From 576f5ea5cfaf2ea174f198dc5df238c1ca0c331a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 10 Mar 2016 15:35:48 +0100 Subject: MOA-ID, which use MOA-Sig (includes new IAIK-MOA, with iaik_xect, iaik_eccelerate, and new iaik_PKI module --- id/server/moa-id-commons/pom.xml | 13 +- .../utils/MOAHttpProtocolSocketFactory.java | 7 +- .../utils/ssl/CertStoreConfigurationImpl.java | 20 +- .../id/commons/utils/ssl/MOAIDTrustManager.java | 11 +- .../id/commons/utils/ssl/PKIConfigurationImpl.java | 20 +- .../moa/id/commons/utils/ssl/PKIProfileImpl.java | 25 ++- .../utils/ssl/RevocationConfigurationImpl.java | 44 +++- .../moa/id/commons/utils/ssl/SSLUtils.java | 81 ++++++- .../java/at/gv/egovernment/moa/logging/LogMsg.java | 67 ------ .../gv/egovernment/moa/logging/LoggingContext.java | 70 ------ .../moa/logging/LoggingContextManager.java | 80 ------- .../gv/egovernment/moa/util/MOAEntityResolver.java | 3 +- .../gv/egovernment/moa/util/MOAErrorHandler.java | 2 +- .../java/at/gv/egovernment/moa/util/SSLUtils.java | 244 --------------------- .../java/test/at/gv/egovernment/moa/AllTests.java | 8 +- .../at/gv/egovernment/moa/util/SSLUtilsTest.java | 181 --------------- 16 files changed, 189 insertions(+), 687 deletions(-) delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java delete mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java delete mode 100644 id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java (limited to 'id/server/moa-id-commons') diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index bbaba6a50..0b411f55f 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -70,11 +70,22 @@ iaik_moa + + MOA.spss.server + moa-spss-common + ${moa-spss-version} + + iaik.prod iaik_X509TrustManager - + + iaik + iaik_pki_module + 0.12 + + joda-time joda-time diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java index 2ade63c1c..142e9a23a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -22,15 +22,12 @@ */ package at.gv.egovernment.moa.id.commons.utils; -import iaik.pki.PKIException; - import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.GeneralSecurityException; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import org.apache.commons.httpclient.ConnectTimeoutException; @@ -39,7 +36,7 @@ import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils; +import iaik.pki.PKIException; /** * @author tlenz @@ -62,7 +59,7 @@ public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory super(); try { - this.sslfactory = SSLUtils.getSSLSocketFactory( + this.sslfactory = at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( url, certStoreRootDirParam, trustStoreURL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java index 00e750f58..dcbec6bf6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java @@ -46,13 +46,17 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; +import java.io.File; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + import at.gv.egovernment.moa.logging.Logger; import iaik.pki.store.certstore.CertStoreConfiguration; import iaik.pki.store.certstore.CertStoreParameters; import iaik.pki.store.certstore.CertStoreTypes; import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; - -import java.io.File; +import iaik.pki.store.certstore.directory.VirtualCertStore; /** * Implementation of interface needed to initialize an IAIK JSSE TrustManager @@ -153,4 +157,16 @@ public class CertStoreConfigurationImpl extends ObservableImpl return CertStoreTypes.DIRECTORY; } + /* (non-Javadoc) + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getVirtualStores() + */ + @Override + public Set getVirtualStores() { + //TODO: only for Testing and not complete !!!Ask Harald !!!! + + Map vCertStore = new HashMap(); + return vCertStore.keySet(); + + } + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index eaef3f1d4..bcd38c638 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -57,9 +57,8 @@ import java.util.ArrayList; import java.util.List; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.logging.LoggingContext; -import at.gv.egovernment.moa.logging.LoggingContextManager; - +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; import iaik.pki.jsse.IAIKX509TrustManager; /** @@ -95,14 +94,14 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { * Fixes a bug occuring in the case MOA-SP is called by API. * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP. * This