remove MOA-ID specific certStore directory.

From now, MOA-ID always use the MOA-SPSS certStore directory for chain building

3 files changed, 64 insertions, 47 deletions

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index 969de3ce6..9fc6f799d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -59,12 +59,6 @@ import java.util.List;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
-import iaik.logging.TransactionId;
-import iaik.logging.impl.TransactionIdImpl;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
 import iaik.pki.jsse.IAIKX509TrustManager;
 
 
@@ -168,35 +162,35 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
     return true;
   }
   
-  public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException  {
-	  if (pkiProfile == null) {
-		  throw new NullPointerException("pkiConfig parameter must not be null");
-		  
-	  }
-	  	  
-	  TransactionId tid = new TransactionIdImpl("Init");
-	  log_.info(tid, "Setting up IAIKX509TrustManager", null);
-	  if (pkiConfig != null) {
-		  PKIFactory.getInstance().configure(pkiConfig, tid);
-//		  log_.info(tid, "Registering LDAP protocol handler", null);
-//		  String protocolHandlers = 
-//				  System.getProperty("java.protocol.handler.pkgs");
-//		  if (protocolHandlers == null) {
-//			  protocolHandlers = "iaik.pki";
-//			  
-//		  } else {
-//			  protocolHandlers = protocolHandlers + "|iaik.pki";
-//			  
-//		  }
-//      
-//		  System.setProperty("java.protocol.handler.pkgs", protocolHandlers);
-//		  log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null);
-
-	  }
-	  
-	  pkiProfile_ = pkiProfile;
-	  pkiFactory_ = PKIFactory.getInstance();
-	  initialized_ = true;
-  }
+//  public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException  {
+//	  if (pkiProfile == null) {
+//		  throw new NullPointerException("pkiConfig parameter must not be null");
+//		  
+//	  }
+//	  	  
+//	  TransactionId tid = new TransactionIdImpl("Init");
+//	  log_.info(tid, "Setting up IAIKX509TrustManager", null);
+//	  if (pkiConfig != null) {
+//		  PKIFactory.getInstance().configure(pkiConfig, tid);
+////		  log_.info(tid, "Registering LDAP protocol handler", null);
+////		  String protocolHandlers = 
+////				  System.getProperty("java.protocol.handler.pkgs");
+////		  if (protocolHandlers == null) {
+////			  protocolHandlers = "iaik.pki";
+////			  
+////		  } else {
+////			  protocolHandlers = protocolHandlers + "|iaik.pki";
+////			  
+////		  }
+////      
+////		  System.setProperty("java.protocol.handler.pkgs", protocolHandlers);
+////		  log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null);
+//
+//	  }
+//	  
+//	  pkiProfile_ = pkiProfile;
+//	  pkiFactory_ = PKIFactory.getInstance();
+//	  initialized_ = true;
+//  }
   
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 9b692c090..1c8b6e18d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -46,10 +46,12 @@
 
 package at.gv.egovernment.moa.id.commons.utils.ssl;
 
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 import java.util.Set;
 
+import iaik.asn1.structures.AlgorithmID;
 import iaik.pki.PKIProfile;
 import iaik.pki.pathvalidation.ValidationProfile;
 import iaik.pki.revocation.RevocationProfile;
@@ -66,7 +68,7 @@ import iaik.pki.store.truststore.TrustStoreTypes;
  */
 public class PKIProfileImpl extends ObservableImpl
   implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
+	
   /**
    * URI to the truststore
    */
@@ -79,6 +81,7 @@ public class PKIProfileImpl extends ObservableImpl
   
 	
 	private String[] revocationCheckMethode = new String[] {RevocationSourceTypes.CRL};
+	protected String ocspRequestHashAlgorithm_ = null;
 	
   /**
    * The trust profile identifier. 
@@ -130,16 +133,32 @@ public class PKIProfileImpl extends ObservableImpl
    * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
    */
   public long getMaxRevocationAge(String arg0) {
-    return 0;
+    return 0L;
   }
 
   /**
    * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
    */
   public String getOCSPRequestHashAlgorithm() {
-    return null;
+	  if (ocspRequestHashAlgorithm_ == null) {
+	      try
+	      {
+	        ocspRequestHashAlgorithm_ = AlgorithmID.sha1.getImplementationName();
+	      }
+	      catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {}
+	    }
+	    return ocspRequestHashAlgorithm_;
   }
 
+  public void setOCSPRequestHashAlgorithm(AlgorithmID paramAlgorithmID)
+		    throws NoSuchAlgorithmException
+		  {
+		    if (paramAlgorithmID == null) {
+		      throw new NullPointerException("Algorithm must not be null.");
+		    }
+		    ocspRequestHashAlgorithm_ = paramAlgorithmID.getImplementationName();
+		  }
+  
   /**
    * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
    */
@@ -233,8 +252,8 @@ public class PKIProfileImpl extends ObservableImpl
  */
 @Override
 public int autoAddCertificates() {
-	//TODO: ask harald!!!!!
 	return 1;
+	
 }
 
 /* (non-Javadoc)
@@ -242,7 +261,7 @@ public int autoAddCertificates() {
  */
 @Override
 public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
-	//TODO: ask harald!!!!!
 	return null;
+	
 }
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index d2a099c69..4ecda435d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -61,7 +61,7 @@ import javax.net.ssl.TrustManager;
 
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.KeyStoreUtils;
-import iaik.pki.PKIConfiguration;
+import iaik.pki.DefaultPKIConfiguration;
 import iaik.pki.PKIException;
 import iaik.pki.PKIFactory;
 //import iaik.pki.jsse.IAIKX509TrustManager;
@@ -218,12 +218,16 @@ public class SSLUtils {
     boolean checkRevocation, String[] revocationMethodOrder) 
     throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
 
-    PKIConfiguration cfg = null;
-    if (! PKIFactory.getInstance().isAlreadyConfigured())
-      cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
-    
-    PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+	DefaultPKIConfiguration cfg = null;
+    if (! PKIFactory.getInstance().isAlreadyConfigured()) {
+    	CertStoreConfigurationImpl certStoreConf = new CertStoreConfigurationImpl(certStoreRootDirParam);
+    	cfg = new DefaultPKIConfiguration(certStoreConf.getParameters());
+    	cfg.setChainingMode(chainingMode);
+    	Logger.info("Set-up PKI module configuration ... ");
+    	
+    }
     
+    PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation);    
     profile.setPreferredServiceOrder(revocationMethodOrder);
     
     // This call fixes a bug occuring when PKIConfiguration is