Bug 271: Adpation auf neue Struktur des Konfigurationsfiles abgeschlossen. Noch ungetestet.

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@414 d688527b-c9ab-4aba-bd8d-4036d912da1d

1 files changed, 170 insertions, 167 deletions

diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 4927bb9b0..a6cbcc159 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -16,6 +16,7 @@ import java.util.Set;
 import org.w3c.dom.Element;
 
 import iaik.asn1.structures.Name;
+import iaik.pki.revocation.RevocationSourceTypes;
 import iaik.utils.RFC2253NameParser;
 import iaik.utils.RFC2253NameParserException;
 
@@ -42,8 +43,8 @@ import at.gv.egovernment.moa.spss.util.MessageProvider;
  * @author Sven Aigner
  * @version $Id$
  */
-public class ConfigurationProvider {
-
+public class ConfigurationProvider 
+{
   /** 
    * The name of the system property which contains the file name of the 
    * configuration file.
@@ -51,54 +52,6 @@ public class ConfigurationProvider {
   public static final String CONFIG_PROPERTY_NAME =
     "moa.spss.server.configuration";
 
-  /**
-   * The name of the generic configuration property giving the root directory of
-   * a directory based cert store.
-   */
-  public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
-    "DirectoryCertStoreParameters.RootDir";
-
-  /** The name of the generic configuration property which determines if
-   * certificates should be added to the cert store automatically. */
-  public static final String AUTO_ADD_CERTIFICATES_PROPERTY =
-    "autoAddCertificates";
-
-  /** The name of the generic configuration property whether the authority
-   * info access should be used. */
-  public static final String USE_AUTHORITY_INFO_ACCESS_PROPERTY =
-    "useAuthorityInfoAccess";
-
-  /** The name of the generic configuration property determining the maximum
-   * age of CRL entries. */
-  public static final String MAX_REVOCATION_AGE_PROPERTY = "maxRevocationAge";
-
-  /**
-   * The name of the generic configuration property giving the database URL of
-   * the CRL archive.
-   */
-  public static final String DATABASE_ARCHIVE_PARAMETER_URL_PROPERTY =
-    "DataBaseArchiveParameter.JDBCUrl";
-
-  /**
-   * The name of the generic configuration property giving the JDBC driver 
-   * class name for accessing the database used for the the CRL archive.
-   */
-  public static final String DATABASE_ARCHIVE_PARAMETER_DRIVERCLASS_PROPERTY =
-    "DataBaseArchiveParameter.JDBCDriverClass";
-
-  /** The name of the generic configuration property determining whether
-   * to check the revocation status of signer certificates. */
-  public static final String REVOCATION_CHECKING_PROPERTY = "checkRevocation";
-
-  /** The name of the generic configuration property determining whether to
-   * archive revocation information. */
-  public static final String ARCHIVE_REVOCATION_INFO_PROPERTY =
-    "archiveRevocationInfo";
-
-  /** The name of the generic configuration property used for setting the
-   * signing time to a predefined value. (Use for testing purposes only). */
-  public static final String TEST_SIGNING_TIME_PROPERTY = "test.SigningTime";
-
   /** 
    * A fake <code>IssuerAndSerial</code> object for storing KeyGroup information
    * accessible by all clients.
@@ -122,13 +75,6 @@ public class ConfigurationProvider {
   /** The default canonicalization algorithm name */
   private String canonicalizationAlgorithmName;
 
-  /**
-   * A <code>Map</code> which contains generic configuration information. Maps a
-   * configuration name (a <code>String</code>) to a configuration value (also a
-   * <code>String</code>).
-   */
-  private Map genericConfiguration;
-
   /** 
    * A <code>List</code> of <code>HardwareCryptoModule</code> objects for 
    * configuring hardware modules.
@@ -173,10 +119,22 @@ public class ConfigurationProvider {
    * to distribution points (a <code>Set</code> of
    * <code>DistributionPoint</code>s) mapping.
    */
-  private Map crlDistributionPoints;
+  private Map distributionPoints;
 