method must be called before a MOAIDTrustManager is constructed, - * from every thread. - */ + * from every thread. + */ public static void initializeLoggingContext() { if (LoggingContextManager.getInstance().getLoggingContext() == null) LoggingContextManager.getInstance().setLoggingContext( new LoggingContext(Thread.currentThread().getName())); } - + /** * Builds an Array of accepted server certificates from an URL, diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java index 5d8c7a54e..3eb4707c8 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java @@ -60,6 +60,10 @@ import iaik.pki.store.revocation.archive.ArchiveConfiguration; * @version $Id$ */ public class PKIConfigurationImpl implements PKIConfiguration { + + private static final int TIMEOUT_READ = 60; //[sec] + private static final int TIMEOUT_CONNECTION = 60; //[sec] + /** The configuration for the CertStore */ private CertStoreConfiguration certStoreConfiguration; /** The configuration for the RevocationChecks */ @@ -108,11 +112,19 @@ public class PKIConfigurationImpl implements PKIConfiguration { } /* (non-Javadoc) - * @see iaik.pki.PKIConfiguration#getTimeout() + * @see iaik.pki.PKIConfiguration#getConnectTimeout() */ - public int getTimeout() { - // TODO Auto-generated method stub - return 0; +@Override +public int getConnectTimeout() { + return TIMEOUT_CONNECTION * 1000; +} + +/* (non-Javadoc) + * @see iaik.pki.PKIConfiguration#getReadTimeout() + */ +@Override +public int getReadTimeout() { + return TIMEOUT_READ * 1000; } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java index 59994a257..a34fa9b8b 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java @@ -95,13 +95,6 @@ public class PKIProfileImpl extends ObservableImpl setId("id-" + id); } - /** - * @see iaik.pki.PKIProfile#autoAddCertificates() - */ - public boolean autoAddCertificates() { - return true; - } - /** * @see iaik.pki.PKIProfile#getRevocationProfile() */ @@ -227,4 +220,22 @@ public class PKIProfileImpl extends ObservableImpl public void setId(String id) { this.id = id; } + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ +@Override +public int autoAddCertificates() { + //TODO: ask harald!!!!! + return 1; +} + +/* (non-Javadoc) + * @see iaik.pki.PKIProfile#getIndirectRevocationTrustStoreProfile() + */ +@Override +public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { + //TODO: ask harald!!!!! + return null; +} } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java index b5e0543db..40d081ea4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java @@ -46,13 +46,16 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.revocation.RevocationConfiguration; - import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Date; +import java.util.HashMap; +import java.util.Map; import java.util.Set; +import iaik.pki.revocation.RevocationConfiguration; +import iaik.pki.revocation.dbcrl.config.DBCrlConfig; + /** * Implementation of interface needed to initialize an IAIK JSSE TrustManager * @author Paul Ivancsics @@ -81,4 +84,41 @@ public class RevocationConfigurationImpl extends ObservableImpl implements Revoc return null; } +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getKeepRevocationInfo() + */ +@Override +public boolean getKeepRevocationInfo() { + return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getPositiveOCSPResponders() + */ +@Override +public Set getPositiveOCSPResponders() { + + //TODO: !!!!! ASK Harald !!!!! + Map test = new HashMap(); + test.put("ALL", "ALL"); + return test.keySet(); +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#skipIndirectCRLCheckForAlternativeDistributionPoints() + */ +@Override +public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() { + //TODO: !!!!! ASK Harald !!!!! + return false; +} + +/* (non-Javadoc) + * @see iaik.pki.revocation.RevocationConfiguration#getDataBaseCRLConfig() + */ +@Override +public DBCrlConfig getDataBaseCRLConfig() { + return null; +} + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java index 68437a04d..503e0bfc4 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -46,25 +46,28 @@ package at.gv.egovernment.moa.id.commons.utils.ssl; -import iaik.pki.PKIConfiguration; -import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; -import iaik.pki.jsse.IAIKX509TrustManager; -import iaik.security.provider.IAIK; - import java.io.IOException; import