aboutsummaryrefslogtreecommitdiff
path: root/id/ConfigWebTool
diff options
context:
space:
mode:
Diffstat (limited to 'id/ConfigWebTool')
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java50
1 files changed, 47 insertions, 3 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index bcc9a87ab..84af0d225 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -41,7 +41,7 @@ import java.util.jar.Manifest;
import javax.servlet.http.HttpServletRequest;
-import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.log4j.Logger;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
@@ -49,7 +49,11 @@ import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
@@ -436,6 +440,26 @@ public class ConfigurationProvider {
return parseVersionFromManifest();
}
+ public String getCertStoreDirectory() throws CertificateException {
+ String dir = props.getProperty("general.ssl.certstore");
+ if (MiscUtil.isNotEmpty(dir))
+ return FileUtils.makeAbsoluteURL(dir, configRootDir);
+
+ else
+ throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore.");
+
+ }
+
+ public String getTrustStoreDirectory() throws CertificateException {
+ String dir = props.getProperty("general.ssl.truststore");
+ if (MiscUtil.isNotEmpty(dir))
+ return FileUtils.makeAbsoluteURL(dir, configRootDir);
+
+ else
+ throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore.");
+
+ }
+
private void initalPVP2Login() throws ConfigurationException {
try {
@@ -458,8 +482,28 @@ public class ConfigurationProvider {
log.info("NO IDP Metadata URL.");
throw new ConfigurationException("NO IDP Metadata URL.");
}
-
- idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl);
+
+ MOAHttpClient httpClient = new MOAHttpClient();
+
+ if (metadataurl.startsWith("https:")) {
+ try {
+ MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ "MOAMetaDataProvider",
+ AuthConfigurationProvider.getInstance().getCertstoreDirectory(),
+ AuthConfigurationProvider.getInstance().getTrustedCACertificates(),
+ null,
+ ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()),
+ AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking());
+
+ httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory);
+
+ } catch (MOAHttpProtocolSocketFactoryException e) {
+ log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
+ }
+ }
+
+ idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl);
idpMetadataProvider.setRequireValidMetadata(true);
idpMetadataProvider.setParserPool(new BasicParserPool());
idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));