Example 1 with SMPKeyManager
use of com.helger.phoss.smp.security.SMPKeyManager in project phoss-smp by phax.
the class SMPStatusProvider method getDefaultStatusData.
@Nonnull
@ReturnsMutableCopy
public static IJsonObject getDefaultStatusData(final boolean bDisableLongRunningOperations) {
if (LOGGER.isDebugEnabled())
LOGGER.debug("Building status data");
final StopWatch aSW = StopWatch.createdStarted();
final ISMPSettings aSettings = SMPMetaManager.getSettings();
final LocalDateTime aNow = PDTFactory.getCurrentLocalDateTime();
final ISMLInfo aSMLInfo = aSettings.getSMLInfo();
final IJsonObject aStatusData = new JsonObject();
// Since 5.0.7
aStatusData.add("build.timestamp", CSMPServer.getBuildTimestamp());
// Since 5.3.3
aStatusData.addIfNotNull("startup.datetime", PDTWebDateHelper.getAsStringXSD(SMPWebAppListener.getStartupDateTime()));
aStatusData.add("status.datetime", PDTWebDateHelper.getAsStringXSD(PDTFactory.getCurrentOffsetDateTimeUTC()));
aStatusData.add("version.smp", CSMPServer.getVersionNumber());
aStatusData.add("version.java", SystemProperties.getJavaVersion());
aStatusData.add("global.debug", GlobalDebug.isDebugMode());
aStatusData.add("global.production", GlobalDebug.isProductionMode());
aStatusData.add("smp.backend", SMPServerConfiguration.getBackend());
aStatusData.add("smp.mode", SMPWebAppConfiguration.isTestVersion() ? "test" : "production");
aStatusData.add("smp.resttype", SMPServerConfiguration.getRESTType().getID());
aStatusData.add("smp.identifiertype", SMPServerConfiguration.getIdentifierType().getID());
aStatusData.add("smp.id", SMPServerConfiguration.getSMLSMPID());
aStatusData.add("smp.writable-rest-api.enabled", !aSettings.isRESTWritableAPIDisabled());
// New in 5.1.0
aStatusData.add("smp.publicurl", SMPServerConfiguration.getPublicServerURL());
// New in 5.1.0
aStatusData.add("smp.forceroot", SMPServerConfiguration.isForceRoot());
// New in 5.2.0
aStatusData.add("smp.rest.log-exceptions", SMPServerConfiguration.isRESTLogExceptions());
// New in 5.2.1
aStatusData.add("smp.rest.payload-on-error", SMPServerConfiguration.isRESTPayloadOnError());
// SML information
aStatusData.add("smp.sml.enabled", aSettings.isSMLEnabled());
aStatusData.add("smp.sml.needed", aSettings.isSMLRequired());
if (aSMLInfo != null) {
aStatusData.add("smp.sml.url", aSMLInfo.getManagementServiceURL());
aStatusData.add("smp.sml.dnszone", aSMLInfo.getDNSZone());
}
aStatusData.addIfNotNull("smp.sml.connection-timeout-ms", SMPServerConfiguration.getSMLConnectionTimeoutMS());
aStatusData.add("smp.sml.request-timeout-ms", SMPServerConfiguration.getSMLRequestTimeoutMS());
// Directory information
aStatusData.add("smp.pd.enabled", aSettings.isDirectoryIntegrationEnabled());
// New in 5.1.0
aStatusData.add("smp.pd.needed", aSettings.isDirectoryIntegrationRequired());
aStatusData.add("smp.pd.auto-update", aSettings.isDirectoryIntegrationAutoUpdate());
