aboutsummaryrefslogtreecommitdiff
path: root/id/server/moa-id-commons
diff options
context:
space:
mode:
authorChristian Maierhofer <cmaierhofer@iaik.tugraz.at>2016-06-29 11:16:35 +0200
committerChristian Maierhofer <cmaierhofer@iaik.tugraz.at>2016-06-29 11:16:35 +0200
commitad156aaec0e4e8cd97a6eee6aa96e9d5700d0b4f (patch)
tree046064b84e29aada56546439db931fe830cd9eb4 /id/server/moa-id-commons
parent7717d75918fb63ee7e9d7bf31de2696577b7e991 (diff)
parentb3aa8b6d444e7dee51e1145e3192b191ae24b1d4 (diff)
downloadmoa-id-spss-ad156aaec0e4e8cd97a6eee6aa96e9d5700d0b4f.tar.gz
moa-id-spss-ad156aaec0e4e8cd97a6eee6aa96e9d5700d0b4f.tar.bz2
moa-id-spss-ad156aaec0e4e8cd97a6eee6aa96e9d5700d0b4f.zip
Merge branch 'eIDAS_node_implementation_remote' into moapid-3.2-opb-redis
Conflicts: id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
Diffstat (limited to 'id/server/moa-id-commons')
-rw-r--r--id/server/moa-id-commons/pom.xml12
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java3
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java5
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java43
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java3
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java7
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java20
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java11
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java20
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java25
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java44
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java81
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java67
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java70
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java80
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java12
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java3
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java244
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java2
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java181
22 files changed, 235 insertions, 702 deletions
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 613698fc6..4e8d77a4f 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -97,16 +97,18 @@
<groupId>iaik.prod</groupId>
<artifactId>iaik_jce_full</artifactId>
</dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_moa</artifactId>
- </dependency>
+ <dependency>
+ <groupId>MOA.id</groupId>
+ <artifactId>moa-spss-container</artifactId>
+ <version>${moa-id-version}</version>
+ </dependency>
+
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_X509TrustManager</artifactId>
</dependency>
-
+
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
index 6726aacb5..27744273f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDConstants.java
@@ -40,11 +40,13 @@ public class MOAIDConstants {
public static final String PREFIX_WPBK = "urn:publicid:gv.at:wbpk+";
public static final String PREFIX_STORK = "urn:publicid:gv.at:storkid+";
+ public static final String PREFIX_EIDAS = "urn:publicid:gv.at:eidasid+";
public static final String IDENIFICATIONTYPE_FN = "FN";
public static final String IDENIFICATIONTYPE_ERSB = "ERSB";
public static final String IDENIFICATIONTYPE_ZVR = "ZVR";
public static final String IDENIFICATIONTYPE_STORK = "STORK";
+ public static final String IDENIFICATIONTYPE_EIDAS = "eIDAS";
public static final String KEYBOXIDENTIFIER_SECURE = "SecureSignatureKeypair";
public static final String KEYBOXIDENTIFIER_CERTIFIED = "CertifiedKeypair";
@@ -71,6 +73,7 @@ public class MOAIDConstants {
tmp.put(IDENIFICATIONTYPE_ZVR, "Vereinsnummer");
tmp.put(IDENIFICATIONTYPE_ERSB, "ERsB Kennzahl");
tmp.put(IDENIFICATIONTYPE_STORK, "STORK");
+ tmp.put(IDENIFICATIONTYPE_EIDAS, "eIDAS");
BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp);
List<String> awbpk = new ArrayList<String>();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
index b23b4474b..25919a937 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IRequest.java
@@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.commons.api;
import java.util.Collection;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+
import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException;
public interface IRequest {
@@ -193,9 +195,10 @@ public interface IRequest {
/**
* This method get a Set of PVP 2.1 attribute, which are request by this pending-request.
