Update trustprofiles and certstore

Update TSL processing (working directory handling)
Update groupId of IAIK dependencies

3 files changed, 184 insertions, 18 deletions

diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 287d8225b..3d2da8384 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -1268,6 +1268,111 @@ public class ConfigurationPartsBuilder {
   }
   
   /**
+   * Build the trust profile mapping.
+   * 
+   * @return The profile ID to profile mapping.
+   */
+  public Map buildTrustProfiles() 
+  {
+    Map trustProfiles = new HashMap();
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+    Element profileElem;
+
+    while ((profileElem = (Element) profileIter.nextNode()) != null)
+    {
+      String id = getElementValue(profileElem, CONF + "Id", null);
+      String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+      String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);      
+     
+      URI trustAnchorsLocURI = null;
+      try
+      {
+        trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+        if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+          trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
+        }
+      }
+      catch (URIException e) {
+        warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
+        continue;
+      }
+      catch (MalformedURLException e)
+      {
+        warn("config.15", new Object[] {id}, e);
+        continue;
+      }
+
+      File profileDir = new File(trustAnchorsLocURI.getPath());
+      if (!profileDir.exists() || !profileDir.isDirectory()) {
+        warn("config.27", new Object[] { "uri", id });
+        continue;
+      }
+      
+      
+      
+      if (trustProfiles.containsKey(id)) {
+        warn("config.04", new Object[] { "TrustProfile", id });
+        continue;
+      } 
+      
+      URI signerCertsLocURI = null;
+      if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
+      {
+        try
+        {
+          signerCertsLocURI = new URI(signerCertsLocStr);
+          if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
+          
+          File signerCertsDir = new File(signerCertsLocURI.getPath());
+          if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
+            warn("config.27", new Object[] { "signerCertsUri", id });
+            continue;
+          }
+        }
+        catch (URIException e) {
+          warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
+          continue;
+        }
+        catch (MalformedURLException e) {
+          warn("config.15", new Object[] {id}, e);
+          continue;
+        }
+      }
+      
+      signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+      
+      TrustProfile profile = null;
+      
+      profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null);
+      
+      trustProfiles.put(id, profile);
+      
+    }
+
+    return trustProfiles;
+  }
+  
+  /**
+   * checks if a trustprofile with TSL support is enabled
+   * 
+   * @return true if TSL support is enabled in at least one trustprofile, else false
+   */
+  public boolean checkTrustProfilesTSLenabled() 
+  {
+    NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+    Element profileElem;
+
+    boolean tslSupportEnabled = false;
+    while ((profileElem = (Element) profileIter.nextNode()) != null)    {
+      Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL");
+      if (eutslElem != null) //EUTSL element found --> TSL enabled
+    	  tslSupportEnabled = true;
+    }
+
+    return tslSupportEnabled;
+  }
+  
+  /**
    * Returns the location of the certificate store.
    * 
    * @return the location of the certificate store.
@@ -1593,7 +1698,7 @@ public class ConfigurationPartsBuilder {
   public TSLConfiguration getTSLConfiguration() {
 	  TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl();
 	  
-	  
+	  	  
 	  String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
 	  if (StringUtils.isEmpty(euTSLUrl)) {
 		  euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL;
@@ -1654,24 +1759,12 @@ public class ConfigurationPartsBuilder {
           return null;  
       }
       
-      File hashcache = new File(tslWorkingDir, "hashcache");
-      if (!hashcache.exists()) {
-    	  hashcache.mkdir();
-      }
-      if (!hashcache.isDirectory()) {
-    	  error("config.38", new Object[] { hashcache.getAbsolutePath() });
-          return null;  
-      }
-
-      System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
-//    String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
-//    System.out.println("Hashcache: " + hashcachedir);
-
+      
       debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl);
       debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod);
       debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime);
       debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath());
-      debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+      
       
