diff options
author | Klaus Stranacher <kstranacher@iaik.tugraz.at> | 2014-03-10 15:48:06 +0100 |
---|---|---|
committer | Klaus Stranacher <kstranacher@iaik.tugraz.at> | 2014-03-10 15:48:06 +0100 |
commit | 403896aef0f9d3c76bbfcf3e970ae7dbc983ffd4 (patch) | |
tree | 39dafb34dcd6537069ed96f249410f592e4a461e /spss/server/serverlib | |
parent | 6cc5cd2311c9e6cde062fa4034444969f9c293e0 (diff) | |
download | moa-id-spss-403896aef0f9d3c76bbfcf3e970ae7dbc983ffd4.tar.gz moa-id-spss-403896aef0f9d3c76bbfcf3e970ae7dbc983ffd4.tar.bz2 moa-id-spss-403896aef0f9d3c76bbfcf3e970ae7dbc983ffd4.zip |
Update trustprofiles and certstore
Update TSL processing (working directory handling)
Update groupId of IAIK dependencies
Diffstat (limited to 'spss/server/serverlib')
4 files changed, 189 insertions, 23 deletions
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 2a6fd382f..5a2f001d4 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -143,16 +143,16 @@ </dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
@@ -167,7 +167,7 @@ <artifactId>sqlite-jdbc</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
</dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 287d8225b..3d2da8384 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -1268,6 +1268,111 @@ public class ConfigurationPartsBuilder { } /** + * Build the trust profile mapping. + * + * @return The profile ID to profile mapping. + */ + public Map buildTrustProfiles() + { + Map trustProfiles = new HashMap(); + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + Element profileElem; + + while ((profileElem = (Element) profileIter.nextNode()) != null) + { + String id = getElementValue(profileElem, CONF + "Id", null); + String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); + String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); + + URI trustAnchorsLocURI = null; + try + { + trustAnchorsLocURI = new URI(trustAnchorsLocStr); + if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file + trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); + } + } + catch (URIException e) { + warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); + continue; + } + catch (MalformedURLException e) + { + warn("config.15", new Object[] {id}, e); + continue; + } + + File profileDir = new File(trustAnchorsLocURI.getPath()); + if (!profileDir.exists() || !profileDir.isDirectory()) { + warn("config.27", new Object[] { "uri", id }); + continue; + } + + + + if (trustProfiles.containsKey(id)) { + warn("config.04", new Object[] { "TrustProfile", id }); + continue; + } + + URI signerCertsLocURI = null; + if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) + { + try + { + signerCertsLocURI = new URI(signerCertsLocStr); + if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); + + File signerCertsDir = new File(signerCertsLocURI.getPath()); + if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { + warn("config.27", new Object[] { "signerCertsUri", id }); + continue; + } + } + catch (URIException e) { + warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); + continue; + } + catch (MalformedURLException e) { + warn("config.15", new Object[] {id}, e); + continue; + } + } + + signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; + + TrustProfile profile = null; + + profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null); + + trustProfiles.put(id, profile); + + } + + return trustProfiles; + } + + /** + * checks if a trustprofile with TSL support is enabled + * + * @return true if TSL support is enabled in at least one trustprofile, else false + */ + public boolean checkTrustProfilesTSLenabled() + { + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + Element profileElem; + + boolean tslSupportEnabled = false; + while ((profileElem = (Element) profileIter.nextNode()) != null) { + Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); + if (eutslElem != null) //EUTSL element found --> TSL enabled + tslSupportEnabled = true; + } + + return tslSupportEnabled; + } + + /** * Returns the location of the certificate store. * * @return the location of the certificate store. @@ -1593,7 +1698,7 @@ public class ConfigurationPartsBuilder { public TSLConfiguration getTSLConfiguration() { TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl(); - + String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null); if (StringUtils.isEmpty(euTSLUrl)) { euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL; @@ -1654,24 +1759,12 @@ public class ConfigurationPartsBuilder { return null; } - File hashcache = new File(tslWorkingDir, "hashcache"); - if (!hashcache.exists()) { - hashcache.mkdir(); - } - if (!hashcache.isDirectory()) { - error("config.38", new Object[] { hashcache.getAbsolutePath() }); - return null; - } - - System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath()); -// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR"); -// System.out.println("Hashcache: " + hashcachedir); - + debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl); debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod); debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime); debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath()); - debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath()); + // set TSL configuration tslconfiguration.setEuTSLUrl(euTSLUrl); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 87a4b50f4..d67cbf1b4 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -347,7 +347,15 @@ public class ConfigurationProvider try { builder = new ConfigurationPartsBuilder(configElem, configRoot); - tslconfiguration_ = builder.getTSLConfiguration(); + if (builder.checkTrustProfilesTSLenabled()) { + debug("TSL support enabled for at least one trustprofile."); + tslconfiguration_ = builder.getTSLConfiguration(); + trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + } + else { + tslconfiguration_ = null; + trustProfiles = builder.buildTrustProfiles(); + } digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName(); canonicalizationAlgorithmName = @@ -368,7 +376,9 @@ public class ConfigurationProvider chainingModes = builder.buildChainingModes(); useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess(); autoAddCertificates_ = builder.getAutoAddCertificates(); - trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + + distributionPoints = builder.buildDistributionPoints(); enableRevocationChecking_ = builder.getEnableRevocationChecking(); maxRevocationAge_ = builder.getMaxRevocationAge(); @@ -429,7 +439,21 @@ public class ConfigurationProvider } } - private void checkTSLConfiguration() throws ConfigurationException { + private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException { + boolean bTSLEnabledTPExist = false; + Iterator it = trustProfiles.entrySet().iterator(); + while (it.hasNext()) { + Map.Entry pairs = (Map.Entry)it.next(); + TrustProfile tp = (TrustProfile) pairs.getValue(); + if (tp.isTSLEnabled()) + bTSLEnabledTPExist = bTSLEnabledTPExist || true; + } + + return bTSLEnabledTPExist; + + } + + private void checkTSLConfiguration() throws ConfigurationException { boolean bTSLEnabledTPExist = false; Iterator it = trustProfiles.entrySet().iterator(); while (it.hasNext()) { @@ -450,6 +474,43 @@ public class ConfigurationProvider throw new ConfigurationException("config.40", null); } + File workingDir = new File(tslconfiguration_.getWorkingDirectory()); + File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu"); + if (!eu_trust.exists()) { + error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); + throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); + } + else { + File[] eutrustFiles = eu_trust.listFiles(); + if (eutrustFiles == null) { + error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + } + else { + if (eutrustFiles.length == 0) { + error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + } + } + + } + + File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache"); + if (!hashcache.exists()) { + hashcache.mkdir(); + } + if (!hashcache.isDirectory()) { + error("config.38", new Object[] { hashcache.getAbsolutePath() }); + return; + } + + System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath()); +// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR"); +// System.out.println("Hashcache: " + hashcachedir); + + + Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath()); + } @@ -760,6 +821,17 @@ public class ConfigurationProvider Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); } + /** + * Log a debug message. + * + * @param messageId The message ID. + * @param parameters Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private static void debug(String message) { + Logger.debug(message); + } + /** * Log a warning. * diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index e4ee607c0..9e2e0e490 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -159,6 +159,7 @@ config.46=Start periodical TSL update task at {0} and then every {1} millisecond config.48=No whitelisted URIs given.
config.49=Whitelisted URI: {0}.
config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.
+config.51=Fehler beim Erstellen der TSL Konfiguration: TSL-Arbeitsverzeichnis ist fehlerhaft ({0}).
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}
|