summaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons/src
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-10-24 12:45:47 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-10-24 12:45:47 +0200
commitd1a5528b2f542c1f7004f6f47fba0b083ff03277 (patch)
tree8e64bf5e8d51a81c449f79671f799fc6df43eb97 /id/server/moa-id-commons/src
parent479fb49056c4603069c50c43d38e7988efd733ee (diff)
downloadmoa-id-spss-d1a5528b2f542c1f7004f6f47fba0b083ff03277.tar.gz
moa-id-spss-d1a5528b2f542c1f7004f6f47fba0b083ff03277.tar.bz2
moa-id-spss-d1a5528b2f542c1f7004f6f47fba0b083ff03277.zip
remove MOA-ID specific certStore directory.
From now, MOA-ID always use the MOA-SPSS certStore directory for chain building
Diffstat (limited to 'id/server/moa-id-commons/src')
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java35
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java66
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java29
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java16
5 files changed, 93 insertions, 55 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
index cbbca12c5..e14f9c9ce 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java
@@ -60,8 +60,6 @@ public interface ConfigurationProvider {
public String getTrustedCACertificates();
- public String getCertstoreDirectory();
-
public boolean isTrustmanagerrevoationchecking();
/**
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 3b1f0c7b5..4f3f921df 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -50,19 +50,42 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
public MOAHttpProtocolSocketFactory (
String url,
- String certStoreRootDirParam,
String trustStoreURL,
String acceptedServerCertURL,
String chainingMode,
boolean checkRevocation,
- String[] revocationMethodOrder
- ) throws MOAHttpProtocolSocketFactoryException {
- super();
+ String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
+ internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+ }
+
+ /**
+ * @param string
+ * @param certStoreDirectory
+ * @param trustStoreDirectory
+ * @param object
+ * @param string2
+ * @param b
+ * @param strings
+ */
+ public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL,
+ String acceptedServerCertURL,
+ String chainingMode,
+ boolean checkRevocation,
+ String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
+ internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+
+ }
+
+ private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL,
+ String acceptedServerCertURL,
+ String chainingMode,
+ boolean checkRevocation,
+ String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
try {
this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
url,
- certStoreRootDirParam,
+ certStoreDirectory,
trustStoreURL,
acceptedServerCertURL,
chainingMode,
@@ -85,7 +108,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
}
-
+
}
/* (non-Javadoc)
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index 969de3ce6..9fc6f799d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -59,12 +59,6 @@ import java.util.List;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
-import iaik.logging.TransactionId;
-import iaik.logging.impl.TransactionIdImpl;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
import iaik.pki.jsse.IAIKX509TrustManager;
@@ -168,35 +162,35 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
return true;
}
- public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException {
- if (pkiProfile == null) {
- throw new NullPointerException("pkiConfig parameter must not be null");
-
- }
-
- TransactionId tid = new TransactionIdImpl("Init");
- log_.info(tid, "Setting up IAIKX509TrustManager", null);
- if (pkiConfig != null) {
- PKIFactory.getInstance().configure(pkiConfig, tid);
-// log_.info(tid, "Registering LDAP protocol handler", null);
-// String protocolHandlers =
-// System.getProperty("java.protocol.handler.pkgs");
-// if (protocolHandlers == null) {
-// protocolHandlers = "iaik.pki";
-//
-// } else {
-// protocolHandlers = protocolHandlers + "|iaik.pki";
-//
-// }
-//
-// System.setProperty("java.protocol.handler.pkgs", protocolHandlers);
-// log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null);
-
- }
-
- pkiProfile_ = pkiProfile;
- pkiFactory_ = PKIFactory.getInstance();
- initialized_ = true;
- }
