From 7d3f6235a46f70323defa9910da240e61ca684b3 Mon Sep 17 00:00:00 2001
From: wbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 1 Oct 2008 07:30:55 +0000
Subject: Moved main parts of the configuration to bkucommon

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@78 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/conf/Configurator.java     | 351 +++++++++++++++++++++
 1 file changed, 351 insertions(+)
 create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
new file mode 100644
index 00000000..9a1e7020
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -0,0 +1,351 @@
+package at.gv.egiz.bku.conf;
+
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+import iaik.xml.crypto.XSecProvider;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.CertStore;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CollectionCertStoreParameters;
+import java.security.cert.LDAPCertStoreParameters;
+import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.net.ssl.CertPathTrustManagerParameters;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.ManagerFactoryParameters;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.DataUrl;
+import at.gv.egiz.bku.binding.DataUrlConnection;
+import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
+import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+
+public abstract class Configurator {
+  private Log log = LogFactory.getLog(Configurator.class);
+
+  protected Properties properties;
+
+  protected Configurator() {
+  }
+
+  protected abstract File getCertDir();
+
+  protected abstract File getCADir();
+
+  protected abstract InputStream getManifest();
+
+  private Set<TrustAnchor> getCACerts() throws IOException,
+      CertificateException {
+    Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
+    File caDir = getCADir();
+    if (caDir != null) {
+      if (!caDir.isDirectory()) {
+        log.error("Expecting directory as SSL.caDirectory parameter");
+        throw new SLRuntimeException(
+            "Expecting directory as SSL.caDirectory parameter");
+      }
+      CertificateFactory cf = CertificateFactory.getInstance("X.509");
+      for (File f : caDir.listFiles()) {
+        try {
+          FileInputStream fis = new FileInputStream(f);
+          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
+          fis.close();
+          log.debug("Adding trusted cert " + cert.getSubjectDN());
+          caCerts.add(new TrustAnchor(cert, null));
+        } catch (Exception e) {
+          log.error("Cannot add trusted ca", e);
+        }
+      }
+      return caCerts;
+
+    } else {
+      log.warn("No CA certificates configured");
+    }
+    return null;
+  }
+
+  protected List<CertStore> getCertstore() throws IOException,
+      CertificateException, InvalidAlgorithmParameterException,
+      NoSuchAlgorithmException {
+    List<CertStore> resultList = new ArrayList<CertStore>();
+    File certDir = getCertDir();
+    if (certDir != null) {
+      if (!certDir.isDirectory()) {
+        log.error("Expecting directory as SSL.certDirectory parameter");
+        throw new SLRuntimeException(
+            "Expecting directory as SSL.certDirectory parameter");
+      }
+      List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
+      CertificateFactory cf = CertificateFactory.getInstance("X.509");
+      for (File f : certDir.listFiles()) {
+        try {
+          FileInputStream fis = new FileInputStream(f);
+          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
+          certCollection.add(cert);
+          fis.close();
+          log
+              .trace("Added following cert to certstore: "
+                  + cert.getSubjectDN());
+        } catch (Exception ex) {
+          log.error("Cannot add certificate", ex);
+        }
+      }
+      CollectionCertStoreParameters csp = new CollectionCertStoreParameters(
+          certCollection);
+      resultList.add(CertStore.getInstance("Collection", csp));
+      log.info("Added collection certstore");
+    } else {
+      log.warn("No certstore directory configured");
+    }
+    String ldapHost = getProperty("SSL.ldapServer");
+    if ((ldapHost != null) && (!"".equals(ldapHost))) {
+      String ldapPortString = getProperty("SSL.ldapPort");
+      int ldapPort = 389;
+      if (ldapPortString != null) {
+        try {
+          ldapPort = Integer.parseInt(ldapPortString);
+        } catch (NumberFormatException nfe) {
+          log.error("Invalid ldap port, using default 389");
+        }
+      } else {
+        log.warn("ldap port not specified, using default 389");
+      }
+      LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters(
+          ldapHost, ldapPort);
+      resultList.add(CertStore.getInstance("LDAP", ldapParams));
+      log.info("Added LDAP certstore");
+    }
+    return resultList;
+  }
+
+  protected void configUrlConnections() {
+    HttpsURLConnection.setFollowRedirects(false);
+    HttpURLConnection.setFollowRedirects(false);
+  }
+
+  protected void configureProviders() {
+    log.debug("Registering security providers");
+    Security.insertProviderAt(new IAIK(), 1);
+    Security.insertProviderAt(new ECCProvider(false), 2);
+    Security.addProvider(new STALProvider());
+    XSecProvider.addAsProvider(false);
+    StringBuilder sb = new StringBuilder();
+    sb.append("Registered providers: ");
+    int i = 1;
+    for (Provider prov : Security.getProviders()) {
+      sb.append((i++) + ". : " + prov);
+    }
+    log.debug(sb.toString());
+  }
+
+  protected void configViewer() {
+    String bv = properties.getProperty("ValidateHashDataInputs");
+    if (bv != null) {
+      DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv));
+    } else {
+      log.warn("ValidateHashDataInputs not set, falling back to default");
+    }
+  }
+
+  public void configureNetwork() {
+    String proxy = getProperty("HTTPProxyHost");
+    String portString = getProperty("HTTPProxyPort");
+    if ((proxy == null) || (proxy.equals(""))) {
+      log.info("No proxy configured");
+    } else {
+      log.info("Setting proxy to: " + proxy + ":" + portString);
+      System.setProperty("proxyHost", proxy);
+      System.setProperty("proxyPort", portString);
+    }
+    String timeout = getProperty("DefaultSocketTimeout");
+    if ((timeout != null) && (!timeout.equals(""))) {
+      System.setProperty("sun.net.client.defaultConnectTimeout", timeout);
+    }
+  }
+
+  public void configureVersion() {
+    Properties p = new Properties();
+    try {
+      InputStream is = getManifest();
+      if (is != null) {
+        p.load(getManifest());
+        String version = p.getProperty("Implementation-Build");
+        properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
+            "citizen-card-environment/1.2 MOCCA " + version);
+        DataUrl.setConfiguration(properties);
+        log
+            .debug("Setting user agent to: "
+                + properties
+                    .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
+      } else {
+        log.warn("Cannot read manifest");
+        properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
+            "citizen-card-environment/1.2 MOCCA UNKNOWN");
+        DataUrl.setConfiguration(properties);
+      }
+    } catch (IOException e) {
+      log.error(e);
+    }
+  }
+
+  public void configure() {
+    configureProviders();
+    configUrlConnections();
+    configViewer();
+    configureSSL();
+    configureVersion();
+    configureNetwork();
+  }
+
+  public void setConfiguration(Properties props) {
+    this.properties = props;
+  }
+
+  public String getProperty(String key) {
+    if (properties != null) {
+      return properties.getProperty(key);
+    }
+    return null;
+  }
+
+  public void configureSSL() {
+    Set<TrustAnchor> caCerts = null;
+    try {
+      caCerts = getCACerts();
+    } catch (Exception e1) {
+      log.error("Cannot load CA certificates", e1);
+    }
+    List<CertStore> certStoreList = null;
+    try {
+      certStoreList = getCertstore();
+    } catch (Exception e1) {
+      log.error("Cannot load certstore certificates", e1);
+    }
+    String aia = getProperty("SSL.useAIA");
+    if ((aia == null) || (aia.equals(""))) {
+      System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
+    } else {
+      System.setProperty("com.sun.security.enableAIAcaIssuers", aia);
+    }
+    String lifetime = getProperty("SSL.cache.lifetime");
+    if ((lifetime == null) || (lifetime.equals(""))) {
+      System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0");
+    } else {
+      System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime);
+    }
+    X509CertSelector selector = new X509CertSelector();
+    PKIXBuilderParameters pkixParams;
+    try {
+      pkixParams = new PKIXBuilderParameters(caCerts, selector);
+      if ((getProperty("SSL.doRevocationChecking") != null)
+          && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
+        log.info("Enable revocation checking");
+        System.setProperty("com.sun.security.enableCRLDP", "true");
+        Security.setProperty("ocsp.enable", "true");
+      } else {
+        log.warn("Revocation checking disabled");
+      }
+      for (CertStore cs : certStoreList) {
+        pkixParams.addCertStore(cs);
+      }
+      ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
+          pkixParams);
+      TrustManagerFactory trustFab;
+      trustFab = TrustManagerFactory.getInstance("PKIX");
+      trustFab.init(trustParams);
+      KeyManager[] km = null;
+      SSLContext sslCtx = SSLContext
+          .getInstance(getProperty("SSL.sslProtocol"));
+      String disableAll = getProperty("SSL.disableAllChecks");
+      if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
+        log.warn("--------------------------------------");
+        log.warn(" Disabling SSL Certificate Validation ");
+        log.warn("--------------------------------------");
+
+        sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts,
+            certStoreList) }, null);
+      } else {
+        sslCtx.init(km, trustFab.getTrustManagers(), null);
+      }
+      HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
+    } catch (Exception e) {
+      log.error("Cannot configure SSL", e);
+    }
+    String disableAll = getProperty("SSL.disableAllChecks");
+    if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
+      log.warn("---------------------------------");
+      log.warn(" Disabling Hostname Verification ");
+      log.warn("---------------------------------");
+      HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
+        @Override
+        public boolean verify(String hostname, SSLSession session) {
+          return true;
+        }
+      });
+    }
+  }
+
+  private static class MyTrustManager implements X509TrustManager {
+    private static Log log = LogFactory.getLog(MyTrustManager.class);
+    private X509Certificate[] trustedCerts;
+
+    public MyTrustManager(Set<TrustAnchor> caCerts, List<CertStore> cs) {
+      trustedCerts = new X509Certificate[caCerts.size()];
+      int i = 0;
+      for (Iterator<TrustAnchor> it = caCerts.iterator(); it.hasNext();) {
+        TrustAnchor ta = it.next();
+        trustedCerts[i++] = ta.getTrustedCert();
+      }
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] arg0, String arg1)
+        throws CertificateException {
+      log.error("Did not expect this method to get called");
+      throw new CertificateException("Method not implemented");
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] certs, String arg1)
+        throws CertificateException {
+      log.warn("-------------------------------------");
+      log.warn("SSL Certificate Validation Disabled !");
+      log.warn("-------------------------------------");
+    }
+
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+      return trustedCerts;
+    }
+  }
+}
-- 
cgit v1.2.3