java.security.GeneralSecurityException; +import java.security.KeyStore; import java.security.Security; import java.util.HashMap; import java.util.Map; import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIProfile; +import iaik.pki.jsse.IAIKX509TrustManager; +//import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; /** @@ -136,7 +139,7 @@ public class SSLUtils { acceptedServerCertURL, checkRevocation); - KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( + KeyManager[] kms = getKeyManagers( clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(kms, tms, null); @@ -153,6 +156,68 @@ public class SSLUtils { } + /** + * Loads the client key store from file and gets the + * KeyManagers from a default KeyManagerFactory, + * initialized from the given client key store. + * @param clientKeyStoreType key store type of clientKeyStore + * @param clientKeyStoreURL URL of key store containing keys to be used for + * client authentication; if null, the default key store will be utilized + * @param clientKeyStorePassword password used to check the integrity of the client key store; + * if null, it will not be checked + * @return KeyManagers to be used for creating an + * SSLSocketFactory utilizing the given client key store + * @throws IOException thrown while reading from the key store file + * @throws GeneralSecurityException thrown while initializing the + * default KeyManagerFactory + */ + public static KeyManager[] getKeyManagers ( + String clientKeyStoreType, + String clientKeyStoreURL, + String clientKeyStorePassword) + throws IOException, GeneralSecurityException { + + if (clientKeyStoreURL == null) + return null; + + // Set up the KeyStore to use. We need to load the file into + // a KeyStore instance. + KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( + clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + return getKeyManagers(clientKeyStore, clientKeyStorePassword); + } + /** + * Gets the KeyManagers from a default KeyManagerFactory, + * initialized from the given client key store. + * @param clientKeyStore client key store + * @param clientKeyStorePassword if provided, it will be used to check + * the integrity of the client key store; if omitted, it will not be checked + * @return KeyManagers to be used for creating an + * SSLSocketFactory utilizing the given client key store + * @throws GeneralSecurityException thrown while initializing the + * default KeyManagerFactory + */ + public static KeyManager[] getKeyManagers ( + KeyStore clientKeyStore, + String clientKeyStorePassword) + throws GeneralSecurityException { + + if (clientKeyStore == null) + return null; + + // Now we initialize the default KeyManagerFactory with this KeyStore + String alg=KeyManagerFactory.getDefaultAlgorithm(); + KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); + char[] password = null; + if (clientKeyStorePassword != null) + password = clientKeyStorePassword.toCharArray(); + kmFact.init(clientKeyStore, password); + + // And now get the KeyManagers + KeyManager[] kms=kmFact.getKeyManagers(); + return kms; + } + /** * Initializes an IAIKX509TrustManager for a given trust store, * using configuration data. diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java deleted file mode 100644 index 51667f010..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LogMsg.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * A unified message type to log messages from inside the MOA subsystem. - * - * @author Patrick Peck - * @version $Id$ - */ -public class LogMsg { - /** The message to log. */ - private Object message; - - /** - * Create a LogMsg object. - * - * @param message The actual message to log. May be null. - */ - public LogMsg(Object message) { - this.message = message; - } - - /** - * Convert this log message to a String. - * - * @return The String representation of this log message. - */ - public String toString() { - StringBuffer msg = new StringBuffer(); - LoggingContext ctx = - LoggingContextManager.getInstance().getLoggingContext(); - String tid = ctx != null ? ctx.getTransactionID() : null; - String nodeId = ctx != null ? ctx.getNodeID() : null; - - msg.append("TID="); - msg.append(tid != null ? tid : ""); - msg.append(" NID="); - msg.append(nodeId != null ? nodeId : ""); - msg.append(" MSG="); - msg.append(message != null ? message.toString() : ""); - - return msg.toString(); - } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java deleted file mode 100644 index db4b93a0b..