-  /** The CRL archive duration. */
+  /** 
+   * The CRL archive duration. 
+   */
   private int cRLArchiveDuration;
+  
+  /**
+   * Indicates whether revocation information should be archived.
+   */
+  private boolean enableRevocationArchiving_;
+  
+  /**
+   * The location of the certificate store.
+   */
+  private String certStoreLocation_;
 
   /**
    * A <code>Map</code> which contains a mapping from
@@ -213,6 +171,43 @@ public class ConfigurationProvider {
   private Map trustProfiles;
 
   /**
+   * The JDBC URL for the revocation archive database.
+   */
+  private String revocationArchiveJDBCURL_;
+
+  /**
+   * The JDBC driver class name for the revocation archive database.
+   */
+  private String revocationArchiveJDBCDriverClass_;
+
+  /**
+   * Indicates whether revocation checking should be done.
+   */
+  private boolean enableRevocationChecking_;
+
+  /**
+   * The maximum age of a revocation information for considering it still as valid.
+   */
+  private long maxRevocationAge_;
+
+  /**
+   * The service order for revocation checking.
+   */
+  private String[] serviceOrder_;
+
+  /**
+   * Indicates whether certificates found during certificate path construction 
+   * should be added to the certificate store.
+   */
+  private boolean autoAddCertificates_;
+
+  /**
+   * Indicates whether the certificate extension Authority Info Access should 
+   * be used during certificate path construction.
+   */
+  private boolean useAuthorityInfoAccess_;
+
+  /**
    * Return the single instance of configuration data.
    * 
    * @return MOAConfigurationProvider The current configuration data.
@@ -291,7 +286,7 @@ public class ConfigurationProvider {
 
     // build the internal datastructures
     try {
-      builder = new ConfigurationPartsBuilder(configElem);
+      builder = new ConfigurationPartsBuilder(configElem, configRoot);
       digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
       canonicalizationAlgorithmName =
         builder.getCanonicalizationAlgorithmName();
@@ -299,7 +294,7 @@ public class ConfigurationProvider {
       hardwareKeyModules =
         builder.buildHardwareKeyModules(Collections.EMPTY_LIST);
       softwareKeyModules =
-        builder.buildSoftwareKeyModules(hardwareKeyModules, configRoot);
+        builder.buildSoftwareKeyModules(hardwareKeyModules);
       allKeyModules = new ArrayList(hardwareKeyModules);
       allKeyModules.addAll(softwareKeyModules);
       keyGroups = builder.buildKeyGroups(allKeyModules);
@@ -307,20 +302,23 @@ public class ConfigurationProvider {
         builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
       defaultChainingMode = builder.getDefaultChainingMode();
       chainingModes = builder.buildChainingModes();
-      crlDistributionPoints = builder.buildCRLDistributionPoints();
-      cRLArchiveDuration = builder.getCRLArchiveDuration();
-      genericConfiguration = builder.buildGenericConfiguration();
-      absolutizeCertStoreRoot(configRoot);
-      createTransformsInfoProfiles =
-        builder.buildCreateTransformsInfoProfiles(configRoot);
-      createSignatureEnvironmentProfiles =
-        builder.buildCreateSignatureEnvironmentProfiles(configRoot);
-      verifyTransformsInfoProfiles =
-        builder.buildVerifyTransformsInfoProfiles(configRoot);
-      supplementProfiles = builder.buildSupplementProfiles(configRoot);
-      trustProfiles = builder.buildTrustProfiles(configRoot);
+      useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
+      autoAddCertificates_ = builder.getAutoAddCertificates();
+      distributionPoints = builder.buildDistributionPoints();
+      enableRevocationChecking_ = builder.getEnableRevocationChecking();
+      maxRevocationAge_ = builder.getMaxRevocationAge();
+      serviceOrder_ = builder.getServiceOrder();
+      enableRevocationArchiving_ = builder.getEnableRevocationArchiving();
+      cRLArchiveDuration = builder.getRevocationArchiveDuration();
+      revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL();
+      revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
+      certStoreLocation_ = builder.getCertStoreLocation();
+      createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles();
+      createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles();
+      verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles();
+      supplementProfiles = builder.buildSupplementProfiles();
+      trustProfiles = builder.buildTrustProfiles();
       warnings = new ArrayList(builder.getWarnings());
-      checkConsistency();
     } catch (Throwable t) {
       throw new ConfigurationException("config.11", null, t);
     } finally {
@@ -345,63 +343,6 @@ public class ConfigurationProvider {
   }
 
