aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons/src/main/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 15:49:27 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 15:49:27 +0200
commitb0782a62b34a8343968a456ed754f55cc41daf0f (patch)
treecb57bc6017055cdfbb0e77243831708af1ac8e3b /id/server/moa-id-commons/src/main/java/at/gv
parent0cdb39bbfbacbea3f809872f2570709eeca91ccf (diff)
downloadmoa-id-spss-b0782a62b34a8343968a456ed754f55cc41daf0f.tar.gz
moa-id-spss-b0782a62b34a8343968a456ed754f55cc41daf0f.tar.bz2
moa-id-spss-b0782a62b34a8343968a456ed754f55cc41daf0f.zip
add customized HttpClient which can use the MOA Truststore to verfiy SSL connections
Diffstat (limited to 'id/server/moa-id-commons/src/main/java/at/gv')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java42
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java129
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java12
3 files changed, 181 insertions, 2 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
new file mode 100644
index 000000000..c6d8b1d79
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.ex;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactoryException extends Exception {
+
+ private static final long serialVersionUID = 4934502074731319897L;
+
+
+ public MOAHttpProtocolSocketFactoryException(String message) {
+ super(message);
+ }
+
+ public MOAHttpProtocolSocketFactoryException(String message, Throwable e) {
+ super(message, e );
+ }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
new file mode 100644
index 000000000..3b6fc34ea
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+
+
+ private SSLSocketFactory sslfactory = null;
+
+ public MOAHttpProtocolSocketFactory (
+ String url,
+ String certStoreRootDirParam,
+ String trustStoreURL,
+ String acceptedServerCertURL,
+ ChainingModeType chainingMode,
+ boolean checkRevocation
+ ) throws MOAHttpProtocolSocketFactoryException {
+ super();
+
+ try {
+ this.sslfactory = SSLUtils.getSSLSocketFactory(
+ url,
+ certStoreRootDirParam,
+ trustStoreURL,
+ acceptedServerCertURL,
+ chainingMode.value(),
+ checkRevocation,
+ null,
+ null,
+ null);
+
+ } catch (IOException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ } catch (GeneralSecurityException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ } catch (SSLConfigurationException e) {
+ throw new MOAHttpProtocolSocketFactoryException("SSL Configuration loading FAILED.", e);
+
+ } catch (PKIException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int)
+ */
+ public Socket createSocket(String host, int port, InetAddress localAddress,
+ int localPort) throws IOException, UnknownHostException {
+ return this.sslfactory.createSocket(host, port,
+ localAddress, localPort);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams)
+ */
+ public Socket createSocket(String host, int port, InetAddress localAddress,
+ int localPort, HttpConnectionParams params) throws IOException,
+ UnknownHostException, ConnectTimeoutException {
+ return this.sslfactory.createSocket(host, port,
+ localAddress, localPort);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int)
+ */
+ public Socket createSocket(String host, int port) throws IOException,
+ UnknownHostException {
+ return this.sslfactory.createSocket(host, port);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
+ */
+ public Socket createSocket(Socket socket, String host, int port,
+ boolean autoClose) throws IOException, UnknownHostException {
+ return this.sslfactory.createSocket(socket, host,
+ port, autoClose);
+ }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index eed8b25e0..68437a04d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -139,12 +139,19 @@ public class SSLUtils {
KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null); ssf = ctx.getSocketFactory();
+ ctx.init(kms, tms, null);
+ ssf = ctx.getSocketFactory();
// store SSLSocketFactory
sslSocketFactories.put(url, ssf);
return ssf;
}
+ public static void removeSSLSocketFactory(String url) {
+ Logger.info("Remove SSLSocketFactory for URL " + url);
+ if (sslSocketFactories.containsKey(url))
+ sslSocketFactories.remove(url);
+
+ }
/**
* Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
@@ -158,7 +165,7 @@ public class SSLUtils {
* @throws IOException on data-reading problems
* @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
*/
- public static TrustManager[] getTrustManagers(String certStoreRootDirParam,
+ private static TrustManager[] getTrustManagers(String certStoreRootDirParam,
String chainingMode, String trustStoreURL, String acceptedServerCertURL,
boolean checkRevocation)
throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
@@ -175,4 +182,5 @@ public class SSLUtils {
tm.init(cfg, profile);
return new TrustManager[] {tm};
}
+
}