From 7d3f6235a46f70323defa9910da240e61ca684b3 Mon Sep 17 00:00:00 2001 From: wbauer Date: Wed, 1 Oct 2008 07:30:55 +0000 Subject: Moved main parts of the configuration to bkucommon git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@78 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/conf/Configurator.java | 351 +++++++++++++++++++++ 1 file changed, 351 insertions(+) create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java new file mode 100644 index 00000000..9a1e7020 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -0,0 +1,351 @@ +package at.gv.egiz.bku.conf; + +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; +import iaik.xml.crypto.XSecProvider; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.HttpURLConnection; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.Security; +import java.security.cert.CertStore; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.CollectionCertStoreParameters; +import java.security.cert.LDAPCertStoreParameters; +import java.security.cert.PKIXBuilderParameters; +import java.security.cert.TrustAnchor; +import java.security.cert.X509CertSelector; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Properties; +import java.util.Set; + +import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.DataUrl; +import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; + +public abstract class Configurator { + private Log log = LogFactory.getLog(Configurator.class); + + protected Properties properties; + + protected Configurator() { + } + + protected abstract File getCertDir(); + + protected abstract File getCADir(); + + protected abstract InputStream getManifest(); + + private Set getCACerts() throws IOException, + CertificateException { + Set caCerts = new HashSet(); + File caDir = getCADir(); + if (caDir != null) { + if (!caDir.isDirectory()) { + log.error("Expecting directory as SSL.caDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.caDirectory parameter"); + } + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : caDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + fis.close(); + log.debug("Adding trusted cert " + cert.getSubjectDN()); + caCerts.add(new TrustAnchor(cert, null)); + } catch (Exception e) { + log.error("Cannot add trusted ca", e); + } + } + return caCerts; + + } else { + log.warn("No CA certificates configured"); + } + return null; + } + + protected List getCertstore() throws IOException, + CertificateException, InvalidAlgorithmParameterException, + NoSuchAlgorithmException { + List resultList = new ArrayList(); + File certDir = getCertDir(); + if (certDir != null) { + if (!certDir.isDirectory()) { + log.error("Expecting directory as SSL.certDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.certDirectory parameter"); + } + List certCollection = new LinkedList(); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : certDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + certCollection.add(cert); + fis.close(); + log + .trace("Added following cert to certstore: " + + cert.getSubjectDN()); + } catch (Exception ex) { + log.error("Cannot add certificate", ex); + } + } + CollectionCertStoreParameters csp = new CollectionCertStoreParameters( + certCollection); + resultList.add(CertStore.getInstance("Collection", csp)); + log.info("Added collection certstore"); + } else { + log.warn("No certstore directory configured"); + } + String ldapHost = getProperty("SSL.ldapServer"); + if ((ldapHost != null) && (!"".equals(ldapHost))) { + String ldapPortString = getProperty("SSL.ldapPort"); + int ldapPort = 389; + if (ldapPortString != null) { + try { + ldapPort = Integer.parseInt(ldapPortString); + } catch (NumberFormatException nfe) { + log.error("Invalid ldap port, using default 389"); + } + } else { + log.warn("ldap port not specified, using default 389"); + } + LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters( + ldapHost, ldapPort); + resultList.add(CertStore.getInstance("LDAP", ldapParams)); + log.info("Added LDAP certstore"); + } + return resultList; + } + + protected void configUrlConnections() { + HttpsURLConnection.setFollowRedirects(false); + HttpURLConnection.setFollowRedirects(false); + } + + protected void configureProviders() { + log.debug("Registering security providers"); + Security.insertProviderAt(new IAIK(), 1); + Security.insertProviderAt(new ECCProvider(false), 2); + Security.addProvider(new STALProvider()); + XSecProvider.addAsProvider(false); + StringBuilder sb = new StringBuilder(); + sb.append("Registered providers: "); + int i = 1; + for (Provider prov : Security.getProviders()) { + sb.append((i++) + ". : " + prov); + } + log.debug(sb.toString()); + } + + protected void configViewer() { + String bv = properties.getProperty("ValidateHashDataInputs"); + if (bv != null) { + DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv)); + } else { + log.warn("ValidateHashDataInputs not set, falling back to default"); + } + } + + public void configureNetwork() { + String proxy = getProperty("HTTPProxyHost"); + String portString = getProperty("HTTPProxyPort"); + if ((proxy == null) || (proxy.equals(""))) { + log.info("No proxy configured"); + } else { + log.info("Setting proxy to: " + proxy + ":" + portString); + System.setProperty("proxyHost", proxy); + System.setProperty("proxyPort", portString); + } + String timeout = getProperty("DefaultSocketTimeout"); + if ((timeout != null) && (!timeout.equals(""))) { + System.setProperty("sun.net.client.defaultConnectTimeout", timeout); + } + } + + public void configureVersion() { + Properties p = new Properties(); + try { + InputStream is = getManifest(); + if (is != null) { + p.load(getManifest()); + String version = p.getProperty("Implementation-Build"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA " + version); + DataUrl.setConfiguration(properties); + log + .debug("Setting user agent to: " + + properties + .