-support - 1.2.6 + 1.3.0-SNAPSHOT Sweden Connect :: PKI credentials support library Support for credentials (including PKCS11 based keys and HSM:s) @@ -49,11 +49,13 @@ UTF-8 - 11 + 17 - - 1.7.36 - 1.72 + 2.0.7 + 1.76 + + 6.0.12 + 3.1.4 @@ -80,44 +82,37 @@ https://oss.sonatype.org/service/local/staging/deploy/maven2/ + + + + + + org.springframework + spring-framework-bom + pom + ${spring.version} + import + + + + org.springframework spring-core - [5.3.0, 6.0.0) - compile org.springframework spring-beans - [5.3.0, 6.0.0) - compile - - - org.springframework - spring-core - - org.springframework spring-context - [5.3.0, 6.0.0) compile - - - org.springframework - spring-core - - - org.springframework - spring-beans - - @@ -126,67 +121,13 @@ ${bc.version} - - org.bouncycastle - bcutil-jdk18on - ${bc.version} - - - - org.bouncycastle - bcpkix-jdk18on - ${bc.version} - - - - org.cryptacular - cryptacular - 1.2.5 - - - org.bouncycastle - bcprov-jdk18on - - - - org.opensaml opensaml-security-api - [4.2.0, 5.0.0) + 5.0.0 jar compile true - - - commons-codec - commons-codec - - - org.springframework - spring-core - - - org.bouncycastle - bcprov-jdk15on - - - org.bouncycastle - bcpkix-jdk15on - - - org.bouncycastle - bcutil-jdk15on - - - org.opensaml - opensaml-messaging-api - - - org.slf4j - slf4j-api - - @@ -199,35 +140,31 @@ org.projectlombok lombok - 1.18.26 + 1.18.30 provided org.junit.jupiter - junit-jupiter-api - 5.9.0 + junit-jupiter + 5.10.0 test org.mockito mockito-core - [3.6.0,) + 5.5.0 test org.springframework.boot spring-boot-starter-test - [2.6.0,3.0.0) + ${spring.boot.version} test - - org.springframework - spring-core - org.slf4j slf4j-api @@ -242,7 +179,7 @@ org.springframework.boot spring-boot-configuration-processor - [2.6.0,3.0.0) + ${spring.boot.version} test @@ -258,11 +195,7 @@ - - org.apache.maven.plugins - maven-surefire-plugin - 3.0.0-M7 - + org.apache.maven.plugins maven-compiler-plugin @@ -291,12 +224,38 @@ + + + org.apache.maven.plugins + maven-enforcer-plugin + 3.1.0 + + + enforce + + + + + + + enforce + + + + + org.apache.maven.plugins maven-project-info-reports-plugin 3.4.1 + + + org.apache.maven.plugins + maven-surefire-plugin + 3.1.2 + @@ -326,25 +285,6 @@ - - org.apache.maven.plugins - maven-enforcer-plugin - 3.1.0 - - - enforce - - - - - - - enforce - - - - - org.sonatype.plugins nexus-staging-maven-plugin @@ -365,7 +305,7 @@ org.apache.maven.plugins maven-gpg-plugin - 1.6 + 3.0.1 sign-artifacts @@ -414,11 +354,6 @@ Sweden Connect - PKI credentials support library - ${project.version} true all,-missing - -Xdoclint:all -Xdoclint:-missing - - -Xdoclint:all - -Xdoclint:-missing - https://docs.spring.io/spring-framework/docs/current/javadoc-api/ diff --git a/src/main/java/se/swedenconnect/security/credential/AbstractPkiCredential.java b/src/main/java/se/swedenconnect/security/credential/AbstractPkiCredential.java index 35c34cb..35dd6c1 100644 --- a/src/main/java/se/swedenconnect/security/credential/AbstractPkiCredential.java +++ b/src/main/java/se/swedenconnect/security/credential/AbstractPkiCredential.java @@ -64,7 +64,7 @@ public AbstractPkiCredential() { public PublicKey getPublicKey() { return Optional.ofNullable(this.getCertificate()) .map(X509Certificate::getPublicKey) - .orElse(this.publicKey); + .orElseGet(() -> this.publicKey); } /** @@ -119,7 +119,8 @@ public void setCertificate(final Resource certificateResource) throws Certificat /** {@inheritDoc} */ @Override public List getCertificateChain() { - return Optional.ofNullable(this.certificates).orElse(Collections.emptyList()); + return Optional.ofNullable(this.certificates) + .orElseGet(() -> Collections.emptyList()); } /** {@inheritDoc} */ @@ -156,7 +157,7 @@ public void setPrivateKey(final PrivateKey privateKey) { /** * Assigns a private key resource. - * + * * @param privateKeyResource a resource holding the key in DER, PEM, or unencrypted PKCS#8 format. * @throws KeyException if the key decode fails */ @@ -170,7 +171,7 @@ public void setPrivateKey(final Resource privateKeyResource) throws KeyException *
  • DER or PEM encoded PKCS#8 format
    • *
  • PEM encoded OpenSSL "traditional" format
    • * - * + * * @param privateKeyResource a resource holding the key in DER, PEM, or PKCS#8 format. * @param password the key password * @throws KeyException if the key decode/decrypt fails @@ -180,7 +181,7 @@ public void setPrivateKey(final Resource privateKeyResource, final char[] passwo this.setPrivateKey(privateKeyResource); } else { - + try (final InputStream is = privateKeyResource.getInputStream()) { this.privateKey = KeyPairUtil.readPrivateKey(is, password); } diff --git a/src/main/java/se/swedenconnect/security/credential/AbstractReloadablePkiCredential.java b/src/main/java/se/swedenconnect/security/credential/AbstractReloadablePkiCredential.java index b065a6a..97be167 100644 --- a/src/main/java/se/swedenconnect/security/credential/AbstractReloadablePkiCredential.java +++ b/src/main/java/se/swedenconnect/security/credential/AbstractReloadablePkiCredential.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,7 +20,7 @@ /** * Abstract base class for reloadable credentials. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -46,10 +46,10 @@ public Supplier getTestFunction() { return null; } } - + /** * Assigns a test function for this credential. - * + * * @param testFunction * the function */ diff --git a/src/main/java/se/swedenconnect/security/credential/KeyStoreCredential.java b/src/main/java/se/swedenconnect/security/credential/KeyStoreCredential.java index 43025ef..5787ec4 100644 --- a/src/main/java/se/swedenconnect/security/credential/KeyStoreCredential.java +++ b/src/main/java/se/swedenconnect/security/credential/KeyStoreCredential.java @@ -119,7 +119,7 @@ public class KeyStoreCredential extends AbstractReloadablePkiCredential { /** Whether the credential has been loaded? */ private boolean loaded = false; - + /** Whether this is a hardware credential or not. */ private boolean residesInHardware = false; @@ -133,12 +133,9 @@ public KeyStoreCredential() { /** * Constructor accepting an already loaded {@link KeyStore}. * - * @param keyStore - * the keystore to read the key pair from - * @param alias - * the alias to the entry holding the key pair - * @param keyPassword - * the password to unlock the key pair + * @param keyStore the keystore to read the key pair from + * @param alias the alias to the entry holding the key pair + * @param keyPassword the password to unlock the key pair */ public KeyStoreCredential(final KeyStore keyStore, final String alias, final char[] keyPassword) { this.setKeyStore(keyStore); @@ -150,17 +147,14 @@ public KeyStoreCredential(final KeyStore keyStore, final String alias, final cha * A constructor that creates and loads a {@link KeyStore} from the given resource. The default KeyStore type is used * and the first security provider that can create such a KeyStore is used. * - * @param resource - * the resource to load the {@link KeyStore} from - * @param password - * the password needed to load the KeyStore - * @param alias - * the entry alias for the certificate and private key - * @param keyPassword - * the password needed to unlock the certificate and private key (if null, the same value as given for - * password is used) + * @param resource the resource to load the {@link KeyStore} from + * @param password the password needed to load the KeyStore + * @param alias the entry alias for the certificate and private key + * @param keyPassword the password needed to unlock the certificate and private key (if null, the same value as given + * for password is used) */ - public KeyStoreCredential(final Resource resource, final char[] password, final String alias, final char[] keyPassword) { + public KeyStoreCredential(final Resource resource, final char[] password, final String alias, + final char[] keyPassword) { this(resource, KeyStore.getDefaultType(), null, password, alias, keyPassword); } @@ -168,17 +162,12 @@ public KeyStoreCredential(final Resource resource, final char[] password, final * A constructor that creates and loads a {@link KeyStore} of the given type from the given resource. The first * security provider that can create such a KeyStore is used. * - * @param resource - * the resource to load the {@link KeyStore} from - * @param type - * the KeyStore type - * @param password - * the password needed to load the KeyStore - * @param alias - * the entry alias for the certificate and private key - * @param keyPassword - * the password needed to unlock the certificate and private key (if null, the same value as given for - * password is used) + * @param resource the resource to load the {@link KeyStore} from + * @param type the KeyStore type + * @param password the password needed to load the KeyStore + * @param alias the entry alias for the certificate and private key + * @param keyPassword the password needed to unlock the certificate and private key (if null, the same value as given + * for password is used) */ public KeyStoreCredential(final Resource resource, final String type, final char[] password, final String alias, final char[] keyPassword) { @@ -189,19 +178,13 @@ public KeyStoreCredential(final Resource resource, final String type, * A constructor that creates and loads a {@link KeyStore} of the given type from the given resource using the given * provider. * - * @param resource - * the resource to load the {@link KeyStore} from - * @param type - * the KeyStore type - * @param provider - * the security provider to use when creating the KeyStore - * @param password - * the password needed to load the KeyStore - * @param alias - * the entry alias for the certificate and private key - * @param keyPassword - * the password needed to unlock the certificate and private key (if null, the same value as given for - * password is used) + * @param resource the resource to load the {@link KeyStore} from + * @param type the KeyStore type + * @param provider the security provider to use when creating the KeyStore + * @param password the password needed to load the KeyStore + * @param alias the entry alias for the certificate and private key + * @param keyPassword the password needed to unlock the certificate and private key (if null, the same value as given + * for password is used) */ public KeyStoreCredential(final Resource resource, final String type, final String provider, final char[] password, final String alias, final char[] keyPassword) { @@ -230,18 +213,17 @@ public void destroy() { Arrays.fill(this.keyPassword, (char) 0); } } - + /** {@inheritDoc} */ @Override public boolean isHardwareCredential() { - return this.residesInHardware; + return this.residesInHardware; } /** * Loads the KeyStore (if needed) and loads the private key and certificate. * - * @throws Exception - * for errors loading the credential + * @throws Exception for errors loading the credential */ private synchronized void load() throws Exception { if (this.loaded) { @@ -290,8 +272,8 @@ private synchronized void load() throws Exception { } else { this.setCertificateChain(Arrays.stream(chain) - .map(X509Certificate.class::cast) - .collect(Collectors.toList())); + .map(X509Certificate.class::cast) + .collect(Collectors.toList())); log.debug("Certificate loaded from entry '{}'", this.alias); } } @@ -300,8 +282,7 @@ private synchronized void load() throws Exception { /** * Loads the private key from the keystore. * - * @throws Exception - * for loading errors + * @throws Exception for loading errors */ private synchronized void loadPrivateKey() throws Exception { Assert.hasText(this.alias, "Property 'alias' must be set"); @@ -324,8 +305,7 @@ private synchronized void loadPrivateKey() throws Exception { /** * Assigns the resource holding the KeyStore to load. * - * @param resource - * KeyStore resource + * @param resource KeyStore resource */ public void setResource(final Resource resource) { if (this.keyStoreFactory == null) { @@ -338,8 +318,7 @@ public void setResource(final Resource resource) { * Assigns the KeyStore type to use, ("JKS", "PKCS12", "PKCS11", ...). If no type is configured * {@link KeyStore#getDefaultType()} is assumed. * - * @param type - * the KeyStore type + * @param type the KeyStore type */ public void setType(final String type) { if (this.keyStoreFactory == null) { @@ -352,8 +331,7 @@ public void setType(final String type) { * Assigns the name of the security provider to use when loading the KeyStore. If no provider is assigned, the first * provider that can create a KeyStore according to the given type is used. * - * @param provider - * the provider name to use + * @param provider the provider name to use */ public void setProvider(final String provider) { if (this.keyStoreFactory == null) { @@ -369,8 +347,7 @@ public void setProvider(final String provider) { * provider to use (e.g. "SunPKCS11"). *

