diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java')
| -rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java | 134 |
1 files changed, 69 insertions, 65 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index 022ec9def..d1cf3338a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -1,23 +1,43 @@ - - - +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ package at.gv.egovernment.moa.id.auth; -import iaik.pki.PKIException; -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; - import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.Provider; +import java.security.Security; import javax.activation.CommandMap; import javax.activation.MailcapCommandMap; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigLoader; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import org.springframework.web.context.support.GenericWebApplicationContext; + +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.logging.LoggingContext; @@ -26,73 +46,34 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.pki.PKIException; +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; /** - * Web application initializer - * - * @author Paul Ivancsics - * @version $Id$ + * @author tlenz + * */ public class MOAIDAuthInitializer { - /** a boolean identifying if the MOAIDAuthInitializer has been startet */ - public static boolean initialized = false; - - /** + /** * Initializes the web application components which need initialization: * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. + * @param rootContext */ - public static void initialize() throws ConfigurationException, + public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - if (initialized) return; - initialized = true; Logger.setHierarchy("moa.id.auth"); Logger.info("Default java file.encoding: " + System.getProperty("file.encoding")); - - Logger.info("Loading security providers."); - IAIK.addAsProvider(); - - -// Security.insertProviderAt(new IAIK(), 1); -// Security.insertProviderAt(new ECCProvider(), 1); - + //JDK bug workaround according to: // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier // register content data handlers for S/MIME types MailcapCommandMap mc = new MailcapCommandMap(); CommandMap.setDefaultCommandMap(mc); - // create some properties and get the default Session -// Properties props = new Properties(); -// props.put("mail.smtp.host", "localhost"); -// Session session = Session.getDefaultInstance(props, null); - - // Restricts TLS cipher suites -// System.setProperty( -// "https.cipherSuites", -// "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); -// - // actual HIGH cipher suites from OpenSSL -// Mapping OpenSSL - Java -// OpenSSL Java -// http://www.openssl.org/docs/apps/ciphers.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html -// via !openssl ciphers -tls1 HIGH !v! -// -// ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA -// DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA -// DHE-DSS-AES256-SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA -// AES256-SHA TLS_RSA_WITH_AES_256_CBC_SHA -// ADH-AES128-SHA TLS_DH_anon_WITH_AES_128_CBC_SHA -// DHE-RSA-AES128-SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA -// DHE-DSS-AES128-SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA -// AES128-SHA TLS_RSA_WITH_AES_128_CBC_SHA -// ADH-DES-CBC3-SHA SSL_DH_anon_WITH_3DES_EDE_CBC_SHA -// EDH-RSA-DES-CBC3-SHA - -// EDH-DSS-DES-CBC3-SHA - -// DES-CBC3-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA - if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites"))) System.setProperty( "https.cipherSuites", @@ -120,7 +101,8 @@ public class MOAIDAuthInitializer { Logger.warn(MOAIDMessageProvider.getInstance().getMessage( "init.01", null), e); } - + + Logger.info("Loading Java security providers."); IAIK.addAsProvider(); ECCProvider.addAsProvider(); @@ -133,12 +115,17 @@ public class MOAIDAuthInitializer { "http://www.w3.org/2001/04/xmldsig-more#"); Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + //seed the random number generator + Random.seedRandom(); + Logger.debug("Random-number generator is seeded."); + // Initialize configuration provider - AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(); + AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext); - //test, if MOA-ID is already configured + //test, if MOA-ID is already configured authConf.getPublicURLPrefix(); + // Initialize MOA-SP //MOA-SP is only use by API calls since MOA-ID 3.0.0 try { @@ -149,15 +136,32 @@ public class MOAIDAuthInitializer { new IaikConfigurator().configure(config); } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) { + Logger.error("MOA-SP initialization FAILED!", ex.getWrapped()); throw new ConfigurationException("config.10", new Object[] { ex .toString() }, ex); } + + //IAIK.addAsProvider(); + //ECCProvider.addAsProvider(); + + Security.insertProviderAt(IAIK.getInstance(), 0); + Security.addProvider(new ECCProvider()); + + if (Logger.isDebugEnabled()) { + Logger.debug("Loaded Security Provider:"); + Provider[] providerList = Security.getProviders(); + for (int i=0; i<providerList.length; i++) + Logger.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); + + } + // Starts the session cleaner thread to remove unpicked authentication data - AuthenticationSessionCleaner.start(); - AuthConfigLoader.start(); + AuthenticationSessionCleaner sessioncleaner = rootContext.getBean("AuthenticationSessionCleaner", AuthenticationSessionCleaner.class); + AuthenticationSessionCleaner.start(sessioncleaner); + + MOAGarbageCollector.start(); } - } |