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + } else { + log.warn("Cannot read manifest"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA UNKNOWN"); + DataUrl.setConfiguration(properties); + } + } catch (IOException e) { + log.error(e); + } + } + + public void configure() { + configureProviders(); + configUrlConnections(); + configViewer(); + configureSSL(); + configureVersion(); + configureNetwork(); + } + + public void setConfiguration(Properties props) { + this.properties = props; + } + + public String getProperty(String key) { + if (properties != null) { + return properties.getProperty(key); + } + return null; + } + + public void configureSSL() { + Set caCerts = null; + try { + caCerts = getCACerts(); + } catch (Exception e1) { + log.error("Cannot load CA certificates", e1); + } + List certStoreList = null; + try { + certStoreList = getCertstore(); + } catch (Exception e1) { + log.error("Cannot load certstore certificates", e1); + } + String aia = getProperty("SSL.useAIA"); + if ((aia == null) || (aia.equals(""))) { + System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); + } else { + System.setProperty("com.sun.security.enableAIAcaIssuers", aia); + } + String lifetime = getProperty("SSL.cache.lifetime"); + if ((lifetime == null) || (lifetime.equals(""))) { + System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0"); + } else { + System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime); + } + X509CertSelector selector = new X509CertSelector(); + PKIXBuilderParameters pkixParams; + try { + pkixParams = new PKIXBuilderParameters(caCerts, selector); + if ((getProperty("SSL.doRevocationChecking") != null) + && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { + log.info("Enable revocation checking"); + System.setProperty("com.sun.security.enableCRLDP", "true"); + Security.setProperty("ocsp.enable", "true"); + } else { + log.warn("Revocation checking disabled"); + } + for (CertStore cs : certStoreList) { + pkixParams.addCertStore(cs); + } + ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( + pkixParams); + TrustManagerFactory trustFab; + trustFab = TrustManagerFactory.getInstance("PKIX"); + trustFab.init(trustParams); + KeyManager[] km = null; + SSLContext sslCtx = SSLContext + .getInstance(getProperty("SSL.sslProtocol")); + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("--------------------------------------"); + log.warn(" Disabling SSL Certificate Validation "); + log.warn("--------------------------------------"); + + sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, + certStoreList) }, null); + } else { + sslCtx.init(km, trustFab.getTrustManagers(), null); + } + HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); + } catch (Exception e) { + log.error("Cannot configure SSL", e); + } + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("---------------------------------"); + log.warn(" Disabling Hostname Verification "); + log.warn("---------------------------------"); + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); + } + } + + private static class MyTrustManager implements X509TrustManager { + private static Log log = LogFactory.getLog(MyTrustManager.class); + private X509Certificate[] trustedCerts; + + public MyTrustManager(Set caCerts, List cs) { + trustedCerts = new X509Certificate[caCerts.size()]; + int i = 0; + for (Iterator it = caCerts.iterator(); it.hasNext();) { + TrustAnchor ta = it.next(); + trustedCerts[i++] = ta.getTrustedCert(); + } + } + + @Override + public void checkClientTrusted(X509Certificate[] arg0, String arg1) + throws CertificateException { + log.error("Did not expect this method to get called"); + throw new CertificateException("Method not implemented"); + } + + @Override + public void checkServerTrusted(X509Certificate[] certs, String arg1) + throws CertificateException { + log.warn("-------------------------------------"); + log.warn("SSL Certificate Validation Disabled !"); + log.warn("-------------------------------------"); + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return trustedCerts; + } + } +} -- cgit v1.2.3 From 27d91275555207f9e152c2867d52fbbf83f92ba7 Mon Sep 17 00:00:00 2001 From: wbauer Date: Wed, 8 Oct 2008 08:39:17 +0000 Subject: changed ssl certificate validation, now using iaik_pki git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@83 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/conf/Configurator.java | 140 +++++++++++---------- 1 file changed, 76 insertions(+), 64 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 9a1e7020..9ed99190 