From 27d91275555207f9e152c2867d52fbbf83f92ba7 Mon Sep 17 00:00:00 2001
From: wbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 8 Oct 2008 08:39:17 +0000
Subject: changed ssl certificate validation, now using iaik_pki

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@83 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/conf/CertValidator.java    |  13 ++
 .../at/gv/egiz/bku/conf/CertValidatorImpl.java     |  83 ++++++++++++
 .../java/at/gv/egiz/bku/conf/Configurator.java     | 140 +++++++++++----------
 3 files changed, 172 insertions(+), 64 deletions(-)
 create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java
 create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java
new file mode 100644
index 00000000..6a95b369
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidator.java
@@ -0,0 +1,13 @@
+package at.gv.egiz.bku.conf;
+
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+
+public interface CertValidator {
+
+  public abstract void init(File certDir, File caDir);
+
+  public abstract boolean isCertificateValid(String transactionId, X509Certificate[] certs);
+
+}
\ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java
new file mode 100644
index 00000000..125233c1
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java
@@ -0,0 +1,83 @@
+package at.gv.egiz.bku.conf;
+
+import iaik.logging.TransactionId;
+import iaik.logging.impl.TransactionIdImpl;
+import iaik.pki.DefaultPKIConfiguration;
+import iaik.pki.DefaultPKIProfile;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIModule;
+import iaik.pki.PKIProfile;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.directory.DefaultDirectoryCertStoreParameters;
+import iaik.pki.store.truststore.DefaultTrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+import iaik.x509.X509Certificate;
+
+import java.io.File;
+import java.util.Date;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class CertValidatorImpl implements CertValidator {
+
+  private static Log log = LogFactory.getLog(CertValidatorImpl.class);
+
+  private PKIFactory pkiFactory;
+  private PKIProfile profile;
+
+  public CertValidatorImpl() {
+
+  }
+
+  /* (non-Javadoc)
+   * @see at.gv.egiz.bku.conf.CertValidator#init(java.io.File, java.io.File)
+   */
+  public void init(File certDir, File caDir) {
+    // the parameters specifying the directory certstore
+    CertStoreParameters[] certStoreParameters = { new DefaultDirectoryCertStoreParameters(
+        "CS-001", certDir.getAbsolutePath(), true, false) };
+
+    // create a new PKI configuration using the certstore parameters
+    PKIConfiguration pkiConfig = new DefaultPKIConfiguration(
+        certStoreParameters);
+
+    // Transaction ID for logging
+    TransactionId tid = new TransactionIdImpl("Configure-PKI");
+    // get PKI factory for creating PKI module(s)
+    pkiFactory = PKIFactory.getInstance();
+    // configure the factory
+    try {
+      pkiFactory.configure(pkiConfig, tid);
+    } catch (PKIException e) {
+      log.error("Cannot configure PKI module", e);
+    }
+    // the truststore to be used
+    TrustStoreProfile trustProfile = new DefaultTrustStoreProfile("TS-001",
+        TrustStoreTypes.DIRECTORY, caDir.getAbsolutePath());
+    profile = new DefaultPKIProfile(trustProfile);
+    ((DefaultPKIProfile)profile).setAutoAddCertificates(true);
+  }
+
+  /* (non-Javadoc)
+   * @see at.gv.egiz.bku.conf.CertValidator#isCertificateValid(java.lang.String, iaik.x509.X509Certificate[])
+   */
+  public boolean isCertificateValid(String transactionId,
+      X509Certificate[] certs) {
+    // Transaction ID for logging
+    TransactionId tid = new TransactionIdImpl(transactionId);
+    // get a PKIModule
+    PKIModule pkiModule;
+    try {
+      pkiModule = pkiFactory.getPKIModule(profile);
+      return pkiModule.validateCertificate(new Date(), certs[0], certs, null,
+          tid).isCertificateValid();
+    } catch (PKIException e) {
+      log.error("Cannot validate certificate", e);
+    }
+    return false;
+  }
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index 9a1e7020..9ed99190 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -9,6 +9,7 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.HttpURLConnection;
+import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
@@ -18,27 +19,18 @@ import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CollectionCertStoreParameters;
 import java.security.cert.LDAPCertStoreParameters;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CertSelector;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Properties;
-import java.util.Set;
 