+ * @param metadataProvider SAML2 Metadata Provider, or null if no metadata provider is required
*
* @return A set of PVP attribute names or null if no attributes are requested
* or the Service Provider, which sends this request needs no attributes
*/
- public Collection<String> getRequestedAttributes();
+ public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider);
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
index 63d8f463c..e865c4ed6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java
@@ -22,8 +22,6 @@ moaidconfigmoaidconfigmoaidconfig * Copyright 2014 Federal Chancellery Austria
*/
package at.gv.egovernment.moa.id.commons.config;
-import iaik.x509.X509Certificate;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
@@ -88,6 +86,7 @@ import at.gv.egovernment.moa.id.commons.validation.TargetValidator;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
/**
* @author tlenz
@@ -185,6 +184,10 @@ public class ConfigurationMigrationUtils {
if (MOAIDConfigurationConstants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, split[1]);
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[2]);
+
+ } else if (MOAIDConfigurationConstants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) {
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS);
+ result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE, split[1] + "+" + split[2]);
} else if (MOAIDConfigurationConstants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE, MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK);
@@ -240,17 +243,20 @@ public class ConfigurationMigrationUtils {
if (templates != null) {
List<TemplateType> templatetype = templates.getTemplate();
if (templatetype != null) {
- if (templatetype.size() > 0) {
+ if (templatetype.size() > 0 &&
+ MiscUtil.isNotEmpty(templatetype.get(0).getURL())) {
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_FIRST_VALUE, templatetype.get(0).getURL());
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY, Boolean.TRUE.toString());
} else
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_LEGACY, Boolean.FALSE.toString());
- if (templatetype.size() > 1)
+ if (templatetype.size() > 1 &&
+ MiscUtil.isNotEmpty(templatetype.get(1).getURL()))
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_SECOND_VALUE, templatetype.get(1).getURL());
- if (templatetype.size() > 2)
+ if (templatetype.size() > 2 &&
+ MiscUtil.isNotEmpty(templatetype.get(2).getURL()))
result.put(MOAIDConfigurationConstants.SERVICE_AUTH_BKU_TEMPLATE_THIRD_VALUE, templatetype.get(2).getURL());
}
@@ -757,9 +763,15 @@ public class ConfigurationMigrationUtils {
if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) != null &&
oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE) != null) {
- if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) {
+
+ if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_EIDAS)) {
+ idnumber.setValue(MOAIDConfigurationConstants.PREFIX_EIDAS + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
+ idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
+
+ } else if (oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE).equals(MOAIDConfigurationConstants.IDENIFICATIONTYPE_STORK)) {
idnumber.setValue(MOAIDConfigurationConstants.PREFIX_STORK + "AT" + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
+
} else {
idnumber.setValue(MOAIDConfigurationConstants.PREFIX_WPBK + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE) + "+" + oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_VALUE));
idnumber.setType(MOAIDConfigurationConstants.BUSINESSSERVICENAMES.get(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_BUSINESS_TYPE)));
@@ -1259,10 +1271,16 @@ public class ConfigurationMigrationUtils {
if (list.contains(MOA_CONFIG_PROTOCOL_SAML1))
result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_LEGACY,
Boolean.TRUE.toString());
+ else
+ result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_LEGACY,
+ Boolean.FALSE.toString());
if (list.contains(MOA_CONFIG_PROTOCOL_PVP2))
result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_LEGACY,
Boolean.TRUE.toString());
+ else
+ result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_LEGACY,
+ Boolean.FALSE.toString());
}
SAML1 saml1 = protocols.getSAML1();
@@ -1277,14 +1295,18 @@ public class ConfigurationMigrationUtils {
