aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2019-02-04 08:58:10 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2019-02-04 08:58:10 +0100
commita917335ea69ab857f00bd17679e259fcc215cad9 (patch)
tree2aff94e138b0a88d68e10a057071a7cd289978f1 /id/server/idserverlib/src/main
parent9ddeacf32976d14c3f2f70ec446262998eb8a68e (diff)
downloadmoa-id-spss-a917335ea69ab857f00bd17679e259fcc215cad9.tar.gz
moa-id-spss-a917335ea69ab857f00bd17679e259fcc215cad9.tar.bz2
moa-id-spss-a917335ea69ab857f00bd17679e259fcc215cad9.zip
update SSLUtils to use default JVM trustStore for SSL connections as optional
Diffstat (limited to 'id/server/idserverlib/src/main')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java11
3 files changed, 17 insertions, 2 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 1fa17c683..4fc37d88f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -145,7 +145,9 @@ public class MOAMetadataProvider extends AbstractChainingMetadataProvider {
try {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
moaAuthConfig.getTrustedCACertificates(),
null,
AuthConfiguration.DEFAULT_X509_CHAININGMODE,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index d7ada1f36..bd908f894 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -75,7 +75,9 @@ public class MOASAMLSOAPClient {
//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
SecureProtocolSocketFactory sslprotocolsocketfactory =
new MOAHttpProtocolSocketFactory(
- PVPConstants.SSLSOCKETFACTORYNAME,
+ PVPConstants.SSLSOCKETFACTORYNAME,
+ AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE, false),
AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
null,
AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(),
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index 611dff3b1..6bf44a527 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -61,6 +61,7 @@ import javax.net.ssl.SSLSocketFactory;
import org.apache.regexp.RE;
import org.apache.regexp.RESyntaxException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider;
import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -93,6 +94,10 @@ public class SSLUtils {
ConfigurationProvider conf, String url )
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+ boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
+ false);
+
// else create new SSLSocketFactory
String trustStoreURL = conf.getTrustedCACertificates();
@@ -107,6 +112,7 @@ public class SSLUtils {
try {
SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
url,
+ useStandardJavaTrustStore,
null,
trustStoreURL,
acceptedServerCertURL,
@@ -148,6 +154,10 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+ boolean useStandardJavaTrustStore = conf.getBasicMOAIDConfigurationBoolean(
+ AuthConfiguration.PROP_KEY_SSL_USE_JVM_TRUSTSTORE,
+ false);
+
// else create new SSLSocketFactory
String trustStoreURL = conf.getTrustedCACertificates();
@@ -162,6 +172,7 @@ public class SSLUtils {
try {
SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
connParam.getUrl(),
+ useStandardJavaTrustStore,
null,
trustStoreURL,
acceptedServerCertURL,