   /**
-   * Make the <code>DIRECTORY_CERTSTORE_PARAMETER_PROPERTY</code> generic 
-   * configuration value an absolute file name.
-   * 
-   * @param configRoot The root directory of the main configuration file.
-   */
-  private void absolutizeCertStoreRoot(File configRoot) {
-    String certStoreRoot =
-      getGenericConfiguration(DIRECTORY_CERTSTORE_PARAMETER_PROPERTY);
-
-    if (certStoreRoot != null) {
-      if (!new File(certStoreRoot).isAbsolute()) {
-        // make the cert store absolute
-        File absCertStore = new File(configRoot, certStoreRoot);
-
-        setGenericConfiguration(
-          DIRECTORY_CERTSTORE_PARAMETER_PROPERTY,
-          absCertStore.getAbsolutePath());
-      }
-    } else {
-      // no value given: set it to a reasonable (absolute) default
-      File absCertStore = new File(configRoot, "certstore");
-
-      setGenericConfiguration(
-        DIRECTORY_CERTSTORE_PARAMETER_PROPERTY,
-        absCertStore.getAbsolutePath());
-    }
-  }
-
-  /**
-   * Do some additional consistency checks on the configuration.
-   */
-  private void checkConsistency() {
-    // check for valid DirectoryCertStoreParameters.RootDir
-    String certStoreRoot =
-      getGenericConfiguration(DIRECTORY_CERTSTORE_PARAMETER_PROPERTY);
-
-    if (certStoreRoot != null) {
-      File certStore = new File(certStoreRoot);
-
-      if (!certStore.exists() && !certStore.isDirectory()) {
-        boolean created = false;
-
-        try {
-          created = certStore.mkdirs();
-        } finally {
-          if (!created) {
-            warn(
-              "config.30",
-              new Object[] { DIRECTORY_CERTSTORE_PARAMETER_PROPERTY });
-          }
-        }
-      }
-    }
-
-  }
-
-  /**
    * Return the name of the digest algorithm used during signature creation.
    * 
    * @return The digest method algorithm name, or an empty <code>String</code>,
@@ -530,20 +471,22 @@ public class ConfigurationProvider {
   }
 
   /**
-   * Return the CRL distribution points for a given CA.
+   * Return the distribution points for a given CA.
+   * 
+   * @param cert The certificate for which the distribution points should be
+   *             looked up. The issuer information is used to perform the lookup.
    * 
-   * @param cert The certificate for which the CRL distribution points should be
-   * looked up. The issuer information is used to perform the lookup.
    * @return A <code>Set</code> of <code>DistributionPoint</code> objects. The
-   * set will be empty, if no distribution points have been configured for this
-   * certificate.
+   *         set will be empty, if no distribution points have been configured 
+   *         for this certificate.
    */
-  public Set getCRLDP(X509Certificate cert) {
+  public Set getDistributionPoints(X509Certificate cert) 
+  {
     try {
       RFC2253NameParser nameParser =
         new RFC2253NameParser(cert.getIssuerDN().toString());
       String caIssuerDN = nameParser.parse().getName();
-      Set dps = (Set) crlDistributionPoints.get(caIssuerDN);
+      Set dps = (Set) distributionPoints.get(caIssuerDN);
 