-import javax.net.ssl.CertPathTrustManagerParameters;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.KeyManager;
-import javax.net.ssl.ManagerFactoryParameters;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509TrustManager;
 
 import org.apache.commons.logging.Log;
@@ -55,6 +47,8 @@ public abstract class Configurator {
 
   protected Properties properties;
 
+  protected CertValidator certValidator;
+
   protected Configurator() {
   }
 
@@ -64,9 +58,9 @@ public abstract class Configurator {
 
   protected abstract InputStream getManifest();
 
-  private Set<TrustAnchor> getCACerts() throws IOException,
+  private X509Certificate[] getCACerts() throws IOException,
       CertificateException {
-    Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
+    List<X509Certificate> caCerts = new ArrayList<X509Certificate>();
     File caDir = getCADir();
     if (caDir != null) {
       if (!caDir.isDirectory()) {
@@ -81,13 +75,12 @@ public abstract class Configurator {
           X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
           fis.close();
           log.debug("Adding trusted cert " + cert.getSubjectDN());
-          caCerts.add(new TrustAnchor(cert, null));
+          caCerts.add(cert);
         } catch (Exception e) {
           log.error("Cannot add trusted ca", e);
         }
       }
-      return caCerts;
-
+      return  caCerts.toArray(new X509Certificate[caCerts.size()]);
     } else {
       log.warn("No CA certificates configured");
     }
@@ -239,69 +232,33 @@ public abstract class Configurator {
   }
 
   public void configureSSL() {
-    Set<TrustAnchor> caCerts = null;
+    X509Certificate[] caCerts = null;
     try {
       caCerts = getCACerts();
     } catch (Exception e1) {
       log.error("Cannot load CA certificates", e1);
     }
-    List<CertStore> certStoreList = null;
-    try {
-      certStoreList = getCertstore();
-    } catch (Exception e1) {
-      log.error("Cannot load certstore certificates", e1);
-    }
-    String aia = getProperty("SSL.useAIA");
-    if ((aia == null) || (aia.equals(""))) {
-      System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
-    } else {
-      System.setProperty("com.sun.security.enableAIAcaIssuers", aia);
-    }
-    String lifetime = getProperty("SSL.cache.lifetime");
-    if ((lifetime == null) || (lifetime.equals(""))) {
-      System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0");
-    } else {
-      System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime);
-    }
-    X509CertSelector selector = new X509CertSelector();
-    PKIXBuilderParameters pkixParams;
+    String disableAll = getProperty("SSL.disableAllChecks");
     try {
-      pkixParams = new PKIXBuilderParameters(caCerts, selector);
-      if ((getProperty("SSL.doRevocationChecking") != null)
-          && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
-        log.info("Enable revocation checking");
-        System.setProperty("com.sun.security.enableCRLDP", "true");
-        Security.setProperty("ocsp.enable", "true");
-      } else {
-        log.warn("Revocation checking disabled");
-      }
-      for (CertStore cs : certStoreList) {
-        pkixParams.addCertStore(cs);
-      }
-      ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
-          pkixParams);
-      TrustManagerFactory trustFab;
-      trustFab = TrustManagerFactory.getInstance("PKIX");
-      trustFab.init(trustParams);
       KeyManager[] km = null;
       SSLContext sslCtx = SSLContext
           .getInstance(getProperty("SSL.sslProtocol"));
-      String disableAll = getProperty("SSL.disableAllChecks");
       if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
         log.warn("--------------------------------------");
         log.warn(" Disabling SSL Certificate Validation ");
         log.warn("--------------------------------------");
 
-        sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts,
-            certStoreList) }, null);
+        sslCtx.init(km,
+            new TrustManager[] { new MyAlwaysTrustManager(caCerts) }, null);
       } else {
-        sslCtx.init(km, trustFab.getTrustManagers(), null);
+        MyPKITrustManager pkixTM = new MyPKITrustManager(certValidator,
+            getCertDir(), getCADir(), caCerts);
+        sslCtx.init(km, new TrustManager[] { pkixTM }, null);
       }
       HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
     } catch (Exception e) {
       log.error("Cannot configure SSL", e);
     }
-    String disableAll = getProperty("SSL.disableAllChecks");
     if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
       log.warn("---------------------------------");
       log.warn(" Disabling Hostname Verification ");
@@ -315,19 +272,74 @@ public abstract class Configurator {
     }
   }
 
-  private static class MyTrustManager implements X509TrustManager {
-    private static Log log = LogFactory.getLog(MyTrustManager.class);
+  
+  
+  public void setCertValidator(CertValidator certValidator) {
+    this.certValidator = certValidator;
+  }
+
+  private static class MyPKITrustManager implements X509TrustManager {
+    private static Log log = LogFactory.getLog(MyPKITrustManager.class);
+
+    private CertValidator certValidator;
     private X509Certificate[] trustedCerts;
 
-    public MyTrustManager(Set<TrustAnchor> caCerts, List<CertStore> cs) {
-      trustedCerts = new X509Certificate[caCerts.size()];
+    public MyPKITrustManager(CertValidator cv, File certStore, File trustStore,
+        X509Certificate[] trustedCerts) {
+      certValidator = cv;
+      certValidator.init(certStore, trustStore);
+      this.trustedCerts = trustedCerts;
+    }
+
+    @Override
+    public void checkClientTrusted(X509Certificate[] chain, String authType)
+        throws CertificateException {
+      log.error("Did not expect this method to get called");
+      throw new CertificateException("Method not implemented");
+    }
+
+    private static iaik.x509.X509Certificate[] convertCerts(
+        X509Certificate[] certs) throws GeneralSecurityException {
+      iaik.x509.X509Certificate[] retVal = new iaik.x509.X509Certificate[certs.length];
       int i = 0;
-      for (Iterator<TrustAnchor> it = caCerts.iterator(); it.hasNext();) {
-        TrustAnchor ta = it.next();
-        trustedCerts[i++] = ta.getTrustedCert();
+      for (X509Certificate cert : certs) {
+        if (cert instanceof iaik.x509.X509Certificate) {
+          retVal[i++] = (iaik.x509.X509Certificate) cert;
+        } else {
+          retVal[i++] = new iaik.x509.X509Certificate(cert.getEncoded());
+        }
+      }
+      return retVal;
+    }
+
+    @Override
+    public void checkServerTrusted(X509Certificate[] chain, String authType)
+        throws CertificateException {
+      try {
+        boolean valid = certValidator.isCertificateValid(Thread.currentThread()
+            .getName(), convertCerts(chain));
+        if (!valid) {
+          throw new CertificateException("Certificate not valid");
+        }
+      } catch (GeneralSecurityException e) {
+        throw new CertificateException(e);
       }
     }
 
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+      return trustedCerts;
+    }
+  }
+
+  private static class MyAlwaysTrustManager implements X509TrustManager {
+    private static Log log = LogFactory.getLog(MyAlwaysTrustManager.class);
+    private X509Certificate[] trustedCerts;
+
+    public MyAlwaysTrustManager(X509Certificate[] trustedCerts) {
+      this.trustedCerts = trustedCerts;
+    }
+
     @Override
     public void checkClientTrusted(X509Certificate[] arg0, String arg1)
         throws CertificateException {
-- 
cgit v1.2.3


From 3aadcf8f877a560bed75af7e0db918aa26ef2a03 Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Thu, 4 Dec 2008 10:00:31 +0000
Subject: Refactoring of infobox implementation.

