1 files changed, 102 insertions, 273 deletions

diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java
index e9510101..57a0f84f 100644
--- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java
@@ -1,274 +1,103 @@
 /*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-*     http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-package at.gv.egiz.bku.local.conf;

-

-import iaik.security.ecc.provider.ECCProvider;

-import iaik.xml.crypto.XSecProvider;

-

-import java.io.File;

-import java.io.FileInputStream;

-import java.io.FileOutputStream;

-import java.io.InputStream;

-import java.net.HttpURLConnection;

-import java.security.KeyStore;

-import java.security.Provider;

-import java.security.Security;

-import java.security.cert.CertStore;

-import java.security.cert.CertificateFactory;

-import java.security.cert.CollectionCertStoreParameters;

-import java.security.cert.PKIXBuilderParameters;

-import java.security.cert.X509CertSelector;

-import java.security.cert.X509Certificate;

-import java.util.Enumeration;

-import java.util.LinkedList;

-import java.util.List;

-

-import javax.net.ssl.CertPathTrustManagerParameters;

-import javax.net.ssl.HttpsURLConnection;

-import javax.net.ssl.KeyManager;

-import javax.net.ssl.KeyManagerFactory;

-import javax.net.ssl.ManagerFactoryParameters;

-import javax.net.ssl.SSLContext;

-import javax.net.ssl.TrustManagerFactory;

-

-import org.apache.commons.configuration.ConfigurationException;

-import org.apache.commons.configuration.XMLConfiguration;

-import org.apache.commons.configuration.reloading.FileChangedReloadingStrategy;

-import org.apache.commons.logging.Log;

-import org.apache.commons.logging.LogFactory;

-

-import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;

-import at.gv.egiz.smcc.SWCard;

-import at.gv.egiz.smcc.util.SMCCHelper;

-

-public class Configurator {

-  private Log log = LogFactory.getLog(Configurator.class);

-  private XMLConfiguration baseConfig;

-  private XMLConfiguration specialConfig;

-  private boolean autoSave = false;

-

-  public Configurator() {

-    super();

-    init();

-    configure();

-  }

-

-  private void init() {

-    log.debug("Initializing configuration");

-

-    baseConfig = new XMLConfiguration();

-    try {

-      baseConfig.load(getClass().getClassLoader().getResourceAsStream(

-          "./at/gv/egiz/bku/local/baseconfig.xml"));

-      log.debug("Successfully loaded base configuration");

-    } catch (ConfigurationException e) {

-      log.error("Cannot load base configuration", e);

-    }

-    autoSave = baseConfig.getBoolean("OverrideConfigurationFile[@autosave]");

-    try {

-      specialConfig = new XMLConfiguration();

-      specialConfig.setFileName(baseConfig

-          .getString("OverrideConfigurationFile"));

-      specialConfig.load();

-    } catch (Exception e) {

-      log.debug("Cannot get special configuration at: "

-          + baseConfig.getString("OverrideConfigurationFile") + ": " + e);

-      log.debug("Creating new special configuration");

-      try {

-        specialConfig = new XMLConfiguration(baseConfig);

-        specialConfig.setFileName(baseConfig

-            .getString("OverrideConfigurationFile"));

-        specialConfig.save();

-      } catch (ConfigurationException e1) {

-        log.error("Cannot load defaults " + e1);

-      }

-    }

-    specialConfig.setReloadingStrategy(new FileChangedReloadingStrategy());

-    specialConfig.setAutoSave(autoSave);

-  }

-

-  protected void configUrlConnections() {

-    HttpsURLConnection.setFollowRedirects(false);

-    HttpURLConnection.setFollowRedirects(false);

-  }

-

-  protected KeyStore loadKeyStore(String fileName, String type, String password) {

-    KeyStore ks = null;

-    try {

-      ks = KeyStore.getInstance(type);

-      InputStream is = new FileInputStream(fileName);

-      if (is == null) {

-        log.warn("Cannot load keystore from: " + fileName);

-      }

-      ks.load(is, password.toCharArray());

