Search in sources :

Example 1 with SMPTrustManager

use of com.helger.phoss.smp.security.SMPTrustManager in project phoss-smp by phax.

the class PageSecureCertificateInformation method fillContent.

@Override
protected void fillContent(@Nonnull final WebPageExecutionContext aWPEC) {
    final HCNodeList aNodeList = aWPEC.getNodeList();
    final Locale aDisplayLocale = aWPEC.getDisplayLocale();
    final ZonedDateTime aNowZDT = PDTFactory.getCurrentZonedDateTime();
    final LocalDateTime aNowLDT = aNowZDT.toLocalDateTime();
    final String sDirectoryName = SMPWebAppConfiguration.getDirectoryName();
    if (aWPEC.hasAction(ACTION_RELOAD_KEYSTORE)) {
        SMPKeyManager.reloadFromConfiguration();
        aWPEC.postRedirectGetInternal(info("The keystore was updated from the configuration at " + DateTimeFormatter.ISO_DATE_TIME.format(aNowZDT) + ". The changes are reflected below."));
    } else if (aWPEC.hasAction(ACTION_RELOAD_TRUSTSTORE)) {
        SMPTrustManager.reloadFromConfiguration();
        aWPEC.postRedirectGetInternal(info("The truststore was updated from the configuration at " + DateTimeFormatter.ISO_DATE_TIME.format(aNowZDT) + ". The changes are reflected below."));
    } else if (aWPEC.hasAction(ACTION_RELOAD_DIRECTORY_CONFIGURATION)) {
        PDClientConfiguration.reloadConfiguration();
        aWPEC.postRedirectGetInternal(info("The " + sDirectoryName + " configuration was reloaded at " + DateTimeFormatter.ISO_DATE_TIME.format(aNowZDT) + ". The changes are reflected below."));
    }
    {
        final BootstrapButtonToolbar aToolbar = new BootstrapButtonToolbar(aWPEC);
        aToolbar.addChild(new BootstrapButton().addChild("Reload keystore").setIcon(EDefaultIcon.REFRESH).setOnClick(aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, ACTION_RELOAD_KEYSTORE)));
        aToolbar.addChild(new BootstrapButton().addChild("Reload truststore").setIcon(EDefaultIcon.REFRESH).setOnClick(aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, ACTION_RELOAD_TRUSTSTORE)));
        if (SMPMetaManager.getSettings().isDirectoryIntegrationEnabled()) {
            aToolbar.addChild(new BootstrapButton().addChild("Reload " + sDirectoryName + " configuration").setIcon(EDefaultIcon.REFRESH).setOnClick(aWPEC.getSelfHref().add(CPageParam.PARAM_ACTION, ACTION_RELOAD_DIRECTORY_CONFIGURATION)));
        }
        aNodeList.addChild(aToolbar);
    }
    final BootstrapTabBox aTabBox = aNodeList.addAndReturnChild(new BootstrapTabBox());
    // SMP Key store
    {
        final HCNodeList aTab = new HCNodeList();
        if (!SMPKeyManager.isKeyStoreValid()) {
            aTab.addChild(error(SMPKeyManager.getInitializationError()));
        } else {
            // Successfully loaded private key
            final SMPKeyManager aKeyMgr = SMPKeyManager.getInstance();
            final KeyStore aKeyStore = aKeyMgr.getKeyStore();
            if (aKeyStore != null) {
                try {
                    int nKeyEntries = 0;
                    for (final String sAlias : CollectionHelper.newList(aKeyStore.aliases())) {
                        if (aKeyStore.isKeyEntry(sAlias))
                            nKeyEntries++;
                    }
                    if (nKeyEntries == 0)
                        aTab.addChild(error("Found no private key entry in the configured key store."));
                    else if (nKeyEntries > 1)
                        aTab.addChild(warn("The configured key store contains " + nKeyEntries + " key entries. It is highly recommended to have only the SMP key in the key store to avoid issues with the SML communication."));
                } catch (final GeneralSecurityException ex) {
                    aTab.addChild(error("Error iterating key store.").addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
                }
            }
            final PrivateKeyEntry aKeyEntry = aKeyMgr.getPrivateKeyEntry();
            if (aKeyEntry != null) {
                final Certificate[] aChain = aKeyEntry.getCertificateChain();
                // Key store path and password are fine
                aTab.addChild(success(div("Keystore is located at '" + SMPServerConfiguration.getKeyStorePath() + "' and was successfully loaded.")).addChild(div("The private key with the alias '" + SMPServerConfiguration.getKeyStoreKeyAlias() + "' was successfully loaded.")));
                if (aChain.length > 0 && aChain[0] instanceof X509Certificate) {
                    final X509Certificate aHead = (X509Certificate) aChain[0];
                    final String sIssuer = aHead.getIssuerX500Principal().getName();
                    final EPredefinedCert eCert = EPredefinedCert.getFromIssuerOrNull(sIssuer);
                    if (eCert != null) {
                        if (eCert.isDeprecated())
                            aTab.addChild(warn("You are currently using a ").addChild(strong("deprecated")).addChild(" " + eCert.getName() + " certificate!"));
                        else