aStatusData.add("smp.pd.hostname", aSettings.getDirectoryHostName());
// Certificate information
final boolean bCertConfigOk = SMPKeyManager.isKeyStoreValid();
aStatusData.add("smp.certificate.configuration-valid", bCertConfigOk);
if (bCertConfigOk) {
final SMPKeyManager aKeyMgr = SMPKeyManager.getInstance();
final PrivateKeyEntry aKeyEntry = aKeyMgr.getPrivateKeyEntry();
if (aKeyEntry != null) {
final Certificate[] aChain = aKeyEntry.getCertificateChain();
if (aChain.length > 0 && aChain[0] instanceof X509Certificate) {
final X509Certificate aX509Cert = (X509Certificate) aChain[0];
aStatusData.add("smp.certificate.issuer", aX509Cert.getIssuerX500Principal().getName());
aStatusData.add("smp.certificate.subject", aX509Cert.getSubjectX500Principal().getName());
final LocalDateTime aNotAfter = PDTFactory.createLocalDateTime(aX509Cert.getNotAfter());
final boolean bIsExpired = aNow.isAfter(aNotAfter);
aStatusData.add("smp.certificate.expired", bIsExpired);
}
}
}
// Proxy configuration (since 5.2.0)
aStatusData.add("proxy.http.configured", SMPServerConfiguration.getAsHttpProxySettings() != null);
aStatusData.add("proxy.https.configured", SMPServerConfiguration.getAsHttpsProxySettings() != null);
aStatusData.add("proxy.username.configured", StringHelper.hasText(SMPServerConfiguration.getProxyUsername()));
// CSP configuration (since 5.2.6)
aStatusData.add("csp.enabled", SMPWebAppConfiguration.isCSPEnabled());
aStatusData.add("csp.reporting.only", SMPWebAppConfiguration.isCSPReportingOnly());
aStatusData.add("csp.reporting.enabled", SMPWebAppConfiguration.isCSPReportingEnabled());
// Add SPI data as well
for (final ISMPStatusProviderExtensionSPI aImpl : LIST) {
final ICommonsOrderedMap<String, ?> aMap = aImpl.getAdditionalStatusData(bDisableLongRunningOperations);
aStatusData.addAll(aMap);
}
final long nMillis = aSW.stopAndGetMillis();
if (nMillis > 100)
LOGGER.info("Finished building status data after " + nMillis + " milliseconds which is considered to be too long");
else if (LOGGER.isDebugEnabled())
LOGGER.debug("Finished building status data");
return aStatusData;
}
Also used :
LocalDateTime(java.time.LocalDateTime)
ISMLInfo(com.helger.peppol.sml.ISMLInfo)
IJsonObject(com.helger.json.IJsonObject)
JsonObject(com.helger.json.JsonObject)
X509Certificate(java.security.cert.X509Certificate)
StopWatch(com.helger.commons.timing.StopWatch)
SMPKeyManager(com.helger.phoss.smp.security.SMPKeyManager)
ISMPSettings(com.helger.phoss.smp.settings.ISMPSettings)
IJsonObject(com.helger.json.IJsonObject)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
ReturnsMutableCopy(com.helger.commons.annotation.ReturnsMutableCopy)
Nonnull(javax.annotation.Nonnull)
Example 2 with SMPKeyManager
use of com.helger.phoss.smp.security.SMPKeyManager in project phoss-smp by phax.
the class PageSecureCertificateInformation method fillContent.
