Merge branch 'eIDAS_node_implementation' of gitlab.iaik.tugraz.at:egiz/moa-idspss into eIDAS_node_implementation

6 files changed, 202 insertions, 276 deletions

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
index 4e8c7dffd..32dd97148 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MigrateConfiguration.java
@@ -1,103 +1,103 @@
-package at.gv.egovernment.moa.id.commons.config;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-
-import javax.xml.bind.JAXBException;
-
-import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI;
-import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams;
-
-/**
- * CLI tool which is able to perform the following tasks:
- * <ul>
- * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file
- * </li>
- * <li>read a property file and transfer it's content to a database</li>
- * <li>write the content of a database to a property file</li>
- * </ul>
- */
-public class MigrateConfiguration {
-
-	public static void main(String[] args) {
-
-		MOAIDConfCLI cli = new MOAIDConfCLI();
-		MigrateConfigurationParams parsedParameters = cli.parse(args);
-
-		// consider settings of force switch
-		boolean isOverwriteData = parsedParameters.isOverwriteData();
-		ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData);
-
-		if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) {
-			// read input from file
-			workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil);
-
-		} else if (parsedParameters.getInputDBConfig() != null) {
-			// read input from database
-			workWithImputFromDB(parsedParameters, configUtil);
-
-		} else {
-			System.exit(1);
-		}
-	}
-
-	/**
-	 * Handle the case where input from a file is read.
-	 * 
-	 * @param inputFileUrl
-	 *            the url of the input file.
-	 * @param parsedParameters
-	 *            the command line parameters.
-	 * @param configUtil
-	 *            the class for working with the configuration.
-	 */
-	private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters,
-			ConfigurationUtil configUtil) {
-		File inFile = new File(inputFileUrl);
-		try (FileInputStream inStream = new FileInputStream(inFile);) {
-
-			if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
-				// input from file and output to a file is desired
-				File outFile = new File(parsedParameters.getOutputFile());
-				configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile);
-
-			} else if (parsedParameters.getOutputDBConfig() != null) {
-				// input from file and output to a database is desired
-				configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig());
-			}
-		} catch (JAXBException e) {
-			System.out.println("MOA-ID XML configuration can not be loaded from given file.");
-			System.exit(1);
-		} catch (FileNotFoundException e) {
-			System.out.println("Could not find the input file.");
-			System.exit(1);
-		} catch (IOException e) {
-			System.out.println("Could not read from the input file.");
-			System.exit(1);
-		}
-	}
-
-	/**
-	 * Handle the case where input is read from a database.
-	 * 
-	 * @param parsedParameters
-	 *            the command line parameters.
-	 * @param configUtil
-	 *            the class for working with the configuration.
-	 */
-	private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) {
-		if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
-			// input from database and output to a file is desired
-			File outFile = new File(parsedParameters.getOutputFile());
-			String inputDBConfigFilePath = parsedParameters.getInputDBConfig();
-			configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile);
-
-		} else if (parsedParameters.getOutputDBConfig() != null) {
-			// input from database and output to a database is desired
-			// configUtil.readFromDBWriteToDB(inDBConfigFilePath,
-			// outDBConfigFilePath);
-		}
-	}
-}
\ No newline at end of file
+//package at.gv.egovernment.moa.id.commons.config;
+//
+//import java.io.File;
+//import java.io.FileInputStream;
+//import java.io.FileNotFoundException;
+//import java.io.IOException;
+//
+//import javax.xml.bind.JAXBException;
+//
+//import at.gv.egovernment.moa.id.commons.config.cli.MOAIDConfCLI;
+//import at.gv.egovernment.moa.id.commons.config.cli.MigrateConfigurationParams;
+//
+///**
+// * CLI tool which is able to perform the following tasks:
+// * <ul>
+// * <li>transform a MoaID 2 XML configuration XML file to a MoaID 3 property file
+// * </li>
+// * <li>read a property file and transfer it's content to a database</li>
+// * <li>write the content of a database to a property file</li>
+// * </ul>
+// */
+//public class MigrateConfiguration {
+//
+//	public static void main(String[] args) {
+//
+//		MOAIDConfCLI cli = new MOAIDConfCLI();
+//		MigrateConfigurationParams parsedParameters = cli.parse(args);
+//
+//		// consider settings of force switch
+//		boolean isOverwriteData = parsedParameters.isOverwriteData();
+//		ConfigurationUtil configUtil = new ConfigurationUtil(isOverwriteData);
+//
+//		if (!parsedParameters.isInputDB() && (parsedParameters.getInputTarget() != null)) {
+//			// read input from file
+//			workWithInputFromFile(parsedParameters.getInputTarget(), parsedParameters, configUtil);
+//
+//		} else if (parsedParameters.getInputDBConfig() != null) {
+//			// read input from database
+//			workWithImputFromDB(parsedParameters, configUtil);
+//
+//		} else {
+//			System.exit(1);
+//		}
+//	}
+//
+//	/**
+//	 * Handle the case where input from a file is read.
+//	 * 
+//	 * @param inputFileUrl
+//	 *            the url of the input file.
+//	 * @param parsedParameters
+//	 *            the command line parameters.
+//	 * @param configUtil
+//	 *            the class for working with the configuration.
+//	 */
+//	private static void workWithInputFromFile(String inputFileUrl, MigrateConfigurationParams parsedParameters,
+//			ConfigurationUtil configUtil) {
+//		File inFile = new File(inputFileUrl);
+//		try (FileInputStream inStream = new FileInputStream(inFile);) {
+//
+//			if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
+//				// input from file and output to a file is desired
+//				File outFile = new File(parsedParameters.getOutputFile());
+//				configUtil.readFromXMLFileConvertToPropertyFile(inStream, outFile);
+//
+//			} else if (parsedParameters.getOutputDBConfig() != null) {
+//				// input from file and output to a database is desired
+//				configUtil.readFromFileWriteToDB(inStream, parsedParameters.getOutputDBConfig());
+//			}
+//		} catch (JAXBException e) {
+//			System.out.println("MOA-ID XML configuration can not be loaded from given file.");
+//			System.exit(1);
+//		} catch (FileNotFoundException e) {
+//			System.out.println("Could not find the input file.");
+//			System.exit(1);
+//		} catch (IOException e) {
+//			System.out.println("Could not read from the input file.");
+//			System.exit(1);
+//		}
+//	}
+//
+//	/**
+//	 * Handle the case where input is read from a database.
+//	 * 
+//	 * @param parsedParameters
+//	 *            the command line parameters.
+//	 * @param configUtil
+//	 *            the class for working with the configuration.
+//	 */
+//	private static void workWithImputFromDB(MigrateConfigurationParams parsedParameters, ConfigurationUtil configUtil) {
+//		if (!parsedParameters.isOutputDB() && (parsedParameters.getOutputFile() != null)) {
+//			// input from database and output to a file is desired
+//			File outFile = new File(parsedParameters.getOutputFile());
+//			String inputDBConfigFilePath = parsedParameters.getInputDBConfig();
+//			configUtil.readFromDBWriteToFile(inputDBConfigFilePath, outFile);
+//
+//		} else if (parsedParameters.getOutputDBConfig() != null) {
+//			// input from database and output to a database is desired
+//			// configUtil.readFromDBWriteToDB(inDBConfigFilePath,
+//			// outDBConfigFilePath);
+//		}
+//	}
+//}
\ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 0479b1bc1..bdadf681d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -34,6 +34,7 @@ import java.util.Arrays;
 import java.util.List;
 
