MOA-ID, which use MOA-Sig (includes new IAIK-MOA, with iaik_xect, iaik_eccelerate, and new iaik_PKI module

1 files changed, 73 insertions, 8 deletions

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index 68437a04d..503e0bfc4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -46,25 +46,28 @@
 
 package at.gv.egovernment.moa.id.commons.utils.ssl;
 
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
-import iaik.security.provider.IAIK;
-
 import java.io.IOException;
 import java.security.GeneralSecurityException;
+import java.security.KeyStore;
 import java.security.Security;
 import java.util.HashMap;
 import java.util.Map;
 
 import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+import iaik.pki.jsse.IAIKX509TrustManager;
+//import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
 
 
 /**
@@ -136,7 +139,7 @@ public class SSLUtils {
     		 acceptedServerCertURL,
     		 checkRevocation);
     
-    KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+    KeyManager[] kms = getKeyManagers(
       clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
     SSLContext ctx = SSLContext.getInstance("TLS");
     ctx.init(kms, tms, null);    
@@ -154,6 +157,68 @@ public class SSLUtils {
   }
   
   /**
+   * Loads the client key store from file and gets the 
+   * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+	 * initialized from the given client key store.
+   * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+   * @param clientKeyStoreURL URL of key store containing keys to be used for
+   * 				 client authentication; if <code>null</code>, the default key store will be utilized
+   * @param clientKeyStorePassword password used to check the integrity of the client key store; 
+   * 				 if <code>null</code>, it will not be checked
+	 * @return <code>KeyManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store
+   * @throws IOException thrown while reading from the key store file
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>KeyManagerFactory</code>
+   */
+  public static KeyManager[] getKeyManagers (
+		String clientKeyStoreType,
+		String clientKeyStoreURL,
+  	String clientKeyStorePassword)
+	  throws IOException, GeneralSecurityException {
+  
+  	if (clientKeyStoreURL == null)
+  		return null;
+  		
+	  // Set up the KeyStore to use. We need to load the file into
+	  // a KeyStore instance.
+	  KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
+	  	clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+		return getKeyManagers(clientKeyStore, clientKeyStorePassword);
+	}  
+  /**
+   * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+	 * initialized from the given client key store.
+   * @param clientKeyStore client key store
+   * @param clientKeyStorePassword if provided, it will be used to check 
+   * 				 the integrity of the client key store; if omitted, it will not be checked
+	 * @return <code>KeyManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>KeyManagerFactory</code>
+   */
+	public static KeyManager[] getKeyManagers (
+		KeyStore clientKeyStore,
+  	String clientKeyStorePassword)
+	  throws GeneralSecurityException {
+  
+  	if (clientKeyStore == null)
+  		return null;
+  		
+	  // Now we initialize the default KeyManagerFactory with this KeyStore
+	  String alg=KeyManagerFactory.getDefaultAlgorithm();
+	  KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
+  	char[] password = null;
+  	if (clientKeyStorePassword != null)
+  		password = clientKeyStorePassword.toCharArray();
+	  kmFact.init(clientKeyStore, password);
+	
+	  // And now get the KeyManagers
+	  KeyManager[] kms=kmFact.getKeyManagers();
+	  return kms;
+	}  
+  
+  /**
    * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
    * using configuration data.
    *