diff options
Diffstat (limited to 'spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java')
| -rw-r--r-- | spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java | 769 |
1 files changed, 502 insertions, 267 deletions
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 96a90980d..b5bb461d1 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -27,6 +27,7 @@ import org.xml.sax.SAXException; import iaik.ixsil.exceptions.URIException; import iaik.ixsil.util.URI; import iaik.pki.pathvalidation.ChainingModes; +import iaik.pki.revocation.RevocationSourceTypes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; @@ -65,52 +66,130 @@ public class ConfigurationPartsBuilder { // private static final String ROOT = "/" + CONF + "MOAConfiguration/"; + private static final String DIGEST_METHOD_XPATH = - ROOT + CONF + "DigestMethodAlgorithm/@name"; + ROOT + CONF + "SignatureCreation/" + + CONF + "XMLDSIG/" + + CONF + "DigestMethodAlgorithm"; private static final String C14N_ALGORITHM_XPATH = - ROOT + CONF + "CanonicalizationAlgorithm/@name"; + ROOT + CONF + "SignatureCreation/" + + CONF + "XMLDSIG/" + + CONF + "CanonicalizationAlgorithm"; private static final String HARDWARE_CRYPTO_MODULE_XPATH = ROOT + CONF + "HardwareCryptoModule"; private static final String HARDWARE_KEY_XPATH = - ROOT + CONF + "HardwareKeyModule"; + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyModules/" + + CONF + "HardwareKeyModule"; private static final String SOFTWARE_KEY_XPATH = - ROOT + CONF + "SoftwareKeyModule"; - private static final String KEYGROUP_XPATH = ROOT + CONF + "KeyGroup"; - private static final String KEY_XPATH = CONF + "Key"; - private static final String KEY_MODULE_ID_XPATH = CONF + "KeyModuleID"; - private static final String KEY_CERT_XPATH = CONF + "KeyCertIssuerSerial"; + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyModules/" + + CONF + "SoftwareKeyModule"; + private static final String KEYGROUP_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyGroup"; private static final String KEYGROUP_MAPPING_XPATH = - ROOT + CONF + "KeyGroupMapping"; - private static final String KEYGROUP_MAPPING_KEYGROUP_XPATH = - CONF + "KeyGroup"; - private static final String ISSUER_SERIAL_XPATH = CONF + "X509IssuerSerial"; - private static final String ISSUER_XPATH = DSIG + "X509IssuerName"; - private static final String SERIAL_XPATH = DSIG + "X509SerialNumber"; + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyGroupMapping"; + private static final String ISSUER_XPATH = + DSIG + "X509IssuerName"; + private static final String SERIAL_XPATH = + DSIG + "X509SerialNumber"; + private static final String CERTSTORE_LOCATION_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "CertificateStore" + + CONF + "DirectoryStore" + + CONF + "Location"; + private static final String AUTO_ADD_CERTIFICATES_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "AutoAddCertificates"; + private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "UseAuthorityInformationAccess"; private static final String CHAINING_MODES_XPATH = - ROOT + CONF + "ChainingModes"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathValidation/" + + CONF + "ChainingMode"; private static final String CHAINING_MODES_DEFAULT_XPATH = - CHAINING_MODES_XPATH + "/@systemDefaultMode"; + CHAINING_MODES_XPATH + + CONF + "/DefaultMode"; private static final String TRUST_ANCHOR_XPATH = - ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor"; - private static final String CRL_DISTRIBUTION_POINT_XPATH = - ROOT + CONF + "CRLDistributionPoint"; - private static final String CA_ISSUER_DN_XPATH = CONF + "CAIssuerDN"; - private static final String DISTRIBUTION_POINT_XPATH = - CONF + "DistributionPoint"; - private static final String CRL_ARCHIVE_XPATH = ROOT + CONF + "CRLArchive"; - private static final String GENERIC_CONFIGURATION_XPATH = - ROOT + CONF + "GenericConfiguration"; + CHAINING_MODES_XPATH + + CONF + "TrustAnchor"; + private static final String TRUST_PROFILE_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathValidation/" + + CONF + "TrustProfile"; + private static final String DISTRIBUTION_POINTS_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "DistributionPoints"; + private static final String ENABLE_REVOCATION_CHECKING_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "EnableChecking"; + private static final String MAX_REVOCATION_AGE_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "MaxRevocationAge"; + private