diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-24 12:45:47 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-10-24 12:45:47 +0200 |
commit | d1a5528b2f542c1f7004f6f47fba0b083ff03277 (patch) | |
tree | 8e64bf5e8d51a81c449f79671f799fc6df43eb97 /id/server/moa-id-commons | |
parent | 479fb49056c4603069c50c43d38e7988efd733ee (diff) | |
download | moa-id-spss-d1a5528b2f542c1f7004f6f47fba0b083ff03277.tar.gz moa-id-spss-d1a5528b2f542c1f7004f6f47fba0b083ff03277.tar.bz2 moa-id-spss-d1a5528b2f542c1f7004f6f47fba0b083ff03277.zip |
remove MOA-ID specific certStore directory.
From now, MOA-ID always use the MOA-SPSS certStore directory for chain building
Diffstat (limited to 'id/server/moa-id-commons')
5 files changed, 93 insertions, 55 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java index cbbca12c5..e14f9c9ce 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/ConfigurationProvider.java @@ -60,8 +60,6 @@ public interface ConfigurationProvider { public String getTrustedCACertificates(); - public String getCertstoreDirectory(); - public boolean isTrustmanagerrevoationchecking(); /** diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index 3b1f0c7b5..4f3f921df 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -50,19 +50,42 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory public MOAHttpProtocolSocketFactory ( String url, - String certStoreRootDirParam, String trustStoreURL, String acceptedServerCertURL, String chainingMode, boolean checkRevocation, - String[] revocationMethodOrder - ) throws MOAHttpProtocolSocketFactoryException { - super(); + String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException { + internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + } + + /** + * @param string + * @param certStoreDirectory + * @param trustStoreDirectory + * @param object + * @param string2 + * @param b + * @param strings + */ + public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL, + String acceptedServerCertURL, + String chainingMode, + boolean checkRevocation, + String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException { + internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder); + + } + + private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL, + String acceptedServerCertURL, + String chainingMode, + boolean checkRevocation, + String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException { try { this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( url, - certStoreRootDirParam, + certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, @@ -85,7 +108,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e); } - + } /* (non-Javadoc) diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index 969de3ce6..9fc6f799d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -59,12 +59,6 @@ import java.util.List; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; -import iaik.logging.TransactionId; -import iaik.logging.impl.TransactionIdImpl; -import iaik.pki.PKIConfiguration; -import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; import iaik.pki.jsse.IAIKX509TrustManager; @@ -168,35 +162,35 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { return true; } - public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException { - if (pkiProfile == null) { - throw new NullPointerException("pkiConfig parameter must not be null"); - - } - - TransactionId tid = new TransactionIdImpl("Init"); - log_.info(tid, "Setting up IAIKX509TrustManager", null); - if (pkiConfig != null) { - PKIFactory.getInstance().configure(pkiConfig, tid); -// log_.info(tid, "Registering LDAP protocol handler", null); -// String protocolHandlers = -// System.getProperty("java.protocol.handler.pkgs"); -// if (protocolHandlers == null) { -// protocolHandlers = "iaik.pki"; -// -// } else { -// protocolHandlers = protocolHandlers + "|iaik.pki"; -// -// } -// -// System.setProperty("java.protocol.handler.pkgs", protocolHandlers); -// log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null); - - } - - pkiProfile_ = pkiProfile; - pkiFactory_ = PKIFactory.getInstance(); - initialized_ = true; - } +// public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException { +// if (pkiProfile == null) { +// throw new NullPointerException("pkiConfig parameter must not be null"); +// +// } +// +// TransactionId tid = new TransactionIdImpl("Init"); +// log_.info(tid, "Setting up IAIKX509TrustManager", null); +// if (pkiConfig != null) { +// PKIFactory.getInstance().configure(pkiConfig, tid); +//// log_.info(tid, "Registering LDAP protocol handler", null); +//// String protocolHandlers = +//// System.getProperty("java.protocol.handler.pkgs"); +//// if (protocolHandlers == null) { +//// protocolHandlers = "iaik.pki"; +//// +//// } else { +//// protocolHandlers = protocolHandlers + "|iaik.pki"; +//// +//// } +//// +//// System.setProperty("java.protocol.handler.pkgs", protocolHandlers); +//// log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null); +// +// } +// +// pkiProfile_ = pkiProfile; +// pkiFactory_ = PKIFactory.getInstance(); +// initialized_ = true; +// } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java index 9b692c090..1c8b6e18d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java @@ -46,10 +46,12 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; +import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Set; +import iaik.asn1.structures.AlgorithmID; import iaik.pki.PKIProfile; import iaik.pki.pathvalidation.ValidationProfile; import iaik.pki.revocation.RevocationProfile; @@ -66,7 +68,7 @@ import iaik.pki.store.truststore.TrustStoreTypes; */ public class PKIProfileImpl extends ObservableImpl implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile { - + /** * URI to the truststore */ @@ -79,6 +81,7 @@ public class PKIProfileImpl extends ObservableImpl private String[] revocationCheckMethode = new String[] {RevocationSourceTypes.CRL}; + protected String ocspRequestHashAlgorithm_ = null; /** * The trust profile identifier. @@ -130,16 +133,32 @@ public class PKIProfileImpl extends ObservableImpl * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String) */ public long getMaxRevocationAge(String arg0) { - return 0; + return 0L; } /** * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm() */ public String getOCSPRequestHashAlgorithm() { - return null; + if (ocspRequestHashAlgorithm_ == null) { + try + { + ocspRequestHashAlgorithm_ = AlgorithmID.sha1.getImplementationName(); + } + catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {} + } + return ocspRequestHashAlgorithm_; } + public void setOCSPRequestHashAlgorithm(AlgorithmID paramAlgorithmID) + throws NoSuchAlgorithmException + { + if (paramAlgorithmID == null) { + throw new NullPointerException("Algorithm must not be null."); + } + ocspRequestHashAlgorithm_ = paramAlgorithmID.getImplementationName(); + } + /** * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate) */ @@ -233,8 +252,8 @@ public class PKIProfileImpl extends ObservableImpl */ @Override public int autoAddCertificates() { - //TODO: ask harald!!!!! return 1; + } /* (non-Javadoc) @@ -242,7 +261,7 @@ public int autoAddCertificates() { */ @Override public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { - //TODO: ask harald!!!!! return null; + } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index d2a099c69..4ecda435d 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -61,7 +61,7 @@ import javax.net.ssl.TrustManager; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.KeyStoreUtils; -import iaik.pki.PKIConfiguration; +import iaik.pki.DefaultPKIConfiguration; import iaik.pki.PKIException; import iaik.pki.PKIFactory; //import iaik.pki.jsse.IAIKX509TrustManager; @@ -218,12 +218,16 @@ public class SSLUtils { boolean checkRevocation, String[] revocationMethodOrder) throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException { - PKIConfiguration cfg = null; - if (! PKIFactory.getInstance().isAlreadyConfigured()) - cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode); - - PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation); + DefaultPKIConfiguration cfg = null; + if (! PKIFactory.getInstance().isAlreadyConfigured()) { + CertStoreConfigurationImpl certStoreConf = new CertStoreConfigurationImpl(certStoreRootDirParam); + cfg = new DefaultPKIConfiguration(certStoreConf.getParameters()); + cfg.setChainingMode(chainingMode); + Logger.info("Set-up PKI module configuration ... "); + + } + PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation); profile.setPreferredServiceOrder(revocationMethodOrder); // This call fixes a bug occuring when PKIConfiguration is |