result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_SOURCEID,
saml1.getSourceID());
- }
+ } else
+ result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_SAML1_ENABLED,
+ Boolean.FALSE.toString());
OAuth oauth = protocols.getOAuth();
if (oauth != null) {
result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED,
String.valueOf(oauth.isIsActive()));
- }
+ } else
+ result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_OPENID_ENABLED,
+ Boolean.FALSE.toString());
PVP2 pvp2 = protocols.getPVP2();
if (pvp2 != null) {
@@ -1323,7 +1345,10 @@ public class ConfigurationMigrationUtils {
result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_METADATA_ORG_URL,
org.getURL());
}
- }
+
+ } else
+ result.put(MOAIDConfigurationConstants.GENERAL_PROTOCOLS_PVP2X_ENABLED,
+ Boolean.FALSE.toString());
}
SecurityLayer seclayer = auth.getSecurityLayer();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
index 7c542da09..4c6cd16c0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java
@@ -68,7 +68,7 @@ public class AssertionStore implements Serializable{
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "id", unique=true, nullable=false)
private long id;
-
+
@Column(name = "artifact", unique=true, nullable=false)
private String artifact;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
index 96c6f3658..eeaf03544 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java
@@ -67,12 +67,13 @@ import org.hibernate.annotations.DynamicUpdate;
public class AuthenticatedSessionStore implements Serializable{
private static final long serialVersionUID = 1L;
-
+
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "id", unique=true, nullable=false)
private long id;
+
@Column(name = "sessionid", unique=true, nullable=false)
private String sessionid;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 2ade63c1c..142e9a23a 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -22,15 +22,12 @@
*/
package at.gv.egovernment.moa.id.commons.utils;
-import iaik.pki.PKIException;
-
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
-import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import org.apache.commons.httpclient.ConnectTimeoutException;
@@ -39,7 +36,7 @@ import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+import iaik.pki.PKIException;
/**
* @author tlenz
@@ -62,7 +59,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
super();
try {
- this.sslfactory = SSLUtils.getSSLSocketFactory(
+ this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
url,
certStoreRootDirParam,
trustStoreURL,
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
index 00e750f58..dcbec6bf6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java
@@ -46,13 +46,17 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
+import java.io.File;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+
import at.gv.egovernment.moa.logging.Logger;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.CertStoreTypes;
import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
-
-import java.io.File;
+import iaik.pki.store.certstore.directory.VirtualCertStore;
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
@@ -153,4 +157,16 @@ public class CertStoreConfigurationImpl extends ObservableImpl
return CertStoreTypes.DIRECTORY;
}
+ /* (non-Javadoc)
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores()
+ */
+ @Override
+ public Set getVirtualStores() {
+ //TODO: only for Testing and not complete !!!Ask Harald !!!!
+
+ Map<String, VirtualCertStore> vCertStore = new HashMap<String, VirtualCertStore>();
+ return vCertStore.keySet();
+
+ }
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index eaef3f1d4..bcd38c638 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -57,9 +57,8 @@ import java.util.ArrayList;
import java.util.List;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.logging.LoggingContext;
-import at.gv.egovernment.moa.logging.LoggingContextManager;
-
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import iaik.pki.jsse.IAIKX509TrustManager;
/**
@@ -95,14 +94,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
* Fixes a bug occuring in the case MOA-SP is called by API.
* In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
* This method must be called before a MOAIDTrustManager is constructed,
- * from every thread.
- */
+ * from every thread.
