move SSLSocketFactory to moa-id-commons

9 files changed, 1190 insertions, 0 deletions

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
new file mode 100644
index 000000000..00e750f58
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
@@ -0,0 +1,156 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import at.gv.egovernment.moa.logging.Logger;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.CertStoreTypes;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+
+import java.io.File;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CertStoreConfigurationImpl extends ObservableImpl
+        implements CertStoreConfiguration, DirectoryCertStoreParameters {
+    /**
+     * identifies the rootDirectory
+     */
+    private String rootDirectory;
+
+    /**
+     * Array for storing all CertStoreParameters
+     */
+    private CertStoreParameters[] parameters;
+
+    /**
+     * Create a new <code>CertStoreConfigurationImpl</code>.
+     *
+     * @param conf The MOA configuration from which the configuration data is
+     * @throws ConfigurationException an any config-error
+     *                                being read.
+     */
+    public CertStoreConfigurationImpl(String certStoreRootDirParam) throws SSLConfigurationException {
+
+        if (certStoreRootDirParam == null)
+            throw new SSLConfigurationException(
+                    "config.08", new Object[]{"CertStoreDirectory"});
+
+        //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
+        rootDirectory = certStoreRootDirParam;
+        Logger.error("Using file: " + rootDirectory);
+        if (rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(5);
+        Logger.error("Using file2: " + rootDirectory);
+
+        File f = new File(rootDirectory);
+        //Logger.error("Using file: " + certStoreRootDirParam + " param: " + conf.getRootConfigFileDir());
+
+        if (!f.exists()) {
+            Logger.error("File does not exists: " + f.getAbsolutePath());
+            throw new SSLConfigurationException(
+                    "config.05", new Object[]{"CertStoreDirectory"});
+        }
+
+        if (!f.isDirectory()) {
+            Logger.error("File is not a directory: " + f.getAbsolutePath());
+            throw new SSLConfigurationException(
+                    "config.05", new Object[]{"CertStoreDirectory"});
+        }
+
+
+        parameters = new CertStoreParameters[]{this};
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
+     */
+    public CertStoreParameters[] getParameters() {
+        return parameters;
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+     */
+    public String getRootDirectory() {
+        return rootDirectory;
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+     */
+    public boolean createNew() {
+        return false;
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+     */
+    public String getId() {
+        return "MOA ID Directory CertStore";
+    }
+
+    /**
+     * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+     */
+    public boolean isReadOnly() {
+        return false;
+    }
+
+    /**
+     * @return <code>CertStoreTypes.DIRECTORY</code>
+     * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+     */
+    public String getType() {
+        return CertStoreTypes.DIRECTORY;
+    }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
new file mode 100644
index 000000000..eaef3f1d4
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -0,0 +1,164 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+/**
+ * <code>TrustManager</code> implementation featuring CRL checking (inherited from
+ * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDTrustManager extends IAIKX509TrustManager {
+  
+  /** an x509Certificate array containing all accepted server certificates*/
+  private X509Certificate[] acceptedServerCertificates;
+
+  /**
+   * Constructor
+   * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
+   * @throws GeneralSecurityException occurs on security errors
+   * @throws IOException occurs on IO errors
+   */
+  public MOAIDTrustManager(String acceptedServerCertificateStoreURL) 
+    throws IOException, GeneralSecurityException {
+    
+    if (acceptedServerCertificateStoreURL != null)
+      buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
+    else
+      acceptedServerCertificates = null;
+  }
+
+ 
+  /**
+   * Initializes the LoggingContextManager logging context.
+   * Fixes a bug occuring in the case MOA-SP is called by API.
+   * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
+   * This method must be called before a MOAIDTrustManager is constructed,
+   * from every thread.
+   */
+  public static void initializeLoggingContext() {  
+    if (LoggingContextManager.getInstance().getLoggingContext() == null)
+    LoggingContextManager.getInstance().setLoggingContext(
+      new LoggingContext(Thread.currentThread().getName()));
+  }
+
+  
+  /**
+   * Builds an Array of accepted server certificates from an URL,
+   * and stores it in <code>acceptedServerCertificates</code>.