@Override
protected void fillContent(@Nonnull final WebPageExecutionContext aWPEC) {
final HCNodeList aNodeList = aWPEC.getNodeList();
final Locale aDisplayLocale = aWPEC.getDisplayLocale();
final ZonedDateTime aNowZDT = PDTFactory.getCurrentZonedDateTime();
final LocalDateTime aNowLDT = aNowZDT.toLocalDateTime();
final String sDirectoryName = SMPWebAppConfiguration.getDirectoryName();
if (aWPEC.hasAction(ACTION_RELOAD_KEYSTORE)) {
SMPKeyManager.reloadFromConfiguration();
aWPEC.postRedirectGetInternal(info("The keystore was updated from the configuration at " + DateTimeFormatter.ISO_DATE_TIME.format(aNowZDT) + ". The changes are reflected below."));
} else if (aWPEC.hasAction(ACTION_RELOAD_TRUSTSTORE)) {
SMPTrustManager.reloadFromConfiguration();
aWPEC.postRedirectGetInternal(info("The truststore was updated from the configuration at " + DateTimeFormatter.ISO_DATE_TIME.format(aNowZDT) + ". The changes are reflected below."));
} else if (aWPEC.hasAction(ACTION_RELOAD_DIRECTORY_CONFIGURATION)) {
PDClientConfiguration.reloadConfiguration();
aWPEC.postRedirectGetInternal(info("The " + sDirectoryName + " configuration was reloaded at " + DateTimeFormatter.ISO_DATE_TIME.format(aNowZDT) + ". The changes are reflected below."));
}
{
final BootstrapButtonToolbar aToolbar = new BootstrapButtonToolbar(aWPEC);
aToolbar.addChild(new BootstrapButton().addChild("Reload keystore").setIcon(EDefaultIcon.REFRESH).setOnClick(aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, ACTION_RELOAD_KEYSTORE)));
aToolbar.addChild(new BootstrapButton().addChild("Reload truststore").setIcon(EDefaultIcon.REFRESH).setOnClick(aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, ACTION_RELOAD_TRUSTSTORE)));
if (SMPMetaManager.getSettings().isDirectoryIntegrationEnabled()) {
aToolbar.addChild(new BootstrapButton().addChild("Reload " + sDirectoryName + " configuration").setIcon(EDefaultIcon.REFRESH).setOnClick(aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, ACTION_RELOAD_DIRECTORY_CONFIGURATION)));
}
aNodeList.addChild(aToolbar);
}
final BootstrapTabBox aTabBox = aNodeList.addAndReturnChild(new BootstrapTabBox());
// SMP Key store
{
final HCNodeList aTab = new HCNodeList();
if (!SMPKeyManager.isKeyStoreValid()) {
aTab.addChild(error(SMPKeyManager.getInitializationError()));
} else {
// Successfully loaded private key
final SMPKeyManager aKeyMgr = SMPKeyManager.getInstance();
final KeyStore aKeyStore = aKeyMgr.getKeyStore();
if (aKeyStore != null) {
try {
int nKeyEntries = 0;
for (final String sAlias : CollectionHelper.newList(aKeyStore.aliases())) {
if (aKeyStore.isKeyEntry(sAlias))
nKeyEntries++;
}
if (nKeyEntries == 0)
aTab.addChild(error("Found no private key entry in the configured key store."));
else if (nKeyEntries > 1)
aTab.addChild(warn("The configured key store contains " + nKeyEntries + " key entries. It is highly recommended to have only the SMP key in the key store to avoid issues with the SML communication."));
} catch (final GeneralSecurityException ex) {
aTab.addChild(error("Error iterating key store.").addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
}
}
final PrivateKeyEntry aKeyEntry = aKeyMgr.getPrivateKeyEntry();
if (aKeyEntry != null) {
final Certificate[] aChain = aKeyEntry.getCertificateChain();
// Key store path and password are fine
aTab.addChild(success(div("Keystore is located at '" + SMPServerConfiguration.getKeyStorePath() + "' and was successfully loaded.")).addChild(div("The private key with the alias '" + SMPServerConfiguration.getKeyStoreKeyAlias() + "' was successfully loaded.")));
if (aChain.length > 0 && aChain[0] instanceof X509Certificate) {
final X509Certificate aHead = (X509Certificate) aChain[0];
final String sIssuer = aHead.getIssuerX500Principal().getName();
final EPredefinedCert eCert = EPredefinedCert.getFromIssuerOrNull(sIssuer);
if (eCert != null) {
if (eCert.isDeprecated())
aTab.addChild(warn("You are currently using a ").addChild(strong("deprecated")).addChild(" " + eCert.getName() + " certificate!"));