+ */
public static void initializeLoggingContext() {
if (LoggingContextManager.getInstance().getLoggingContext() == null)
LoggingContextManager.getInstance().setLoggingContext(
new LoggingContext(Thread.currentThread().getName()));
}
-
+
/**
* Builds an Array of accepted server certificates from an URL,
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
index 5d8c7a54e..3eb4707c8 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java
@@ -60,6 +60,10 @@ import iaik.pki.store.revocation.archive.ArchiveConfiguration;
* @version $Id$
*/
public class PKIConfigurationImpl implements PKIConfiguration {
+
+ private static final int TIMEOUT_READ = 60; //[sec]
+ private static final int TIMEOUT_CONNECTION = 60; //[sec]
+
/** The configuration for the CertStore */
private CertStoreConfiguration certStoreConfiguration;
/** The configuration for the RevocationChecks */
@@ -108,11 +112,19 @@ public class PKIConfigurationImpl implements PKIConfiguration {
}
/* (non-Javadoc)
- * @see iaik.pki.PKIConfiguration#getTimeout()
+ * @see iaik.pki.PKIConfiguration#getConnectTimeout()
*/
- public int getTimeout() {
- // TODO Auto-generated method stub
- return 0;
+@Override
+public int getConnectTimeout() {
+ return TIMEOUT_CONNECTION * 1000;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIConfiguration#getReadTimeout()
+ */
+@Override
+public int getReadTimeout() {
+ return TIMEOUT_READ * 1000;
}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 59994a257..a34fa9b8b 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -96,13 +96,6 @@ public class PKIProfileImpl extends ObservableImpl
}
/**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- public boolean autoAddCertificates() {
- return true;
- }
-
- /**
* @see iaik.pki.PKIProfile#getRevocationProfile()
*/
public RevocationProfile getRevocationProfile() {
@@ -227,4 +220,22 @@ public class PKIProfileImpl extends ObservableImpl
public void setId(String id) {
this.id = id;
}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#autoAddCertificates()
+ */
+@Override
+public int autoAddCertificates() {
+ //TODO: ask harald!!!!!
+ return 1;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile()
+ */
+@Override
+public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
+ //TODO: ask harald!!!!!
+ return null;
+}
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
index b5e0543db..40d081ea4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java
@@ -46,13 +46,16 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.revocation.RevocationConfiguration;
-
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
import java.util.Set;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.revocation.dbcrl.config.DBCrlConfig;
+
/**
* Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
* @author Paul Ivancsics
@@ -81,4 +84,41 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc
return null;
}
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo()
+ */
+@Override
+public boolean getKeepRevocationInfo() {
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders()
+ */
+@Override
+public Set getPositiveOCSPResponders() {
+
+ //TODO: !!!!! ASK Harald !!!!!
+ Map<String, String> test = new HashMap<String, String>();
+ test.put("ALL", "ALL");
+ return test.keySet();
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints()
+ */
+@Override
+public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() {
+ //TODO: !!!!! ASK Harald !!!!!
+ return false;
+}
+
+/* (non-Javadoc)
+ * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig()
+ */
+@Override
+public DBCrlConfig getDataBaseCRLConfig() {
+ return null;
+}
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index 68437a04d..503e0bfc4 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -46,25 +46,28 @@
package at.gv.egovernment.moa.id.commons.utils.ssl;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
-import iaik.security.provider.IAIK;
-
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.KeyStore;
import java.security.Security;
import java.util.HashMap;
import java.util.Map;
import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+import iaik.pki.jsse.IAIKX509TrustManager;
+//import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.provider.IAIK;
/**
@@ -136,7 +139,7 @@ public class SSLUtils {
acceptedServerCertURL,
checkRevocation);
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+ KeyManager[] kms = getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kms, tms, null);
@@ -154,6 +157,68 @@ public class SSLUtils {
}
/**
+ * Loads the client key store from file and gets the
+ * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+ * @param clientKeyStoreURL URL of key store containing keys to be used for
+ * client authentication; if <code>null</code>, the default key store will be utilized
+ * @param clientKeyStorePassword password used to check the integrity of the client key store;
+ * if <code>null</code>, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws IOException thrown while reading from the key store file
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ String clientKeyStoreType,
+ String clientKeyStoreURL,
+ String clientKeyStorePassword)
+ throws IOException, GeneralSecurityException {
+
+ if (clientKeyStoreURL == null)
+ return null;
+
+ // Set up the KeyStore to use. We need to load the file into
+ // a KeyStore instance.
+ KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
+ clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+ return getKeyManagers(clientKeyStore, clientKeyStorePassword);
+ }
+ /**
+ * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+ * initialized from the given client key store.
