diff options
Diffstat (limited to 'spss.server/src/at/gv/egovernment/moa/spss/server/config')
14 files changed, 0 insertions, 2754 deletions
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java deleted file mode 100644 index bd78012ef..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java +++ /dev/null @@ -1,165 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -import iaik.pki.revocation.RevocationSourceTypes; - -import java.util.HashMap; -import java.util.Map; -import java.util.StringTokenizer; - -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; - -import at.gv.egovernment.moa.spss.util.MessageProvider; - -/** - * A class representing a CRL distribution point. - * - * @author Sven Aigner - * @author Patrick Peck - * @version $Id$ - */ -public class CRLDistributionPoint - extends DistributionPoint - implements iaik.pki.revocation.CRLDistributionPoint -{ - - private static Map RC_MAPPING = new HashMap(); - - static { - - // create the mapping between reason code strings and their integer values - RC_MAPPING.put( - "unused", - new Integer(iaik.asn1.structures.DistributionPoint.unused)); - RC_MAPPING.put( - "keyCompromise", - new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise)); - RC_MAPPING.put( - "cACompromise", - new Integer(iaik.asn1.structures.DistributionPoint.cACompromise)); - RC_MAPPING.put( - "affiliationChanged", - new Integer(iaik.asn1.structures.DistributionPoint.affiliationChanged)); - RC_MAPPING.put( - "superseded", - new Integer(iaik.asn1.structures.DistributionPoint.superseded)); - RC_MAPPING.put( - "cessationOfOperation", - new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation)); - RC_MAPPING.put( - "certificateHold", - new Integer(iaik.asn1.structures.DistributionPoint.certificateHold)); - RC_MAPPING.put( - "privilegeWithdrawn", - new Integer(iaik.asn1.structures.DistributionPoint.privilegeWithdrawn)); - RC_MAPPING.put( - "aACompromise", - new Integer(iaik.asn1.structures.DistributionPoint.aACompromise)); - } - - /** - * The name of the CA issuing the CRL referred to by this DP. - */ - private String issuerName_; - - /** - * The reason codes applicable for the distribution point. - */ - private int reasonCodes; - - /** - * Create a <code>CRLDistributionPoint</code>. - * - * @param issuerName The name of the CA issuing the CRL referred to by this DP. - * - * @param uri The URI of the distribution point. - * - * @param reasonCodeStr A list of reason codes (a space-separated enumeration). - */ - public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) - { - super(uri); - issuerName_ = issuerName; - this.reasonCodes = extractReasonCodes(reasonCodeStr); - } - - /** - * @see DistributionPoint#getType() - */ - public String getType() - { - return RevocationSourceTypes.CRL; - } - - /** - * Convert a list of reason codes provided as a <code>String</code> to a - * binary representation. - * - * @param reasonCodeStr A <code>String</code> containing a blank-separated, - * textual representation of reason codes. - * @return int A binary representation of reason codes. - * @see iaik.asn1.structures.DistributionPoint - */ - private int extractReasonCodes(String reasonCodeStr) { - int codes = 0; - StringTokenizer tokenizer = new StringTokenizer(reasonCodeStr); - String token; - Integer reasonCode; - - while (tokenizer.hasMoreTokens()) { - token = tokenizer.nextToken(); - reasonCode = (Integer) RC_MAPPING.get(token); - if (reasonCode != null) { - codes |= reasonCode.intValue(); - } else { - MessageProvider msg = MessageProvider.getInstance(); - Logger.warn( - new LogMsg(msg.getMessage("config.07", new Object[] { token }))); - } - } - - // If reasonCodeStr is empty, set all possible reason codes - if (codes == 0) codes = - iaik.asn1.structures.DistributionPoint.unused | - iaik.asn1.structures.DistributionPoint.keyCompromise | - iaik.asn1.structures.DistributionPoint.cACompromise | - iaik.asn1.structures.DistributionPoint.affiliationChanged | - iaik.asn1.structures.DistributionPoint.superseded | - iaik.asn1.structures.DistributionPoint.cessationOfOperation | - iaik.asn1.structures.DistributionPoint.certificateHold | - iaik.asn1.structures.DistributionPoint.privilegeWithdrawn | - iaik.asn1.structures.DistributionPoint.aACompromise; - - return codes; - } - - /** - * Return a binary representation of the reason codes of this distribution - * point. - * - * @return The binary representation of the reason codes. - */ - public int getReasonCodes() { - return reasonCodes; - } - - /** - * Return a <code>String</code> representation of this distribution point. - * - * @return The <code>String</code> representation of this distribution point. - * @see java.lang.Object#toString() - */ - public String toString() { - return "(DistributionPoint - " - + ("URI<" + getUri()) - + ("> REASONCODES<" + getReasonCodes() + ">)"); - } - - /** - * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName() - */ - public String getIssuerName() - { - return issuerName_; - } -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java deleted file mode 100644 index f2b847053..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java +++ /dev/null @@ -1,34 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -import at.gv.egovernment.moa.spss.MOASystemException; - -/** - * Exception signalling an error in the configuration. - * - * @author Patrick Peck - * @version $Id$ - */ -public class ConfigurationException extends MOASystemException { - - /** - * Create a <code>ConfigurationException</code>. - * - * @see at.gv.egovernment.moa.spss.server.MOAException#MOAException(String, Object[]) - */ - public ConfigurationException(String messageId, Object[] parameters) { - super(messageId, parameters); - } - - /** - * Create a <code>ConfigurationException</code>. - * @see at.gv.egovernment.moa.spss.server.MOAException#MOAException(String, Object[], Throwable) - */ - public ConfigurationException( - String messageId, - Object[] parameters, - Throwable wrapped) { - - super(messageId, parameters, wrapped); - } - -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java deleted file mode 100644 index 898e4a6f2..