Merge branch 'release/v0.3.1'

.gitignore

@@ -42,6 +42,7 @@ dist/
 nbdist/
 nbactions.xml
 .nb-gradle/
+/nbproject/
 
 
 ### Eclipse ###

CHANGELOG

@@ -1,5 +1,16 @@
 # KeyServer Change Log
 
+v0.3.1
+-------------------------------------------------------------------------------- 
+Features:
+  - Impoved Redis connection security.
+  - Auto remove a Private Key from Redis database before a specific date.
+
+Bug fixes:
+  - SKI protocol draft-cairns-tls-session-key-interface-01 compliance.
+  - Data base connection lost not detected. 
+
+
 v0.3.0
 -------------------------------------------------------------------------------- 
 Features:
@@ -11,7 +22,7 @@ Features:
 Bug fixes:
   - HTTPS certificate expiration date control.
 
-  
+
 v0.2.3
 -------------------------------------------------------------------------------- 
 Features:
@@ -20,8 +31,8 @@ Features:
   - Support more cipher suites on https server.
   - KeyServer Configuration more parametric.
   - Include KeyServer Private Key provider tool.
-  
-  
+
+
 v0.1.3
 -------------------------------------------------------------------------------- 
 Features:

README.md

@@ -6,7 +6,7 @@ Repository branch build status:
 |:---:|:---:|
 | [![Build Status](https://travis-ci.org/mami-project/KeyServer.svg?branch=master)](https://travis-ci.org/mami-project/KeyServer) | [![Build Status](https://travis-ci.org/mami-project/KeyServer.svg?branch=develop)](https://travis-ci.org/mami-project/KeyServer) |
 
-This software is a Key Server that implements the TLS Session Key Interface (SKI) defined in  [draft-cairns-tls-session-key-interface-00](https://tools.ietf.org/html/draft-cairns-tls-session-key-interface-00 "Session Key Interface (SKI) for TLS and DTLS").
+This software is a Key Server that implements the TLS Session Key Interface (SKI) defined in  [draft-cairns-tls-session-key-interface-01](https://tools.ietf.org/html/draft-cairns-tls-session-key-interface-01 "Session Key Interface (SKI) for TLS and DTLS").
 
 The Heartbleed attack illustrated the security problems with storing private keys in the memory of the TLS server. The TLS Session Key Interface (SKI) defined the mentioned document makes it possible to store private keys in a highly trusted key server, physically separated from client facing servers. The TLS server is split into two distinct entities called
  Edge Server and Key Server that communicate over an encrypted and mutually authenticated channel using e.g.  TLS. This software implements the Key Server entity. 

pom.xml

@@ -4,7 +4,7 @@
     <!-- The Basics -->
     <groupId>es.tid.keyserver</groupId>
     <artifactId>KeyServer</artifactId>
-    <version>v0.3.0</version>
+    <version>v0.3.1</version>
     <packaging>jar</packaging>
     <prerequisites>
         <maven>3.0</maven>