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -9,6 +9,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; +import java.security.GeneralSecurityException; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.Provider; @@ -18,27 +19,18 @@ import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CollectionCertStoreParameters; import java.security.cert.LDAPCertStoreParameters; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CertSelector; import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.HashSet; -import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.Properties; -import java.util.Set; -import javax.net.ssl.CertPathTrustManagerParameters; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; -import javax.net.ssl.ManagerFactoryParameters; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import org.apache.commons.logging.Log; @@ -55,6 +47,8 @@ public abstract class Configurator { protected Properties properties; + protected CertValidator certValidator; + protected Configurator() { } @@ -64,9 +58,9 @@ public abstract class Configurator { protected abstract InputStream getManifest(); - private Set getCACerts() throws IOException, + private X509Certificate[] getCACerts() throws IOException, CertificateException { - Set caCerts = new HashSet(); + List caCerts = new ArrayList(); File caDir = getCADir(); if (caDir != null) { if (!caDir.isDirectory()) { @@ -81,13 +75,12 @@ public abstract class Configurator { X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); fis.close(); log.debug("Adding trusted cert " + cert.getSubjectDN()); - caCerts.add(new TrustAnchor(cert, null)); + caCerts.add(cert); } catch (Exception e) { log.error("Cannot add trusted ca", e); } } - return caCerts; - + return caCerts.toArray(new X509Certificate[caCerts.size()]); } else { log.warn("No CA certificates configured"); } @@ -239,69 +232,33 @@ public abstract class Configurator { } public void configureSSL() { - Set caCerts = null; + X509Certificate[] caCerts = null; try { caCerts = getCACerts(); } catch (Exception e1) { log.error("Cannot load CA certificates", e1); } - List certStoreList = null; - try { - certStoreList = getCertstore(); - } catch (Exception e1) { - log.error("Cannot load certstore certificates", e1); - } - String aia = getProperty("SSL.useAIA"); - if ((aia == null) || (aia.equals(""))) { - System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); - } else { - System.setProperty("com.sun.security.enableAIAcaIssuers", aia); - } - String lifetime = getProperty("SSL.cache.lifetime"); - if ((lifetime == null) || (lifetime.equals(""))) { - System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0"); - } else { - System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime); - } - X509CertSelector selector = new X509CertSelector(); - PKIXBuilderParameters pkixParams; + String disableAll = getProperty("SSL.disableAllChecks"); try { - pkixParams = new PKIXBuilderParameters(caCerts, selector); - if ((getProperty("SSL.doRevocationChecking") != null) - && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { - log.info("Enable revocation checking"); - System.setProperty("com.sun.security.enableCRLDP", "true"); - Security.setProperty("ocsp.enable", "true"); - } else { - log.warn("Revocation checking disabled"); - } - for (CertStore cs : certStoreList) { - pkixParams.addCertStore(cs); - } - ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( - pkixParams); - TrustManagerFactory trustFab; - trustFab = TrustManagerFactory.getInstance("PKIX"); - trustFab.init(trustParams); KeyManager[] km = null; SSLContext sslCtx = SSLContext .getInstance(getProperty("SSL.sslProtocol")); - String disableAll = getProperty("SSL.disableAllChecks"); if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { log.warn("--------------------------------------"); log.warn(" Disabling SSL Certificate Validation "); log.warn("--------------------------------------"); - sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, - certStoreList) }, null); + sslCtx.init(km, + new TrustManager[] { new MyAlwaysTrustManager(caCerts) }, null); } else { - sslCtx.init(km, trustFab.getTrustManagers(), null); + MyPKITrustManager pkixTM = new MyPKITrustManager(certValidator, + getCertDir(), getCADir(), caCerts); + sslCtx.init(km, new TrustManager[] { pkixTM }, null); } HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } - String disableAll = getProperty("SSL.disableAllChecks"); if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { log.warn("---------------------------------"); log.warn(" Disabling Hostname Verification "); @@ -315,19 +272,74 @@ public abstract class Configurator { } } - private static class MyTrustManager implements X509TrustManager { - private static Log log = LogFactory.getLog(MyTrustManager.class); + + + public void setCertValidator(CertValidator certValidator) { + this.certValidator = certValidator; + } + + private static class MyPKITrustManager implements X509TrustManager { + private static Log log = LogFactory.getLog(MyPKITrustManager.class); + + private CertValidator certValidator; private X509Certificate[] trustedCerts; - public MyTrustManager(Set caCerts, List cs) { - trustedCerts = new X509Certificate[caCerts.size()]; + public MyPKITrustManager(CertValidator