8 files changed, 105 insertions, 768 deletions

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java
deleted file mode 100644
index 6a95b369..00000000
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package at.gv.egiz.bku.conf;

-

-import iaik.x509.X509Certificate;

-

-import java.io.File;

-

-public interface CertValidator {

-

-  public abstract void init(File certDir, File caDir);

-

-  public abstract boolean isCertificateValid(String transactionId, X509Certificate[] certs);

-

-}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java
deleted file mode 100644
index 766fe355..00000000
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java
+++ /dev/null
@@ -1,110 +0,0 @@
-package at.gv.egiz.bku.conf;

-

-import iaik.logging.LogConfigurationException;

-import iaik.logging.TransactionId;

-import iaik.logging.impl.TransactionIdImpl;

-import iaik.logging.LoggerConfig;

-import iaik.pki.DefaultPKIConfiguration;

-import iaik.pki.DefaultPKIProfile;

-import iaik.pki.PKIConfiguration;

-import iaik.pki.PKIException;

-import iaik.pki.PKIFactory;

-import iaik.pki.PKIModule;

-import iaik.pki.PKIProfile;

-import iaik.pki.revocation.RevocationSourceTypes;

-import iaik.pki.store.certstore.CertStoreParameters;

-import iaik.pki.store.certstore.directory.DefaultDirectoryCertStoreParameters;

-import iaik.pki.store.truststore.DefaultTrustStoreProfile;

-import iaik.pki.store.truststore.TrustStoreProfile;

-import iaik.pki.store.truststore.TrustStoreTypes;

-import iaik.x509.X509Certificate;

-

-import java.io.File;

-import java.util.Date;

-import java.util.Properties;

-

-import org.apache.commons.logging.Log;

-import org.apache.commons.logging.LogFactory;

-

-public class CertValidatorImpl implements CertValidator {

-

-  private static Log log = LogFactory.getLog(CertValidatorImpl.class);

-

-  private PKIFactory pkiFactory;

-  private PKIProfile profile;

-

-  public CertValidatorImpl() {

-

-  }

-

-  /* (non-Javadoc)

-   * @see at.gv.egiz.bku.conf.CertValidator#init(java.io.File, java.io.File)

-   */

-  public void init(File certDir, File caDir) {

-    // initialize IAIK logging for PKI module

-    log.debug("Configuring logging for IAIK PKI module");

-    iaik.logging.LogFactory.configure(new LoggerConfig() {

-      

-      @Override

-      public Properties getProperties() throws LogConfigurationException {

-        return null;

-      }

-      

-      @Override

-      public String getNodeId() {

-        return "pki";

-      }

-      

-      @Override

-      public String getFactory() {

-        return IAIKCommonsLogFactory.class.getName();

-      }

-    });

-    

-    

-    // the parameters specifying the directory certstore

-    CertStoreParameters[] certStoreParameters = { new DefaultDirectoryCertStoreParameters(

-        "CS-001", certDir.getAbsolutePath(), true, false) };

-

-    // create a new PKI configuration using the certstore parameters

-    PKIConfiguration pkiConfig = new DefaultPKIConfiguration(

-        certStoreParameters);

-

-    // Transaction ID for logging

-    TransactionId tid = new TransactionIdImpl("Configure-PKI");

-    // get PKI factory for creating PKI module(s)

-    pkiFactory = PKIFactory.getInstance();

-    // configure the factory

-    try {

-      pkiFactory.configure(pkiConfig, tid);

-    } catch (PKIException e) {

-      log.error("Cannot configure PKI module", e);

-    }

-    // the truststore to be used

-    TrustStoreProfile trustProfile = new DefaultTrustStoreProfile("TS-001",

-        TrustStoreTypes.DIRECTORY, caDir.getAbsolutePath());

-    profile = new DefaultPKIProfile(trustProfile);

-    ((DefaultPKIProfile)profile).setAutoAddCertificates(true);

-    ((DefaultPKIProfile) profile).setPreferredServiceOrder(new String[] {

-        RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL });

-  }

-

-  /* (non-Javadoc)

-   * @see at.gv.egiz.bku.conf.CertValidator#isCertificateValid(java.lang.String, iaik.x509.X509Certificate[])

-   */

-  public boolean isCertificateValid(String transactionId,

-      X509Certificate[] certs) {

-    // Transaction ID for logging

-    TransactionId tid = new TransactionIdImpl(transactionId);

-    // get a PKIModule

-    PKIModule pkiModule;

-    try {

-      pkiModule = pkiFactory.getPKIModule(profile);

-      return pkiModule.validateCertificate(new Date(), certs[0], certs, null,

-          tid).isCertificateValid();

-    } catch (PKIException e) {

-      log.error("Cannot validate certificate", e);

-    }

-    return false;

-  }

-}

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configuration.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configuration.java
deleted file mode 100644
index f813b14d..00000000
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configuration.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package at.gv.egiz.bku.conf;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-/**
- * BKU Common Configuration
- * 
- * Injected to BKU Common classes as defined in mocca-conf.xml
- * 
- * Replace at.gv.egiz.bku.conf.Configurator,
- * currently only few configuration options are supported.
- *
- * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
- */
-public class Configuration {
-
-  public static final int MAX_DATAURL_HOPS_DEFAULT = 50;
-  public static final String IMPLEMENTATION_NAME_DEFAULT = "MOCCA";
-  public static final String IMPLEMENTATION_VERSION_DEFAULT = "UNKNOWN";
-
-  private static final Log log = LogFactory.getLog(Configuration.class);
-
-  private int maxDataUrlHops = -1;
-  private String implementationName;
-  private String implementationVersion;
-
-  public void setMaxDataUrlHops(int maxDataUrlHops) {
-    this.maxDataUrlHops = maxDataUrlHops;
-  }
-
-  /**
-	 * Defines the maximum number of dataurl connects that are allowed within a
-	 * single SL Request processing.
-	 */
-  public int getMaxDataUrlHops() {
-    if (maxDataUrlHops < 0) {
-      log.warn("maxDataUrlHops not configured, using default: " + MAX_DATAURL_HOPS_DEFAULT);
-      return MAX_DATAURL_HOPS_DEFAULT;
-    }
-    return maxDataUrlHops;
-  }
-
-  /**
-   * @return the implementationName
-   */
-  public String getImplementationName() {
-    if (implementationName == null) {
-      log.info("implementationName not configured, using default: " + IMPLEMENTATION_NAME_DEFAULT);
-      return "MOCCA";
-    }
-    return implementationName;
-  }
-
-  /**
-   * @param implementationName the implementationName to set
-   */
-  public void setImplementationName(String implementationName) {
-    this.implementationName = implementationName;
-  }
-
-  /**
-   * @return the implementationVersion
-   */
-  public String getImplementationVersion() {
-    if (implementationName == null) {
-      log.info("implementationName not configured, using default: " + IMPLEMENTATION_VERSION_DEFAULT);
-      return IMPLEMENTATION_VERSION_DEFAULT;
-    }
-    return implementationVersion;
-  }
-
-  /**
-   * @param implementationVersion the implementationVersion to set
-   */
-  public void setImplementationVersion(String implementationVersion) {
-    this.implementationVersion = implementationVersion;
-  }
-
-
-
-
-}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
deleted file mode 100644
index 50f5d2b4..00000000
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ /dev/null
@@ -1,467 +0,0 @@
-package at.gv.egiz.bku.conf;

-

-import iaik.security.ecc.provider.ECCProvider;

-import iaik.security.provider.IAIK;

-import iaik.xml.crypto.XSecProvider;

-

-import java.io.File;

-import java.io.FileInputStream;

-import java.io.IOException;

-import java.io.InputStream;

-import java.net.HttpURLConnection;

-import java.net.URL;

-import java.security.GeneralSecurityException;

-import java.security.InvalidAlgorithmParameterException;

-import java.security.NoSuchAlgorithmException;

