diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-12-14 11:52:51 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2021-12-14 11:52:51 +0100 |
commit | b2332a3b55b1d5164f9764cb895185798b4fb4a2 (patch) | |
tree | a5892923f9ed269d41528eca11062a0c544a731a /id/ConfigWebTool/src/main | |
parent | 987e73298941278ef77ef038eb97f9c91d48e4b9 (diff) | |
download | moa-id-spss-b2332a3b55b1d5164f9764cb895185798b4fb4a2.tar.gz moa-id-spss-b2332a3b55b1d5164f9764cb895185798b4fb4a2.tar.bz2 moa-id-spss-b2332a3b55b1d5164f9764cb895185798b4fb4a2.zip |
fix possible problem with IAIK provider
Diffstat (limited to 'id/ConfigWebTool/src/main')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 8eb4db4a2..2cce2ebab 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -33,9 +33,12 @@ import java.net.URL; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.Security; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; +import java.util.Optional; import java.util.Properties; import java.util.Timer; import java.util.jar.Attributes; @@ -54,6 +57,9 @@ import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; import org.springframework.context.support.GenericApplicationContext; +import com.google.common.collect.Streams; + +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; @@ -64,8 +70,10 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration; import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import iaik.asn1.structures.AlgorithmID; +import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; import lombok.extern.slf4j.Slf4j; @@ -174,6 +182,12 @@ public class ConfigurationProvider { log.info("Hibernate initialization finished."); + //check if IAIK provider is already loaded in first place + Optional<Pair<Long, Provider>> isIaikProviderLoaded = Streams.mapWithIndex( + Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str)) + .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName())) + .findAny(); + DefaultBootstrap.bootstrap(); log.info("OPENSAML initialized"); @@ -181,6 +195,17 @@ public class ConfigurationProvider { fixJava8_141ProblemWithSSLAlgorithms(); + //load a first place + checkSecuityProviderPosition(isIaikProviderLoaded); + + if (Logger.isDebugEnabled()) { + log.debug("Loaded Security Provider:"); + Provider[] providerList = Security.getProviders(); + for (int i=0; i<providerList.length; i++) + log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); + + } + log.info("MOA-ID-Configuration initialization completed"); } catch (final FileNotFoundException e) { @@ -198,6 +223,40 @@ public class ConfigurationProvider { } + private void checkSecuityProviderPosition(Optional<Pair<Long, Provider>> iaikProviderLoadedBefore) { + if (iaikProviderLoadedBefore.isPresent() && iaikProviderLoadedBefore.get().getFirst() == 0) { + Optional<Pair<Long, Provider>> iaikProviderLoadedNow = Streams.mapWithIndex( + Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str)) + .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName())) + .findAny(); + + if (iaikProviderLoadedNow.isPresent() && iaikProviderLoadedNow.get().getFirst() != + iaikProviderLoadedBefore.get().getFirst()) { + log.debug("IAIK Provider was loaded before on place: {}, but it's now on place: {}. Starting re-ordering ... ", + iaikProviderLoadedBefore.get().getFirst(), iaikProviderLoadedNow.get().getFirst()); + Security.removeProvider(IAIK.getInstance().getName()); + Security.insertProviderAt(IAIK.getInstance(), 0); + log.info("Re-ordering of Security Provider done."); + + } else { + log.debug("IAIK Provider was loaded before on place: {} and it's already there. Nothing todo", + iaikProviderLoadedBefore.get().getFirst()); + + } + } else { + if (iaikProviderLoadedBefore.isPresent()) { + log.debug("IAIK Provider was loaded before on place: {}. Nothing todo", + iaikProviderLoadedBefore.get().getFirst()); + + } else { + log.debug("IAIK Provider was not loaded before. Nothing todo"); + + } + + } + + } + private static void fixJava8_141ProblemWithSSLAlgorithms() { log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] |