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ /dev/null @@ -1,1239 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.net.MalformedURLException; -import java.security.Principal; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import javax.xml.parsers.ParserConfigurationException; - -import org.w3c.dom.Attr; -import org.w3c.dom.Element; -import org.w3c.dom.traversal.NodeIterator; - -import org.xml.sax.SAXException; - -import iaik.ixsil.exceptions.URIException; -import iaik.ixsil.util.URI; -import iaik.pki.pathvalidation.ChainingModes; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; - -import at.gv.egovernment.moa.spss.util.MessageProvider; - -/** - * A class that builds configuration data from a DOM based representation. - * - * @author Patrick Peck - * @version $Id$ - */ -public class ConfigurationPartsBuilder { - - // - // XPath namespace prefix shortcuts - // - - private static final String CONF = Constants.MOA_CONFIG_PREFIX + ":"; - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - - // - // chaining mode constants appearing in the configuration file - // - - private static final String CM_CHAINING = "chaining"; - private static final String CM_PKIX = "pkix"; - - // - // XPath expressions to select certain parts of the configuration - // - - private static final String ROOT = "/" + CONF + "MOAConfiguration/"; - - private static final String DIGEST_METHOD_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "XMLDSig/" - + CONF + "DigestMethodAlgorithm"; - private static final String C14N_ALGORITHM_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "XMLDSig/" - + CONF + "CanonicalizationAlgorithm"; - private static final String HARDWARE_CRYPTO_MODULE_XPATH = - ROOT + CONF + "Common/" - + CONF + "HardwareCryptoModule"; - private static final String HARDWARE_KEY_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyModules/" - + CONF + "HardwareKeyModule"; - private static final String SOFTWARE_KEY_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyModules/" - + CONF + "SoftwareKeyModule"; - private static final String KEYGROUP_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyGroup"; - private static final String KEYGROUP_MAPPING_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyGroupMapping"; - private static final String ISSUER_XPATH = - DSIG + "X509IssuerName"; - private static final String SERIAL_XPATH = - DSIG + "X509SerialNumber"; - private static final String CERTSTORE_LOCATION_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "CertificateStore/" - + CONF + "DirectoryStore/" - + CONF + "Location"; - private static final String AUTO_ADD_CERTIFICATES_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "AutoAddCertificates"; - private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "UseAuthorityInformationAccess"; - private static final String CHAINING_MODES_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathValidation/" - + CONF + "ChainingMode"; - private static final String CHAINING_MODES_DEFAULT_XPATH = - CHAINING_MODES_XPATH + "/" - + CONF + "DefaultMode"; - private static final String TRUST_ANCHOR_XPATH = - CHAINING_MODES_XPATH + "/" - + CONF + "TrustAnchor"; - private static final String TRUST_PROFILE_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathValidation/" - + CONF + "TrustProfile"; - private static final String DISTRIBUTION_POINTS_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "DistributionPoint"; - private static final String ENABLE_REVOCATION_CHECKING_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "EnableChecking"; - private static final String MAX_REVOCATION_AGE_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "MaxRevocationAge"; - private static final String REVOCATION_SERVICEORDER_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "ServiceOrder/" - + CONF + "Service"; - private static final String ENABLE_ARCHIVING_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "EnableArchiving"; - private static final String CRL_ARCHIVE_DURATION_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "ArchiveDuration"; - private static final String ACHIVE_JDBC_URL_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "Archive/" - + CONF + "DatabaseArchive/" - + CONF + "JDBCURL"; - private static final String ACHIVE_JDBC_DRIVER_CLASS_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "Archive/" - + CONF + "DatabaseArchive/" - + CONF + "JDBCDriverClassName"; - private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "CreateTransformsInfoProfile"; - private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "CreateSignatureEnvironmentProfile"; - private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "VerifyTransformsInfoProfile"; - private static final String SUPPLEMENT_PROFILE_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "SupplementProfile"; - - // - // default values for configuration parameters - // - - /** The accepted canonicalization algorithm URIs, as an array */ - private static final String[] ACCEPTED_C14N_ALGORITHMS_ARRAY = - { - Constants.C14N_URI, - Constants.C14N_WITH_COMMENTS_URI, - Constants.EXC_C14N_URI, - Constants.EXC_C14N_WITH_COMMENTS_URI }; - - /** The accepted canonicalization algorithm URIs, as a Set */ - private static final Set ACCEPTED_C14N_ALGORITHMS = - new HashSet(Arrays.asList(ACCEPTED_C14N_ALGORITHMS_ARRAY)); - - /** Default canonicalization algorithm, if none/illegal has been configured */ - private static final String C14N_ALGORITHM_DEFAULT = Constants.C14N_URI; - - /** The accepted digest method algorithm URIs, as an array */ - private static final String[] ACCEPTED_DIGEST_ALGORITHMS_ARRAY = - { Constants.SHA1_URI }; - - /** The accepted digest method algorithm URIs, as a Set */ - private static final Set ACCEPTED_DIGEST_ALGORITHMS = - new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY)); - - /** Default digest algorithm URI, if none/illegal has been configured */ - private static final String DIGEST_ALGORITHM_DEFAULT = Constants.SHA1_URI; - - /** The root element of the MOA configuration */ - private Element configElem; - - /** - * The directory containing the underlying configuration file. - */ - private File configRoot_; - - /** Whether any warnings were encountered building the configuration. */ - private List warnings = new ArrayList(); - - /** - * Create a new <code>ConfigurationPartsBuilder</code>. - * - * @param configElem The root element of the MOA configuration. - * - * @param configRoot The directory containing the underlying configuration file. - */ - public ConfigurationPartsBuilder(Element configElem, File configRoot) - { - this.configElem = configElem; - configRoot_ = configRoot; - } - - /** - * Returns the root element of the MOA configuration. - * - * @return The root element of the MOA configuration. - */ - public Element getConfigElem() { - return configElem; - } - - /** - * Returns the directory containing the underlying configuration file. - * - * @return the directory containing the underlying configuration file. - */ - public File getConfigRoot() - { - return configRoot_; - } - - /** - * Returns the warnings encountered during building the configuration. - * - * @return A <code>List</code> of <code>String</code>s, containing the - * warning