From d1a5528b2f542c1f7004f6f47fba0b083ff03277 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Mon, 24 Oct 2016 12:45:47 +0200
Subject: remove MOA-ID specific certStore directory. From now, MOA-ID always
 use the MOA-SPSS certStore directory for chain building

---
 .../utils/MOAHttpProtocolSocketFactory.java        | 35 ++++++++++--
 .../id/commons/utils/ssl/MOAIDTrustManager.java    | 66 ++++++++++------------
 .../moa/id/commons/utils/ssl/PKIProfileImpl.java   | 29 ++++++++--
 .../moa/id/commons/utils/ssl/SSLUtils.java         | 16 ++++--
 4 files changed, 93 insertions(+), 53 deletions(-)

(limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils')

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
index 3b1f0c7b5..4f3f921df 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -50,19 +50,42 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 	
 	public MOAHttpProtocolSocketFactory (
 			String url, 
-			String certStoreRootDirParam,
 			String trustStoreURL,
 			String acceptedServerCertURL,
 			String chainingMode,
 			boolean checkRevocation,
-			String[] revocationMethodOrder
-			) throws MOAHttpProtocolSocketFactoryException {
-		super();
+			String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
+		internalInitialize(url, null, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
 		
+	}
+	
+	/**
+	 * @param string
+	 * @param certStoreDirectory
+	 * @param trustStoreDirectory
+	 * @param object
+	 * @param string2
+	 * @param b
+	 * @param strings
+	 */
+	public MOAHttpProtocolSocketFactory(String url, String certStoreDirectory, String trustStoreURL,
+			String acceptedServerCertURL,
+			String chainingMode,
+			boolean checkRevocation,
+			String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
+		internalInitialize(url, certStoreDirectory, trustStoreURL, acceptedServerCertURL, chainingMode, checkRevocation, revocationMethodOrder);
+
+	}
+
+	private void internalInitialize(String url, String certStoreDirectory, String trustStoreURL,
+			String acceptedServerCertURL,
+			String chainingMode,
+			boolean checkRevocation,
+			String[] revocationMethodOrder) throws MOAHttpProtocolSocketFactoryException {
 		try {
 			this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory(
 					url, 
-					certStoreRootDirParam, 
+					certStoreDirectory,
 					trustStoreURL, 
 					acceptedServerCertURL, 
 					chainingMode, 
@@ -85,7 +108,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory
 			throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
 			
 		}
-			
+		
 	}
 	
 	/* (non-Javadoc)
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index 969de3ce6..9fc6f799d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -59,12 +59,6 @@ import java.util.List;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
-import iaik.logging.TransactionId;
-import iaik.logging.impl.TransactionIdImpl;
-import iaik.pki.PKIConfiguration;
-import iaik.pki.PKIException;
-import iaik.pki.PKIFactory;
-import iaik.pki.PKIProfile;
 import iaik.pki.jsse.IAIKX509TrustManager;
 
 
@@ -168,35 +162,35 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
     return true;
   }
   
-  public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException  {
-	  if (pkiProfile == null) {
-		  throw new NullPointerException("pkiConfig parameter must not be null");
-		  
-	  }
-	  	  
-	  TransactionId tid = new TransactionIdImpl("Init");
-	  log_.info(tid, "Setting up IAIKX509TrustManager", null);
-	  if (pkiConfig != null) {
-		  PKIFactory.getInstance().configure(pkiConfig, tid);
-//		  log_.info(tid, "Registering LDAP protocol handler", null);
-//		  String protocolHandlers = 
-//				  System.getProperty("java.protocol.handler.pkgs");
-//		  if (protocolHandlers == null) {
-//			  protocolHandlers = "iaik.pki";
-//			  
-//		  } else {
-//			  protocolHandlers = protocolHandlers + "|iaik.pki";
-//			  
-//		  }
-//      
-//		  System.setProperty("java.protocol.handler.pkgs", protocolHandlers);
-//		  log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null);
-
-	  }
-	  
-	  pkiProfile_ = pkiProfile;
-	  pkiFactory_ = PKIFactory.getInstance();
-	  initialized_ = true;
-  }
+//  public void init(PKIConfiguration pkiConfig, PKIProfile pkiProfile) throws PKIException  {
+//	  if (pkiProfile == null) {
+//		  throw new NullPointerException("pkiConfig parameter must not be null");
+//		  
+//	  }
+//	  	  
+//	  TransactionId tid = new TransactionIdImpl("Init");
+//	  log_.info(tid, "Setting up IAIKX509TrustManager", null);
+//	  if (pkiConfig != null) {
+//		  PKIFactory.getInstance().configure(pkiConfig, tid);
+////		  log_.info(tid, "Registering LDAP protocol handler", null);
+////		  String protocolHandlers = 
+////				  System.getProperty("java.protocol.handler.pkgs");
+////		  if (protocolHandlers == null) {
+////			  protocolHandlers = "iaik.pki";
+////			  
+////		  } else {
+////			  protocolHandlers = protocolHandlers + "|iaik.pki";
+////			  
+////		  }
+////      
+////		  System.setProperty("java.protocol.handler.pkgs", protocolHandlers);
+////		  log_.info(tid, "Registered protocol handlers: " + protocolHandlers, null);
+//
+//	  }
+//	  
+//	  pkiProfile_ = pkiProfile;
+//	  pkiFactory_ = PKIFactory.getInstance();
+//	  initialized_ = true;
+//  }
   
