update MOAIDTrustManager to implement a better error handling for acceptedServerCertificates

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-10-10 06:34:29 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2017-10-10 06:34:29 +0200
commit: 07427ae095618c054f38a519aa49f527bd968294 (patch)
tree: 121980d80ec773d14a73f9862df154a8652b7972 /id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils
parent: 352c4f2de3503dfc7f8528b846ebaa62a7f439f1 (diff)
download: moa-id-spss-07427ae095618c054f38a519aa49f527bd968294.tar.gz
moa-id-spss-07427ae095618c054f38a519aa49f527bd968294.tar.bz2
moa-id-spss-07427ae095618c054f38a519aa49f527bd968294.zip
1 files changed, 43 insertions, 12 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index 9fc6f799d..beb6cc1c6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -57,6 +57,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 import iaik.pki.jsse.IAIKX509TrustManager;
@@ -72,16 +73,17 @@ import iaik.pki.jsse.IAIKX509TrustManager;
 public class MOAIDTrustManager extends IAIKX509TrustManager {
   
   /** an x509Certificate array containing all accepted server certificates*/
-  private X509Certificate[] acceptedServerCertificates;
+  private X509Certificate[] acceptedServerCertificates = null;
 
   /**
    * Constructor
    * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
    * @throws GeneralSecurityException occurs on security errors
    * @throws IOException occurs on IO errors
+ * @throws SSLConfigurationException 
    */
   public MOAIDTrustManager(String acceptedServerCertificateStoreURL) 
-    throws IOException, GeneralSecurityException {
+    throws IOException, GeneralSecurityException, SSLConfigurationException {
     
     if (acceptedServerCertificateStoreURL != null)
       buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
@@ -111,26 +113,55 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
    *         containing accepted server X509 certificates
    * @throws GeneralSecurityException on security errors
    * @throws IOException on any IO errors
+ * @throws SSLConfigurationException 
    */
   private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) 
-    throws IOException, GeneralSecurityException {
-
+    throws IOException, GeneralSecurityException, SSLConfigurationException {	  
     List<X509Certificate> certList = new ArrayList<X509Certificate>();
     URL storeURL = new URL(acceptedServerCertificateStoreURL);
     File storeDir = new File(storeURL.getFile());
     // list certificate files in directory
-    File[] certFiles = storeDir.listFiles(); 
+    File[] certFiles = storeDir.listFiles();
     for (int i = 0; i < certFiles.length; i++) {
-      // for each: create an X509Certificate and store it in list
-      File certFile = certFiles[i];
-      FileInputStream fis = new FileInputStream(certFile.getPath());
-      CertificateFactory certFact = CertificateFactory.getInstance("X.509");
-      X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
-      fis.close();
-      certList.add(cert);
+    	// for each: create an X509Certificate and store it in list
+    	File certFile = certFiles[i];
+    	FileInputStream fis = null;
+    	try {
+    		fis = new FileInputStream(certFile.getPath());
+    		CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+    		X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
+    		certList.add(cert);
+    		
+    	} catch (Exception e) {
+    	   	Logger.error("Can NOT initialize SSLTrustManager. Certificate: " + certFile.getPath() 
+    	   		+ " is not loadable, Reason: " + e.getMessage());
+    	   	
+    	   	if (Logger.isDebugEnabled()) {
+    	   		try {
+    	   			if (fis != null)
+    	   				Logger.debug("Certificate: " + Base64Utils.encode(fis));
+    	   			
+    	   		} catch (Exception e1) {
+    	   			Logger.warn("Can NOT log content of certificate: " + certFile.getPath() 
+    	   				+ ". Reason: " + e.getMessage(), e);
+    	   			
+    	   		}
+    	   	}
+    	   	
+    	    throw new SSLConfigurationException("", new Object[]{certFile.getPath(), e.getMessage()}, e);
+    	    
+    	} finally {
+			if (fis != null)
+				fis.close();
+			
+		}
     }
+    
     // store acceptedServerCertificates
     acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
+    Logger.debug("Add #" + acceptedServerCertificates.length 
+    		+ " certificates as 'AcceptedServerCertificates' from: " + acceptedServerCertificateStoreURL );
+    	    
   }
 
   /**
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-10-10 06:34:29 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2017-10-10 06:34:29 +0200
commit	07427ae095618c054f38a519aa49f527bd968294 (patch)
tree	121980d80ec773d14a73f9862df154a8652b7972 /id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils
parent	352c4f2de3503dfc7f8528b846ebaa62a7f439f1 (diff)
download	moa-id-spss-07427ae095618c054f38a519aa49f527bd968294.tar.gz moa-id-spss-07427ae095618c054f38a519aa49f527bd968294.tar.bz2 moa-id-spss-07427ae095618c054f38a519aa49f527bd968294.zip