aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool/src/main/java/at
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2021-12-14 11:52:51 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2021-12-14 11:52:51 +0100
commitb2332a3b55b1d5164f9764cb895185798b4fb4a2 (patch)
treea5892923f9ed269d41528eca11062a0c544a731a /id/ConfigWebTool/src/main/java/at
parent987e73298941278ef77ef038eb97f9c91d48e4b9 (diff)
downloadmoa-id-spss-b2332a3b55b1d5164f9764cb895185798b4fb4a2.tar.gz
moa-id-spss-b2332a3b55b1d5164f9764cb895185798b4fb4a2.tar.bz2
moa-id-spss-b2332a3b55b1d5164f9764cb895185798b4fb4a2.zip
fix possible problem with IAIK provider
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java59
1 files changed, 59 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index 8eb4db4a2..2cce2ebab 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -33,9 +33,12 @@ import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Optional;
import java.util.Properties;
import java.util.Timer;
import java.util.jar.Attributes;
@@ -54,6 +57,9 @@ import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.context.support.GenericApplicationContext;
+import com.google.common.collect.Streams;
+
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
@@ -64,8 +70,10 @@ import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration;
import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.asn1.structures.AlgorithmID;
+import iaik.security.provider.IAIK;
import iaik.x509.X509Certificate;
import lombok.extern.slf4j.Slf4j;
@@ -174,6 +182,12 @@ public class ConfigurationProvider {
log.info("Hibernate initialization finished.");
+ //check if IAIK provider is already loaded in first place
+ Optional<Pair<Long, Provider>> isIaikProviderLoaded = Streams.mapWithIndex(
+ Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str))
+ .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName()))
+ .findAny();
+
DefaultBootstrap.bootstrap();
log.info("OPENSAML initialized");
@@ -181,6 +195,17 @@ public class ConfigurationProvider {
fixJava8_141ProblemWithSSLAlgorithms();
+ //load a first place
+ checkSecuityProviderPosition(isIaikProviderLoaded);
+
+ if (Logger.isDebugEnabled()) {
+ log.debug("Loaded Security Provider:");
+ Provider[] providerList = Security.getProviders();
+ for (int i=0; i<providerList.length; i++)
+ log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());
+
+ }
+
log.info("MOA-ID-Configuration initialization completed");
} catch (final FileNotFoundException e) {
@@ -198,6 +223,40 @@ public class ConfigurationProvider {
}
+ private void checkSecuityProviderPosition(Optional<Pair<Long, Provider>> iaikProviderLoadedBefore) {
+ if (iaikProviderLoadedBefore.isPresent() && iaikProviderLoadedBefore.get().getFirst() == 0) {
+ Optional<Pair<Long, Provider>> iaikProviderLoadedNow = Streams.mapWithIndex(
+ Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str))
+ .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName()))
+ .findAny();
+
+ if (iaikProviderLoadedNow.isPresent() && iaikProviderLoadedNow.get().getFirst() !=
+ iaikProviderLoadedBefore.get().getFirst()) {
+ log.debug("IAIK Provider was loaded before on place: {}, but it's now on place: {}. Starting re-ordering ... ",
+ iaikProviderLoadedBefore.get().getFirst(), iaikProviderLoadedNow.get().getFirst());
+ Security.removeProvider(IAIK.getInstance().getName());
+ Security.insertProviderAt(IAIK.getInstance(), 0);
+ log.info("Re-ordering of Security Provider done.");
+
+ } else {
+ log.debug("IAIK Provider was loaded before on place: {} and it's already there. Nothing todo",
+ iaikProviderLoadedBefore.get().getFirst());
+
+ }
+ } else {
+ if (iaikProviderLoadedBefore.isPresent()) {
+ log.debug("IAIK Provider was loaded before on place: {}. Nothing todo",
+ iaikProviderLoadedBefore.get().getFirst());
+
+ } else {
+ log.debug("IAIK Provider was not loaded before. Nothing todo");
+
+ }
+
+ }
+
+ }
+
private static void fixJava8_141ProblemWithSSLAlgorithms() {
log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
// new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[]