+ * @param clientKeyStore client key store
+ * @param clientKeyStorePassword if provided, it will be used to check
+ * the integrity of the client key store; if omitted, it will not be checked
+ * @return <code>KeyManager</code>s to be used for creating an
+ * <code>SSLSocketFactory</code> utilizing the given client key store
+ * @throws GeneralSecurityException thrown while initializing the
+ * default <code>KeyManagerFactory</code>
+ */
+ public static KeyManager[] getKeyManagers (
+ KeyStore clientKeyStore,
+ String clientKeyStorePassword)
+ throws GeneralSecurityException {
+
+ if (clientKeyStore == null)
+ return null;
+
+ // Now we initialize the default KeyManagerFactory with this KeyStore
+ String alg=KeyManagerFactory.getDefaultAlgorithm();
+ KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
+ char[] password = null;
+ if (clientKeyStorePassword != null)
+ password = clientKeyStorePassword.toCharArray();
+ kmFact.init(clientKeyStore, password);
+
+ // And now get the KeyManagers
+ KeyManager[] kms=kmFact.getKeyManagers();
+ return kms;
+ }
+
+ /**
* Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
* using configuration data.
*
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
deleted file mode 100644
index 51667f010..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * A unified message type to log messages from inside the MOA subsystem.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LogMsg {
- /** The message to log. */
- private Object message;
-
- /**
- * Create a <code>LogMsg</code> object.
- *
- * @param message The actual message to log. May be <code>null</code>.
- */
- public LogMsg(Object message) {
- this.message = message;
- }
-
- /**
- * Convert this log message to a <code>String</code>.
- *
- * @return The <code>String</code> representation of this log message.
- */
- public String toString() {
- StringBuffer msg = new StringBuffer();
- LoggingContext ctx =
- LoggingContextManager.getInstance().getLoggingContext();
- String tid = ctx != null ? ctx.getTransactionID() : null;
- String nodeId = ctx != null ? ctx.getNodeID() : null;
-
- msg.append("TID=");
- msg.append(tid != null ? tid : "<null>");
- msg.append(" NID=");
- msg.append(nodeId != null ? nodeId : "<null>");
- msg.append(" MSG=");
- msg.append(message != null ? message.toString() : "<null>");
-
- return msg.toString();
- }
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java
deleted file mode 100644
index db4b93a0b..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * Encapsulates contextual information (i.e. per request information) for
- * logging purposes.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LoggingContext {
- /** The name of the node ID system property. */
- public static final String NODE_ID_PROPERTY = "moa.node-id";
-
- /** The current transaction ID. */
- private String transactionID;
- /** The node ID. */
- private String nodeID;
-
- /**
- * Create a new <code>LoggingContext</code>.
- *
- * @param transactionID The transaction ID. May be <code>null</code>.
- */
- public LoggingContext(String transactionID) {
- this.transactionID = transactionID;
- this.nodeID = System.getProperty(NODE_ID_PROPERTY);
- }
-
- /**
- * Return the transaction ID.
- *
- * @return The transaction ID.
- */
- public String getTransactionID() {
- return transactionID;
- }
-
- /**
- * Return the node ID.
- *
- * @return The node ID.
- */
- public String getNodeID() {
- return nodeID;
- }
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
deleted file mode 100644
index f0d7b4c07..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.logging;
-
-/**
- * Provides each thread with a single instance of <code>LoggingContext</code>.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class LoggingContextManager {
- /** The single instance of this class. */
- private static LoggingContextManager instance = null;
-
- /** The <code>LoggingContext</code> for each thread. */
- private ThreadLocal context;
-
- /**
- * Get the single instance of the <code>LoggingContextManager</code> class.
- *
- * @return LoggingContextManager The single instance.
- */
- public static synchronized LoggingContextManager getInstance() {
- if (instance == null) {
- instance = new LoggingContextManager();
- }
- return instance;
- }
-
- /**
- * Creates a new <code>LoggingContextManager</code>.
- *
- * Protected to disallow direct instantiation.
- */
- protected LoggingContextManager() {
- context = new ThreadLocal();
- }
-
- /**
- * Set the <code>LoggingContext</code> context for the current thread.
- *
- * @param ctx The <code>LoggingContext</code> for the current thread.