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
@@ -50,6 +51,7 @@ import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
 import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.Logger;
 import iaik.pki.PKIException;
+import sun.security.ssl.ProtocolVersion;
 
 /**
  * @author tlenz
@@ -188,6 +190,19 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 		if (socket instanceof SSLSocket) {
 			SSLSocket sslSocket = (SSLSocket)socket;
 			
+/*TODO			
+*			Set allowed ProtocolVersions into SSLSocket to support TLSv1.1 and TLSv1.2 in JAVA 7
+*			Therefore, we had do manually set the TLS1.2 protocol support into SSLParameters 
+*			from SSL socket. Maybe, there is an additional validation required if TLSv1.2 is
+*			supported in principle by currently used JAVA version.
+*/
+//			SSLParameters test = ((SSLSocket) socket).getSSLParameters();
+//			List<String> enabledProtocols = Arrays.asList(test.getProtocols());
+//			if (enabledProtocols.contains(ProtocolVersion.TLS11.name)) {
+//				
+//			}
+//			sslSocket.setSSLParameters(test);
+			
 			//verify Hostname
 			verifyHostName(sslSocket);
 				
@@ -208,7 +223,14 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 	 */
 	private void verifyHostName(SSLSocket sslSocket) throws SSLException{
 		if (verifyHostName) {
+			
 			SSLSession session = sslSocket.getSession();
+			if ("SSL_NULL_WITH_NULL_NULL".equals(session.getCipherSuite())) {
+				Logger.warn("SSL connection can NOT established.");
+				throw new SSLException("SSL connection can NOT established.");
+				
+			}
+			
 			String hostName = session.getPeerHost();
 			Certificate[] certs = null;
 			
