From 0815848a43f7040af216b3a909c0c8d06e1db928 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Tue, 10 Oct 2017 14:03:10 +0200
Subject: update error handling

---
 .../resources/properties/id_messages_de.properties |  1 +
 .../id/commons/utils/ssl/MOAIDTrustManager.java    | 37 ++++++++++++++++++----
 2 files changed, 31 insertions(+), 7 deletions(-)

(limited to 'id')

diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index d5c7c812d..2ce9fb9e7 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -89,6 +89,7 @@ config.25=Der verwendete IDP PublicURLPrefix {0} ist nicht erlaubt.
 config.26=Federated IDP {0} contains no AttributeQuery URL.
 config.27=Fehler beim Verarbeiten eines Konfigurationsparameters. Msg:{0} 
 config.28=Fehler beim initialisieren des SSL-TrustManagers. Zertifikat {0} kann nicht geladen werden; Ursache: {1}
+config.29=Fehler beim initialisieren des SSL-TrustManagers. TrustStore: {0} | Ursache: {1}
 
 parser.00=Leichter Fehler beim Parsen: {0}
 parser.01=Fehler beim Parsen: {0}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index beb6cc1c6..dd606ea18 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -58,6 +58,7 @@ import java.util.List;
 
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
 import at.gv.egovernment.moaspss.logging.LoggingContext;
 import at.gv.egovernment.moaspss.logging.LoggingContextManager;
 import iaik.pki.jsse.IAIKX509TrustManager;
@@ -85,10 +86,15 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
   public MOAIDTrustManager(String acceptedServerCertificateStoreURL) 
     throws IOException, GeneralSecurityException, SSLConfigurationException {
     
-    if (acceptedServerCertificateStoreURL != null)
-      buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
-    else
-      acceptedServerCertificates = null;
+    if (acceptedServerCertificateStoreURL != null && MiscUtil.isNotEmpty(acceptedServerCertificateStoreURL.trim())) {
+    	Logger.info("Initialize SSL-TrustStore with explicit accepted server-certificates");
+    	buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
+    	
+    } else {
+    	Logger.info("Initialize SSL-TrustStore without explicit accepted server-certificates");
+    	acceptedServerCertificates = null;
+    	
+    }
   }
 
  
@@ -119,9 +125,26 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
     throws IOException, GeneralSecurityException, SSLConfigurationException {	  
     List<X509Certificate> certList = new ArrayList<X509Certificate>();
     URL storeURL = new URL(acceptedServerCertificateStoreURL);
+    
+    //check URL to TrustStore
+    if (storeURL.getFile() == null) {
+    	Logger.error("Can NOT initialize SSLTrustManager. TrustStore: " + acceptedServerCertificateStoreURL 
+   			+ " is NOT found");
+    	throw new SSLConfigurationException("config.29", new Object[]{acceptedServerCertificateStoreURL, "File or Directory NOT found!"});
+    	
+    }    
     File storeDir = new File(storeURL.getFile());
-    // list certificate files in directory
-    File[] certFiles = storeDir.listFiles();
+    
+    //check directory and files
+    if (storeDir == null || storeDir.listFiles() == null) {
+    	Logger.error("Can NOT initialize SSLTrustManager. TrustStore: " + acceptedServerCertificateStoreURL 
+       			+ " is NOT found");
+        	throw new SSLConfigurationException("config.29", new Object[]{acceptedServerCertificateStoreURL, "Files or Directory NOT found!"});
+        	
+    }
+    
+    // list certificate files in directory    
+    File[] certFiles = storeDir.listFiles();    
     for (int i = 0; i < certFiles.length; i++) {
     	// for each: create an X509Certificate and store it in list
     	File certFile = certFiles[i];
@@ -148,7 +171,7 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
     	   		}
     	   	}
     	   	
-    	    throw new SSLConfigurationException("", new Object[]{certFile.getPath(), e.getMessage()}, e);
+    	    throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e);
     	    
     	} finally {
 			if (fis != null)
-- 
cgit v1.2.3