- */
- public void setLoggingContext(LoggingContext ctx) {
- context.set(ctx);
- }
-
- /**
- * Return the <code>LoggingContext</code> for the current thread.
- *
- * @return LoggingContext The <code>LoggingContext</code> for the current
- * thread, or <code>null</code> if none has been set.
- */
- public LoggingContext getLoggingContext() {
- return (LoggingContext) context.get();
- }
-
-}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 95cd63643..fed968443 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -49,6 +49,7 @@ import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import org.apache.commons.io.IOUtils;
import org.apache.xerces.parsers.DOMParser;
import org.apache.xerces.parsers.SAXParser;
import org.apache.xerces.parsers.XMLGrammarPreparser;
@@ -225,12 +226,13 @@ public class DOMUtils {
byte buffer [] = null;
ByteArrayInputStream baStream = null;
if(true == Logger.isDebugEnabled()) {
- int len = inputStream.available();
- buffer = new byte[len];
- inputStream.read(buffer);
+ buffer = IOUtils.toByteArray(inputStream);
baStream = new ByteArrayInputStream(buffer);
- }
+ }
+
+
+
// create the DOM parser
if (symbolTable != null) {
parser = new DOMParser(symbolTable, grammarPool);
@@ -298,7 +300,7 @@ public class DOMUtils {
else
parser.parse(new InputSource(inputStream));
} catch(SAXException e) {
- if(true == Logger.isDebugEnabled() && null != buffer) {
+ if(true == Logger.isDebugEnabled() && null != buffer) {
String xmlContent = new String(buffer);
Logger.debug("SAXException in:\n" + xmlContent);
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
index 8f3ffd4c6..b1a3f8446 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java
@@ -31,7 +31,6 @@ import org.apache.xerces.util.URI.MalformedURIException;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -72,7 +71,7 @@ public class MOAEntityResolver implements EntityResolver {
if (Logger.isDebugEnabled()) {
Logger.debug(
- new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
+ new at.gv.egovernment.moaspss.logging.LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
}
if (publicId != null) {
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
index 3769b264d..ea71a677f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java
@@ -28,8 +28,8 @@ import org.apache.xml.utils.DefaultErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
-import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moaspss.logging.LogMsg;
/**
* An <code>ErrorHandler</code> that logs a message and throws a
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
deleted file mode 100644
index c2c67ec58..000000000
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.util;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-
-/**
- * Utility for connecting to server applications via SSL.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtils {
-
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes the given trust store.
- *
- * @param trustStoreType key store type of trust store
- * @param trustStoreInputStream input stream for reading JKS trust store containing
- * trusted server certificates; if <code>null</code>, the default
- * trust store will be utilized
- * @param trustStorePassword if provided, it will be used to check
- * the integrity of the trust store; if omitted, it will not be checked
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading from the input stream
- * @throws GeneralSecurityException thrown while creating the socket factory
- */
- public static SSLSocketFactory getSSLSocketFactory(
- String trustStoreType,
- InputStream trustStoreInputStream,
- String trustStorePassword)
- throws IOException, GeneralSecurityException {
-
- TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword);
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(null, tms, null);
-
- SSLSocketFactory sf = ctx.getSocketFactory();
- return sf;
- }
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes the
- * given trust store and keystore.
- *
- * @param trustStore trust store containing trusted server certificates;
- * if <code>null</code>, the default trust store will be utilized
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the socket factory
- */
- public static SSLSocketFactory getSSLSocketFactory(
- KeyStore trustStore,
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- SSLContext ctx = getSSLContext(
- trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- SSLSocketFactory sf = ctx.getSocketFactory();
- return sf;
- }
- /**
- * Creates an <code>SSLContext</code> initialized for the
- * given trust store and keystore.
- *
- * @param trustStore trust store containing trusted server certificates;
- * if <code>null</code>, the default trust store will be utilized
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>SSLContext</code> to be used for creating an <code>SSLSocketFactory</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the SSL context
- */
- public static SSLContext getSSLContext(
- KeyStore trustStore,
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- TrustManager[] tms = getTrustManagers(trustStore);
- KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null);
- return ctx;
- }
- /**
- * Loads the trust store from an input stream and gets the
- * <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
- * initialized from the given trust store.