-      for (Enumeration<String> alias = ks.aliases(); alias.hasMoreElements();) {

-        log.debug("Found keystore alias: " + alias.nextElement());

-      }

-    } catch (Exception e) {

-      log.error("Cannot config keystore", e);

-      return null;

-    }

-    return ks;

-  }

-

-  protected void configSSL() {

-    String trustStoreName = specialConfig.getString("SSL.trustStoreFile");

-    String trustStoreType = specialConfig.getString("SSL.trustStoreType");

-    String trustStorePass = specialConfig.getString("SSL.trustStorePass");

-    String certStoreDirectory = specialConfig

-        .getString("SSL.certStoreDirectory");

-    String keyStoreName = specialConfig.getString("SSL.keyStoreFile");

-    String keyStoreType = specialConfig.getString("SSL.keyStoreType");

-    String keyStorePass = specialConfig.getString("SSL.keyStorePass");

-

-    String caIncludeDir = specialConfig.getString("SSL.caIncludeDirectory");

-

-    KeyStore trustStore = loadKeyStore(trustStoreName, trustStoreType,

-        trustStorePass);

-    KeyStore keyStore = null;

-    if (keyStoreName != null) {

-      keyStore = loadKeyStore(keyStoreName, keyStoreType, keyStorePass);

-    }

-

-    try {

-      PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore,

-          new X509CertSelector());

-

-      if (certStoreDirectory != null) {

-        File dir = new File(certStoreDirectory);

-        if (dir.isDirectory()) {

-          List<X509Certificate> certCollection = new LinkedList<X509Certificate>();

-          CertificateFactory cf = CertificateFactory.getInstance("X.509");

-          for (File f : dir.listFiles()) {

-            log.debug("adding " + f.getName());

-            certCollection.add((X509Certificate) cf

-                .generateCertificate(new FileInputStream(f)));

-          }

-          CollectionCertStoreParameters csp = new CollectionCertStoreParameters(

-              certCollection);

-          CertStore cs = CertStore.getInstance("Collection", csp);

-          pkixParams.addCertStore(cs);

-          log.debug("Added collection certstore");

-        } else {

-          log.error("CertstoreDirectory " + certStoreDirectory

-              + " is not a directory");

-        }

-      }

-

-      if (caIncludeDir != null) {

-        File dir = new File(caIncludeDir);

-        if (dir.exists() && dir.isDirectory()) {

-          CertificateFactory cf = CertificateFactory.getInstance("X.509");

-          try {

-            for (File f : dir.listFiles()) {

-              FileInputStream fis = new FileInputStream(f);

-              X509Certificate cert = (X509Certificate) cf

-                  .generateCertificate(fis);

-              fis.close();

-              log.debug("Adding trusted cert " + cert.getSubjectDN());

-              trustStore.setCertificateEntry(cert.getSubjectDN().getName(),

-                  cert);

-              f.delete();

-            }

-          } finally {

-            trustStore.store(new FileOutputStream(trustStoreName),

-                trustStorePass.toCharArray());

-          }

-        }

-      }

-

-      pkixParams.setRevocationEnabled(specialConfig

-          .getBoolean("SSL.revocation"));

-      if (specialConfig.getBoolean("SSL.revocation")) {

-        System.setProperty("com.sun.security.enableCRLDP ", "true");

-        Security.setProperty("ocsp.enable", "true");

-      }

-      System.setProperty("com.sun.security.enableAIAcaIssuers", "true");

-      log.debug("Setting revocation check to: "

-          + pkixParams.isRevocationEnabled());

-      ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(

-          pkixParams);

-      TrustManagerFactory trustFab = TrustManagerFactory.getInstance("PKIX");

-      trustFab.init(trustParams);

-

-      KeyManager[] km = null;

-      SSLContext sslCtx = SSLContext.getInstance(specialConfig

-          .getString("SSL.sslProtocol"));

-      if (keyStore != null) {

-        KeyManagerFactory keyFab = KeyManagerFactory.getInstance("SunX509");

