move SSLSocketFactory to moa-id-commons

9 files changed, 36 insertions, 1046 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index dc5ec430e..88ed7885f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -135,23 +135,11 @@ public class ConfigurationProvider {
 		return rootConfigFileDir;
 	}
 
-  /**
-     * Return the chaining mode for a given trust anchor.
-     * 
-     * @param trustAnchor The trust anchor for which the chaining mode should be
-     * returned.
-     * @return The chaining mode for the given trust anchor. If the trust anchor
-     * has not been configured separately, the system default will be returned.
-     */
-  public String getChainingMode(X509Certificate trustAnchor) {
-    Principal issuer = trustAnchor.getIssuerDN();
-    BigInteger serial = trustAnchor.getSerialNumber();
-    IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
-  
-    String mode = (String) chainingModes.get(issuerAndSerial);
-    return mode != null ? mode : defaultChainingMode;
+  public String getDefaultChainingMode() {
+	  return defaultChainingMode;
   }
-
+  
+  
   /**
    * Returns the trustedCACertificates.
    * @return String
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
deleted file mode 100644
index b6fe20a61..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-import at.gv.egovernment.moa.logging.Logger;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.certstore.CertStoreParameters;
-import iaik.pki.store.certstore.CertStoreTypes;
-import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-
-import java.io.File;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class CertStoreConfigurationImpl extends ObservableImpl
-        implements CertStoreConfiguration, DirectoryCertStoreParameters {
-    /**
-     * identifies the rootDirectory
-     */
-    private String rootDirectory;
-    /**
-     * ConfigurationProvider
-     */
-    private ConfigurationProvider conf;
-    /**
-     * Array for storing all CertStoreParameters
-     */
-    private CertStoreParameters[] parameters;
-
-    /**
-     * Create a new <code>CertStoreConfigurationImpl</code>.
-     *
-     * @param conf The MOA configuration from which the configuration data is
-     * @throws ConfigurationException an any config-error
-     *                                being read.
-     */
-    public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
-        this.conf = conf;
-
-        String certStoreRootDirParam = conf.getCertstoreDirectory();
-
-        if (certStoreRootDirParam == null)
-            throw new ConfigurationException(
-                    "config.08", new Object[]{"CertStoreDirectory"});
-
-        //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
-        rootDirectory = certStoreRootDirParam;
-        Logger.error("Using file: " + rootDirectory);
-        if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5);
-        Logger.error("Using file2: " + rootDirectory);
-
-        File f = new File(rootDirectory);
-        //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir());
-
-        if (!f.exists()) {
-            Logger.error("File does not exists: " + f.getAbsolutePath());
-            throw new ConfigurationException(
-                    "config.05", new Object[]{"CertStoreDirectory"});
-        }
-
-        if (!f.isDirectory()) {
-            Logger.error("File is not a directory: " + f.getAbsolutePath());
-            throw new ConfigurationException(
-                    "config.05", new Object[]{"CertStoreDirectory"});
-        }
-
-
-        parameters = new CertStoreParameters[]{this};
-    }
-
-    /**
-     * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
-     */
-    public CertStoreParameters[] getParameters() {
-        return parameters;
-    }
-
-    /**
-     * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
-     */
-    public String getRootDirectory() {
-        return rootDirectory;
-    }
-
-    /**
-     * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
-     */
-    public boolean createNew() {
-        return false;
-    }
-
-    /**
-     * @see iaik.pki.store.certstore.CertStoreParameters#getId()
-     */
-    public String getId() {
-        return "MOA ID Directory CertStore";
-    }
-
-    /**
-     * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
-     */
-    public boolean isReadOnly() {
-        return false;
-    }
-
-    /**
-     * @return <code>CertStoreTypes.DIRECTORY</code>
-     * @see iaik.pki.store.certstore.CertStoreParameters#getType()
-     */
-    public String getType() {
-        return CertStoreTypes.DIRECTORY;
-    }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
deleted file mode 100644
index 064d8a835..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.pathvalidation.ValidationConfiguration;
-import iaik.pki.revocation.RevocationConfiguration;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.revocation.archive.ArchiveConfiguration;
-
-/**
- * Implementation of interface <code>PKIConfiguration</code> needed to
- * initialize an IAIK JSSE <code>TrustManager</code>
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIConfigurationImpl implements PKIConfiguration {
-  /** The configuration for the CertStore */
-  private CertStoreConfiguration certStoreConfiguration;
-  /** The configuration for the RevocationChecks */
-  private RevocationConfiguration revocationConfiguration;
-  /** The configuration for the Validation */
-  private ValidationConfiguration validationConfiguration;
-
-  /**
-   * Constructor
-   * @param conf the Configuration for the PKIConfig
-   * @throws ConfigurationException for any config error
-   */
-  public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
-    
-    certStoreConfiguration = new CertStoreConfigurationImpl(conf);
-    revocationConfiguration = new RevocationConfigurationImpl();
-    validationConfiguration = new ValidationConfigurationImpl(conf);
-  }
-
-  /**
-   * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
-   */
-  public CertStoreConfiguration getCertStoreConfiguration() {
-    return certStoreConfiguration;
-  }
-
