aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 10:48:09 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 10:48:09 +0200
commit0cdb39bbfbacbea3f809872f2570709eeca91ccf (patch)
treec9a5c173c2c448d92713c6073cca523c93b49994 /id/server/idserverlib/src
parentb5250268a67a571d0cd5563b8820c88c2c4e7cca (diff)
downloadmoa-id-spss-0cdb39bbfbacbea3f809872f2570709eeca91ccf.tar.gz
moa-id-spss-0cdb39bbfbacbea3f809872f2570709eeca91ccf.tar.bz2
moa-id-spss-0cdb39bbfbacbea3f809872f2570709eeca91ccf.zip
move SSLSocketFactory to moa-id-commons
Diffstat (limited to 'id/server/idserverlib/src')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java165
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java120
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java97
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java232
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java165
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java92
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java105
9 files changed, 36 insertions, 1046 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index dc5ec430e..88ed7885f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -135,23 +135,11 @@ public class ConfigurationProvider {
return rootConfigFileDir;
}
- /**
- * Return the chaining mode for a given trust anchor.
- *
- * @param trustAnchor The trust anchor for which the chaining mode should be
- * returned.
- * @return The chaining mode for the given trust anchor. If the trust anchor
- * has not been configured separately, the system default will be returned.
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- Principal issuer = trustAnchor.getIssuerDN();
- BigInteger serial = trustAnchor.getSerialNumber();
- IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
-
- String mode = (String) chainingModes.get(issuerAndSerial);
- return mode != null ? mode : defaultChainingMode;
+ public String getDefaultChainingMode() {
+ return defaultChainingMode;
}
-
+
+
/**
* Returns the trustedCACertificates.
* @return String
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
deleted file mode 100644
index b6fe20a61..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-import at.gv.egovernment.moa.logging.Logger;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.certstore.CertStoreParameters;
-import iaik.pki.store.certstore.CertStoreTypes;
-import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-
-import java.io.File;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class CertStoreConfigurationImpl extends ObservableImpl
- implements CertStoreConfiguration, DirectoryCertStoreParameters {
- /**
- * identifies the rootDirectory
- */
- private String rootDirectory;
- /**
- * ConfigurationProvider
- */
- private ConfigurationProvider conf;
- /**
- * Array for storing all CertStoreParameters
- */
- private CertStoreParameters[] parameters;
-
- /**
- * Create a new <code>CertStoreConfigurationImpl</code>.
- *
- * @param conf The MOA configuration from which the configuration data is
- * @throws ConfigurationException an any config-error
- * being read.
- */
- public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
- this.conf = conf;
-
- String certStoreRootDirParam = conf.getCertstoreDirectory();
-
- if (certStoreRootDirParam == null)
- throw new ConfigurationException(
- "config.08", new Object[]{"CertStoreDirectory"});
-
- //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
- rootDirectory = certStoreRootDirParam;
- Logger.error("Using file: " + rootDirectory);
- if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5);
- Logger.error("Using file2: " + rootDirectory);
-
- File f = new File(rootDirectory);
- //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir());
-
- if (!f.exists()) {
- Logger.error("File does not exists: " + f.getAbsolutePath());
- throw new ConfigurationException(
- "config.05", new Object[]{"CertStoreDirectory"});
- }
-
- if (!f.isDirectory()) {
- Logger.error("File is not a directory: " + f.getAbsolutePath());
- throw new ConfigurationException(
- "config.05", new Object[]{"CertStoreDirectory"});
- }
-
-
- parameters = new CertStoreParameters[]{this};
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
- */
- public CertStoreParameters[] getParameters() {
- return parameters;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
- */
- public String getRootDirectory() {
- return rootDirectory;
- }
-
- /**
- * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
- */
- public boolean createNew() {
- return false;
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#getId()
- */
- public String getId() {
- return "MOA ID Directory CertStore";
- }
-
- /**
- * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
- */
- public boolean isReadOnly() {
- return false;
- }
-
- /**
- * @return <code>CertStoreTypes.DIRECTORY</code>
- * @see iaik.pki.store.certstore.CertStoreParameters#getType()
- */
- public String getType() {
- return CertStoreTypes.DIRECTORY;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
deleted file mode 100644
index 064d8a835..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
+++ /dev/null