    * - * @param pkcs11Configuration - * the complete path to the PKCS#11 configuration file + * @param pkcs11Configuration the complete path to the PKCS#11 configuration file */ public void setPkcs11Configuration(final String pkcs11Configuration) { if (this.keyStoreFactory == null) { @@ -382,8 +359,7 @@ public void setPkcs11Configuration(final String pkcs11Configuration) { /** * Assigns the password needed to load the KeyStore. * - * @param password - * the password + * @param password the password */ public void setPassword(final char[] password) { if (this.keyStoreFactory == null) { @@ -396,8 +372,7 @@ public void setPassword(final char[] password) { /** * Assigns the keystore to read the key pair from. * - * @param keyStore - * the keystore + * @param keyStore the keystore */ public void setKeyStore(final KeyStore keyStore) { this.keyStore = keyStore; @@ -406,8 +381,7 @@ public void setKeyStore(final KeyStore keyStore) { /** * Assigns the alias of the KeyStore entry. * - * @param alias - * the KeyStore alias + * @param alias the KeyStore alias */ public void setAlias(final String alias) { this.alias = alias; @@ -416,8 +390,7 @@ public void setAlias(final String alias) { /** * Assigns the key password needed to unlock the key entry. * - * @param keyPassword - * the key password + * @param keyPassword the key password */ public void setKeyPassword(final char[] keyPassword) { this.keyPassword = Optional.ofNullable(keyPassword).map(p -> Arrays.copyOf(p, p.length)).orElse(null); @@ -515,10 +488,11 @@ public synchronized void reload() throws Exception { protected String getDefaultName() { if (this.alias != null) { final String type = Optional.ofNullable(this.keyStore).map(KeyStore::getType).orElse( - Optional.ofNullable(this.keyStoreFactory).map(KeyStoreFactoryBean::getType).orElse(null)); + Optional.ofNullable(this.keyStoreFactory).map(KeyStoreFactoryBean::getType).orElse(null)); if ("PKCS11".equalsIgnoreCase(type)) { - String provider = Optional.ofNullable(this.keyStore).map(KeyStore::getProvider).map(Provider::getName).orElse(null); + String provider = + Optional.ofNullable(this.keyStore).map(KeyStore::getProvider).map(Provider::getName).orElse(null); if (provider == null) { provider = Optional.ofNullable(this.keyStoreFactory).map(KeyStoreFactoryBean::getProvider).orElse(null); } diff --git a/src/main/java/se/swedenconnect/security/credential/ReloadablePkiCredential.java b/src/main/java/se/swedenconnect/security/credential/ReloadablePkiCredential.java index 8d71454..4d32e76 100644 --- a/src/main/java/se/swedenconnect/security/credential/ReloadablePkiCredential.java +++ b/src/main/java/se/swedenconnect/security/credential/ReloadablePkiCredential.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ /** * An interface for credentials are "testable" and "reloadable". - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -33,17 +33,17 @@ public interface ReloadablePkiCredential extends PkiCredential { *

    * A credential that returns a function should also implement the {@link #reload()} method. *

    - * + * * @return a function for testing the credential, or null if no test function is available */ Supplier getTestFunction(); /** * Some implementations of key pairs, such as HSM-based, may need to be reloaded. This is done by implementing this method. - * + * * @throws Exception * for reloading errors */ void reload() throws Exception; - + } diff --git a/src/main/java/se/swedenconnect/security/credential/container/AbstractKeyStorePkiCredentialContainer.java b/src/main/java/se/swedenconnect/security/credential/container/AbstractKeyStorePkiCredentialContainer.java index e6d5eff..e363470 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/AbstractKeyStorePkiCredentialContainer.java +++ b/src/main/java/se/swedenconnect/security/credential/container/AbstractKeyStorePkiCredentialContainer.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/AbstractPkiCredentialContainer.java b/src/main/java/se/swedenconnect/security/credential/container/AbstractPkiCredentialContainer.java index 08ef0a4..7528b28 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/AbstractPkiCredentialContainer.java +++ b/src/main/java/se/swedenconnect/security/credential/container/AbstractPkiCredentialContainer.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/HsmPkiCredentialContainer.java b/src/main/java/se/swedenconnect/security/credential/container/HsmPkiCredentialContainer.java index ca117fb..15d41ad 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/HsmPkiCredentialContainer.java +++ b/src/main/java/se/swedenconnect/security/credential/container/HsmPkiCredentialContainer.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/InMemoryPkiCredentialContainer.java b/src/main/java/se/swedenconnect/security/credential/container/InMemoryPkiCredentialContainer.java index 9e05b0e..65da549 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/InMemoryPkiCredentialContainer.java +++ b/src/main/java/se/swedenconnect/security/credential/container/InMemoryPkiCredentialContainer.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/PkiCredentialContainer.java b/src/main/java/se/swedenconnect/security/credential/container/PkiCredentialContainer.java index 3e38cf7..4385f93 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/PkiCredentialContainer.java +++ b/src/main/java/se/swedenconnect/security/credential/container/PkiCredentialContainer.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/PkiCredentialContainerException.java b/src/main/java/se/swedenconnect/security/credential/container/PkiCredentialContainerException.java index d24e93e..0da86f7 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/PkiCredentialContainerException.java +++ b/src/main/java/se/swedenconnect/security/credential/container/PkiCredentialContainerException.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,7 +24,7 @@ public class PkiCredentialContainerException extends Exception { /** For serializing. */ - private static final long serialVersionUID = -5077131594969640553L; + private static final long serialVersionUID = -7559559631022224457L; /** * Constructor. diff --git a/src/main/java/se/swedenconnect/security/credential/container/SoftPkiCredentialContainer.java b/src/main/java/se/swedenconnect/security/credential/container/SoftPkiCredentialContainer.java index 14afaa9..c10422e 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/SoftPkiCredentialContainer.java +++ b/src/main/java/se/swedenconnect/security/credential/container/SoftPkiCredentialContainer.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/keytype/AbstractKeyPairGeneratorFactory.java b/src/main/java/se/swedenconnect/security/credential/container/keytype/AbstractKeyPairGeneratorFactory.java index 610c054..b975939 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/keytype/AbstractKeyPairGeneratorFactory.java +++ b/src/main/java/se/swedenconnect/security/credential/container/keytype/AbstractKeyPairGeneratorFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/keytype/ECParameterSpecs.java b/src/main/java/se/swedenconnect/security/credential/container/keytype/ECParameterSpecs.java index bf350c6..87829eb 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/keytype/ECParameterSpecs.java +++ b/src/main/java/se/swedenconnect/security/credential/container/keytype/ECParameterSpecs.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/keytype/EcKeyPairGeneratorFactory.java b/src/main/java/se/swedenconnect/security/credential/container/keytype/EcKeyPairGeneratorFactory.java index a03bf03..fbd3a79 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/keytype/EcKeyPairGeneratorFactory.java +++ b/src/main/java/se/swedenconnect/security/credential/container/keytype/EcKeyPairGeneratorFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyGenType.java b/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyGenType.java index c464d3d..f8eff8d 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyGenType.java +++ b/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyGenType.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyPairGeneratorFactory.java b/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyPairGeneratorFactory.java index 4330a70..099ca5d 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyPairGeneratorFactory.java +++ b/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyPairGeneratorFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyPairGeneratorFactoryRegistry.java b/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyPairGeneratorFactoryRegistry.java index 4e4e1f3..592f6c1 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyPairGeneratorFactoryRegistry.java +++ b/src/main/java/se/swedenconnect/security/credential/container/keytype/KeyPairGeneratorFactoryRegistry.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/container/keytype/RsaKeyPairGeneratorFactory.java b/src/main/java/se/swedenconnect/security/credential/container/keytype/RsaKeyPairGeneratorFactory.java index 03b5ae6..292b637 100644 --- a/src/main/java/se/swedenconnect/security/credential/container/keytype/RsaKeyPairGeneratorFactory.java +++ b/src/main/java/se/swedenconnect/security/credential/container/keytype/RsaKeyPairGeneratorFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/converters/PropertyToPrivateKeyConverter.java b/src/main/java/se/swedenconnect/security/credential/converters/PropertyToPrivateKeyConverter.java index 2d15e99..ecb97c1 100644 --- a/src/main/java/se/swedenconnect/security/credential/converters/PropertyToPrivateKeyConverter.java +++ b/src/main/java/se/swedenconnect/security/credential/converters/PropertyToPrivateKeyConverter.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -39,7 +39,7 @@ *