       if (dps == null) {
         return Collections.EMPTY_SET;
@@ -563,42 +506,25 @@ public class ConfigurationProvider {
   public int getCRLArchiveDuration() {
     return cRLArchiveDuration;
   }
-
-  /**
-   * Sets a generic configuration value.
-   * 
-   * Existing values are overridden.
-   * 
-   * @param name The name of the generic configuration.
-   * @param value The new value of the generic configuration.
-   */
-  private void setGenericConfiguration(String name, String value) {
-    genericConfiguration.put(name, value);
-  }
-
+  
   /**
-   * Return the value of a generic configuration.
+   * Returns whether revocation information should be archived.
    * 
-   * @param name The name of the generic configuration.
-   * @return The value of the generic configuration with the given name, or
-   * <code>null</code>, if none can be found.
+   * @return whether revocation information should be archived.
    */
-  public String getGenericConfiguration(String name) {
-    return (String) genericConfiguration.get(name);
+  public boolean getEnableRevocationArchiving()
+  {
+    return enableRevocationArchiving_;
   }
-
+  
   /**
-   * Return the value of a generic configuration, or a given default value.
+   * Returns the location of the certificate store.
    * 
-   * @param name The name of the generic configuration.
-   * @param defaultValue A default value to be returned in case that the generic
-   * configuration with the given name does not exist.
-   * @return The value of the generic configuration with the given name, or the
-   * <code>defaultValue</code>, if none can be found.
+   * @return the location of the certificate store.
    */
-  public String getGenericConfiguration(String name, String defaultValue) {
-    String value = (String) genericConfiguration.get(name);
-    return value != null ? value : defaultValue;
+  public String getCertStoreLocation()
+  {
+    return certStoreLocation_;
   }
 
   /**
@@ -683,4 +609,81 @@ public class ConfigurationProvider {
     warnings.add(txt);
   }
 
+  /**
+   * Returns the JDBC URL for the revocation archive database.
+   * 
+   * @return the JDBC URL for the revocation archive database.
+   */
+  public String getRevocationArchiveJDBCURL()
+  {
+    return revocationArchiveJDBCURL_;
+  }
+
+  /**
+   * Returns the JDBC driver class name for the revocation archive database.
+   * 
+   * @return the JDBC driver class name for the revocation archive database.
+   */
+  public String getRevocationArchiveJDBCDriverClass()
+  {
+    return revocationArchiveJDBCDriverClass_;
+  }
+
+  /**
+   * Returns whether revocation checking should be done.
+   * 
+   * @return whether revocation checking should be done.
+   */
+  public boolean getEnableRevocationChecking()
+  {
+    return enableRevocationChecking_;
+  }
+
+  /**
+   * Returns the maximum age of a revocation information for considering it 
+   * still as valid.
+   * 
+   * @return the maximum age of a revocation information for considering it 
+   *         still as valid.
+   */
+  public long getMaxRevocationAge()
+  {
+    return maxRevocationAge_;
+  }
+
+  /**
+   * Returns the service order for revocation checking.
+   * 
+   * @return the service order for revocation checking. Valid array entries are
+   *         {@link evocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}.
+   */
+  public String[] getServiceOrder()
+  {
+    return serviceOrder_;
+  }
+
+  /**
+   * Returns whether certificates found during certificate path construction 
+   * should be added to the certificate store.
+   * 
+   * @return whether certificates found during certificate path construction 
+   *         should be added to the certificate store.
+   */
+  public boolean getAutoAddCertificates()
+  {
+    return autoAddCertificates_;
+  }
+
+  /**
+   * Returns whether the certificate extension Authority Info Access should 
+   * be used during certificate path construction.
+   * 
+   * @return whether the certificate extension Authority Info Access should 
+   *         be used during certificate path construction.
+   */
+  public boolean getUseAuthorityInfoAccess()
+  {
+    return useAuthorityInfoAccess_;
+  }
+
 }
\ No newline at end of file