else
aTab.addChild(info("You are currently using a " + eCert.getName() + " certificate!"));
if (aChain.length != eCert.getCertificateTreeLength())
aTab.addChild(error("The private key should be a chain of " + eCert.getCertificateTreeLength() + " certificates but it has " + aChain.length + " certificates. Please ensure that the respective root certificates are contained correctly!"));
}
// else: we don't care
}
final String sAlias = SMPServerConfiguration.getKeyStoreKeyAlias();
final HCOL aOL = new HCOL();
for (final Certificate aCert : aChain) {
if (aCert instanceof X509Certificate) {
final X509Certificate aX509Cert = (X509Certificate) aCert;
final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
aOL.addItem(aCertDetails);
} else
aOL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
}
aTab.addChild(aOL);
}
}
aTabBox.addTab("keystore", "Keystore", aTab);
}
// SMP Trust store
{
final HCNodeList aTab = new HCNodeList();
if (!SMPTrustManager.isTrustStoreValid()) {
aTab.addChild(warn(SMPTrustManager.getInitializationError()));
} else {
// Successfully loaded trust store
final SMPTrustManager aTrustMgr = SMPTrustManager.getInstance();
final KeyStore aTrustStore = aTrustMgr.getTrustStore();
// Trust store path and password are fine
aTab.addChild(success(div("Truststore is located at '" + SMPServerConfiguration.getTrustStorePath() + "' and was successfully loaded.")));
final HCOL aOL = new HCOL();
try {
for (final String sAlias : CollectionHelper.newList(aTrustStore.aliases())) {
final Certificate aCert = aTrustStore.getCertificate(sAlias);
if (aCert instanceof X509Certificate) {
final X509Certificate aX509Cert = (X509Certificate) aCert;
final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
aOL.addItem(aCertDetails);
} else
aOL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
}
} catch (final GeneralSecurityException ex) {
aOL.addItem(error("Error iterating trust store.").addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
}
aTab.addChild(aOL);
}
aTabBox.addTab("truststore", "Truststore", aTab);
}
// Peppol Directory client certificate
if (SMPMetaManager.getSettings().isDirectoryIntegrationEnabled()) {
// Directory client keystore
{
final HCNodeList aTab = new HCNodeList();
final LoadedKeyStore aKeyStoreLR = PDClientConfiguration.loadKeyStore();
if (aKeyStoreLR.isFailure()) {
aTab.addChild(error(PeppolKeyStoreHelper.getLoadError(aKeyStoreLR)));
} else {
final String sKeyStorePath = PDClientConfiguration.getKeyStorePath();
final LoadedKey<KeyStore.PrivateKeyEntry> aKeyLoading = PDClientConfiguration.loadPrivateKey(aKeyStoreLR.getKeyStore());
if (aKeyLoading.isFailure()) {
aTab.addChild(success(div("Keystore is located at '" + sKeyStorePath + "' and was successfully loaded.")));
aTab.addChild(error(PeppolKeyStoreHelper.getLoadError(aKeyLoading)));
} else {
// Successfully loaded private key
final String sAlias = PDClientConfiguration.getKeyStoreKeyAlias();
final PrivateKeyEntry aKeyEntry = aKeyLoading.getKeyEntry();
final Certificate[] aChain = aKeyEntry.getCertificateChain();
// Key store path and password are fine
aTab.addChild(success(div("Keystore is located at '" + sKeyStorePath + "' and was successfully loaded.")).addChild(div("The private key with the alias '" + sAlias + "' was successfully loaded.")));
if (aChain.length > 0 && aChain[0] instanceof X509Certificate) {
final X509Certificate aHead = (X509Certificate) aChain[0];
final String sIssuer = aHead.getIssuerX500Principal().getName();
final EPredefinedCert eCert = EPredefinedCert.getFromIssuerOrNull(sIssuer);
if (eCert != null) {
if (eCert.isDeprecated()) {
aTab.addChild(warn("You are currently using a ").addChild(strong("deprecated")).addChild(" " + eCert.getName() + " certificate!"));
} else
aTab.addChild(info("You are currently using a " + eCert.getName() + " certificate!"));
if (aChain.length != eCert.getCertificateTreeLength())