    * If you are using Spring Boot, do: *

    - * + * * 
      * @Bean
  * @ConfigurationPropertiesBinding
@@ -47,7 +47,7 @@
  *   return new PropertyToPrivateKeyConverter();
  * }
  *
    - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ diff --git a/src/main/java/se/swedenconnect/security/credential/converters/PropertyToX509CertificateConverter.java b/src/main/java/se/swedenconnect/security/credential/converters/PropertyToX509CertificateConverter.java index 14c160c..b6be47c 100644 --- a/src/main/java/se/swedenconnect/security/credential/converters/PropertyToX509CertificateConverter.java +++ b/src/main/java/se/swedenconnect/security/credential/converters/PropertyToX509CertificateConverter.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,7 +36,7 @@ *

    * If you are using Spring Boot, do: *

    - * + * * 
      * @Bean
  * @ConfigurationPropertiesBinding
@@ -44,8 +44,8 @@
  *   return new PropertyToX509CertificateConverter();
  * }
  *
    - * - * + * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -57,7 +57,6 @@ public class PropertyToX509CertificateConverter implements Converter - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -72,7 +72,7 @@ public KeyStoreFactoryBean() { *

    * The type of {@link KeyStore} created will be {@link KeyStore#getDefaultType()}. *

    - * + * * @param resource * the keystore resource * @param password @@ -85,7 +85,7 @@ public KeyStoreFactoryBean(final Resource resource, final char[] password) { /** * Constructor that accepts a resource reference to a keystore, the password to unlock this file and the store type * ("JKS", "PKCS12", ...). - * + * * @param resource * the keystore resource * @param password @@ -101,14 +101,14 @@ public KeyStoreFactoryBean(final Resource resource, final char[] password, final /** {@inheritDoc} */ @Override - protected KeyStore createInstance() throws Exception { + protected KeyStore createInstance() throws Exception { try { if (this.type == null) { this.type = KeyStore.getDefaultType(); log.debug("KeyStore type not given, defaulting to '{}'", this.type); } - - // If this is PKCS11, configure the provider ... + + // If this is PKCS11, configure the provider ... // if ("PKCS11".equalsIgnoreCase(this.type)) { if (this.provider == null) { @@ -137,7 +137,7 @@ protected KeyStore createInstance() throws Exception { log.debug("Security provider '{}' has been statically configured", this.provider); } } - + KeyStore keystore = this.provider != null ? KeyStore.getInstance(this.type, this.provider) : KeyStore.getInstance(this.type); @@ -163,7 +163,7 @@ protected KeyStore createInstance() throws Exception { /** * Gets the resource holding the KeyStore. - * + * * @return the KeyStore resource */ public Resource getResource() { @@ -172,7 +172,7 @@ public Resource getResource() { /** * Assigns the resource holding the KeyStore. - * + * * @param resource * the KeyStore resource */ @@ -182,7 +182,7 @@ public void setResource(final Resource resource) { /** * Gets the password for unlocking the keystore. - * + * * @return the password for unlocking the keystore */ public char[] getPassword() { @@ -191,7 +191,7 @@ public char[] getPassword() { /** * Assigns the password for unlocking the keystore. - * + * * @param password * the password to set */ @@ -201,7 +201,7 @@ public void setPassword(final char[] password) { /** * Gets the type of KeyStore. If not explicitly assigned, {@link KeyStore#getDefaultType()} will be returned. - * + * * @return the type of the KeyStore */ public String getType() { @@ -210,7 +210,7 @@ public String getType() { /** * Assigns the type of KeyStore. - * + * * @param type * the type of the KeyStore */ @@ -222,7 +222,7 @@ public void setType(final String type) { * Gets the name of the security {@link Provider} to use when instantiating the {@link KeyStore}. If not explicitly * assigned {@code null} is returned. This means that the first provider that can create a {@link KeyStore} of the * given type will be used. - * + * * @return the name of the security provider to use, or null */ public String getProvider() { @@ -231,7 +231,7 @@ public String getProvider() { /** * Assigns the name of the security {@link Provider} to use when instantiating the {@link KeyStore}. - * + * * @param provider * the name of the security provider to use */ @@ -243,7 +243,7 @@ public void setProvider(final String provider) { * Gets the complete path to the PKCS#11 configuration file to use to configure the provider in the cases the type is * "PKCS11". If no configuration file is supplied the supplied provider ({@link #setProvider(String)}) must already * have been configured for use with a specific PKCS#11 configuration. - * + * * @return a complete path to a PKCS#11 configuration file, or null */ public String getPkcs11Configuration() { @@ -254,7 +254,7 @@ public String getPkcs11Configuration() { * Sets the complete path to the PKCS#11 configuration file to use to configure the provider in the cases the type is * "PKCS11". If no configuration file is supplied the supplied provider ({@link #setProvider(String)}) must already * have been configured for use with a specific PKCS#11 configuration. - * + * * @param pkcs11Configuration * a complete path to a PKCS#11 configuration file */ diff --git a/src/main/java/se/swedenconnect/security/credential/factory/PkiCredentialConfigurationProperties.java b/src/main/java/se/swedenconnect/security/credential/factory/PkiCredentialConfigurationProperties.java index 8def059..c447a79 100644 --- a/src/main/java/se/swedenconnect/security/credential/factory/PkiCredentialConfigurationProperties.java +++ b/src/main/java/se/swedenconnect/security/credential/factory/PkiCredentialConfigurationProperties.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,7 +25,7 @@ /** * A utility class that can be used as a configuration properties object for representing a credential (for Spring * Boot). - * + * * @author Martin Lindström (martin@idsec.se) */ @Data @@ -41,7 +41,7 @@ public class PkiCredentialConfigurationProperties { * keystore). */ private Resource certificate; - + /** * A list of resources holding the certificate chain that part of the credential (optional since the certificate may be part of a * keystore). If used, the entity certificate must be the first element. @@ -90,7 +90,7 @@ public class PkiCredentialConfigurationProperties { /** * Assigns the PIN (which is the same as {@code keyPassword}. Used mainly for PKCS#11. - * + * * @param pin * the PIN */ @@ -100,7 +100,7 @@ public void setPin(final char[] pin) { /** * Gets the PIN (which is the same as {@code keyPassword}). Used mainly for PKCS#11. - * + * * @return the PIN */ public char[] getPin() { @@ -109,11 +109,11 @@ public char[] getPin() { /** * Predicate that returns {@code true} if this object is "empty", meaning that no settings have been applied. - * + * * @return true if empty and false otherwise */ public boolean isEmpty() { - return !StringUtils.hasText(this.name) + return !StringUtils.hasText(this.name) && this.certificate == null && (this.certificates == null || this.certificates.isEmpty()) && this.privateKey == null diff --git a/src/main/java/se/swedenconnect/security/credential/factory/X509CertificateFactoryBean.java b/src/main/java/se/swedenconnect/security/credential/factory/X509CertificateFactoryBean.java index dd06208..b9eaa71 100644 --- a/src/main/java/se/swedenconnect/security/credential/factory/X509CertificateFactoryBean.java +++ b/src/main/java/se/swedenconnect/security/credential/factory/X509CertificateFactoryBean.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,7 +31,7 @@ * Basically this class is the same as {@code net.shibboleth.ext.spring.factory.X509CertificateFactoryBean} residing in the * {@code net.shibboleth.ext:spring-extensions}. *

