diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-05-07 16:00:49 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2014-05-07 16:00:49 +0200 |
commit | 5e78c0a4ecfc75b2e42c079c08cff8247845e293 (patch) | |
tree | aea2bc41b1b95c51d9122be4d6443a9347e489f0 /id/ConfigWebTool/src/main/java/at/gv/egovernment | |
parent | b0782a62b34a8343968a456ed754f55cc41daf0f (diff) | |
download | moa-id-spss-5e78c0a4ecfc75b2e42c079c08cff8247845e293.tar.gz moa-id-spss-5e78c0a4ecfc75b2e42c079c08cff8247845e293.tar.bz2 moa-id-spss-5e78c0a4ecfc75b2e42c079c08cff8247845e293.zip |
change MOAMetaDataProvider to use MOA HttpClient
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java | 50 |
1 files changed, 47 insertions, 3 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index bcc9a87ab..84af0d225 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -41,7 +41,7 @@ import java.util.jar.Manifest; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; @@ -49,7 +49,11 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; @@ -436,6 +440,26 @@ public class ConfigurationProvider { return parseVersionFromManifest(); } + public String getCertStoreDirectory() throws CertificateException { + String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore."); + + } + + public String getTrustStoreDirectory() throws CertificateException { + String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore."); + + } + private void initalPVP2Login() throws ConfigurationException { try { @@ -458,8 +482,28 @@ public class ConfigurationProvider { log.info("NO IDP Metadata URL."); throw new ConfigurationException("NO IDP Metadata URL."); } - - idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl); + + MOAHttpClient httpClient = new MOAHttpClient(); + + if (metadataurl.startsWith("https:")) { + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + AuthConfigurationProvider.getInstance().getCertstoreDirectory(), + AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + null, + ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), + AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + + httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } + } + + idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl); idpMetadataProvider.setRequireValidMetadata(true); idpMetadataProvider.setParserPool(new BasicParserPool()); idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); |