diff options
Diffstat (limited to 'id/server/moa-id-commons/src/main')
13 files changed, 176 insertions, 498 deletions
| diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index 2ade63c1c..142e9a23a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -22,15 +22,12 @@   */  package at.gv.egovernment.moa.id.commons.utils; -import iaik.pki.PKIException; -  import java.io.IOException;  import java.net.InetAddress;  import java.net.Socket;  import java.net.UnknownHostException;  import java.security.GeneralSecurityException; -import javax.net.ssl.SSLContext;  import javax.net.ssl.SSLSocketFactory;  import org.apache.commons.httpclient.ConnectTimeoutException; @@ -39,7 +36,7 @@ import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;  import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;  import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils; +import iaik.pki.PKIException;  /**   * @author tlenz @@ -62,7 +59,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory  		super();  		try { -			this.sslfactory = SSLUtils.getSSLSocketFactory( +			this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(  					url,   					certStoreRootDirParam,   					trustStoreURL,  diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java index 00e750f58..dcbec6bf6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java @@ -46,13 +46,17 @@  package at.gv.egovernment.moa.id.commons.utils.ssl; +import java.io.File; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; +  import at.gv.egovernment.moa.logging.Logger;  import iaik.pki.store.certstore.CertStoreConfiguration;  import iaik.pki.store.certstore.CertStoreParameters;  import iaik.pki.store.certstore.CertStoreTypes;  import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; - -import java.io.File; +import iaik.pki.store.certstore.directory.VirtualCertStore;  /**   * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> @@ -153,4 +157,16 @@ public class CertStoreConfigurationImpl extends ObservableImpl          return CertStoreTypes.DIRECTORY;      } +	/* (non-Javadoc) +	 * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores() +	 */ +	@Override +	public Set getVirtualStores() { +		//TODO: only for Testing and not complete !!!Ask Harald !!!! +		 +		Map<String, VirtualCertStore> vCertStore = new HashMap<String, VirtualCertStore>();		 +		return vCertStore.keySet(); +		 +	} +  } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index eaef3f1d4..bcd38c638 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -57,9 +57,8 @@ import java.util.ArrayList;  import java.util.List;  import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager;  import iaik.pki.jsse.IAIKX509TrustManager;  /** @@ -95,14 +94,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {     * Fixes a bug occuring in the case MOA-SP is called by API.     * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.     * This method must be called before a MOAIDTrustManager is constructed, -   * from every thread. -   */ +   * from every thread.  +   */     public static void initializeLoggingContext() {        if (LoggingContextManager.getInstance().getLoggingContext() == null)      LoggingContextManager.getInstance().setLoggingContext(        new LoggingContext(Thread.currentThread().getName()));    } - +     /**     * Builds an Array of accepted server certificates from an URL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java index 5d8c7a54e..3eb4707c8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java @@ -60,6 +60,10 @@ import iaik.pki.store.revocation.archive.ArchiveConfiguration;   * @version $Id$   */  public class PKIConfigurationImpl implements PKIConfiguration { +	 +	private static final int TIMEOUT_READ = 60; //[sec] +	private static final int TIMEOUT_CONNECTION = 60; //[sec] +	    /** The configuration for the CertStore */    private CertStoreConfiguration certStoreConfiguration;    /** The configuration for the RevocationChecks */ @@ -108,11 +112,19 @@ public class PKIConfigurationImpl implements PKIConfiguration {    }  /* (non-Javadoc) - * @see iaik.pki.PKIConfiguration#getTimeout() + * @see iaik.pki.PKIConfiguration#getConnectTimeout()   */ -  public int getTimeout() { -	// TODO Auto-generated method stub -	return 0; +@Override +public int getConnectTimeout() { +	return TIMEOUT_CONNECTION * 1000; +} + +/* (non-Javadoc) + * @see iaik.pki.PKIConfiguration#getReadTimeout() + */ +@Override +public int getReadTimeout() { +	return TIMEOUT_READ * 1000;  }  } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java index 59994a257..a34fa9b8b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java @@ -96,13 +96,6 @@ public class PKIProfileImpl extends ObservableImpl    }    /** -   * @see iaik.pki.PKIProfile#autoAddCertificates() -   */ -  public boolean autoAddCertificates() { -    return true; -  } - -  /**     * @see iaik.pki.PKIProfile#getRevocationProfile()     */    public RevocationProfile getRevocationProfile() { @@ -227,4 +220,22 @@ public class PKIProfileImpl extends ObservableImpl    public void setId(String id) {      this.id = id;    } + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ +@Override +public int autoAddCertificates() { +	//TODO: ask harald!!!!! +	return 1; +} + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile() + */ +@Override +public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { +	//TODO: ask harald!!!!! +	return null; +}  } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java index b5e0543db..40d081ea4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java @@ -46,13 +46,16 @@  package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.revocation.RevocationConfiguration; -  import java.security.cert.X509Certificate;  import java.util.Collections;  import java.util.Date; +import java.util.HashMap; +import java.util.Map;  import java.util.Set; +import iaik.pki.revocation.RevocationConfiguration; +import iaik.pki.revocation.dbcrl.config.DBCrlConfig; +  /**   * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>   * @author Paul Ivancsics @@ -81,4 +84,41 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc       return null;    } +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo() + */ +@Override +public boolean getKeepRevocationInfo() { +	return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders() + */ +@Override +public Set getPositiveOCSPResponders() { +	 +	//TODO: !!!!! ASK Harald !!!!! +	Map<String, String> test = new HashMap<String, String>(); +	test.put("ALL", "ALL"); +	return test.keySet(); +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints() + */ +@Override +public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() { +	//TODO: !!!!! ASK Harald !!!!! +	return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig() + */ +@Override +public DBCrlConfig getDataBaseCRLConfig() { +	return null; +} +  } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index 68437a04d..503e0bfc4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -46,25 +46,28 @@  package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.PKIConfiguration; -import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; -import iaik.pki.jsse.IAIKX509TrustManager; -import iaik.security.provider.IAIK; -  import java.io.IOException;  import java.security.GeneralSecurityException; +import java.security.KeyStore;  import java.security.Security;  import java.util.HashMap;  import java.util.Map;  import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory;  import javax.net.ssl.SSLContext;  import javax.net.ssl.SSLSocketFactory;  import javax.net.ssl.TrustManager;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIProfile; +import iaik.pki.jsse.IAIKX509TrustManager; +//import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK;  /** @@ -136,7 +139,7 @@ public class SSLUtils {      		 acceptedServerCertURL,      		 checkRevocation); -    KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( +    KeyManager[] kms = getKeyManagers(        clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);      SSLContext ctx = SSLContext.getInstance("TLS");      ctx.init(kms, tms, null);     @@ -154,6 +157,68 @@ public class SSLUtils {    }    /** +   * Loads the client key store from file and gets the  +   * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, +	 * initialized from the given client key store. +   * @param clientKeyStoreType key store type of <code>clientKeyStore</code> +   * @param clientKeyStoreURL URL of key store containing keys to be used for +   * 				 client authentication; if <code>null</code>, the default key store will be utilized +   * @param clientKeyStorePassword password used to check the integrity of the client key store;  +   * 				 if <code>null</code>, it will not be checked +	 * @return <code>KeyManager</code>s to be used for creating an  +	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store +   * @throws IOException thrown while reading from the key store file +   * @throws GeneralSecurityException thrown while initializing the  +   * 					default <code>KeyManagerFactory</code> +   */ +  public static KeyManager[] getKeyManagers ( +		String clientKeyStoreType, +		String clientKeyStoreURL, +  	String clientKeyStorePassword) +	  throws IOException, GeneralSecurityException { +   +  	if (clientKeyStoreURL == null) +  		return null; +  		 +	  // Set up the KeyStore to use. We need to load the file into +	  // a KeyStore instance. +	  KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( +	  	clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); +		return getKeyManagers(clientKeyStore, clientKeyStorePassword); +	}   +  /** +   * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, +	 * initialized from the given client key store. +   * @param clientKeyStore client key store +   * @param clientKeyStorePassword if provided, it will be used to check  +   * 				 the integrity of the client key store; if omitted, it will not be checked +	 * @return <code>KeyManager</code>s to be used for creating an  +	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store +   * @throws GeneralSecurityException thrown while initializing the  +   * 					default <code>KeyManagerFactory</code> +   */ +	public static KeyManager[] getKeyManagers ( +		KeyStore clientKeyStore, +  	String clientKeyStorePassword) +	  throws GeneralSecurityException { +   +  	if (clientKeyStore == null) +  		return null; +  		 +	  // Now we initialize the default KeyManagerFactory with this KeyStore +	  String alg=KeyManagerFactory.getDefaultAlgorithm(); +	  KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); +  	char[] password = null; +  	if (clientKeyStorePassword != null) +  		password = clientKeyStorePassword.toCharArray(); +	  kmFact.init(clientKeyStore, password); +	 +	  // And now get the KeyManagers +	  KeyManager[] kms=kmFact.getKeyManagers(); +	  return kms; +	}   +   +  /**     * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,     * using configuration data.     *  diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java deleted file mode 100644 index 51667f010..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * A unified message type to log messages from inside the MOA subsystem. - *  - * @author Patrick Peck - * @version $Id$ - */ -public class LogMsg { -  /** The message to log. */ -  private Object message; - -  /** -   * Create a <code>LogMsg</code> object. -   *  -   * @param message The actual message to log. May be <code>null</code>.  -   */ -  public LogMsg(Object message) { -    this.message = message; -  } - -  /** -   * Convert this log message to a <code>String</code>. -   *  -   * @return The <code>String</code> representation of this log message.  -   */ -  public String toString() { -    StringBuffer msg = new StringBuffer(); -    LoggingContext ctx = -      LoggingContextManager.getInstance().getLoggingContext(); -    String tid = ctx != null ? ctx.getTransactionID() : null; -    String nodeId = ctx != null ? ctx.getNodeID() : null; -     -    msg.append("TID="); -    msg.append(tid != null ? tid : "<null>"); -    msg.append(" NID="); -    msg.append(nodeId != null ? nodeId : "<null>"); -    msg.append(" MSG="); -    msg.append(message != null ? message.toString() : "<null>"); - -    return msg.toString(); -  } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java deleted file mode 100644 index db4b93a0b..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * Encapsulates contextual information (i.e. per request information) for - * logging purposes. - *  - * @author Patrick Peck - * @version $Id$ - */ -public class LoggingContext { -  /** The name of the node ID system property. */ -  public static final String NODE_ID_PROPERTY = "moa.node-id"; -   -  /** The current transaction ID. */ -  private String transactionID; -  /** The node ID. */ -  private String nodeID; -   -  /** -   * Create a new <code>LoggingContext</code>. -   *  -   * @param transactionID The transaction ID. May be <code>null</code>. -   */ -  public LoggingContext(String transactionID) { -    this.transactionID = transactionID; -    this.nodeID = System.getProperty(NODE_ID_PROPERTY); -  } -   -  /** -   * Return the transaction ID. -   *  -   * @return The transaction ID. -   */ -  public String getTransactionID() { -    return transactionID; -  } -   -  /** -   * Return the node ID. -   *  -   * @return The node ID. -   */ -  public String getNodeID() { -    return nodeID; -  } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java deleted file mode 100644 index f0d7b4c07..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * Provides each thread with a single instance of <code>LoggingContext</code>. - *  - * @author Patrick Peck - * @version $Id$ - */ -public class LoggingContextManager { -  /** The single instance of this class. */ -  private static LoggingContextManager instance = null; -   -  /** The <code>LoggingContext</code> for each thread. */ -  private ThreadLocal context; -   -  /** -   * Get the single instance of the <code>LoggingContextManager</code> class. -   *  -   * @return LoggingContextManager The single instance. -   */ -  public static synchronized LoggingContextManager getInstance() { -    if (instance == null) { -      instance = new LoggingContextManager(); -    } -    return instance; -  } -   -  /** -   * Creates a new <code>LoggingContextManager</code>. -   *  -   * Protected to disallow direct instantiation. -   */ -  protected LoggingContextManager() { -    context = new ThreadLocal(); -  } -   -  /** -   * Set the <code>LoggingContext</code> context for the current thread. -   *  -   * @param ctx The <code>LoggingContext</code> for the current thread. -   */ -  public void setLoggingContext(LoggingContext ctx) { -    context.set(ctx); -  } -   -  /** -   * Return the <code>LoggingContext</code> for the current thread. -   *  -   * @return LoggingContext The <code>LoggingContext</code> for the current -   * thread, or <code>null</code> if none has been set. -   */ -  public LoggingContext getLoggingContext() { -    return (LoggingContext) context.get(); -  } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java index 8f3ffd4c6..b1a3f8446 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java @@ -31,7 +31,6 @@ import org.apache.xerces.util.URI.MalformedURIException;  import org.xml.sax.EntityResolver;  import org.xml.sax.InputSource; -import at.gv.egovernment.moa.logging.LogMsg;  