    - * + * * @author Martin Lindström (martin@idsec.se) */ public class X509CertificateFactoryBean extends AbstractFactoryBean { @@ -47,7 +47,7 @@ public X509CertificateFactoryBean() { /** * Constructor taking a resource/path to a DER- or PEM-encoded certificate. - * + * * @param resource * the location of the certificate */ @@ -58,7 +58,7 @@ public X509CertificateFactoryBean(final Resource resource) { /** {@inheritDoc} */ @Override protected X509Certificate createInstance() throws Exception { - return X509Utils.decodeCertificate(this.resource); + return X509Utils.decodeCertificate(this.resource); } /** {@inheritDoc} */ @@ -69,7 +69,7 @@ public Class getObjectType() { /** * Assigns the resource holding the certificate. - * + * * @param resource * the certificate resource */ @@ -79,7 +79,7 @@ public void setResource(final Resource resource) { /** {@inheritDoc} */ @Override - public void afterPropertiesSet() throws Exception { + public void afterPropertiesSet() throws Exception { Assert.notNull(this.resource, "Property 'resource' has not been assigned"); super.afterPropertiesSet(); } diff --git a/src/main/java/se/swedenconnect/security/credential/monitoring/CredentialMonitorBean.java b/src/main/java/se/swedenconnect/security/credential/monitoring/CredentialMonitorBean.java index d687561..cdc421e 100644 --- a/src/main/java/se/swedenconnect/security/credential/monitoring/CredentialMonitorBean.java +++ b/src/main/java/se/swedenconnect/security/credential/monitoring/CredentialMonitorBean.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,7 @@ /** * Interface for a credential monitor bean. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -28,5 +28,4 @@ public interface CredentialMonitorBean { * Performs testing, and possibly reloading, of the credentials that this monitor bean has been configured to monitor. */ void test(); - } diff --git a/src/main/java/se/swedenconnect/security/credential/monitoring/CredentialMonitorTask.java b/src/main/java/se/swedenconnect/security/credential/monitoring/CredentialMonitorTask.java index bf9ea15..d46ab02 100644 --- a/src/main/java/se/swedenconnect/security/credential/monitoring/CredentialMonitorTask.java +++ b/src/main/java/se/swedenconnect/security/credential/monitoring/CredentialMonitorTask.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ /** * Monitor task for credentials. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -30,7 +30,7 @@ public class CredentialMonitorTask implements Runnable { /** * Constructor setting up a monitoring task. - * + * * @param credentialMonitor * the credential monitoring bean */ diff --git a/src/main/java/se/swedenconnect/security/credential/monitoring/DefaultCredentialMonitorBean.java b/src/main/java/se/swedenconnect/security/credential/monitoring/DefaultCredentialMonitorBean.java index 49751bb..55c562d 100644 --- a/src/main/java/se/swedenconnect/security/credential/monitoring/DefaultCredentialMonitorBean.java +++ b/src/main/java/se/swedenconnect/security/credential/monitoring/DefaultCredentialMonitorBean.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -51,7 +51,7 @@ * either (bacause of a connection failure). In this case we save computing power and keep testing only one credential, * and if that one fails, reloads not only the failing credential but the other ones as well. *

    - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -82,7 +82,7 @@ public DefaultCredentialMonitorBean() { /** * Constructor setting up monitoring of a single credential. If the test for this credential fails a reload attempt * will be made ({@link ReloadablePkiCredential#reload()}). - * + * * @param credential * the credential to monitor, and possible reload */ @@ -95,7 +95,7 @@ public DefaultCredentialMonitorBean(final ReloadablePkiCredential credential) { * device it may in some cases be efficient to only test one credential, and if that fails reload multiple credentials * (residing on the same device). The {@code additionalForReload} contains additional credentials to reload if the * test of {@code credential} fails. - * + * * @param credential * the credential to monitor, and possible reload * @param additionalForReload @@ -113,7 +113,7 @@ public DefaultCredentialMonitorBean(final ReloadablePkiCredential credential, fi /** * Constructor setting up monitoring of the supplied credentials. If the test call for any credential fails, a reload * attempt will be made ({@link ReloadablePkiCredential#reload()}) for this credential. - * + * * @param credentials * the credentials to monitor, and possible reload */ @@ -161,10 +161,10 @@ public void test() { this.reload(cred); if (!additionalReloaded) { if (this.additionalForReload != null) { - this.additionalForReload.forEach((c) -> this.reload(c)); + this.additionalForReload.forEach((c) -> this.reload(c)); } additionalReloaded = true; - } + } } } } @@ -172,7 +172,7 @@ public void test() { /** * Performs reloading of the supplied credential. If the reload is successful, the credential is tested again. - * + * * @param credential * the credential to reload */ @@ -224,7 +224,7 @@ protected void reload(final ReloadablePkiCredential credential) { /** * Assigns the credential that should be monitored. - * + * * @param credential * the credential to be monitored */ @@ -234,7 +234,7 @@ public void setCredential(final ReloadablePkiCredential credential) { /** * Assigns the credentials that should be monitored. - * + * * @param credentials * the credentials to be monitored */ @@ -244,7 +244,7 @@ public void setCredentials(final List credentials) { /** * Assigns the a list of additional credentials that should be reloaded if a test fails. - * + * * @param additionalForReload * additional credentials for reload */ @@ -260,7 +260,7 @@ public void setAdditionalForReload(final List additiona * The default is to not have a callback. In those case the failure is logged (at error level) and the credential is * reloaded. Otherwise, the implementation assumes that the callback handles logging. *

    - * + * * @param failureCallback * callback function */ @@ -270,7 +270,7 @@ public void setFailureCallback(final BiFunction rel * The default is to not have a callback. In those case the failure is logged (at error level). Otherwise, the * implementation assumes that the callback handles logging. *

    - * + * * @param reloadFailureCallback * callback function */ diff --git a/src/main/java/se/swedenconnect/security/credential/monitoring/DefaultCredentialTestFunction.java b/src/main/java/se/swedenconnect/security/credential/monitoring/DefaultCredentialTestFunction.java index 683ebb0..241b538 100644 --- a/src/main/java/se/swedenconnect/security/credential/monitoring/DefaultCredentialTestFunction.java +++ b/src/main/java/se/swedenconnect/security/credential/monitoring/DefaultCredentialTestFunction.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -35,7 +35,7 @@ *
  • DSA - {@code SHA256withDSA} is the default algorithm when signing.
    • *
  • EC - {@code SHA256withECDSA} is the default algorithm when signing.
    • * - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -99,7 +99,7 @@ else if ("EC".equals(pk.getAlgorithm())) { /** * The name for a specific security {@link Provider} to use. - * + * * @param provider * provider name */ @@ -109,7 +109,7 @@ public void setProvider(final String provider) { /** * Assigns the RSA signature algorithm to use. Defaults to SHA256withRSA. - * + * * @param rsaSignatureAlgorithm * the JCA algorithm name */ @@ -121,7 +121,7 @@ public void setRsaSignatureAlgorithm(final String rsaSignatureAlgorithm) { /** * Assigns the DSA signature algorithm to use. Defaults to SHA256withDSA. - * + * * @param dsaSignatureAlgorithm * the JCA algorithm name */ @@ -133,7 +133,7 @@ public void setDsaSignatureAlgorithm(final String dsaSignatureAlgorithm) { /** * Assigns the EC signature algorithm to use. Defaults to SHA256withECDSA. - * + * * @param ecSignatureAlgorithm * the JCA algorithm name */ diff --git a/src/main/java/se/swedenconnect/security/credential/opensaml/OpenSamlCredential.java b/src/main/java/se/swedenconnect/security/credential/opensaml/OpenSamlCredential.java index 742ef5a..9882486 100644 --- a/src/main/java/se/swedenconnect/security/credential/opensaml/OpenSamlCredential.java +++ b/src/main/java/se/swedenconnect/security/credential/opensaml/OpenSamlCredential.java @@ -33,7 +33,7 @@ * {@link PkiCredential}. This enables us to make use of features such as testing and re-loading (see * {@link ReloadablePkiCredential}), but most importantly, it gives use a smooth way of instantiating OpenSAML * credentials. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -42,16 +42,9 @@ public class OpenSamlCredential extends BasicX509Credential { /** The underlying credential. */ private PkiCredential credential = null; - /** - * Default constructor. - */ - public OpenSamlCredential() { - super(null); - } - /** * Constructor setting up the credential by explicitly assigning the certificate and private key. - * + * * @param entityCertificate the certificate * @param privateKey the private key */ @@ -63,24 +56,29 @@ public OpenSamlCredential(final X509Certificate entityCertificate, final Private * Constructor setting up the OpenSAML credential by assigning a {@link PkiCredential} instance. This type of setting * up the {@code OpenSamlCredential} is recommended since it gives the benefits of monitoring (and reloading) * credentials as well as a simple way to use hardware based keys (e.g. {@link Pkcs11Credential}). - * + * * @param credential the credential to wrap in a OpenSAML credential */ public OpenSamlCredential(final PkiCredential credential) { - super(null); - this.credential = Objects.requireNonNull(credential, "Credential cannot be null"); + super(Objects.requireNonNull(credential, "Credential cannot be null").getCertificate(), + credential.getPrivateKey()); + this.credential = credential; } /** {@inheritDoc} */ @Override public PublicKey getPublicKey() { - return Optional.ofNullable(this.credential).map(PkiCredential::getPublicKey).orElse(super.getPublicKey()); + return Optional.ofNullable(this.credential) + .map(PkiCredential::getPublicKey) + .orElseGet(() -> super.getPublicKey()); } /** {@inheritDoc} */ @Override public PrivateKey getPrivateKey() { - return Optional.ofNullable(this.credential).map(PkiCredential::getPrivateKey).orElse(super.getPrivateKey()); + return Optional.ofNullable(this.credential) + .map(PkiCredential::getPrivateKey) + .orElseGet(() -> super.getPrivateKey()); } /** {@inheritDoc} */ @@ -96,7 +94,9 @@ public void setPrivateKey(final PrivateKey privateKey) { /** {@inheritDoc} */ @Override public X509Certificate getEntityCertificate() { - return Optional.ofNullable(this.credential).map(PkiCredential::getCertificate).orElse(super.getEntityCertificate()); + return Optional.ofNullable(this.credential) + .map(PkiCredential::getCertificate) + .orElseGet(() -> super.getEntityCertificate()); } /** {@inheritDoc} */ @@ -132,23 +132,4 @@ public void setEntityCertificateChain(final Collection certific super.setEntityCertificateChain(certificateChain); } - /** - * Assigns a {@link PkiCredential} instance. This type of setting up the {@code OpenSamlCredential} is recommended - * since it gives the benefits of monitoring (and reloading) credentials as well as a simple way to use hardware based - * keys. - * - * @param credential the credential to wrap in a OpenSAML credential - */ - public void setCredential(final PkiCredential credential) { - if (super.getEntityCertificate() != null) { - throw new IllegalArgumentException( - "Credential can not be assigned since certificate has already been assigned"); - } - if (super.getPrivateKey() != null) { - throw new IllegalArgumentException( - "Credential can not be assigned since private key has already been assigned"); - } - this.credential = Objects.requireNonNull(credential, "Credential cannot be null"); - } - } diff --git a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/AbstractPkcs11Configuration.java b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/AbstractPkcs11Configuration.java index 9c8e8fc..2c23d43 100644 --- a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/AbstractPkcs11Configuration.java +++ b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/AbstractPkcs11Configuration.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,7 +38,7 @@ * Note: If the external configuration file is set, individual settings of library, name, slot or slotListIndex will be * ignored. *

    - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -68,7 +68,7 @@ public AbstractPkcs11Configuration() { /** * Constructor assigning the external PKCS#11 configuration file. - * + * * @param configurationFile * complete path to the PKCS#11 configuration file * @throws Pkcs11ConfigurationException @@ -81,7 +81,7 @@ public AbstractPkcs11Configuration(final String configurationFile) throws Pkcs11 /** * A constructor setting the library, name, slot and slotListIndex individually. See also * {@link #AbstractPkcs11Configuration(String)}. - * + * * @param library * the PKCS#11 library path * @param name @@ -116,7 +116,7 @@ public void afterPropertiesSet() throws Pkcs11ConfigurationException { /** * Gets the complete path to the configuration file. - * + * * @return the PKCS#11 configuration file, or null */ public String getConfigurationFile() { @@ -125,7 +125,7 @@ public String getConfigurationFile() { /** * Assigns the complete path to the external PKCS#11 configuration file. - * + * * @param configurationFile * the path to the external PKCS#11 configuration file */ @@ -159,7 +159,7 @@ public void setConfigurationFile(final String configurationFile) { * If the configuration has been configured by assigning a configuration file ({@link #setConfigurationFile(String)} * or {@link #AbstractPkcs11Configuration(String)}) this method will return {@code null}. *

    - * + * * @return path to PKCS#11 library */ public String getLibrary() { @@ -171,7 +171,7 @@ public String getLibrary() { *

    * Note: If the object has been configured with an external configuration file this call will have no effect. *

    - * + * * @param library * path to PKCS#11 library */ @@ -190,7 +190,7 @@ public void setLibrary(final String library) { * If the configuration has been configured by assigning a configuration file ({@link #setConfigurationFile(String)} * or {@link #AbstractPkcs11Configuration(String)}) this method will return {@code null}. *

    - * + * * @return the name of the HSM slot */ public String getName() { @@ -202,7 +202,7 @@ public String getName() { *

    * Note: If the object has been configured with an external configuration file this call will have no effect. *

    - * + * * @param name * the name of the HSM slot */ @@ -221,7 +221,7 @@ public void setName(final String name) { * If the configuration has been configured by assigning a configuration file ({@link #setConfigurationFile(String)} * or {@link #AbstractPkcs11Configuration(String)}) this method will return {@code null}. *

    - * + * * @return slot number/id, or null */ public String getSlot() { @@ -233,7 +233,7 @@ public String getSlot() { *

    * Note: If the object has been configured with an external configuration file this call will have no effect. *

    - * + * * @param slot * slot number/id */ @@ -252,7 +252,7 @@ public void setSlot(final String slot) { * If the configuration has been configured by assigning a configuration file ({@link #setConfigurationFile(String)} * or {@link #AbstractPkcs11Configuration(String)}) this method will return {@code null}. *

    - * + * * @return the slot list index, or null */ public Integer getSlotListIndex() { @@ -264,7 +264,7 @@ public Integer getSlotListIndex() { *

    * Note: If the object has been configured with an external configuration file this call will have no effect. *

    - * + * * @param slotListIndex * slot list index */ @@ -282,7 +282,7 @@ public void setSlotListIndex(final Integer slotListIndex) { /** * Validates that the supplied configuration file exists. - * + * * @param configurationFile * the file to check * @return the absolute path of the file diff --git a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/DefaultPkcs11Configuration.java b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/DefaultPkcs11Configuration.java index fb7b749..f8ec0fa 100644 --- a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/DefaultPkcs11Configuration.java +++ b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/DefaultPkcs11Configuration.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11Configuration.java b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11Configuration.java index 6221b41..c92977e 100644 --- a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11Configuration.java +++ b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11Configuration.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,7 +22,7 @@ /** * Interface for a PKCS#11 configuration. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -30,10 +30,9 @@ public interface Pkcs11Configuration { /** * Gets the Java security {@link Provider} to use when setting up a PKCS#11 credential. - * + * * @return a Provider instance - * @throws Pkcs11ConfigurationException - * if the configuration is incorrect + * @throws Pkcs11ConfigurationException if the configuration is incorrect */ Provider getProvider() throws Pkcs11ConfigurationException; @@ -46,7 +45,7 @@ public interface Pkcs11Configuration { * Note: If both the private key and the certificate should be obtained from the device, use * {@link #getCredentialProvider()} instead. *

    - * + * * @return a Pkcs11ObjectProvider instance */ Pkcs11ObjectProvider getPrivateKeyProvider(); @@ -58,11 +57,10 @@ public interface Pkcs11Configuration { * How the objects are obtained from the device is dependent on the security provider used. *

    *

    - * In some HSM-deployments the certificate is not kept on the device, only the private key. The - * {@link PkiCredential} object returned from the provider will then return {@code null} for a - * {@link PkiCredential#getCertificate()} call. + * In some HSM-deployments the certificate is not kept on the device, only the private key. The {@link PkiCredential} + * object returned from the provider will then return {@code null} for a {@link PkiCredential#getCertificate()} call. *