cv, File certStore, File trustStore, + X509Certificate[] trustedCerts) { + certValidator = cv; + certValidator.init(certStore, trustStore); + this.trustedCerts = trustedCerts; + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + log.error("Did not expect this method to get called"); + throw new CertificateException("Method not implemented"); + } + + private static iaik.x509.X509Certificate[] convertCerts( + X509Certificate[] certs) throws GeneralSecurityException { + iaik.x509.X509Certificate[] retVal = new iaik.x509.X509Certificate[certs.length]; int i = 0; - for (Iterator it = caCerts.iterator(); it.hasNext();) { - TrustAnchor ta = it.next(); - trustedCerts[i++] = ta.getTrustedCert(); + for (X509Certificate cert : certs) { + if (cert instanceof iaik.x509.X509Certificate) { + retVal[i++] = (iaik.x509.X509Certificate) cert; + } else { + retVal[i++] = new iaik.x509.X509Certificate(cert.getEncoded()); + } + } + return retVal; + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) + throws CertificateException { + try { + boolean valid = certValidator.isCertificateValid(Thread.currentThread() + .getName(), convertCerts(chain)); + if (!valid) { + throw new CertificateException("Certificate not valid"); + } + } catch (GeneralSecurityException e) { + throw new CertificateException(e); } } + @Override + public X509Certificate[] getAcceptedIssuers() { + return trustedCerts; + } + } + + private static class MyAlwaysTrustManager implements X509TrustManager { + private static Log log = LogFactory.getLog(MyAlwaysTrustManager.class); + private X509Certificate[] trustedCerts; + + public MyAlwaysTrustManager(X509Certificate[] trustedCerts) { + this.trustedCerts = trustedCerts; + } + @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { -- cgit v1.2.3 From 3aadcf8f877a560bed75af7e0db918aa26ef2a03 Mon Sep 17 00:00:00 2001 From: mcentner Date: Thu, 4 Dec 2008 10:00:31 +0000 Subject: Refactoring of infobox implementation. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@232 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/conf/Configurator.java | 41 +++++++++++----------- 1 file changed, 21 insertions(+), 20 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 9ed99190..6078de36 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -187,28 +187,29 @@ public abstract class Configurator { } public void configureVersion() { - Properties p = new Properties(); - try { - InputStream is = getManifest(); - if (is != null) { - p.load(getManifest()); - String version = p.getProperty("Implementation-Build"); - properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, - "citizen-card-environment/1.2 MOCCA " + version); - DataUrl.setConfiguration(properties); - log - .debug("Setting user agent to: " - + properties - .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); - } else { - log.warn("Cannot read manifest"); - properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, - "citizen-card-environment/1.2 MOCCA UNKNOWN"); - DataUrl.setConfiguration(properties); + if (properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY) == null) { + Properties p = new Properties(); + try { + InputStream is = getManifest(); + if (is != null) { + p.load(getManifest()); + String version = p.getProperty("Implementation-Build"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA " + version); + log + .debug("Setting user agent to: " + + properties + .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + } else { + log.warn("Cannot read manifest"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA UNKNOWN"); + } + } catch (IOException e) { + log.error(e); } - } catch (IOException e) { - log.error(e); } + DataUrl.setConfiguration(properties); } public void configure() { -- cgit v1.2.3 From 3e101b29f0ac1efa5088ba953bea0acbba932339 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 5 Dec 2008 11:41:29 +0000 Subject: Feature Request #362 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@234 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../src/main/java/at/gv/egiz/bku/conf/Configurator.java | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 6078de36..e37d107f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -80,7 +80,7 @@ public abstract class Configurator { log.error("Cannot add trusted ca", e); } } - return caCerts.toArray(new X509Certificate[caCerts.size()]); + return caCerts.toArray(new X509Certificate[caCerts.size()]); } else { log.warn("No CA certificates configured"); } @@ -196,10 +196,9 @@ public abstract class Configurator { String version = p.getProperty("Implementation-Build"); properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, "citizen-card-environment/1.2 MOCCA " + version); - log - .debug("Setting user agent to: " - + properties - .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + log.debug("Setting user agent to: " + + properties + .