From ed67667ea4e069fb1c19708788ff82c7455a7e99 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 3 Nov 2020 17:20:21 +0100
Subject: Initialize IAIK-MOA on any request, because there is an open unknown
 issue with signature-verification and lost configuration states

---
 .../core/impl/credential/EaafKeyStoreFactory.java  | 14 +++++-----
 .../moasig/impl/AbstractSignatureService.java      | 31 +++++++++++++++++-----
 2 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 955648c6..1c6e6e76 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -27,6 +27,11 @@ import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.spec.PBEKeySpec;
 
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -37,12 +42,6 @@ import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricK
 import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
 import lombok.extern.slf4j.Slf4j;
 
 @Slf4j
@@ -246,7 +245,8 @@ public class EaafKeyStoreFactory {
             clientUsername, clientPassword, hsmFacadeHost, port);
 
         if (rawProvider instanceof Provider) {
-          Security.insertProviderAt((Provider) rawProvider, 0);
+          Security.addProvider((Provider) rawProvider);
+          
           isHsmFacadeInitialized = true;
           log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
               EaafKeyStoreFactory.class.getSimpleName());
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
index 11881cbf..37d80337 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
@@ -1,20 +1,24 @@
 package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;
 
+import java.security.Provider;
+import java.security.Security;
+
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.w3c.dom.Document;
+
 import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.w3c.dom.Document;
-
 public abstract class AbstractSignatureService {
   private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);
 
@@ -54,16 +58,31 @@ public abstract class AbstractSignatureService {
 
     }
 
+    //set Logging context into MOA-Sig
     if (logMgr.getLoggingContext() == null) {
       final LoggingContext ctx = new LoggingContext(transactionID);
       logMgr.setLoggingContext(ctx);
 
     }
 
-    //new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig());
+    //dump Java Security-Providers
+    if (log.isTraceEnabled()) {
+      dumpSecProviders("MOA-Sig Context-SetUp");
+
+    }
+
+    new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig());
 
   }
 
+  private static void dumpSecProviders(String message) {
+    log.trace("Security Providers: {}", message);
+    for (final Provider provider : Security.getProviders()) {
+      log.trace("  - {} - {}", provider.getName(), provider.getVersion());
+
+    }
+  }
+
   /**
    * Tear down thread-local context information.
    */
-- 
cgit v1.2.3