summaryrefslogtreecommitdiff
path: root/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java
diff options
context:
space:
mode:
Diffstat (limited to 'BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java')
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java274
1 files changed, 274 insertions, 0 deletions
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java
new file mode 100644
index 00000000..e9510101
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java
@@ -0,0 +1,274 @@
+/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.local.conf;
+
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.xml.crypto.XSecProvider;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.CertStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CollectionCertStoreParameters;
+import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.net.ssl.CertPathTrustManagerParameters;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.ManagerFactoryParameters;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.commons.configuration.reloading.FileChangedReloadingStrategy;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
+import at.gv.egiz.smcc.SWCard;
+import at.gv.egiz.smcc.util.SMCCHelper;
+
+public class Configurator {
+ private Log log = LogFactory.getLog(Configurator.class);
+ private XMLConfiguration baseConfig;
+ private XMLConfiguration specialConfig;
+ private boolean autoSave = false;
+
+ public Configurator() {
+ super();
+ init();
+ configure();
+ }
+
+ private void init() {
+ log.debug("Initializing configuration");
+
+ baseConfig = new XMLConfiguration();
+ try {
+ baseConfig.load(getClass().getClassLoader().getResourceAsStream(
+ "./at/gv/egiz/bku/local/baseconfig.xml"));
+ log.debug("Successfully loaded base configuration");
+ } catch (ConfigurationException e) {
+ log.error("Cannot load base configuration", e);
+ }
+ autoSave = baseConfig.getBoolean("OverrideConfigurationFile[@autosave]");
+ try {
+ specialConfig = new XMLConfiguration();
+ specialConfig.setFileName(baseConfig
+ .getString("OverrideConfigurationFile"));
+ specialConfig.load();
+ } catch (Exception e) {
+ log.debug("Cannot get special configuration at: "
+ + baseConfig.getString("OverrideConfigurationFile") + ": " + e);
+ log.debug("Creating new special configuration");
+ try {
+ specialConfig = new XMLConfiguration(baseConfig);
+ specialConfig.setFileName(baseConfig
+ .getString("OverrideConfigurationFile"));
+ specialConfig.save();
+ } catch (ConfigurationException e1) {
+ log.error("Cannot load defaults " + e1);
+ }
+ }
+ specialConfig.setReloadingStrategy(new FileChangedReloadingStrategy());
+ specialConfig.setAutoSave(autoSave);
+ }
+
+ protected void configUrlConnections() {
+ HttpsURLConnection.setFollowRedirects(false);
+ HttpURLConnection.setFollowRedirects(false);
+ }
+
+ protected KeyStore loadKeyStore(String fileName, String type, String password) {
+ KeyStore ks = null;
+ try {
+ ks = KeyStore.getInstance(type);
+ InputStream is = new FileInputStream(fileName);
+ if (is == null) {
+ log.warn("Cannot load keystore from: " + fileName);
+ }
+ ks.load(is, password.toCharArray());
+ for (Enumeration<String> alias = ks.aliases(); alias.hasMoreElements();) {
+ log.debug("Found keystore alias: " + alias.nextElement());
+ }
+ } catch (Exception e) {
+ log.error("Cannot config keystore", e);
+ return null;
+ }
+ return ks;
+ }
+
+ protected void configSSL() {
+ String trustStoreName = specialConfig.getString("SSL.trustStoreFile");
+ String trustStoreType = specialConfig.getString("SSL.trustStoreType");
+ String trustStorePass = specialConfig.getString("SSL.trustStorePass");
+ String certStoreDirectory = specialConfig
+ .getString("SSL.certStoreDirectory");
+ String keyStoreName = specialConfig.getString("SSL.keyStoreFile");
+ String keyStoreType = specialConfig.getString("SSL.keyStoreType");
+ String keyStorePass = specialConfig.getString("SSL.keyStorePass");
+
+ String caIncludeDir = specialConfig.getString("SSL.caIncludeDirectory");
+
+ KeyStore trustStore = loadKeyStore(trustStoreName, trustStoreType,
