diff options
Diffstat (limited to 'id/ConfigWebTool')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java | 50 |
1 files changed, 47 insertions, 3 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index bcc9a87ab..84af0d225 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -41,7 +41,7 @@ import java.util.jar.Manifest; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; @@ -49,7 +49,11 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; @@ -436,6 +440,26 @@ public class ConfigurationProvider { return parseVersionFromManifest(); } + public String getCertStoreDirectory() throws CertificateException { + String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore."); + + } + + public String getTrustStoreDirectory() throws CertificateException { + String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore."); + + } + private void initalPVP2Login() throws ConfigurationException { try { @@ -458,8 +482,28 @@ public class ConfigurationProvider { log.info("NO IDP Metadata URL."); throw new ConfigurationException("NO IDP Metadata URL."); } - - idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl); + + MOAHttpClient httpClient = new MOAHttpClient(); + + if (metadataurl.startsWith("https:")) { + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + AuthConfigurationProvider.getInstance().getCertstoreDirectory(), + AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + null, + ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), + AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + + httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } + } + + idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl); idpMetadataProvider.setRequireValidMetadata(true); idpMetadataProvider.setParserPool(new BasicParserPool()); idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); |