1 files changed, 244 insertions, 0 deletions

diff --git a/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
new file mode 100644
index 000000000..c2c67ec58
--- /dev/null
+++ b/common/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java
@@ -0,0 +1,244 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.util;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+/**
+ * Utility for connecting to server applications via SSL.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtils {
+	
+	/**
+	 * Creates an <code>SSLSocketFactory</code> which utilizes the given trust store.
+	 * 
+   * @param trustStoreType key store type of trust store
+   * @param trustStoreInputStream input stream for reading JKS trust store containing
+   * 				 trusted server certificates; if <code>null</code>, the default
+   * 				 trust store will be utilized
+   * @param trustStorePassword if provided, it will be used to check 
+   * 				 the integrity of the trust store; if omitted, it will not be checked
+   * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+   * @throws IOException thrown while reading from the input stream
+   * @throws GeneralSecurityException thrown while creating the socket factory
+	 */
+  public static SSLSocketFactory getSSLSocketFactory(
+  	String trustStoreType,
+  	InputStream trustStoreInputStream,
+  	String trustStorePassword)
+ 	  throws IOException, GeneralSecurityException {
+  		
+	  TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword);
+		SSLContext ctx = SSLContext.getInstance("TLS");
+		ctx.init(null, tms, null);
+
+    SSLSocketFactory sf = ctx.getSocketFactory();
+  	return sf;
+  }
+	/**
+	 * Creates an <code>SSLSocketFactory</code> which utilizes the
+	 * given trust store and keystore.
+	 * 
+   * @param trustStore trust store containing trusted server certificates; 
+   * 				 if <code>null</code>, the default trust store will be utilized
+   * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+   * @param clientKeyStoreURL URL of key store containing keys to be used for
+   * 				 client authentication; if <code>null</code>, the default key store will be utilized
+   * @param clientKeyStorePassword if provided, it will be used to check 
+   * 				 the integrity of the client key store; if omitted, it will not be checked
+   * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+   * @throws IOException thrown while reading key store file
+   * @throws GeneralSecurityException thrown while creating the socket factory
+	 */
+  public static SSLSocketFactory getSSLSocketFactory(
+  	KeyStore trustStore,
+  	String clientKeyStoreType,
+  	String clientKeyStoreURL,
+  	String clientKeyStorePassword)
+ 	  throws IOException, GeneralSecurityException {
+  		
+		SSLContext ctx = getSSLContext(
+			trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+    SSLSocketFactory sf = ctx.getSocketFactory();
+  	return sf;
+  }
+	/**
+	 * Creates an <code>SSLContext</code> initialized for the
+	 * given trust store and keystore.
+	 * 
+   * @param trustStore trust store containing trusted server certificates; 
+   * 				 if <code>null</code>, the default trust store will be utilized
+   * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+   * @param clientKeyStoreURL URL of key store containing keys to be used for
+   * 				 client authentication; if <code>null</code>, the default key store will be utilized
+   * @param clientKeyStorePassword if provided, it will be used to check 
+   * 				 the integrity of the client key store; if omitted, it will not be checked
+   * @return <code>SSLContext</code> to be used for creating an <code>SSLSocketFactory</code>
+   * @throws IOException thrown while reading key store file
+   * @throws GeneralSecurityException thrown while creating the SSL context
+	 */
+  public static SSLContext getSSLContext(
+  	KeyStore trustStore,
+  	String clientKeyStoreType,
+  	String clientKeyStoreURL,
+  	String clientKeyStorePassword)
+ 	  throws IOException, GeneralSecurityException {
+  		
+ 	  TrustManager[] tms = getTrustManagers(trustStore);
+		KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+		SSLContext ctx = SSLContext.getInstance("TLS");
+		ctx.init(kms, tms, null);
+		return ctx;
+  }
+  /**
+   * Loads the trust store from an input stream and gets the 
+   * <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
+	 * initialized from the given trust store.