messages. - */ - public List getWarnings() { - return warnings; - } - - /** - * Returns the digest method algorithm name. - * - * @return The digest method algorithm name from the configuration. - */ - public String getDigestMethodAlgorithmName() - { - String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null); - - if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) - { - warn( - "config.23", - new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT }); - digestMethod = DIGEST_ALGORITHM_DEFAULT; - } - - return digestMethod; - } - - /** - * Returns the canonicalization algorithm name. - * - * @return The canonicalization algorithm name from the configuration. - */ - public String getCanonicalizationAlgorithmName() - { - String c14nAlgorithm = getElementValue(getConfigElem(), C14N_ALGORITHM_XPATH, null); - - if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) - { - warn( - "config.23", - new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT }); - c14nAlgorithm = C14N_ALGORITHM_DEFAULT; - } - - return c14nAlgorithm; - } - - /** - * Build the configured hardware crypto modules. - * - * @return The hardware crypto modules from the configuration. - */ - public List buildHardwareCryptoModules() - { - List modules = new ArrayList(); - NodeIterator modIter = XPathUtils.selectNodeIterator( - getConfigElem(), - HARDWARE_CRYPTO_MODULE_XPATH); - - Element modElem; - while ((modElem = (Element) modIter.nextNode()) != null) { - String name = getElementValue(modElem, CONF + "Name", null); - String slotId = getElementValue(modElem, CONF + "SlotId", null); - String userPIN = getElementValue(modElem, CONF + "UserPIN", null); - HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN); - modules.add(module); - } - - return modules; - } - - /** - * Build the configured hardware keys. - * - * @param The keyModules that the configuration already knows about. To - * prevent multiple key modules with the same ID. - * @return The hardware keys contained in the configuration. - */ - public List buildHardwareKeyModules(List keyModules) - { - Set existingIds = toIdSet(keyModules); - List hardwareKeys = new ArrayList(); - NodeIterator hkIter = - XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH); - Element keyElem; - - while ((keyElem = (Element) hkIter.nextNode()) != null) - { - String id = getElementValue(keyElem, CONF + "Id", null); - String name = getElementValue(keyElem, CONF + "Name", null); - String slotId = getElementValue(keyElem, CONF + "SlotId", null); - String userPIN = getElementValue(keyElem, CONF + "UserPIN", null); - - if (existingIds.contains(id)) - { - warn( - "config.04", - new Object[] { "Hardware- oder SoftwareKeyModule", id }); - } - else - { - KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN); - hardwareKeys.add(key); - existingIds.add(id); - } - - } - - return hardwareKeys; - } - - /** - * Build the configured software keys. - * - * @param The keyModules that the configuration already knows about. To - * prevent multiple key modules with the same ID. - * - * @return The software keys contained in the configuration. - */ - public List buildSoftwareKeyModules(List keyModules) - { - Set existingIds = toIdSet(keyModules); - List softwareKeys = new ArrayList(); - NodeIterator skIter = - XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH); - - Element keyElem; - while ((keyElem = (Element) skIter.nextNode()) != null) - { - String id = getElementValue(keyElem, CONF + "Id", null); - String fileName = getElementValue(keyElem, CONF + "FileName", null); - String passWord = getElementValue(keyElem, CONF + "Password", null); - - if (existingIds.contains(id)) - { - warn( - "config.04", - new Object[] { "Hardware- oder SoftwareKeyModule", id }); - } - else - { - File keyFile; - KeyModule key; - - // make keyFile absolute - keyFile = new File(fileName); - if (!keyFile.isAbsolute()) { - keyFile = new File(configRoot_, fileName); - } - - // check for existence - if (!keyFile.exists() || keyFile.isDirectory()) { - warn("config.25", new Object[] { id, keyFile.getAbsolutePath()}); - } else { - // create a new key module - key = new SoftwareKeyModule(id, keyFile.getAbsolutePath(), passWord); - softwareKeys.add(key); - existingIds.add(id); - } - } - } - - return softwareKeys; - } - - /** - * Build the key group configuration. - * - * @param keyModules The <code>KeyModule</code>s that the configuration - * knows about. Used to check for errors in the configuration. - * @return The mapping between key group IDs and key groups. - */ - public Map buildKeyGroups(List keyModules) - { - Set keyModuleIds = toIdSet(keyModules); - Map keyGroups = new HashMap(); - NodeIterator kgIter; - Element keyGroupElem; - - // select all KeyGroup elements and build the KeyGroup objects from them - kgIter = XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_XPATH); - while ((keyGroupElem = (Element) kgIter.nextNode()) != null) - { - String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null); - Set keyGroupEntries = - buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); - KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries); - - if (keyGroups.containsKey(keyGroupId)) - { - warn("config.04", new Object[] { "KeyGroup", keyGroupId }); - } - else - { - keyGroups.put(keyGroup.getId(), keyGroup); - } - } - - return keyGroups; - } - - /** - * Return the set of IDs contained in the given <code>KeyModule</code>s. - * - * @param keyModules The <code>KeyModule</code>s from which to extract the - * IDs. - * @return The IDs from the given <code>KeyModule</code>s. - */ - private Set toIdSet(List keyModules) { - Set ids = new HashSet(); - Iterator iter; - - for (iter = keyModules.iterator(); iter.hasNext();) { - KeyModule keyModule = (KeyModule) iter.next(); - ids.add(keyModule.getId()); - } - - return ids; - } - - /** - * Build the key entries belonging to a key group. - * - * @param keyGroupId The ID of the key group we are building here. Passed - * for logging purposes. - * @param keyModuleIds The IDs of the <code>HardwareKeyModule</code>s and - * <code>SoftwareKeyModule</code>s that exist in the configuration. - * @param keyGroupElem The <code>KeyGroup</code> DOM element to parse. - * @return A <code>Set</code> of <code>KeyGroupEntry</code> objects. - */ - private Set buildKeyGroupEntries( - String keyGroupId, - Set keyModuleIds, - Element keyGroupElem) { - - Set entries = new HashSet(); - NodeIterator keyEntryIter; - Element keyEntryElem; - - // select all Key elements and put them into the Map - keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, CONF + "Key"); - while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) - { - String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", ""); - Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + "KeyCertIssuerSerial"); - IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem); - - if (!keyModuleIds.contains(keyModuleId)) { - warn("config.26", new Object[] { keyGroupId, keyModuleId }); - } else if (issuerSerial != null) { - KeyGroupEntry entry = new KeyGroupEntry(keyModuleId, issuerSerial); - entries.add(entry); - } - } - return entries; - } - - /** - * Build the key group mapping. - * - * @param keyGroups The available key groups. - * @param anonymous The <code>IssuerAndSerial</code> to be used for key group - * mappings not protected by a certificate. - * @return The key group mapping. - */ - public Map buildKeyGroupMappings(Map keyGroups, IssuerAndSerial anonymous) { - Map mappings = new HashMap(); - NodeIterator mappingIter; - Element mappingElem; - - // select all KeyGroupMapping elements - mappingIter = - XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH); - - // build the mapping for each KeyGroupMapping element - while ((mappingElem = (Element) mappingIter.nextNode()) != null) - { - Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + "CustomerId"); - - // build the IssuerAndSerial who has access to the key groups - IssuerAndSerial issuerAndSerial; - if (issuerSerialElem != null) - { - issuerAndSerial = buildIssuerAndSerial(issuerSerialElem); - } - else - { - // IssuerSerial element: the keygroup is generally available - issuerAndSerial = anonymous; - } - - // add the key groups to the mappings - if (issuerAndSerial != null) { - Map groups = (Map) mappings.get(issuerAndSerial); - NodeIterator keyGroupIter; - Element keyGroupElem; - - if (groups == null) - { - // no mapping exist -> build one - groups = new HashMap(); - mappings.put(issuerAndSerial, groups); - } - - // select the available key groups and add them to the mapping - keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId"); - while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) - { - String keyGroupId = getElementValue(keyGroupElem, ".", null); - KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId); - - if (keyGroup != null) - { - groups.put(keyGroupId, keyGroup); - } else - { - warn("config.00", new Object[] { keyGroupId }); - } - } - } - } - - return mappings; - } - - /** - * Returns the default chaining mode from the configuration. - * - * @return The default chaining mode. - */ - public String getDefaultChainingMode() - { - String defaultChaining = getElementValue( - getConfigElem(), - CHAINING_MODES_DEFAULT_XPATH, - CM_PKIX); - - return translateChainingMode(defaultChaining); - - } - - /** - * Build the chaining modes for all configured trust anchors. - * - * @return The mapping from trust anchors to chaining modes. - */ - public Map buildChainingModes() - { - Map chainingModes = new HashMap(); - NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); - - Element trustAnchorElem; - while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) - { - IssuerAndSerial issuerAndSerial = buildIssuerAndSerial( - (Element)XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification")); - String mode = getElementValue(trustAnchorElem, CONF + "Mode", null); - - if (issuerAndSerial != null) - { - chainingModes.put(issuerAndSerial, translateChainingMode(mode)); - } - } - - return chainingModes; - } - - /** - * Build an <code>IssuerAndSerial</code> from the DOM representation. - * - * @param root The root element (being of type <code>dsig: - * X509IssuerSerialType</code>. - * @return The issuer and serial number contained in the <code>root</code> - * element or <code>null</code> if could not be built for any reason. - */ - private IssuerAndSerial buildIssuerAndSerial(Element root) { - String issuer = getElementValue(root, ISSUER_XPATH, null); - String serial = getElementValue(root, SERIAL_XPATH, null); - - if (issuer != null && serial != null) { - try { - RFC2253NameParser nameParser = new RFC2253NameParser(issuer); - Principal issuerDN = nameParser.parse(); - - return new IssuerAndSerial(issuerDN, new BigInteger(serial)); - } catch (RFC2253NameParserException e) { - warn("config.16", new Object[] { issuer, serial }, e); - return null; - } catch (NumberFormatException e) { - warn("config.16", new Object[] { issuer, serial }, e); - return null; - } - } - return null; - } - - /** - * Translate the chaining mode from the configuration file to one used in the - * IAIK MOA API. - * - * @param chainingMode The chaining mode from the configuration. - * @return The chaining mode as provided by the <code>ChainingModes</code> - * interface. - * @see iaik.pki.pathvalidation.ChainingModes - */ - private String translateChainingMode(String chainingMode) { - if (chainingMode.equals(CM_CHAINING)) { - return ChainingModes.CHAIN_MODE; - } else if (chainingMode.equals(CM_PKIX)) { - return ChainingModes.PKIX_MODE; - } else { - return ChainingModes.PKIX_MODE; - } - } - - /** - * Build the distribution points mapping. - * - * @return The mapping from certificate authorities to distribution points. - */ - public Map buildDistributionPoints() - { - Map dPs = new HashMap(); - NodeIterator dPIter; - Element dPElem; - - // select all DistributionPoint elements - dPIter = XPathUtils.selectNodeIterator(getConfigElem(), DISTRIBUTION_POINTS_XPATH); - - // build the mapping of CA name to distribution points - while ((dPElem = (Element) dPIter.nextNode()) != null) { - String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", ""); - RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText); - NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP"); - NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP"); - - try - { - String caIssuerDN = nameParser.parse().getName(); - - // check, if a mapping exists or make a new mapping - Set dPsForCA = (Set) dPs.get(caIssuerDN); - if (dPsForCA == null) - { - dPsForCA = new HashSet(); - dPs.put(caIssuerDN, dPsForCA); - } - - // add the CRL distribution points of this CA to the set - Element cRLDPElem; - while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null) - { - CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, caIssuerDN); - dPsForCA.add(cRLDP); - } - - // add the OCSP distribution points of this CA to the set - Element oCSPPElem; - while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null) - { - OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(oCSPPElem, null); - dPsForCA.add(oCSPDP); - } -} - catch (RFC2253NameParserException e) - { - warn("config.13", new Object[] { caIssuerDNText }, e); - } - - } - - return dPs; - } - - /** - * Build a distribution point from the DOM representation. - * - * @param dpElem The