From d1a5528b2f542c1f7004f6f47fba0b083ff03277 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 24 Oct 2016 12:45:47 +0200 Subject: remove MOA-ID specific certStore directory. From now, MOA-ID always use the MOA-SPSS certStore directory for chain building --- .../moa/id/config/ConfigurationProviderImpl.java | 14 ------------ .../PropertyBasedAuthConfigurationProvider.java | 26 ---------------------- .../pvp2x/metadata/SimpleMOAMetadataProvider.java | 1 - .../protocols/pvp2x/utils/MOASAMLSOAPClient.java | 3 +-- .../at/gv/egovernment/moa/id/util/SSLUtils.java | 4 ++-- 5 files changed, 3 insertions(+), 45 deletions(-) (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java index 0c4dd2097..2b5459208 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProviderImpl.java @@ -53,7 +53,6 @@ import java.util.Properties; import at.gv.egovernment.moa.id.commons.api.ConfigurationProvider; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.SpringProfileConstants; -import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.protocols.pvp2x.config.MOADefaultBootstrap; import at.gv.egovernment.moa.logging.Logger; import at.gv.util.config.EgovUtilPropertiesConfiguration; @@ -115,25 +114,12 @@ public abstract class ConfigurationProviderImpl implements ConfigurationProvider /** The default chaining mode. */ protected String defaultChainingMode = "pkix"; - /** - * A Map which contains the IssuerAndSerial to - * chaining mode (a String) mapping. - */ - protected Map chainingModes; - - /** - * the URL for the trusted CA Certificates - */ - protected String trustedCACertificates; - /** * main configuration file directory name used to configure MOA-ID */ protected String rootConfigFileDir; - protected String certstoreDirectory; - protected boolean trustmanagerrevoationchecking = true; protected Properties configProp = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java index 94353fb6b..8e98c5129 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/PropertyBasedAuthConfigurationProvider.java @@ -1078,32 +1078,6 @@ public class PropertyBasedAuthConfigurationProvider extends ConfigurationProvide } } - /** - * Returns the path to the certificate-store directory or {@code null} if there is no certificate-store directory defined. - * - * @return the path to the certstore directory or {@code null} - */ - @Override - @Transactional - public String getCertstoreDirectory() { - try { - String path = rootConfigFileDir + configuration.getStringValue( - MOAIDConfigurationConstants.GENERAL_AUTH_CERTSTORE_URL); - if (MiscUtil.isNotEmpty(path)) - return path; - - else { - Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); - return null; - - } - - } catch (at.gv.egiz.components.configuration.api.ConfigurationException e) { - Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined.", e); - return null; - } - } - @Override @Transactional public String getTrustedCACertificates() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java index 7a2acee9c..c0ba1d96d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java @@ -68,7 +68,6 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{ try { MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, AuthConfiguration.DEFAULT_X509_CHAININGMODE, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java index d5ab4b2e7..0d1f54249 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -72,8 +72,7 @@ public class MOASAMLSOAPClient { try { SecureProtocolSocketFactory sslprotocolsocketfactory = new MOAHttpProtocolSocketFactory( - PVPConstants.SSLSOCKETFACTORYNAME, - AuthConfigurationProviderFactory.getInstance().getCertstoreDirectory(), + PVPConstants.SSLSOCKETFACTORYNAME, AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(), null, AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index 784581648..cd700c74a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -124,8 +124,8 @@ public class SSLUtils { try { SSLSocketFactory ssf = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( - connParam.getUrl(), - conf.getCertstoreDirectory(), + connParam.getUrl(), + null, trustStoreURL, acceptedServerCertURL, AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), -- cgit v1.2.3