From 43e57a42832ea8b4ceb0317f3c9028a4174ffa7b Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d>
Date: Wed, 8 Aug 2007 07:25:32 +0000
Subject: Adapted project directory structure to suit the new maven based build
 process.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@909 d688527b-c9ab-4aba-bd8d-4036d912da1d
---
 .../moa/id/iaik/pki/jsse/MOAIDTrustManager.java    | 119 +++++++++++++++++++++
 1 file changed, 119 insertions(+)
 create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java

(limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
new file mode 100644
index 000000000..9da006d35
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
@@ -0,0 +1,119 @@
+package at.gv.egovernment.moa.id.iaik.pki.jsse;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+/**
+ * <code>TrustManager</code> implementation featuring CRL checking (inherited from
+ * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
+ * 
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDTrustManager extends IAIKX509TrustManager {
+  
+  /** an x509Certificate array containing all accepted server certificates*/
+  private X509Certificate[] acceptedServerCertificates;
+
+  /**
+   * Constructor
+   * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
+   * @throws GeneralSecurityException occurs on security errors
+   * @throws IOException occurs on IO errors
+   */
+  public MOAIDTrustManager(String acceptedServerCertificateStoreURL) 
+    throws IOException, GeneralSecurityException {
+    
+    if (acceptedServerCertificateStoreURL != null)
+      buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
+    else
+      acceptedServerCertificates = null;
+  }
+
+ 
+  /**
+   * Initializes the LoggingContextManager logging context.
+   * Fixes a bug occuring in the case MOA-SP is called by API.
+   * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
+   * This method must be called before a MOAIDTrustManager is constructed,
+   * from every thread.
+   */
+  public static void initializeLoggingContext() {  
+    if (LoggingContextManager.getInstance().getLoggingContext() == null)
+    LoggingContextManager.getInstance().setLoggingContext(
+      new LoggingContext(Thread.currentThread().getName()));
+  }
+
+  
+  /**
+   * Builds an Array of accepted server certificates from an URL,
+   * and stores it in <code>acceptedServerCertificates</code>.
+   * @param acceptedServerCertificateStoreURL file URL pointing to the directory
+   *         containing accepted server X509 certificates
+   * @throws GeneralSecurityException on security errors
+   * @throws IOException on any IO errors
+   */
+  private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL) 
+    throws IOException, GeneralSecurityException {
+
+    List certList = new ArrayList();
+    URL storeURL = new URL(acceptedServerCertificateStoreURL);
+    File storeDir = new File(storeURL.getFile());
+    // list certificate files in directory
+    File[] certFiles = storeDir.listFiles(); 
+    for (int i = 0; i < certFiles.length; i++) {
+      // for each: create an X509Certificate and store it in list
+      File certFile = certFiles[i];
+      FileInputStream fis = new FileInputStream(certFile.getPath());
+      CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+      X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
+      fis.close();
+      certList.add(cert);
+    }
+    // store acceptedServerCertificates
+    acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
+  }
+
+  /**
+   * Does additional server-end-SSL-certificate checking.
+   * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
+   */
+  public boolean isServerTrusted(X509Certificate[] certChain) {
+    boolean trusted = super.isServerTrusted(certChain);
+    if (! trusted || acceptedServerCertificates == null)
+      return trusted;
+    else {
+      // check server-end-SSL-certificate with acceptedServerCertificates
+      X509Certificate serverCert = certChain[0];
+      for (int i = 0; i < acceptedServerCertificates.length; i++) {
+        X509Certificate acceptedServerCert = acceptedServerCertificates[i];
+        if (serverCert.equals(acceptedServerCert))
+          return true;
+      }
+      Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
+      return false;
+    }
+  }
+  /**
+   * In rare cases, this method is being called although it should not be.
+   * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
+   */
+  public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
+  {
+    return true;
+  }
+}
-- 
cgit v1.2.3