root element of the distribution point. - * - * @param issuerName The name of the CA issuing the CRL referred to by this DP, or <code>null</code> - * if this DP refers to an OCSP responder. - * - * @return The distribution point. - */ - private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName) - { - String uri = getElementValue(dpElem, CONF + "Location", null); - - if ("CRLDP".equals(dpElem.getLocalName())) - { - NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode"); - Element reasonCodeElem; - StringBuffer reasonCodesSB = new StringBuffer(); - while ((reasonCodeElem = (Element)reasonCodesIter.nextNode()) != null) - { - if (reasonCodesSB.length() > 0) reasonCodesSB.append(" "); - reasonCodesSB.append(getElementValue(reasonCodeElem, ".", "").trim()); - } - return new CRLDistributionPoint(issuerName, uri, reasonCodesSB.toString()); - } - else - { - return new OCSPDistributionPoint(uri); - } - } - - /** - * Return the CRL archive duration. - * - * @return The value of the CRL archive duration setting from the configuration, or <code>0</code> if - * no value is set in the configuration. - */ - public int getRevocationArchiveDuration() - { - String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null); - try - { - return Integer.parseInt(archiveDuration); - } - catch (NumberFormatException e) - { - warn("config.01", null); - return 365; - } - } - - /** - * Build the <code>CreateTransformsInfoProfile</code>s. - * - * @return The mapping from profile ID to profile. - */ - public Map buildCreateTransformsInfoProfiles() - { - return loadProfiles(CREATE_TRANSFORMS_INFO_PROFILE_XPATH, "CreateTransformsInfoProfile"); - } - - /** - * Build the <code>CreateSignatureEnvironmentProfile</code>s. - * - * @return The mapping from profile ID to profile. - */ - public Map buildCreateSignatureEnvironmentProfiles() - { - return loadProfiles(CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, "CreateSignatureEnvironmentProfile"); - } - - /** - * Build the <code>VerifyTransformsInfoProfile</code>s. - * - * @return The mapping from profile ID to profile. - */ - public Map buildVerifyTransformsInfoProfiles() - { - return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile"); - } - - /** - * Build the <code>SupplementProfile</code>s. - * - * @return The mapping from profile ID to profile. - */ - public Map buildSupplementProfiles() - { - return loadProfiles(SUPPLEMENT_PROFILE_XPATH, "SupplementProfile"); - } - - /** - * Load a profile mapping. - * - * @param xpath The XPath to select the profiles from the configuration. - * - * @param profileRoot The name of the profile root element. - * - * @return Map The profile ID to profile mapping. - */ - private Map loadProfiles(String xpath, String profileRoot) - { - Map profiles = new HashMap(); - NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath); - Element profileElem; - - while ((profileElem = (Element) profileIter.nextNode()) != null) - { - String id = getElementValue(profileElem, CONF + "Id", null); - String fileName = getElementValue(profileElem, CONF + "Location", null); - - if (profiles.containsKey(id)) - { - warn("config.04", new Object[] { profileRoot, id }); - } - else - { - try - { - File profileFile = new File(fileName); - - // make profileFile absolute - if (!profileFile.isAbsolute()) profileFile = new File(configRoot_, fileName); - - // load the profile - info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile()}); - Element profile = loadProfile(profileFile); - - if (profile.getTagName().equals(profileRoot)) - { - profiles.put(id, profile); - } - else - { - warn("config.02", new Object[] { profileRoot, id, fileName }); - } - } catch (ConfigurationException e) { - warn("config.03", new Object[] { profileRoot, id }); - } - } - } - - return profiles; - } - - /** - * Load a profile from a file. - * - * @param root The absolute directory path of the main configuration file. - * @param profileFile The file containing the profile. - * @return The profile in its DOM representation. - * @throws ConfigurationException An error occurred loading the profile. - */ - private Element loadProfile(File profileFile) throws ConfigurationException { - - Element profile; - - try { - profile = parseXml(new FileInputStream(profileFile)); - } catch (Exception e) { - throw new ConfigurationException("config.12", null, e); - } - - return profile; - } - - /** - * Bulid the trust profile mapping. - * - * @return The profile ID to profile mapping. - */ - public Map buildTrustProfiles() - { - Map trustProfiles = new HashMap(); - NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); - Element profileElem; - - while ((profileElem = (Element) profileIter.nextNode()) != null) - { - String id = getElementValue(profileElem, CONF + "Id", null); - String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); - String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - - URI trustAnchorsLocURI = null; - try - { - trustAnchorsLocURI = new URI(trustAnchorsLocStr); - if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file - trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); - } - } - catch (URIException e) { - warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); - continue; - } - catch (MalformedURLException e) - { - warn("config.15", new Object[] {id}, e); - continue; - } - - File profileDir = new File(trustAnchorsLocURI.getPath()); - if (!profileDir.exists() || !profileDir.isDirectory()) { - warn("config.27", new Object[] { "uri", id }); - continue; - } - - if (trustProfiles.containsKey(id)) { - warn("config.04", new Object[] { "TrustProfile", id }); - continue; - } - - URI signerCertsLocURI = null; - if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) - { - try - { - signerCertsLocURI = new URI(signerCertsLocStr); - if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); - - File signerCertsDir = new File(signerCertsLocURI.getPath()); - if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { - warn("config.27", new Object[] { "signerCertsUri", id }); - continue; - } - } - catch (URIException e) { - warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); - continue; - } - catch (MalformedURLException e) { - warn("config.15", new Object[] {id}, e); - continue; - } - } - - signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr); - trustProfiles.put(id, profile); - } - - return trustProfiles; - } - - /** - * Returns the location of the certificate store. - * - * @return the location of the certificate store. - */ - public String getCertStoreLocation() - { - String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null); - File certStoreLocFile; - - // No value specified in configuration