+   * @param acceptedServerCertificateStoreURL file URL pointing to the directory
+   *         containing accepted server X509 certificates
+   * @throws GeneralSecurityException on security errors
+   * @throws IOException on any IO errors
+   */
+  private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) 
+    throws IOException, GeneralSecurityException {
+
+    List<X509Certificate> certList = new ArrayList<X509Certificate>();
+    URL storeURL = new URL(acceptedServerCertificateStoreURL);
+    File storeDir = new File(storeURL.getFile());
+    // list certificate files in directory
+    File[] certFiles = storeDir.listFiles(); 
+    for (int i = 0; i < certFiles.length; i++) {
+      // for each: create an X509Certificate and store it in list
+      File certFile = certFiles[i];
+      FileInputStream fis = new FileInputStream(certFile.getPath());
+      CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+      X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
+      fis.close();
+      certList.add(cert);
+    }
+    // store acceptedServerCertificates
+    acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
+  }
+
+  /**
+   * Does additional server-end-SSL-certificate checking.
+   * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
+   */
+  public boolean isServerTrusted(X509Certificate[] certChain) {
+    boolean trusted = super.isServerTrusted(certChain);
+    if (! trusted || acceptedServerCertificates == null)
+      return trusted;
+    else {
+      // check server-end-SSL-certificate with acceptedServerCertificates
+      X509Certificate serverCert = certChain[0];
+      for (int i = 0; i < acceptedServerCertificates.length; i++) {
+        X509Certificate acceptedServerCert = acceptedServerCertificates[i];
+        if (serverCert.equals(acceptedServerCert))
+          return true;
+      }
+      Logger.warn("SSL certificate validation FAILED.");
+      return false;
+    }
+  }
+  /**
+   * In rare cases, this method is being called although it should not be.
+   * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
+   */
+  public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
+  {
+    return true;
+  }
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java
new file mode 100644
index 000000000..fa9cd879d
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java
@@ -0,0 +1,92 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.store.observer.NotificationData;
+import iaik.pki.store.observer.Observable;
+import iaik.pki.store.observer.Observer;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ObservableImpl implements Observable {
+  /** a List for all observers */
+  private List<Observer> observers = new ArrayList<Observer>();
+
+  /**
+   * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
+   */
+  public void addObserver(Observer observer) {
+    observers.add(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
+   */
+  public boolean removeObserver(Observer observer) {
+    return observers.remove(observer);
+  }
+
+  /**
+   * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
+   */
+  public void notify(NotificationData data) {
+    Iterator<Observer> iter = observers.iterator();
+    for (iter = observers.iterator(); iter.hasNext();) {
+      Observer observer = (Observer) iter.next();
+      observer.notify(data);
+    }
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
new file mode 100644
index 000000000..5d8c7a54e
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
@@ -0,0 +1,118 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.pathvalidation.ValidationConfiguration;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+
+/**
+ * Implementation of interface <code>PKIConfiguration</code> needed to
+ * initialize an IAIK JSSE <code>TrustManager</code>
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PKIConfigurationImpl implements PKIConfiguration {
+  /** The configuration for the CertStore */
+  private CertStoreConfiguration certStoreConfiguration;
+  /** The configuration for the RevocationChecks */
+  private RevocationConfiguration revocationConfiguration;
+  /** The configuration for the Validation */
+  private ValidationConfiguration validationConfiguration;
+
+  /**
+   * Constructor
+   * @param conf the Configuration for the PKIConfig
+   * @throws ConfigurationException for any config error
+   */
+  public PKIConfigurationImpl(String certStoreRootDirParam, String chainingMode) throws SSLConfigurationException {
+    
+    certStoreConfiguration = new CertStoreConfigurationImpl(certStoreRootDirParam);
+    revocationConfiguration = new RevocationConfigurationImpl();
+    validationConfiguration = new ValidationConfigurationImpl(chainingMode);
+  }
+
+  /**
+   * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
+   */
+  public CertStoreConfiguration getCertStoreConfiguration() {
+    return certStoreConfiguration;
+  }
+
+  /**
+   * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
+   */
+  public RevocationConfiguration getRevocationConfiguration() {
+    return revocationConfiguration;
+  }
+
+  /**
+   * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
+   */
+  public ArchiveConfiguration getArchiveConfiguration() {
+    return null;
+  }
+
+  /**
+   * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
+   */
+  public ValidationConfiguration getValidationConfiguration() {
+    return validationConfiguration;
+  }
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIConfiguration#getTimeout()
+ */
+  public int getTimeout() {
+	// TODO Auto-generated method stub
+	return 0;
+}
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
new file mode 100644
index 000000000..59994a257
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -0,0 +1,230 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Set;
+
+import iaik.pki.PKIProfile;
+import iaik.pki.pathvalidation.ValidationProfile;
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+
+/**
+ * Implementation of the <code>PKIProfile</code> interface and subinterfaces
+ * providing information needed for certificate path validation.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PKIProfileImpl extends ObservableImpl
+  implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
+
+  /**
+   * URI to the truststore
+   */
+  private String trustStoreURI;
+
+	/**
+	 * revocation checking;
+	 */
+	private boolean revocationChecking;
+  
+  /**
+   * The trust profile identifier. 