-        keyFab.init(keyStore, keyStorePass.toCharArray());

-        km = keyFab.getKeyManagers();

-      }

-      sslCtx.init(km, trustFab.getTrustManagers(), null);

-      HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());

-      log.info("Successfully configured ssl");

-    } catch (Exception e) {

-      log.debug("Cannot init ssl", e);

-    }

-  }

-

-  protected void configureProviders() {

-    log.debug("Registering security providers");

-    ECCProvider.addAsProvider(false);

-    Security.addProvider(new STALProvider());

-    XSecProvider.addAsProvider(false);

-    StringBuffer sb = new StringBuffer();

-    sb.append("Following providers are now registered: ");

-    int i = 1;

-    for (Provider prov : Security.getProviders()) {

-      sb.append((i++) + ". : " + prov);

-    }

-    log.debug("Configured provider" + sb.toString());

-  }

-

-  protected void configureBKU() {

-    if (specialConfig.containsKey("BKU.useSWCard")) {

-      boolean useSWCard = specialConfig.getBoolean("BKU.useSWCard");

-      log.info("Setting SW Card to: "+useSWCard);

-      SMCCHelper.setUseSWCard(useSWCard);

-    }

-    if (specialConfig.containsKey("BKU.SWCardDirectory")) {

-     //SWCard.

-    }

-  }

-

-  public void configure() {

-    configureProviders();

-    configSSL();

-    configUrlConnections();

-    configureBKU();

-

-  }

-

-  public void checkUpdate() {

-    if (specialConfig.getReloadingStrategy().reloadingRequired()) {

-      log.info("Reloading configuration: " + specialConfig.getFileName());

-      specialConfig.setAutoSave(false);

-      specialConfig.clear();

-      try {

-        specialConfig.load();

-      } catch (ConfigurationException e) {

-        log.fatal(e);

-      }

-      specialConfig.setAutoSave(specialConfig

-          .getBoolean("OverrideConfigurationFile[@autosave]"));

-      configure();

-      specialConfig.getReloadingStrategy().reloadingPerformed();

-    }

-  }

-

-}

+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.conf;
+
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+import iaik.xml.crypto.XSecProvider;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Properties;
+
+import javax.net.ssl.HttpsURLConnection;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.DataUrl;
+import at.gv.egiz.bku.binding.DataUrlConnection;
+import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
+import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
+
+/**
+ * 
+ * TODO currently only the code to get started.
+ */
+public abstract class Configurator {
+
+  private Log log = LogFactory.getLog(Configurator.class);
+
+  private static Configurator instance = new SpringConfigurator();
+
+  protected Properties properties;
+
+  protected Configurator() {
+  }
+
+  public static Configurator getInstance() {
+    return instance;
+  }
+
+  protected void configUrlConnections() {
+    HttpsURLConnection.setFollowRedirects(false);
+    HttpURLConnection.setFollowRedirects(false);
+  }
+
+  protected void configureProviders() {
+    log.debug("Registering security providers");
+    Security.insertProviderAt(new IAIK(), 1);
+    Security.insertProviderAt(new ECCProvider(false), 2);
+    Security.addProvider(new STALProvider());
+    XSecProvider.addAsProvider(false);
+    StringBuilder sb = new StringBuilder();
+    sb.append("Registered providers: ");
+    int i = 1;
+    for (Provider prov : Security.getProviders()) {
+      sb.append((i++) + ". : " + prov);
+    }
+    log.debug(sb.toString());
+  }
+
+  protected void configViewer() {
+    String bv = properties.getProperty("ValidateHashDataInputs");
+    if (bv != null) {
+      DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv));
+    } else {
+      log.warn("ValidateHashDataInputs not set, falling back to default");
+    }
+  }
+
+  public void configure() {
+    configureProviders();
+    configUrlConnections();
+    configViewer();
+  }
+
+  public void setConfiguration(Properties props) {
+    this.properties = props;
+  }
+
+  public String getProperty(String key) {
+    if (properties != null) {
+      return properties.getProperty(key);
+    }
+    return null;
+  }
+}