-  /**
-   * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
-   */
-  public RevocationConfiguration getRevocationConfiguration() {
-    return revocationConfiguration;
-  }
-
-  /**
-   * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
-   */
-  public ArchiveConfiguration getArchiveConfiguration() {
-    return null;
-  }
-
-  /**
-   * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
-   */
-  public ValidationConfiguration getValidationConfiguration() {
-    return validationConfiguration;
-  }
-
-/* (non-Javadoc)
- * @see iaik.pki.PKIConfiguration#getTimeout()
- */
-  public int getTimeout() {
-	// TODO Auto-generated method stub
-	return 0;
-}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
deleted file mode 100644
index 2c24161f6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.revocation.RevocationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration {
-
-  /**
-   * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
-   */
-  public Set getAlternativeDistributionPoints(
-    X509Certificate arg0,
-    X509Certificate arg1,
-    Date arg2) {
-    return Collections.EMPTY_SET;
-  }
-
-  /**
-   * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
-   */
-  public boolean archiveRevocationInfo(String arg0, String arg1) {
-    return false;
-  }
-
-  public Integer getCrlRetentionInterval(String arg0) {
-     return null;
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
deleted file mode 100644
index d230eef26..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.pathvalidation.ValidationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.security.spec.AlgorithmParameterSpec;
-
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ValidationConfigurationImpl extends ObservableImpl
-  implements ValidationConfiguration {
-  /** The ConfigurationProvider for the validation*/
-  private ConfigurationProvider conf;
-    
-  /**
-   * Constructor
-   * @param conf with the configuration
-   */
-  public ValidationConfigurationImpl(ConfigurationProvider conf) {
-    this.conf = conf;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
-   */
-  public String getChainingMode(X509Certificate trustAnchor) {
-    String chainingMode = conf.getChainingMode(trustAnchor);
-    return chainingMode;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
-   */
-  public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) {
-    return null;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
-   */
-  public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) {
-    return null;
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
deleted file mode 100644
index 8afba2a12..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
+++ /dev/null
@@ -1,232 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.pki;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Set;
-
-import iaik.pki.PKIProfile;
-import iaik.pki.pathvalidation.ValidationProfile;
-import iaik.pki.revocation.RevocationProfile;
-import iaik.pki.revocation.RevocationSourceTypes;
-import iaik.pki.store.truststore.TrustStoreProfile;
-import iaik.pki.store.truststore.TrustStoreTypes;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of the <code>PKIProfile</code> interface and subinterfaces
- * providing information needed for certificate path validation.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIProfileImpl extends ObservableImpl
-  implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
-  /**
-   * URI to the truststore
-   */
-  private String trustStoreURI;
-
-	/**
-	 * revocation checking;
-	 */
-	private boolean revocationChecking;
-  
-  /**
-   * The trust profile identifier. 
-   */
-  private String id;
-
-
-  /**
-   * Create a new <code>PKIProfileImpl</code>.
-   * 
-   * @param trustStoreURI trust store URI
-   */
-  public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
-    this.trustStoreURI = trustStoreURI;
-    this.revocationChecking = revocationChecking;
-    String id = String.valueOf(System.currentTimeMillis());
-    setId("id-" + id);
-  }
-
-  /**
-   * @see iaik.pki.PKIProfile#autoAddCertificates()
-   */
-  public boolean autoAddCertificates() {
-    return true;
-  }
-
-  /**
-   * @see iaik.pki.PKIProfile#getRevocationProfile()
-   */
-  public RevocationProfile getRevocationProfile() {
-    return this;
-  }
-
-  /**
-   * @see iaik.pki.PKIProfile#getTrustStoreProfile()
-   */
-  public TrustStoreProfile getTrustStoreProfile() {
-    return this;
-  }
-
-  /**
-   * @see iaik.pki.PKIProfile#getValidationProfile()
-   */
-  public ValidationProfile getValidationProfile() {
-    return this;
-  }
-
-  /**
-   * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
-   */
-  public boolean useAuthorityInfoAccess() {
-    return true;
-  }
-  
-  /**
-   * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
-   */
-  public long getMaxRevocationAge(String arg0) {
-    return 0;
-  }
-
-  /**
-   * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
-   */
-  public String getOCSPRequestHashAlgorithm() {
-    return null;
-  }
-
-  /**
-   * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
-   */
-  public String[] getPreferredServiceOrder(X509Certificate arg0) {
-    return new String[] {RevocationSourceTypes.CRL};
-  }
-
-  /**
-   * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
-   */
-  public String getType() {
-    return TrustStoreTypes.DIRECTORY;
-  }
-
-  /**
-   * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
-   */
-  public String getURI() {
-    return trustStoreURI;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
-   */
-  public boolean getInitialAnyPolicyInhibit() {
-    return false;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
-   */
-  public boolean getInitialExplicitPolicy() {
-    return false;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
-   */
-  public boolean getInitialPolicyMappingInhibit() {
-    return false;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
-   */
-  public Set getInitialPolicySet() {
-    return Collections.EMPTY_SET;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
-   */