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@232 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/conf/Configurator.java     | 41 +++++++++++-----------
 1 file changed, 21 insertions(+), 20 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index 9ed99190..6078de36 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -187,28 +187,29 @@ public abstract class Configurator {
   }
 
   public void configureVersion() {
-    Properties p = new Properties();
-    try {
-      InputStream is = getManifest();
-      if (is != null) {
-        p.load(getManifest());
-        String version = p.getProperty("Implementation-Build");
-        properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
-            "citizen-card-environment/1.2 MOCCA " + version);
-        DataUrl.setConfiguration(properties);
-        log
-            .debug("Setting user agent to: "
-                + properties
-                    .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
-      } else {
-        log.warn("Cannot read manifest");
-        properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
-            "citizen-card-environment/1.2 MOCCA UNKNOWN");
-        DataUrl.setConfiguration(properties);
+    if (properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY) == null) {
+      Properties p = new Properties();
+      try {
+        InputStream is = getManifest();
+        if (is != null) {
+          p.load(getManifest());
+          String version = p.getProperty("Implementation-Build");
+          properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
+              "citizen-card-environment/1.2 MOCCA " + version);
+          log
+              .debug("Setting user agent to: "
+                  + properties
+                      .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
+        } else {
+          log.warn("Cannot read manifest");
+          properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
+              "citizen-card-environment/1.2 MOCCA UNKNOWN");
+        }
+      } catch (IOException e) {
+        log.error(e);
       }
-    } catch (IOException e) {
-      log.error(e);
     }
+    DataUrl.setConfiguration(properties);
   }
 
   public void configure() {
-- 
cgit v1.2.3


From 3e101b29f0ac1efa5088ba953bea0acbba932339 Mon Sep 17 00:00:00 2001
From: wbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Fri, 5 Dec 2008 11:41:29 +0000
Subject: Feature Request #362

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@234 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../src/main/java/at/gv/egiz/bku/conf/Configurator.java   | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index 6078de36..e37d107f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -80,7 +80,7 @@ public abstract class Configurator {
           log.error("Cannot add trusted ca", e);
         }
       }
-      return  caCerts.toArray(new X509Certificate[caCerts.size()]);
+      return caCerts.toArray(new X509Certificate[caCerts.size()]);
     } else {
       log.warn("No CA certificates configured");
     }
@@ -196,10 +196,9 @@ public abstract class Configurator {
           String version = p.getProperty("Implementation-Build");
           properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
               "citizen-card-environment/1.2 MOCCA " + version);
-          log
-              .debug("Setting user agent to: "
-                  + properties
-                      .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
+          log.debug("Setting user agent to: "
+              + properties
+                  .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
         } else {
           log.warn("Cannot read manifest");
           properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
@@ -256,7 +255,7 @@ public abstract class Configurator {
             getCertDir(), getCADir(), caCerts);
         sslCtx.init(km, new TrustManager[] { pkixTM }, null);
       }
-      HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
+      DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory());
     } catch (Exception e) {
       log.error("Cannot configure SSL", e);
     }
@@ -264,7 +263,7 @@ public abstract class Configurator {
       log.warn("---------------------------------");
       log.warn(" Disabling Hostname Verification ");
       log.warn("---------------------------------");
-      HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
+      DataUrl.setHostNameVerifier(new HostnameVerifier() {
         @Override
         public boolean verify(String hostname, SSLSession session) {
           return true;
@@ -273,8 +272,6 @@ public abstract class Configurator {
     }
   }
 
-  
-  
   public void setCertValidator(CertValidator certValidator) {
     this.certValidator = certValidator;
   }
-- 
cgit v1.2.3


From 401c481eed1f1e30928f7310d35832f8411d7e1b Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Thu, 11 Dec 2008 14:42:17 +0000
Subject: XSecProvider delegation provider registration.

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@246 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../main/java/at/gv/egiz/bku/conf/Configurator.java    | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index e37d107f..733b47dc 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -14,6 +14,7 @@ import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
 import java.security.Security;
+import java.security.Provider.Service;
 import java.security.cert.CertStore;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -24,6 +25,7 @@ import java.util.ArrayList;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Properties;
+import java.util.Set;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
@@ -150,9 +152,21 @@ public abstract class Configurator {
     log.debug("Registering security providers");
     Security.insertProviderAt(new IAIK(), 1);
     Security.insertProviderAt(new ECCProvider(false), 2);
-    Security.addProvider(new STALProvider());
-    XSecProvider.addAsProvider(false);
+    
+    // registering STALProvider as delegation provider for XSECT
+    STALProvider stalProvider = new STALProvider();
+    Set<Service> services = stalProvider.getServices();
     StringBuilder sb = new StringBuilder();
+    for (Service service : services) {
+      String algorithm = service.getType() + "." + service.getAlgorithm();
+      XSecProvider.setDelegationProvider(algorithm, stalProvider.getName());
+      sb.append("\n" + algorithm);
+    }
+    log.debug("Registered STALProvider as XSecProvider delegation provider for the following services : " + sb.toString());
+    
+    Security.addProvider(stalProvider);
+    XSecProvider.addAsProvider(false);
+    sb = new StringBuilder();
     sb.append("Registered providers: ");
     int i = 1;
     for (Provider prov : Security.getProviders()) {
-- 
cgit v1.2.3


From 3d0112fcd64ea80ad698861ce5d16e6de93c0bd5 Mon Sep 17 00:00:00 2001
From: wbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 21 Jan 2009 11:22:03 +0000
Subject: Fixed Bug #371

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@278 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index 733b47dc..7f180ad0 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -43,6 +43,7 @@ import at.gv.egiz.bku.binding.DataUrlConnection;
 import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
 import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
 import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
 
 public abstract class Configurator {
   private Log log = LogFactory.getLog(Configurator.class);
@@ -270,6 +271,7 @@ public abstract class Configurator {
         sslCtx.init(km, new TrustManager[] { pkixTM }, null);
       }
       DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory());
+      URLDereferencer.getInstance().setSSLSocketFactory(sslCtx.getSocketFactory());
     } catch (Exception e) {
       log.error("Cannot configure SSL", e);
     }
@@ -283,6 +285,12 @@ public abstract class Configurator {
           return true;
         }
       });
+      URLDereferencer.getInstance().setHostnameVerifier(new HostnameVerifier() {
+        @Override
+        public boolean verify(String hostname, SSLSession session) {
+          return true;
+        }
+      });
     }
   }
 
-- 
cgit v1.2.3


From 90f7f3ea1674e7cd5ead84247ca881ca101ba72a Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 11 Feb 2009 20:03:29 +0000
Subject: div. changes for A-Trust Activation Support (User-Agent header,
 GetStatusRequest, ...)

