From b9937af42fdab6b85aa1121148bda474c70f5e75 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 8 Mar 2016 11:10:19 +0100
Subject: finish first beta-version of ELGA mandate-service client-module

---
 .../moa/id/auth/MOAIDAuthInitializer.java          | 166 +++++++++++++++++++++
 1 file changed, 166 insertions(+)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java

(limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
new file mode 100644
index 000000000..458f9afe6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.Provider;
+import java.security.Security;
+
+import javax.activation.CommandMap;
+import javax.activation.MailcapCommandMap;
+
+import org.springframework.web.context.support.GenericWebApplicationContext;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+import at.gv.egovernment.moa.id.config.auth.MOAGarbageCollector;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.pki.PKIException;
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAIDAuthInitializer {
+
+	/**
+     * Initializes the web application components which need initialization:
+     * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
+     * @param rootContext 
+     */
+    public static void initialize(GenericWebApplicationContext rootContext) throws ConfigurationException,
+            PKIException, IOException, GeneralSecurityException {
+        Logger.setHierarchy("moa.id.auth");
+        Logger.info("Default java file.encoding: "
+                + System.getProperty("file.encoding"));
+
+                
+        //JDK bug workaround according to:
+        // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
+        // register content data handlers for S/MIME types
+        MailcapCommandMap mc = new MailcapCommandMap();
+        CommandMap.setDefaultCommandMap(mc);
+        
+        if (MiscUtil.isEmpty(System.getProperty("https.cipherSuites")))        
+        	System.setProperty(
+        			"https.cipherSuites",
+        			"TLS_DH_anon_WITH_AES_128_CBC_SHA" +
+        					",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +
+        					",TLS_DHE_DSS_WITH_AES_128_CBC_SHA" +
+        					",TLS_RSA_WITH_AES_128_CBC_SHA" +
+        					",TLS_RSA_WITH_AES_256_CBC_SHA" + 
+        					",SSL_DH_anon_WITH_3DES_EDE_CBC_SHA" +
+        					",SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+        					);
+    
+
+        
+        // load some jsse classes so that the integrity of the jars can be
+        // verified
+        // before the iaik jce is installed as the security provider
+        // this workaround is only needed when sun jsse is used in conjunction
+        // with
+        // iaik-jce (on jdk1.3)
+        ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader();
+        try {
+            cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
+        } catch (ClassNotFoundException e) {
+            Logger.warn(MOAIDMessageProvider.getInstance().getMessage(
+                    "init.01", null), e);
+        }
+
+        Logger.info("Loading Java security providers.");
+        IAIK.addAsProvider();                
+        ECCProvider.addAsProvider();
+        
+        // Initializes SSLSocketFactory store
+        SSLUtils.initialize();
+
+        // Initializes Namespace Map
+        Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+        Constants.nSMap.put(Constants.ECDSA_PREFIX,
+                "http://www.w3.org/2001/04/xmldsig-more#");
+        Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+
+        //seed the random number generator
+        Random.seedRandom();
+        Logger.debug("Random-number generator is seeded.");
+        
+        // Initialize configuration provider
+       	AuthConfiguration authConf = AuthConfigurationProviderFactory.reload(rootContext);
+
+       	//test, if MOA-ID is already configured
+    	authConf.getPublicURLPrefix();
+
+
+    	// Initialize MOA-SP
+    	//MOA-SP is only use by API calls since MOA-ID 3.0.0  
+        try {
+        	LoggingContextManager.getInstance().setLoggingContext(
+                      new LoggingContext("startup"));
+            ConfigurationProvider config = ConfigurationProvider
+                      .getInstance();
+            new IaikConfigurator().configure(config);
+            
+         } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
+            throw new ConfigurationException("config.10", new Object[] { ex
+                     .toString() }, ex);
+            
+         }
+        	        	
+				
+        //IAIK.addAsProvider();                
+        //ECCProvider.addAsProvider();
+        
+        Security.insertProviderAt(IAIK.getInstance(), 0);
+        Security.addProvider(new ECCProvider());
+        
+        if (Logger.isDebugEnabled()) {
+        	Logger.debug("Loaded Security Provider:");
+        	Provider[] providerList = Security.getProviders();
+        	for (int i=0; i<providerList.length; i++)
+        		Logger.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());        		
+        	
+        }
+        
+        
+        // Starts the session cleaner thread to remove unpicked authentication data
+        AuthenticationSessionCleaner sessioncleaner = rootContext.getBean("AuthenticationSessionCleaner", AuthenticationSessionCleaner.class);
+        AuthenticationSessionCleaner.start(sessioncleaner);
+        
+        MOAGarbageCollector.start();
+    }
+}
-- 
cgit v1.2.3