From c5e7fe66617ab4b0d54350f8248d281b76cc5055 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 18 Sep 2008 12:05:03 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@49 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/bku/local/conf/Configurator.java | 375 ++++++--------------- 1 file changed, 102 insertions(+), 273 deletions(-) (limited to 'BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java index e9510101..57a0f84f 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java @@ -1,274 +1,103 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.conf; - -import iaik.security.ecc.provider.ECCProvider; -import iaik.xml.crypto.XSecProvider; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.InputStream; -import java.net.HttpURLConnection; -import java.security.KeyStore; -import java.security.Provider; -import java.security.Security; -import java.security.cert.CertStore; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; -import java.util.Enumeration; -import java.util.LinkedList; -import java.util.List; - -import javax.net.ssl.CertPathTrustManagerParameters; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.ManagerFactoryParameters; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManagerFactory; - -import org.apache.commons.configuration.ConfigurationException; -import org.apache.commons.configuration.XMLConfiguration; -import org.apache.commons.configuration.reloading.FileChangedReloadingStrategy; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; -import at.gv.egiz.smcc.SWCard; -import at.gv.egiz.smcc.util.SMCCHelper; - -public class Configurator { - private Log log = LogFactory.getLog(Configurator.class); - private XMLConfiguration baseConfig; - private XMLConfiguration specialConfig; - private boolean autoSave = false; - - public Configurator() { - super(); - init(); - configure(); - } - - private void init() { - log.debug("Initializing configuration"); - - baseConfig = new XMLConfiguration(); - try { - baseConfig.load(getClass().getClassLoader().getResourceAsStream( - "./at/gv/egiz/bku/local/baseconfig.xml")); - log.debug("Successfully loaded base configuration"); - } catch (ConfigurationException e) { - log.error("Cannot load base configuration", e); - } - autoSave = baseConfig.getBoolean("OverrideConfigurationFile[@autosave]"); - try { - specialConfig = new XMLConfiguration(); - specialConfig.setFileName(baseConfig - .getString("OverrideConfigurationFile")); - specialConfig.load(); - } catch (Exception e) { - log.debug("Cannot get special configuration at: " - + baseConfig.getString("OverrideConfigurationFile") + ": " + e); - log.debug("Creating new special configuration"); - try { - specialConfig = new XMLConfiguration(baseConfig); - specialConfig.setFileName(baseConfig - .getString("OverrideConfigurationFile")); - specialConfig.save(); - } catch (ConfigurationException e1) { - log.error("Cannot load defaults " + e1); - } - } - specialConfig.setReloadingStrategy(new FileChangedReloadingStrategy()); - specialConfig.setAutoSave(autoSave); - } - - protected void configUrlConnections() { - HttpsURLConnection.setFollowRedirects(false); - HttpURLConnection.setFollowRedirects(false); - } - - protected KeyStore loadKeyStore(String fileName, String type, String password) { - KeyStore ks = null; - try { - ks = KeyStore.getInstance(type); - InputStream is = new FileInputStream(fileName); - if (is == null) { - log.warn("Cannot load keystore from: " + fileName); - } - ks.load(is, password.toCharArray()); - for (Enumeration alias = ks.aliases(); alias.hasMoreElements();) { - log.debug("Found keystore alias: " + alias.nextElement()); - } - } catch (Exception e) { - log.error("Cannot config keystore", e); - return null; - } - return ks; - } - - protected void configSSL() { - String trustStoreName = specialConfig.getString("SSL.trustStoreFile"); - String trustStoreType = specialConfig.getString("SSL.trustStoreType"); - String trustStorePass = specialConfig.getString("SSL.trustStorePass"); - String certStoreDirectory = specialConfig - .getString("SSL.certStoreDirectory"); - String keyStoreName = specialConfig.getString("SSL.keyStoreFile"); - String keyStoreType = specialConfig.getString("SSL.keyStoreType"); - String keyStorePass = specialConfig.getString("SSL.keyStorePass"); - - String caIncludeDir = specialConfig.getString("SSL.caIncludeDirectory"); - - KeyStore trustStore = loadKeyStore(trustStoreName, trustStoreType, - trustStorePass); - KeyStore keyStore = null; - if (keyStoreName != null) { - keyStore = loadKeyStore(keyStoreName, keyStoreType, keyStorePass); - } - - try { - PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, - new X509CertSelector()); - - if (certStoreDirectory != null) { - File dir = new File(certStoreDirectory); - if (dir.isDirectory()) { - List certCollection = new LinkedList(); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - for (File f : dir.listFiles()) { - log.debug("adding " + f.getName()); - certCollection.add((X509Certificate) cf - .generateCertificate(new FileInputStream(f))); - } - CollectionCertStoreParameters csp = new CollectionCertStoreParameters( - certCollection); - CertStore cs = CertStore.getInstance("Collection", csp); - pkixParams.addCertStore(cs); - log.debug("Added collection certstore"); - } else { - log.error("CertstoreDirectory " + certStoreDirectory - + " is not a directory"); - } - } - - if (caIncludeDir != null) { - File dir = new File(caIncludeDir); - if (dir.exists() && dir.isDirectory()) { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - try { - for (File f : dir.listFiles()) { - FileInputStream fis = new FileInputStream(f); - X509Certificate cert = (X509Certificate) cf - .generateCertificate(fis); - fis.close(); - log.debug("Adding trusted cert " + cert.getSubjectDN()); - trustStore.setCertificateEntry(cert.getSubjectDN().getName(), - cert); - f.delete(); - } - } finally { - trustStore.store(new FileOutputStream(trustStoreName), - trustStorePass.toCharArray()); - } - } - } - - pkixParams.setRevocationEnabled(specialConfig - .getBoolean("SSL.revocation")); - if (specialConfig.getBoolean("SSL.revocation")) { - System.setProperty("com.sun.security.enableCRLDP ", "true"); - Security.setProperty("ocsp.enable", "true"); - } - System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); - log.debug("Setting revocation check to: " - + pkixParams.isRevocationEnabled()); - ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( - pkixParams); - TrustManagerFactory trustFab = TrustManagerFactory.getInstance("PKIX"); - trustFab.init(trustParams); - - KeyManager[] km = null; - SSLContext sslCtx = SSLContext.getInstance(specialConfig - .getString("SSL.sslProtocol")); - if (keyStore != null) { - KeyManagerFactory keyFab = KeyManagerFactory.getInstance("SunX509"); - keyFab.init(keyStore, keyStorePass.toCharArray()); - km = keyFab.getKeyManagers(); - } - sslCtx.init(km, trustFab.getTrustManagers(), null); - HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); - log.info("Successfully configured ssl"); - } catch (Exception e) { - log.debug("Cannot init ssl", e); - } - } - - protected void configureProviders() { - log.debug("Registering security providers"); - ECCProvider.addAsProvider(false); - Security.addProvider(new STALProvider()); - XSecProvider.addAsProvider(false); - StringBuffer sb = new StringBuffer(); - sb.append("Following providers are now registered: "); - int i = 1; - for (Provider prov : Security.getProviders()) { - sb.append((i++) + ". : " + prov); - } - log.debug("Configured provider" + sb.toString()); - } - - protected void configureBKU() { - if (specialConfig.containsKey("BKU.useSWCard")) { - boolean useSWCard = specialConfig.getBoolean("BKU.useSWCard"); - log.info("Setting SW Card to: "+useSWCard); - SMCCHelper.setUseSWCard(useSWCard); - } - if (specialConfig.containsKey("BKU.SWCardDirectory")) { - //SWCard. - } - } - - public void configure() { - configureProviders(); - configSSL(); - configUrlConnections(); - configureBKU(); - - } - - public void checkUpdate() { - if (specialConfig.getReloadingStrategy().reloadingRequired()) { - log.info("Reloading configuration: " + specialConfig.getFileName()); - specialConfig.setAutoSave(false); - specialConfig.clear(); - try { - specialConfig.load(); - } catch (ConfigurationException e) { - log.fatal(e); - } - specialConfig.setAutoSave(specialConfig - .getBoolean("OverrideConfigurationFile[@autosave]")); - configure(); - specialConfig.getReloadingStrategy().reloadingPerformed(); - } - } - -} + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.conf; + +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; +import iaik.xml.crypto.XSecProvider; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.security.Provider; +import java.security.Security; +import java.util.Properties; + +import javax.net.ssl.HttpsURLConnection; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.DataUrl; +import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; + +/** + * + * TODO currently only the code to get started. + */ +public abstract class Configurator { + + private Log log = LogFactory.getLog(Configurator.class); + + private static Configurator instance = new SpringConfigurator(); + + protected Properties properties; + + protected Configurator() { + } + + public static Configurator getInstance() { + return instance; + } + + protected void configUrlConnections() { + HttpsURLConnection.setFollowRedirects(false); + HttpURLConnection.setFollowRedirects(false); + } + + protected void configureProviders() { + log.debug("Registering security providers"); + Security.insertProviderAt(new IAIK(), 1); + Security.insertProviderAt(new ECCProvider(false), 2); + Security.addProvider(new STALProvider()); + XSecProvider.addAsProvider(false); + StringBuilder sb = new StringBuilder(); + sb.append("Registered providers: "); + int i = 1; + for (Provider prov : Security.getProviders()) { + sb.append((i++) + ". : " + prov); + } + log.debug(sb.toString()); + } + + protected void configViewer() { + String bv = properties.getProperty("ValidateHashDataInputs"); + if (bv != null) { + DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv)); + } else { + log.warn("ValidateHashDataInputs not set, falling back to default"); + } + } + + public void configure() { + configureProviders(); + configUrlConnections(); + configViewer(); + } + + public void setConfiguration(Properties props) { + this.properties = props; + } + + public String getProperty(String key) { + if (properties != null) { + return properties.getProperty(key); + } + return null; + } +} -- cgit v1.2.3