aboutsummaryrefslogtreecommitdiff
path: root/spss/server/serverlib
diff options
context:
space:
mode:
authorKlaus Stranacher <kstranacher@iaik.tugraz.at>2014-03-10 15:48:06 +0100
committerKlaus Stranacher <kstranacher@iaik.tugraz.at>2014-03-10 15:48:06 +0100
commit403896aef0f9d3c76bbfcf3e970ae7dbc983ffd4 (patch)
tree39dafb34dcd6537069ed96f249410f592e4a461e /spss/server/serverlib
parent6cc5cd2311c9e6cde062fa4034444969f9c293e0 (diff)
downloadmoa-id-spss-403896aef0f9d3c76bbfcf3e970ae7dbc983ffd4.tar.gz
moa-id-spss-403896aef0f9d3c76bbfcf3e970ae7dbc983ffd4.tar.bz2
moa-id-spss-403896aef0f9d3c76bbfcf3e970ae7dbc983ffd4.zip
Update trustprofiles and certstore
Update TSL processing (working directory handling) Update groupId of IAIK dependencies
Diffstat (limited to 'spss/server/serverlib')
-rw-r--r--spss/server/serverlib/pom.xml10
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java123
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java78
-rw-r--r--spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties1
4 files changed, 189 insertions, 23 deletions
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index 2a6fd382f..5a2f001d4 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -143,16 +143,16 @@
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_tsl</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_util</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_xsect</artifactId>
+ <groupId>iaik</groupId>
+ <artifactId>iaik_xsect_eval</artifactId>
</dependency>
<dependency>
<groupId>javax.xml.bind</groupId>
@@ -167,7 +167,7 @@
<artifactId>sqlite-jdbc</artifactId>
</dependency>
<dependency>
- <groupId>iaik.prod</groupId>
+ <groupId>iaik</groupId>
<artifactId>iaik_jsse</artifactId>
</dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 287d8225b..3d2da8384 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -1268,6 +1268,111 @@ public class ConfigurationPartsBuilder {
}
/**
+ * Build the trust profile mapping.
+ *
+ * @return The profile ID to profile mapping.
+ */
+ public Map buildTrustProfiles()
+ {
+ Map trustProfiles = new HashMap();
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+ Element profileElem;
+
+ while ((profileElem = (Element) profileIter.nextNode()) != null)
+ {
+ String id = getElementValue(profileElem, CONF + "Id", null);
+ String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+ String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
+
+ URI trustAnchorsLocURI = null;
+ try
+ {
+ trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+ if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+ trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
+ }
+ }
+ catch (URIException e) {
+ warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
+ continue;
+ }
+ catch (MalformedURLException e)
+ {
+ warn("config.15", new Object[] {id}, e);
+ continue;
+ }
+
+ File profileDir = new File(trustAnchorsLocURI.getPath());
+ if (!profileDir.exists() || !profileDir.isDirectory()) {
+ warn("config.27", new Object[] { "uri", id });
+ continue;
+ }
+
+
+
+ if (trustProfiles.containsKey(id)) {
+ warn("config.04", new Object[] { "TrustProfile", id });
+ continue;
+ }
+
+ URI signerCertsLocURI = null;
+ if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
+ {
+ try
+ {
+ signerCertsLocURI = new URI(signerCertsLocStr);
+ if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
+
+ File signerCertsDir = new File(signerCertsLocURI.getPath());
+ if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
+ warn("config.27", new Object[] { "signerCertsUri", id });
+ continue;
+ }
+ }
+ catch (URIException e) {
+ warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
+ continue;
+ }
+ catch (MalformedURLException e) {
+ warn("config.15", new Object[] {id}, e);
+ continue;
+ }
+ }
+
+ signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+
+ TrustProfile profile = null;
+
+ profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null);
+
+ trustProfiles.put(id, profile);
+
+ }
+
+ return trustProfiles;
+ }
+
+ /**
+ * checks if a trustprofile with TSL support is enabled
+ *
+ * @return true if TSL support is enabled in at least one trustprofile, else false
+ */
+ public boolean checkTrustProfilesTSLenabled()
+ {
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+ Element profileElem;
+
+ boolean tslSupportEnabled = false;
+ while ((profileElem = (Element) profileIter.nextNode()) != null) {
+ Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL");
+ if (eutslElem != null) //EUTSL element found --> TSL enabled
+ tslSupportEnabled = true;
+ }
+
+ return tslSupportEnabled;
+ }
+
+ /**
* Returns the location of the certificate store.
