Merge branch 'eIDAS_node_implementation' of gitlab.iaik.tugraz.at:egiz/moa-idspss into eIDAS_node_implementation

2 files changed, 131 insertions, 103 deletions

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
index 4e8c7dffd..32dd97148 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
@@ -1,103 +1,103 @@
-package at.gv.egovernment.moa.id.commons.config;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-
-import javax.xml.bind.JAXBException;
-
-import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI;
-import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams;
-
-/**
- * CLI tool which is able to perform the following tasks:
- * <ul>
- * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file
- * </li>
- * <li>read a property file and transfer it's content to a database</li>
- * <li>write the content of a database to a property file</li>
- * </ul>
- */
-public class MigrateConfiguration {
-
-	public static void main(String[] args) {
-
-		MOAIDConfCLI cli = new MOAIDConfCLI();
-		MigrateConfigurationParams parsedParameters = cli.parse(args);
-
-		// consider settings of force switch
-		boolean isOverwriteData = parsedParameters.isOverwriteData();
-		ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData);
-
-		if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) {
-			// read input from file
-			workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil);
-
-		} else if (parsedParameters.getInputDBConfig() != null) {
-			// read input from database
-			workWithImputFromDB(parsedParameters, configUtil);
-
-		} else {
-			System.exit(1);
-		}
-	}
-
-	/**
-	 * Handle the case where input from a file is read.
-	 * 
-	 * @param inputFileUrl
-	 *            the url of the input file.
-	 * @param parsedParameters
-	 *            the command line parameters.
-	 * @param configUtil
-	 *            the class for working with the configuration.
-	 */
-	private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters,
-			ConfigurationUtil configUtil) {
-		File inFile = new File(inputFileUrl);
-		try (FileInputStream inStream = new FileInputStream(inFile);) {
-
-			if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
-				// input from file and output to a file is desired
-				File outFile = new File(parsedParameters.getOutputFile());
-				configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile);
-
-			} else if (parsedParameters.getOutputDBConfig() != null) {
-				// input from file and output to a database is desired
-				configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig());
-			}
-		} catch (JAXBException e) {
-			System.out.println("MOA-ID XML configuration can not be loaded from given file.");
-			System.exit(1);
-		} catch (FileNotFoundException e) {
-			System.out.println("Could not find the input file.");
-			System.exit(1);
-		} catch (IOException e) {
-			System.out.println("Could not read from the input file.");
-			System.exit(1);
-		}
-	}
-
-	/**
-	 * Handle the case where input is read from a database.
-	 * 
-	 * @param parsedParameters
-	 *            the command line parameters.
-	 * @param configUtil
-	 *            the class for working with the configuration.
-	 */
-	private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) {
-		if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
-			// input from database and output to a file is desired
-			File outFile = new File(parsedParameters.getOutputFile());
-			String inputDBConfigFilePath = parsedParameters.getInputDBConfig();
-			configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile);
-
-		} else if (parsedParameters.getOutputDBConfig() != null) {
-			// input from database and output to a database is desired
-			// configUtil.readFromDBWriteToDB(inDBConfigFilePath,
-			// outDBConfigFilePath);
-		}
-	}
-}
\ No newline at end of file
+//package at.gv.egovernment.moa.id.commons.config;
+//
+//import java.io.File;
+//import java.io.FileInputStream;
+//import java.io.FileNotFoundException;
+//import java.io.IOException;
+//
+//import javax.xml.bind.JAXBException;
+//
+//import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI;
+//import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams;
+//
+///**
+// * CLI tool which is able to perform the following tasks:
+// * <ul>
+// * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file
+// * </li>
+// * <li>read a property file and transfer it's content to a database</li>
+// * <li>write the content of a database to a property file</li>
+// * </ul>
+// */
+//public class MigrateConfiguration {
+//
+//	public static void main(String[] args) {
+//
+//		MOAIDConfCLI cli = new MOAIDConfCLI();
+//		MigrateConfigurationParams parsedParameters = cli.parse(args);
+//
+//		// consider settings of force switch
+//		boolean isOverwriteData = parsedParameters.isOverwriteData();
+//		ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData);
+//
+//		if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) {
+//			// read input from file
+//			workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil);
+//
+//		} else if (parsedParameters.getInputDBConfig() != null) {
+//			// read input from database
+//			workWithImputFromDB(parsedParameters, configUtil);
+//
+//		} else {
+//			System.exit(1);
+//		}
+//	}
+//
+//	/**
+//	 * Handle the case where input from a file is read.
+//	 * 
+//	 * @param inputFileUrl
+//	 *            the url of the input file.
+//	 * @param parsedParameters
+//	 *            the command line parameters.
+//	 * @param configUtil
+//	 *            the class for working with the configuration.
+//	 */
+//	private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters,
+//			ConfigurationUtil configUtil) {
+//		File inFile = new File(inputFileUrl);
+//		try (FileInputStream inStream = new FileInputStream(inFile);) {
+//
+//			if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
+//				// input from file and output to a file is desired
+//				File outFile = new File(parsedParameters.getOutputFile());
+//				configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile);
+//
+//			} else if (parsedParameters.getOutputDBConfig() != null) {
+//				// input from file and output to a database is desired
+//				configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig());
+//			}
+//		} catch (JAXBException e) {
+//			System.out.println("MOA-ID XML configuration can not be loaded from given file.");
+//			System.exit(1);
+//		} catch (FileNotFoundException e) {
+//			System.out.println("Could not find the input file.");
+//			System.exit(1);
+//		} catch (IOException e) {
+//			System.out.println("Could not read from the input file.");
+//			System.exit(1);
+//		}
+//	}
+//
+//	/**
+//	 * Handle the case where input is read from a database.
+//	 * 
+//	 * @param parsedParameters
+//	 *            the command line parameters.
+//	 * @param configUtil
+//	 *            the class for working with the configuration.
+//	 */
+//	private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) {
+//		if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
+//			// input from database and output to a file is desired
+//			File outFile = new File(parsedParameters.getOutputFile());
+//			String inputDBConfigFilePath = parsedParameters.getInputDBConfig();
+//			configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile);
+//
+//		} else if (parsedParameters.getOutputDBConfig() != null) {
+//			// input from database and output to a database is desired
+//			// configUtil.readFromDBWriteToDB(inDBConfigFilePath,
+//			// outDBConfigFilePath);
+//		}
+//	}
+//}
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 0479b1bc1..bdadf681d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -34,6 +34,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
@@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
 import iaik.pki.PKIException;
+import sun.security.ssl.ProtocolVersion;
 