static final String REVOCATION_SERVICEORDER_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "ServiceOrder" + + CONF + "Service"; + private static final String ENABLE_ARCHIVING_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "EnableArchiving"; + private static final String CRL_ARCHIVE_DURATION_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "ArchiveDuration"; + private static final String ACHIVE_JDBC_URL_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "Archive/" + + CONF + "DatabaseArchive" + + CONF + "JDBCURL"; + private static final String ACHIVE_JDBC_DRIVER_CLASS_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "Archive/" + + CONF + "DatabaseArchive" + + CONF + "JDBCDriverClassName"; private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH = - ROOT + CONF + "CreateTransformsInfoProfile"; + ROOT + CONF + "SignatureCreation/" + + CONF + "CreateTransformsInfoProfile"; private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH = - ROOT + CONF + "CreateSignatureEnvironmentProfile"; + ROOT + CONF + "SignatureCreation/" + + CONF + "CreateSignatureEnvironmentProfile"; private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH = - ROOT + CONF + "VerifyTransformsInfoProfile"; + ROOT + CONF + "SignatureVerification/" + + CONF + "VerifyTransformsInfoProfile"; private static final String SUPPLEMENT_PROFILE_XPATH = - ROOT + CONF + "SupplementProfile"; - private static final String TRUST_PROFILE_XPATH = - ROOT + CONF + "TrustProfile"; - + ROOT + CONF + "SignatureVerification/" + + CONF + "SupplementProfile"; + // // default values for configuration parameters // @@ -143,6 +222,11 @@ public class ConfigurationPartsBuilder { /** The root element of the MOA configuration */ private Element configElem; + + /** + * The directory containing the underlying configuration file. + */ + private File configRoot_; /** Whether any warnings were encountered building the configuration. */ private List warnings = new ArrayList(); @@ -151,9 +235,13 @@ public class ConfigurationPartsBuilder { * Create a new <code>ConfigurationPartsBuilder</code>. * * @param configElem The root element of the MOA configuration. + * + * @param configRoot The directory containing the underlying configuration file. */ - public ConfigurationPartsBuilder(Element configElem) { + public ConfigurationPartsBuilder(Element configElem, File configRoot) + { this.configElem = configElem; + configRoot_ = configRoot; } /** @@ -164,6 +252,16 @@ public class ConfigurationPartsBuilder { public Element getConfigElem() { return configElem; } + + /** + * Returns the directory containing the underlying configuration file. + * + * @return the directory containing the underlying configuration file. + */ + public File getConfigRoot() + { + return configRoot_; + } /** * Returns the warnings encountered during building the configuration. @@ -180,12 +278,12 @@ public class ConfigurationPartsBuilder { * * @return The digest method algorithm name from the configuration. */ - public String getDigestMethodAlgorithmName() { - String digestMethod = - getAttributeValue(getConfigElem(), DIGEST_METHOD_XPATH, null); + public String getDigestMethodAlgorithmName() + { + String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null); - if (digestMethod == null - || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) { + if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) + { warn( "config.23", new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT }); @@ -200,12 +298,12 @@ public class ConfigurationPartsBuilder { * * @return The canonicalization algorithm name from the configuration. */ - public String getCanonicalizationAlgorithmName() { - String c14nAlgorithm = - getAttributeValue(getConfigElem(), C14N_ALGORITHM_XPATH, null); + public String getCanonicalizationAlgorithmName() + { + String c14nAlgorithm = getElementValue(getConfigElem(), C14N_ALGORITHM_XPATH, null); - if (c14nAlgorithm == null - || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) { + if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) + { warn( "config.23", new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT }); @@ -216,52 +314,23 @@ public class ConfigurationPartsBuilder { } /** - * Build the mapping of generic configuration properties. - * - * @return The mapping of generic configuration properties (a name to value - * mapping) from the configuration. - */ - public Map buildGenericConfiguration() { - Map genericConfiguration = new HashMap(); - NodeIterator gcIter = - XPathUtils.selectNodeIterator( - getConfigElem(), - GENERIC_CONFIGURATION_XPATH); - Element gcElem; - - while ((gcElem = (Element) gcIter.nextNode()) != null) { - String gcName = gcElem.getAttribute("name"); - String gcValue = gcElem.getAttribute("value"); - - if (genericConfiguration.containsKey(gcName)) { - warn("config.24", new Object[] { gcName }); - } else { - genericConfiguration.put(gcName, gcValue); - } - } - - return genericConfiguration; - } - - /** * Build the configured hardware crypto modules. * * @return The hardware crypto modules from the configuration. */ - public List buildHardwareCryptoModules() { + public List buildHardwareCryptoModules() + { List modules = new ArrayList(); - NodeIterator modIter = - XPathUtils.selectNodeIterator( - getConfigElem(), - HARDWARE_CRYPTO_MODULE_XPATH); - Element modElem; + NodeIterator modIter = XPathUtils.selectNodeIterator( + getConfigElem(), + HARDWARE_CRYPTO_MODULE_XPATH); + Element modElem; while ((modElem = (Element) modIter.nextNode()) != null) { - String name = modElem.getAttribute("name"); - String slotID = modElem.getAttribute("slotID"); - String userPIN = modElem.getAttribute("userPIN"); - HardwareCryptoModule module = - new HardwareCryptoModule(name, slotID, userPIN); + String name = getElementValue(modElem, CONF + "Name", null); + String slotId = getElementValue(modElem, CONF + "SlotId", null); + String userPIN = getElementValue(modElem, CONF + "UserPIN", null); + HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN); modules.add(module); } @@ -275,25 +344,30 @@ public class ConfigurationPartsBuilder { * prevent multiple key modules with the same ID. * @return The hardware keys contained in the configuration. */ - public List buildHardwareKeyModules(List keyModules) { + public List buildHardwareKeyModules(List keyModules) + { Set existingIds = toIdSet(keyModules); List hardwareKeys = new ArrayList(); NodeIterator hkIter = XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH); Element keyElem; - while ((keyElem = (Element) hkIter.nextNode()) != null) { - String id = keyElem.getAttribute("id"); - String name = keyElem.getAttribute("name"); - String slotID = keyElem.getAttribute("slotID"); - String userPIN = keyElem.getAttribute("userPIN"); + while ((keyElem = (Element) hkIter.nextNode()) != null) + { + String id = getElementValue(keyElem, CONF + "Id", null); + String name = getElementValue(keyElem, CONF + "Name", null); + String slotId = getElementValue(keyElem, CONF + "SlotId", null); + String userPIN = getElementValue(keyElem, CONF + "UserPIN", null); - if (existingIds.contains(id)) { + if (existingIds.contains(id)) + { warn( "config.04", new Object[] { "Hardware- oder SoftwareKeyModule", id }); - } else { - KeyModule key = new HardwareKeyModule(id, name, slotID, userPIN); + } + else + { + KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN); hardwareKeys.add(key); existingIds.add(id); } @@ -307,36 +381,39 @@ public class ConfigurationPartsBuilder { * Build the configured software keys. * * @param The keyModules that the configuration already knows about. To - * prevent multiple key modules with the same ID. - * @param configRoot The directory containing the main configuration file. - * Used to resolve keystore files configured using a relative URI. + * prevent multiple key modules with the same ID. + * * @return The software keys contained in the configuration. */ - public List buildSoftwareKeyModules(List keyModules, File configRoot) { + public List buildSoftwareKeyModules(List keyModules) + { Set existingIds = toIdSet(keyModules); List softwareKeys = new ArrayList(); NodeIterator skIter = XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH); Element keyElem; + while ((keyElem = (Element) skIter.nextNode()) != null) + { + String id = getElementValue(keyElem, CONF + "Id", null); + String fileName = getElementValue(keyElem, CONF + "Filename", null); + String passWord = getElementValue(keyElem, CONF + "Password", null); - while ((keyElem = (Element) skIter.nextNode()) != null) { - String id = keyElem.getAttribute("id"); - String fileName = keyElem.getAttribute("filename"); - String passWord = keyElem.getAttribute("password"); - - if (existingIds.contains(id)) { + if (existingIds.contains(id)) + { warn( "config.04", new Object[] { "Hardware- oder SoftwareKeyModule", id }); - } else { + } + else + { File keyFile; KeyModule key; // make keyFile