*
* @return the location of the certificate store.
@@ -1593,7 +1698,7 @@ public class ConfigurationPartsBuilder {
public TSLConfiguration getTSLConfiguration() {
TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl();
-
+
String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
if (StringUtils.isEmpty(euTSLUrl)) {
euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL;
@@ -1654,24 +1759,12 @@ public class ConfigurationPartsBuilder {
return null;
}
- File hashcache = new File(tslWorkingDir, "hashcache");
- if (!hashcache.exists()) {
- hashcache.mkdir();
- }
- if (!hashcache.isDirectory()) {
- error("config.38", new Object[] { hashcache.getAbsolutePath() });
- return null;
- }
-
- System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
-// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
-// System.out.println("Hashcache: " + hashcachedir);
-
+
debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl);
debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod);
debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime);
debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath());
- debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+
// set TSL configuration
tslconfiguration.setEuTSLUrl(euTSLUrl);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 87a4b50f4..d67cbf1b4 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -347,7 +347,15 @@ public class ConfigurationProvider
try {
builder = new ConfigurationPartsBuilder(configElem, configRoot);
- tslconfiguration_ = builder.getTSLConfiguration();
+ if (builder.checkTrustProfilesTSLenabled()) {
+ debug("TSL support enabled for at least one trustprofile.");
+ tslconfiguration_ = builder.getTSLConfiguration();
+ trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+ }
+ else {
+ tslconfiguration_ = null;
+ trustProfiles = builder.buildTrustProfiles();
+ }
digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
canonicalizationAlgorithmName =
@@ -368,7 +376,9 @@ public class ConfigurationProvider
chainingModes = builder.buildChainingModes();
useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
autoAddCertificates_ = builder.getAutoAddCertificates();
- trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+ //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
+
+
distributionPoints = builder.buildDistributionPoints();
enableRevocationChecking_ = builder.getEnableRevocationChecking();
maxRevocationAge_ = builder.getMaxRevocationAge();
@@ -429,7 +439,21 @@ public class ConfigurationProvider
}
}
- private void checkTSLConfiguration() throws ConfigurationException {
+ private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException {
+ boolean bTSLEnabledTPExist = false;
+ Iterator it = trustProfiles.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pairs = (Map.Entry)it.next();
+ TrustProfile tp = (TrustProfile) pairs.getValue();
+ if (tp.isTSLEnabled())
+ bTSLEnabledTPExist = bTSLEnabledTPExist || true;
+ }
+
+ return bTSLEnabledTPExist;
+
+ }
+
+ private void checkTSLConfiguration() throws ConfigurationException {
boolean bTSLEnabledTPExist = false;
Iterator it = trustProfiles.entrySet().iterator();
while (it.hasNext()) {
@@ -450,6 +474,43 @@ public class ConfigurationProvider
throw new ConfigurationException("config.40", null);
}
+ File workingDir = new File(tslconfiguration_.getWorkingDirectory());
+ File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu");
+ if (!eu_trust.exists()) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"});
+ }
+ else {
+ File[] eutrustFiles = eu_trust.listFiles();
+ if (eutrustFiles == null) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ }
+ else {
+ if (eutrustFiles.length == 0) {
+ error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"});
+ }
+ }
+
+ }
+
+ File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache");
+ if (!hashcache.exists()) {
+ hashcache.mkdir();
+ }
+ if (!hashcache.isDirectory()) {
+ error("config.38", new Object[] { hashcache.getAbsolutePath() });
+ return;
+ }
+
+ System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
+// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+// System.out.println("Hashcache: " + hashcachedir);
+
+
+ Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
+
}
@@ -760,6 +821,17 @@ public class ConfigurationProvider
Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
}
+ /**
+ * Log a debug message.
+ *
+ * @param messageId The message ID.
+ * @param parameters Additional parameters for the message.
+ * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
+ */
+ private static void debug(String message) {
+ Logger.debug(message);
+ }
+
/**
* Log a warning.
*
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index e4ee607c0..9e2e0e490 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -159,6 +159,7 @@ config.46=Start periodical TSL update task at {0} and then every {1} millisecond
config.48=No whitelisted URIs given.
config.49=Whitelisted URI: {0}.
config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.
+config.51=Fehler beim Erstellen der TSL Konfiguration: TSL-Arbeitsverzeichnis ist fehlerhaft ({0}).
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}