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@296 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../src/main/java/at/gv/egiz/bku/conf/Configurator.java  | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index 7f180ad0..a6c70d2c 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -46,6 +46,7 @@ import at.gv.egiz.bku.slexceptions.SLRuntimeException;
 import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
 
 public abstract class Configurator {
+
   private Log log = LogFactory.getLog(Configurator.class);
 
   protected Properties properties;
@@ -202,22 +203,22 @@ public abstract class Configurator {
   }
 
   public void configureVersion() {
-    if (properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY) == null) {
+    if (properties.getProperty(DataUrlConnection.USERAGENT_CONFIG_P) == null) {
       Properties p = new Properties();
       try {
         InputStream is = getManifest();
         if (is != null) {
           p.load(getManifest());
           String version = p.getProperty("Implementation-Build");
-          properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
-              "citizen-card-environment/1.2 MOCCA " + version);
+          properties.setProperty(DataUrlConnection.USERAGENT_CONFIG_P,
+                  DataUrlConnection.USERAGENT_BASE + version);
           log.debug("Setting user agent to: "
               + properties
-                  .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
+                  .getProperty(DataUrlConnection.USERAGENT_CONFIG_P));
         } else {
           log.warn("Cannot read manifest");
-          properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
-              "citizen-card-environment/1.2 MOCCA UNKNOWN");
+          properties.setProperty(DataUrlConnection.USERAGENT_CONFIG_P,
+                  DataUrlConnection.USERAGENT_DEFAULT);
         }
       } catch (IOException e) {
         log.error(e);
@@ -254,6 +255,7 @@ public abstract class Configurator {
       log.error("Cannot load CA certificates", e1);
     }
     String disableAll = getProperty("SSL.disableAllChecks");
+    String disableHostnameVerification = getProperty("SSL.disableHostnameVerification");
     try {
       KeyManager[] km = null;
       SSLContext sslCtx = SSLContext
@@ -275,7 +277,7 @@ public abstract class Configurator {
     } catch (Exception e) {
       log.error("Cannot configure SSL", e);
     }
-    if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
+    if ((disableAll != null && Boolean.parseBoolean(disableAll)) || (disableHostnameVerification != null && Boolean.parseBoolean(disableHostnameVerification))) {
       log.warn("---------------------------------");
       log.warn(" Disabling Hostname Verification ");
       log.warn("---------------------------------");
-- 
cgit v1.2.3


From a8690cc956924e1d83b0c45d21995ee2e10fbba2 Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 4 Mar 2009 16:44:34 +0000
Subject: 1.1-rc3

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@311 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../main/java/at/gv/egiz/bku/conf/Configurator.java   | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index a6c70d2c..6213ffcf 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -49,6 +49,13 @@ public abstract class Configurator {
 
   private Log log = LogFactory.getLog(Configurator.class);
 
+  public final static String USERAGENT_CONFIG_P = "UserAgent";
+  public static final String DATAURLCONNECTION_CONFIG_P = "DataURLConnectionImplClass";
+
+  public static final String USERAGENT_DEFAULT = "citizen-card-environment/1.2 MOCCA/UNKNOWN";
+  public static final String USERAGENT_BASE = "citizen-card-environment/1.2 MOCCA/";
+
+
   protected Properties properties;
 
   protected CertValidator certValidator;
@@ -203,22 +210,22 @@ public abstract class Configurator {
   }
 
   public void configureVersion() {
-    if (properties.getProperty(DataUrlConnection.USERAGENT_CONFIG_P) == null) {
+    if (properties.getProperty(USERAGENT_CONFIG_P) == null) {
       Properties p = new Properties();
       try {
         InputStream is = getManifest();
         if (is != null) {
           p.load(getManifest());
           String version = p.getProperty("Implementation-Build");
-          properties.setProperty(DataUrlConnection.USERAGENT_CONFIG_P,
-                  DataUrlConnection.USERAGENT_BASE + version);
+          properties.setProperty(USERAGENT_CONFIG_P,
+                  USERAGENT_BASE + version);
           log.debug("Setting user agent to: "
               + properties
-                  .getProperty(DataUrlConnection.USERAGENT_CONFIG_P));
+                  .getProperty(USERAGENT_CONFIG_P));
         } else {
           log.warn("Cannot read manifest");
-          properties.setProperty(DataUrlConnection.USERAGENT_CONFIG_P,
-                  DataUrlConnection.USERAGENT_DEFAULT);
+          properties.setProperty(USERAGENT_CONFIG_P,
+                  USERAGENT_DEFAULT);
         }
       } catch (IOException e) {
         log.error(e);
-- 
cgit v1.2.3


From 2882e14d19cfa58ea382083434210aaf0cfea3e3 Mon Sep 17 00:00:00 2001
From: wbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Fri, 13 Mar 2009 07:49:49 +0000
Subject: Fixed Bug#405 and added according test case Fixed Bug#402 Added
 Feature#403

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@320 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/conf/Configurator.java     | 59 +++++++++++++++++-----
 1 file changed, 47 insertions(+), 12 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index 6213ffcf..8a94e88d 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -9,6 +9,7 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.HttpURLConnection;
+import java.net.URL;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
@@ -26,6 +27,8 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Properties;
 import java.util.Set;
+import java.util.jar.Attributes;
+import java.util.jar.Manifest;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
@@ -39,7 +42,6 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import at.gv.egiz.bku.binding.DataUrl;
-import at.gv.egiz.bku.binding.DataUrlConnection;
 import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
 import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
 import at.gv.egiz.bku.slexceptions.SLRuntimeException;
@@ -55,10 +57,12 @@ public abstract class Configurator {
   public static final String USERAGENT_DEFAULT = "citizen-card-environment/1.2 MOCCA/UNKNOWN";
   public static final String USERAGENT_BASE = "citizen-card-environment/1.2 MOCCA/";
 
+  public static final String SIGNATURE_LAYOUT = "SignatureLayout";
 
   protected Properties properties;
 
   protected CertValidator certValidator;
+  protected String signaturLayoutVersion;
 
   protected Configurator() {
   }
@@ -161,7 +165,7 @@ public abstract class Configurator {
     log.debug("Registering security providers");
     Security.insertProviderAt(new IAIK(), 1);
     Security.insertProviderAt(new ECCProvider(false), 2);
-    
+
     // registering STALProvider as delegation provider for XSECT
     STALProvider stalProvider = new STALProvider();
     Set<Service> services = stalProvider.getServices();
@@ -171,8 +175,10 @@ public abstract class Configurator {
       XSecProvider.setDelegationProvider(algorithm, stalProvider.getName());
       sb.append("\n" + algorithm);
     }
-    log.debug("Registered STALProvider as XSecProvider delegation provider for the following services : " + sb.toString());
-    
+    log
+        .debug("Registered STALProvider as XSecProvider delegation provider for the following services : "
+            + sb.toString());
+
     Security.addProvider(stalProvider);
     XSecProvider.addAsProvider(false);
     sb = new StringBuilder();
@@ -193,6 +199,31 @@ public abstract class Configurator {
     }
   }
 
