fix possible problem with IAIK provider

1 files changed, 59 insertions, 0 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index 8eb4db4a2..2cce2ebab 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -33,9 +33,12 @@ import java.net.URL;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
 import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Optional;
 import java.util.Properties;
 import java.util.Timer;
 import java.util.jar.Attributes;
@@ -54,6 +57,9 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.context.support.GenericApplicationContext;
 
+import com.google.common.collect.Streams;
+
+import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
@@ -64,8 +70,10 @@ import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
 import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration;
 import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
+import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import iaik.asn1.structures.AlgorithmID;
+import iaik.security.provider.IAIK;
 import iaik.x509.X509Certificate;
 import lombok.extern.slf4j.Slf4j;
 
@@ -174,6 +182,12 @@ public class ConfigurationProvider {
 
       log.info("Hibernate initialization finished.");
 
+      //check if IAIK provider is already loaded in first place
+      Optional<Pair<Long, Provider>> isIaikProviderLoaded = Streams.mapWithIndex(
+              Arrays.stream(Security.getProviders()), (str, index) ->  Pair.newInstance(index, str))
+          .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName()))
+          .findAny();
+      
       DefaultBootstrap.bootstrap();
       log.info("OPENSAML initialized");
 
@@ -181,6 +195,17 @@ public class ConfigurationProvider {
 
       fixJava8_141ProblemWithSSLAlgorithms();
 
+      //load a first place
+      checkSecuityProviderPosition(isIaikProviderLoaded);    
+      
+      if (Logger.isDebugEnabled()) {
+        log.debug("Loaded Security Provider:");
+        Provider[] providerList = Security.getProviders();
+        for (int i=0; i<providerList.length; i++)
+          log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());            
+        
+      }
+      
       log.info("MOA-ID-Configuration initialization completed");
 
     } catch (final FileNotFoundException e) {
@@ -198,6 +223,40 @@ public class ConfigurationProvider {
 
   }
 
+  private void checkSecuityProviderPosition(Optional<Pair<Long, Provider>> iaikProviderLoadedBefore) {        
+    if (iaikProviderLoadedBefore.isPresent() && iaikProviderLoadedBefore.get().getFirst() == 0) {
+      Optional<Pair<Long, Provider>> iaikProviderLoadedNow = Streams.mapWithIndex(
+          Arrays.stream(Security.getProviders()), (str, index) ->  Pair.newInstance(index, str))
+      .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName()))
+      .findAny();  
+      
+      if (iaikProviderLoadedNow.isPresent() && iaikProviderLoadedNow.get().getFirst() != 
+          iaikProviderLoadedBefore.get().getFirst()) {
+        log.debug("IAIK Provider was loaded before on place: {}, but it's now on place: {}. Starting re-ordering ... ", 
+            iaikProviderLoadedBefore.get().getFirst(), iaikProviderLoadedNow.get().getFirst());
+        Security.removeProvider(IAIK.getInstance().getName());
+        Security.insertProviderAt(IAIK.getInstance(), 0);  
+        log.info("Re-ordering of Security Provider done.");
+        
+      } else {
+        log.debug("IAIK Provider was loaded before on place: {} and it's already there. Nothing todo", 
+            iaikProviderLoadedBefore.get().getFirst());
+        
+      }            
+    } else {
+      if (iaikProviderLoadedBefore.isPresent()) {
+        log.debug("IAIK Provider was loaded before on place: {}. Nothing todo", 
+            iaikProviderLoadedBefore.get().getFirst());
+        
+      } else {
+        log.debug("IAIK Provider was not loaded before. Nothing todo");
+        
+      }
+      
+    }
+                      
+  }
+
   private static void fixJava8_141ProblemWithSSLAlgorithms() {
     log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
     // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[]