-import java.security.Provider;

-import java.security.Security;

-import java.security.Provider.Service;

-import java.security.cert.CertStore;

-import java.security.cert.CertificateException;

-import java.security.cert.CertificateFactory;

-import java.security.cert.CollectionCertStoreParameters;

-import java.security.cert.LDAPCertStoreParameters;

-import java.security.cert.X509Certificate;

-import java.util.ArrayList;

-import java.util.LinkedList;

-import java.util.List;

-import java.util.Properties;

-import java.util.Set;

-import java.util.jar.Attributes;

-import java.util.jar.Manifest;

-

-import javax.net.ssl.HostnameVerifier;

-import javax.net.ssl.HttpsURLConnection;

-import javax.net.ssl.KeyManager;

-import javax.net.ssl.SSLContext;

-import javax.net.ssl.SSLSession;

-import javax.net.ssl.TrustManager;

-import javax.net.ssl.X509TrustManager;

-

-import org.apache.commons.logging.Log;

-import org.apache.commons.logging.LogFactory;

-

-import at.gv.egiz.bku.binding.DataUrl;

-import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;

-import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;

-import at.gv.egiz.bku.slexceptions.SLRuntimeException;

-import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;

-import javax.net.ssl.SSLSocketFactory;

-

-public abstract class Configurator {

-

-  private Log log = LogFactory.getLog(Configurator.class);

-

-  public final static String USERAGENT_CONFIG_P = "UserAgent";

-  public static final String DATAURLCONNECTION_CONFIG_P = "DataURLConnectionImplClass";

-

-  public static final String USERAGENT_DEFAULT = "citizen-card-environment/1.2 MOCCA/UNKNOWN";

-  public static final String USERAGENT_BASE = "citizen-card-environment/1.2 MOCCA/";

-

-  public static final String SIGNATURE_LAYOUT = "SignatureLayout";

-

-  protected Properties properties;

-

-  protected CertValidator certValidator;

-  protected String signaturLayoutVersion;

-

-  protected Configurator() {

-  }

-

-  protected abstract File getCertDir();

-

-  protected abstract File getCADir();

-

-  protected abstract InputStream getManifest();

-

-  private X509Certificate[] getCACerts() throws IOException,

-      CertificateException {

-    List<X509Certificate> caCerts = new ArrayList<X509Certificate>();

-    File caDir = getCADir();

-    if (caDir != null) {

-      if (!caDir.isDirectory()) {

-        log.error("Expecting directory as SSL.caDirectory parameter");

-        throw new SLRuntimeException(

-            "Expecting directory as SSL.caDirectory parameter");

-      }

-      log.info("loading trustStore from " + caDir.getAbsolutePath());

-      CertificateFactory cf = CertificateFactory.getInstance("X.509");

-      for (File f : caDir.listFiles()) {

-        try {

-          FileInputStream fis = new FileInputStream(f);

-          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);

-          fis.close();

-          log.debug("Adding trusted cert " + cert.getSubjectDN());

-          caCerts.add(cert);

-        } catch (Exception e) {

-          log.error("Cannot add trusted ca", e);

-        }

-      }

-      return caCerts.toArray(new X509Certificate[caCerts.size()]);

-    } else {

-      log.warn("No CA certificates configured");

-    }

-    return null;

-  }

-

-  protected List<CertStore> getCertstore() throws IOException,

-      CertificateException, InvalidAlgorithmParameterException,

-      NoSuchAlgorithmException {

-    List<CertStore> resultList = new ArrayList<CertStore>();

-    File certDir = getCertDir();

-    if (certDir != null) {

-      if (!certDir.isDirectory()) {

-        log.error("Expecting directory as SSL.certDirectory parameter");

-        throw new SLRuntimeException(

-            "Expecting directory as SSL.certDirectory parameter");

-      }

-      log.info("loading certStore from " + certDir.getAbsolutePath());

-      List<X509Certificate> certCollection = new LinkedList<X509Certificate>();

-      CertificateFactory cf = CertificateFactory.getInstance("X.509");