file: Set it to a reasonable (absolute) default - if (certStoreLocStr == null) - return new File(configRoot_, "certstore").getAbsolutePath(); - - // Make cert store location an absolute value - certStoreLocFile = new File(certStoreLocStr); - if (!certStoreLocFile.isAbsolute()) - { - certStoreLocFile = new File(configRoot_, certStoreLocStr); - } - - // Check if cert store location exists, eventually try to create it - if (!certStoreLocFile.isDirectory()) - { - boolean created = false; - try - { - created = certStoreLocFile.mkdirs(); - } - finally - { - if (!created) - { - warn("config.32", new Object[] { certStoreLocFile.getAbsolutePath() }); - } - } - } - - return certStoreLocFile.getAbsolutePath(); - } - - // - // various utility methods - // - - /** - * Parse a configuration XML file. - * - * @param inputStream The stream from which to read the XML data. - * @return The DOM representation of the XML data. - * @throws ParserConfigurationException XML parser not configured properly. - * @throws SAXException An error parsing the XML file. - * @throws IOException An error reading the stream. - */ - private static Element parseXml(InputStream inputStream) - throws ParserConfigurationException, SAXException, IOException { - return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) - .getDocumentElement(); - } - - /** - * Return the value of an element located by an XPath. - * - * @param root The root element from which to evaluate the <code>xpath</code>. - * @param xpath The XPath pointing to the element. - * @param def The default value, if no element can be found with the given - * <code>xpath</code>. - * @return The element value or <code>def</code>, if the element cannot be - * found. - */ - private String getElementValue(Element root, String xpath, String def) { - - Element elem = (Element) XPathUtils.selectSingleNode(root, xpath); - return elem != null ? DOMUtils.getText(elem) : def; - } - - /** - * Return the value of an attribute located by an XPath. - * - * @param root The root element from which to evaluate the <code>xpath</code>. - * @param xpath The XPath pointing to the attribute. - * @param def The default value, if no attribute can be found with the given - * <code>xpath</code>. - * @return The element value or <code>def</code>, if the attribute cannot be - * found. - */ - private String getAttributeValue(Element root, String xpath, String def) { - Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath); - return attr != null ? attr.getValue() : def; - } - - /** - * Log an info message. - * - * @param messageId The message ID. - * @param parameters Additional parameters for the message. - * @see at.gv.egovernment.moa.spss.server.util.MessageProvider - */ - private static void info(String messageId, Object[] parameters) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); - } - - /** - * Log a warning. - * - * @param messageId The message ID. - * @param args Additional parameters for the message. - * @see at.gv.egovernment.moa.spss.server.util.MessageProvider - */ - private void warn(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); - - Logger.warn(new LogMsg(txt)); - warnings.add(txt); - } - - /** - * Log a warning. - * - * @param messageId The message ID. - * @param args Additional parameters for the message. - * @param t An exception being the cause of the warning. - * @see at.gv.egovernment.moa.spss.server.util.MessageProvider - */ - private void warn(String messageId, Object[] args, Throwable t) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); - - Logger.warn(new LogMsg(txt), t); - warnings.add(txt); - } - - /** - * Returns whether revocation information should be archived. - * - * @return whether revocation information should be archived. - */ - public boolean getEnableRevocationArchiving() - { - String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null); - return Boolean.valueOf(enableArchiving).booleanValue(); - } - - /** - * Returns the JDBC URL for the revocation archive database. - * - * @return the JDBC URL for the revocation archive database, or <code>null</code, if the corresponding - * parameter is not set in the configuration. - */ - public String getRevocationArchiveJDBCURL() - { - String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null); - return jDBCURL; - } - - /** - * Returns the JDBC driver class name for the revocation archive database. - * - * @return the JDBC driver class name for the revocation archive database, or <code>null</code, - * if the corresponding parameter is not set in the configuration. - */ - public String getRevocationArchiveJDBCDriverClass() - { - String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null); - return jDBCDriverClass; - } - - /** - * Returns whether revocation information should be archived. - */ - public boolean getEnableRevocationChecking() - { - String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null); - return Boolean.valueOf(enableChecking).booleanValue(); - } - - /** - * Returns the maximum age of a revocation information for considering it - * still as valid. - * - * @return the maximum age of a revocation information for considering it - * still as valid. - */ - public long getMaxRevocationAge() - { - String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null); - if (maxRevocationAge == null) return 0; - return Long.valueOf(maxRevocationAge).longValue(); - } - - /** - * Returns the service order for revocation checking. - * - * @return the service order for revocation checking. Valid array entries are - * {@link evocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. - * An empty array will be returned if no service order is specified in the - * configuration. - */ - public String[] getServiceOrder() - { - ArrayList list = new ArrayList(); - NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), REVOCATION_SERVICEORDER_XPATH_); - Element currentServiceNode; - while ((currentServiceNode = (Element)serviceIter.nextNode()) != null) - { - list.add(getElementValue(currentServiceNode, ".", null)); - } - Object[] serviceOrder = list.toArray(); - String[] returnValue = new String[serviceOrder.length]; - for (int i = 0; i < serviceOrder.length; i++) - { - if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.CRL)) { - returnValue[i] = RevocationSourceTypes.CRL; - } else if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.OCSP)) { - returnValue[i] = RevocationSourceTypes.OCSP; - } - - } - return returnValue; - } - - /** - * Returns whether the certificate extension Authority Info Access should - * be used during certificate path construction. - * - * @return whether the certificate extension Authority Info Access should - * be used during certificate path construction. - */ - public boolean getUseAuthorityInfoAccess() - { - String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null); - return Boolean.valueOf(useAIA).booleanValue(); - } - - /** - * Returns whether certificates found during certificate path construction - * should be added to the certificate store. - * - * @return whether certificates found during certificate path construction - * should be added to the certificate store. - */ - public boolean getAutoAddCertificates() - { - String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); - return Boolean.valueOf(autoAdd).booleanValue(); - } - -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java deleted file mode 100644 index e48835286..