 /**
  * @author tlenz
@@ -188,6 +190,19 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 		if (socket instanceof SSLSocket) {
 			SSLSocket sslSocket = (SSLSocket)socket;
 			
+/*TODO			
+*			Set allowed ProtocolVersions into SSLSocket to support TLSv1.1 and TLSv1.2 in JAVA 7
+*			Therefore, we had do manually set the TLS1.2 protocol support into SSLParameters 
+*			from SSL socket. Maybe, there is an additional validation required if TLSv1.2 is
+*			supported in principle by currently used JAVA version.
+*/
+//			SSLParameters test = ((SSLSocket) socket).getSSLParameters();
+//			List<String> enabledProtocols = Arrays.asList(test.getProtocols());
+//			if (enabledProtocols.contains(ProtocolVersion.TLS11.name)) {
+//				
+//			}
+//			sslSocket.setSSLParameters(test);
+			
 			//verify Hostname
 			verifyHostName(sslSocket);
 				
@@ -208,7 +223,14 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 	 */
 	private void verifyHostName(SSLSocket sslSocket) throws SSLException{
 		if (verifyHostName) {
+			
 			SSLSession session = sslSocket.getSession();
+			if ("SSL_NULL_WITH_NULL_NULL".equals(session.getCipherSuite())) {
+				Logger.warn("SSL connection can NOT established.");
+				throw new SSLException("SSL connection can NOT established.");
+				
+			}
+			
 			String hostName = session.getPeerHost();
 			Certificate[] certs = null;
 			
@@ -254,6 +276,12 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 	 * @return {@link SSLSocket} with Ciphersuites
 	 */
 	private SSLSocket setEnabledSslCiphers(SSLSocket sslSocket) {
+		/*TODO:
+		 * This implementation currently not work fine, because not all ciphers from 
+		 * 'https.cipherSuites' SystemProperty had to be supported by current JAVA version
+		 * Add an validation step to check the allowed cipherSuites against the currently
+		 * supported cipher suites and only add the matching set of ciphers
+		 */
 		String systemProp = System.getProperty("https.cipherSuites");		
 		if (MiscUtil.isNotEmpty(systemProp)) {
 			try {