diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-03-10 15:35:48 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-03-10 15:35:48 +0100 |
commit | 576f5ea5cfaf2ea174f198dc5df238c1ca0c331a (patch) | |
tree | fce79f2d8e76501337cc5e921838576220d64c87 /id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils | |
parent | e8773689b175e5617fe116ac0e3d9978351ac4a8 (diff) | |
download | moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.gz moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.tar.bz2 moa-id-spss-576f5ea5cfaf2ea174f198dc5df238c1ca0c331a.zip |
MOA-ID, which use MOA-Sig (includes new IAIK-MOA, with iaik_xect, iaik_eccelerate, and new iaik_PKI module
Diffstat (limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils')
7 files changed, 174 insertions, 34 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index 2ade63c1c..142e9a23a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -22,15 +22,12 @@ */ package at.gv.egovernment.moa.id.commons.utils; -import iaik.pki.PKIException; - import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.GeneralSecurityException; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import org.apache.commons.httpclient.ConnectTimeoutException; @@ -39,7 +36,7 @@ import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils; +import iaik.pki.PKIException; /** * @author tlenz @@ -62,7 +59,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory super(); try { - this.sslfactory = SSLUtils.getSSLSocketFactory( + this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( url, certStoreRootDirParam, trustStoreURL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java index 00e750f58..dcbec6bf6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java @@ -46,13 +46,17 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; +import java.io.File; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + import at.gv.egovernment.moa.logging.Logger; import iaik.pki.store.certstore.CertStoreConfiguration; import iaik.pki.store.certstore.CertStoreParameters; import iaik.pki.store.certstore.CertStoreTypes; import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; - -import java.io.File; +import iaik.pki.store.certstore.directory.VirtualCertStore; /** * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> @@ -153,4 +157,16 @@ public class CertStoreConfigurationImpl extends ObservableImpl return CertStoreTypes.DIRECTORY; } + /* (non-Javadoc) + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores() + */ + @Override + public Set getVirtualStores() { + //TODO: only for Testing and not complete !!!Ask Harald !!!! + + Map<String, VirtualCertStore> vCertStore = new HashMap<String, VirtualCertStore>(); + return vCertStore.keySet(); + + } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index eaef3f1d4..bcd38c638 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -57,9 +57,8 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.jsse.IAIKX509TrustManager; /** @@ -95,14 +94,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { * Fixes a bug occuring in the case MOA-SP is called by API. * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP. * This method must be called before a MOAIDTrustManager is constructed, - * from every thread. - */ + * from every thread. + */ public static void initializeLoggingContext() { if (LoggingContextManager.getInstance().getLoggingContext() == null) LoggingContextManager.getInstance().setLoggingContext( new LoggingContext(Thread.currentThread().getName())); } - + /** * Builds an Array of accepted server certificates from an URL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java index 5d8c7a54e..3eb4707c8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java @@ -60,6 +60,10 @@ import iaik.pki.store.revocation.archive.ArchiveConfiguration; * @version $Id$ */ public class PKIConfigurationImpl implements PKIConfiguration { + + private static final int TIMEOUT_READ = 60; //[sec] + private static final int TIMEOUT_CONNECTION = 60; //[sec] + /** The configuration for the CertStore */ private CertStoreConfiguration certStoreConfiguration; /** The configuration for the RevocationChecks */ @@ -108,11 +112,19 @@ public class PKIConfigurationImpl implements PKIConfiguration { } /* (non-Javadoc) - * @see iaik.pki.PKIConfiguration#getTimeout() + * @see iaik.pki.PKIConfiguration#getConnectTimeout() */ - public int getTimeout() { - // TODO Auto-generated method stub - return 0; +@Override +public int getConnectTimeout() { + return TIMEOUT_CONNECTION * 1000; +} + +/* (non-Javadoc) + * @see iaik.pki.PKIConfiguration#getReadTimeout() + */ +@Override +public int getReadTimeout() { + return TIMEOUT_READ * 1000; } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java index 59994a257..a34fa9b8b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java @@ -96,13 +96,6 @@ public class PKIProfileImpl extends ObservableImpl } /** - * @see iaik.pki.PKIProfile#autoAddCertificates() - */ - public boolean autoAddCertificates() { - return true; - } - - /** * @see iaik.pki.PKIProfile#getRevocationProfile() */ public RevocationProfile getRevocationProfile() { @@ -227,4 +220,22 @@ public class PKIProfileImpl extends