Example 1 with SMPTrustManager
use of com.helger.phoss.smp.security.SMPTrustManager in project phoss-smp by phax.
the class PageSecureCertificateInformation method fillContent.
@Override
protected void fillContent(@Nonnull final WebPageExecutionContext aWPEC) {
final HCNodeList aNodeList = aWPEC.getNodeList();
final Locale aDisplayLocale = aWPEC.getDisplayLocale();
final ZonedDateTime aNowZDT = PDTFactory.getCurrentZonedDateTime();
final LocalDateTime aNowLDT = aNowZDT.toLocalDateTime();
final String sDirectoryName = SMPWebAppConfiguration.getDirectoryName();
if (aWPEC.hasAction(ACTION_RELOAD_KEYSTORE)) {
SMPKeyManager.reloadFromConfiguration();
aWPEC.postRedirectGetInternal(info("The keystore was updated from the configuration at " + DateTimeFormatter.ISO_DATE_TIME.format(aNowZDT) + ". The changes are reflected below."));
} else if (aWPEC.hasAction(ACTION_RELOAD_TRUSTSTORE)) {
SMPTrustManager.reloadFromConfiguration();
aWPEC.postRedirectGetInternal(info("The truststore was updated from the configuration at " + DateTimeFormatter.ISO_DATE_TIME.format(aNowZDT) + ". The changes are reflected below."));
} else if (aWPEC.hasAction(ACTION_RELOAD_DIRECTORY_CONFIGURATION)) {
PDClientConfiguration.reloadConfiguration();
aWPEC.postRedirectGetInternal(info("The " + sDirectoryName + " configuration was reloaded at " + DateTimeFormatter.ISO_DATE_TIME.format(aNowZDT) + ". The changes are reflected below."));
}
{
final BootstrapButtonToolbar aToolbar = new BootstrapButtonToolbar(aWPEC);
aToolbar.addChild(new BootstrapButton().addChild("Reload keystore").setIcon(EDefaultIcon.REFRESH).setOnClick(aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, ACTION_RELOAD_KEYSTORE)));
aToolbar.addChild(new BootstrapButton().addChild("Reload truststore").setIcon(EDefaultIcon.REFRESH).setOnClick(aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, ACTION_RELOAD_TRUSTSTORE)));
if (SMPMetaManager.getSettings().isDirectoryIntegrationEnabled()) {
aToolbar.addChild(new BootstrapButton().addChild("Reload " + sDirectoryName + " configuration").setIcon(EDefaultIcon.REFRESH).setOnClick(aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, ACTION_RELOAD_DIRECTORY_CONFIGURATION)));
}
aNodeList.addChild(aToolbar);
}
final BootstrapTabBox aTabBox = aNodeList.addAndReturnChild(new BootstrapTabBox());
// SMP Key store
{
final HCNodeList aTab = new HCNodeList();
if (!SMPKeyManager.isKeyStoreValid()) {
aTab.addChild(error(SMPKeyManager.getInitializationError()));
} else {
// Successfully loaded private key
final SMPKeyManager aKeyMgr = SMPKeyManager.getInstance();
final KeyStore aKeyStore = aKeyMgr.getKeyStore();
if (aKeyStore != null) {
try {
int nKeyEntries = 0;
for (final String sAlias : CollectionHelper.newList(aKeyStore.aliases())) {
if (aKeyStore.isKeyEntry(sAlias))
nKeyEntries++;
}
if (nKeyEntries == 0)
aTab.addChild(error("Found no private key entry in the configured key store."));
else if (nKeyEntries > 1)
aTab.addChild(warn("The configured key store contains " + nKeyEntries + " key entries. It is highly recommended to have only the SMP key in the key store to avoid issues with the SML communication."));
} catch (final GeneralSecurityException ex) {
aTab.addChild(error("Error iterating key store.").addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
}
}
final PrivateKeyEntry aKeyEntry = aKeyMgr.getPrivateKeyEntry();
if (aKeyEntry != null) {
final Certificate[] aChain = aKeyEntry.getCertificateChain();
// Key store path and password are fine
aTab.addChild(success(div("Keystore is located at '" + SMPServerConfiguration.getKeyStorePath() + "' and was successfully loaded.")).addChild(div("The private key with the alias '" + SMPServerConfiguration.getKeyStoreKeyAlias() + "' was successfully loaded.")));
if (aChain.length > 0 && aChain[0] instanceof X509Certificate) {
final X509Certificate aHead = (X509Certificate) aChain[0];
final String sIssuer = aHead.getIssuerX500Principal().getName();
final EPredefinedCert eCert = EPredefinedCert.getFromIssuerOrNull(sIssuer);