aTab.addChild(error("The private key should be a chain of " + eCert.getCertificateTreeLength() + " certificates but it has " + aChain.length + " certificates. Please ensure that the respective root certificates are contained!"));
}
// else: we don't care
}
final HCOL aUL = new HCOL();
for (final Certificate aCert : aChain) {
if (aCert instanceof X509Certificate) {
final X509Certificate aX509Cert = (X509Certificate) aCert;
final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
aUL.addItem(aCertDetails);
} else
aUL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
}
aTab.addChild(aUL);
}
}
aTabBox.addTab("pdkeystore", sDirectoryName + " Keystore", aTab);
}
// Directory client truststore
{
final HCNodeList aTab = new HCNodeList();
final LoadedKeyStore aTrustStoreLR = PDClientConfiguration.loadTrustStore();
if (aTrustStoreLR.isFailure()) {
aTab.addChild(error(PeppolKeyStoreHelper.getLoadError(aTrustStoreLR)));
} else {
// Successfully loaded trust store
final String sTrustStorePath = PDClientConfiguration.getTrustStorePath();
final KeyStore aTrustStore = aTrustStoreLR.getKeyStore();
// Trust store path and password are fine
aTab.addChild(success(div("Truststore is located at '" + sTrustStorePath + "' and was successfully loaded.")));
final HCOL aOL = new HCOL();
try {
for (final String sAlias : CollectionHelper.newList(aTrustStore.aliases())) {
final Certificate aCert = aTrustStore.getCertificate(sAlias);
if (aCert instanceof X509Certificate) {
final X509Certificate aX509Cert = (X509Certificate) aCert;
final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
aOL.addItem(aCertDetails);
} else
aOL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
}
} catch (final GeneralSecurityException ex) {
aOL.addItem(error("Error iterating trust store.").addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
}
aTab.addChild(aOL);
}
aTabBox.addTab("pdtruststore", sDirectoryName + " Truststore", aTab);
}
}
}
Also used :
Locale(java.util.Locale)
LocalDateTime(java.time.LocalDateTime)
HCNodeList(com.helger.html.hc.impl.HCNodeList)
GeneralSecurityException(java.security.GeneralSecurityException)
LoadedKey(com.helger.security.keystore.LoadedKey)
BootstrapTabBox(com.helger.photon.bootstrap4.nav.BootstrapTabBox)
LoadedKeyStore(com.helger.security.keystore.LoadedKeyStore)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
SMPTrustManager(com.helger.phoss.smp.security.SMPTrustManager)
SMPKeyManager(com.helger.phoss.smp.security.SMPKeyManager)
BootstrapTable(com.helger.photon.bootstrap4.table.BootstrapTable)
ZonedDateTime(java.time.ZonedDateTime)
LoadedKeyStore(com.helger.security.keystore.LoadedKeyStore)
HCOL(com.helger.html.hc.html.grouping.HCOL)
BootstrapButton(com.helger.photon.bootstrap4.button.BootstrapButton)
BootstrapButtonToolbar(com.helger.photon.bootstrap4.buttongroup.BootstrapButtonToolbar)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
SMPKeyManager (com.helger.phoss.smp.security.SMPKeyManager)2
PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)2
Certificate (java.security.cert.Certificate)2
X509Certificate (java.security.cert.X509Certificate)2
LocalDateTime (java.time.LocalDateTime)2
ReturnsMutableCopy (com.helger.commons.annotation.ReturnsMutableCopy)1
StopWatch (com.helger.commons.timing.StopWatch)1
HCOL (com.helger.html.hc.html.grouping.HCOL)1
HCNodeList (com.helger.html.hc.impl.HCNodeList)1
IJsonObject (com.helger.json.IJsonObject)1
JsonObject (com.helger.json.JsonObject)1
ISMLInfo (com.helger.peppol.sml.ISMLInfo)1
SMPTrustManager (com.helger.phoss.smp.security.SMPTrustManager)1
ISMPSettings (com.helger.phoss.smp.settings.ISMPSettings)1
BootstrapButton (com.helger.photon.bootstrap4.button.BootstrapButton)1
BootstrapButtonToolbar (com.helger.photon.bootstrap4.buttongroup.BootstrapButtonToolbar)1
BootstrapTabBox (com.helger.photon.bootstrap4.nav.BootstrapTabBox)1
BootstrapTable (com.helger.photon.bootstrap4.table.BootstrapTable)1
LoadedKey (com.helger.security.keystore.LoadedKey)1
LoadedKeyStore (com.helger.security.keystore.LoadedKeyStore)1