-      for (File f : certDir.listFiles()) {

-        try {

-          FileInputStream fis = new FileInputStream(f);

-          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);

-          certCollection.add(cert);

-          fis.close();

-          log

-              .trace("Added following cert to certstore: "

-                  + cert.getSubjectDN());

-        } catch (Exception ex) {

-          log.error("Cannot add certificate", ex);

-        }

-      }

-      CollectionCertStoreParameters csp = new CollectionCertStoreParameters(

-          certCollection);

-      resultList.add(CertStore.getInstance("Collection", csp));

-      log.info("Added collection certstore");

-    } else {

-      log.warn("No certstore directory configured");

-    }

-    String ldapHost = getProperty("SSL.ldapServer");

-    if ((ldapHost != null) && (!"".equals(ldapHost))) {

-      String ldapPortString = getProperty("SSL.ldapPort");

-      int ldapPort = 389;

-      if (ldapPortString != null) {

-        try {

-          ldapPort = Integer.parseInt(ldapPortString);

-        } catch (NumberFormatException nfe) {

-          log.error("Invalid ldap port, using default 389");

-        }

-      } else {

-        log.warn("ldap port not specified, using default 389");

-      }

-      LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters(

-          ldapHost, ldapPort);

-      resultList.add(CertStore.getInstance("LDAP", ldapParams));

-      log.info("Added LDAP certstore");

-    }

-    return resultList;

-  }

-

-  protected void configUrlConnections() {

-    HttpsURLConnection.setFollowRedirects(false);

-    HttpURLConnection.setFollowRedirects(false);

-  }

-

-  protected void configureProviders() {

-    log.debug("Registering security providers");

-    

-    IAIK iaikProvider = new IAIK();

-    if (Security.getProvider(iaikProvider.getName()) == null) {

-      // register IAIK provider at first position

-      Security.insertProviderAt(iaikProvider, 1);

-    } else {

-      // IAIK provider already registered

-      log.info("Provider " + iaikProvider.getName() + " already registered.");

-    }

-

-    ECCProvider eccProvider = new ECCProvider(false);

-    if (Security.getProvider(eccProvider.getName()) == null) {

-      // register ECC Provider at second position

-      Security.insertProviderAt(eccProvider, 2);

-    } else {

-      // ECC Provider already registered

-      log.info("Provider " + eccProvider.getName() + " already registered."); 

-    }

-

-    // registering STALProvider as delegation provider for XSECT

-    STALProvider stalProvider = new STALProvider();

-    if (Security.getProvider(stalProvider.getName()) == null) {

-      // register STAL provider

-      Set<Service> services = stalProvider.getServices();

-      StringBuilder sb = new StringBuilder();

-      for (Service service : services) {

-        String algorithm = service.getType() + "." + service.getAlgorithm();

-        XSecProvider.setDelegationProvider(algorithm, stalProvider.getName());

-        sb.append("\n" + algorithm);

-      }

-      log

-          .debug("Registered STALProvider as XSecProvider delegation provider for the following services : "

-              + sb.toString());

-

-      Security.addProvider(stalProvider);

-    } else {

-      // STAL Provider already registered

-      log.info("Provider " + stalProvider.getName() + " already registered."); 

-    }

-    

-    if (Security.getProvider(XSecProvider.NAME) == null) {

-      // register XML Security provider

-      XSecProvider.addAsProvider(false);

-    } else {

-      log.info("Provider " + XSecProvider.NAME + " already registered.");

-    }

-    

-    if (log.isDebugEnabled()) {

-      StringBuilder sb = new StringBuilder();

-      sb.append("Registered providers: ");

-      int i = 1;

-      for (Provider prov : Security.getProviders()) {

-        sb.append((i++) + ". : " + prov);

-      }

-      log.debug(sb.toString());

-    }

-  }

-

-  protected void configViewer() {

-    String bv = properties.getProperty("ValidateHashDataInputs");

-    if (bv != null) {

-      DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv));

