aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java180
1 files changed, 180 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
new file mode 100644
index 000000000..6ececb8f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -0,0 +1,180 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egovernment.moa.id.auth;
+
+import iaik.pki.PKIException;
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Properties;
+
+import javax.activation.CommandMap;
+import javax.activation.MailcapCommandMap;
+import javax.mail.Session;
+import javax.net.ssl.SSLSocketFactory;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Web application initializer
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDAuthInitializer {
+
+ /** a boolean identifying if the MOAIDAuthInitializer has been startet */
+ public static boolean initialized = false;
+
+ /**
+ * Initializes the web application components which need initialization:
+ * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
+ */
+ public static void initialize() throws ConfigurationException,
+ PKIException, IOException, GeneralSecurityException {
+ if (initialized) return;
+ initialized = true;
+ Logger.setHierarchy("moa.id.auth");
+ Logger.info("Default java file.encoding: "
+ + System.getProperty("file.encoding"));
+
+ //JDK bug workaround according to:
+ // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
+ // register content data handlers for S/MIME types
+ MailcapCommandMap mc = new MailcapCommandMap();
+ CommandMap.setDefaultCommandMap(mc);
+
+ // create some properties and get the default Session
+ Properties props = new Properties();
+ props.put("mail.smtp.host", "localhost");
+ Session session = Session.getDefaultInstance(props, null);
+
+ // Restricts TLS cipher suites
+ System.setProperty(
+ "https.cipherSuites",
+ "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+ // load some jsse classes so that the integrity of the jars can be
+ // verified
+ // before the iaik jce is installed as the security provider
+ // this workaround is only needed when sun jsse is used in conjunction
+ // with
+ // iaik-jce (on jdk1.3)
+ ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader();
+ try {
+ cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
+ } catch (ClassNotFoundException e) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage(
+ "init.01", null), e);
+ }
+
+ // Initializes SSLSocketFactory store
+ SSLUtils.initialize();
+
+ // Initializes Namespace Map
+ Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+ Constants.nSMap.put(Constants.ECDSA_PREFIX,
+ "http://www.w3.org/2001/04/xmldsig-more#");
+ Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+
+ // Loads the configuration
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.reload();
+ ConnectionParameter moaSPConnParam = authConf
+ .getMoaSpConnectionParameter();
+
+ // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK
+ if (moaSPConnParam == null) {
+ try {
+ LoggingContextManager.getInstance().setLoggingContext(
+ new LoggingContext("startup"));
+ ConfigurationProvider config = ConfigurationProvider
+ .getInstance();
+ new IaikConfigurator().configure(config);
+ } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
+ throw new ConfigurationException("config.10", new Object[] { ex
+ .toString() }, ex);
+ }
+ }
+
+ // Initializes IAIKX509TrustManager logging
+ String log4jConfigURL = System.getProperty("log4j.configuration");
+ if (log4jConfigURL != null) {
+ IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
+ }
+
+ // Initializes the Axis secure socket factory for use in calling the
+ // MOA-SP web service
+ if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) {
+ SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf,
+ moaSPConnParam);
+ AxisSecureSocketFactory.initialize(ssf);
+ }
+
+ // sets the authentication session and authentication data time outs
+ String param = authConf
+ .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
+ if (param != null) {
+ long sessionTimeOut = 0;
+ try {
+ sessionTimeOut = new Long(param).longValue();
+ } catch (NumberFormatException ex) {
+ Logger
+ .error(MOAIDMessageProvider
+ .getInstance()
+ .getMessage(
+ "config.05",
+ new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY }));
+ }
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOut(sessionTimeOut);
+ }
+ param = authConf
+ .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY);
+ if (param != null) {
+ long authDataTimeOut = 0;
+ try {
+ authDataTimeOut = new Long(param).longValue();
+ } catch (NumberFormatException ex) {
+ Logger
+ .error(MOAIDMessageProvider
+ .getInstance()
+ .getMessage(
+ "config.05",
+ new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY }));
+ }
+ if (authDataTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsAuthDataTimeOut(authDataTimeOut);
+ }
+
+ // Starts the session cleaner thread to remove unpicked authentication data
+ AuthenticationSessionCleaner.start();
+ }
+
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 11:45:19 +0000