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); } else { log.warn("Cannot read manifest"); properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, @@ -256,7 +255,7 @@ public abstract class Configurator { getCertDir(), getCADir(), caCerts); sslCtx.init(km, new TrustManager[] { pkixTM }, null); } - HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); + DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } @@ -264,7 +263,7 @@ public abstract class Configurator { log.warn("---------------------------------"); log.warn(" Disabling Hostname Verification "); log.warn("---------------------------------"); - HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + DataUrl.setHostNameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; @@ -273,8 +272,6 @@ public abstract class Configurator { } } - - public void setCertValidator(CertValidator certValidator) { this.certValidator = certValidator; } -- cgit v1.2.3 From 401c481eed1f1e30928f7310d35832f8411d7e1b Mon Sep 17 00:00:00 2001 From: mcentner Date: Thu, 11 Dec 2008 14:42:17 +0000 Subject: XSecProvider delegation provider registration. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@246 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../main/java/at/gv/egiz/bku/conf/Configurator.java | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index e37d107f..733b47dc 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -14,6 +14,7 @@ import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.Security; +import java.security.Provider.Service; import java.security.cert.CertStore; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; @@ -24,6 +25,7 @@ import java.util.ArrayList; import java.util.LinkedList; import java.util.List; import java.util.Properties; +import java.util.Set; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; @@ -150,9 +152,21 @@ public abstract class Configurator { log.debug("Registering security providers"); Security.insertProviderAt(new IAIK(), 1); Security.insertProviderAt(new ECCProvider(false), 2); - Security.addProvider(new STALProvider()); - XSecProvider.addAsProvider(false); + + // registering STALProvider as delegation provider for XSECT + STALProvider stalProvider = new STALProvider(); + Set services = stalProvider.getServices(); StringBuilder sb = new StringBuilder(); + for (Service service : services) { + String algorithm = service.getType() + "." + service.getAlgorithm(); + XSecProvider.setDelegationProvider(algorithm, stalProvider.getName()); + sb.append("\n" + algorithm); + } + log.debug("Registered STALProvider as XSecProvider delegation provider for the following services : " + sb.toString()); + + Security.addProvider(stalProvider); + XSecProvider.addAsProvider(false); + sb = new StringBuilder(); sb.append("Registered providers: "); int i = 1; for (Provider prov : Security.getProviders()) { -- cgit v1.2.3 From 3d0112fcd64ea80ad698861ce5d16e6de93c0bd5 Mon Sep 17 00:00:00 2001 From: wbauer Date: Wed, 21 Jan 2009 11:22:03 +0000 Subject: Fixed Bug #371 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@278 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 733b47dc..7f180ad0 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -43,6 +43,7 @@ import at.gv.egiz.bku.binding.DataUrlConnection; import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; public abstract class Configurator { private Log log = LogFactory.getLog(Configurator.class); @@ -270,6 +271,7 @@ public abstract class Configurator { sslCtx.init(km, new TrustManager[] { pkixTM }, null); } DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory()); + URLDereferencer.getInstance().setSSLSocketFactory(sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } @@ -283,6 +285,12 @@ public abstract class Configurator { return true; } }); + URLDereferencer.getInstance().setHostnameVerifier(new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); } } -- cgit v1.2.3 From 90f7f3ea1674e7cd5ead84247ca881ca101ba72a Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 11 Feb 2009 20:03:29 +0000 Subject: div. changes for A-Trust Activation Support (User-Agent header, GetStatusRequest, ...) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@296 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../src/main/java/at/gv/egiz/bku/conf/Configurator.java | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 7f180ad0..a6c70d2c 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -46,6 +46,7 @@ import at.gv.egiz.bku.slexceptions.SLRuntimeException; import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; public abstract class Configurator { + private Log log = LogFactory.getLog(Configurator.class); protected Properties properties; @@ -202,22 +203,22 @@ public abstract class Configurator { } public void configureVersion() { - if (properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY) == null) { + if (properties.getProperty(DataUrlConnection.USERAGENT_CONFIG_P) == null) { Properties p = new Properties(); try { InputStream is = getManifest(); if (is != null) { p.load(getManifest()); String version = p.getProperty("Implementation-Build"); - properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, - "citizen-card-environment/1.2 MOCCA " + version); + properties.setProperty(DataUrlConnection.USERAGENT_CONFIG_P, + DataUrlConnection.USERAGENT_BASE + version); log.debug("Setting user agent to: " + properties - .