-    } else {

-      log.warn("ValidateHashDataInputs not set, falling back to default");

-    }

-  }

-

-  public void configureSingatureLayoutVersion() {

-    if (properties.get(SIGNATURE_LAYOUT) == null) {

-      try {

-        String classContainer = Configurator.class.getProtectionDomain()

-            .getCodeSource().getLocation().toString();

-        URL manifestUrl = new URL("jar:" + classContainer

-            + "!/META-INF/MANIFEST.MF");

-        Manifest manifest = new Manifest(manifestUrl.openStream());

-        Attributes att = manifest.getMainAttributes();

-        String layout = null;

-        if (att != null) {

-          layout = att.getValue(SIGNATURE_LAYOUT);

-        }

-        if (layout != null) {

-          log.info("setting SignatureLayout header to " + layout);

-          properties.put(SIGNATURE_LAYOUT, layout);

-        } else {

-          log.warn("no SignatureLayout version defined");

-        }

-      } catch (Exception ex) {

-        log.warn("Cannot read manifest", ex);

-      }

-    }

-  }

-

-  public void configureNetwork() {

-    String proxy = getProperty("HTTPProxyHost");

-    String portString = getProperty("HTTPProxyPort");

-    if ((proxy == null) || (proxy.equals(""))) {

-      log.info("No proxy configured");

-    } else {

-      log.info("Setting proxy to: " + proxy + ":" + portString);

-      System.setProperty("proxyHost", proxy);

-      System.setProperty("proxyPort", portString);

-    }

-    String timeout = getProperty("DefaultSocketTimeout");

-    if ((timeout != null) && (!timeout.equals(""))) {

-      System.setProperty("sun.net.client.defaultConnectTimeout", timeout);

-    }

-  }

-

-  public void configureVersion() {

-    if (properties.getProperty(USERAGENT_CONFIG_P) == null) {

-      Properties p = new Properties();

-      try {

-        InputStream is = getManifest();

-        if (is != null) {

-          p.load(getManifest());

-          String version = p.getProperty("Implementation-Build");

-          if (version == null) {

-            version="UNKNOWN";

-          }

-          properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_BASE + version);

-          log.debug("Setting user agent to: "

-              + properties.getProperty(USERAGENT_CONFIG_P));

-        } else {

-          log.warn("Failed to read manifest, setting user-agent to " + USERAGENT_DEFAULT);

-          properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_DEFAULT);

-        }

-      } catch (IOException e) {

-        log.error(e);

-      }

-    } else {

-      log.info("using configured user agent " + properties.getProperty(USERAGENT_CONFIG_P));

-    }

-  }

-

-  /**

-   * TODO cleanup configuration (read MANIFEST, DataURLconfig,...)

-   */

-  public void configure() {

-    configureProviders();

-    configUrlConnections();

-    configViewer();

-    configureSSL();

-    configureVersion();

-    configureSingatureLayoutVersion();

-    configureNetwork();

-    //after configureVersion() and configureSignatureLayoutVersion()

-    DataUrl.setConfiguration(properties);

-  }

-

-  public void setConfiguration(Properties props) {

-    this.properties = props;

-  }

-

-  public String getProperty(String key) {

-    if (properties != null) {

-      return properties.getProperty(key);

-    }

-    return null;

-  }

-

-  public void configureSSL() {

-    X509Certificate[] caCerts = null;

-    try {

-      caCerts = getCACerts();

-    } catch (Exception e1) {

-      log.error("Cannot load CA certificates", e1);

-    }

-    String disableAll = getProperty("SSL.disableAllChecks");

-    String disableHostnameVerification = getProperty("SSL.disableHostnameVerification");

-    try {

-      KeyManager[] km = null;

-      SSLContext sslCtx = SSLContext

-          .getInstance(getProperty("SSL.sslProtocol"));

-      if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {

-        log.warn("--------------------------------------");

-        log.warn(" Disabling SSL Certificate Validation ");

-        log.warn("--------------------------------------");