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContext.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * Encapsulates contextual information (i.e. per request information) for - * logging purposes. - * - * @author Patrick Peck - * @version $Id$ - */ -public class LoggingContext { - /** The name of the node ID system property. */ - public static final String NODE_ID_PROPERTY = "moa.node-id"; - - /** The current transaction ID. */ - private String transactionID; - /** The node ID. */ - private String nodeID; - - /** - * Create a new LoggingContext. - * - * @param transactionID The transaction ID. May be null. - */ - public LoggingContext(String transactionID) { - this.transactionID = transactionID; - this.nodeID = System.getProperty(NODE_ID_PROPERTY); - } - - /** - * Return the transaction ID. - * - * @return The transaction ID. - */ - public String getTransactionID() { - return transactionID; - } - - /** - * Return the node ID. - * - * @return The node ID. - */ - public String getNodeID() { - return nodeID; - } -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java deleted file mode 100644 index f0d7b4c07..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/logging/LoggingContextManager.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.logging; - -/** - * Provides each thread with a single instance of LoggingContext. - * - * @author Patrick Peck - * @version $Id$ - */ -public class LoggingContextManager { - /** The single instance of this class. */ - private static LoggingContextManager instance = null; - - /** The LoggingContext for each thread. */ - private ThreadLocal context; - - /** - * Get the single instance of the LoggingContextManager class. - * - * @return LoggingContextManager The single instance. - */ - public static synchronized LoggingContextManager getInstance() { - if (instance == null) { - instance = new LoggingContextManager(); - } - return instance; - } - - /** - * Creates a new LoggingContextManager. - * - * Protected to disallow direct instantiation. - */ - protected LoggingContextManager() { - context = new ThreadLocal(); - } - - /** - * Set the LoggingContext context for the current thread. - * - * @param ctx The LoggingContext for the current thread. - */ - public void setLoggingContext(LoggingContext ctx) { - context.set(ctx); - } - - /** - * Return the LoggingContext for the current thread. - * - * @return LoggingContext The LoggingContext for the current - * thread, or null if none has been set. - */ - public LoggingContext getLoggingContext() { - return (LoggingContext) context.get(); - } - -} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java index 8f3ffd4c6..b1a3f8446 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAEntityResolver.java @@ -31,7 +31,6 @@ import org.apache.xerces.util.URI.MalformedURIException; import org.xml.sax.EntityResolver; import org.xml.sax.InputSource; -import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; /** @@ -72,7 +71,7 @@ public class MOAEntityResolver implements EntityResolver { if (Logger.isDebugEnabled()) { Logger.debug( - new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId)); + new at.gv.egovernment.moaspss.logging.LogMsg("resolveEntity: p=" + publicId + " s=" + systemId)); } if (publicId != null) { diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java index 3769b264d..ea71a677f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/MOAErrorHandler.java @@ -28,8 +28,8 @@ import org.apache.xml.utils.DefaultErrorHandler; import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; -import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moaspss.logging.LogMsg; /** * An ErrorHandler that logs a message and throws a diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java deleted file mode 100644 index c2c67ec58..000000000 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/SSLUtils.java +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.util; - -import java.io.IOException; -import java.io.InputStream; -import java.security.GeneralSecurityException; -import java.security.KeyStore; - -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; - -/** - * Utility for connecting to server applications via SSL. - * - * @author Paul Ivancsics - * @version $Id$ - */ -public class SSLUtils { - - /** - * Creates an