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ /dev/null @@ -1,689 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.math.BigInteger; -import java.net.URL; -import java.security.Principal; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import org.w3c.dom.Element; - -import iaik.asn1.structures.Name; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; - -import at.gv.egovernment.moa.spss.util.MessageProvider; - -/** - * A class providing access to the MOA configuration data. - * - * <p>Configuration data is read from an XML file, whose location is given by - * the <code>moa.spss.server.configuration</code> system property.</p> - * <p>This class implements the Singleton pattern. The <code>reload()</code> - * method can be used to update the configuration data. Therefore, it is not - * guaranteed that consecutive calls to <code>getInstance()</code> will return - * the same <code>ConfigurationProvider</code> all the time. During the - * processing of a web service request, the current - * <code>TransactionContext</code> should be used to obtain the - * <code>ConfigurationProvider</code> local to that request.</p> - * - * @author Patrick Peck - * @author Sven Aigner - * @version $Id$ - */ -public class ConfigurationProvider -{ - /** - * The name of the system property which contains the file name of the - * configuration file. - */ - public static final String CONFIG_PROPERTY_NAME = - "moa.spss.server.configuration"; - - /** - * A fake <code>IssuerAndSerial</code> object for storing KeyGroup information - * accessible by all clients. - */ - private static final IssuerAndSerial ANONYMOUS_ISSUER_SERIAL = - new IssuerAndSerial(new Name(), new BigInteger("0")); - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static ConfigurationProvider instance; - - // - // configuration data - // - - /** The warnings generated when building the configuration. */ - private List warnings = new ArrayList(); - - /** The default digest method algorithm name */ - private String digestMethodAlgorithmName; - - /** The default canonicalization algorithm name */ - private String canonicalizationAlgorithmName; - - /** - * A <code>List</code> of <code>HardwareCryptoModule</code> objects for - * configuring hardware modules. - */ - private List hardwareCryptoModules; - - /** - * A <code>List</code> of <code>HardwareKey</code> objects containing the - * configuration data for hardware keys. - */ - private List hardwareKeyModules; - - /** - * A <code>List</code> of <code>SoftwareKey</code> objects containing the - * configuration data for software keys. - */ - private List softwareKeyModules; - - /** - * A <code>Map</code> which contains a KeyGroupId (a <code>String</code>) to - * KeyGroup mapping. - */ - private Map keyGroups; - - /** - * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to - * <code>KeyGroup</code> mapping. - */ - private Map keyGroupMappings; - - /** The default chaining mode. */ - private String defaultChainingMode; - - /** - * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to - * chaining mode (a <code>String</code>) mapping. - */ - private Map chainingModes; - - /** - * A <code>Map</code> which contains the CAIssuerDN (a <code>String</code>) - * to distribution points (a <code>Set</code> of - * <code>DistributionPoint</code>s) mapping. - */ - private Map distributionPoints; - - /** - * The CRL archive duration. - */ - private int cRLArchiveDuration; - - /** - * Indicates whether revocation information should be archived. - */ - private boolean enableRevocationArchiving_; - - /** - * The location of the certificate store. - */ - private String certStoreLocation_; - - /** - * A <code>Map</code> which contains a mapping from - * CreateSignatureEnvironmentProfile Ids (<code>String</code>) to - * CreateSignatureEnvironmentProfile elements (an <code>Element</code>). - */ - private Map createSignatureEnvironmentProfiles; - - /** - * A <code>Map</code> which contains a mapping from - * CreateTransformsInfoProfile Ids (<code>String</code>) to - * CreateTransformsInfoProfile elements (an <code>Element</code>). - */ - private Map createTransformsInfoProfiles; - - /** - * A <code>Map</code> which contains a mapping from - * VerifyTransformsInfoProfile Ids (<code>String</code>) to - * VerifyTransformsInfoProfile elements (an <code>Element</code>). - */ - private Map verifyTransformsInfoProfiles; - - /** - * A <code>Map</code> which contains a mapping from - * SupplementProfile Ids (<code>String</code>) to SupplementProfile elements - * (an <code>Element</code>). - */ - private Map supplementProfiles; - - /** - * A <code>Map</code> which contains a TrustProfile Id (a <code>String</code> - * to trust profile (a <code>TrustProfile</code>) mapping. - */ - private Map trustProfiles; - - /** - * The JDBC URL for the revocation archive database. - */ - private String revocationArchiveJDBCURL_; - - /** - * The JDBC driver class name for the revocation archive database. - */ - private String revocationArchiveJDBCDriverClass_; - - /** - * Indicates whether revocation checking should be done. - */ - private boolean enableRevocationChecking_; - - /** - * The maximum age of a revocation information for considering it still as valid. - */ - private long maxRevocationAge_; - - /** - * The service order for revocation checking. - */ - private String[] serviceOrder_; - - /** - * Indicates whether certificates found during certificate path construction - * should be added to the certificate store. - */ - private boolean autoAddCertificates_; - - /** - * Indicates whether the certificate extension Authority Info Access should - * be used during certificate path construction. - */ - private boolean useAuthorityInfoAccess_; - - /** - * Return the single instance of configuration data. - * - * @return MOAConfigurationProvider The current configuration data. - * @throws ConfigurationException Failure to load the configuration data. - */ - public