-  public boolean getNameConstraintsProcessing() {
-    return false;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
-   */
-  public boolean getPolicyProcessing() {
-    return false;
-  }
-
-  /**
-   * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
-   */
-  public boolean getRevocationChecking() {
-		return this.revocationChecking;
-  }
-
-  /**
-   * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
-   */
-  public String getId() {
-    return id;
-  }
-  /**
-   * Sets the trust profile identifier.
-   * @param id The id to set.
-   */
-  public void setId(String id) {
-    this.id = id;
-  }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
deleted file mode 100644
index 202be882e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.pki.jsse;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-/**
- * <code>TrustManager</code> implementation featuring CRL checking (inherited from
- * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
- * 
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDTrustManager extends IAIKX509TrustManager {
-  
-  /** an x509Certificate array containing all accepted server certificates*/
-  private X509Certificate[] acceptedServerCertificates;
-
-  /**
-   * Constructor
-   * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
-   * @throws GeneralSecurityException occurs on security errors
-   * @throws IOException occurs on IO errors
-   */
-  public MOAIDTrustManager(String acceptedServerCertificateStoreURL) 
-    throws IOException, GeneralSecurityException {
-    
-    if (acceptedServerCertificateStoreURL != null)
-      buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
-    else
-      acceptedServerCertificates = null;
-  }
-
- 
-  /**
-   * Initializes the LoggingContextManager logging context.
-   * Fixes a bug occuring in the case MOA-SP is called by API.
-   * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
-   * This method must be called before a MOAIDTrustManager is constructed,
-   * from every thread.
-   */
-  public static void initializeLoggingContext() {  
-    if (LoggingContextManager.getInstance().getLoggingContext() == null)
-    LoggingContextManager.getInstance().setLoggingContext(
-      new LoggingContext(Thread.currentThread().getName()));
-  }
-
-  
-  /**
-   * Builds an Array of accepted server certificates from an URL,
-   * and stores it in <code>acceptedServerCertificates</code>.
-   * @param acceptedServerCertificateStoreURL file URL pointing to the directory
-   *         containing accepted server X509 certificates
-   * @throws GeneralSecurityException on security errors
-   * @throws IOException on any IO errors
-   */
-  private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) 
-    throws IOException, GeneralSecurityException {
-
-    List<X509Certificate> certList = new ArrayList<X509Certificate>();
-    URL storeURL = new URL(acceptedServerCertificateStoreURL);
-    File storeDir = new File(storeURL.getFile());
-    // list certificate files in directory
-    File[] certFiles = storeDir.listFiles(); 
-    for (int i = 0; i < certFiles.length; i++) {
-      // for each: create an X509Certificate and store it in list
-      File certFile = certFiles[i];
-      FileInputStream fis = new FileInputStream(certFile.getPath());
-      CertificateFactory certFact = CertificateFactory.getInstance("X.509");
-      X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
-      fis.close();
-      certList.add(cert);
-    }
-    // store acceptedServerCertificates
-    acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
-  }
-
-  /**
-   * Does additional server-end-SSL-certificate checking.
-   * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
-   */
-  public boolean isServerTrusted(X509Certificate[] certChain) {
-    boolean trusted = super.isServerTrusted(certChain);
-    if (! trusted || acceptedServerCertificates == null)
-      return trusted;
-    else {
-      // check server-end-SSL-certificate with acceptedServerCertificates
-      X509Certificate serverCert = certChain[0];
-      for (int i = 0; i < acceptedServerCertificates.length; i++) {
-        X509Certificate acceptedServerCert = acceptedServerCertificates[i];
-        if (serverCert.equals(acceptedServerCert))
-          return true;
-      }
-      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
-      return false;
-    }
-  }
-  /**
-   * In rare cases, this method is being called although it should not be.
-   * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
-   */
-  public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
-  {
-    return true;
-  }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
deleted file mode 100644
index 16184502d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- * 
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- * 
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.servertools.observer;
-
-import iaik.pki.store.observer.NotificationData;
-import iaik.pki.store.observer.Observable;
-import iaik.pki.store.observer.Observer;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-
-/**
- * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ObservableImpl implements Observable {
-  /** a List for all observers */
-  private List<Observer> observers = new ArrayList<Observer>();
-
-  /**
-   * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
-   */
-  public void addObserver(Observer observer) {
-    observers.add(observer);
-  }
-
-  /**
-   * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
-   */
-  public boolean removeObserver(Observer observer) {
-    return observers.remove(observer);
-  }
-
-  /**
-   * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
-   */
-  public void notify(NotificationData data) {
-    Iterator<Observer> iter = observers.iterator();
-    for (iter = observers.iterator(); iter.hasNext();) {
-      Observer observer = (Observer) iter.next();
-      observer.notify(data);
-    }
-  }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index ed3f297c7..81abe3f5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,11 +46,7 @@
 
