From a917335ea69ab857f00bd17679e259fcc215cad9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 4 Feb 2019 08:58:10 +0100 Subject: update SSLUtils to use default JVM trustStore for SSL connections as optional --- .../moa/id/commons/utils/ssl/SSLUtils.java | 44 +++++++++++++++++----- 1 file changed, 35 insertions(+), 9 deletions(-) (limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index e6efca4ea..a96daead3 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -108,8 +108,29 @@ public class SSLUtils { } } + /** + * Get SSLSocketFactory with TrustStore and KeyStore implementations + * + * @param url URL of the Service that should be connected + * @param useStandardJavaTrustStore Flag to use standard JVM truststore + * @param certStoreRootDirParam Path to certStore, if own truststore is used + * @param trustStoreURL Path to truststore, if own truststore is used + * @param acceptedServerCertURL Path to whitelist with EE-Server certificats, if own truststore is used + * @param chainingMode PKIX-Mode or Onion-Model for certificate validation, if own truststore is used + * @param checkRevocation Flag to activate or deactivate revocation checks, if own truststore is used + * @param revocationMethodOrder Revocation check order (CLR, OCSP), if own truststore is used + * @param clientKeyStoreURL Path to KeyStore for SSL Client-Authentication, or null + * @param clientKeyStorePassword KeyStore password + * @param clientKeyStoreType KeyStore type + * @return + * @throws IOException + * @throws GeneralSecurityException + * @throws SSLConfigurationException + * @throws PKIException + */ public static SSLSocketFactory getSSLSocketFactory( - String url, + String url, + boolean useStandardJavaTrustStore, String certStoreRootDirParam, String trustStoreURL, String acceptedServerCertURL, @@ -130,14 +151,19 @@ public class SSLUtils { return ssf; } - - TrustManager[] tms = getTrustManagers( - certStoreRootDirParam, - chainingMode, - trustStoreURL, - acceptedServerCertURL, - checkRevocation, - revocationMethodOrder); + + //initialize own trust-store implementation + TrustManager[] tms = null; + if (useStandardJavaTrustStore) { + tms = getTrustManagers( + certStoreRootDirParam, + chainingMode, + trustStoreURL, + acceptedServerCertURL, + checkRevocation, + revocationMethodOrder); + + } KeyManager[] kms = getKeyManagers( clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); -- cgit v1.2.3 From 087e317a0633eb761f2a9361c4a10a75680fc742 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Feb 2019 12:34:14 +0100 Subject: fix bug in UseStandardTrustStore flag remove unnecessary maven dependency --- .../main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index a96daead3..8aaf94fad 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -154,7 +154,7 @@ public class SSLUtils { //initialize own trust-store implementation TrustManager[] tms = null; - if (useStandardJavaTrustStore) { + if (!useStandardJavaTrustStore) { tms = getTrustManagers( certStoreRootDirParam, chainingMode, -- cgit v1.2.3