SSLSocketFactory which utilizes the given trust store. - * - * @param trustStoreType key store type of trust store - * @param trustStoreInputStream input stream for reading JKS trust store containing - * trusted server certificates; if null, the default - * trust store will be utilized - * @param trustStorePassword if provided, it will be used to check - * the integrity of the trust store; if omitted, it will not be checked - * @return SSLSocketFactory to be used by an HttpsURLConnection - * @throws IOException thrown while reading from the input stream - * @throws GeneralSecurityException thrown while creating the socket factory - */ - public static SSLSocketFactory getSSLSocketFactory( - String trustStoreType, - InputStream trustStoreInputStream, - String trustStorePassword) - throws IOException, GeneralSecurityException { - - TrustManager[] tms = getTrustManagers(trustStoreType, trustStoreInputStream, trustStorePassword); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(null, tms, null); - - SSLSocketFactory sf = ctx.getSocketFactory(); - return sf; - } - /** - * Creates an SSLSocketFactory which utilizes the - * given trust store and keystore. - * - * @param trustStore trust store containing trusted server certificates; - * if null, the default trust store will be utilized - * @param clientKeyStoreType key store type of clientKeyStore - * @param clientKeyStoreURL URL of key store containing keys to be used for - * client authentication; if null, the default key store will be utilized - * @param clientKeyStorePassword if provided, it will be used to check - * the integrity of the client key store; if omitted, it will not be checked - * @return SSLSocketFactory to be used by an HttpsURLConnection - * @throws IOException thrown while reading key store file - * @throws GeneralSecurityException thrown while creating the socket factory - */ - public static SSLSocketFactory getSSLSocketFactory( - KeyStore trustStore, - String clientKeyStoreType, - String clientKeyStoreURL, - String clientKeyStorePassword) - throws IOException, GeneralSecurityException { - - SSLContext ctx = getSSLContext( - trustStore, clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); - SSLSocketFactory sf = ctx.getSocketFactory(); - return sf; - } - /** - * Creates an SSLContext initialized for the - * given trust store and keystore. - * - * @param trustStore trust store containing trusted server certificates; - * if null, the default trust store will be utilized - * @param clientKeyStoreType key store type of clientKeyStore - * @param clientKeyStoreURL URL of key store containing keys to be used for - * client authentication; if null, the default key store will be utilized - * @param clientKeyStorePassword if provided, it will be used to check - * the integrity of the client key store; if omitted, it will not be checked - * @return SSLContext to be used for creating an SSLSocketFactory - * @throws IOException thrown while reading key store file - * @throws GeneralSecurityException thrown while creating the SSL context - */ - public static SSLContext getSSLContext( - KeyStore trustStore, - String clientKeyStoreType, - String clientKeyStoreURL, - String clientKeyStorePassword) - throws IOException, GeneralSecurityException { - - TrustManager[] tms = getTrustManagers(trustStore); - KeyManager[] kms = getKeyManagers(clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); - return ctx; - } - /** - * Loads the trust store from an input stream and gets the - * TrustManagers from a default TrustManagerFactory, - * initialized from the given trust store. - * @param trustStoreType key store type of trust store - * @param trustStoreInputStream input stream for reading JKS trust store containing - * trusted server certificates; if null, the default - * trust store will be utilized - * @param trustStorePassword if provided, it will be used to check - * the integrity of the trust store; if omitted, it will not be checked - * @return TrustManagers to be used for creating an - * SSLSocketFactory utilizing the given trust store - * @throws IOException thrown while reading from the input stream - * @throws GeneralSecurityException thrown while initializing the - * default TrustManagerFactory - */ - protected static TrustManager[] getTrustManagers( - String trustStoreType, - InputStream trustStoreInputStream, - String trustStorePassword) - throws