                            aTab.addChild(info("You are currently using a " + eCert.getName() + " certificate!"));
                        if (aChain.length != eCert.getCertificateTreeLength())
                            aTab.addChild(error("The private key should be a chain of " + eCert.getCertificateTreeLength() + " certificates but it has " + aChain.length + " certificates. Please ensure that the respective root certificates are contained correctly!"));
                    }
                // else: we don't care
                }
                final String sAlias = SMPServerConfiguration.getKeyStoreKeyAlias();
                final HCOL aOL = new HCOL();
                for (final Certificate aCert : aChain) {
                    if (aCert instanceof X509Certificate) {
                        final X509Certificate aX509Cert = (X509Certificate) aCert;
                        final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
                        aOL.addItem(aCertDetails);
                    } else
                        aOL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
                }
                aTab.addChild(aOL);
            }
        }
        aTabBox.addTab("keystore", "Keystore", aTab);
    }
    // SMP Trust store
    {
        final HCNodeList aTab = new HCNodeList();
        if (!SMPTrustManager.isTrustStoreValid()) {
            aTab.addChild(warn(SMPTrustManager.getInitializationError()));
        } else {
            // Successfully loaded trust store
            final SMPTrustManager aTrustMgr = SMPTrustManager.getInstance();
            final KeyStore aTrustStore = aTrustMgr.getTrustStore();
            // Trust store path and password are fine
            aTab.addChild(success(div("Truststore is located at '" + SMPServerConfiguration.getTrustStorePath() + "' and was successfully loaded.")));
            final HCOL aOL = new HCOL();
            try {
                for (final String sAlias : CollectionHelper.newList(aTrustStore.aliases())) {
                    final Certificate aCert = aTrustStore.getCertificate(sAlias);
                    if (aCert instanceof X509Certificate) {
                        final X509Certificate aX509Cert = (X509Certificate) aCert;
                        final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
                        aOL.addItem(aCertDetails);
                    } else
                        aOL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
                }
            } catch (final GeneralSecurityException ex) {
                aOL.addItem(error("Error iterating trust store.").addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
            }
            aTab.addChild(aOL);
        }
        aTabBox.addTab("truststore", "Truststore", aTab);
    }
    // Peppol Directory client certificate
    if (SMPMetaManager.getSettings().isDirectoryIntegrationEnabled()) {
        // Directory client keystore
        {
            final HCNodeList aTab = new HCNodeList();
            final LoadedKeyStore aKeyStoreLR = PDClientConfiguration.loadKeyStore();
            if (aKeyStoreLR.isFailure()) {
                aTab.addChild(error(PeppolKeyStoreHelper.getLoadError(aKeyStoreLR)));
            } else {
                final String sKeyStorePath = PDClientConfiguration.getKeyStorePath();
                final LoadedKey<KeyStore.PrivateKeyEntry> aKeyLoading = PDClientConfiguration.loadPrivateKey(aKeyStoreLR.getKeyStore());
                if (aKeyLoading.isFailure()) {
                    aTab.addChild(success(div("Keystore is located at '" + sKeyStorePath + "' and was successfully loaded.")));
                    aTab.addChild(error(PeppolKeyStoreHelper.getLoadError(aKeyLoading)));
                } else {
                    // Successfully loaded private key
                    final String sAlias = PDClientConfiguration.getKeyStoreKeyAlias();
                    final PrivateKeyEntry aKeyEntry = aKeyLoading.getKeyEntry();
                    final Certificate[] aChain = aKeyEntry.getCertificateChain();
                    // Key store path and password are fine
                    aTab.addChild(success(div("Keystore is located at '" + sKeyStorePath + "' and was successfully loaded.")).addChild(div("The private key with the alias '" + sAlias + "' was successfully loaded.")));
                    if (aChain.length > 0 && aChain[0] instanceof X509Certificate) {
                        final X509Certificate aHead = (X509Certificate) aChain[0];
                        final String sIssuer = aHead.getIssuerX500Principal().getName();
                        final EPredefinedCert eCert = EPredefinedCert.getFromIssuerOrNull(sIssuer);
                        if (eCert != null) {
                            if (eCert.isDeprecated()) {
                                aTab.addChild(warn("You are currently using a ").addChild(strong("deprecated")).addChild(" " + eCert.getName() + " certificate!"));
                            } else
                                aTab.addChild(info("You are currently using a " + eCert.getName() + " certificate!"));
