From 7720eee7787b2149b36ac76da1b64e416e16d07c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Fri, 21 Oct 2016 10:21:15 +0200
Subject: update SSL certificate revocation-checking method-order if the
 IAIK_PKI module is used

---
 .../protocols/pvp2x/metadata/MOAMetadataProvider.java  | 18 ++++++++++++++++--
 .../pvp2x/metadata/SimpleMOAMetadataProvider.java      | 18 ++++++++++--------
 .../id/protocols/pvp2x/utils/MOASAMLSOAPClient.java    |  3 ++-
 .../java/at/gv/egovernment/moa/id/util/SSLUtils.java   |  3 ++-
 4 files changed, 30 insertions(+), 12 deletions(-)

(limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment')

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 19adfe4c4..dc024e695 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -31,6 +31,7 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
+import java.util.Timer;
 
 import javax.xml.namespace.QName;
 
@@ -68,6 +69,7 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 	
 //	private static MOAMetadataProvider instance = null;
 	MetadataProvider internalProvider = null;
+	private Timer timer = null;
 	private static Object mutex = new Object();
 	//private Map<String, Date> lastAccess = null;
 	
@@ -163,10 +165,14 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 						byte[] cert = Base64Utils.decode(certBase64, false);
 						String oaFriendlyName = oaParam.getFriendlyName();
 					
+						if (timer == null)
+							timer = new Timer(true);
+						
 						ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;						
 						HTTPMetadataProvider newMetadataProvider = createNewHTTPMetaDataProvider(metadataURL, 								 
 								buildMetadataFilterChain(oaParam, metadataURL, cert), 
-								oaFriendlyName);
+								oaFriendlyName,
+								timer);
 						
 						chainProvider.addMetadataProvider(newMetadataProvider);
 						
@@ -374,6 +380,10 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 			}
 				
 			internalProvider = new ChainingMetadataProvider();
+			
+			if (timer != null)
+				timer.cancel();
+			
 		} else {
 			Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
 		}
@@ -414,12 +424,16 @@ public class MOAMetadataProvider extends SimpleMOAMetadataProvider
 								byte[] cert = Base64Utils.decode(certBase64, false);
 								
 								
+								if (timer == null)
+									timer = new Timer(true);
+								
 								Logger.info("Loading metadata for: " + oaFriendlyName);					
 								if (!providersinuse.containsKey(metadataurl)) {					
 									httpProvider = createNewHTTPMetaDataProvider(
 											metadataurl, 
 											buildMetadataFilterChain(oaParam, metadataurl, cert),
-											oaFriendlyName);
+											oaFriendlyName,
+											timer);
 						
 									if (httpProvider != null)
 										providersinuse.put(metadataurl, httpProvider);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index 8261a86c1..7a2acee9c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -53,12 +53,13 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 	 * @param metadataURL URL, where the metadata should be loaded
 	 * @param filter Filters, which should be used to validate the metadata
 	 * @param IdForLogging Id, which is used for Logging
+	 * @param timer {@link Timer} which is used to schedule metadata refresh operations
 	 * 
 	 * @return SAML2 Metadata Provider
 	 */
-	protected HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging ) {
+	protected HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, MetadataFilter filter, String IdForLogging, Timer timer) {
 		HTTPMetadataProvider httpProvider = null;
-		Timer timer= null;
+		//Timer timer= null;
 		MOAHttpClient httpClient = null;
 		try {			
 			httpClient = new MOAHttpClient();
@@ -71,7 +72,8 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 							AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
 							null,
 							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
-							AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking());
+							AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
+							AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder());
 					
 					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
 
@@ -81,7 +83,7 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 				}
 			}
 			
-			timer = new Timer(true);
+//			timer = new Timer(true);
 			httpProvider = new HTTPMetadataProvider(timer, httpClient, 
 					metadataURL);
 			httpProvider.setParserPool(new BasicParserPool());
@@ -121,10 +123,10 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 				httpProvider.destroy();
 			}
 			
-			if (timer != null) {
-				Logger.debug("Destroy Timer.");
-				timer.cancel();
-			}
+//			if (timer != null) {
+//				Logger.debug("Destroy Timer.");
+//				timer.cancel();
+//			}
 
 			
 		}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index 0426c2a6a..d5ab4b2e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -77,7 +77,8 @@ public class MOASAMLSOAPClient {
 								AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
 								null,
 								AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), 
-								AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking());
+								AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
+								AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder());
 				clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
 				
 			} catch (MOAHttpProtocolSocketFactoryException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index caf7f570f..784581648 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -129,7 +129,8 @@ public class SSLUtils {
 	    					trustStoreURL, 
 	    					acceptedServerCertURL, 
 	    					AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), 
-	    					AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(), 
+	    					AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
+	    					AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
 	    					connParam.getClientKeyStore(), 
 	    					connParam.getClientKeyStorePassword(), 
 	    					"pkcs12");
-- 
cgit v1.2.3