-

-        sslCtx.init(km,

-            new TrustManager[] { new MyAlwaysTrustManager(caCerts) }, null);

-      } else {

-        MyPKITrustManager pkixTM = new MyPKITrustManager(certValidator,

-            getCertDir(), getCADir(), caCerts);

-        sslCtx.init(km, new TrustManager[] { pkixTM }, null);

-      }

-      DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory());

-      URLDereferencer.getInstance().setSSLSocketFactory(

-          sslCtx.getSocketFactory());

-    } catch (Exception e) {

-      log.error("Cannot configure SSL", e);

-    }

-    if ((disableAll != null && Boolean.parseBoolean(disableAll))

-        || (disableHostnameVerification != null && Boolean

-            .parseBoolean(disableHostnameVerification))) {

-      log.warn("---------------------------------");

-      log.warn(" Disabling Hostname Verification ");

-      log.warn("---------------------------------");

-      DataUrl.setHostNameVerifier(new HostnameVerifier() {

-        @Override

-        public boolean verify(String hostname, SSLSession session) {

-          return true;

-        }

-      });

-      URLDereferencer.getInstance().setHostnameVerifier(new HostnameVerifier() {

-        @Override

-        public boolean verify(String hostname, SSLSession session) {

-          return true;

-        }

-      });

-    }

-  }

-

-  public void setCertValidator(CertValidator certValidator) {

-    this.certValidator = certValidator;

-  }

-

-  private static class MyPKITrustManager implements X509TrustManager {

-    private static Log log = LogFactory.getLog(MyPKITrustManager.class);

-

-    private CertValidator certValidator;

-    private X509Certificate[] trustedCerts;

-

-    public MyPKITrustManager(CertValidator cv, File certStore, File trustStore,

-        X509Certificate[] trustedCerts) {

-      certValidator = cv;

-      certValidator.init(certStore, trustStore);

-      this.trustedCerts = trustedCerts;

-    }

-

-    @Override

-    public void checkClientTrusted(X509Certificate[] chain, String authType)

-        throws CertificateException {

-      log.error("Did not expect this method to get called");

-      throw new CertificateException("Method not implemented");

-    }

-

-    private static iaik.x509.X509Certificate[] convertCerts(

-        X509Certificate[] certs) throws GeneralSecurityException {

-      iaik.x509.X509Certificate[] retVal = new iaik.x509.X509Certificate[certs.length];

-      int i = 0;

-      for (X509Certificate cert : certs) {

-        if (cert instanceof iaik.x509.X509Certificate) {

-          retVal[i++] = (iaik.x509.X509Certificate) cert;

-        } else {

-          retVal[i++] = new iaik.x509.X509Certificate(cert.getEncoded());

-        }

-      }

-      return retVal;

-    }

-

-    @Override

-    public void checkServerTrusted(X509Certificate[] chain, String authType)

-        throws CertificateException {

-      try {

-        boolean valid = certValidator.isCertificateValid(Thread.currentThread()

-            .getName(), convertCerts(chain));

-        if (!valid) {

-          throw new CertificateException("Certificate not valid");

-        }

-      } catch (GeneralSecurityException e) {

-        throw new CertificateException(e);

-      }

-    }

-

-    @Override

-    public X509Certificate[] getAcceptedIssuers() {

-      return trustedCerts;

-    }

-  }

-

-  private static class MyAlwaysTrustManager implements X509TrustManager {

-    private static Log log = LogFactory.getLog(MyAlwaysTrustManager.class);

-    private X509Certificate[] trustedCerts;

-

-    public MyAlwaysTrustManager(X509Certificate[] trustedCerts) {

-      this.trustedCerts = trustedCerts;

-    }

-

-    @Override

-    public void checkClientTrusted(X509Certificate[] arg0, String arg1)

-        throws CertificateException {

-      log.error("Did not expect this method to get called");

-      throw new CertificateException("Method not implemented");

-    }

-

-    @Override

-    public void checkServerTrusted(X509Certificate[] certs, String arg1)