+  public void configureSingatureLayoutVersion() {
+    if (properties.get(SIGNATURE_LAYOUT) == null) {
+      try {
+        String classContainer = Configurator.class.getProtectionDomain()
+            .getCodeSource().getLocation().toString();
+        URL manifestUrl = new URL("jar:" + classContainer
+            + "!/META-INF/MANIFEST.MF");
+        Manifest manifest = new Manifest(manifestUrl.openStream());
+        Attributes att = manifest.getMainAttributes();
+        String layout = null;
+        if (att != null) {
+          layout = att.getValue(SIGNATURE_LAYOUT);
+        }
+        if (layout != null) {
+          log.info("Setting signature layout to: " + layout);
+          properties.put(SIGNATURE_LAYOUT, layout);
+        } else {
+          log.warn("No signature layout version defined");
+        }
+      } catch (Exception ex) {
+        log.warn("Cannot read manifest", ex);
+      }
+    }
+  }
+
   public void configureNetwork() {
     String proxy = getProperty("HTTPProxyHost");
     String portString = getProperty("HTTPProxyPort");
@@ -217,15 +248,15 @@ public abstract class Configurator {
         if (is != null) {
           p.load(getManifest());
           String version = p.getProperty("Implementation-Build");
-          properties.setProperty(USERAGENT_CONFIG_P,
-                  USERAGENT_BASE + version);
+          if (version == null) {
+            version="UNKNOWN";
+          }
+          properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_BASE + version);
           log.debug("Setting user agent to: "
-              + properties
-                  .getProperty(USERAGENT_CONFIG_P));
+              + properties.getProperty(USERAGENT_CONFIG_P));
         } else {
           log.warn("Cannot read manifest");
-          properties.setProperty(USERAGENT_CONFIG_P,
-                  USERAGENT_DEFAULT);
+          properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_DEFAULT);
         }
       } catch (IOException e) {
         log.error(e);
@@ -240,6 +271,7 @@ public abstract class Configurator {
     configViewer();
     configureSSL();
     configureVersion();
+    configureSingatureLayoutVersion();
     configureNetwork();
   }
 
@@ -280,11 +312,14 @@ public abstract class Configurator {
         sslCtx.init(km, new TrustManager[] { pkixTM }, null);
       }
       DataUrl.setSSLSocketFactory(sslCtx.getSocketFactory());
-      URLDereferencer.getInstance().setSSLSocketFactory(sslCtx.getSocketFactory());
+      URLDereferencer.getInstance().setSSLSocketFactory(
+          sslCtx.getSocketFactory());
     } catch (Exception e) {
       log.error("Cannot configure SSL", e);
     }
-    if ((disableAll != null && Boolean.parseBoolean(disableAll)) || (disableHostnameVerification != null && Boolean.parseBoolean(disableHostnameVerification))) {
+    if ((disableAll != null && Boolean.parseBoolean(disableAll))
+        || (disableHostnameVerification != null && Boolean
+            .parseBoolean(disableHostnameVerification))) {
       log.warn("---------------------------------");
       log.warn(" Disabling Hostname Verification ");
       log.warn("---------------------------------");
-- 
cgit v1.2.3


From ddec4b921578c3a2a84838788f3667cff45af3b6 Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Fri, 17 Apr 2009 09:50:53 +0000
Subject: configure dataURL after complete Configurator initialization

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@337 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index 8a94e88d..f5110799 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -262,9 +262,11 @@ public abstract class Configurator {
         log.error(e);
       }
     }
-    DataUrl.setConfiguration(properties);
   }
 
+  /**
+   * TODO cleanup configuration (read MANIFEST, DataURLconfig,...)
+   */
   public void configure() {
     configureProviders();
     configUrlConnections();
@@ -273,6 +275,8 @@ public abstract class Configurator {
     configureVersion();
     configureSingatureLayoutVersion();
     configureNetwork();
+    //after configureVersion() and configureSignatureLayoutVersion()
+    DataUrl.setConfiguration(properties);
   }
 
   public void setConfiguration(Properties props) {
-- 
cgit v1.2.3


From 9452928e56cc32092adbe146bfb2dd86211e63dc Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Fri, 17 Apr 2009 13:30:09 +0000
Subject: MANIFEST (TODO delete from svn)

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@338 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index f5110799..a3e07cda 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -213,10 +213,10 @@ public abstract class Configurator {
           layout = att.getValue(SIGNATURE_LAYOUT);
         }
         if (layout != null) {
-          log.info("Setting signature layout to: " + layout);
+          log.info("setting SignatureLayout header to " + layout);
           properties.put(SIGNATURE_LAYOUT, layout);
         } else {
-          log.warn("No signature layout version defined");
+          log.warn("no SignatureLayout version defined");
         }
       } catch (Exception ex) {
         log.warn("Cannot read manifest", ex);
-- 
cgit v1.2.3


From e8fbfeb16c3f8ece59edbb75add7e2b88bf598f5 Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Fri, 12 Jun 2009 11:22:00 +0000
Subject: user agent log msg

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@357 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index a3e07cda..d9a118e5 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -46,6 +46,7 @@ import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
 import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
 import at.gv.egiz.bku.slexceptions.SLRuntimeException;
 import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
+import javax.net.ssl.SSLSocketFactory;
 
 public abstract class Configurator {
 
@@ -261,6 +262,8 @@ public abstract class Configurator {
       } catch (IOException e) {
         log.error(e);
       }
+    } else {
+      log.info("using configured user agent " + properties.getProperty(USERAGENT_CONFIG_P));
     }
   }
 
-- 
cgit v1.2.3


From b16d733781a2f7d2a56f562be7f06090f724a02a Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Thu, 13 Aug 2009 09:32:12 +0000
Subject: minor changes (log)

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@428 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index d9a118e5..41c2512f 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -84,6 +84,7 @@ public abstract class Configurator {
         throw new SLRuntimeException(
             "Expecting directory as SSL.caDirectory parameter");
       }
+      log.info("loading trustStore from " + caDir.getAbsolutePath());
       CertificateFactory cf = CertificateFactory.getInstance("X.509");
       for (File f : caDir.listFiles()) {
         try {
@@ -114,6 +115,7 @@ public abstract class Configurator {
         throw new SLRuntimeException(
             "Expecting directory as SSL.certDirectory parameter");
       }
+      log.info("loading certStore from " + certDir.getAbsolutePath());
       List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
       CertificateFactory cf = CertificateFactory.getInstance("X.509");
       for (File f : certDir.listFiles()) {
@@ -256,7 +258,7 @@ public abstract class Configurator {
           log.debug("Setting user agent to: "
               + properties.getProperty(USERAGENT_CONFIG_P));
         } else {
-          log.warn("Cannot read manifest");
+          log.warn("Failed to read manifest, setting user-agent to " + USERAGENT_DEFAULT);
           properties.setProperty(USERAGENT_CONFIG_P, USERAGENT_DEFAULT);
         }
       } catch (IOException e) {
-- 
cgit v1.2.3


From c1a8ed191e57b6c068d9a2733cca40dd4c209b9f Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Fri, 14 Aug 2009 11:14:32 +0000
Subject: [#354] HTTPBindingProcessor: MAX_DATAURL_HOPS not configurable

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@436 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/conf/Configuration.java    | 100 +++++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/Configuration.java