ObservableImpl public void setId(String id) { this.id = id; } + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ +@Override +public int autoAddCertificates() { + //TODO: ask harald!!!!! + return 1; +} + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile() + */ +@Override +public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { + //TODO: ask harald!!!!! + return null; +} } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java index b5e0543db..40d081ea4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java @@ -46,13 +46,16 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.revocation.RevocationConfiguration; - import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Date; +import java.util.HashMap; +import java.util.Map; import java.util.Set; +import iaik.pki.revocation.RevocationConfiguration; +import iaik.pki.revocation.dbcrl.config.DBCrlConfig; + /** * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> * @author Paul Ivancsics @@ -81,4 +84,41 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc return null; } +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo() + */ +@Override +public boolean getKeepRevocationInfo() { + return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders() + */ +@Override +public Set getPositiveOCSPResponders() { + + //TODO: !!!!! ASK Harald !!!!! + Map<String, String> test = new HashMap<String, String>(); + test.put("ALL", "ALL"); + return test.keySet(); +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints() + */ +@Override +public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() { + //TODO: !!!!! ASK Harald !!!!! + return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig() + */ +@Override +public DBCrlConfig getDataBaseCRLConfig() { + return null; +} + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index 68437a04d..503e0bfc4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -46,25 +46,28 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.PKIConfiguration; -import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; -import iaik.pki.jsse.IAIKX509TrustManager; -import iaik.security.provider.IAIK; - import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.KeyStore; import java.security.Security; import java.util.HashMap; import java.util.Map; import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIProfile; +import iaik.pki.jsse.IAIKX509TrustManager; +//import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; /** @@ -136,7 +139,7 @@ public class SSLUtils { acceptedServerCertURL, checkRevocation); - KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( + KeyManager[] kms = getKeyManagers( clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(kms, tms, null); @@ -154,6 +157,68 @@ public class SSLUtils { } /** + * Loads the client key store from file and gets the + * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, + * initialized from the given client key store. + * @param clientKeyStoreType key store type of <code>clientKeyStore</code> + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if <code>null</code>, the default key store will be utilized + * @param clientKeyStorePassword password used to check the integrity of the client key store; + * if <code>null</code>, it will not be checked + * @return <code>KeyManager</code>s to be used for creating an + * <code>SSLSocketFactory</code> utilizing the given client key store + * @throws IOException thrown while reading from the key store file + * @throws GeneralSecurityException thrown while initializing the + * default <code>KeyManagerFactory</code> + */ + public static KeyManager[] getKeyManagers ( + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + if (clientKeyStoreURL == null) + return null; + + // Set up the KeyStore to use. We need to load the file into + // a KeyStore instance. + KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( + clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + return getKeyManagers(clientKeyStore, clientKeyStorePassword); + } + /** + * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, + * initialized from the given client key store. + * @param clientKeyStore client key store + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return <code>KeyManager</code>s to be used for creating an + * <code>SSLSocketFactory</code> utilizing the given client key store + * @throws GeneralSecurityException thrown while initializing the + * default <code>KeyManagerFactory</code> + */ + public static KeyManager[] getKeyManagers ( + KeyStore clientKeyStore, + String clientKeyStorePassword) + throws GeneralSecurityException { + + if (clientKeyStore == null) + return null; + + // Now we initialize the default KeyManagerFactory with this KeyStore + String alg=KeyManagerFactory.getDefaultAlgorithm(); + KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); + char[] password = null; + if (clientKeyStorePassword != null) + password = clientKeyStorePassword.toCharArray(); + kmFact.init(clientKeyStore, password); + + // And now get the KeyManagers + KeyManager[] kms=kmFact.getKeyManagers(); + return kms; + } + + /** * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, * using configuration data. * |