+ trustStorePass);
+ KeyStore keyStore = null;
+ if (keyStoreName != null) {
+ keyStore = loadKeyStore(keyStoreName, keyStoreType, keyStorePass);
+ }
+
+ try {
+ PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore,
+ new X509CertSelector());
+
+ if (certStoreDirectory != null) {
+ File dir = new File(certStoreDirectory);
+ if (dir.isDirectory()) {
+ List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ for (File f : dir.listFiles()) {
+ log.debug("adding " + f.getName());
+ certCollection.add((X509Certificate) cf
+ .generateCertificate(new FileInputStream(f)));
+ }
+ CollectionCertStoreParameters csp = new CollectionCertStoreParameters(
+ certCollection);
+ CertStore cs = CertStore.getInstance("Collection", csp);
+ pkixParams.addCertStore(cs);
+ log.debug("Added collection certstore");
+ } else {
+ log.error("CertstoreDirectory " + certStoreDirectory
+ + " is not a directory");
+ }
+ }
+
+ if (caIncludeDir != null) {
+ File dir = new File(caIncludeDir);
+ if (dir.exists() && dir.isDirectory()) {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ try {
+ for (File f : dir.listFiles()) {
+ FileInputStream fis = new FileInputStream(f);
+ X509Certificate cert = (X509Certificate) cf
+ .generateCertificate(fis);
+ fis.close();
+ log.debug("Adding trusted cert " + cert.getSubjectDN());
+ trustStore.setCertificateEntry(cert.getSubjectDN().getName(),
+ cert);
+ f.delete();
+ }
+ } finally {
+ trustStore.store(new FileOutputStream(trustStoreName),
+ trustStorePass.toCharArray());
+ }
+ }
+ }
+
+ pkixParams.setRevocationEnabled(specialConfig
+ .getBoolean("SSL.revocation"));
+ if (specialConfig.getBoolean("SSL.revocation")) {
+ System.setProperty("com.sun.security.enableCRLDP ", "true");
+ Security.setProperty("ocsp.enable", "true");
+ }
+ System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
+ log.debug("Setting revocation check to: "
+ + pkixParams.isRevocationEnabled());
+ ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
+ pkixParams);
+ TrustManagerFactory trustFab = TrustManagerFactory.getInstance("PKIX");
+ trustFab.init(trustParams);
+
+ KeyManager[] km = null;
+ SSLContext sslCtx = SSLContext.getInstance(specialConfig
+ .getString("SSL.sslProtocol"));
+ if (keyStore != null) {
+ KeyManagerFactory keyFab = KeyManagerFactory.getInstance("SunX509");
+ keyFab.init(keyStore, keyStorePass.toCharArray());
+ km = keyFab.getKeyManagers();
+ }
+ sslCtx.init(km, trustFab.getTrustManagers(), null);
+ HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
+ log.info("Successfully configured ssl");
+ } catch (Exception e) {
+ log.debug("Cannot init ssl", e);
+ }
+ }
+
+ protected void configureProviders() {
+ log.debug("Registering security providers");
+ ECCProvider.addAsProvider(false);
+ Security.addProvider(new STALProvider());
+ XSecProvider.addAsProvider(false);
+ StringBuffer sb = new StringBuffer();
+ sb.append("Following providers are now registered: ");
+ int i = 1;
+ for (Provider prov : Security.getProviders()) {
+ sb.append((i++) + ". : " + prov);
+ }
+ log.debug("Configured provider" + sb.toString());
+ }
+
+ protected void configureBKU() {
+ if (specialConfig.containsKey("BKU.useSWCard")) {
+ boolean useSWCard = specialConfig.getBoolean("BKU.useSWCard");
+ log.info("Setting SW Card to: "+useSWCard);
+ SMCCHelper.setUseSWCard(useSWCard);
+ }
+ if (specialConfig.containsKey("BKU.SWCardDirectory")) {
+ //SWCard.
+ }
+ }
+
+ public void configure() {
+ configureProviders();
+ configSSL();
+ configUrlConnections();
+ configureBKU();
+
+ }
+
+ public void checkUpdate() {
+ if (specialConfig.getReloadingStrategy().reloadingRequired()) {
+ log.info("Reloading configuration: " + specialConfig.getFileName());
+ specialConfig.setAutoSave(false);
+ specialConfig.clear();
+ try {
+ specialConfig.load();
+ } catch (ConfigurationException e) {
+ log.fatal(e);
+ }
+ specialConfig.setAutoSave(specialConfig
+ .getBoolean("OverrideConfigurationFile[@autosave]"));
+ configure();
+ specialConfig.getReloadingStrategy().reloadingPerformed();
+ }
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 05:00:46 +0000