IOException, GeneralSecurityException { - - if (trustStoreInputStream == null) - return null; - - // Set up the TrustStore to use. We need to load the file into - // a KeyStore instance. - KeyStore trustStore = KeyStoreUtils.loadKeyStore(trustStoreType, trustStoreInputStream, trustStorePassword); - return getTrustManagers(trustStore); - } - /** - * Gets the TrustManagers from a default TrustManagerFactory, - * initialized from the given trust store. - * - * @param trustStore the trust store to use - * @return TrustManagers to be used for creating an - * SSLSocketFactory utilizing the given trust store - * @throws GeneralSecurityException thrown while initializing the - * default TrustManagerFactory - */ - protected static TrustManager[] getTrustManagers(KeyStore trustStore) - throws GeneralSecurityException { - - if (trustStore == null) - return null; - - // Initialize the default TrustManagerFactory with this KeyStore - String alg=TrustManagerFactory.getDefaultAlgorithm(); - TrustManagerFactory tmFact=TrustManagerFactory.getInstance(alg); - tmFact.init(trustStore); - - // And now get the TrustManagers - TrustManager[] tms=tmFact.getTrustManagers(); - return tms; - } - /** - * Loads the client key store from file and gets the - * KeyManagers from a default KeyManagerFactory, - * initialized from the given client key store. - * @param clientKeyStoreType key store type of clientKeyStore - * @param clientKeyStoreURL URL of key store containing keys to be used for - * client authentication; if null, the default key store will be utilized - * @param clientKeyStorePassword password used to check the integrity of the client key store; - * if null, it will not be checked - * @return KeyManagers to be used for creating an - * SSLSocketFactory utilizing the given client key store - * @throws IOException thrown while reading from the key store file - * @throws GeneralSecurityException thrown while initializing the - * default KeyManagerFactory - */ - public static KeyManager[] getKeyManagers ( - String clientKeyStoreType, - String clientKeyStoreURL, - String clientKeyStorePassword) - throws IOException, GeneralSecurityException { - - if (clientKeyStoreURL == null) - return null; - - // Set up the KeyStore to use. We need to load the file into - // a KeyStore instance. - KeyStore clientKeyStore = KeyStoreUtils.loadKeyStore( - clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); - return getKeyManagers(clientKeyStore, clientKeyStorePassword); - } - /** - * Gets the KeyManagers from a default KeyManagerFactory, - * initialized from the given client key store. - * @param clientKeyStore client key store - * @param clientKeyStorePassword if provided, it will be used to check - * the integrity of the client key store; if omitted, it will not be checked - * @return KeyManagers to be used for creating an - * SSLSocketFactory utilizing the given client key store - * @throws GeneralSecurityException thrown while initializing the - * default KeyManagerFactory - */ - public static KeyManager[] getKeyManagers ( - KeyStore clientKeyStore, - String clientKeyStorePassword) - throws GeneralSecurityException { - - if (clientKeyStore == null) - return null; - - // Now we initialize the default KeyManagerFactory with this KeyStore - String alg=KeyManagerFactory.getDefaultAlgorithm(); - KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg); - char[] password = null; - if (clientKeyStorePassword != null) - password = clientKeyStorePassword.toCharArray(); - kmFact.init(clientKeyStore, password); - - // And now get the KeyManagers - KeyManager[] kms=kmFact.getKeyManagers(); - return kms; - } -} diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java index ba7a0edc4..a3ffbec17 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java @@ -24,12 +24,6 @@ package test.at.gv.egovernment.moa; -import test.at.gv.egovernment.moa.util.DOMUtilsTest; -import test.at.gv.egovernment.moa.util.DateTimeUtilsTest; -import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest; -import test.at.gv.egovernment.moa.util.SSLUtilsTest; -import test.at.gv.egovernment.moa.util.XPathUtilsTest; - import junit.awtui.TestRunner; import junit.framework.Test; import junit.framework.TestSuite; @@ -40,7 +34,7 @@ import junit.framework.TestSuite; */ public class AllTests { - public static Test suite() { + public static Test suite() { TestSuite suite = new