absolute keyFile = new File(fileName); if (!keyFile.isAbsolute()) { - keyFile = new File(configRoot, fileName); + keyFile = new File(configRoot_, fileName); } // check for existence @@ -349,7 +426,6 @@ public class ConfigurationPartsBuilder { existingIds.add(id); } } - } return softwareKeys; @@ -362,7 +438,8 @@ public class ConfigurationPartsBuilder { * knows about. Used to check for errors in the configuration. * @return The mapping between key group IDs and key groups. */ - public Map buildKeyGroups(List keyModules) { + public Map buildKeyGroups(List keyModules) + { Set keyModuleIds = toIdSet(keyModules); Map keyGroups = new HashMap(); NodeIterator kgIter; @@ -370,15 +447,19 @@ public class ConfigurationPartsBuilder { // select all KeyGroup elements and build the KeyGroup objects from them kgIter = XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_XPATH); - while ((keyGroupElem = (Element) kgIter.nextNode()) != null) { - String keyGroupId = keyGroupElem.getAttribute("id"); + while ((keyGroupElem = (Element) kgIter.nextNode()) != null) + { + String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null); Set keyGroupEntries = buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries); - if (keyGroups.containsKey(keyGroupId)) { + if (keyGroups.containsKey(keyGroupId)) + { warn("config.04", new Object[] { "KeyGroup", keyGroupId }); - } else { + } + else + { keyGroups.put(keyGroup.getId(), keyGroup); } } @@ -425,12 +506,11 @@ public class ConfigurationPartsBuilder { Element keyEntryElem; // select all Key elements and put them into the Map - keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, KEY_XPATH); - while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) { - String keyModuleId = - getElementValue(keyEntryElem, KEY_MODULE_ID_XPATH, ""); - Element keyCertElem = - (Element) XPathUtils.selectSingleNode(keyEntryElem, KEY_CERT_XPATH); + keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, CONF + "Key"); + while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) + { + String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", ""); + Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + "KeyCertIsuerSerial"); IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem); if (!keyModuleIds.contains(keyModuleId)) { @@ -461,15 +541,18 @@ public class ConfigurationPartsBuilder { XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH); // build the mapping for each KeyGroupMapping element - while ((mappingElem = (Element) mappingIter.nextNode()) != null) { - Element issuerSerialElem = - (Element) XPathUtils.selectSingleNode(mappingElem, ISSUER_SERIAL_XPATH); - IssuerAndSerial issuerAndSerial; + while ((mappingElem = (Element) mappingIter.nextNode()) != null) + { + Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + "CustomerId"); // build the IssuerAndSerial who has access to the key groups - if (issuerSerialElem != null) { + IssuerAndSerial issuerAndSerial; + if (issuerSerialElem != null) + { issuerAndSerial = buildIssuerAndSerial(issuerSerialElem); - } else { + } + else + { // IssuerSerial element: the keygroup is generally available issuerAndSerial = anonymous; } @@ -480,24 +563,25 @@ public class ConfigurationPartsBuilder { NodeIterator keyGroupIter; Element keyGroupElem; - if (groups == null) { + if (groups == null) + { // no mapping exist -> build one groups = new HashMap(); mappings.put(issuerAndSerial, groups); } // select the available key groups and add them to the mapping - keyGroupIter = - XPathUtils.selectNodeIterator( - mappingElem, - KEYGROUP_MAPPING_KEYGROUP_XPATH); - while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) { - String keyGroupId = keyGroupElem.getAttribute("id"); + keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId"); + while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) + { + String keyGroupId = getElementValue(keyGroupElem, ".", null); KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId); - if (keyGroup != null) { + if (keyGroup != null) + { groups.put(keyGroupId, keyGroup); - } else { + } else + { warn("config.00", new Object[] { keyGroupId }); } } @@ -512,12 +596,12 @@ public class ConfigurationPartsBuilder { * * @return The default chaining mode. */ - public String getDefaultChainingMode() { - String defaultChaining = - getAttributeValue( - getConfigElem(), - CHAINING_MODES_DEFAULT_XPATH, - CM_CHAINING); + public String getDefaultChainingMode() + { + String defaultChaining = getElementValue( + getConfigElem(), + CHAINING_MODES_DEFAULT_XPATH, + CM_CHAINING); return translateChainingMode(defaultChaining); @@ -528,17 +612,20 @@ public class ConfigurationPartsBuilder { * * @return The mapping from trust anchors to chaining modes. */ - public Map buildChainingModes() { + public Map buildChainingModes() + { Map chainingModes = new HashMap(); - NodeIterator trustIter = - XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); - Element trustAnchorElem; + NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); - while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { - IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem); - String mode = trustAnchorElem.getAttribute("mode"); + Element trustAnchorElem; + while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) + { + IssuerAndSerial issuerAndSerial = buildIssuerAndSerial( + (Element)XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification")); + String mode = getElementValue(trustAnchorElem, CONF + "Mode", null); - if (issuerAndSerial != null) { + if (issuerAndSerial != null) + { chainingModes.put(issuerAndSerial, translateChainingMode(mode)); } } @@ -595,89 +682,111 @@ public class ConfigurationPartsBuilder { } /** - * Build the CRL distribution points mapping. + * Build the distribution points mapping. * * @return The mapping from certificate authorities to distribution points. */ - public Map buildCRLDistributionPoints() { - Map crlDps = new HashMap(); - NodeIterator crlDpIter; - Element crlDpElem; + public Map buildDistributionPoints() + { + Map dPs = new HashMap(); + NodeIterator dPIter; + Element dPElem; - // select all CRLDistributionPoint elements and build the - // CRLDistributionPoints - crlDpIter = - XPathUtils.selectNodeIterator( - getConfigElem(), - CRL_DISTRIBUTION_POINT_XPATH); + // select all DistributionPoint elements + dPIter = XPathUtils.selectNodeIterator(getConfigElem(), DISTRIBUTION_POINTS_XPATH); // build the mapping of CA name to distribution points - while ((crlDpElem = (Element) crlDpIter.nextNode()) != null) { - String caIssuerDNText = - getElementValue(crlDpElem, CA_ISSUER_DN_XPATH, ""); + while ((dPElem = (Element) dPIter.nextNode()) != null) { + String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", ""); RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText); - NodeIterator dpIter = - XPathUtils.selectNodeIterator(crlDpElem, DISTRIBUTION_POINT_XPATH); - String caIssuerDN; - Set dps; - Element dpElem; + NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP"); + NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP"); - try { - caIssuerDN = nameParser.parse().getName(); + try + { + String caIssuerDN = nameParser.parse().getName(); // check, if a mapping exists or make a new mapping - dps = (Set) crlDps.get(caIssuerDN); - if (dps == null) { - dps = new HashSet(); - crlDps.put(caIssuerDN, dps); + Set dPsForCA = (Set) dPs.get(caIssuerDN); + if (dPsForCA == null) + { + dPsForCA = new HashSet(); + dPs.put(caIssuerDN, dPsForCA); } - // add the distribution points of this CA to the set - while ((dpElem = (Element) dpIter.nextNode()) != null) { - DistributionPoint dp = buildDistributionPoint(dpElem); - dps.add(dp); + // add the CRL distribution points of this CA to the set + Element cRLDPElem; + while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null) + { + CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, caIssuerDN); + dPsForCA.add(cRLDP); } - } catch (RFC2253NameParserException e) { + + // add the OCSP distribution points of this CA to the set + Element oCSPPElem; + while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null) + { + OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(cRLDPElem, null); + dPsForCA.add(oCSPDP); + } +} + catch (RFC2253NameParserException e) + { warn("config.13", new Object[] { caIssuerDNText }, e); } } - return crlDps; + return dPs; } /** * Build a distribution point from the DOM representation. * * @param dpElem The root element of the distribution point. + * + * @param issuerName The name of the CA issuing the CRL referred to by this DP, or <code>null</code> + * if this DP refers to an OCSP responder. + * * @return The distribution point. */ - private DistributionPoint buildDistributionPoint(Element dpElem) { - String uri = dpElem.getAttribute("uri"); - String reasonCodes = dpElem.getAttribute("reasonCodes"); - - return new DistributionPoint(uri, reasonCodes != null ? reasonCodes : ""); + private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName) + { + String uri = getElementValue(dpElem, CONF + "Location", null); + + if ("CRLDP".equals(dpElem.getLocalName())) + { + NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode"); + Element reasonCodeElem; + StringBuffer reasonCodesSB = new StringBuffer(); + while ((reasonCodeElem = (Element)reasonCodesIter.nextNode()) != null) + { + if (reasonCodesSB.length() > 0) reasonCodesSB.append(" "); + reasonCodesSB.append(getElementValue(reasonCodeElem, ".", "").trim()); + } + return new CRLDistributionPoint(uri, reasonCodesSB.toString(), issuerName); + } + else + { + return new OCSPDistributionPoint(uri); + } } /** * Return the CRL archive duration. * - * @return The value of the CRL archive duration setting from the - * configuration. + * @return The value of the CRL archive duration setting from the configuration, or <code>0</code> if + * no value is set in the configuration. */ - public int getCRLArchiveDuration() { - Element crlArchiveElem = - (Element) XPathUtils.selectSingleNode(getConfigElem(), CRL_ARCHIVE_XPATH); - String crlArchiveDuration; - - if (crlArchiveElem == null) { - return 0; - } - - try { - crlArchiveDuration = crlArchiveElem.getAttribute("duration"); - return Integer.parseInt(crlArchiveDuration); - } catch (NumberFormatException e) { + public int getRevocationArchiveDuration() + { + String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null); + try + { + return Integer.parseInt(archiveDuration); + } + catch (NumberFormatException e) + { warn("config.01", null); return 0; } @@ -686,106 +795,92 @@ public class ConfigurationPartsBuilder { /** * Build the <code>CreateTransformsInfoProfile</code>s. * - * @param configRoot The directory of the main configuration file. Used for - * lookup of profiles with relative file names. * @return The mapping from profile ID to profile. */ - public Map buildCreateTransformsInfoProfiles(File configRoot) { - return loadProfiles( - configRoot, - CREATE_TRANSFORMS_INFO_PROFILE_XPATH, - "CreateTransformsInfoProfile"); + public Map buildCreateTransformsInfoProfiles() + { + return loadProfiles(CREATE_TRANSFORMS_INFO_PROFILE_XPATH, "CreateTransformsInfoProfile"); } /** * Build the <code>CreateSignatureEnvironmentProfile</code>s. * - * @param configRoot The directory of the main configuration file. Used for - * lookup of profiles with relative file names. * @return The mapping from profile ID to profile. */ - public Map buildCreateSignatureEnvironmentProfiles(File configRoot) { - return loadProfiles( - configRoot, - CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, - "CreateSignatureEnvironmentProfile"); + public Map buildCreateSignatureEnvironmentProfiles() + { + return loadProfiles(CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, "CreateSignatureEnvironmentProfile"); } /** * Build the <code>VerifyTransformsInfoProfile</code>s. * - * @param configRoot The directory of the main configuration file. Used for - * lookup of profiles with relative file names. * @return The mapping from profile ID to profile. */ - public Map buildVerifyTransformsInfoProfiles(File configRoot) { - return loadProfiles( - configRoot, - VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, - "VerifyTransformsInfoProfile"); + public Map buildVerifyTransformsInfoProfiles() + { + return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile"); } /** * Build the <code>SupplementProfile</code>s. * - * @param configRoot The directory of the main configuration file. Used for - * lookup of profiles with relative file names. * @return The mapping from profile ID to profile. */ - public Map buildSupplementProfiles(File configRoot) { - return loadProfiles( - configRoot, - SUPPLEMENT_PROFILE_XPATH, - "SupplementProfile"); + public Map buildSupplementProfiles() + { + return loadProfiles(SUPPLEMENT_PROFILE_XPATH, "SupplementProfile"); } /** * Load a profile mapping. * - * @param root The absolute directory path of the main configuration file. * @param xpath The XPath to select the profiles from the configuration. + * * @param profileRoot The name of the profile root element. + * * @return Map The profile ID to profile mapping. */ - private Map loadProfiles(File root, String xpath, String profileRoot) { + private Map loadProfiles(String xpath, String profileRoot) + { Map profiles = new HashMap(); - NodeIterator profileIter = - XPathUtils.selectNodeIterator(getConfigElem(), xpath); + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath); Element