aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java')
-rw-r--r--id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java160
1 files changed, 0 insertions, 160 deletions
diff --git a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java b/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
deleted file mode 100644
index e0739d941..000000000
--- a/id.server/src/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ /dev/null
@@ -1,160 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
-import iaik.pki.jsse.IAIKX509TrustManager;
-
-import java.io.BufferedInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.Security;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
-import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
-import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StreamUtils;
-
-import com.sun.net.ssl.HttpsURLConnection;
-import com.sun.net.ssl.KeyManager;
-import com.sun.net.ssl.SSLContext;
-import com.sun.net.ssl.TrustManager;
-
-/**
- * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
- * This <code>TrustManager</code> implementation features CRL checking.<br/>
- * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SSLUtils {
-
- /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
- private static Map sslSocketFactories = new HashMap();
-
- /**
- * Initializes the SSLSocketFactory store.
- */
- public static void initialize() {
- sslSocketFactories = new HashMap();
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
- }
-
- /**
- * Creates an <code>SSLSocketFactory</code> which utilizes an
- * <code>IAIKX509TrustManager</code> for the given trust store,
- * and the given key store.
- *
- * @param conf configuration provider providing a generic properties pointing
- * to trusted CA store and certificate store root
- * @param connParam connection parameter containing the client key store settings
- * to be used in case of client authentication;
- * if <code>connParam.getClientKeyStore() == null</code>, client authentication
- * is assumed to be disabled
- * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
- * @throws IOException thrown while reading key store file
- * @throws GeneralSecurityException thrown while creating the socket factory
- * @throws ConfigurationException on invalid configuration data
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
- public static SSLSocketFactory getSSLSocketFactory(
- ConfigurationProvider conf,
- ConnectionParameter connParam)
- throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
-
- Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
- // retrieve SSLSocketFactory if already created
- SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
- if (ssf != null)
- return ssf;
- // else create new SSLSocketFactory
- String trustStoreURL = conf.getTrustedCACertificates();
- if (trustStoreURL == null)
- throw new ConfigurationException(
- "config.08", new Object[] {"TrustedCACertificates"});
- String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
- TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
- KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
- "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
- SSLContext ctx = SSLContext.getInstance("TLS");
- ctx.init(kms, tms, null);
- ssf = ctx.getSocketFactory();
- // store SSLSocketFactory
- sslSocketFactories.put(connParam.getUrl(), ssf);
- return ssf;
- }
-
- /**
- * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
- * using configuration data.
- *
- * @param conf MOA-ID configuration provider
- * @param trustStoreURL trust store URL
- * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
- * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
- * @throws ConfigurationException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
- */
- public static TrustManager[] getTrustManagers(
- ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- PKIConfiguration cfg = null;
- if (! PKIFactory.getInstance().isAlreadyConfigured())
- cfg = new PKIConfigurationImpl(conf);
- String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
- //not using BoolUtils because default value hast to be true!
- boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
- //TODO RS verify SSL Revocation handling
- PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
- // This call fixes a bug occuring when PKIConfiguration is
- // initialized by the MOA-SP initialization code, in case
- // MOA-SP is called by API
- MOAIDTrustManager.initializeLoggingContext();
- IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
- tm.init(cfg, profile);
- return new TrustManager[] {tm};
- }
- /**
- * Reads a file, given by URL, into a byte array,
- * securing the connection by IAIKX509TrustManager.
- * @param connParam containing URL and accepted server certificates
- * @param conf ConfigurationProvider for reading
- * @return file content
- * @throws ConfigurationException on invalid configuration data
- * @throws PKIException on invalid configuration data
- * @throws IOException on data-reading problems
- * @throws GeneralSecurityException on security issues
- */
- public static byte[] readHttpsURL(ConfigurationProvider conf, ConnectionParameter connParam)
- throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
-
- URL url = new URL(connParam.getUrl());
- HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
- conn.setRequestMethod("GET");
- conn.setDoInput(true);
- SSLSocketFactory sslSocketFactory = getSSLSocketFactory(conf, connParam);
- conn.setSSLSocketFactory(sslSocketFactory);
- conn.connect();
- InputStream in = new BufferedInputStream(conn.getInputStream());
- byte[] content = StreamUtils.readStream(in);
- in.close();
- conn.disconnect();
- return content;
- }
-
-}