-        throws CertificateException {

-      log.warn("-------------------------------------");

-      log.warn("SSL Certificate Validation Disabled !");

-      log.warn("-------------------------------------");

-    }

-

-    @Override

-    public X509Certificate[] getAcceptedIssuers() {

-      return trustedCerts;

-    }

-  }

-}

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLogFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLogFactory.java
deleted file mode 100644
index 14e2c757..00000000
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLogFactory.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/**
- * 
- */
-package at.gv.egiz.bku.conf;
-
-import org.apache.commons.logging.impl.WeakHashtable;
-
-import iaik.logging.Log;
-import iaik.logging.LogConfigurationException;
-import iaik.logging.LogFactory;
-
-/**
- * @author mcentner
- *
- */
-public class IAIKCommonsLogFactory extends LogFactory {
-
-  protected WeakHashtable instances = new WeakHashtable();
-  
-  /* (non-Javadoc)
-   * @see iaik.logging.LogFactory#getInstance(java.lang.String)
-   */
-  @Override
-  public Log getInstance(String name) throws LogConfigurationException {
-    org.apache.commons.logging.Log commonsLog = org.apache.commons.logging.LogFactory.getLog(name);
-    Log log = (Log) instances.get(commonsLog);
-    if (log == null) {
-      log = new IAIKCommonsLog(commonsLog);
-      log.setNodeId(node_id_);
-      instances.put(commonsLog, log);
-    }
-    return log;
-  }
-
-  /* (non-Javadoc)
-   * @see iaik.logging.LogFactory#getInstance(java.lang.Class)
-   */
-  @SuppressWarnings("unchecked")
-  @Override
-  public Log getInstance(Class clazz) throws LogConfigurationException {
-    org.apache.commons.logging.Log commonsLog = org.apache.commons.logging.LogFactory.getLog(clazz);
-    Log log = (Log) instances.get(commonsLog);
-    if (log == null) {
-      log = new IAIKCommonsLog(commonsLog);
-      log.setNodeId(node_id_);
-      instances.put(commonsLog, log);
-    }
-    return log;
-  }
-
-  /* (non-Javadoc)
-   * @see iaik.logging.LogFactory#release()
-   */
-  @Override
-  public void release() {
-    instances.clear();
-  }
-
-}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLog.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKLogAdapter.java
index 1b7dd189..b04509a0 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLog.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKLogAdapter.java
@@ -3,6 +3,8 @@
  */
 package at.gv.egiz.bku.conf;
 
+import org.slf4j.Logger;
+
 import iaik.logging.Log;
 import iaik.logging.TransactionId;
 
@@ -10,19 +12,19 @@ import iaik.logging.TransactionId;
  * @author mcentner
  *
  */
-public class IAIKCommonsLog implements Log {
+public class IAIKLogAdapter implements Log {
   
   /**
    * The id that will be written to the log if the transactionid == null
    */
   public final static String NO_ID = "Null-ID";
 
-  protected org.apache.commons.logging.Log commonsLog;
+  protected Logger log;
   
   protected String nodeId;
 
-  public IAIKCommonsLog(org.apache.commons.logging.Log log) {
-    this.commonsLog = log;
+  public IAIKLogAdapter(Logger logger) {
+    this.log = logger;
   }
 