if (eCert != null) {
if (eCert.isDeprecated())
aTab.addChild(warn("You are currently using a ").addChild(strong("deprecated")).addChild(" " + eCert.getName() + " certificate!"));
else
aTab.addChild(info("You are currently using a " + eCert.getName() + " certificate!"));
if (aChain.length != eCert.getCertificateTreeLength())
aTab.addChild(error("The private key should be a chain of " + eCert.getCertificateTreeLength() + " certificates but it has " + aChain.length + " certificates. Please ensure that the respective root certificates are contained correctly!"));
}
// else: we don't care
}
final String sAlias = SMPServerConfiguration.getKeyStoreKeyAlias();
final HCOL aOL = new HCOL();
for (final Certificate aCert : aChain) {
if (aCert instanceof X509Certificate) {
final X509Certificate aX509Cert = (X509Certificate) aCert;
final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
aOL.addItem(aCertDetails);
} else
aOL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
}
aTab.addChild(aOL);
}
}
aTabBox.addTab("keystore", "Keystore", aTab);
}
// SMP Trust store
{
final HCNodeList aTab = new HCNodeList();
if (!SMPTrustManager.isTrustStoreValid()) {
aTab.addChild(warn(SMPTrustManager.getInitializationError()));
} else {
// Successfully loaded trust store
final SMPTrustManager aTrustMgr = SMPTrustManager.getInstance();
final KeyStore aTrustStore = aTrustMgr.getTrustStore();
// Trust store path and password are fine
aTab.addChild(success(div("Truststore is located at '" + SMPServerConfiguration.getTrustStorePath() + "' and was successfully loaded.")));
final HCOL aOL = new HCOL();
try {
for (final String sAlias : CollectionHelper.newList(aTrustStore.aliases())) {
final Certificate aCert = aTrustStore.getCertificate(sAlias);
if (aCert instanceof X509Certificate) {
final X509Certificate aX509Cert = (X509Certificate) aCert;
final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
aOL.addItem(aCertDetails);
} else
aOL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
}
} catch (final GeneralSecurityException ex) {
aOL.addItem(error("Error iterating trust store.").addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
}
aTab.addChild(aOL);
}
aTabBox.addTab("truststore", "Truststore", aTab);
}
// Peppol Directory client certificate
if (SMPMetaManager.getSettings().isDirectoryIntegrationEnabled()) {
// Directory client keystore
{
final HCNodeList aTab = new HCNodeList();
final LoadedKeyStore aKeyStoreLR = PDClientConfiguration.loadKeyStore();
if (aKeyStoreLR.isFailure()) {
aTab.addChild(error(PeppolKeyStoreHelper.getLoadError(aKeyStoreLR)));
} else {
final String sKeyStorePath = PDClientConfiguration.getKeyStorePath();
final LoadedKey<KeyStore.PrivateKeyEntry> aKeyLoading = PDClientConfiguration.loadPrivateKey(aKeyStoreLR.getKeyStore());
if (aKeyLoading.isFailure()) {
aTab.addChild(success(div("Keystore is located at '" + sKeyStorePath + "' and was successfully loaded.")));
aTab.addChild(error(PeppolKeyStoreHelper.getLoadError(aKeyLoading)));
} else {
// Successfully loaded private key
final String sAlias = PDClientConfiguration.getKeyStoreKeyAlias();
final PrivateKeyEntry aKeyEntry = aKeyLoading.getKeyEntry();
final Certificate[] aChain = aKeyEntry.getCertificateChain();
// Key store path and password are fine
aTab.addChild(success(div("Keystore is located at '" + sKeyStorePath + "' and was successfully loaded.")).addChild(div("The private key with the alias '" + sAlias + "' was successfully loaded.")));
if (aChain.length > 0 && aChain[0] instanceof X509Certificate) {
final X509Certificate aHead = (X509Certificate) aChain[0];
final String sIssuer = aHead.getIssuerX500Principal().getName();
final EPredefinedCert eCert = EPredefinedCert.getFromIssuerOrNull(sIssuer);
if (eCert != null) {
if (eCert.isDeprecated()) {
aTab.addChild(warn("You are currently using a ").addChild(strong("deprecated")).addChild(" " + eCert.getName() + " certificate!"));
} else
aTab.addChild(info("You are currently using a " + eCert.getName() + " certificate!"));
