diff options
Diffstat (limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java')
-rw-r--r-- | id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java | 88 |
1 files changed, 71 insertions, 17 deletions
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index 9fc6f799d..dd606ea18 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -57,6 +57,8 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.jsse.IAIKX509TrustManager; @@ -72,21 +74,27 @@ import iaik.pki.jsse.IAIKX509TrustManager; public class MOAIDTrustManager extends IAIKX509TrustManager { /** an x509Certificate array containing all accepted server certificates*/ - private X509Certificate[] acceptedServerCertificates; + private X509Certificate[] acceptedServerCertificates = null; /** * Constructor * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store * @throws GeneralSecurityException occurs on security errors * @throws IOException occurs on IO errors + * @throws SSLConfigurationException */ public MOAIDTrustManager(String acceptedServerCertificateStoreURL) - throws IOException, GeneralSecurityException { + throws IOException, GeneralSecurityException, SSLConfigurationException { - if (acceptedServerCertificateStoreURL != null) - buildAcceptedServerCertificates(acceptedServerCertificateStoreURL); - else - acceptedServerCertificates = null; + if (acceptedServerCertificateStoreURL != null && MiscUtil.isNotEmpty(acceptedServerCertificateStoreURL.trim())) { + Logger.info("Initialize SSL-TrustStore with explicit accepted server-certificates"); + buildAcceptedServerCertificates(acceptedServerCertificateStoreURL); + + } else { + Logger.info("Initialize SSL-TrustStore without explicit accepted server-certificates"); + acceptedServerCertificates = null; + + } } @@ -111,26 +119,72 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { * containing accepted server X509 certificates * @throws GeneralSecurityException on security errors * @throws IOException on any IO errors + * @throws SSLConfigurationException */ private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) - throws IOException, GeneralSecurityException { - + throws IOException, GeneralSecurityException, SSLConfigurationException { List<X509Certificate> certList = new ArrayList<X509Certificate>(); URL storeURL = new URL(acceptedServerCertificateStoreURL); + + //check URL to TrustStore + if (storeURL.getFile() == null) { + Logger.error("Can NOT initialize SSLTrustManager. TrustStore: " + acceptedServerCertificateStoreURL + + " is NOT found"); + throw new SSLConfigurationException("config.29", new Object[]{acceptedServerCertificateStoreURL, "File or Directory NOT found!"}); + + } File storeDir = new File(storeURL.getFile()); - // list certificate files in directory - File[] certFiles = storeDir.listFiles(); + + //check directory and files + if (storeDir == null || storeDir.listFiles() == null) { + Logger.error("Can NOT initialize SSLTrustManager. TrustStore: " + acceptedServerCertificateStoreURL + + " is NOT found"); + throw new SSLConfigurationException("config.29", new Object[]{acceptedServerCertificateStoreURL, "Files or Directory NOT found!"}); + + } + + // list certificate files in directory + File[] certFiles = storeDir.listFiles(); for (int i = 0; i < certFiles.length; i++) { - // for each: create an X509Certificate and store it in list - File certFile = certFiles[i]; - FileInputStream fis = new FileInputStream(certFile.getPath()); - CertificateFactory certFact = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis); - fis.close(); - certList.add(cert); + // for each: create an X509Certificate and store it in list + File certFile = certFiles[i]; + FileInputStream fis = null; + try { + fis = new FileInputStream(certFile.getPath()); + CertificateFactory certFact = CertificateFactory.getInstance("X.509"); + X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis); + certList.add(cert); + + } catch (Exception e) { + Logger.error("Can NOT initialize SSLTrustManager. Certificate: " + certFile.getPath() + + " is not loadable, Reason: " + e.getMessage()); + + if (Logger.isDebugEnabled()) { + try { + if (fis != null) + Logger.debug("Certificate: " + Base64Utils.encode(fis)); + + } catch (Exception e1) { + Logger.warn("Can NOT log content of certificate: " + certFile.getPath() + + ". Reason: " + e.getMessage(), e); + + } + } + + throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e); + + } finally { + if (fis != null) + fis.close(); + + } } + // store acceptedServerCertificates acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]); + Logger.debug("Add #" + acceptedServerCertificates.length + + " certificates as 'AcceptedServerCertificates' from: " + acceptedServerCertificateStoreURL ); + } /** |