src/main/java/es/tid/keyserver/config/ConfigController.java

@@ -34,7 +34,7 @@ public class ConfigController implements CheckObject{
     /**
      * Logging object.
      */
-    private static org.slf4j.Logger logger;
+    private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(ConfigController.class);
     /**
      * Maven project data object.
      */
@@ -55,7 +55,6 @@ public class ConfigController implements CheckObject{
      * @since v0.3.0
      */
     public ConfigController(String mvnFileRoute, String ksFileRoute, String [] ksRequiredFields) {
-        logger = LoggerFactory.getLogger(ConfigController.class);
         // Instantiation of configuration objects.
         mavenData = new Maven(mvnFileRoute);
         keyserverConfig = new ConfigFile(ksFileRoute, ksRequiredFields); 
@@ -114,11 +113,11 @@ public InetAddress getServerAddress(){
             return InetAddress.getByName(address);
         } catch (UnknownHostException ex) {
             // Error level.
-            logger.error("Unknown Host Exception with the server IP addres: {}", address);
+            LOGGER.error("Unknown Host Exception with the server IP addres: {}", address);
             // Trace level.
             StringWriter errors = new StringWriter();
             ex.printStackTrace(new PrintWriter(errors));
-            logger.trace(errors.toString());
+            LOGGER.trace(errors.toString());
             return null;
         }
     }
@@ -135,7 +134,7 @@ public int getServerPort(){
             return Integer.parseInt(port);
         } else {
             // Error level.
-            logger.error("Not valid HTTPS port specified for the KeyServer: {}", port);
+            LOGGER.error("Not valid HTTPS port specified for the KeyServer: {}", port);
             return -1;
         }
     }
@@ -193,7 +192,7 @@ public int getServerBacklog(){
             return Integer.parseInt(backlog);
         } else {
             // Error level.
-            logger.error("Not valid Backlog parammeter specified on KeyServer config file: {}", backlog);
+            LOGGER.error("Not valid Backlog parammeter specified on KeyServer config file: {}", backlog);
             return -1;
         }
     }
@@ -281,11 +280,11 @@ public InetAddress getDbAddress(){
             return InetAddress.getByName(address);
         } catch (UnknownHostException ex) {
             // Error level.
-            logger.error("Unnknown Host Exception with Redis Dtabase IP address: {}", address);
+            LOGGER.error("Unnknown Host Exception with Redis Dtabase IP address: {}", address);
             // Trace level.
             StringWriter errors = new StringWriter();
             ex.printStackTrace(new PrintWriter(errors));
-            logger.trace(errors.toString());
+            LOGGER.trace(errors.toString());
             return null;
         }
     }
@@ -302,11 +301,28 @@ public int getDbPort(){
             return Integer.parseInt(port);
         } else {
             // Error level.
-            logger.error("Not valid port specified for the Redis Database: {}", port);
+            LOGGER.error("Not valid port specified for the Redis Database: {}", port);
             return -1;
         }
     }
 
+    /**
+     * This method is used to get Redis Database password.
+     * @return Integer with the Redis Database password. If the field is not present,
+     * returns `null`.
+     * @since v0.3.1
+     */
+    public String getDbPassword(){
+        String password = this.keyserverConfig.getDbPassword();
+        if(password != null){
+            return password;
+        } else {
+            // Error level.
+            LOGGER.error("Not valid password specified for the Redis Database: {}", password);
+            return null;
+        }
+    }
+
     /**
      * This method is used to get the IP whitelist file name for KeyServer 
      * access control.

src/main/java/es/tid/keyserver/config/admin/package-info.java

@@ -1,6 +1,6 @@
 /**
  * This package contains the code to administration and alerts configurations.
  * @author <a href="mailto:[email protected]">Javier Gusano Martinez</a>
- * @since TODO Set the since version value for this package
+ * @since v0.3.1
  */
 package es.tid.keyserver.config.admin;

src/main/java/es/tid/keyserver/config/keyserver/ConfigFile.java

@@ -35,7 +35,7 @@ public class ConfigFile implements CheckObject{
     /**
      * Logging object.
      */
-    private static org.slf4j.Logger logger;
+    private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(ConfigFile.class);
     /**
      * Property object with configuration parameters.
      */
@@ -53,15 +53,14 @@ public class ConfigFile implements CheckObject{
      * @since v0.1.0
      */
     public ConfigFile(String fileRoute, String [] requiredFields){
-    	logger = LoggerFactory.getLogger(ConfigFile.class);
         File propertiesFile = new File(fileRoute);
         String fileLocation;
         if((propertiesFile.exists() && propertiesFile.canRead())){
             fileLocation = fileRoute;
         } else {
-            logger.warn("Can't access to the specified config file or "
+            LOGGER.warn("Can't access to the specified config file or "
                     + "doesn't exists: {}", fileRoute);
-            logger.info("New config file on default location...");
+            LOGGER.info("New config file on default location...");
             fileLocation = "general.properties";
             if(!newDefaultProperties(fileLocation)){
                 // If the default properties file can't be created correctly,
@@ -78,11 +77,11 @@ public ConfigFile(String fileRoute, String [] requiredFields){
         } catch (IOException ex) {
             initStatus = false;
             // Error level.
-            logger.error("Can't load the KeyServer configuration file: {}", fileRoute);
+            LOGGER.error("Can't load the KeyServer configuration file: {}", fileRoute);
             // Trace level.
             StringWriter errors = new StringWriter();
             ex.printStackTrace(new PrintWriter(errors));
-            logger.trace(errors.toString());
+            LOGGER.trace(errors.toString());
         }
     }
 