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
index 9b692c090..1c8b6e18d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java
@@ -46,10 +46,12 @@
 
 package at.gv.egovernment.moa.id.commons.utils.ssl;
 
+import java.security.NoSuchAlgorithmException;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
 import java.util.Set;
 
+import iaik.asn1.structures.AlgorithmID;
 import iaik.pki.PKIProfile;
 import iaik.pki.pathvalidation.ValidationProfile;
 import iaik.pki.revocation.RevocationProfile;
@@ -66,7 +68,7 @@ import iaik.pki.store.truststore.TrustStoreTypes;
  */
 public class PKIProfileImpl extends ObservableImpl
   implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
-
+	
   /**
    * URI to the truststore
    */
@@ -79,6 +81,7 @@ public class PKIProfileImpl extends ObservableImpl
   
 	
 	private String[] revocationCheckMethode = new String[] {RevocationSourceTypes.CRL};
+	protected String ocspRequestHashAlgorithm_ = null;
 	
   /**
    * The trust profile identifier. 
@@ -130,16 +133,32 @@ public class PKIProfileImpl extends ObservableImpl
    * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
    */
   public long getMaxRevocationAge(String arg0) {
-    return 0;
+    return 0L;
   }
 
   /**
    * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
    */
   public String getOCSPRequestHashAlgorithm() {
-    return null;
+	  if (ocspRequestHashAlgorithm_ == null) {
+	      try
+	      {
+	        ocspRequestHashAlgorithm_ = AlgorithmID.sha1.getImplementationName();
+	      }
+	      catch (NoSuchAlgorithmException localNoSuchAlgorithmException) {}
+	    }
+	    return ocspRequestHashAlgorithm_;
   }
 
+  public void setOCSPRequestHashAlgorithm(AlgorithmID paramAlgorithmID)
+		    throws NoSuchAlgorithmException
+		  {
+		    if (paramAlgorithmID == null) {
+		      throw new NullPointerException("Algorithm must not be null.");
+		    }
+		    ocspRequestHashAlgorithm_ = paramAlgorithmID.getImplementationName();
+		  }
+  
   /**
    * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
    */
@@ -233,8 +252,8 @@ public class PKIProfileImpl extends ObservableImpl
  */
 @Override
 public int autoAddCertificates() {
-	//TODO: ask harald!!!!!
 	return 1;
+	
 }
 
 /* (non-Javadoc)
@@ -242,7 +261,7 @@ public int autoAddCertificates() {
  */
 @Override
 public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
-	//TODO: ask harald!!!!!
 	return null;
+	
 }
 }
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index d2a099c69..4ecda435d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -61,7 +61,7 @@ import javax.net.ssl.TrustManager;
 
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.KeyStoreUtils;
-import iaik.pki.PKIConfiguration;
+import iaik.pki.DefaultPKIConfiguration;
 import iaik.pki.PKIException;
 import iaik.pki.PKIFactory;
 //import iaik.pki.jsse.IAIKX509TrustManager;
@@ -218,12 +218,16 @@ public class SSLUtils {
     boolean checkRevocation, String[] revocationMethodOrder) 
     throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
 
-    PKIConfiguration cfg = null;
-    if (! PKIFactory.getInstance().isAlreadyConfigured())
-      cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode);
-    
-    PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+	DefaultPKIConfiguration cfg = null;
+    if (! PKIFactory.getInstance().isAlreadyConfigured()) {
+    	CertStoreConfigurationImpl certStoreConf = new CertStoreConfigurationImpl(certStoreRootDirParam);
+    	cfg = new DefaultPKIConfiguration(certStoreConf.getParameters());
+    	cfg.setChainingMode(chainingMode);
+    	Logger.info("Set-up PKI module configuration ... ");
+    	
+    }
     
+    PKIProfileImpl profile = new PKIProfileImpl(trustStoreURL, checkRevocation);    
     profile.setPreferredServiceOrder(revocationMethodOrder);
     
     // This call fixes a bug occuring when PKIConfiguration is
-- 
cgit v1.2.3