TestSuite(); // suite.addTestSuite(DOMUtilsTest.class); diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java deleted file mode 100644 index 2b5094fb8..000000000 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/SSLUtilsTest.java +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package test.at.gv.egovernment.moa.util; - -import java.net.URL; -import java.security.KeyStore; -import java.security.Security; - -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSocketFactory; - -import junit.framework.TestCase; -import at.gv.egovernment.moa.util.KeyStoreUtils; -import at.gv.egovernment.moa.util.SSLUtils; - -import com.sun.net.ssl.HostnameVerifier; -import com.sun.net.ssl.HttpsURLConnection; - -/** - * @author Paul Ivancsics - * @version $Id$ - */ -public class SSLUtilsTest extends TestCase { - - public SSLUtilsTest(String arg0) { - super(arg0); - } - - - protected void setUp() throws Exception { - //System.setProperty("javax.net.debug", "all"); - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); - System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5"); - } - - public void testGetSSLSocketFactoryBaltimoreOK() throws Exception { - doTestGetSSLSocketFactory( - "GET", - "https://www.baltimore.com/", - false, - "file:data/test/security/cacerts+gt_cybertrust_root", - "changeit", - true); - } - public void testGetSSLSocketFactoryBaltimoreNOK() throws Exception { - doTestGetSSLSocketFactory( - "GET", - "https://www.baltimore.com/", - false, - "file:data/test/security/cacerts", - "changeit", - false); - } - public void testGetSSLSocketFactoryVerisignOK() throws Exception { - doTestGetSSLSocketFactory( - "GET", - "https://www.verisign.com/", - false, - "file:data/test/security/cacerts", - "changeit", - true); - } - public void testGetSSLSocketFactoryVerisignNoTruststoreOK() throws Exception { - doTestGetSSLSocketFactory( - "GET", - "https://www.verisign.com/", - false, - null, - null, - true); - } - public void testGetSSLSocketFactoryLocalhostOK() throws Exception { - String urlString = "https://localhost:8443/moa-id-auth/index.jsp"; - doTestGetSSLSocketFactory( - "GET", - urlString, - true, - "file:data/test/security/server.keystore.tomcat", - "changeit", - true); - } - public void testGetSSLSocketFactoryLocalhostNOK() throws Exception { - String urlString = "https://localhost:8443/moa-id-auth/index.jsp"; - doTestGetSSLSocketFactory( - "GET", - urlString, - true, - null, - null, - false); - } - - public void doTestGetSSLSocketFactory( - String requestMethod, - String urlString, - boolean useHostnameVerifierHack, - String truststoreurl, - String trustpassword, - boolean shouldOk - ) throws Exception { - - doTestGetSSLSocketFactory( - requestMethod, urlString, useHostnameVerifierHack, truststoreurl, trustpassword, null, null, null, shouldOk); - } - public void doTestGetSSLSocketFactory( - String requestMethod, - String urlString, - boolean useHostnameVerifierHack, - String truststoreurl, - String trustpassword, - String keystoretype, - String keystoreurl, - String keypassword, - boolean shouldOk - ) throws Exception { - - KeyStore truststore = null; - if (truststoreurl != null) - truststore = KeyStoreUtils.loadKeyStore("jks", truststoreurl, trustpassword); - SSLSocketFactory sf = SSLUtils.getSSLSocketFactory( - truststore, keystoretype, keystoreurl, keypassword); - System.out.println(requestMethod + " " + urlString); - - URL url = new URL(urlString); - HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); - conn.setRequestMethod(requestMethod); - conn.setDoInput(true); - conn.setDoOutput(true); - conn.setUseCaches(false); - conn.setAllowUserInteraction(false); - conn.setSSLSocketFactory(sf); - if (useHostnameVerifierHack) - conn.setHostnameVerifier(new HostnameVerifierHack()); - try { - conn.connect(); - assertTrue(shouldOk); - assertEquals(200, conn.getResponseCode()); - conn.disconnect(); - } - catch (SSLException ex) { - assertFalse(shouldOk); - } - } -// private byte[] readTruststore(String filename) throws IOException { -// if (filename == null) -// return null; -// FileInputStream in = new FileInputStream(filename); -// byte[] buffer = new byte[in.available()]; -// in.read(buffer); -// in.close(); -// return buffer; -// } - private class HostnameVerifierHack implements HostnameVerifier { - public boolean verify(String arg0, String arg1) { - return true; - } - } -} -- cgit v1.2.3