diff options
Diffstat (limited to 'spss.server/src/at/gv/egovernment/moa/spss')
-rw-r--r-- | spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java | 67 | ||||
-rw-r--r-- | spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java | 12 |
2 files changed, 78 insertions, 1 deletions
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java new file mode 100644 index 000000000..c8a454e9f --- /dev/null +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java @@ -0,0 +1,67 @@ +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.logging.TransactionId; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.pki.store.revocation.RevocationInfoRetriever; +import iaik.pki.store.revocation.RevocationSource; +import iaik.pki.store.revocation.RevocationStoreException; +import iaik.servertools.ldap.Handler; + +import java.io.InputStream; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLStreamHandler; +import java.util.Collection; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * A customized implementation of {@link iaik.pki.store.revocation.RevocationInfoRetriever}. Will be used + * instead of the default implementation {@link iaik.pki.store.revocation.CRLRetriever} to overcome a + * classloader problem in connection with the {@link java.net.URL} class in a Tomcat deployment environment. + * + * @author Gregor Karlinger + * @version $$ + */ +public class CRLRetriever implements RevocationInfoRetriever +{ + public void update(RevocationSource source, Collection supplementalRequestData, TransactionId tid) + throws RevocationStoreException + { + if (source == null) + { + throw new NullPointerException("RevocationSource parameter mustn't be null."); + } + Logger.info("Downloading crl from " + source.getUri()); + if (!source.getType().equals(RevocationSourceTypes.CRL)) + { + throw new RevocationStoreException( + source.getType() + " not supported", + null, + getClass().getName() + ":1"); + } + try + { + URL crlUrl; + try + { + crlUrl = new URL(source.getUri()); + } + catch (MalformedURLException e) + { + // Workaround for classloader problem with deployment in Tomcat 4.1 + URLStreamHandler handler = new Handler(); + crlUrl = new URL(null, source.getUri(), handler); + } + + InputStream crlInputStream = crlUrl.openStream(); + source.readFrom(crlInputStream, tid); + crlInputStream.close(); + } + catch (Exception iox) + { + Logger.warn("Cannot retrieve crl", iox); + throw new RevocationStoreException("Cannot retrieve CRL", iox, getClass().getName() + ":1"); + } + } +} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index 8bd410ac7..6562ef1f4 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -6,6 +6,9 @@ import java.util.List; import java.util.Map; import java.util.Set; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.pki.store.revocation.RevocationFactory; +import iaik.pki.store.revocation.RevocationSourceStore; import iaik.pki.store.truststore.TrustStoreFactory; import iaik.server.ConfigurationData; import iaik.server.Configurator; @@ -37,6 +40,7 @@ public class IaikConfigurator { /** * Configure the IAIK MOA subsystem. * + * * @param moaConfig The underlying MOA configuration. * @throws ConfigurationException An error occurred configuring the IAIK * MOA subsystem. @@ -48,7 +52,13 @@ public class IaikConfigurator { warnings = new ArrayList(); try { - Configurator.init(configData, new TransactionId("IaikConfigurator")); + TransactionId transId = new TransactionId("IaikConfigurator"); + Configurator.init(configData, transId); + + // Set customized CRL retriever to overcome a classloader problem when MOA is deployed in Tomcat + RevocationSourceStore rss = RevocationFactory.getInstance(transId).getRevocationSourceStore(); + rss.setRetriever(new CRLRetriever(), RevocationSourceTypes.CRL); + dumpKeyEntryIDs(); checkKeyGroupConfig(moaConfig); TrustStoreFactory.reset(); |