- * @param trustStoreType key store type of trust store
- * @param trustStoreInputStream input stream for reading JKS trust store containing
- * trusted server certificates; if <code>null</code>, the default
- * trust store will be utilized
- * @param trustStorePassword if provided, it will be used to check
- * the integrity of the trust store; if omitted, it will not be checked
- * @return <code>TrustManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given trust store
- * @throws IOException thrown while reading from the input stream
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>TrustManagerFactory</code>
- */
- protected static TrustManager[] getTrustManagers(
- String trustStoreType,
- InputStream trustStoreInputStream,
- String trustStorePassword)
- throws IOException, GeneralSecurityException {
-
- if (trustStoreInputStream == null)
- return null;
-
- // Set up the TrustStore to use. We need to load the file into
- // a KeyStore instance.
- KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword);
- return getTrustManagers(trustStore);
- }
- /**
- * Gets the <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
- * initialized from the given trust store.
- *
- * @param trustStore the trust store to use
- * @return <code>TrustManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given trust store
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>TrustManagerFactory</code>
- */
- protected static TrustManager[] getTrustManagers(KeyStore trustStore)
- throws GeneralSecurityException {
-
- if (trustStore == null)
- return null;
-
- // Initialize the default TrustManagerFactory with this KeyStore
- String alg=TrustManagerFactory.getDefaultAlgorithm();
- TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
- tmFact.init(trustStore);
-
- // And now get the TrustManagers
- TrustManager[] tms=tmFact.getTrustManagers();
- return tms;
- }
- /**
- * Loads the client key store from file and gets the
- * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
- * initialized from the given client key store.
- * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
- * @param clientKeyStoreURL URL of key store containing keys to be used for
- * client authentication; if <code>null</code>, the default key store will be utilized
- * @param clientKeyStorePassword password used to check the integrity of the client key store;
- * if <code>null</code>, it will not be checked
- * @return <code>KeyManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given client key store
- * @throws IOException thrown while reading from the key store file
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>KeyManagerFactory</code>
- */
- public static KeyManager[] getKeyManagers (
- String clientKeyStoreType,
- String clientKeyStoreURL,
- String clientKeyStorePassword)
- throws IOException, GeneralSecurityException {
-
- if (clientKeyStoreURL == null)
- return null;
-
- // Set up the KeyStore to use. We need to load the file into
- // a KeyStore instance.
- KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
- clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
- return getKeyManagers(clientKeyStore, clientKeyStorePassword);
- }
- /**
- * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
- * initialized from the given client key store.
- * @param clientKeyStore client key store
- * @param clientKeyStorePassword if provided, it will be used to check
- * the integrity of the client key store; if omitted, it will not be checked
- * @return <code>KeyManager</code>s to be used for creating an
- * <code>SSLSocketFactory</code> utilizing the given client key store
- * @throws GeneralSecurityException thrown while initializing the
- * default <code>KeyManagerFactory</code>
- */
- public static KeyManager[] getKeyManagers (
- KeyStore clientKeyStore,
- String clientKeyStorePassword)
- throws GeneralSecurityException {
-
- if (clientKeyStore == null)
- return null;
-
- // Now we initialize the default KeyManagerFactory with this KeyStore
- String alg=KeyManagerFactory.getDefaultAlgorithm();
- KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
- char[] password = null;
- if (clientKeyStorePassword != null)
- password = clientKeyStorePassword.toCharArray();
- kmFact.init(clientKeyStore, password);
-
- // And now get the KeyManagers
- KeyManager[] kms=kmFact.getKeyManagers();
- return kms;
