aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-03-10 15:35:48 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-03-10 15:35:48 +0100
commit576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (patch)
treefce79f2d8e76501337cc5e921838576220d64c87 /id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils
parente8773689b175e5617fe116ac0e3d9978351ac4a8 (diff)
downloadmoa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.gz
moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.bz2
moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.zip
MOA-ID, which use MOA-Sig (includes new IAIK-MOA, with iaik_xect, iaik_eccelerate, and new iaik_PKI module
Diffstat (limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java7
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java20
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java11
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java20
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java25
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java81
7 files changed, 174 insertions, 34 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 2ade63c1c..142e9a23a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -22,15 +22,12 @@
*/
package at.gv.egovernment.moa.id.commons.utils;
-import iaik.pki.PKIException;
-
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
@@ -39,7 +36,7 @@ import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+import iaik.pki.PKIException;
/**
* @author tlenz
@@ -62,7 +59,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
super();
try {
- this.sslfactory = SSLUtils.getSSLSocketFactory(
+ this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
url,
certStoreRootDirParam,
trustStoreURL,
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
index 00e750f58..dcbec6bf6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
@@ -46,13 +46,17 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
+import java.io.File;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
import at.gv.egovernment.moa.logging.Logger;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.CertStoreTypes;
import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-
-import java.io.File;
+import iaik.pki.store.certstore.directory.VirtualCertStore;
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
@@ -153,4 +157,16 @@ public class CertStoreConfigurationImpl extends ObservableImpl
return CertStoreTypes.DIRECTORY;
}
+ /* (non-Javadoc)
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores()
+ */
+ @Override
+ public Set getVirtualStores() {
+ //TODO: only for Testing and not complete !!!Ask Harald !!!!
+
+ Map<String, VirtualCertStore> vCertStore = new HashMap<String, VirtualCertStore>();
+ return vCertStore.keySet();
+
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index eaef3f1d4..bcd38c638 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -57,9 +57,8 @@ import java.util.ArrayList;
import java.util.List;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.pki.jsse.IAIKX509TrustManager;
/**
@@ -95,14 +94,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
* Fixes a bug occuring in the case MOA-SP is called by API.
* In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
* This method must be called before a MOAIDTrustManager is constructed,
- * from every thread.
- */
+ * from every thread.
+ */
public static void initializeLoggingContext() {
if (LoggingContextManager.getInstance().getLoggingContext() == null)
LoggingContextManager.getInstance().setLoggingContext(
new LoggingContext(Thread.currentThread().getName()));
}
-
+
/**
* Builds an Array of accepted server certificates from an URL,
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
index 5d8c7a54e..3eb4707c8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
@@ -60,6 +60,10 @@ import iaik.pki.store.revocation.archive.ArchiveConfiguration;
* @version $Id$
*/
public class PKIConfigurationImpl implements PKIConfiguration {
+
+ private static final int TIMEOUT_READ = 60; //[sec]
+ private static final int TIMEOUT_CONNECTION = 60; //[sec]
+
/** The configuration for the CertStore */
private CertStoreConfiguration certStoreConfiguration;
/** The configuration for the RevocationChecks */
@@ -108,11 +112,19 @@ public class PKIConfigurationImpl implements PKIConfiguration {
}
/* (non-Javadoc)
- * @see iaik.pki.PKIConfiguration#getTimeout()
+ * @see iaik.pki.PKIConfiguration#getConnectTimeout()
*/
- public int getTimeout() {
- // TODO Auto-generated method stub
- return 0;
+@Override
+public int getConnectTimeout() {
+ return TIMEOUT_CONNECTION * 1000;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIConfiguration#getReadTimeout()
+ */
+@Override
+public int getReadTimeout() {
+ return TIMEOUT_READ * 1000;
}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 59994a257..a34fa9b8b 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -96,13 +96,6 @@ public class PKIProfileImpl extends ObservableImpl
}
/**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- public boolean autoAddCertificates() {
- return true;
- }
-
- /**
* @see iaik.pki.PKIProfile#getRevocationProfile()
*/
public RevocationProfile getRevocationProfile() {
@@ -227,4 +220,22 @@ public class PKIProfileImpl extends ObservableImpl
public void setId(String id) {
this.id = id;
}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#autoAddCertificates()
+ */
+@Override
+public int autoAddCertificates() {
+ //TODO: ask harald!!!!!
+ return 1;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile()
+ */
+@Override
+public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
+ //TODO: ask harald!!!!!
+ return null;
+}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
index b5e0543db..40d081ea4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
@@ -46,13 +46,16 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.revocation.RevocationConfiguration;
-
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
import java.util.Set;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
+
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
* @author Paul Ivancsics
@@ -81,4 +84,41 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc
return null;
}
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo()
+ */
+@Override
+public boolean getKeepRevocationInfo() {
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders()
+ */
+@Override
+public Set getPositiveOCSPResponders() {
+
+ //TODO: !!!!! ASK Harald !!!!!
+ Map<String, String> test = new HashMap<String, String>();
+ test.put("ALL", "ALL");
+ return test.keySet();
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints()
+ */
+@Override
+public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
+ //TODO: !!!!! ASK Harald !!!!!
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig()
+ */
+@Override
+public DBCrlConfig getDataBaseCRLConfig() {
+ return null;
+}
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index 68437a04d..503e0bfc4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -46,25 +46,28 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
-import iaik.security.provider.IAIK;
-
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.KeyStore;
import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+import iaik.pki.jsse.IAIKX509TrustManager;
+//import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
/**
@@ -136,7 +139,7 @@ public class SSLUtils {
acceptedServerCertURL,
checkRevocation);
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+ KeyManager[] kms = getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kms, tms, null);
@@ -154,6 +157,68 @@ public class SSLUtils {
}
/**
+ * Loads the client key store from file and gets the
+ * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+ * @param clientKeyStoreURL URL of key store containing keys to be used for
+ * client authentication; if <code>null</code>, the default key store will be utilized
+ * @param clientKeyStorePassword password used to check the integrity of the client key store;
+ * if <code>null</code>, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws IOException thrown while reading from the key store file
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ String clientKeyStoreType,
+ String clientKeyStoreURL,
+ String clientKeyStorePassword)
+ throws IOException, GeneralSecurityException {
+
+ if (clientKeyStoreURL == null)
+ return null;
+
+ // Set up the KeyStore to use. We need to load the file into
+ // a KeyStore instance.
+ KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
+ clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+ return getKeyManagers(clientKeyStore, clientKeyStorePassword);
+ }
+ /**
+ * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStore client key store
+ * @param clientKeyStorePassword if provided, it will be used to check
+ * the integrity of the client key store; if omitted, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ KeyStore clientKeyStore,
+ String clientKeyStorePassword)
+ throws GeneralSecurityException {
+
+ if (clientKeyStore == null)
+ return null;
+
+ // Now we initialize the default KeyManagerFactory with this KeyStore
+ String alg=KeyManagerFactory.getDefaultAlgorithm();
+ KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
+ char[] password = null;
+ if (clientKeyStorePassword != null)
+ password = clientKeyStorePassword.toCharArray();
+ kmFact.init(clientKeyStore, password);
+
+ // And now get the KeyManagers
+ KeyManager[] kms=kmFact.getKeyManagers();
+ return kms;
+ }
+
+ /**
* Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
* using configuration data.
*
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-11 13:01:31 +0000