* check if SSL-Session is already established

 * Add two comments regarding TLSv1.2 support in JAVA 7 and restiction of allowed SSL ciphers

1 files changed, 28 insertions, 0 deletions

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 0479b1bc1..bdadf681d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -34,6 +34,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
@@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
 import iaik.pki.PKIException;
+import sun.security.ssl.ProtocolVersion;
 
 /**
  * @author tlenz
@@ -188,6 +190,19 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 		if (socket instanceof SSLSocket) {
 			SSLSocket sslSocket = (SSLSocket)socket;
 			
+/*TODO			
+*			Set allowed ProtocolVersions into SSLSocket to support TLSv1.1 and TLSv1.2 in JAVA 7
+*			Therefore, we had do manually set the TLS1.2 protocol support into SSLParameters 
+*			from SSL socket. Maybe, there is an additional validation required if TLSv1.2 is
+*			supported in principle by currently used JAVA version.
+*/
+//			SSLParameters test = ((SSLSocket) socket).getSSLParameters();
+//			List<String> enabledProtocols = Arrays.asList(test.getProtocols());
+//			if (enabledProtocols.contains(ProtocolVersion.TLS11.name)) {
+//				
+//			}
+//			sslSocket.setSSLParameters(test);
+			
 			//verify Hostname
 			verifyHostName(sslSocket);
 				
@@ -208,7 +223,14 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 	 */
 	private void verifyHostName(SSLSocket sslSocket) throws SSLException{
 		if (verifyHostName) {
+			
 			SSLSession session = sslSocket.getSession();
+			if ("SSL_NULL_WITH_NULL_NULL".equals(session.getCipherSuite())) {
+				Logger.warn("SSL connection can NOT established.");
+				throw new SSLException("SSL connection can NOT established.");
+				
+			}
+			
 			String hostName = session.getPeerHost();
 			Certificate[] certs = null;
 			
@@ -254,6 +276,12 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 	 * @return {@link SSLSocket} with Ciphersuites
 	 */
 	private SSLSocket setEnabledSslCiphers(SSLSocket sslSocket) {
+		/*TODO:
+		 * This implementation currently not work fine, because not all ciphers from 
+		 * 'https.cipherSuites' SystemProperty had to be supported by current JAVA version
+		 * Add an validation step to check the allowed cipherSuites against the currently
+		 * supported cipher suites and only add the matching set of ciphers
+		 */
 		String systemProp = System.getProperty("https.cipherSuites");		
 		if (MiscUtil.isNotEmpty(systemProp)) {
 			try {