- }
-}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
index c0a93bf03..df4fe807f 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
@@ -34,7 +34,7 @@ import junit.framework.TestSuite;
*/
public class AllTests {
- public static Test suite() {
+ public static Test suite() {
TestSuite suite = new TestSuite();
// suite.addTestSuite(DOMUtilsTest.class);
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
deleted file mode 100644
index 2b5094fb8..000000000
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package test.at.gv.egovernment.moa.util;
-
-import java.net.URL;
-import java.security.KeyStore;
-import java.security.Security;
-
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSocketFactory;
-
-import junit.framework.TestCase;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.SSLUtils;
-
-import com.sun.net.ssl.HostnameVerifier;
-import com.sun.net.ssl.HttpsURLConnection;
-
-/**
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtilsTest extends TestCase {
-
- public SSLUtilsTest(String arg0) {
- super(arg0);
- }
-
-
- protected void setUp() throws Exception {
- //System.setProperty("javax.net.debug", "all");
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
- System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5");
- }
-
- public void testGetSSLSocketFactoryBaltimoreOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.baltimore.com/",
- false,
- "file:data/test/security/cacerts+gt_cybertrust_root",
- "changeit",
- true);
- }
- public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.baltimore.com/",
- false,
- "file:data/test/security/cacerts",
- "changeit",
- false);
- }
- public void testGetSSLSocketFactoryVerisignOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.verisign.com/",
- false,
- "file:data/test/security/cacerts",
- "changeit",
- true);
- }
- public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception {
- doTestGetSSLSocketFactory(
- "GET",
- "https://www.verisign.com/",
- false,
- null,
- null,
- true);
- }
- public void testGetSSLSocketFactoryLocalhostOK() throws Exception {
- String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
- doTestGetSSLSocketFactory(
- "GET",
- urlString,
- true,
- "file:data/test/security/server.keystore.tomcat",
- "changeit",
- true);
- }
- public void testGetSSLSocketFactoryLocalhostNOK() throws Exception {
- String urlString = "https://localhost:8443/moa-id-auth/index.jsp";
- doTestGetSSLSocketFactory(
- "GET",
- urlString,
- true,
- null,
- null,
- false);
- }
-
- public void doTestGetSSLSocketFactory(
- String requestMethod,
- String urlString,
- boolean useHostnameVerifierHack,
- String truststoreurl,
- String trustpassword,
- boolean shouldOk
- ) throws Exception {
-
- doTestGetSSLSocketFactory(
- requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk);
- }
- public void doTestGetSSLSocketFactory(
- String requestMethod,
- String urlString,
- boolean useHostnameVerifierHack,
- String truststoreurl,
- String trustpassword,
- String keystoretype,
- String keystoreurl,
- String keypassword,
- boolean shouldOk
- ) throws Exception {
-
- KeyStore truststore = null;
- if (truststoreurl != null)
- truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword);
- SSLSocketFactory sf = SSLUtils.getSSLSocketFactory(
- truststore, keystoretype, keystoreurl, keypassword);
- System.out.println(requestMethod + " " + urlString);
-
- URL url = new URL(urlString);
- HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
- conn.setRequestMethod(requestMethod);
- conn.setDoInput(true);
- conn.setDoOutput(true);
- conn.setUseCaches(false);
- conn.setAllowUserInteraction(false);
- conn.setSSLSocketFactory(sf);
- if (useHostnameVerifierHack)
- conn.setHostnameVerifier(new HostnameVerifierHack());
- try {
- conn.connect();
- assertTrue(shouldOk);
- assertEquals(200, conn.getResponseCode());
- conn.disconnect();
- }
- catch (SSLException ex) {
- assertFalse(shouldOk);
- }
- }
-// private byte[] readTruststore(String filename) throws IOException {
-// if (filename == null)
-// return null;
-// FileInputStream in = new FileInputStream(filename);
-// byte[] buffer = new byte[in.available()];
-// in.read(buffer);
-// in.close();
-// return buffer;
-// }
- private class HostnameVerifierHack implements HostnameVerifier {
- public boolean verify(String arg0, String arg1) {
- return true;
- }
- }
-}