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configuration.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configuration.java
new file mode 100644
index 00000000..f813b14d
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configuration.java
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package at.gv.egiz.bku.conf;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * BKU Common Configuration
+ * 
+ * Injected to BKU Common classes as defined in mocca-conf.xml
+ * 
+ * Replace at.gv.egiz.bku.conf.Configurator,
+ * currently only few configuration options are supported.
+ *
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class Configuration {
+
+  public static final int MAX_DATAURL_HOPS_DEFAULT = 50;
+  public static final String IMPLEMENTATION_NAME_DEFAULT = "MOCCA";
+  public static final String IMPLEMENTATION_VERSION_DEFAULT = "UNKNOWN";
+
+  private static final Log log = LogFactory.getLog(Configuration.class);
+
+  private int maxDataUrlHops = -1;
+  private String implementationName;
+  private String implementationVersion;
+
+  public void setMaxDataUrlHops(int maxDataUrlHops) {
+    this.maxDataUrlHops = maxDataUrlHops;
+  }
+
+  /**
+	 * Defines the maximum number of dataurl connects that are allowed within a
+	 * single SL Request processing.
+	 */
+  public int getMaxDataUrlHops() {
+    if (maxDataUrlHops < 0) {
+      log.warn("maxDataUrlHops not configured, using default: " + MAX_DATAURL_HOPS_DEFAULT);
+      return MAX_DATAURL_HOPS_DEFAULT;
+    }
+    return maxDataUrlHops;
+  }
+
+  /**
+   * @return the implementationName
+   */
+  public String getImplementationName() {
+    if (implementationName == null) {
+      log.info("implementationName not configured, using default: " + IMPLEMENTATION_NAME_DEFAULT);
+      return "MOCCA";
+    }
+    return implementationName;
+  }
+
+  /**
+   * @param implementationName the implementationName to set
+   */
+  public void setImplementationName(String implementationName) {
+    this.implementationName = implementationName;
+  }
+
+  /**
+   * @return the implementationVersion
+   */
+  public String getImplementationVersion() {
+    if (implementationName == null) {
+      log.info("implementationName not configured, using default: " + IMPLEMENTATION_VERSION_DEFAULT);
+      return IMPLEMENTATION_VERSION_DEFAULT;
+    }
+    return implementationVersion;
+  }
+
+  /**
+   * @param implementationVersion the implementationVersion to set
+   */
+  public void setImplementationVersion(String implementationVersion) {
+    this.implementationVersion = implementationVersion;
+  }
+
+
+
+
+}
-- 
cgit v1.2.3


From bd070e82c276afb8c1c3a9ddc3b5712783760881 Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Tue, 29 Sep 2009 17:36:06 +0000
Subject: Logging issues fixed:  - Added possibility to configure logging of
 BKUWebstart. Logging is now configured from log4j configuration deployed with
 BKUWebstart in a first step. In a second step the webstart launcher looks for
 a log4j configuration file in the user's mooca configuration directory and
 updates the log4j configuration.  - Logging of IAIK PKI properly initialized.
 IAIK PKI does not mess with the log4j configuration any longer.  - Changed
 log4j accordingly (an appender is now needed as IAIK PKI does not reconfigure
 log4j any longer).

Added css-stylesheet to ErrorResponses issued by the BKU to improve the presentation to the user.

Changed dependencies of BKUWebStart (see Issue#469 https://egovlabs.gv.at/tracker/index.php?func=detail&aid=469&group_id=13&atid=134).

DataURLConnection now uses the request encoding of SL < 1.2. application/x-www-form-urlencoded is now used as default encoding method. multipart/form-data is used only if transfer parameters are present in the request that require a Content-Type parameter. This can only be set with multipart/form-data. This is not in conformance with SL 1.2, however it should improve compatibility with applications.

Therefore, removed the ability to configure the DataURLConnection implementation class.

DataURLConnection now uses a streaming implementation for encoding of application/x-www-form-urlencoded requests.

XWWWFormUrlImputDecoder now uses a streaming implementation for decoding of application/x-www-form-urlencoded requests.

Fixed Bug in SLResultPart that caused a binary response to be provided as parameter "XMLResponse" in a multipart/form-data encoded request to DataURL.

SLCommandFactory now supports unmarshalling of SL < 1.2 requests in order issue meaningful error messages. Therefore, the marshaling context for response marshaling had to be separated from the marshaling context for requests in order to avoid the marshaling of SL < 1.2 namespace prefixes in SL 1.2 responses.

Target attribute in QualifiedProperties is now marshaled. (see Issue#470 https://egovlabs.gv.at/tracker/index.php?func=detail&aid=470&group_id=13&atid=134)

Reporting of XML validation errors improved.

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@510 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../at/gv/egiz/bku/conf/CertValidatorImpl.java     |  24 ++++
 .../java/at/gv/egiz/bku/conf/IAIKCommonsLog.java   | 144 +++++++++++++++++++++
 .../at/gv/egiz/bku/conf/IAIKCommonsLogFactory.java |  59 +++++++++
 3 files changed, 227 insertions(+)
 create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLog.java
 create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLogFactory.java

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java
index 125233c1..3b2d1b99 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/CertValidatorImpl.java
@@ -1,7 +1,9 @@
 package at.gv.egiz.bku.conf;
 
+import iaik.logging.LogConfigurationException;
 import iaik.logging.TransactionId;
 import iaik.logging.impl.TransactionIdImpl;
+import iaik.logging.LoggerConfig;
 import iaik.pki.DefaultPKIConfiguration;
 import iaik.pki.DefaultPKIProfile;
 import iaik.pki.PKIConfiguration;
@@ -18,6 +20,7 @@ import iaik.x509.X509Certificate;
 