+   */
+  private String id;
+
+
+  /**
+   * Create a new <code>PKIProfileImpl</code>.
+   * 
+   * @param trustStoreURI trust store URI
+   */
+  public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
+    this.trustStoreURI = trustStoreURI;
+    this.revocationChecking = revocationChecking;
+    String id = String.valueOf(System.currentTimeMillis());
+    setId("id-" + id);
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#autoAddCertificates()
+   */
+  public boolean autoAddCertificates() {
+    return true;
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#getRevocationProfile()
+   */
+  public RevocationProfile getRevocationProfile() {
+    return this;
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#getTrustStoreProfile()
+   */
+  public TrustStoreProfile getTrustStoreProfile() {
+    return this;
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#getValidationProfile()
+   */
+  public ValidationProfile getValidationProfile() {
+    return this;
+  }
+
+  /**
+   * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
+   */
+  public boolean useAuthorityInfoAccess() {
+    return true;
+  }
+  
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
+   */
+  public long getMaxRevocationAge(String arg0) {
+    return 0;
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
+   */
+  public String getOCSPRequestHashAlgorithm() {
+    return null;
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
+   */
+  public String[] getPreferredServiceOrder(X509Certificate arg0) {
+    return new String[] {RevocationSourceTypes.CRL};
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
+   */
+  public String getType() {
+    return TrustStoreTypes.DIRECTORY;
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
+   */
+  public String getURI() {
+    return trustStoreURI;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
+   */
+  public boolean getInitialAnyPolicyInhibit() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
+   */
+  public boolean getInitialExplicitPolicy() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
+   */
+  public boolean getInitialPolicyMappingInhibit() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
+   */
+  public Set getInitialPolicySet() {
+    return Collections.EMPTY_SET;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
+   */
+  public boolean getNameConstraintsProcessing() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
+   */
+  public boolean getPolicyProcessing() {
+    return false;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
+   */
+  public boolean getRevocationChecking() {
+		return this.revocationChecking;
+  }
+
+  /**
+   * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
+   */
+  public String getId() {
+    return id;
+  }
+  /**
+   * Sets the trust profile identifier.
+   * @param id The id to set.
+   */
+  public void setId(String id) {
+    this.id = id;
+  }
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
new file mode 100644
index 000000000..b5e0543db
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
@@ -0,0 +1,84 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.revocation.RevocationConfiguration;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Set;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration {
+
+  /**
+   * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
+   */
+  public Set getAlternativeDistributionPoints(
+    X509Certificate arg0,
+    X509Certificate arg1,
+    Date arg2) {
+    return Collections.EMPTY_SET;
+  }
+
+  /**
+   * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
+   */
+  public boolean archiveRevocationInfo(String arg0, String arg1) {
+    return false;
+  }
+
+  public Integer getCrlRetentionInterval(String arg0) {
+     return null;
+  }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java
new file mode 100644
index 000000000..b1334ad67
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SSLConfigurationException extends Exception {
+
+	private static final long serialVersionUID = -3705679559648920151L;
+
+	private String errorID = null;
+	private Object[] parameters = null;
+	private Throwable e = null;
+	
+	public SSLConfigurationException(String errorID, Object[] parameters) {
+		this.errorID = errorID;
+		this.parameters = parameters;
+	}
+	
+	public SSLConfigurationException(String errorID, Object[] parameters, Throwable e) {
+		this.errorID = errorID;
+		this.parameters = parameters;
+		this.e = e;
+	}
+
+	/**
+	 * @return the errorID
+	 */
+	public String getErrorID() {
+		return errorID;
+	}
+
+	/**
+	 * @return the parameters
+	 */
+	public Object[] getParameters() {
+		return parameters;
+	}
+
+	/**
+	 * @return the e
+	 */
+	public Throwable getE() {
+		return e;
+	}
+	
+	
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
new file mode 100644
index 000000000..eed8b25e0
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -0,0 +1,178 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.Security;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
+ * This <code>TrustManager</code> implementation features CRL checking.<br/>
+ * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s. 