    - * + * * @return a Pkcs11ObjectProvider instance */ Pkcs11ObjectProvider getCredentialProvider(); diff --git a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11ConfigurationException.java b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11ConfigurationException.java index 306459a..baebb31 100644 --- a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11ConfigurationException.java +++ b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11ConfigurationException.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,18 +17,18 @@ /** * Exception class for reporting invalid PKCS#11 configuration or failures to instatiate a PKCS#11 provider. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ public class Pkcs11ConfigurationException extends SecurityException { /** For serialization. */ - private static final long serialVersionUID = -1028505897882269160L; + private static final long serialVersionUID = 4753744976030288668L; /** * Constructor setting the error message. - * + * * @param message * the error message */ @@ -38,7 +38,7 @@ public Pkcs11ConfigurationException(final String message) { /** * Constructor setting the error message and the cause of the error. - * + * * @param message * the error message * @param cause diff --git a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11ObjectProvider.java b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11ObjectProvider.java index 92c1b7b..4026b4f 100644 --- a/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11ObjectProvider.java +++ b/src/main/java/se/swedenconnect/security/credential/pkcs11conf/Pkcs11ObjectProvider.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,25 +19,21 @@ /** * A functional interface for getting a reference to an object residing on a PKCS#11 device. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @FunctionalInterface public interface Pkcs11ObjectProvider { - + /** * Gets a reference to an object residing on the PKCS#11 device. - * - * @param provider - * the security provider to use - * @param alias - * the alias to the entry holding the object - * @param pin - * the PIN needed to access the entry + * + * @param provider the security provider to use + * @param alias the alias to the entry holding the object + * @param pin the PIN needed to access the entry * @return an object reference or null if the object is not available - * @throws SecurityException - * if the operation is not successful + * @throws SecurityException if the operation is not successful */ T get(final Provider provider, final String alias, final char[] pin) throws SecurityException; diff --git a/src/main/java/se/swedenconnect/security/credential/utils/PrivateKeyUtils.java b/src/main/java/se/swedenconnect/security/credential/utils/PrivateKeyUtils.java index 3dde070..d6aeec4 100644 --- a/src/main/java/se/swedenconnect/security/credential/utils/PrivateKeyUtils.java +++ b/src/main/java/se/swedenconnect/security/credential/utils/PrivateKeyUtils.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -25,7 +25,7 @@ /** * Utility methods for handling private keys. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -33,12 +33,10 @@ public class PrivateKeyUtils { /** * Decodes a private key in DER, PEM, and unencrypted PKCS#8 formats. - * - * @param bytes - * the key bytes + * + * @param bytes the key bytes * @return the decoded private key - * @throws KeyException - * for decoding errors + * @throws KeyException for decoding errors */ public static PrivateKey decodePrivateKey(final byte[] bytes) throws KeyException { return KeyPairUtil.decodePrivateKey(bytes); @@ -49,12 +47,10 @@ public static PrivateKey decodePrivateKey(final byte[] bytes) throws KeyExceptio *

    * The method does not close the input stream. *

    - * - * @param stream - * the input stream + * + * @param stream the input stream * @return the decoded private key - * @throws KeyException - * for decoding errors + * @throws KeyException for decoding errors */ public static PrivateKey decodePrivateKey(final InputStream stream) throws KeyException { try { @@ -67,12 +63,10 @@ public static PrivateKey decodePrivateKey(final InputStream stream) throws KeyEx /** * Decodes a private key in DER, PEM, and unencrypted PKCS#8 formats. - * - * @param resource - * the resource + * + * @param resource the resource * @return the decoded private key - * @throws KeyException - * for decoding errors + * @throws KeyException for decoding errors */ public static PrivateKey decodePrivateKey(final Resource resource) throws KeyException { try (final InputStream is = resource.getInputStream()) { diff --git a/src/main/java/se/swedenconnect/security/credential/utils/X509Utils.java b/src/main/java/se/swedenconnect/security/credential/utils/X509Utils.java index d237dd7..b32571a 100644 --- a/src/main/java/se/swedenconnect/security/credential/utils/X509Utils.java +++ b/src/main/java/se/swedenconnect/security/credential/utils/X509Utils.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,7 +28,7 @@ /** * Utility methods for working with X.509 certificates and CRL:s. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -48,12 +48,10 @@ public class X509Utils { /** * Decodes a {@link X509Certificate} from its encoding. - * - * @param encoding - * the certificate encoding + * + * @param encoding the certificate encoding * @return a X509Certificate object - * @throws CertificateException - * for decoding errors + * @throws CertificateException for decoding errors */ public static X509Certificate decodeCertificate(final byte[] encoding) throws CertificateException { try (final ByteArrayInputStream bis = new ByteArrayInputStream(encoding)) { @@ -69,12 +67,10 @@ public static X509Certificate decodeCertificate(final byte[] encoding) throws Ce *

    * The method does not close the input stream. *

    - * - * @param stream - * the stream to read + * + * @param stream the stream to read * @return a X509Certificate object - * @throws CertificateException - * for decoding errors + * @throws CertificateException for decoding errors */ public static X509Certificate decodeCertificate(final InputStream stream) throws CertificateException { return (X509Certificate) factory.generateCertificate(stream); @@ -82,12 +78,10 @@ public static X509Certificate decodeCertificate(final InputStream stream) throws /** * Decodes a {@link X509Certificate} from a resource. - * - * @param resource - * the resource to read + * + * @param resource the resource to read * @return a X509Certificate object - * @throws CertificateException - * for decoding errors + * @throws CertificateException for decoding errors */ public static X509Certificate decodeCertificate(final Resource resource) throws CertificateException { try (final InputStream is = resource.getInputStream()) { @@ -100,12 +94,10 @@ public static X509Certificate decodeCertificate(final Resource resource) throws /** * Decodes a {@link X509CRL} from its encoding. - * - * @param encoding - * the CRL encoding + * + * @param encoding the CRL encoding * @return a X509CRL object - * @throws CRLException - * for decoding errors + * @throws CRLException for decoding errors */ public static X509CRL decodeCrl(final byte[] encoding) throws CRLException { try (final ByteArrayInputStream bis = new ByteArrayInputStream(encoding)) { @@ -121,12 +113,10 @@ public static X509CRL decodeCrl(final byte[] encoding) throws CRLException { *