import at.gv.egovernment.moa.logging.Logger;  /** @@ -72,7 +71,7 @@ public class MOAEntityResolver implements EntityResolver {      if (Logger.isDebugEnabled()) {        Logger.debug( -        new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId)); +        new at.gv.egovernment.moaspss.logging.LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));      }      if (publicId != null) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java index 3769b264d..ea71a677f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java @@ -28,8 +28,8 @@ import org.apache.xml.utils.DefaultErrorHandler;  import org.xml.sax.SAXException;  import org.xml.sax.SAXParseException; -import at.gv.egovernment.moa.logging.LogMsg;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moaspss.logging.LogMsg;  /**   * An <code>ErrorHandler</code> that logs a message and throws a diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java deleted file mode 100644 index c2c67ec58..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.io.IOException; -import java.io.InputStream; -import java.security.GeneralSecurityException; -import java.security.KeyStore; - -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; - -/** - * Utility for connecting to server applications via SSL. - *  - * @author Paul Ivancsics - * @version $Id$ - */ -public class SSLUtils { -	 -	/** -	 * Creates an <code>SSLSocketFactory</code> which utilizes the given trust store. -	 *  -   * @param trustStoreType key store type of trust store -   * @param trustStoreInputStream input stream for reading JKS trust store containing -   * 				 trusted server certificates; if <code>null</code>, the default -   * 				 trust store will be utilized -   * @param trustStorePassword if provided, it will be used to check  -   * 				 the integrity of the trust store; if omitted, it will not be checked -   * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code> -   * @throws IOException thrown while reading from the input stream -   * @throws GeneralSecurityException thrown while creating the socket factory -	 */ -  public static SSLSocketFactory getSSLSocketFactory( -  	String trustStoreType, -  	InputStream trustStoreInputStream, -  	String trustStorePassword) - 	  throws IOException, GeneralSecurityException { -  		 -	  TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword); -		SSLContext ctx = SSLContext.getInstance("TLS"); -		ctx.init(null, tms, null); - -    SSLSocketFactory sf = ctx.getSocketFactory(); -  	return sf; -  } -	/** -	 * Creates an <code>SSLSocketFactory</code> which utilizes the -	 * given trust store and keystore. -	 *  -   * @param trustStore trust store containing trusted server certificates;  -   * 				 if <code>null</code>, the default trust store will be utilized -   * @param clientKeyStoreType key store type of <code>clientKeyStore</code> -   * @param clientKeyStoreURL URL of key store containing keys to be used for -   * 				 client authentication; if <code>null</code>, the default key store will be utilized -   * @param clientKeyStorePassword if provided, it will be used to check  -   * 				 the integrity of the client key store; if omitted, it will not be checked -   * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code> -   * @throws IOException thrown while reading key store file -   * @throws GeneralSecurityException thrown while creating the socket factory -	 */ -  public static SSLSocketFactory getSSLSocketFactory( -  	KeyStore trustStore, -  	String clientKeyStoreType, -  	String clientKeyStoreURL, -  	String clientKeyStorePassword) - 	  throws IOException, GeneralSecurityException { -  		 -		SSLContext ctx = getSSLContext( -			trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); -    SSLSocketFactory sf = ctx.getSocketFactory(); -  	return sf; -  } -	/** -	 * Creates an <code>SSLContext</code> initialized for the -	 * given trust store and keystore. -	 *  -   * @param trustStore trust store containing trusted server certificates;  -   * 				 if <code>null</code>, the default trust store will be utilized -   * @param clientKeyStoreType key store type of <code>clientKeyStore</code> -   * @param clientKeyStoreURL URL of key store containing keys to be used for -   * 				 client authentication; if <code>null</code>, the default key store will be utilized -   * @param clientKeyStorePassword if provided, it will be used to check  -   * 				 the integrity of the client key store; if omitted, it will not be checked -   * @return <code>SSLContext</code> to be used for creating an <code>SSLSocketFactory</code> -   * @throws IOException thrown while reading key store file -   * @throws GeneralSecurityException thrown while creating the SSL context -	 */ -  public static SSLContext getSSLContext( -  	KeyStore trustStore, -  	String clientKeyStoreType, -  	String clientKeyStoreURL, -  	String clientKeyStorePassword) - 	  throws IOException, GeneralSecurityException { -  		 - 	  TrustManager[] tms = getTrustManagers(trustStore); -		KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); -		SSLContext ctx = SSLContext.getInstance("TLS"); -		