diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2019-11-28 09:24:08 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2019-11-28 09:24:08 +0100 |
commit | 34c69761dc8653ac8dbaf426880a3d3737fde0ae (patch) | |
tree | cbbc03cab9edddcdb91bd249e548cb0103082f6c /eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java | |
parent | d19b97c97b0d333bcdb885516b0e0f90d28bfa41 (diff) | |
download | EAAF-Components-34c69761dc8653ac8dbaf426880a3d3737fde0ae.tar.gz EAAF-Components-34c69761dc8653ac8dbaf426880a3d3737fde0ae.tar.bz2 EAAF-Components-34c69761dc8653ac8dbaf426880a3d3737fde0ae.zip |
refactor MOA-Sig initialization to treat with initialization problems on some system
Diffstat (limited to 'eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java')
-rw-r--r-- | eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java new file mode 100644 index 00000000..b287357c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java @@ -0,0 +1,108 @@ +package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; + +import java.io.IOException; +import java.io.InputStream; +import java.security.Provider; +import java.security.Security; +import java.util.Iterator; +import java.util.Map.Entry; + +import javax.annotation.PostConstruct; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ISchemaRessourceProvider; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import at.gv.egovernment.moaspss.util.DOMUtils; +import iaik.asn1.structures.AlgorithmID; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +public class MoaSigInitializer { + private static final Logger log = LoggerFactory.getLogger(MoaSigInitializer.class); + + @Autowired(required=false) ISchemaRessourceProvider[] schemas; + + @PostConstruct + private synchronized void initialize() throws MOASigServiceConfigurationException { + log.info("Initializing MOA-Sig signature-verification service ... "); + + log.info("Loading Java security providers."); + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + log.debug("MOA-Sig library initialization process ... "); + Configurator.getInstance().init(); + log.info("MOA-Sig library initialization complete "); + + } catch (final MOAException e) { + log.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new MOASigServiceConfigurationException("service.moasig.04", new Object[] { e + .toString() }, e); + } + + Security.insertProviderAt(IAIK.getInstance(), 0); + + final ECCelerate eccProvider = ECCelerate.getInstance(); + if (Security.getProvider(eccProvider.getName()) != null) + Security.removeProvider(eccProvider.getName()); + Security.addProvider(new ECCelerate()); + + fixJava8_141ProblemWithSSLAlgorithms(); + + if (log.isDebugEnabled()) { + log.debug("Loaded Security Provider:"); + final Provider[] providerList = Security.getProviders(); + for (int i=0; i<providerList.length; i++) + log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); + + } + + + //Inject additional XML schemes + if (schemas != null && schemas.length > 0) { + log.debug("Infjecting additional XML schemes ... "); + for (final ISchemaRessourceProvider el : schemas) { + final Iterator<Entry<String, InputStream>> xmlSchemeIt = el.getSchemas().entrySet().iterator(); + while (xmlSchemeIt.hasNext()) { + final Entry<String, InputStream> xmlDef = xmlSchemeIt.next(); + try { + DOMUtils.addSchemaToPool(xmlDef.getValue(), xmlDef.getKey()); + log.info("Inject XML scheme: {}", xmlDef.getKey()); + + } catch (final IOException e) { + log.warn("Can NOT inject XML scheme: " + xmlDef.getKey(), e); + + } + + } + } + } + } + + private static void fixJava8_141ProblemWithSSLAlgorithms() { + log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); + //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", + new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + + log.info("Change AlgorithmIDs finished"); + } +} |