package at.gv.egovernment.moa.id.proxy; import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import java.io.IOException; import java.security.GeneralSecurityException; import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.logging.Logger; /** * Web application initializer * * @author Paul Ivancsics * @version $Id$ */ public class MOAIDProxyInitializer { /** * Initializes the web application components which need initialization: * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner. */ public static void initialize() throws ConfigurationException, IOException, GeneralSecurityException, PKIException { Logger.setHierarchy("moa.id.proxy"); // Restricts TLS cipher suites System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA"); // load some jsse classes so that the integrity of the jars can be verified // before the iaik jce is installed as the security provider // this workaround is only needed when sun jsse is used in conjunction with // iaik-jce (on jdk1.3) ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader(); try { cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar } catch (ClassNotFoundException e) { Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e); } // Initializes the SSLSocketFactory store SSLUtils.initialize(); // Initializes IAIKX509TrustManager logging String log4jConfigURL = System.getProperty("log4j.configuration"); if (log4jConfigURL != null) { IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); } // Loads the configuration ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload(); // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service, // using configuration data ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); if (connParamAuth!=null) { if (connParamAuth.isHTTPSURL()) { SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); AxisSecureSocketFactory.initialize(ssf); } } else { throw new ConfigurationException("config.16", null); } // Initializes the Axis secure socket factories for use in calling the online applications, // using configuration data OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters(); for (int i = 0; i < oaParams.length; i++) { OAProxyParameter oaParam = oaParams[i]; ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); if (oaConnParam.isHTTPSURL()) SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } // Initializes the ConnectionBuilderFactory from configuration data ConnectionBuilderFactory.initialize(); // Initializes the LoginParameterResolverFactory from configuration data LoginParameterResolverFactory.initialize(); } }