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + .getProperty(DataUrlConnection.USERAGENT_CONFIG_P)); } else { log.warn("Cannot read manifest"); - properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, - "citizen-card-environment/1.2 MOCCA UNKNOWN"); + properties.setProperty(DataUrlConnection.USERAGENT_CONFIG_P, + DataUrlConnection.USERAGENT_DEFAULT); } } catch (IOException e) { log.error(e); @@ -254,6 +255,7 @@ public abstract class Configurator { log.error("Cannot load CA certificates", e1); } String disableAll = getProperty("SSL.disableAllChecks"); + String disableHostnameVerification = getProperty("SSL.disableHostnameVerification"); try { KeyManager[] km = null; SSLContext sslCtx = SSLContext @@ -275,7 +277,7 @@ public abstract class Configurator { } catch (Exception e) { log.error("Cannot configure SSL", e); } - if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + if ((disableAll != null && Boolean.parseBoolean(disableAll)) || (disableHostnameVerification != null && Boolean.parseBoolean(disableHostnameVerification))) { log.warn("---------------------------------"); log.warn(" Disabling Hostname Verification "); log.warn("---------------------------------"); -- cgit v1.2.3 From a8690cc956924e1d83b0c45d21995ee2e10fbba2 Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 4 Mar 2009 16:44:34 +0000 Subject: 1.1-rc3 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@311 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../main/java/at/gv/egiz/bku/conf/Configurator.java | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index a6c70d2c..6213ffcf 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -49,6 +49,13 @@ public abstract class Configurator { private Log log = LogFactory.getLog(Configurator.class); + public final static String USERAGENT_CONFIG_P = "UserAgent"; + public static final String DATAURLCONNECTION_CONFIG_P = "DataURLConnectionImplClass"; + + public static final String USERAGENT_DEFAULT = "citizen-card-environment/1.2 MOCCA/UNKNOWN"; + public static final String USERAGENT_BASE = "citizen-card-environment/1.2 MOCCA/"; + + protected Properties properties; protected CertValidator certValidator; @@ -203,22 +210,22 @@ public abstract class Configurator { } public void configureVersion() { - if (properties.getProperty(DataUrlConnection.USERAGENT_CONFIG_P) == null) { + if (properties.getProperty(USERAGENT_CONFIG_P) == null) { Properties p = new Properties(); try { InputStream is = getManifest(); if (is != null) { p.load(getManifest()); String version = p.getProperty("Implementation-Build"); - properties.setProperty(DataUrlConnection.USERAGENT_CONFIG_P, - DataUrlConnection.USERAGENT_BASE + version); + properties.setProperty(USERAGENT_CONFIG_P, + USERAGENT_BASE + version); log.debug("Setting user agent to: " + properties - .getProperty(DataUrlConnection.USERAGENT_CONFIG_P)); + .getProperty(USERAGENT_CONFIG_P)); } else { log.warn("Cannot read manifest"); - properties.setProperty(DataUrlConnection.USERAGENT_CONFIG_P, - DataUrlConnection.USERAGENT_DEFAULT); + properties.setProperty(USERAGENT_CONFIG_P, + USERAGENT_DEFAULT); } } catch (IOException e) { log.error(e); -- cgit v1.2.3 From 2882e14d19cfa58ea382083434210aaf0cfea3e3 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 13 Mar 2009 07:49:49 +0000 Subject: Fixed Bug#405 and added according test case Fixed Bug#402 Added Feature#403 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@320 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/conf/Configurator.java | 59 +++++++++++++++++----- 1 file changed, 47 insertions(+), 12 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 6213ffcf..8a94e88d 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -9,6 +9,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; +import java.net.URL; import java.security.GeneralSecurityException; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; @@ -26,6 +27,8 @@ import java.util.LinkedList; import java.util.List; import java.util.Properties; import java.util.Set; +import java.util.jar.Attributes; +import java.util.jar.Manifest; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; @@ -39,7 +42,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.binding.DataUrl; -import at.gv.egiz.bku.binding.DataUrlConnection; import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; import at.gv.egiz.bku.slexceptions.SLRuntimeException; @@ -55,10 +57,12 @@ public abstract class Configurator { public static final String USERAGENT_DEFAULT = "citizen-card-environment/1.2 MOCCA/UNKNOWN"; public static final String USERAGENT_BASE = "citizen-card-environment/1.2 MOCCA/"; + public static final String SIGNATURE_LAYOUT = "SignatureLayout"; protected Properties properties; protected CertValidator certValidator; + protected String signaturLayoutVersion; protected Configurator() { } @@ -161,7 +165,7 @@ public abstract class Configurator { log.debug("Registering security providers"); Security.insertProviderAt(new IAIK(), 1); Security.insertProviderAt(new ECCProvider(false), 2); - + // registering STALProvider as delegation provider for XSECT STALProvider stalProvider = new STALProvider(); Set services = stalProvider.getServices(); @@ -171,8 +175,10 @@ public abstract class Configurator { XSecProvider.setDelegationProvider(algorithm, stalProvider.getName()); sb.append("\n" + algorithm); } - log.debug("Registered STALProvider as XSecProvider delegation provider for the following services : " + sb.toString()); - + log + .debug("Registered STALProvider as XSecProvider delegation provider for the following services : " + + sb.toString()); + Security.addProvider(stalProvider); XSecProvider.addAsProvider(false); sb = new StringBuilder(); @@ -193,6 +199,31 @@ public abstract class Configurator { } } + public void configureSingatureLayoutVersion() { + if (properties.get(SIGNATURE_LAYOUT) == null) { + try { + String classContainer = Configurator.class.getProtectionDomain() + .getCodeSource().getLocation().toString(); + URL manifestUrl = new URL("jar:" + classContainer + + "!