 import java.io.File;
 import java.util.Date;
+import java.util.Properties;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
@@ -37,6 +40,27 @@ public class CertValidatorImpl implements CertValidator {
    * @see at.gv.egiz.bku.conf.CertValidator#init(java.io.File, java.io.File)
    */
   public void init(File certDir, File caDir) {
+    // initialize IAIK logging for PKI module
+    log.debug("Configuring logging for IAIK PKI module");
+    iaik.logging.LogFactory.configure(new LoggerConfig() {
+      
+      @Override
+      public Properties getProperties() throws LogConfigurationException {
+        return null;
+      }
+      
+      @Override
+      public String getNodeId() {
+        return "pki";
+      }
+      
+      @Override
+      public String getFactory() {
+        return IAIKCommonsLogFactory.class.getName();
+      }
+    });
+    
+    
     // the parameters specifying the directory certstore
     CertStoreParameters[] certStoreParameters = { new DefaultDirectoryCertStoreParameters(
         "CS-001", certDir.getAbsolutePath(), true, false) };
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLog.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLog.java
new file mode 100644
index 00000000..1b7dd189
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLog.java
@@ -0,0 +1,144 @@
+/**
+ * 
+ */
+package at.gv.egiz.bku.conf;
+
+import iaik.logging.Log;
+import iaik.logging.TransactionId;
+
+/**
+ * @author mcentner
+ *
+ */
+public class IAIKCommonsLog implements Log {
+  
+  /**
+   * The id that will be written to the log if the transactionid == null
+   */
+  public final static String NO_ID = "Null-ID";
+
+  protected org.apache.commons.logging.Log commonsLog;
+  
+  protected String nodeId;
+
+  public IAIKCommonsLog(org.apache.commons.logging.Log log) {
+    this.commonsLog = log;
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#debug(iaik.logging.TransactionId, java.lang.Object, java.lang.Throwable)
+   */
+  @Override
+  public void debug(TransactionId transactionId, Object message, Throwable t) {
+    if (commonsLog.isDebugEnabled()) {
+      commonsLog.debug(nodeId + ": "
+          + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
+          + message, t);
+    }
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#info(iaik.logging.TransactionId, java.lang.Object, java.lang.Throwable)
+   */
+  @Override
+  public void info(TransactionId transactionId, Object message, Throwable t) {
+    if (commonsLog.isInfoEnabled()) {
+      commonsLog.info(nodeId + ": "
+          + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
+          + message, t);
+    }
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#warn(iaik.logging.TransactionId, java.lang.Object, java.lang.Throwable)
+   */
+  @Override
+  public void warn(TransactionId transactionId, Object message, Throwable t) {
+    if (commonsLog.isWarnEnabled()) {
+      commonsLog.warn(nodeId + ": "
+          + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
+          + message, t);
+    }
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#error(iaik.logging.TransactionId, java.lang.Object, java.lang.Throwable)
+   */
+  @Override
+  public void error(TransactionId transactionId, Object message, Throwable t) {
+    if (commonsLog.isErrorEnabled()) {
+      commonsLog.error(nodeId + ": "
+          + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
+          + message, t);
+    }
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#fatal(iaik.logging.TransactionId, java.lang.Object, java.lang.Throwable)
+   */
+  @Override
+  public void fatal(TransactionId transactionId, Object message, Throwable t) {
+    if (commonsLog.isFatalEnabled()) {
+      commonsLog.fatal(nodeId + ": "
+          + ((transactionId != null) ? transactionId.getLogID() : NO_ID) + ": "
+          + message, t);
+    }
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#setNodeId(java.lang.String)
+   */
+  @Override
+  public void setNodeId(String nodeId) {
+    this.nodeId = nodeId;
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#getNodeId()
+   */
+  @Override
+  public String getNodeId() {
+    return nodeId;
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#isDebugEnabled()
+   */
+  @Override
+  public boolean isDebugEnabled() {
+    return commonsLog.isDebugEnabled();
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#isInfoEnabled()
+   */
+  @Override
+  public boolean isInfoEnabled() {
+    return commonsLog.isInfoEnabled();
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#isWarnEnabled()
+   */
+  @Override
+  public boolean isWarnEnabled() {
+    return commonsLog.isWarnEnabled();
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#isErrorEnabled()
+   */
+  @Override
+  public boolean isErrorEnabled() {
+    return commonsLog.isErrorEnabled();
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.Log#isFatalEnabled()
+   */
+  @Override
+  public boolean isFatalEnabled() {
+    return commonsLog.isFatalEnabled();
+  }
+
+}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLogFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLogFactory.java
new file mode 100644
index 00000000..14e2c757
--- /dev/null
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/IAIKCommonsLogFactory.java
@@ -0,0 +1,59 @@
+/**
+ * 
+ */
+package at.gv.egiz.bku.conf;
+
+import org.apache.commons.logging.impl.WeakHashtable;
+
+import iaik.logging.Log;
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LogFactory;
+
+/**
+ * @author mcentner
+ *
+ */
+public class IAIKCommonsLogFactory extends LogFactory {
+
+  protected WeakHashtable instances = new WeakHashtable();
+  
+  /* (non-Javadoc)
+   * @see iaik.logging.LogFactory#getInstance(java.lang.String)
+   */
+  @Override
+  public Log getInstance(String name) throws LogConfigurationException {
+    org.apache.commons.logging.Log commonsLog = org.apache.commons.logging.LogFactory.getLog(name);
+    Log log = (Log) instances.get(commonsLog);
+    if (log == null) {
+      log = new IAIKCommonsLog(commonsLog);
+      log.setNodeId(node_id_);
+      instances.put(commonsLog, log);
+    }
+    return log;
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.LogFactory#getInstance(java.lang.Class)
+   */
+  @SuppressWarnings("unchecked")
+  @Override
+  public Log getInstance(Class clazz) throws LogConfigurationException {
+    org.apache.commons.logging.Log commonsLog = org.apache.commons.logging.LogFactory.getLog(clazz);
+    Log log = (Log) instances.get(commonsLog);
+    if (log == null) {
+      log = new IAIKCommonsLog(commonsLog);
+      log.setNodeId(node_id_);
+      instances.put(commonsLog, log);
+    }
+    return log;
+  }
+
+  /* (non-Javadoc)
+   * @see iaik.logging.LogFactory#release()
+   */
+  @Override
+  public void release() {
+    instances.clear();
+  }
+
+}
-- 
cgit v1.2.3


From 68941b57df2caeead67a5bede2ef5a635d07db32 Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 11 Nov 2009 15:51:08 +0000
Subject: Added support for SHA-256 and partial support for e-card G3, BELPIC
 and Italian cards.

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@540 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../java/at/gv/egiz/bku/conf/Configurator.java     | 71 ++++++++++++++++------
 1 file changed, 51 insertions(+), 20 deletions(-)

(limited to 'bkucommon/src/main/java/at/gv/egiz/bku/conf')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
index 41c2512f..50f5d2b4 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java
@@ -166,31 +166,62 @@ public abstract class Configurator {
 
   protected void configureProviders() {
     log.debug("Registering security providers");
-    Security.insertProviderAt(new IAIK(), 1);
-    Security.insertProviderAt(new ECCProvider(false), 2);
+    
+    IAIK iaikProvider = new IAIK();
+    if (Security.getProvider(iaikProvider.getName()) == null) {
+      // register IAIK provider at first position
+      Security.insertProviderAt(iaikProvider, 1);
+    } else {
+      // IAIK provider already registered
+      log.info("Provider " + iaikProvider.getName() + " already registered.");
+    }
+
+    ECCProvider eccProvider = new ECCProvider(false);
+    if (Security.getProvider(eccProvider.getName()) == null) {
+      // register ECC Provider at second position
+      Security.insertProviderAt(eccProvider, 2);
+    } else {
+      // ECC Provider already registered
+      log.info("Provider " + eccProvider.getName() + " already registered."); 
+    }
 
     // registering STALProvider as delegation provider for XSECT
     STALProvider stalProvider = new STALProvider();
-    Set<Service> services = stalProvider.getServices();
-    StringBuilder sb = new StringBuilder();
-    for (Service service : services) {
-      String algorithm = service.getType() + "." + service.getAlgorithm();
-      XSecProvider.setDelegationProvider(algorithm, stalProvider.getName());
-      sb.append("\n" + algorithm);
+    if (Security.getProvider(stalProvider.getName()) == null) {
+      // register STAL provider
+      Set<Service> services = stalProvider.getServices();
+      StringBuilder sb = new StringBuilder();
+      for (Service service : services) {
+        String algorithm = service.getType() + "." + service.getAlgorithm();
+        XSecProvider.setDelegationProvider(algorithm, stalProvider.getName());
+        sb.append("\n" + algorithm);
+      }
+      log
+          .debug("Registered STALProvider as XSecProvider delegation provider for the following services : "
+              + sb.toString());
+
+      Security.addProvider(stalProvider);
+    } else {
+      // STAL Provider already registered
+      log.info("Provider " + stalProvider.getName() + " already registered."); 
     }
-    log
-        .debug("Registered STALProvider as XSecProvider delegation provider for the following services : "
-            + sb.toString());
-
-    Security.addProvider(stalProvider);
-    XSecProvider.addAsProvider(false);
-    sb = new StringBuilder();
-    sb.append("Registered providers: ");
-    int i = 1;
-    for (Provider prov : Security.getProviders()) {
-      sb.append((i++) + ". : " + prov);
+    
+    if (Security.getProvider(XSecProvider.NAME) == null) {
+      // register XML Security provider
+      XSecProvider.addAsProvider(false);
+    } else {
+      log.info("Provider " + XSecProvider.NAME + " already registered.");
+    }
+    
+    if (log.isDebugEnabled()) {
+      StringBuilder sb = new StringBuilder();
+      sb.append("Registered providers: ");
+      int i = 1;
+      for (Provider prov : Security.getProviders()) {
+        sb.append((i++) + ". : " + prov);
+      }
+      log.debug(sb.toString());
     }
-    log.debug(sb.toString());
   }
 
   protected void configViewer() {
-- 
cgit v1.2.3