   /* (non-Javadoc)
@@ -30,8 +32,8 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public void debug(TransactionId transactionId, Object message, Throwable t) {
-    if (commonsLog.isDebugEnabled()) {
-      commonsLog.debug(nodeId + ": "
+    if (log.isDebugEnabled()) {
+      log.debug(nodeId + ": "
           + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
           + message, t);
     }
@@ -42,8 +44,8 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public void info(TransactionId transactionId, Object message, Throwable t) {
-    if (commonsLog.isInfoEnabled()) {
-      commonsLog.info(nodeId + ": "
+    if (log.isInfoEnabled()) {
+      log.info(nodeId + ": "
           + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
           + message, t);
     }
@@ -54,8 +56,8 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public void warn(TransactionId transactionId, Object message, Throwable t) {
-    if (commonsLog.isWarnEnabled()) {
-      commonsLog.warn(nodeId + ": "
+    if (log.isWarnEnabled()) {
+      log.warn(nodeId + ": "
           + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
           + message, t);
     }
@@ -66,8 +68,8 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public void error(TransactionId transactionId, Object message, Throwable t) {
-    if (commonsLog.isErrorEnabled()) {
-      commonsLog.error(nodeId + ": "
+    if (log.isErrorEnabled()) {
+      log.error(nodeId + ": "
           + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
           + message, t);
     }
@@ -78,8 +80,8 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public void fatal(TransactionId transactionId, Object message, Throwable t) {
-    if (commonsLog.isFatalEnabled()) {
-      commonsLog.fatal(nodeId + ": "
+    if (log.isErrorEnabled()) {
+      log.error(nodeId + ": "
           + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
           + message, t);
     }
@@ -106,7 +108,7 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public boolean isDebugEnabled() {
-    return commonsLog.isDebugEnabled();
+    return log.isDebugEnabled();
   }
 
   /* (non-Javadoc)
@@ -114,7 +116,7 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public boolean isInfoEnabled() {
-    return commonsLog.isInfoEnabled();
+    return log.isInfoEnabled();
   }
 
   /* (non-Javadoc)
@@ -122,7 +124,7 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public boolean isWarnEnabled() {
-    return commonsLog.isWarnEnabled();
+    return log.isWarnEnabled();
   }
 
   /* (non-Javadoc)
@@ -130,7 +132,7 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public boolean isErrorEnabled() {
-    return commonsLog.isErrorEnabled();
+    return log.isErrorEnabled();
   }
 
   /* (non-Javadoc)
@@ -138,7 +140,7 @@ public class IAIKCommonsLog implements Log {
    */
   @Override
   public boolean isFatalEnabled() {
-    return commonsLog.isFatalEnabled();
+    return log.isErrorEnabled();
   }
 
 }
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKLogAdapterFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKLogAdapterFactory.java
new file mode 100644
index 00000000..52c3d8d1
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKLogAdapterFactory.java
@@ -0,0 +1,62 @@
+/**
+ * 
+ */
+package at.gv.egiz.bku.conf;
+
+import java.util.WeakHashMap;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import iaik.logging.Log;
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LogFactory;
+
+/**
+ * @author mcentner
+ *
+ */
+public class IAIKLogAdapterFactory extends LogFactory {
+
+  protected WeakHashMap<Logger, Log> instances = new WeakHashMap<Logger, Log>();
+  
+  /* (non-Javadoc)
+   * @see iaik.logging.LogFactory#getInstance(java.lang.String)
+   */
+  @Override
+  public synchronized Log getInstance(String name) throws LogConfigurationException {
+    Logger logger = LoggerFactory.getLogger(name);
+    Log log = instances.get(logger);
+    if (log == null) {
+      log = new IAIKLogAdapter(logger);
+      log.setNodeId(node_id_);
+      instances.put(logger, log);
+    }
+    return log;
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.LogFactory#getInstance(java.lang.Class)
+   */
+  @SuppressWarnings("unchecked")
+  @Override
+  public synchronized Log getInstance(Class clazz) throws LogConfigurationException {
+    Logger logger = LoggerFactory.getLogger(clazz);
+    Log log = instances.get(logger);
+    if (log == null) {
+      log = new IAIKLogAdapter(logger);
+      log.setNodeId(node_id_);
+      instances.put(logger, log);
+    }
+    return log;
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.LogFactory#release()
+   */
+  @Override
+  public void release() {
+    instances.clear();
+  }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/MoccaConfigurationFacade.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/MoccaConfigurationFacade.java
new file mode 100644
index 00000000..52842167
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/MoccaConfigurationFacade.java
@@ -0,0 +1,22 @@
+/*
+* Copyright 2009 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+package at.gv.egiz.bku.conf;
+
+public interface MoccaConfigurationFacade {
+
+}