diff options
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/auth')
-rw-r--r-- | id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 95 |
1 files changed, 56 insertions, 39 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index e5504028f..359280fe2 100644 --- a/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id.server/src/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -6,6 +6,7 @@ import iaik.pki.jsse.IAIKX509TrustManager; import java.security.GeneralSecurityException; import java.util.HashMap; +import java.io.File; import java.io.IOException; import javax.net.ssl.SSLSocketFactory; @@ -23,6 +24,10 @@ import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.util.Constants; +import javax.activation.MailcapCommandMap; +import javax.activation.CommandMap; +import java.util.Properties; +import javax.mail.Session; /** * Web application initializer @@ -37,18 +42,32 @@ public class MOAIDAuthInitializer { - /** - * Initializes the web application components which need initialization: - * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. - */ - public static void initialize() - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - if (initialized) + /** + * Initializes the web application components which need initialization: + * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. + */ + public static void initialize() + throws ConfigurationException, PKIException, IOException, GeneralSecurityException { + if (initialized) return; initialized=true; - Logger.setHierarchy("moa.id.auth"); - Logger.info("Default java file.encoding: " + System.getProperty( "file.encoding" )); - // Restricts TLS cipher suites + Logger.setHierarchy("moa.id.auth"); + Logger.info("Default java file.encoding: " + System.getProperty( "file.encoding" )); + + //JDK bug workaround according to: http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier + // register content data handlers for S/MIME types + MailcapCommandMap mc = new MailcapCommandMap(); + CommandMap.setDefaultCommandMap(mc); + + // create some properties and get the default Session + Properties props = new Properties(); + props.put("mail.smtp.host", "localhost"); + Session session = Session.getDefaultInstance(props, null); + + // TODO remove (only used for debugging) + Logger.debug("System supportet https.cipherSuites: " + System.getProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA")); + + // Restricts TLS cipher suites System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); // load some jsse classes so that the integrity of the jars can be verified // before the iaik jce is installed as the security provider @@ -62,13 +81,11 @@ public class MOAIDAuthInitializer { Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e); } - // Initializes SSLSocketFactory store + // Initializes SSLSocketFactory store SSLUtils.initialize(); // Initializes Namespace Map Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI); - //TODO RS change to correct Namespace as soon BMI has corrected the wrong NS - //nSMap.put(Constants.ECDSA_PREFIX, Constants.ECDSA_NS_URI); correct version Constants.nSMap.put(Constants.ECDSA_PREFIX, "http://www.w3.org/2001/04/xmldsig-more#"); Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); @@ -95,34 +112,34 @@ public class MOAIDAuthInitializer { IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); } - // Initializes the Axis secure socket factory for use in calling the MOA-SP web service - if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { + // Initializes the Axis secure socket factory for use in calling the MOA-SP web service + if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) { SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, moaSPConnParam); - AxisSecureSocketFactory.initialize(ssf); + AxisSecureSocketFactory.initialize(ssf); } - // sets the authentication session and authentication data time outs - String param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); - if (param != null) { - long sessionTimeOut = 0; - try { sessionTimeOut = new Long(param).longValue(); } - catch (NumberFormatException ex) { - Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY})); - } - if (sessionTimeOut > 0) - AuthenticationServer.getInstance().setSecondsSessionTimeOut(sessionTimeOut); - } - param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); - if (param != null) { - long authDataTimeOut = 0; - try { authDataTimeOut = new Long(param).longValue(); } - catch (NumberFormatException ex) { - Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY})); - } - if (authDataTimeOut > 0) - AuthenticationServer.getInstance().setSecondsAuthDataTimeOut(authDataTimeOut); - } + // sets the authentication session and authentication data time outs + String param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); + if (param != null) { + long sessionTimeOut = 0; + try { sessionTimeOut = new Long(param).longValue(); } + catch (NumberFormatException ex) { + Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY})); + } + if (sessionTimeOut > 0) + AuthenticationServer.getInstance().setSecondsSessionTimeOut(sessionTimeOut); + } + param = authConf.getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); + if (param != null) { + long authDataTimeOut = 0; + try { authDataTimeOut = new Long(param).longValue(); } + catch (NumberFormatException ex) { + Logger.error(MOAIDMessageProvider.getInstance().getMessage("config.05", new Object[] {AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY})); + } + if (authDataTimeOut > 0) + AuthenticationServer.getInstance().setSecondsAuthDataTimeOut(authDataTimeOut); + } - } - + } + } |