From b2332a3b55b1d5164f9764cb895185798b4fb4a2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 14 Dec 2021 11:52:51 +0100 Subject: fix possible problem with IAIK provider --- .../config/ConfigurationProvider.java | 59 ++++++++++++++++++++++ 1 file changed, 59 insertions(+) (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index 8eb4db4a2..2cce2ebab 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -33,9 +33,12 @@ import java.net.URL; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.Security; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; +import java.util.Optional; import java.util.Properties; import java.util.Timer; import java.util.jar.Attributes; @@ -54,6 +57,9 @@ import org.springframework.context.ApplicationContext; import org.springframework.context.support.ClassPathXmlApplicationContext; import org.springframework.context.support.GenericApplicationContext; +import com.google.common.collect.Streams; + +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; @@ -64,8 +70,10 @@ import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration; import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import iaik.asn1.structures.AlgorithmID; +import iaik.security.provider.IAIK; import iaik.x509.X509Certificate; import lombok.extern.slf4j.Slf4j; @@ -174,6 +182,12 @@ public class ConfigurationProvider { log.info("Hibernate initialization finished."); + //check if IAIK provider is already loaded in first place + Optional> isIaikProviderLoaded = Streams.mapWithIndex( + Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str)) + .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName())) + .findAny(); + DefaultBootstrap.bootstrap(); log.info("OPENSAML initialized"); @@ -181,6 +195,17 @@ public class ConfigurationProvider { fixJava8_141ProblemWithSSLAlgorithms(); + //load a first place + checkSecuityProviderPosition(isIaikProviderLoaded); + + if (Logger.isDebugEnabled()) { + log.debug("Loaded Security Provider:"); + Provider[] providerList = Security.getProviders(); + for (int i=0; i> iaikProviderLoadedBefore) { + if (iaikProviderLoadedBefore.isPresent() && iaikProviderLoadedBefore.get().getFirst() == 0) { + Optional> iaikProviderLoadedNow = Streams.mapWithIndex( + Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str)) + .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName())) + .findAny(); + + if (iaikProviderLoadedNow.isPresent() && iaikProviderLoadedNow.get().getFirst() != + iaikProviderLoadedBefore.get().getFirst()) { + log.debug("IAIK Provider was loaded before on place: {}, but it's now on place: {}. Starting re-ordering ... ", + iaikProviderLoadedBefore.get().getFirst(), iaikProviderLoadedNow.get().getFirst()); + Security.removeProvider(IAIK.getInstance().getName()); + Security.insertProviderAt(IAIK.getInstance(), 0); + log.info("Re-ordering of Security Provider done."); + + } else { + log.debug("IAIK Provider was loaded before on place: {} and it's already there. Nothing todo", + iaikProviderLoadedBefore.get().getFirst()); + + } + } else { + if (iaikProviderLoadedBefore.isPresent()) { + log.debug("IAIK Provider was loaded before on place: {}. Nothing todo", + iaikProviderLoadedBefore.get().getFirst()); + + } else { + log.debug("IAIK Provider was not loaded before. Nothing todo"); + + } + + } + + } + private static void fixJava8_141ProblemWithSSLAlgorithms() { log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] -- cgit v1.2.3