 	  // set TSL configuration
 	  tslconfiguration.setEuTSLUrl(euTSLUrl);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 87a4b50f4..d67cbf1b4 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -347,7 +347,15 @@ public class ConfigurationProvider
     try {
       builder = new ConfigurationPartsBuilder(configElem, configRoot);
       
-      tslconfiguration_ = builder.getTSLConfiguration();
+      if (builder.checkTrustProfilesTSLenabled()) {
+    	  debug("TSL support enabled for at least one trustprofile.");
+    	  tslconfiguration_ = builder.getTSLConfiguration();
+    	  trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+      }
+      else {
+    	  tslconfiguration_ = null;
+    	  trustProfiles = builder.buildTrustProfiles();
+      }
       
       digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
       canonicalizationAlgorithmName =
@@ -368,7 +376,9 @@ public class ConfigurationProvider
       chainingModes = builder.buildChainingModes();
       useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
       autoAddCertificates_ = builder.getAutoAddCertificates();
-      trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+      //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+      
+      
       distributionPoints = builder.buildDistributionPoints();
       enableRevocationChecking_ = builder.getEnableRevocationChecking();
       maxRevocationAge_ = builder.getMaxRevocationAge();
@@ -429,7 +439,21 @@ public class ConfigurationProvider
     }
   }
   
-  private void checkTSLConfiguration() throws ConfigurationException {
+  private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException {
+	  boolean bTSLEnabledTPExist = false;
+	  Iterator it = trustProfiles.entrySet().iterator();
+	  while (it.hasNext()) {
+	      Map.Entry pairs = (Map.Entry)it.next();
+	      TrustProfile tp = (TrustProfile) pairs.getValue();
+	      if (tp.isTSLEnabled())
+	    	  bTSLEnabledTPExist = bTSLEnabledTPExist || true;
+	  }
+	  
+	  return bTSLEnabledTPExist;
+	  
+  }
+  
+  private void  checkTSLConfiguration() throws ConfigurationException {
 	  boolean bTSLEnabledTPExist = false;
 	  Iterator it = trustProfiles.entrySet().iterator();
 	  while (it.hasNext()) {
@@ -450,6 +474,43 @@ public class ConfigurationProvider
 		  throw new ConfigurationException("config.40", null);
 	  }
 	  
+	  File workingDir = new File(tslconfiguration_.getWorkingDirectory());
+	  File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu");
+	  if (!eu_trust.exists()) {
+		  error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+		  throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+	  }
+	  else {
+		  File[] eutrustFiles = eu_trust.listFiles();
+		  if (eutrustFiles == null) {
+			  error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+			  throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+		  }
+		  else {
+			  if (eutrustFiles.length == 0) {
+				  error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+				  throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+			  }
+		  }
+			  
+	  }
+	  
+	  File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache");
+      if (!hashcache.exists()) {
+    	  hashcache.mkdir();
+      }
+      if (!hashcache.isDirectory()) {
+    	  error("config.38", new Object[] { hashcache.getAbsolutePath() });
+          return;  
+      }
+
+      System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
+//    String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+//    System.out.println("Hashcache: " + hashcachedir);
+
+
+      Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+	  
       
   }
   
@@ -760,6 +821,17 @@ public class ConfigurationProvider
     Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
   }
   
+  /**
+   * Log a debug message.
+   * 
+   * @param messageId The message ID.
+   * @param parameters Additional parameters for the message.
+   * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+   */
+  private static void debug(String message) {
+    Logger.debug(message);
+  }
+  
      /**
    * Log a warning.
    * 
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index e4ee607c0..9e2e0e490 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -159,6 +159,7 @@ config.46=Start periodical TSL update task at {0} and then every {1} millisecond
 config.48=No whitelisted URIs given.

 config.49=Whitelisted URI: {0}.

 config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.

+config.51=Fehler beim Erstellen der TSL Konfiguration: TSL-Arbeitsverzeichnis ist fehlerhaft ({0}).

 

 handler.00=Starte neue Transaktion: TID={0}, Service={1}

 handler.01=Aufruf von Adresse={0}