/META-INF/MANIFEST.MF"); + Manifest manifest = new Manifest(manifestUrl.openStream()); + Attributes att = manifest.getMainAttributes(); + String layout = null; + if (att != null) { + layout = att.getValue(SIGNATURE_LAYOUT); + } + if (layout != null) { + log.info("Setting signature layout to: " + layout); + properties.put(SIGNATURE_LAYOUT, layout); + } else { + log.warn("No signature layout version defined"); + } + } catch (Exception ex) { + log.warn("Cannot read manifest", ex); + } + } + } + public void configureNetwork() { String proxy = getProperty("HTTPProxyHost"); String portString = getProperty("HTTPProxyPort"); @@ -217,15 +248,15 @@ public abstract class Configurator { if (is != null) { p.load(getManifest()); String version = p.getProperty("Implementation-Build"); - properties.setProperty(USERAGENT_CONFIG_P, - USERAGENT_BASE + version); + if (version == null) { + version="UNKNOWN"; + } + properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_BASE + version); log.debug("Setting user agent to: " - + properties - .getProperty(USERAGENT_CONFIG_P)); + + properties.getProperty(USERAGENT_CONFIG_P)); } else { log.warn("Cannot read manifest"); - properties.setProperty(USERAGENT_CONFIG_P, - USERAGENT_DEFAULT); + properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_DEFAULT); } } catch (IOException e) { log.error(e); @@ -240,6 +271,7 @@ public abstract class Configurator { configViewer(); configureSSL(); configureVersion(); + configureSingatureLayoutVersion(); configureNetwork(); } @@ -280,11 +312,14 @@ public abstract class Configurator { sslCtx.init(km, new TrustManager[] { pkixTM }, null); } DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory()); - URLDereferencer.getInstance().setSSLSocketFactory(sslCtx.getSocketFactory()); + URLDereferencer.getInstance().setSSLSocketFactory( + sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } - if ((disableAll != null && Boolean.parseBoolean(disableAll)) || (disableHostnameVerification != null && Boolean.parseBoolean(disableHostnameVerification))) { + if ((disableAll != null && Boolean.parseBoolean(disableAll)) + || (disableHostnameVerification != null && Boolean + .parseBoolean(disableHostnameVerification))) { log.warn("---------------------------------"); log.warn(" Disabling Hostname Verification "); log.warn("---------------------------------"); -- cgit v1.2.3 From ddec4b921578c3a2a84838788f3667cff45af3b6 Mon Sep 17 00:00:00 2001 From: clemenso Date: Fri, 17 Apr 2009 09:50:53 +0000 Subject: configure dataURL after complete Configurator initialization git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@337 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 8a94e88d..f5110799 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -262,9 +262,11 @@ public abstract class Configurator { log.error(e); } } - DataUrl.setConfiguration(properties); } + /** + * TODO cleanup configuration (read MANIFEST, DataURLconfig,...) + */ public void configure() { configureProviders(); configUrlConnections(); @@ -273,6 +275,8 @@ public abstract class Configurator { configureVersion(); configureSingatureLayoutVersion(); configureNetwork(); + //after configureVersion() and configureSignatureLayoutVersion() + DataUrl.setConfiguration(properties); } public void setConfiguration(Properties props) { -- cgit v1.2.3 From 9452928e56cc32092adbe146bfb2dd86211e63dc Mon Sep 17 00:00:00 2001 From: clemenso Date: Fri, 17 Apr 2009 13:30:09 +0000 Subject: MANIFEST (TODO delete from svn) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@338 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index f5110799..a3e07cda 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -213,10 +213,10 @@ public abstract class Configurator { layout = att.getValue(SIGNATURE_LAYOUT); } if (layout != null) { - log.info("Setting signature layout to: " + layout); + log.info("setting SignatureLayout header to " + layout); properties.put(SIGNATURE_LAYOUT, layout); } else { - log.warn("No signature layout version defined"); + log.warn("no SignatureLayout version defined"); } } catch (Exception ex) { log.warn("Cannot read manifest", ex); -- cgit v1.2.3 From e8fbfeb16c3f8ece59edbb75add7e2b88bf598f5 Mon Sep 17 00:00:00 2001 From: clemenso Date: Fri, 12 Jun 2009 11:22:00 +0000 Subject: user agent log msg git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@357 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 3 +++ 1 file changed, 3 insertions(+) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index a3e07cda..d9a118e5 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -46,6 +46,7 @@ import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; import