ctx.init(kms, tms, null); -		return ctx; -  } -  /** -   * Loads the trust store from an input stream and gets the  -   * <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>, -	 * initialized from the given trust store. -   * @param trustStoreType key store type of trust store -   * @param trustStoreInputStream input stream for reading JKS trust store containing -   * 				 trusted server certificates; if <code>null</code>, the default -   * 				 trust store will be utilized -   * @param trustStorePassword if provided, it will be used to check  -   * 				 the integrity of the trust store; if omitted, it will not be checked -	 * @return <code>TrustManager</code>s to be used for creating an  -	 * 				  <code>SSLSocketFactory</code> utilizing the given trust store -   * @throws IOException thrown while reading from the input stream -   * @throws GeneralSecurityException thrown while initializing the  -   * 					default <code>TrustManagerFactory</code> -   */ -	protected static TrustManager[] getTrustManagers( -		String trustStoreType, -		InputStream trustStoreInputStream, -  	String trustStorePassword) -	  throws IOException, GeneralSecurityException { -	  	 -	  if (trustStoreInputStream == null) -	  	return null; - -	  // Set up the TrustStore to use. We need to load the file into -	  // a KeyStore instance. -		KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword); -		return getTrustManagers(trustStore); -	} -	/** -	 * Gets the <code>TrustManager</code>s from a default <code>TrustManagerFactory</code>, -	 * initialized from the given trust store. -	 *  -	 * @param trustStore the trust store to use -	 * @return <code>TrustManager</code>s to be used for creating an  -	 * 				  <code>SSLSocketFactory</code> utilizing the given trust store -   * @throws GeneralSecurityException thrown while initializing the  -   * 					default <code>TrustManagerFactory</code> -	 */ -	protected static TrustManager[] getTrustManagers(KeyStore trustStore) -	  throws GeneralSecurityException { -	  	 -	  if (trustStore == null) -	  	return null; - -	  // Initialize the default TrustManagerFactory with this KeyStore -	  String alg=TrustManagerFactory.getDefaultAlgorithm(); -	  TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg); -	  tmFact.init(trustStore); -	 -	  // And now get the TrustManagers -	  TrustManager[] tms=tmFact.getTrustManagers(); -	  return tms; -	} -  /** -   * Loads the client key store from file and gets the  -   * <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, -	 * initialized from the given client key store. -   * @param clientKeyStoreType key store type of <code>clientKeyStore</code> -   * @param clientKeyStoreURL URL of key store containing keys to be used for -   * 				 client authentication; if <code>null</code>, the default key store will be utilized -   * @param clientKeyStorePassword password used to check the integrity of the client key store;  -   * 				 if <code>null</code>, it will not be checked -	 * @return <code>KeyManager</code>s to be used for creating an  -	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store -   * @throws IOException thrown while reading from the key store file -   * @throws GeneralSecurityException thrown while initializing the  -   * 					default <code>KeyManagerFactory</code> -   */ -  public static KeyManager[] getKeyManagers ( -		String clientKeyStoreType, -		String clientKeyStoreURL, -  	String clientKeyStorePassword) -	  throws IOException, GeneralSecurityException { -   -  	if (clientKeyStoreURL == null) -  		return null; -  		 -	  // Set up the KeyStore to use. We need to load the file into -	  // a KeyStore instance. -	  KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( -	  	clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); -		return getKeyManagers(clientKeyStore, clientKeyStorePassword); -	}   -  /** -   * Gets the <code>KeyManager</code>s from a default <code>KeyManagerFactory</code>, -	 * initialized from the given client key store. -   * @param clientKeyStore client key store -   * @param clientKeyStorePassword if provided, it will be used to check  -   * 				 the integrity of the client key store; if omitted, it will not be checked -	 * @return <code>KeyManager</code>s to be used for creating an  -	 * 				  <code>SSLSocketFactory</code> utilizing the given client key store -   * @throws GeneralSecurityException thrown while initializing the  -   * 					default <code>KeyManagerFactory</code> -   */ -	public static KeyManager[] getKeyManagers ( -		KeyStore clientKeyStore, -  	String clientKeyStorePassword) -	  throws GeneralSecurityException { -   -  	if (clientKeyStore == null) -  		return null; -  		 -	  // Now we initialize the default KeyManagerFactory with this KeyStore -	  String alg=KeyManagerFactory.getDefaultAlgorithm(); -	  KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); -  	char[] password = null; -  	if (clientKeyStorePassword != null) -  		password = clientKeyStorePassword.toCharArray(); -	  kmFact.init(clientKeyStore, password); -	 -	  // And now get the KeyManagers -	  KeyManager[] kms=kmFact.getKeyManagers(); -	  return kms; -	}   -} | 