@@ -1,120 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.pathvalidation.ValidationConfiguration;
-import iaik.pki.revocation.RevocationConfiguration;
-import iaik.pki.store.certstore.CertStoreConfiguration;
-import iaik.pki.store.revocation.archive.ArchiveConfiguration;
-
-/**
- * Implementation of interface <code>PKIConfiguration</code> needed to
- * initialize an IAIK JSSE <code>TrustManager</code>
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIConfigurationImpl implements PKIConfiguration {
- /** The configuration for the CertStore */
- private CertStoreConfiguration certStoreConfiguration;
- /** The configuration for the RevocationChecks */
- private RevocationConfiguration revocationConfiguration;
- /** The configuration for the Validation */
- private ValidationConfiguration validationConfiguration;
-
- /**
- * Constructor
- * @param conf the Configuration for the PKIConfig
- * @throws ConfigurationException for any config error
- */
- public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
-
- certStoreConfiguration = new CertStoreConfigurationImpl(conf);
- revocationConfiguration = new RevocationConfigurationImpl();
- validationConfiguration = new ValidationConfigurationImpl(conf);
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
- */
- public CertStoreConfiguration getCertStoreConfiguration() {
- return certStoreConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
- */
- public RevocationConfiguration getRevocationConfiguration() {
- return revocationConfiguration;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
- */
- public ArchiveConfiguration getArchiveConfiguration() {
- return null;
- }
-
- /**
- * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
- */
- public ValidationConfiguration getValidationConfiguration() {
- return validationConfiguration;
- }
-
-/* (non-Javadoc)
- * @see iaik.pki.PKIConfiguration#getTimeout()
- */
- public int getTimeout() {
- // TODO Auto-generated method stub
- return 0;
-}
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
deleted file mode 100644
index 2c24161f6..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
+++ /dev/null
@@ -1,86 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.revocation.RevocationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Date;
-import java.util.Set;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration {
-
- /**
- * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
- */
- public Set getAlternativeDistributionPoints(
- X509Certificate arg0,
- X509Certificate arg1,
- Date arg2) {
- return Collections.EMPTY_SET;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
- */
- public boolean archiveRevocationInfo(String arg0, String arg1) {
- return false;
- }
-
- public Integer getCrlRetentionInterval(String arg0) {
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
deleted file mode 100644
index d230eef26..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.config;
-
-import iaik.pki.pathvalidation.ValidationConfiguration;
-
-import java.security.cert.X509Certificate;
-import java.security.spec.AlgorithmParameterSpec;
-
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ValidationConfigurationImpl extends ObservableImpl
- implements ValidationConfiguration {
- /** The ConfigurationProvider for the validation*/
- private ConfigurationProvider conf;
-
- /**
- * Constructor
- * @param conf with the configuration
- */
- public ValidationConfigurationImpl(ConfigurationProvider conf) {
- this.conf = conf;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- String chainingMode = conf.getChainingMode(trustAnchor);
- return chainingMode;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
- */
- public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) {
- return null;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
- */
- public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) {
- return null;
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
deleted file mode 100644
index 8afba2a12..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
+++ /dev/null
@@ -1,232 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.pki;
-
-import java.security.cert.X509Certificate;
-import java.util.Collections;
-import java.util.Set;
-
-import iaik.pki.PKIProfile;
-import iaik.pki.pathvalidation.ValidationProfile;
-import iaik.pki.revocation.RevocationProfile;
-import iaik.pki.revocation.RevocationSourceTypes;
-import iaik.pki.store.truststore.TrustStoreProfile;
-import iaik.pki.store.truststore.TrustStoreTypes;
-
-import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
-
-/**
- * Implementation of the <code>PKIProfile</code> interface and subinterfaces
- * providing information needed for certificate path validation.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class PKIProfileImpl extends ObservableImpl
- implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
- /**
- * URI to the truststore
- */
- private String trustStoreURI;
-
- /**
- * revocation checking;
- */
- private boolean revocationChecking;
-
- /**
- * The trust profile identifier.
- */
- private String id;
-
-
- /**
- * Create a new <code>PKIProfileImpl</code>.