at.gv.egiz.bku.slexceptions.SLRuntimeException; import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; +import javax.net.ssl.SSLSocketFactory; public abstract class Configurator { @@ -261,6 +262,8 @@ public abstract class Configurator { } catch (IOException e) { log.error(e); } + } else { + log.info("using configured user agent " + properties.getProperty(USERAGENT_CONFIG_P)); } } -- cgit v1.2.3 From b16d733781a2f7d2a56f562be7f06090f724a02a Mon Sep 17 00:00:00 2001 From: clemenso Date: Thu, 13 Aug 2009 09:32:12 +0000 Subject: minor changes (log) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@428 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index d9a118e5..41c2512f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -84,6 +84,7 @@ public abstract class Configurator { throw new SLRuntimeException( "Expecting directory as SSL.caDirectory parameter"); } + log.info("loading trustStore from " + caDir.getAbsolutePath()); CertificateFactory cf = CertificateFactory.getInstance("X.509"); for (File f : caDir.listFiles()) { try { @@ -114,6 +115,7 @@ public abstract class Configurator { throw new SLRuntimeException( "Expecting directory as SSL.certDirectory parameter"); } + log.info("loading certStore from " + certDir.getAbsolutePath()); List certCollection = new LinkedList(); CertificateFactory cf = CertificateFactory.getInstance("X.509"); for (File f : certDir.listFiles()) { @@ -256,7 +258,7 @@ public abstract class Configurator { log.debug("Setting user agent to: " + properties.getProperty(USERAGENT_CONFIG_P)); } else { - log.warn("Cannot read manifest"); + log.warn("Failed to read manifest, setting user-agent to " + USERAGENT_DEFAULT); properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_DEFAULT); } } catch (IOException e) { -- cgit v1.2.3 From 68941b57df2caeead67a5bede2ef5a635d07db32 Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 11 Nov 2009 15:51:08 +0000 Subject: Added support for SHA-256 and partial support for e-card G3, BELPIC and Italian cards. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@540 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/conf/Configurator.java | 71 ++++++++++++++++------ 1 file changed, 51 insertions(+), 20 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java index 41c2512f..50f5d2b4 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -166,31 +166,62 @@ public abstract class Configurator { protected void configureProviders() { log.debug("Registering security providers"); - Security.insertProviderAt(new IAIK(), 1); - Security.insertProviderAt(new ECCProvider(false), 2); + + IAIK iaikProvider = new IAIK(); + if (Security.getProvider(iaikProvider.getName()) == null) { + // register IAIK provider at first position + Security.insertProviderAt(iaikProvider, 1); + } else { + // IAIK provider already registered + log.info("Provider " + iaikProvider.getName() + " already registered."); + } + + ECCProvider eccProvider = new ECCProvider(false); + if (Security.getProvider(eccProvider.getName()) == null) { + // register ECC Provider at second position + Security.insertProviderAt(eccProvider, 2); + } else { + // ECC Provider already registered + log.info("Provider " + eccProvider.getName() + " already registered."); + } // registering STALProvider as delegation provider for XSECT STALProvider stalProvider = new STALProvider(); - Set services = stalProvider.getServices(); - StringBuilder sb = new StringBuilder(); - for (Service service : services) { - String algorithm = service.getType() + "." + service.getAlgorithm(); - XSecProvider.setDelegationProvider(algorithm, stalProvider.getName()); - sb.append("\n" + algorithm); + if (Security.getProvider(stalProvider.getName()) == null) { + // register STAL provider + Set services = stalProvider.getServices(); + StringBuilder sb = new StringBuilder(); + for (Service service : services) { + String algorithm = service.getType() + "." + service.getAlgorithm(); + XSecProvider.setDelegationProvider(algorithm, stalProvider.getName()); + sb.append("\n" + algorithm); + } + log + .debug("Registered STALProvider as XSecProvider delegation provider for the following services : " + + sb.toString()); + + Security.addProvider(stalProvider); + } else { + // STAL Provider already registered + log.info("Provider " + stalProvider.getName() + " already registered."); } - log - .debug("Registered STALProvider as XSecProvider delegation provider for the following services : " - + sb.toString()); - - Security.addProvider(stalProvider); - XSecProvider.addAsProvider(false); - sb = new StringBuilder(); - sb.append("Registered providers: "); - int i = 1; - for (Provider prov : Security.getProviders()) { - sb.append((i++) + ". : " + prov); + + if (Security.getProvider(XSecProvider.NAME) == null) { + // register XML Security provider + XSecProvider.addAsProvider(false); + } else { + log.info("Provider " + XSecProvider.NAME + " already registered."); + } + + if (log.isDebugEnabled()) { + StringBuilder sb = new StringBuilder(); + sb.append("Registered providers: "); + int i = 1; + for (Provider prov : Security.getProviders()) { + sb.append((i++) + ". : " + prov); + } + log.debug(sb.toString()); } - log.debug(sb.toString()); } protected void configViewer() { -- cgit v1.2.3