update default list of allowed SSL ciphers

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-10-21 10:21:48 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2016-10-21 10:21:48 +0200
commit: 65cdf9b59c2d2836bdc24cca27992a1f32f7876e (patch)
tree: 09accd06f8a6e587e2175ba27a51b348349fccb9 /id/server/idserverlib
parent: 7720eee7787b2149b36ac76da1b64e416e16d07c (diff)
download: moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.tar.gz
moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.tar.bz2
moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.zip
1 files changed, 32 insertions, 18 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 11f47052e..5769d99df 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -39,8 +39,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.id.util.SSLUtils;
 import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
-import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
@@ -72,16 +72,31 @@ public class MOAIDAuthInitializer {
         MailcapCommandMap mc = new MailcapCommandMap();
         CommandMap.setDefaultCommandMap(mc);
         
+        //allowed SSL ciphers regarding to PVP SMA 1.3 document
         if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites")))        
         	System.setProperty(
         			"https.cipherSuites",
-        			"TLS_DH_anon_WITH_AES_128_CBC_SHA" +
+        					//high secure RSA bases ciphers
+							",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+							",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+							",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+        					",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+							
+        					//high secure ECC bases ciphers
+        					",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
+        					",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +
+        					",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +
+        					",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +
+        					",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +
+        					",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +
+        					",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +
+        					",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" + 
+        					
+        					//secure backup chipers
+        					",TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +
         					",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +
-        					",TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +
         					",TLS_RSA_WITH_AES_128_CBC_SHA" +
-        					",TLS_RSA_WITH_AES_256_CBC_SHA" + 
-        					",SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" +
-        					",SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+        					",TLS_RSA_WITH_AES_256_CBC_SHA"        					        					
         					);
     
 
@@ -122,17 +137,16 @@ public class MOAIDAuthInitializer {
     	//MOA-SP is only use by API calls since MOA-ID 3.0.0  
         try {
         	LoggingContextManager.getInstance().setLoggingContext(
-                      new LoggingContext("startup"));
-            ConfigurationProvider config = ConfigurationProvider
-                      .getInstance();
-            new IaikConfigurator().configure(config);
-            
-         } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
-        	Logger.error("MOA-SP initialization FAILED!", ex.getWrapped()); 
-            throw new ConfigurationException("config.10", new Object[] { ex
-                     .toString() }, ex);
-            
-         }
+                    new LoggingContext("startup"));
+        	Logger.debug("Starting MOA-SPSS initialization process ... ");
+        	Configurator.getInstance().init();        	
+        	Logger.info("MOA-SPSS initialization complete ");
+        	                       
+         } catch (MOAException e) {
+        	 Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); 
+             throw new ConfigurationException("config.10", new Object[] { e
+                      .toString() }, e);
+		}
         	        	
 				
         //IAIK.addAsProvider();
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-10-21 10:21:48 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2016-10-21 10:21:48 +0200
commit	65cdf9b59c2d2836bdc24cca27992a1f32f7876e (patch)
tree	09accd06f8a6e587e2175ba27a51b348349fccb9 /id/server/idserverlib
parent	7720eee7787b2149b36ac76da1b64e416e16d07c (diff)
download	moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.tar.gz moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.tar.bz2 moa-id-spss-65cdf9b59c2d2836bdc24cca27992a1f32f7876e.zip