- *
- * @param trustStoreURI trust store URI
- */
- public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
- this.trustStoreURI = trustStoreURI;
- this.revocationChecking = revocationChecking;
- String id = String.valueOf(System.currentTimeMillis());
- setId("id-" + id);
- }
-
- /**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- public boolean autoAddCertificates() {
- return true;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getRevocationProfile()
- */
- public RevocationProfile getRevocationProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getTrustStoreProfile()
- */
- public TrustStoreProfile getTrustStoreProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getValidationProfile()
- */
- public ValidationProfile getValidationProfile() {
- return this;
- }
-
- /**
- * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
- */
- public boolean useAuthorityInfoAccess() {
- return true;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
- */
- public long getMaxRevocationAge(String arg0) {
- return 0;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
- */
- public String getOCSPRequestHashAlgorithm() {
- return null;
- }
-
- /**
- * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
- */
- public String[] getPreferredServiceOrder(X509Certificate arg0) {
- return new String[] {RevocationSourceTypes.CRL};
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
- */
- public String getType() {
- return TrustStoreTypes.DIRECTORY;
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
- */
- public String getURI() {
- return trustStoreURI;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
- */
- public boolean getInitialAnyPolicyInhibit() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
- */
- public boolean getInitialExplicitPolicy() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
- */
- public boolean getInitialPolicyMappingInhibit() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
- */
- public Set getInitialPolicySet() {
- return Collections.EMPTY_SET;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
- */
- public boolean getNameConstraintsProcessing() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
- */
- public boolean getPolicyProcessing() {
- return false;
- }
-
- /**
- * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
- */
- public boolean getRevocationChecking() {
- return this.revocationChecking;
- }
-
- /**
- * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
- */
- public String getId() {
- return id;
- }
- /**
- * Sets the trust profile identifier.
- * @param id The id to set.
- */
- public void setId(String id) {
- this.id = id;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
deleted file mode 100644
index 202be882e..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
+++ /dev/null
@@ -1,165 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.pki.jsse;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
-
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-/**
- * <code>TrustManager</code> implementation featuring CRL checking (inherited from
- * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class MOAIDTrustManager extends IAIKX509TrustManager {
-
- /** an x509Certificate array containing all accepted server certificates*/
- private X509Certificate[] acceptedServerCertificates;
-
- /**
- * Constructor
- * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
- * @throws GeneralSecurityException occurs on security errors
- * @throws IOException occurs on IO errors
- */
- public MOAIDTrustManager(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
-
- if (acceptedServerCertificateStoreURL != null)
- buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
- else
- acceptedServerCertificates = null;
- }
-
-
- /**
- * Initializes the LoggingContextManager logging context.
- * Fixes a bug occuring in the case MOA-SP is called by API.
- * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
- * This method must be called before a MOAIDTrustManager is constructed,
- * from every thread.
- */
- public static void initializeLoggingContext() {
- if (LoggingContextManager.getInstance().getLoggingContext() == null)
- LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext(Thread.currentThread().getName()));
- }
-
-
- /**
- * Builds an Array of accepted server certificates from an URL,
- * and stores it in <code>acceptedServerCertificates</code>.
- * @param acceptedServerCertificateStoreURL file URL pointing to the directory
- * containing accepted server X509 certificates
- * @throws GeneralSecurityException on security errors
- * @throws IOException on any IO errors
- */
- private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL)
- throws IOException, GeneralSecurityException {
-
- List<X509Certificate> certList = new ArrayList<X509Certificate>();
- URL storeURL = new URL(acceptedServerCertificateStoreURL);
- File storeDir = new File(storeURL.getFile());
- // list certificate files in directory
- File[] certFiles = storeDir.listFiles();
- for (int i = 0; i < certFiles.length; i++) {
- // for each: create an X509Certificate and store it in list
- File certFile = certFiles[i];
- FileInputStream fis = new FileInputStream(certFile.getPath());
- CertificateFactory certFact = CertificateFactory.getInstance("X.509");
- X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
- fis.close();
- certList.add(cert);
- }
- // store acceptedServerCertificates
- acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
- }
-
- /**
- * Does additional server-end-SSL-certificate checking.
- * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
- */
- public boolean isServerTrusted(X509Certificate[] certChain) {
- boolean trusted = super.isServerTrusted(certChain);
- if (! trusted || acceptedServerCertificates == null)
- return trusted;
- else {
- // check server-end-SSL-certificate with acceptedServerCertificates
- X509Certificate serverCert = certChain[0];
- for (int i = 0; i < acceptedServerCertificates.length; i++) {
- X509Certificate acceptedServerCert = acceptedServerCertificates[i];
- if (serverCert.equals(acceptedServerCert))
- return true;
- }
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
- return false;
- }
- }
- /**
- * In rare cases, this method is being called although it should not be.
- * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
- */
- public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
- {
- return true;
- }
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
deleted file mode 100644
index 16184502d..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
+++ /dev/null
@@ -1,92 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.iaik.servertools.observer;
-
-import iaik.pki.store.observer.NotificationData;
-import iaik.pki.store.observer.Observable;
-import iaik.pki.store.observer.Observer;
-
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-
-
-/**
- * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class ObservableImpl implements Observable {
- /** a List for all observers */
- private List<Observer> observers = new ArrayList<Observer>();
-
- /**
- * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
- */
- public void addObserver(Observer observer) {
- observers.add(observer);
- }
-
- /**
- * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
- */
- public boolean removeObserver(Observer observer) {
- return observers.remove(observer);
- }
-
- /**
- * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
- */
- public void notify(NotificationData data) {
- Iterator<Observer> iter = observers.iterator();
- for (iter = observers.iterator(); iter.hasNext();) {
- Observer observer = (Observer) iter.next();
- observer.notify(data);
- }
- }
-
-}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index ed3f297c7..81abe3f5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -46,11 +46,7 @@
package at.gv.egovernment.moa.id.util;
-import iaik.pki.PKIConfiguration;
import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
import iaik.security.provider.IAIK;
import java.io.BufferedInputStream;
@@ -62,26 +58,19 @@ import java.io.Reader;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
import org.apache.regexp.RE;
import org.apache.regexp.RESyntaxException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
-import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
-import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
-import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
/**
@@ -94,14 +83,7 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public class SSLUtils {
- /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
- private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
-
- /**
- * Initializes the SSLSocketFactory store.
- */
public static void initialize() {
- sslSocketFactories = new HashMap<String, SSLSocketFactory>();
// JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Security.addProvider(new IAIK());
@@ -132,61 +114,38 @@ public class SSLUtils {
ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
- Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
- // retrieve SSLSocketFactory if already created
- SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
- if (ssf != null)
- return ssf;
-
- // else create new SSLSocketFactory
- String trustStoreURL = conf.getTrustedCACertificates();
-
- if (trustStoreURL == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"TrustedCACertificates"});
- String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
-
- TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
-
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
- "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null); ssf = ctx.getSocketFactory();
- // store SSLSocketFactory
- sslSocketFactories.put(connParam.getUrl(), ssf);
- return ssf;
+ // else create new SSLSocketFactory
+ String trustStoreURL = conf.getTrustedCACertificates();
+
+ if (trustStoreURL == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {"TrustedCACertificates"});
+
+ String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+
+ //INFO: MOA-ID 2.x always use defaultChainingMode
+
+ try {
+ SSLSocketFactory ssf =
+ at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
+ connParam.getUrl(),
+ conf.getCertstoreDirectory(),
+ trustStoreURL,
+ acceptedServerCertURL,
+ AuthConfigurationProvider.getInstance().getDefaultChainingMode(),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking(),
+ connParam.getClientKeyStore(),
+ connParam.getClientKeyStorePassword(),
+ "pkcs12");
+
+ return ssf;
+
+ } catch (SSLConfigurationException e) {
+ throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE());
+
+ }
}
-
- /**
- * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
- * using configuration data.
- *
- * @param conf MOA-ID configuration provider
- * @param trustStoreURL trust store URL
- * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
- * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
- * @throws ConfigurationException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
- public static TrustManager[] getTrustManagers(
- ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(conf);
- boolean checkRevocation = conf.isTrustmanagerrevoationchecking();
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
- // This call fixes a bug occuring when PKIConfiguration is
- // initialized by the MOA-SP initialization code, in case
- // MOA-SP is called by API
- MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
- tm.init(cfg, profile);
- return new TrustManager[] {tm};
- }
/**
* Reads a file, given by URL, into a byte array,
* securing the connection by IAIKX509TrustManager.