                            if (aChain.length != eCert.getCertificateTreeLength())
                                aTab.addChild(error("The private key should be a chain of " + eCert.getCertificateTreeLength() + " certificates but it has " + aChain.length + " certificates. Please ensure that the respective root certificates are contained!"));
                        }
                    // else: we don't care
                    }
                    final HCOL aUL = new HCOL();
                    for (final Certificate aCert : aChain) {
                        if (aCert instanceof X509Certificate) {
                            final X509Certificate aX509Cert = (X509Certificate) aCert;
                            final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
                            aUL.addItem(aCertDetails);
                        } else
                            aUL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
                    }
                    aTab.addChild(aUL);
                }
            }
            aTabBox.addTab("pdkeystore", sDirectoryName + " Keystore", aTab);
        }
        // Directory client truststore
        {
            final HCNodeList aTab = new HCNodeList();
            final LoadedKeyStore aTrustStoreLR = PDClientConfiguration.loadTrustStore();
            if (aTrustStoreLR.isFailure()) {
                aTab.addChild(error(PeppolKeyStoreHelper.getLoadError(aTrustStoreLR)));
            } else {
                // Successfully loaded trust store
                final String sTrustStorePath = PDClientConfiguration.getTrustStorePath();
                final KeyStore aTrustStore = aTrustStoreLR.getKeyStore();
                // Trust store path and password are fine
                aTab.addChild(success(div("Truststore is located at '" + sTrustStorePath + "' and was successfully loaded.")));
                final HCOL aOL = new HCOL();
                try {
                    for (final String sAlias : CollectionHelper.newList(aTrustStore.aliases())) {
                        final Certificate aCert = aTrustStore.getCertificate(sAlias);
                        if (aCert instanceof X509Certificate) {
                            final X509Certificate aX509Cert = (X509Certificate) aCert;
                            final BootstrapTable aCertDetails = SMPCommonUI.createCertificateDetailsTable(sAlias, aX509Cert, aNowLDT, aDisplayLocale);
                            aOL.addItem(aCertDetails);
                        } else
                            aOL.addItem("The certificate is not an X.509 certificate! It is internally a " + ClassHelper.getClassName(aCert));
                    }
                } catch (final GeneralSecurityException ex) {
                    aOL.addItem(error("Error iterating trust store.").addChild(SMPCommonUI.getTechnicalDetailsUI(ex)));
                }
                aTab.addChild(aOL);
            }
            aTabBox.addTab("pdtruststore", sDirectoryName + " Truststore", aTab);
        }
    }
}
Also used : Locale(java.util.Locale) LocalDateTime(java.time.LocalDateTime) HCNodeList(com.helger.html.hc.impl.HCNodeList) GeneralSecurityException(java.security.GeneralSecurityException) LoadedKey(com.helger.security.keystore.LoadedKey) BootstrapTabBox(com.helger.photon.bootstrap4.nav.BootstrapTabBox) LoadedKeyStore(com.helger.security.keystore.LoadedKeyStore) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) SMPTrustManager(com.helger.phoss.smp.security.SMPTrustManager) SMPKeyManager(com.helger.phoss.smp.security.SMPKeyManager) BootstrapTable(com.helger.photon.bootstrap4.table.BootstrapTable) ZonedDateTime(java.time.ZonedDateTime) LoadedKeyStore(com.helger.security.keystore.LoadedKeyStore) HCOL(com.helger.html.hc.html.grouping.HCOL) BootstrapButton(com.helger.photon.bootstrap4.button.BootstrapButton) BootstrapButtonToolbar(com.helger.photon.bootstrap4.buttongroup.BootstrapButtonToolbar) PrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

HCOL (com.helger.html.hc.html.grouping.HCOL)1 HCNodeList (com.helger.html.hc.impl.HCNodeList)1 SMPKeyManager (com.helger.phoss.smp.security.SMPKeyManager)1 SMPTrustManager (com.helger.phoss.smp.security.SMPTrustManager)1 BootstrapButton (com.helger.photon.bootstrap4.button.BootstrapButton)1 BootstrapButtonToolbar (com.helger.photon.bootstrap4.buttongroup.BootstrapButtonToolbar)1 BootstrapTabBox (com.helger.photon.bootstrap4.nav.BootstrapTabBox)1 BootstrapTable (com.helger.photon.bootstrap4.table.BootstrapTable)1 LoadedKey (com.helger.security.keystore.LoadedKey)1 LoadedKeyStore (com.helger.security.keystore.LoadedKeyStore)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyStore (java.security.KeyStore)1 PrivateKeyEntry (java.security.KeyStore.PrivateKeyEntry)1 Certificate (java.security.cert.Certificate)1 X509Certificate (java.security.cert.X509Certificate)1 LocalDateTime (java.time.LocalDateTime)1 ZonedDateTime (java.time.ZonedDateTime)1 Locale (java.util.Locale)1