 package at.gv.egovernment.moa.id.util;
 
-import iaik.pki.PKIConfiguration;
 import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
 import iaik.security.provider.IAIK;
 
 import java.io.BufferedInputStream;
@@ -62,26 +58,19 @@ import java.io.Reader;
 import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
 
 import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
 
 import org.apache.regexp.RE;
 import org.apache.regexp.RESyntaxException;
 
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
 import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.config.ConnectionParameter;
 import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
-import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
-import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
-import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 
 
 /**
@@ -94,14 +83,7 @@ import at.gv.egovernment.moa.logging.Logger;
  */
 public class SSLUtils {
   
-  /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
-  private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
-
-  /**
-   * Initializes the SSLSocketFactory store.
-   */
   public static void initialize() {
-    sslSocketFactories = new HashMap<String, SSLSocketFactory>();
     // JSSE Abhängigkeit
     //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
     Security.addProvider(new IAIK());
@@ -132,61 +114,38 @@ public class SSLUtils {
     ConnectionParameterInterface connParam)
     throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
     
-    Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
-    // retrieve SSLSocketFactory if already created
-    SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
-    if (ssf != null) 
-      return ssf;
-    
-    // else create new SSLSocketFactory
-    String trustStoreURL = conf.getTrustedCACertificates();
-    
-    if (trustStoreURL == null)
-      throw new ConfigurationException(
-        "config.08", new Object[] {"TrustedCACertificates"});
-    String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
-    
-    TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
-    
-    KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
-      "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
-    SSLContext ctx = SSLContext.getInstance("TLS");
-    ctx.init(kms, tms, null);    ssf = ctx.getSocketFactory();
-    // store SSLSocketFactory
-    sslSocketFactories.put(connParam.getUrl(), ssf);
-    return ssf;
+	    // else create new SSLSocketFactory
+	    String trustStoreURL = conf.getTrustedCACertificates();
+	    
+	    if (trustStoreURL == null)
+	      throw new ConfigurationException(
+	        "config.08", new Object[] {"TrustedCACertificates"});
+	    
+	    String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+ 	    
+   	   //INFO: MOA-ID 2.x always use defaultChainingMode 
+	    
+	    try {	    
+	    	SSLSocketFactory ssf =  
+	    			at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+	    					connParam.getUrl(), 
+	    					conf.getCertstoreDirectory(), 
+	    					trustStoreURL, 
+	    					acceptedServerCertURL, 
+	    					AuthConfigurationProvider.getInstance().getDefaultChainingMode(), 
+	    					AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking(), 
+	    					connParam.getClientKeyStore(), 
+	    					connParam.getClientKeyStorePassword(), 
+	    					"pkcs12");
+	    		    	
+	    	return ssf;
+	    	
+	    } catch (SSLConfigurationException e) {
+	    	throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE());
+	    	
+	    }
   }
   
-  
-  /**
-   * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
-   * using configuration data.
-   * 
-   * @param conf MOA-ID configuration provider
-   * @param trustStoreURL trust store URL
-   * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
-   * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
-   * @throws ConfigurationException on invalid configuration data
-   * @throws IOException on data-reading problems
-   * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
-   */
-  public static TrustManager[] getTrustManagers(
-    ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL) 
-    throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
-    PKIConfiguration cfg = null;
-    if (! PKIFactory.getInstance().isAlreadyConfigured())
-      cfg = new PKIConfigurationImpl(conf);
-    boolean checkRevocation = conf.isTrustmanagerrevoationchecking();
-    PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
-    // This call fixes a bug occuring when PKIConfiguration is
-    // initialized by the MOA-SP initialization code, in case
-    // MOA-SP is called by API
-    MOAIDTrustManager.initializeLoggingContext();    
-    IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
-    tm.init(cfg, profile);
-    return new TrustManager[] {tm};
-  }
   /**
    * Reads a file, given by URL, into a byte array, 
    * securing the connection by IAIKX509TrustManager.