aboutsummaryrefslogtreecommitdiff
path: root/id/server
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 15:49:27 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-05-07 15:49:27 +0200
commitb0782a62b34a8343968a456ed754f55cc41daf0f (patch)
treecb57bc6017055cdfbb0e77243831708af1ac8e3b /id/server
parent0cdb39bbfbacbea3f809872f2570709eeca91ccf (diff)
downloadmoa-id-spss-b0782a62b34a8343968a456ed754f55cc41daf0f.tar.gz
moa-id-spss-b0782a62b34a8343968a456ed754f55cc41daf0f.tar.bz2
moa-id-spss-b0782a62b34a8343968a456ed754f55cc41daf0f.zip
add customized HttpClient which can use the MOA Truststore to verfiy SSL connections
Diffstat (limited to 'id/server')
-rw-r--r--id/server/moa-id-commons/pom.xml4
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java42
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java129
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java12
-rw-r--r--id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java100
5 files changed, 285 insertions, 2 deletions
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 81513518f..1831d0e1c 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -65,6 +65,10 @@
<version>3.3.1</version>
</dependency>
<dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ </dependency>
+ <dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
<type>jar</type>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
new file mode 100644
index 000000000..c6d8b1d79
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.ex;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactoryException extends Exception {
+
+ private static final long serialVersionUID = 4934502074731319897L;
+
+
+ public MOAHttpProtocolSocketFactoryException(String message) {
+ super(message);
+ }
+
+ public MOAHttpProtocolSocketFactoryException(String message, Throwable e) {
+ super(message, e );
+ }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
new file mode 100644
index 000000000..3b6fc34ea
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+
+
+ private SSLSocketFactory sslfactory = null;
+
+ public MOAHttpProtocolSocketFactory (
+ String url,
+ String certStoreRootDirParam,
+ String trustStoreURL,
+ String acceptedServerCertURL,
+ ChainingModeType chainingMode,
+ boolean checkRevocation
+ ) throws MOAHttpProtocolSocketFactoryException {
+ super();
+
+ try {
+ this.sslfactory = SSLUtils.getSSLSocketFactory(
+ url,
+ certStoreRootDirParam,
+ trustStoreURL,
+ acceptedServerCertURL,
+ chainingMode.value(),
+ checkRevocation,
+ null,
+ null,
+ null);
+
+ } catch (IOException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ } catch (GeneralSecurityException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ } catch (SSLConfigurationException e) {
+ throw new MOAHttpProtocolSocketFactoryException("SSL Configuration loading FAILED.", e);
+
+ } catch (PKIException e) {
+ throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+
+ }
+
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int)
+ */
+ public Socket createSocket(String host, int port, InetAddress localAddress,
+ int localPort) throws IOException, UnknownHostException {
+ return this.sslfactory.createSocket(host, port,
+ localAddress, localPort);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams)
+ */
+ public Socket createSocket(String host, int port, InetAddress localAddress,
+ int localPort, HttpConnectionParams params) throws IOException,
+ UnknownHostException, ConnectTimeoutException {
+ return this.sslfactory.createSocket(host, port,
+ localAddress, localPort);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int)
+ */
+ public Socket createSocket(String host, int port) throws IOException,
+ UnknownHostException {
+ return this.sslfactory.createSocket(host, port);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
+ */
+ public Socket createSocket(Socket socket, String host, int port,
+ boolean autoClose) throws IOException, UnknownHostException {
+ return this.sslfactory.createSocket(socket, host,
+ port, autoClose);
+ }
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index eed8b25e0..68437a04d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -139,12 +139,19 @@ public class SSLUtils {
KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null); ssf = ctx.getSocketFactory();
+ ctx.init(kms, tms, null);
+ ssf = ctx.getSocketFactory();
// store SSLSocketFactory
sslSocketFactories.put(url, ssf);
return ssf;
}
+ public static void removeSSLSocketFactory(String url) {
+ Logger.info("Remove SSLSocketFactory for URL " + url);
+ if (sslSocketFactories.containsKey(url))
+ sslSocketFactories.remove(url);
+
+ }
/**
* Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
@@ -158,7 +165,7 @@ public class SSLUtils {
* @throws IOException on data-reading problems
* @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
*/
- public static TrustManager[] getTrustManagers(String certStoreRootDirParam,
+ private static TrustManager[] getTrustManagers(String certStoreRootDirParam,
String chainingMode, String trustStoreURL, String acceptedServerCertURL,
boolean checkRevocation)
throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
@@ -175,4 +182,5 @@ public class SSLUtils {
tm.init(cfg, profile);
return new TrustManager[] {tm};
}
+
}
diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
new file mode 100644
index 000000000..e4aa6a284
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package org.apache.commons.httpclient;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import org.apache.commons.httpclient.HostConfiguration;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpException;
+import org.apache.commons.httpclient.HttpMethod;
+import org.apache.commons.httpclient.HttpMethodDirector;
+import org.apache.commons.httpclient.HttpState;
+import org.apache.commons.httpclient.URI;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+
+/**
+ * @author tlenz
+ *
+ *HTTP client which can be used with MOA SSL TrustStore implementation
+ *
+ */
+public class MOAHttpClient extends HttpClient {
+
+
+ public void setCustomSSLTrustStore(String metadataURL, SecureProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException {
+ ;
+
+ URL url = new URL(metadataURL);
+ int port = -1;
+ if (url.getPort() < 0)
+ port = url.getDefaultPort();
+ else
+ port = url.getPort();
+
+ Protocol authhttps = new Protocol("https", protoSocketFactory, port);
+ getHostConfiguration().setHost(url.getHost(), port, authhttps);
+
+ }
+
+ public int executeMethod(HostConfiguration hostconfig,
+ final HttpMethod method, final HttpState state)
+ throws IOException, HttpException {
+
+ if (method == null) {
+ throw new IllegalArgumentException("HttpMethod parameter may not be null");
+ }
+ HostConfiguration defaulthostconfig = getHostConfiguration();
+ if (hostconfig == null) {
+ hostconfig = defaulthostconfig;
+ }
+ URI uri = method.getURI();
+ if (hostconfig == defaulthostconfig || uri.isAbsoluteURI()) {
+ // make a deep copy of the host defaults
+ hostconfig = (HostConfiguration) hostconfig.clone();
+
+ /**
+ * Only build default host with default protocol if protocol is empty
+ *
+ * In case of https, the methode setCustomSSLTrustStore can be used to set a
+ * the MOA TrustStore for SSL connection validation
+ */
+ if (uri.isAbsoluteURI() && hostconfig.getProtocol() == null) {
+ hostconfig.setHost(uri);
+ }
+ }
+
+ HttpMethodDirector methodDirector = new HttpMethodDirector(
+ getHttpConnectionManager(),
+ hostconfig,
+ getParams(),
+ (state == null ? getState() : state));
+ methodDirector.executeMethod(method);
+ return method.getStatusCode();
+ }
+}