@@ -254,6 +276,12 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 	 * @return {@link SSLSocket} with Ciphersuites
 	 */
 	private SSLSocket setEnabledSslCiphers(SSLSocket sslSocket) {
+		/*TODO:
+		 * This implementation currently not work fine, because not all ciphers from 
+		 * 'https.cipherSuites' SystemProperty had to be supported by current JAVA version
+		 * Add an validation step to check the allowed cipherSuites against the currently
+		 * supported cipher suites and only add the matching set of ciphers
+		 */
 		String systemProp = System.getProperty("https.cipherSuites");		
 		if (MiscUtil.isNotEmpty(systemProp)) {
 			try {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
index a70d62e1e..3291f8a15 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/FileUtils.java
@@ -53,40 +53,40 @@ public class FileUtils {
     in.close();
     return content;
   }
-  /**
-   * Reads a file, given by URL, into a String.
-   * @param urlString file URL
-   * @param encoding character encoding
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static String readURL(String urlString, String encoding) throws IOException {
-    byte[] content = readURL(urlString);
-    return new String(content, encoding);
-  }
-  /**
-   * Reads a file, given by filename, into a byte array.
-   * @param filename filename
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static byte[] readFile(String filename) throws IOException {
-    BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename));
-    byte[] content = StreamUtils.readStream(in);
-    in.close();
-    return content;
-  }
-  /**
-   * Reads a file, given by filename, into a String.
-   * @param filename filename
-   * @param encoding character encoding
-   * @return file content
-   * @throws IOException on any exception thrown
-   */
-  public static String readFile(String filename, String encoding) throws IOException {
-    byte[] content = readFile(filename);
-    return new String(content, encoding);
-  }
+//  /**
+//   * Reads a file, given by URL, into a String.
+//   * @param urlString file URL
+//   * @param encoding character encoding
+//   * @return file content
+//   * @throws IOException on any exception thrown
+//   */
+//  public static String readURL(String urlString, String encoding) throws IOException {
+//    byte[] content = readURL(urlString);
+//    return new String(content, encoding);
+//  }
+//  /**
+//   * Reads a file, given by filename, into a byte array.
+//   * @param filename filename
+//   * @return file content
+//   * @throws IOException on any exception thrown
+//   */
+//  public static byte[] readFile(String filename) throws IOException {
+//    BufferedInputStream in = new BufferedInputStream(new FileInputStream(filename));
+//    byte[] content = StreamUtils.readStream(in);
+//    in.close();
+//    return content;
+//  }
+//  /**
+//   * Reads a file, given by filename, into a String.
+//   * @param filename filename
+//   * @param encoding character encoding
+//   * @return file content
+//   * @throws IOException on any exception thrown
+//   */
+//  public static String readFile(String filename, String encoding) throws IOException {
+//    byte[] content = readFile(filename);
+//    return new String(content, encoding);
+//  }
   /**
    * Reads a file from a resource.
    * @param name resource name
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
index 3d28f4f2b..38dcafcc0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/KeyStoreUtils.java
@@ -126,33 +126,33 @@ public class KeyStoreUtils {
     }
     return ks;
   }
-  /**
-   * Creates a key store from a directory containg X509 certificate files, 
-   * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
-   * All the files in the directory are considered to be certificates.
-   * 
-   * @param keyStoreType key store type
-   * @param certDirURLString file URL of directory containing certificate filenames
-   * @return key store created
-   * @throws IOException thrown while reading the certificates from file
-   * @throws GeneralSecurityException thrown while creating the key store
-   */
-  public static KeyStore createKeyStoreFromCertificateDirectory(
-    String keyStoreType,
-    String certDirURLString)
-    throws IOException, GeneralSecurityException {
-
-    URL certDirURL = new URL(certDirURLString);
-    String certDirname = certDirURL.getFile();
-    File certDir = new File(certDirname);
-    String[] certFilenames = certDir.list();
-    String separator =
-      (certDirname.endsWith(File.separator) ? "" : File.separator);
-    for (int i = 0; i < certFilenames.length; i++) {
-      certFilenames[i] = certDirname + separator + certFilenames[i];
-    }
-    return createKeyStore(keyStoreType, certFilenames);
-  }
+//  /**
+//   * Creates a key store from a directory containg X509 certificate files, 
+//   * aliasing them with the index in the <code>String[]</code>, starting with <code>"0"</code>.
+//   * All the files in the directory are considered to be certificates.
+//   * 
+//   * @param keyStoreType key store type
+//   * @param certDirURLString file URL of directory containing certificate filenames
+//   * @return key store created
+//   * @throws IOException thrown while reading the certificates from file
+//   * @throws GeneralSecurityException thrown while creating the key store
+//   */
+//  public static KeyStore createKeyStoreFromCertificateDirectory(
+//    String keyStoreType,
+//    String certDirURLString)
+//    throws IOException, GeneralSecurityException {
+//
+//    URL certDirURL = new URL(certDirURLString);
+//    String certDirname = certDirURL.getFile();
+//    File certDir = new File(certDirname);
+//    String[] certFilenames = certDir.list();
+//    String separator =
+//      (certDirname.endsWith(File.separator) ? "" : File.separator);
+//    for (int i = 0; i < certFilenames.length; i++) {
+//      certFilenames[i] = certDirname + separator + certFilenames[i];
+//    }
+//    return createKeyStore(keyStoreType, certFilenames);
+//  }
 