profileElem; - while ((profileElem = (Element) profileIter.nextNode()) != null) { - String id = profileElem.getAttribute("id"); - String fileName = profileElem.getAttribute("filename"); + while ((profileElem = (Element) profileIter.nextNode()) != null) + { + String id = getElementValue(profileElem, CONF + "Id", null); + String fileName = getElementValue(profileElem, CONF + "Location", null); - if (profiles.containsKey(id)) { + if (profiles.containsKey(id)) + { warn("config.04", new Object[] { profileRoot, id }); - } else { - Element profile; - - try { + } + else + { + try + { File profileFile = new File(fileName); // make profileFile absolute - if (!profileFile.isAbsolute()) { - profileFile = new File(root, fileName); - } + if (!profileFile.isAbsolute()) profileFile = new File(configRoot_, fileName); // load the profile - info( - "config.22", - new Object[] { profileRoot, id, profileFile.getAbsoluteFile()}); - profile = loadProfile(profileFile); + info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile()}); + Element profile = loadProfile(profileFile); - if (profile.getTagName().equals(profileRoot)) { + if (profile.getTagName().equals(profileRoot)) + { profiles.put(id, profile); - } else { + } + else + { warn("config.02", new Object[] { profileRoot, id, fileName }); } } catch (ConfigurationException e) { warn("config.03", new Object[] { profileRoot, id }); } } - } return profiles; @@ -815,30 +910,30 @@ public class ConfigurationPartsBuilder { /** * Bulid the trust profile mapping. * - * @param configRoot The absolute path to the main configuration file. * @return The profile ID to profile mapping. */ - public Map buildTrustProfiles(File configRoot) { + public Map buildTrustProfiles() + { Map trustProfiles = new HashMap(); - NodeIterator profileIter = - XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); Element profileElem; - while ((profileElem = (Element) profileIter.nextNode()) != null) { - String id = profileElem.getAttribute("id"); - String uriStr = profileElem.getAttribute("uri"); - String signerCertsUriStr = profileElem.getAttribute("signerCertsUri"); + while ((profileElem = (Element) profileIter.nextNode()) != null) + { + String id = getElementValue(profileElem, CONF + "Id", null); + String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); + String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - URI uri = null; + URI trustAnchorsLocURI = null; try { - uri = new URI(uriStr); - if (!uri.isAbsolute()) { // make it absolute to the config file - uri = new URI(configRoot.toURL() + uriStr); + trustAnchorsLocURI = new URI(trustAnchorsLocStr); + if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file + trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); } } catch (URIException e) { - warn("config.14", new Object[] { "uri", id, uriStr }, e); + warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); continue; } catch (MalformedURLException e) @@ -847,7 +942,7 @@ public class ConfigurationPartsBuilder { continue; } - File profileDir = new File(uri.getPath()); + File profileDir = new File(trustAnchorsLocURI.getPath()); if (!profileDir.exists() || !profileDir.isDirectory()) { warn("config.27", new Object[] { "uri", id }); continue; @@ -858,22 +953,22 @@ public class ConfigurationPartsBuilder { continue; } - URI signerCertsUri = null; - if (signerCertsUriStr != null && !"".equals(signerCertsUriStr)) + URI signerCertsLocURI = null; + if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) { try { - signerCertsUri = new URI(signerCertsUriStr); - if (!signerCertsUri.isAbsolute()) signerCertsUri = new URI(configRoot.toURL() + signerCertsUriStr); + signerCertsLocURI = new URI(signerCertsLocStr); + if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); - File signerCertsDir = new File(signerCertsUri.getPath()); + File signerCertsDir = new File(signerCertsLocURI.getPath()); if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { warn("config.27", new Object[] { "signerCertsUri", id }); continue; } } catch (URIException e) { - warn("config.14", new Object[] { "signerCertsUri", id, uriStr }, e); + warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); continue; } catch (MalformedURLException e) { @@ -882,13 +977,50 @@ public class ConfigurationPartsBuilder { } } - signerCertsUriStr = (signerCertsUri != null) ? signerCertsUri.toString() : null; - TrustProfile profile = new