@@ -257,6 +256,16 @@ public String getDbPort(){
         return this.getParameter("dbPort");
     }
 
+    /**
+     * This method is used to get Redis Database password.
+     * @return String with the Redis Database Password. If the field is not
+     * present, returns 'null'.
+     * @since v0.3.1
+     */
+    public String getDbPassword(){
+        return this.getParameter("dbPassword");
+    }
+
     /**
      * This method is used to get the IP whitelist file name for KeyServer 
      * access control.
@@ -292,26 +301,27 @@ private boolean newDefaultProperties(String fileLocation) {
             defaultParameters.setProperty("serverKeyStore", "JKS");
             defaultParameters.setProperty("dbAddress","127.0.0.1");
             defaultParameters.setProperty("dbPort", "6379");
+            defaultParameters.setProperty("dbPassword", "foobared"); // Default password for Redis config file.
             defaultParameters.setProperty("whiteList", "IP_whitelist.txt");
             // Save parameters on file
             defaultParameters.store(newConfigFile, null);
             // Close configuration file.
             newConfigFile.close();
         } catch (FileNotFoundException ex) {
             // Error level.
-            logger.error("Can't create a new config file with default parameters. File not found.");
+            LOGGER.error("Can't create a new config file with default parameters. File not found.");
             // Trace level.
             StringWriter errors = new StringWriter();
             ex.printStackTrace(new PrintWriter(errors));
-            logger.trace(errors.toString());
+            LOGGER.trace(errors.toString());
             return false;
         } catch (IOException ex) {
             // Error level.
-            logger.error("Can't create a new config file with default parameters. IO exception.");
+            LOGGER.error("Can't create a new config file with default parameters. IO exception.");
             // Trace level.
             StringWriter errors = new StringWriter();
             ex.printStackTrace(new PrintWriter(errors));
-            logger.trace(errors.toString());
+            LOGGER.trace(errors.toString());
             return false;
         }
         return true;
@@ -327,7 +337,7 @@ private boolean checkFieldsPresent(String [] fields){
         for (String field : fields) {
             if (!configFile.containsKey(field)) {
             	// Error level.
-                logger.error("A neccessary configuration field is not present. Please "
+                LOGGER.error("A neccessary configuration field is not present. Please "
                 		+ "set this field : {}  on KeyServer configuration file.", field);
                 return false;
             }

src/main/java/es/tid/keyserver/config/maven/Maven.java

@@ -37,7 +37,7 @@ public class Maven implements CheckObject{
     /**
      * Logging object.
      */
-    private static org.slf4j.Logger logger;
+    private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(Maven.class);
     /**
      * Current object initialization flag
      */
@@ -50,7 +50,6 @@ public class Maven implements CheckObject{
      * @since v0.3.0
      */
     public Maven(String fileName){
-        logger = LoggerFactory.getLogger(Maven.class);
         InputStream resourceAsStream = this.getClass().getResourceAsStream(fileName);
         prop = new Properties();
         try {
@@ -59,13 +58,13 @@ public Maven(String fileName){
         } catch (IOException ex) {
             initStatus = false;
             // Error level.
-            logger.error("The current config file: " + fileName + " can't be loaded correctly.");
+            LOGGER.error("The current config file: " + fileName + " can't be loaded correctly.");
             // Debug level.
             StringWriter errors = new StringWriter();
             ex.printStackTrace(new PrintWriter(errors));
-            logger.trace(errors.toString());
+            LOGGER.trace(errors.toString());
         }
-        logger.debug("Maven config file: " + fileName + " correctly loaded.");
+        LOGGER.debug("Maven config file: " + fileName + " correctly loaded.");
         initStatus = true;
     }