   /**
    * Loads an X509 certificate from file.
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java
deleted file mode 100644
index e3f8f75a1..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/OutputXML2File.java
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-/*
- * Created on 26.04.2004
- *
- * @author rschamberger
- * $ID$
- */
-package at.gv.egovernment.moa.util;
-
-import org.w3c.dom.Element;
-
-import at.gv.egovernment.moa.logging.Logger;
-
-/**
- * utility functions to write XML data to files
- * @author rschamberger
- * @version $Id$
- */
-public class OutputXML2File {
-
-	/**
-	 * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8)
-	 * 
-	 * @param filename file name
-	 * @param rootElem root element in DOM tree
-	 * @param hierarchy of the Logger
-	 */
-	public static void debugOutputXML2File(String filename, Element rootElem, String hierarchy) {
-		if (Logger.isDebugEnabled(hierarchy)) {
-			outputXML2File(filename, rootElem);
-		}
-	}
-	
-	/**
-	 * writes an XML structure to file if debug is enabled in hierarchy (Encoding: UTF-8)
-	 * 
-	 * @param filename file name
-	 * @param xmlString XML string
-	 * @param hierarchy of the Logger 
-	 */
-	public static void debugOutputXML2File(String filename, String xmlString, String hierarchy) {
-		if (Logger.isDebugEnabled(hierarchy)) {
-			outputXML2File(filename, xmlString);
-		}
-	}
-
-	/**
-	 * writes an XML structure to file (Encoding: UTF-8)
-	 * 
-	 * @param filename file name
-	 * @param rootElem root element in DOM tree
-	 */
-	public static void outputXML2File(String filename, Element rootElem) {
-		try {
-			String xmlString = new String(DOMUtils.serializeNode(rootElem));
-			outputXML2File(filename, xmlString);
-		} catch (Exception ex) {
-			ex.printStackTrace();
-		}
-	}
-	
-	/**
-	 * writes an XML structure to file (Encoding: UTF-8)
-	 * 
-	 * @param filename file name
-	 * @param xmlString XML string
-	 */
-	public static void outputXML2File(String filename, String xmlString) {
-		try {
-			java.io.OutputStream fout = new java.io.FileOutputStream(filename);
-			byte[] xmlData = xmlString.getBytes("UTF-8");
-			fout.write(xmlData);
-			fout.close();
-		} catch (Exception ex) {
-			ex.printStackTrace();
-		}
-	}
-
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
index 2433eca89..be5581139 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/KeyStoreUtilsTest.java
@@ -75,16 +75,16 @@ public class KeyStoreUtilsTest extends TestCase {
   	X509Certificate cert = (X509Certificate)ks.getCertificate("0");
   	assertEquals(3424, cert.getSerialNumber().intValue());
   }
-  public void testCreateKeyStoreFromCertificateDirectory() throws Exception {
-    // copy certificate files to a temporary directory, 
-    // omitting the "CVS" directory in the source directory
-  	copyCertificates("data/test/security/server-certs", tmpDir);
-  	KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL);
-  	assertEquals(2, ks.size());
-  	X509Certificate cert0 = (X509Certificate)ks.getCertificate("0");
-  	X509Certificate cert1 = (X509Certificate)ks.getCertificate("1");
-  	assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue());
-  }
+//  public void testCreateKeyStoreFromCertificateDirectory() throws Exception {
+//    // copy certificate files to a temporary directory, 
+//    // omitting the "CVS" directory in the source directory
+//  	copyCertificates("data/test/security/server-certs", tmpDir);
+//  	KeyStore ks = KeyStoreUtils.createKeyStoreFromCertificateDirectory("jks", tmpDirURL);
+//  	assertEquals(2, ks.size());
+//  	X509Certificate cert0 = (X509Certificate)ks.getCertificate("0");
+//  	X509Certificate cert1 = (X509Certificate)ks.getCertificate("1");
+//  	assertTrue(3424 == cert0.getSerialNumber().intValue() || 3424 == cert1.getSerialNumber().intValue());
+//  }
   private void copyCertificates(String from, String to) throws IOException {
 		String[] fromList = new File(from).list();
 		for (int i = 0; i < fromList.length; i++) {