From b0782a62b34a8343968a456ed754f55cc41daf0f Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 7 May 2014 15:49:27 +0200
Subject: add customized HttpClient which can use the MOA Truststore to verfiy
 SSL connections

---
 .../ex/MOAHttpProtocolSocketFactoryException.java  |  42 +++++++
 .../utils/MOAHttpProtocolSocketFactory.java        | 129 +++++++++++++++++++++
 .../moa/id/commons/utils/ssl/SSLUtils.java         |  12 +-
 3 files changed, 181 insertions(+), 2 deletions(-)
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
 create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java

(limited to 'id/server/moa-id-commons/src/main/java/at/gv/egovernment')

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
new file mode 100644
index 000000000..c6d8b1d79
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.ex;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactoryException extends Exception {
+
+	private static final long serialVersionUID = 4934502074731319897L;
+
+	
+	public MOAHttpProtocolSocketFactoryException(String message) {
+		super(message);		
+	}
+	
+	public MOAHttpProtocolSocketFactoryException(String message, Throwable e) {
+		super(message, e );		
+	}
+	
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
new file mode 100644
index 000000000..3b6fc34ea
--- /dev/null
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.commons.utils;
+
+import iaik.pki.PKIException;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException;
+import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils;
+
+/**
+ * @author tlenz
+ *
+ */
+public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory {
+
+	
+	
+	private SSLSocketFactory sslfactory = null;
+	
+	public MOAHttpProtocolSocketFactory (
+			String url, 
+			String certStoreRootDirParam,
+			String trustStoreURL,
+			String acceptedServerCertURL,
+			ChainingModeType chainingMode,
+			boolean checkRevocation
+			) throws MOAHttpProtocolSocketFactoryException {
+		super();
+		
+		try {
+			this.sslfactory = SSLUtils.getSSLSocketFactory(
+					url, 
+					certStoreRootDirParam, 
+					trustStoreURL, 
+					acceptedServerCertURL, 
+					chainingMode.value(), 
+					checkRevocation, 
+					null, 
+					null, 
+					null);
+			
+		} catch (IOException e) {
+			throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+			
+		} catch (GeneralSecurityException e) {
+			throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+			
+		} catch (SSLConfigurationException e) {
+			throw new MOAHttpProtocolSocketFactoryException("SSL Configuration loading FAILED.", e);
+			
+		} catch (PKIException e) {
+			throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e);
+			
+		}
+			
+	}
+	
+	/* (non-Javadoc)
+	 * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int)
+	 */
+	public Socket createSocket(String host, int port, InetAddress localAddress,
+			int localPort) throws IOException, UnknownHostException {
+		return this.sslfactory.createSocket(host, port,
+				localAddress, localPort);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams)
+	 */
+	public Socket createSocket(String host, int port, InetAddress localAddress,
+			int localPort, HttpConnectionParams params) throws IOException,
+			UnknownHostException, ConnectTimeoutException {
+		return this.sslfactory.createSocket(host, port,
+				localAddress, localPort);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int)
+	 */
+	public Socket createSocket(String host, int port) throws IOException,
+			UnknownHostException {
+		return this.sslfactory.createSocket(host, port);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
+	 */
+	public Socket createSocket(Socket socket, String host, int port,
+			boolean autoClose) throws IOException, UnknownHostException {
+		return this.sslfactory.createSocket(socket, host,
+				port, autoClose);
+	}
+
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
index eed8b25e0..68437a04d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java
@@ -139,12 +139,19 @@ public class SSLUtils {
     KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
       clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword);
     SSLContext ctx = SSLContext.getInstance("TLS");
-    ctx.init(kms, tms, null);    ssf = ctx.getSocketFactory();
+    ctx.init(kms, tms, null);    
+    ssf = ctx.getSocketFactory();
     // store SSLSocketFactory
     sslSocketFactories.put(url, ssf);
     return ssf;
   }
   
+  public static void removeSSLSocketFactory(String url) {
+	  Logger.info("Remove SSLSocketFactory for URL " + url);
+	if (sslSocketFactories.containsKey(url))
+		sslSocketFactories.remove(url);
+	  
+  }
   
   /**
    * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
@@ -158,7 +165,7 @@ public class SSLUtils {
    * @throws IOException on data-reading problems
    * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
    */
-  public static TrustManager[] getTrustManagers(String certStoreRootDirParam, 
+  private static TrustManager[] getTrustManagers(String certStoreRootDirParam, 
 		  String chainingMode, String trustStoreURL, String acceptedServerCertURL,
     boolean checkRevocation) 
     throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException {
@@ -175,4 +182,5 @@ public class SSLUtils {
     tm.init(cfg, profile);
     return new TrustManager[] {tm};
   }
+    
 }
-- 
cgit v1.2.3