diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 8799082b3..a50a366a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -20,7 +20,6 @@ import iaik.pki.PKIException; import iaik.pki.PKIFactory; import iaik.pki.PKIProfile; import iaik.pki.jsse.IAIKX509TrustManager; -import iaik.security.provider.IAIK; import java.io.BufferedInputStream; import java.io.BufferedReader; @@ -51,6 +50,7 @@ import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager; import at.gv.egovernment.moa.logging.Logger; + /** * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>. * This <code>TrustManager</code> implementation features CRL checking.<br/> @@ -102,25 +102,29 @@ public class SSLUtils { Logger.debug("Get SSLSocketFactory for " + connParam.getUrl()); // retrieve SSLSocketFactory if already created SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl()); - if (ssf != null) + if (ssf != null) return ssf; + // else create new SSLSocketFactory String trustStoreURL = conf.getTrustedCACertificates(); + if (trustStoreURL == null) throw new ConfigurationException( "config.08", new Object[] {"TrustedCACertificates"}); String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); + TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL); + KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword()); SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); - ssf = ctx.getSocketFactory(); + ctx.init(kms, tms, null); ssf = ctx.getSocketFactory(); // store SSLSocketFactory sslSocketFactories.put(connParam.getUrl(), ssf); return ssf; } - + + /** * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, * using configuration data. |