    * The method does not close the input stream. *

    - * - * @param stream - * the stream to read + * + * @param stream the stream to read * @return a X509CRL object - * @throws CRLException - * for decoding errors + * @throws CRLException for decoding errors */ public static X509CRL decodeCrl(final InputStream stream) throws CRLException { return (X509CRL) factory.generateCRL(stream); @@ -134,12 +124,10 @@ public static X509CRL decodeCrl(final InputStream stream) throws CRLException { /** * Decodes a {@link X509CRL} from a resource. - * - * @param resource - * the resource to read + * + * @param resource the resource to read * @return a X509CRL object - * @throws CRLException - * for decoding errors + * @throws CRLException for decoding errors */ public static X509CRL decodeCrl(final Resource resource) throws CRLException { try (final InputStream is = resource.getInputStream()) { @@ -153,9 +141,8 @@ public static X509CRL decodeCrl(final Resource resource) throws CRLException { /** * The {@link X509Certificate#toString()} prints way too much for a normal log entry. This method displays the * subject, issuer and serial number. - * - * @param certificate - * the certificate to log + * + * @param certificate the certificate to log * @return a log string */ public static String toLogString(final X509Certificate certificate) { diff --git a/src/test/java/se/swedenconnect/security/credential/converters/PropertyToX509CertificateConverterTest.java b/src/test/java/se/swedenconnect/security/credential/converters/PropertyToX509CertificateConverterTest.java index 737a27a..f07b135 100644 --- a/src/test/java/se/swedenconnect/security/credential/converters/PropertyToX509CertificateConverterTest.java +++ b/src/test/java/se/swedenconnect/security/credential/converters/PropertyToX509CertificateConverterTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,9 +15,11 @@ */ package se.swedenconnect.security.credential.converters; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertThrows; + import java.security.cert.X509Certificate; -import static org.junit.jupiter.api.Assertions.*; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; @@ -35,7 +37,7 @@ /** * Test cases for PropertyToX509CertificateConverter. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -45,23 +47,23 @@ public class PropertyToX509CertificateConverterTest { @Autowired - ApplicationContext context; - + ApplicationContext context; + @Autowired(required = false) PropertyToX509CertificateConverter propertyToX509CertificateConverter; - + @Autowired(required = false) X509Certificate testCert; - + @Test public void testConvert() throws Exception { PropertyToX509CertificateConverter converter = new PropertyToX509CertificateConverter(); converter.setApplicationContext(this.context); - + X509Certificate cert = converter.convert("classpath:rsa1.crt"); assertNotNull(cert); } - + @Test public void testConvertFailed() throws Exception { assertThrows(IllegalArgumentException.class, () -> { @@ -71,21 +73,21 @@ public void testConvertFailed() throws Exception { converter.convert("classpath:not-found.crt"); }); } - + @Test public void testConverterBean() throws Exception { assertNotNull(this.propertyToX509CertificateConverter, "PropertyToX509CertificateConverter bean is not present"); assertNotNull(this.propertyToX509CertificateConverter.convert("classpath:rsa1.crt")); } - + @Test public void testSpringContextCertSet() throws Exception { assertNotNull(this.testCert); } - @Configuration + @Configuration public static class Config { - + @Bean @ConfigurationPropertiesBinding public PropertyToX509CertificateConverter propertyToX509CertificateConverter() { @@ -98,12 +100,12 @@ public PropertyToX509CertificateConverter propertyToX509CertificateConverter() { public static class CertConfig { @Setter private X509Certificate testcert; - + @Bean public X509Certificate testCert() { return this.testcert; } - } + } } diff --git a/src/test/java/se/swedenconnect/security/credential/opensaml/OpenSamlCredentialTest.java b/src/test/java/se/swedenconnect/security/credential/opensaml/OpenSamlCredentialTest.java index 0122da0..d275f14 100644 --- a/src/test/java/se/swedenconnect/security/credential/opensaml/OpenSamlCredentialTest.java +++ b/src/test/java/se/swedenconnect/security/credential/opensaml/OpenSamlCredentialTest.java @@ -15,9 +15,12 @@ */ package se.swedenconnect.security.credential.opensaml; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + import java.security.KeyStore; -import static org.junit.jupiter.api.Assertions.*; import org.junit.jupiter.api.Test; import org.springframework.core.io.ClassPathResource; @@ -27,53 +30,41 @@ /** * Test cases for X509Credential. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ public class OpenSamlCredentialTest { - + private KeyStore keyStore; - + public OpenSamlCredentialTest() throws Exception { KeyStoreFactoryBean factory = new KeyStoreFactoryBean(new ClassPathResource("rsa1.jks"), "secret".toCharArray()); factory.afterPropertiesSet(); this.keyStore = factory.getObject(); } - + @Test public void testInitKeyAndCertificate() throws Exception { - PkiCredential _cred = new KeyStoreCredential(this.keyStore, "test", "secret".toCharArray()); - + PkiCredential _cred = new KeyStoreCredential(this.keyStore, "test", "secret".toCharArray()); + final OpenSamlCredential cred = new OpenSamlCredential(_cred.getCertificate(), _cred.getPrivateKey()); assertNotNull(cred.getEntityCertificate()); assertNotNull(cred.getPrivateKey()); assertNotNull(cred.getPublicKey()); } - + @Test public void testInitKeyPairCredential() throws Exception { KeyStoreCredential _cred = new KeyStoreCredential(this.keyStore, "test", "secret".toCharArray()); _cred.init(); - + final OpenSamlCredential cred = new OpenSamlCredential(_cred); assertNotNull(cred.getEntityCertificate()); assertNotNull(cred.getPrivateKey()); assertNotNull(cred.getPublicKey()); } - - @Test - public void testInitDefaultAndSetter() throws Exception { - KeyStoreCredential _cred = new KeyStoreCredential(this.keyStore, "test", "secret".toCharArray()); - _cred.init(); - - final OpenSamlCredential cred = new OpenSamlCredential(); - cred.setCredential(_cred); - assertNotNull(cred.getEntityCertificate()); - assertNotNull(cred.getPrivateKey()); - assertNotNull(cred.getPublicKey()); - } - + @Test public void testMixedInit() throws Exception { assertThrows(IllegalArgumentException.class, () -> { @@ -84,23 +75,23 @@ public void testMixedInit() throws Exception { cred.setPrivateKey(_cred.getPrivateKey()); }); } - + @Test public void testSetChain() throws Exception { PkiCredential _cred = new KeyStoreCredential(this.keyStore, "test", "secret".toCharArray()); _cred.init(); - - final OpenSamlCredential cred = new OpenSamlCredential(_cred); + + final OpenSamlCredential cred = new OpenSamlCredential(_cred); assertTrue(cred.getEntityCertificateChain().size() == 1); } - + @Test public void testGetChain() throws Exception { PkiCredential _cred = new KeyStoreCredential(this.keyStore, "test", "secret".toCharArray()); _cred.init(); - - final OpenSamlCredential cred = new OpenSamlCredential(_cred); + + final OpenSamlCredential cred = new OpenSamlCredential(_cred); assertTrue(cred.getEntityCertificateChain().size() == 1); } - + } diff --git a/src/test/java/se/swedenconnect/security/credential/pkcs11conf/MockSunPkcs11Provider.java b/src/test/java/se/swedenconnect/security/credential/pkcs11conf/MockSunPkcs11Provider.java index 6f31b04..30c812b 100644 --- a/src/test/java/se/swedenconnect/security/credential/pkcs11conf/MockSunPkcs11Provider.java +++ b/src/test/java/se/swedenconnect/security/credential/pkcs11conf/MockSunPkcs11Provider.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 Sweden Connect + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,12 +19,11 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.lang.reflect.Constructor; -import java.lang.reflect.InvocationTargetException; import java.nio.file.Files; import java.nio.file.Path; import java.security.InvalidParameterException; import java.security.Key; +import java.security.KeyStore; import java.security.KeyStoreException; import java.security.KeyStoreSpi; import java.security.NoSuchAlgorithmException; @@ -40,16 +39,16 @@ import org.springframework.core.io.Resource; /** - * A mocked provider implementation that mocks a PKCS#11 provider but really is the same as the SUN and SunRsaSign providers (except for - * supporting PKCS#11 keystores). - * + * A mocked provider implementation that mocks a PKCS#11 provider but really is the same as the SUN and SunRsaSign + * providers (except for supporting PKCS#11 keystores). + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ public class MockSunPkcs11Provider extends Provider { public static final String PROVIDER_BASE_NAME = "MockSunPKCS11"; - + private boolean configured = false; private static final long serialVersionUID = -135457117436927350L; @@ -62,7 +61,7 @@ protected MockSunPkcs11Provider(final String name) { this(name, "1.0.0", "Mock provider"); } - protected MockSunPkcs11Provider(String name, String versionStr, String info) { + protected MockSunPkcs11Provider(final String name, final String versionStr, final String info) { super(name, "1.0.0", "Mock provider"); final Provider sunProvider = Security.getProvider("SUN"); @@ -89,7 +88,7 @@ public static MockSunPkcs11Provider createStaticallyConfigured() { p.configured = true; return p; } - + /** {@inheritDoc} */ @Override public Provider configure(final String configArg) { @@ -111,7 +110,7 @@ public Provider configure(final String configArg) { boolean librarySet = false; try (Scanner scanner = new Scanner(new ByteArrayInputStream(configData.getBytes()))) { while (scanner.hasNextLine()) { - String line = scanner.nextLine().trim(); + final String line = scanner.nextLine().trim(); if (line.startsWith("#")) { continue; } @@ -119,7 +118,7 @@ public Provider configure(final String configArg) { librarySet = true; } else if (line.startsWith("name")) { - String[] tokens = line.split("=", 2); + final String[] tokens = line.split("=", 2); if (tokens.length == 2) { name = tokens[1].trim(); } @@ -132,11 +131,11 @@ else if (line.startsWith("name")) { if (!librarySet) { throw new InvalidParameterException("Invalid configuration data - Missing library"); } - MockSunPkcs11Provider newProv = new MockSunPkcs11Provider(PROVIDER_BASE_NAME + "-" + name); + final MockSunPkcs11Provider newProv = new MockSunPkcs11Provider(PROVIDER_BASE_NAME + "-" + name); newProv.configured = true; return newProv; } - catch (IOException e) { + catch (final IOException e) { throw new InvalidParameterException("Invalid configuration data - " + e.getMessage()); } } @@ -144,14 +143,14 @@ else if (line.startsWith("name")) { @Override public boolean isConfigured() { return this.configured; - } - + } + public static class MockedPkcs11ResourceHolder { private static final MockedPkcs11ResourceHolder INSTANCE = new MockedPkcs11ResourceHolder(); private Resource resource; - + private boolean mockNoCertificate = false; public static MockedPkcs11ResourceHolder getInstance() { @@ -165,12 +164,12 @@ public Resource getResource() { public void setResource(final Resource resource) { this.resource = resource; } - + public boolean isMockNoCertificate() { return this.mockNoCertificate; } - public void setMockNoCertificate(boolean mockNoCertificate) { + public void setMockNoCertificate(final boolean mockNoCertificate) { this.mockNoCertificate = mockNoCertificate; } @@ -180,114 +179,166 @@ private MockedPkcs11ResourceHolder() { public static class MockKeyStoreSpi extends KeyStoreSpi { - private KeyStoreSpi spi; + private KeyStore ks; public MockKeyStoreSpi() { try { - Class spiClass = Class.forName("sun.security.provider.JavaKeyStore$JKS"); - Constructor ctor = spiClass.getConstructor(); - this.spi = (KeyStoreSpi) ctor.newInstance(); + this.ks = KeyStore.getInstance("JKS"); } - catch (ClassNotFoundException | NoSuchMethodException | InstantiationException | IllegalAccessException | IllegalArgumentException - | InvocationTargetException e) { + catch (final KeyStoreException e) { throw new RuntimeException(e); } } @Override - public void engineLoad(InputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException { + public void engineLoad(final InputStream stream, final char[] password) + throws IOException, NoSuchAlgorithmException, CertificateException { if (stream != null) { - this.spi.engineLoad(stream, password); + this.ks.load(stream, password); } else { - Resource resource = MockedPkcs11ResourceHolder.getInstance().getResource(); + final Resource resource = MockedPkcs11ResourceHolder.getInstance().getResource(); if (resource == null) { throw new IOException("No resource available"); } try (InputStream is = resource.getInputStream()) { - this.spi.engineLoad(is, password); + this.ks.load(is, password); } } } @Override - public Key engineGetKey(String alias, char[] password) throws NoSuchAlgorithmException, UnrecoverableKeyException { - return this.spi.engineGetKey(alias, password); + public Key engineGetKey(final String alias, final char[] password) + throws NoSuchAlgorithmException, UnrecoverableKeyException { + try { + return this.ks.getKey(alias, password); + } + catch (final KeyStoreException e) { + throw new RuntimeException(e); + } } @Override - public Certificate[] engineGetCertificateChain(String alias) { + public Certificate[] engineGetCertificateChain(final String alias) { if (MockedPkcs11ResourceHolder.getInstance().isMockNoCertificate()) { return null; - } - return this.spi.engineGetCertificateChain(alias); + } + try { + return this.ks.getCertificateChain(alias); + } + catch (final KeyStoreException e) { + return null; + } } @Override - public Certificate engineGetCertificate(String alias) { + public Certificate engineGetCertificate(final String alias) { if (MockedPkcs11ResourceHolder.getInstance().isMockNoCertificate()) { return null; } - return this.spi.engineGetCertificate(alias); + try { + return this.ks.getCertificate(alias); + } + catch (final KeyStoreException e) { + return null; + } } @Override - public Date engineGetCreationDate(String alias) { - return this.spi.engineGetCreationDate(alias); + public Date engineGetCreationDate(final String alias) { + try { + return this.ks.getCreationDate(alias); + } + catch (final KeyStoreException e) { + return null; + } } @Override - public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException { + public void engineSetKeyEntry(final String alias, final Key key, final char[] password, final Certificate[] chain) + throws KeyStoreException { throw new IllegalArgumentException("Not allowed for PKCS11"); } @Override - public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException { + public void engineSetKeyEntry(final String alias, final byte[] key, final Certificate[] chain) + throws KeyStoreException { throw new IllegalArgumentException("Not allowed for PKCS11"); } @Override - public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException { + public void engineSetCertificateEntry(final String alias, final Certificate cert) throws KeyStoreException { throw new IllegalArgumentException("Not allowed for PKCS11"); } @Override - public void engineDeleteEntry(String alias) throws KeyStoreException { + public void engineDeleteEntry(final String alias) throws KeyStoreException { throw new IllegalArgumentException("Not allowed for PKCS11"); } @Override public Enumeration engineAliases() { - return this.spi.engineAliases(); + try { + return this.ks.aliases(); + } + catch (final KeyStoreException e) { + throw new RuntimeException(e); + } } @Override - public boolean engineContainsAlias(String alias) { - return this.spi.engineContainsAlias(alias); + public boolean engineContainsAlias(final String alias) { + try { + return this.ks.containsAlias(alias); + } + catch (final KeyStoreException e) { + return false; + } } @Override public int engineSize() { - return this.spi.engineSize(); + try { + return this.ks.size(); + } + catch (final KeyStoreException e) { + throw new RuntimeException(e); + } } @Override - public boolean engineIsKeyEntry(String alias) { - return this.spi.engineIsKeyEntry(alias); + public boolean engineIsKeyEntry(final String alias) { + try { + return this.ks.isKeyEntry(alias); + } + catch (final KeyStoreException e) { + return false; + } } @Override - public boolean engineIsCertificateEntry(String alias) { - return this.spi.engineIsCertificateEntry(alias); + public boolean engineIsCertificateEntry(final String alias) { + try { + return this.ks.isCertificateEntry(alias); + } + catch (final KeyStoreException e) { + return false; + } } @Override - public String engineGetCertificateAlias(Certificate cert) { - return this.spi.engineGetCertificateAlias(cert); + public String engineGetCertificateAlias(final Certificate cert) { + try { + return this.ks.getCertificateAlias(cert); + } + catch (final KeyStoreException e) { + throw new RuntimeException(e); + } } @Override - public void engineStore(OutputStream stream, char[] password) throws IOException, NoSuchAlgorithmException, CertificateException { + public void engineStore(final OutputStream stream, final char[] password) + throws IOException, NoSuchAlgorithmException, CertificateException { throw new IOException("Not allowed for PKCS11"); } diff --git a/src/test/java/se/swedenconnect/security/credential/pkcs11conf/SpringBootConfigurationTest.java b/src/test/java/se/swedenconnect/security/credential/pkcs11conf/SpringBootConfigurationTest.java index 45a0340..f325c7f 100644 --- a/src/test/java/se/swedenconnect/security/credential/pkcs11conf/SpringBootConfigurationTest.java +++ b/src/test/java/se/swedenconnect/security/credential/pkcs11conf/SpringBootConfigurationTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 IDsec Solutions AB + * Copyright 2020-2023 Sweden Connect * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/test/java/se/swedenconnect/security/credential/spring/CredentialsConfiguration.java b/src/test/java/se/swedenconnect/security/credential/spring/CredentialsConfiguration.java index d33f601..15e2904 100644 --- a/src/test/java/se/swedenconnect/security/credential/spring/CredentialsConfiguration.java +++ b/src/test/java/se/swedenconnect/security/credential/spring/CredentialsConfiguration.java @@ -42,7 +42,7 @@ /** * A Spring configuration file that illustrates how credentials are instantiated. - * + * * @author Martin Lindström (martin@idsec.se) * @author Stefan Santesson (stefan@idsec.se) */ @@ -79,49 +79,49 @@ public void destroy() throws Exception { /** * Gets the bean that registers a converter that takes us from a string (in an application properties file) to a * {@link PrivateKey} instance. - * + * * @return a PropertyToPrivateKeyConverter bean */ @Bean @ConfigurationPropertiesBinding - public PropertyToPrivateKeyConverter propertyToPrivateKeyConverter() { + PropertyToPrivateKeyConverter propertyToPrivateKeyConverter() { return new PropertyToPrivateKeyConverter(); } /** * Gets the bean that registers a converter that takes us from a string (in an application properties file) to a * {@link X509Certificate} instance. - * + * * @return a PropertyToX509CertificateConverter bean */ @Bean @ConfigurationPropertiesBinding - public PropertyToX509CertificateConverter propertyToX509CertificateConverter() { + PropertyToX509CertificateConverter propertyToX509CertificateConverter() { return new PropertyToX509CertificateConverter(); } /** * Gets a {@link BasicCredential} instance based on the application properties prefixed by {@code credential1.}. In * our example the application.properties contains: - * + * * 
        * credential1.private-key=classpath:rsa1.pkcs8.key
    * credential1.certificate=classpath:rsa1.crt
    * credential1.name=Credential-1
    *
    - * + * * @return a BasicCredential instance */ @Bean("credential1") @ConfigurationProperties("credential1") - public PkiCredential credential1() { + PkiCredential credential1() { return new BasicCredential(); } /** * Gets a {@link KeyStoreCredential} instance based on the application properties prefixed by {@code credential2.}. In * our example the application.properties contains: - * + * * 
        * credential2.resource=classpath:rsa1.jks
    * credential2.password=secret
@@ -129,19 +129,19 @@ public PkiCredential credential1() {
    * credential2.key-password=${credential2.password}
    * credential2.type=JKS
    *
    - * + * * @return a KeyStoreCredential instance */ @Bean("credential2") @ConfigurationProperties("credential2") - public PkiCredential credential2() { + PkiCredential credential2() { return new KeyStoreCredential(); } /** * Gets a {@link Pkcs11Credential} instance based on the application properties prefixed by {@code credential3.}. In * our example the application.properties contains: - * + * * 
        * credential3.configuration.configuration-file=
    * credential3.configuration.base-provider-name=MockSunPKCS11
@@ -153,20 +153,20 @@ public PkiCredential credential2() {
    * scenario (where the SunPKCS11 provider is used), the following configuration could be used (with no need for an
    * explicit creation if the DefaultPkcs11Configuration bean).
    * 
    
