2 files changed, 44 insertions, 12 deletions

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 50b2c5ece..d5c7c812d 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -88,6 +88,7 @@ config.24=MOA-ID-Auth Configfile {1} does not start with {0} prefix.
 config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt. 

 config.26=Federated IDP {0} contains no AttributeQuery URL.

 config.27=Fehler beim Verarbeiten eines Konfigurationsparameters. Msg:{0} 

+config.28=Fehler beim initialisieren des SSL-TrustManagers. Zertifikat {0} kann nicht geladen werden; Ursache: {1}

 

 parser.00=Leichter Fehler beim Parsen: {0}

 parser.01=Fehler beim Parsen: {0}

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index 9fc6f799d..beb6cc1c6 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -57,6 +57,7 @@ import java.util.ArrayList;
 import java.util.List;
 
 import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 import iaik.pki.jsse.IAIKX509TrustManager;
@@ -72,16 +73,17 @@ import iaik.pki.jsse.IAIKX509TrustManager;
 public class MOAIDTrustManager extends IAIKX509TrustManager {
   
   /** an x509Certificate array containing all accepted server certificates*/
-  private X509Certificate[] acceptedServerCertificates;
+  private X509Certificate[] acceptedServerCertificates = null;
 
   /**
    * Constructor
    * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
    * @throws GeneralSecurityException occurs on security errors
    * @throws IOException occurs on IO errors
+ * @throws SSLConfigurationException 
    */
   public MOAIDTrustManager(String acceptedServerCertificateStoreURL) 
-    throws IOException, GeneralSecurityException {
+    throws IOException, GeneralSecurityException, SSLConfigurationException {
     
     if (acceptedServerCertificateStoreURL != null)
       buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
@@ -111,26 +113,55 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
    *         containing accepted server X509 certificates
    * @throws GeneralSecurityException on security errors
    * @throws IOException on any IO errors
+ * @throws SSLConfigurationException 
    */
   private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) 
-    throws IOException, GeneralSecurityException {
-
+    throws IOException, GeneralSecurityException, SSLConfigurationException {	  
     List<X509Certificate> certList = new ArrayList<X509Certificate>();
     URL storeURL = new URL(acceptedServerCertificateStoreURL);
     File storeDir = new File(storeURL.getFile());
     // list certificate files in directory
-    File[] certFiles = storeDir.listFiles(); 
+    File[] certFiles = storeDir.listFiles();
     for (int i = 0; i < certFiles.length; i++) {
-      // for each: create an X509Certificate and store it in list
-      File certFile = certFiles[i];
-      FileInputStream fis = new FileInputStream(certFile.getPath());
-      CertificateFactory certFact = CertificateFactory.getInstance("X.509");
-      X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
-      fis.close();
-      certList.add(cert);
+    	// for each: create an X509Certificate and store it in list
+    	File certFile = certFiles[i];
+    	FileInputStream fis = null;
+    	try {
+    		fis = new FileInputStream(certFile.getPath());
+    		CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+    		X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
+    		certList.add(cert);
+    		
+    	} catch (Exception e) {
+    	   	Logger.error("Can NOT initialize SSLTrustManager. Certificate: " + certFile.getPath() 
+    	   		+ " is not loadable, Reason: " + e.getMessage());
+    	   	
+    	   	if (Logger.isDebugEnabled()) {
+    	   		try {
+    	   			if (fis != null)
+    	   				Logger.debug("Certificate: " + Base64Utils.encode(fis));
+    	   			
+    	   		} catch (Exception e1) {
+    	   			Logger.warn("Can NOT log content of certificate: " + certFile.getPath() 
+    	   				+ ". Reason: " + e.getMessage(), e);
+    	   			
+    	   		}
+    	   	}
+    	   	
+    	    throw new SSLConfigurationException("", new Object[]{certFile.getPath(), e.getMessage()}, e);
+    	    
+    	} finally {
+			if (fis != null)
+				fis.close();
+			
+		}
     }
+    
     // store acceptedServerCertificates
     acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
+    Logger.debug("Add #" + acceptedServerCertificates.length 
+    		+ " certificates as 'AcceptedServerCertificates' from: " + acceptedServerCertificateStoreURL );
+    	    
   }
 
   /**