+// public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException {
+// if (pkiProfile == null) {
+// throw new NullPointerException("pkiConfig parameter must not be null");
+//
+// }
+//
+// TransactionId tid = new TransactionIdImpl("Init");
+// log_.info(tid, "Setting up IAIKX509TrustManager", null);
+// if (pkiConfig != null) {
+// PKIFactory.getInstance().configure(pkiConfig, tid);
+//// log_.info(tid, "Registering LDAP protocol handler", null);
+//// String protocolHandlers =
+//// System.getProperty("java.protocol.handler.pkgs");
+//// if (protocolHandlers == null) {
+//// protocolHandlers = "iaik.pki";
+////
+//// } else {
+//// protocolHandlers = protocolHandlers + "|iaik.pki";
+////
+//// }
+////
+//// System.setProperty("java.protocol.handler.pkgs", protocolHandlers);
+//// log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null);
+//
+// }
+//
+// pkiProfile_ = pkiProfile;
+// pkiFactory_ = PKIFactory.getInstance();
+// initialized_ = true;
+// }
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 9b692c090..1c8b6e18d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -46,10 +46,12 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Set;
+import iaik.asn1.structures.AlgorithmID;
import iaik.pki.PKIProfile;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.revocation.RevocationProfile;
@@ -66,7 +68,7 @@ import iaik.pki.store.truststore.TrustStoreTypes;
*/
public class PKIProfileImpl extends ObservableImpl
implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
+
/**
* URI to the truststore
*/
@@ -79,6 +81,7 @@ public class PKIProfileImpl extends ObservableImpl
private String[] revocationCheckMethode = new String[] {RevocationSourceTypes.CRL};
+ protected String ocspRequestHashAlgorithm_ = null;
/**
* The trust profile identifier.
@@ -130,16 +133,32 @@ public class PKIProfileImpl extends ObservableImpl
* @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
*/
public long getMaxRevocationAge(String arg0) {
- return 0;
+ return 0L;
}
/**
* @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
*/
public String getOCSPRequestHashAlgorithm() {
- return null;
+ if (ocspRequestHashAlgorithm_ == null) {
+ try
+ {
+ ocspRequestHashAlgorithm_ = AlgorithmID.sha1.getImplementationName();
+ }
+ catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {}
+ }
+ return ocspRequestHashAlgorithm_;
}
+ public void setOCSPRequestHashAlgorithm(AlgorithmID paramAlgorithmID)
+ throws NoSuchAlgorithmException
+ {
+ if (paramAlgorithmID == null) {
+ throw new NullPointerException("Algorithm must not be null.");
+ }
+ ocspRequestHashAlgorithm_ = paramAlgorithmID.getImplementationName();
+ }
+
/**
* @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
*/
@@ -233,8 +252,8 @@ public class PKIProfileImpl extends ObservableImpl
*/
@Override
public int autoAddCertificates() {
- //TODO: ask harald!!!!!
return 1;
+
}
/* (non-Javadoc)
@@ -242,7 +261,7 @@ public int autoAddCertificates() {
*/
@Override
public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
- //TODO: ask harald!!!!!
return null;
+
}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index d2a099c69..4ecda435d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -61,7 +61,7 @@ import javax.net.ssl.TrustManager;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.KeyStoreUtils;
-import iaik.pki.PKIConfiguration;
+import iaik.pki.DefaultPKIConfiguration;
import iaik.pki.PKIException;
import iaik.pki.PKIFactory;
//import iaik.pki.jsse.IAIKX509TrustManager;
@@ -218,12 +218,16 @@ public class SSLUtils {
boolean checkRevocation, String[] revocationMethodOrder)
throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
-
- PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+ DefaultPKIConfiguration cfg = null;
+ if (! PKIFactory.getInstance().isAlreadyConfigured()) {
+ CertStoreConfigurationImpl certStoreConf = new CertStoreConfigurationImpl(certStoreRootDirParam);
+ cfg = new DefaultPKIConfiguration(certStoreConf.getParameters());
+ cfg.setChainingMode(chainingMode);
+ Logger.info("Set-up PKI module configuration ... ");
+
+ }
+ PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
profile.setPreferredServiceOrder(revocationMethodOrder);
// This call fixes a bug occuring when PKIConfiguration is
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 07:20:50 +0000