-   * 
+   *
    * 
        * credential3.configuration-file=
    * credential3.alias=test
    * credential3.pin=secret
    * 
    
-   * 
+   *
    * @param pkcs11Configuration
    *          PKCS#11 configuration (needed since we are mocking PKCS#11)
    * @return a Pkcs11Credential instance
    */
   @Bean("credential3")
   @ConfigurationProperties("credential3")
-  public ReloadablePkiCredential credential3(final DefaultPkcs11Configuration pkcs11Configuration) {
+  ReloadablePkiCredential credential3(final DefaultPkcs11Configuration pkcs11Configuration) {
     final Pkcs11Credential cred = new Pkcs11Credential();
     cred.setConfiguration(pkcs11Configuration);
     return cred;
@@ -174,14 +174,14 @@ public ReloadablePkiCredential credential3(final DefaultPkcs11Configuration pkcs
 
   @Bean
   @ConfigurationProperties("credential3.configuration")
-  public DefaultPkcs11Configuration pkcs11Configuration() {
+  DefaultPkcs11Configuration pkcs11Configuration() {
     return new DefaultPkcs11Configuration();
   }
-  
+
   /**
-   * Gets a {@link KeyStoreCredential} instance that delivers a KeyStore for a PKCS#11 device. It is based 
+   * Gets a {@link KeyStoreCredential} instance that delivers a KeyStore for a PKCS#11 device. It is based
    * on the application properties prefixed by {@code credential4.}. In our example the application.properties contains:
-   * 
+   *
    * 
        * credential4.provider=MockSunPKCS11
    * credential4.pkcs11-configuration=src/test/resources/cfg1.txt
@@ -191,17 +191,17 @@ public DefaultPkcs11Configuration pkcs11Configuration() {
    * credential4.type=PKCS11
    * credential4.name=Credential-4
    * 
    
-   * 
+   *
    * @return a KeyStoreCredential instance
    */
   @Bean("credential4")
   @ConfigurationProperties("credential4")
-  public ReloadablePkiCredential credential4() {
+  ReloadablePkiCredential credential4() {
     return new KeyStoreCredential();
   }
-  
+
   @Bean
-  public CredentialMonitorBean credentialMonitorBean(final List credentials) {
+  CredentialMonitorBean credentialMonitorBean(final List credentials) {
     final DefaultCredentialMonitorBean monitorBean = new DefaultCredentialMonitorBean(credentials);
     monitorBean.setReloadSuccessCallback((c) -> System.out.println("Credential " + c.getName() + " was reloaded"));
     monitorBean.setFailureCallback((c, e) -> {