if (aChain.length != eCert.getCertificateTreeLength())
aTab.addChild(error("The private key should be a chain of " + eCert.getCertificateTreeLength() + " certificates but it has " + aChain.length + " certificates. Please ensure that the respective root certificates are contained!"));
}
// else: we don't care
}
final HCOL aUL = new HCOL();
for (final Certificate aCert : aChain) {
if (aCert instanceof X509Certificate) {
final X509Certificate aX509Cert = (X509Certificate) aCert;
final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
aUL.addItem(aCertDetails);
} else
aUL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
}
aTab.addChild(aUL);
}
}
aTabBox.addTab("pdkeystore", sDirectoryName + " Keystore", aTab);
}
// Directory client truststore
{
final HCNodeList aTab = new HCNodeList();
final LoadedKeyStore aTrustStoreLR = PDClientConfiguration.loadTrustStore();
if (aTrustStoreLR.isFailure()) {
aTab.addChild(error(PeppolKeyStoreHelper.getLoadError(aTrustStoreLR)));
} else {
// Successfully loaded trust store
final String sTrustStorePath = PDClientConfiguration.getTrustStorePath();
final KeyStore aTrustStore = aTrustStoreLR.getKeyStore();
// Trust store path and password are fine
aTab.addChild(success(div("Truststore is located at '" + sTrustStorePath + "' and was successfully loaded.")));
final HCOL aOL = new HCOL();
try {
for (final String sAlias : CollectionHelper.newList(aTrustStore.aliases())) {
final Certificate aCert = aTrustStore.getCertificate(sAlias);
if (aCert instanceof X509Certificate) {
final X509Certificate aX509Cert = (X509Certificate) aCert;
final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
aOL.addItem(aCertDetails);
} else
aOL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
}
} catch (final GeneralSecurityException ex) {
aOL.addItem(error("Error iterating trust store.").addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
}
aTab.addChild(aOL);
}
aTabBox.addTab("pdtruststore", sDirectoryName + " Truststore", aTab);
}
}
}
Also used :
Locale(java.util.Locale)
LocalDateTime(java.time.LocalDateTime)
HCNodeList(com.helger.html.hc.impl.HCNodeList)
GeneralSecurityException(java.security.GeneralSecurityException)
LoadedKey(com.helger.security.keystore.LoadedKey)
BootstrapTabBox(com.helger.photon.bootstrap4.nav.BootstrapTabBox)
LoadedKeyStore(com.helger.security.keystore.LoadedKeyStore)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
SMPTrustManager(com.helger.phoss.smp.security.SMPTrustManager)
SMPKeyManager(com.helger.phoss.smp.security.SMPKeyManager)
BootstrapTable(com.helger.photon.bootstrap4.table.BootstrapTable)
ZonedDateTime(java.time.ZonedDateTime)
LoadedKeyStore(com.helger.security.keystore.LoadedKeyStore)
HCOL(com.helger.html.hc.html.grouping.HCOL)
BootstrapButton(com.helger.photon.bootstrap4.button.BootstrapButton)
BootstrapButtonToolbar(com.helger.photon.bootstrap4.buttongroup.BootstrapButtonToolbar)
PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
HCOL (com.helger.html.hc.html.grouping.HCOL)1
HCNodeList (com.helger.html.hc.impl.HCNodeList)1
SMPKeyManager (com.helger.phoss.smp.security.SMPKeyManager)1
SMPTrustManager (com.helger.phoss.smp.security.SMPTrustManager)1
BootstrapButton (com.helger.photon.bootstrap4.button.BootstrapButton)1
BootstrapButtonToolbar (com.helger.photon.bootstrap4.buttongroup.BootstrapButtonToolbar)1
BootstrapTabBox (com.helger.photon.bootstrap4.nav.BootstrapTabBox)1
BootstrapTable (com.helger.photon.bootstrap4.table.BootstrapTable)1
LoadedKey (com.helger.security.keystore.LoadedKey)1
LoadedKeyStore (com.helger.security.keystore.LoadedKeyStore)1
GeneralSecurityException (java.security.GeneralSecurityException)1
KeyStore (java.security.KeyStore)1
PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)1
Certificate (java.security.cert.Certificate)1
X509Certificate (java.security.cert.X509Certificate)1
LocalDateTime (java.time.LocalDateTime)1
ZonedDateTime (java.time.ZonedDateTime)1
Locale (java.util.Locale)1