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtils {
+  
+  /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
+  private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
+
+  /**
+   * Initializes the SSLSocketFactory store.
+   */
+  public static void initialize() {
+    sslSocketFactories = new HashMap<String, SSLSocketFactory>();
+    // JSSE Abhängigkeit
+    //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    Security.addProvider(new IAIK());
+    //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+    
+    
+  }
+  
+  /**
+   * Creates an <code>SSLSocketFactory</code> which utilizes an
+   * <code>IAIKX509TrustManager</code> for the given trust store,
+   * and the given key store.
+   * 
+   * @param conf configuration provider providing a generic properties pointing 
+   *         to trusted CA store and certificate store root
+   * @param connParam connection parameter containing the client key store settings
+   *         to be used in case of client authentication; 
+   *         if <code>connParam.getClientKeyStore() == null</code>, client authentication
+   *         is assumed to be disabled
+   * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+   * @throws IOException thrown while reading key store file
+   * @throws GeneralSecurityException thrown while creating the socket factory
+   * @throws ConfigurationException on invalid configuration data
+   * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+   */
+  public static SSLSocketFactory getSSLSocketFactory(
+		  String url, 
+		  String certStoreRootDirParam, 
+		  String trustStoreURL, 
+		  String acceptedServerCertURL,
+		  String chainingMode,
+		  boolean checkRevocation,
+		  String clientKeyStoreURL,
+		  String clientKeyStorePassword,
+		  String clientKeyStoreType
+		  ) 
+    throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException {
+    
+    Logger.debug("Get SSLSocketFactory for " + url);
+    // retrieve SSLSocketFactory if already created
+    SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(url);
+    if (ssf != null) 
+      return ssf;
+        
+    TrustManager[] tms = getTrustManagers(
+    		 certStoreRootDirParam,
+    		 chainingMode,    		 
+    		 trustStoreURL, 
+    		 acceptedServerCertURL,
+    		 checkRevocation);
+    
+    KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+      clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+    SSLContext ctx = SSLContext.getInstance("TLS");
+    ctx.init(kms, tms, null);    ssf = ctx.getSocketFactory();
+    // store SSLSocketFactory
+    sslSocketFactories.put(url, ssf);
+    return ssf;
+  }
+  
+  
+  /**
+   * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
+   * using configuration data.
+   * 
+   * @param conf MOA-ID configuration provider
+   * @param trustStoreURL trust store URL
+   * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
+   * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
+   * @throws ConfigurationException on invalid configuration data
+   * @throws IOException on data-reading problems
+   * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+   */
+  public static TrustManager[] getTrustManagers(String certStoreRootDirParam, 
+		  String chainingMode, String trustStoreURL, String acceptedServerCertURL,
+    boolean checkRevocation) 
+    throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+    PKIConfiguration cfg = null;
+    if (! PKIFactory.getInstance().isAlreadyConfigured())
+      cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
+    PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+    // This call fixes a bug occuring when PKIConfiguration is
+    // initialized by the MOA-SP initialization code, in case
+    // MOA-SP is called by API
+    MOAIDTrustManager.initializeLoggingContext();    
+    IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
+    tm.init(cfg, profile);
+    return new TrustManager[] {tm};
+  }
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java
new file mode 100644
index 000000000..275aed4c4
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java
@@ -0,0 +1,97 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * 
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ * 
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.commons.utils.ssl;
+
+import iaik.pki.pathvalidation.ValidationConfiguration;
+
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ValidationConfigurationImpl extends ObservableImpl
+  implements ValidationConfiguration {
+  /** The ConfigurationProvider for the validation*/
+  private String chainingMode;
+    
+  /**
+   * Constructor
+   * @param conf with the configuration
+   */
+  public ValidationConfigurationImpl(String chainingMode) {
+    this.chainingMode = chainingMode;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
+   */
+  public String getChainingMode(X509Certificate trustAnchor) {
+
+	  //INFO: MOA-ID 2.x always use defaultChainingMode
+	  
+    return chainingMode;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
+   */
+  public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) {
+    return null;
+  }
+
+  /**
+   * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
+   */
+  public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) {
+    return null;
+  }
+
+}