update SSL certificate revocation-checking method-order if the IAIK_PKI module is used

1 files changed, 11 insertions, 23 deletions

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index 6fa4595d8..d2a099c69 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -64,7 +64,6 @@ import at.gv.egovernment.moa.util.KeyStoreUtils;
 import iaik.pki.PKIConfiguration;
 import iaik.pki.PKIException;
 import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
 //import iaik.pki.jsse.IAIKX509TrustManager;
 import iaik.security.provider.IAIK;
 
@@ -94,24 +93,7 @@ public class SSLUtils {
     
     
   }
-  
-  /**
-   * Creates an <code>SSLSocketFactory</code> which utilizes an
-   * <code>IAIKX509TrustManager</code> for the given trust store,
-   * and the given key store.
-   * 
-   * @param conf configuration provider providing a generic properties pointing 
-   *         to trusted CA store and certificate store root
-   * @param connParam connection parameter containing the client key store settings
-   *         to be used in case of client authentication; 
-   *         if <code>connParam.getClientKeyStore() == null</code>, client authentication
-   *         is assumed to be disabled
-   * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
-   * @throws IOException thrown while reading key store file
-   * @throws GeneralSecurityException thrown while creating the socket factory
-   * @throws ConfigurationException on invalid configuration data
-   * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
-   */
+
   public static SSLSocketFactory getSSLSocketFactory(
 		  String url, 
 		  String certStoreRootDirParam, 
@@ -119,9 +101,10 @@ public class SSLUtils {
 		  String acceptedServerCertURL,
 		  String chainingMode,
 		  boolean checkRevocation,
+		  String[] revocationMethodOrder,
 		  String clientKeyStoreURL,
 		  String clientKeyStorePassword,
-		  String clientKeyStoreType
+		  String clientKeyStoreType		  
 		  ) 
     throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException {
     
@@ -136,7 +119,8 @@ public class SSLUtils {
     		 chainingMode,    		 
     		 trustStoreURL, 
     		 acceptedServerCertURL,
-    		 checkRevocation);
+    		 checkRevocation,
+    		 revocationMethodOrder);
     
     KeyManager[] kms = getKeyManagers(
       clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
@@ -231,13 +215,17 @@ public class SSLUtils {
    */
   private static TrustManager[] getTrustManagers(String certStoreRootDirParam, 
 		  String chainingMode, String trustStoreURL, String acceptedServerCertURL,
-    boolean checkRevocation) 
+    boolean checkRevocation, String[] revocationMethodOrder) 
     throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
 
     PKIConfiguration cfg = null;
     if (! PKIFactory.getInstance().isAlreadyConfigured())
       cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
-    PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+    
+    PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+    
+    profile.setPreferredServiceOrder(revocationMethodOrder);
+    
     // This call fixes a bug occuring when PKIConfiguration is
     // initialized by the MOA-SP initialization code, in case
     // MOA-SP is called by API