List of usage examples for org.apache.commons.httpclient MOAHttpClient setCustomSSLTrustStore
public void setCustomSSLTrustStore(String metadataURL, ProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException
From source file:at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider.java
private void initalPVP2Login() throws ConfigurationException { try {/*w ww. jav a2 s. c o m*/ String metadataCert = getPVP2IDPMetadataCertificate(); if (MiscUtil.isEmpty(metadataCert)) { log.info("NO IDP Certificate to verify IDP Metadata"); throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); } URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir()))); InputStream certstream = keystoreURL.openStream(); X509Certificate cert = new X509Certificate(certstream); BasicX509Credential idpCredential = new BasicX509Credential(); idpCredential.setEntityCertificate(cert); log.debug("IDP Certificate loading finished"); String metadataurl = getPVP2IDPMetadataURL(); if (MiscUtil.isEmpty(metadataurl)) { log.info("NO IDP Metadata URL."); throw new ConfigurationException("NO IDP Metadata URL."); } MOAHttpClient httpClient = new MOAHttpClient(); if (metadataurl.startsWith("https:")) { try { MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( "MOAMetaDataProvider", ConfigurationProvider.getInstance().getCertStoreDirectory(), ConfigurationProvider.getInstance().getTrustStoreDirectory(), null, ChainingModeType.PKIX, true); httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); } catch (MOAHttpProtocolSocketFactoryException e) { log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); } } idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl); idpMetadataProvider.setRequireValidMetadata(true); idpMetadataProvider.setParserPool(new BasicParserPool()); idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12); //refresh Metadata every 12h idpMetadataProvider.initialize(); pvp2logininitialzied = true; } catch (Exception e) { log.warn("PVP2 authentification can not be initialized."); throw new ConfigurationException("PVP2 authentification can not be initialized.", e); } }
From source file:at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider.java
private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) { HTTPMetadataProvider httpProvider = null; Timer timer = null;// ww w . j ava2 s . c o m MOAHttpClient httpClient = null; try { httpClient = new MOAHttpClient(); if (metadataURL.startsWith("https:")) { try { MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( PVPConstants.SSLSOCKETFACTORYNAME, AuthConfigurationProvider.getInstance().getCertstoreDirectory(), AuthConfigurationProvider.getInstance().getTrustedCACertificates(), null, ChainingModeType .fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); } catch (MOAHttpProtocolSocketFactoryException e) { Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); } } timer = new Timer(); httpProvider = new HTTPMetadataProvider(timer, httpClient, metadataURL); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); httpProvider.setMinRefreshDelay(1000 * 60 * 15); //15 minutes httpProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); //24 hours //httpProvider.setRefreshDelayFactor(0.1F); if (filter == null) { filter = new MetadataFilterChain(metadataURL, certificate); } httpProvider.setMetadataFilter(filter); httpProvider.initialize(); httpProvider.setRequireValidMetadata(true); return httpProvider; } catch (Throwable e) { if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { Logger.warn("SSL-Server certificate for metadata " + metadataURL + " not trusted.", e); } Logger.error("Failed to add Metadata file for " + oaName + "[ " + e.getMessage() + " ]", e); if (httpProvider != null) { Logger.debug("Destroy failed Metadata provider"); httpProvider.destroy(); } if (timer != null) { Logger.debug("Destroy Timer."); timer.cancel(); } } return null; }
From source file:at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation.java
public List<String> validate(OAPVP2Config form, String oaID, HttpServletRequest request) { Timer timer = null;//w w w. jav a2 s . c o m MOAHttpClient httpClient = null; HTTPMetadataProvider httpProvider = null; List<String> errors = new ArrayList<String>(); try { byte[] certSerialized = null; if (form.getFileUpload() != null) certSerialized = form.getCertificate(); else { OnlineApplication oa = ConfigurationDBRead.getOnlineApplication(oaID); if (oa != null && oa.getAuthComponentOA() != null && oa.getAuthComponentOA().getOAPVP2() != null) { certSerialized = oa.getAuthComponentOA().getOAPVP2().getCertificate(); } } String check = form.getMetaDataURL(); if (MiscUtil.isNotEmpty(check)) { if (!ValidationHelper.validateURL(check)) { log.info("MetaDataURL has no valid form."); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); } else { if (certSerialized == null) { log.info("No certificate for metadata validation"); errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); } else { X509Certificate cert = new X509Certificate(certSerialized); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(cert); timer = new Timer(); httpClient = new MOAHttpClient(); if (form.getMetaDataURL().startsWith("https:")) try { MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( "MOAMetaDataProvider", ConfigurationProvider.getInstance().getCertStoreDirectory(), ConfigurationProvider.getInstance().getTrustStoreDirectory(), null, ChainingModeType.PKIX, true); httpClient.setCustomSSLTrustStore(form.getMetaDataURL(), protoSocketFactory); } catch (MOAHttpProtocolSocketFactoryException e) { log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); } catch (ConfigurationException e) { log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); } List<MetadataFilter> filterList = new ArrayList<MetadataFilter>(); filterList.add(new MetaDataVerificationFilter(credential)); filterList.add(new SchemaValidationFilter()); MetadataFilterChain filter = new MetadataFilterChain(); filter.setFilters(filterList); httpProvider = new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); httpProvider.setMetadataFilter(filter); httpProvider.setMinRefreshDelay(1000 * 60 * 15); //15 minutes httpProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); //24 hours httpProvider.setRequireValidMetadata(true); httpProvider.initialize(); if (httpProvider.getMetadata() == null) { log.info("Metadata could be received but validation FAILED."); errors.add( LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); } } } } } catch (CertificateException e) { log.info("Uploaded Certificate can not be found", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); } catch (IOException e) { log.info("Metadata can not be loaded from URL", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); } catch (MetadataProviderException e) { //TODO: check exception handling if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { log.info("SSL Server certificate not trusted.", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); } else { log.info("MetaDate verification failed", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); } } finally { if (httpProvider != null) httpProvider.destroy(); if (timer != null) timer.cancel(); } return errors; }