aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 10:48:09 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 10:48:09 +0200
commit0cdb39bbfbacbea3f809872f2570709eeca91ccf (patch)
treec9a5c173c2c448d92713c6073cca523c93b49994 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
parentb5250268a67a571d0cd5563b8820c88c2c4e7cca (diff)
downloadmoa-id-spss-0cdb39bbfbacbea3f809872f2570709eeca91ccf.tar.gz
moa-id-spss-0cdb39bbfbacbea3f809872f2570709eeca91ccf.tar.bz2
moa-id-spss-0cdb39bbfbacbea3f809872f2570709eeca91ccf.zip
move SSLSocketFactory to moa-id-commons
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java105
1 files changed, 32 insertions, 73 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index ed3f297c7..81abe3f5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,11 +46,7 @@
package at.gv.egovernment.moa.id.util;
-import iaik.pki.PKIConfiguration;
import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
import iaik.security.provider.IAIK;
import java.io.BufferedInputStream;
@@ -62,26 +58,19 @@ import java.io.Reader;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
import org.apache.regexp.RE;
import org.apache.regexp.RESyntaxException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
-import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
-import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
-import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
/**
@@ -94,14 +83,7 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public class SSLUtils {
- /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
- private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
-
- /**
- * Initializes the SSLSocketFactory store.
- */
public static void initialize() {
- sslSocketFactories = new HashMap<String, SSLSocketFactory>();
// JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Security.addProvider(new IAIK());
@@ -132,61 +114,38 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
- // retrieve SSLSocketFactory if already created
- SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
- if (ssf != null)
- return ssf;
-
- // else create new SSLSocketFactory
- String trustStoreURL = conf.getTrustedCACertificates();
-
- if (trustStoreURL == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"TrustedCACertificates"});
- String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
-
- TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
-
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
- "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null); ssf = ctx.getSocketFactory();
- // store SSLSocketFactory
- sslSocketFactories.put(connParam.getUrl(), ssf);
- return ssf;
+ // else create new SSLSocketFactory
+ String trustStoreURL = conf.getTrustedCACertificates();
+
+ if (trustStoreURL == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {"TrustedCACertificates"});
+
+ String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+
+ //INFO: MOA-ID 2.x always use defaultChainingMode
+
+ try {
+ SSLSocketFactory ssf =
+ at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ connParam.getUrl(),
+ conf.getCertstoreDirectory(),
+ trustStoreURL,
+ acceptedServerCertURL,
+ AuthConfigurationProvider.getInstance().getDefaultChainingMode(),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking(),
+ connParam.getClientKeyStore(),
+ connParam.getClientKeyStorePassword(),
+ "pkcs12");
+
+ return ssf;
+
+ } catch (SSLConfigurationException e) {
+ throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE());
+
+ }
}
-
- /**
- * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
- * using configuration data.
- *
- * @param conf MOA-ID configuration provider
- * @param trustStoreURL trust store URL
- * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
- * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
- * @throws ConfigurationException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
- public static TrustManager[] getTrustManagers(
- ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(conf);
- boolean checkRevocation = conf.isTrustmanagerrevoationchecking();
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
- // This call fixes a bug occuring when PKIConfiguration is
- // initialized by the MOA-SP initialization code, in case
- // MOA-SP is called by API
- MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
- tm.init(cfg, profile);
- return new TrustManager[] {tm};
- }
/**
* Reads a file, given by URL, into a byte array,
* securing the connection by IAIKX509TrustManager.