TrustProfile(id, uri.toString(), signerCertsUriStr); + signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; + TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr); trustProfiles.put(id, profile); } return trustProfiles; } + + /** + * Returns the location of the certificate store. + * + * @return the location of the certificate store. + */ + public String getCertStoreLocation() + { + String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null); + File certStoreLocFile; + + // Make cert store location an absolute value + certStoreLocFile = new File(certStoreLocStr); + if (!certStoreLocFile.isAbsolute()) + { + certStoreLocFile = new File(configRoot_, certStoreLocStr); + } + + // Check if cert store location exists, eventually try to create it + if (!certStoreLocFile.isDirectory()) + { + boolean created = false; + try + { + created = certStoreLocFile.mkdirs(); + } + finally + { + if (!created) + { + warn("config.32", new Object[] { certStoreLocFile.getAbsolutePath() }); + } + } + } + + return certStoreLocFile.getAbsolutePath(); + } // // various utility methods @@ -984,4 +1116,107 @@ public class ConfigurationPartsBuilder { warnings.add(txt); } + /** + * Returns whether revocation information should be archived. + * + * @return whether revocation information should be archived. + */ + public boolean getEnableRevocationArchiving() + { + String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null); + return Boolean.valueOf(enableArchiving).booleanValue(); + } + + /** + * Returns the JDBC URL for the revocation archive database. + * + * @return the JDBC URL for the revocation archive database, or <code>null</code, if the corresponding + * parameter is not set in the configuration. + */ + public String getRevocationArchiveJDBCURL() + { + String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null); + return jDBCURL; + } + + /** + * Returns the JDBC driver class name for the revocation archive database. + * + * @return the JDBC driver class name for the revocation archive database, or <code>null</code, + * if the corresponding parameter is not set in the configuration. + */ + public String getRevocationArchiveJDBCDriverClass() + { + String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null); + return jDBCDriverClass; + } + + /** + * Returns whether revocation information should be archived. + */ + public boolean getEnableRevocationChecking() + { + String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null); + return Boolean.valueOf(enableChecking).booleanValue(); + } + + /** + * Returns the maximum age of a revocation information for considering it + * still as valid. + * + * @return the maximum age of a revocation information for considering it + * still as valid. + */ + public long getMaxRevocationAge() + { + String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null); + return Long.valueOf(maxRevocationAge).longValue(); + } + + /** + * Returns the service order for revocation checking. + * + * @return the service order for revocation checking. Valid array entries are + * {@link evocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. + * An empty array will be returned if no service order is specified in the + * configuration. + */ + public String[] getServiceOrder() + { + ArrayList list = new ArrayList(); + NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), REVOCATION_SERVICEORDER_XPATH_); + Element currentServiceNode; + while ((currentServiceNode = (Element)serviceIter.nextNode()) != null) + { + list.add(getElementValue(currentServiceNode, ".", null)); + } + return (String[])list.toArray(); + } + + /** + * Returns whether the certificate extension Authority Info Access should + * be used during certificate path construction. + * + * @return whether the certificate extension Authority Info Access should + * be used during certificate path construction. + */ + public boolean getUseAuthorityInfoAccess() + { + String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null); + return Boolean.valueOf(useAIA).booleanValue(); + } + + /** + * Returns whether certificates found during certificate path construction + * should be added to the certificate store. + * + * @return whether certificates found during certificate path construction + * should be added to the certificate store. + */ + public boolean getAutoAddCertificates() + { + String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); + return Boolean.valueOf(autoAdd).booleanValue(); + } + } |