+   * @param trustStoreType key store type of trust store
+   * @param trustStoreInputStream input stream for reading JKS trust store containing
+   * 				 trusted server certificates; if <code>null</code>, the default
+   * 				 trust store will be utilized
+   * @param trustStorePassword if provided, it will be used to check 
+   * 				 the integrity of the trust store; if omitted, it will not be checked
+	 * @return <code>TrustManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given trust store
+   * @throws IOException thrown while reading from the input stream
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>TrustManagerFactory</code>
+   */
+	protected static TrustManager[] getTrustManagers(
+		String trustStoreType,
+		InputStream trustStoreInputStream,
+  	String trustStorePassword)
+	  throws IOException, GeneralSecurityException {
+	  	
+	  if (trustStoreInputStream == null)
+	  	return null;
+
+	  // Set up the TrustStore to use. We need to load the file into
+	  // a KeyStore instance.
+		KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword);
+		return getTrustManagers(trustStore);
+	}
+	/**
+	 * Gets the <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>,
+	 * initialized from the given trust store.
+	 * 
+	 * @param trustStore the trust store to use
+	 * @return <code>TrustManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given trust store
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>TrustManagerFactory</code>
+	 */
+	protected static TrustManager[] getTrustManagers(KeyStore trustStore)
+	  throws GeneralSecurityException {
+	  	
+	  if (trustStore == null)
+	  	return null;
+
+	  // Initialize the default TrustManagerFactory with this KeyStore
+	  String alg=TrustManagerFactory.getDefaultAlgorithm();
+	  TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg);
+	  tmFact.init(trustStore);
+	
+	  // And now get the TrustManagers
+	  TrustManager[] tms=tmFact.getTrustManagers();
+	  return tms;
+	}
+  /**
+   * Loads the client key store from file and gets the 
+   * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+	 * initialized from the given client key store.
+   * @param clientKeyStoreType key store type of <code>clientKeyStore</code>
+   * @param clientKeyStoreURL URL of key store containing keys to be used for
+   * 				 client authentication; if <code>null</code>, the default key store will be utilized
+   * @param clientKeyStorePassword password used to check the integrity of the client key store; 
+   * 				 if <code>null</code>, it will not be checked
+	 * @return <code>KeyManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store
+   * @throws IOException thrown while reading from the key store file
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>KeyManagerFactory</code>
+   */
+  public static KeyManager[] getKeyManagers (
+		String clientKeyStoreType,
+		String clientKeyStoreURL,
+  	String clientKeyStorePassword)
+	  throws IOException, GeneralSecurityException {
+  
+  	if (clientKeyStoreURL == null)
+  		return null;
+  		
+	  // Set up the KeyStore to use. We need to load the file into
+	  // a KeyStore instance.
+	  KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore(
+	  	clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
+		return getKeyManagers(clientKeyStore, clientKeyStorePassword);
+	}  
+  /**
+   * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>,
+	 * initialized from the given client key store.
+   * @param clientKeyStore client key store
+   * @param clientKeyStorePassword if provided, it will be used to check 
+   * 				 the integrity of the client key store; if omitted, it will not be checked
+	 * @return <code>KeyManager</code>s to be used for creating an 
+	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store
+   * @throws GeneralSecurityException thrown while initializing the 
+   * 					default <code>KeyManagerFactory</code>
+   */
+	public static KeyManager[] getKeyManagers (
+		KeyStore clientKeyStore,
+  	String clientKeyStorePassword)
+	  throws GeneralSecurityException {
+  
+  	if (clientKeyStore == null)
+  		return null;
+  		
+	  // Now we initialize the default KeyManagerFactory with this KeyStore
+	  String alg=KeyManagerFactory.getDefaultAlgorithm();
+	  KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
+  	char[] password = null;
+  	if (clientKeyStorePassword != null)
+  		password = clientKeyStorePassword.toCharArray();
+	  kmFact.init(clientKeyStore, password);
+	
+	  // And now get the KeyManagers
+	  KeyManager[] kms=kmFact.getKeyManagers();
+	  return kms;
+	}  
+}