diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-12-14 11:52:51 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-12-14 11:52:51 +0100 |
commit | b2332a3b55b1d5164f9764cb895185798b4fb4a2 (patch) | |
tree | a5892923f9ed269d41528eca11062a0c544a731a | |
parent | 987e73298941278ef77ef038eb97f9c91d48e4b9 (diff) | |
download | moa-id-spss-b2332a3b55b1d5164f9764cb895185798b4fb4a2.tar.gz moa-id-spss-b2332a3b55b1d5164f9764cb895185798b4fb4a2.tar.bz2 moa-id-spss-b2332a3b55b1d5164f9764cb895185798b4fb4a2.zip |
fix possible problem with IAIK provider
-rw-r--r-- | id/ConfigWebTool/pom.xml | 4 | ||||
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java | 59 | ||||
-rw-r--r-- | id/moa-id-webgui/pom.xml | 4 | ||||
-rw-r--r-- | id/oa/pom.xml | 4 | ||||
-rw-r--r-- | id/server/idserverlib/pom.xml | 4 | ||||
-rw-r--r-- | id/server/moa-id-commons/pom.xml | 4 |
6 files changed, 69 insertions, 10 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index fefc4fec5..90ec43a39 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -276,8 +276,8 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> - <source>1.7</source> - <target>1.7</target> + <source>1.8</source> + <target>1.8</target> </configuration> </plugin> diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 8eb4db4a2..2cce2ebab 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -33,9 +33,12 @@ import java.net.URL; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.Security; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; +import java.util.Optional; import java.util.Properties; import java.util.Timer; import java.util.jar.Attributes; @@ -54,6 +57,9 @@ import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; import org.springframework.context.support.GenericApplicationContext; +import com.google.common.collect.Streams; + +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; @@ -64,8 +70,10 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration; import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import iaik.asn1.structures.AlgorithmID; +import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; import lombok.extern.slf4j.Slf4j; @@ -174,6 +182,12 @@ public class ConfigurationProvider { log.info("Hibernate initialization finished."); + //check if IAIK provider is already loaded in first place + Optional<Pair<Long, Provider>> isIaikProviderLoaded = Streams.mapWithIndex( + Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str)) + .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName())) + .findAny(); + DefaultBootstrap.bootstrap(); log.info("OPENSAML initialized"); @@ -181,6 +195,17 @@ public class ConfigurationProvider { fixJava8_141ProblemWithSSLAlgorithms(); + //load a first place + checkSecuityProviderPosition(isIaikProviderLoaded); + + if (Logger.isDebugEnabled()) { + log.debug("Loaded Security Provider:"); + Provider[] providerList = Security.getProviders(); + for (int i=0; i<providerList.length; i++) + log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); + + } + log.info("MOA-ID-Configuration initialization completed"); } catch (final FileNotFoundException e) { @@ -198,6 +223,40 @@ public class ConfigurationProvider { } + private void checkSecuityProviderPosition(Optional<Pair<Long, Provider>> iaikProviderLoadedBefore) { + if (iaikProviderLoadedBefore.isPresent() && iaikProviderLoadedBefore.get().getFirst() == 0) { + Optional<Pair<Long, Provider>> iaikProviderLoadedNow = Streams.mapWithIndex( + Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str)) + .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName())) + .findAny(); + + if (iaikProviderLoadedNow.isPresent() && iaikProviderLoadedNow.get().getFirst() != + iaikProviderLoadedBefore.get().getFirst()) { + log.debug("IAIK Provider was loaded before on place: {}, but it's now on place: {}. Starting re-ordering ... ", + iaikProviderLoadedBefore.get().getFirst(), iaikProviderLoadedNow.get().getFirst()); + Security.removeProvider(IAIK.getInstance().getName()); + Security.insertProviderAt(IAIK.getInstance(), 0); + log.info("Re-ordering of Security Provider done."); + + } else { + log.debug("IAIK Provider was loaded before on place: {} and it's already there. Nothing todo", + iaikProviderLoadedBefore.get().getFirst()); + + } + } else { + if (iaikProviderLoadedBefore.isPresent()) { + log.debug("IAIK Provider was loaded before on place: {}. Nothing todo", + iaikProviderLoadedBefore.get().getFirst()); + + } else { + log.debug("IAIK Provider was not loaded before. Nothing todo"); + + } + + } + + } + private static void fixJava8_141ProblemWithSSLAlgorithms() { log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml index db9113441..d18f62795 100644 --- a/id/moa-id-webgui/pom.xml +++ b/id/moa-id-webgui/pom.xml @@ -33,8 +33,8 @@ <plugin> <artifactId>maven-compiler-plugin</artifactId> <configuration> - <source>1.7</source> - <target>1.7</target> + <source>1.8</source> + <target>1.8</target> </configuration> </plugin> </plugins> diff --git a/id/oa/pom.xml b/id/oa/pom.xml index 472c1d637..955f055a2 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -43,8 +43,8 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <configuration> - <source>1.7</source> - <target>1.7</target> + <source>1.8</source> + <target>1.8</target> </configuration> </plugin> </plugins> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 9f8fa943c..c9fd1d195 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -712,8 +712,8 @@ <artifactId>maven-compiler-plugin</artifactId>
<version>3.6.1</version>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index cb4e0f116..1aac6b397 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -346,8 +346,8 @@ <artifactId>maven-compiler-plugin</artifactId> <version>3.6.1</version> <configuration> - <source>1.7</source> - <target>1.7</target> + <source>1.8</source> + <target>1.8</target> <encoding>UTF-8</encoding> </configuration> </plugin> |