static synchronized ConfigurationProvider getInstance() - throws ConfigurationException { - - if (instance == null) { - reload(); - } - return instance; - } - - /** - * Reload the configuration data and set it if successful. - * - * @return MOAConfigurationProvider The loaded configuration data. - * @throws ConfigurationException Failure to load the configuration data. - */ - public static synchronized ConfigurationProvider reload() - throws ConfigurationException { - String fileName = System.getProperty(CONFIG_PROPERTY_NAME); - - if (fileName == null) { - // find out where we are running and use the configuration provided - // under WEB-INF/conf/moa-spss/MOA-SPSSConfiguration - URL url = ConfigurationProvider.class.getResource("/"); - fileName = - new File(url.getPath()).getParent() - + "/conf/moa-spss/MOA-SPSSConfiguration.xml"; - info("config.05", new Object[] { CONFIG_PROPERTY_NAME }); - } - - instance = new ConfigurationProvider(fileName); - return instance; - } - - /** - * Constructor for ConfigurationProvider. - * - * @param fileName The name of the configuration file. - * @throws ConfigurationException An error occurred loading the configuration. - */ - public ConfigurationProvider(String fileName) throws ConfigurationException { - load(fileName); - } - - /** - * Load the configuration data from XML file with the given name and build - * the internal data structures representing the MOA configuration. - * - * @param fileName The name of the XML file to load. - * @throws ConfigurationException The MOA configuration could not be - * read/built. - */ - private void load(String fileName) throws ConfigurationException { - FileInputStream stream = null; - File configFile; - File configRoot; - Element configElem; - ConfigurationPartsBuilder builder; - List allKeyModules; - - - // load the main config file - try { - configFile = new File(fileName); - configRoot = new File(configFile.getParent()); - info("config.21", new Object[] { configFile.getAbsoluteFile()}); - stream = new FileInputStream(fileName); - configElem = DOMUtils.parseXmlValidating(new FileInputStream(fileName)); - } catch (Throwable t) { - throw new ConfigurationException("config.10", null, t); - } - - // build the internal datastructures - try { - builder = new ConfigurationPartsBuilder(configElem, configRoot); - digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName(); - canonicalizationAlgorithmName = - builder.getCanonicalizationAlgorithmName(); - hardwareCryptoModules = builder.buildHardwareCryptoModules(); - hardwareKeyModules = - builder.buildHardwareKeyModules(Collections.EMPTY_LIST); - softwareKeyModules = - builder.buildSoftwareKeyModules(hardwareKeyModules); - allKeyModules = new ArrayList(hardwareKeyModules); - allKeyModules.addAll(softwareKeyModules); - keyGroups = builder.buildKeyGroups(allKeyModules); - keyGroupMappings = - builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess(); - autoAddCertificates_ = builder.getAutoAddCertificates(); - trustProfiles = builder.buildTrustProfiles(); - distributionPoints = builder.buildDistributionPoints(); - enableRevocationChecking_ = builder.getEnableRevocationChecking(); - maxRevocationAge_ = builder.getMaxRevocationAge(); - serviceOrder_ = builder.getServiceOrder(); - enableRevocationArchiving_ = builder.getEnableRevocationArchiving(); - cRLArchiveDuration = builder.getRevocationArchiveDuration(); - revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL(); - revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass(); - certStoreLocation_ = builder.getCertStoreLocation(); - createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles(); - createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles(); - verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles(); - supplementProfiles = builder.buildSupplementProfiles(); - warnings = new ArrayList(builder.getWarnings()); - } catch (Throwable t) { - throw new ConfigurationException("config.11", null, t); - } finally { - try { - if (stream != null) { - stream.close(); - } - } catch (IOException e) { - // don't complain about this - } - } - } - - /** - * Returns the warnings encountered during building the configuration. - * - * @return A <code>List</code> of <code>String</code>s, containing the - * warning messages. - */ - public List getWarnings() { - return warnings; - } - - /** - * Return the name of the digest algorithm used during signature creation. - * - * @return The digest method algorithm name, or an empty <code>String</code>, - * if none has been configured. - */ - public String getDigestMethodAlgorithmName() { - return digestMethodAlgorithmName; - } - - /** - * Return the name of the canonicalization algorithm used during signature - * creation. - * - * @return The canonicalization algorithm name, or an empty - * <code>String</code> if none has been configured. - */ - public String getCanonicalizationAlgorithmName() { - return canonicalizationAlgorithmName; - } - - /** - * Return the configured hardware crypto modules. - * - * @return A <code>List</code> of <code>HardwareCryptoModule</code> objects - * containing the hardware crypto module configurations. - */ - public List getHardwareCryptoModules() { - return hardwareCryptoModules; - } - - /** - * Return the hardware key modules configuration. - * - * @return A <code>List</code> of <code>HardwareKeyModule</code> objects - * containing the configuration of the hardware key modules. - */ - public List getHardwareKeyModules() { - return hardwareKeyModules; - } - - /** - * Return the software key module configuration. - * - * @return A <code>List</code> of <code>SoftwareKeyModule</code> objects - * containing the configuration of the software key modules. - */ - public List getSoftwareKeyModules() { - return softwareKeyModules; - } - - /** - * Return the key group mapping. - * - * @return A mapping from key group ID (a <code>String</code>) to - * <code>KeyGroup</code> mapping. - */ - public Map getKeyGroups() { - return keyGroups; - } - - /** - * Return the set of <code>KeyGroupEntry</code>s of a given key group, which a - * client (identified by an issuer/serial pair) may access. - * - * @param issuer The issuer of the client certificate. - * @param serial The serial number of the client certificate. - * @param keyGroupId The ID of the key group. - * @return A <code>Set</code> of all the <code>KeyGroupEntry</code>s in the - * given key group, if the user may access them. Returns <code>null</code>, if - * the user may not access the given key group or if the key group does not - * exist. - */ - public Set getKeyGroupEntries( - Principal issuer, - BigInteger serial, - String keyGroupId) { - - IssuerAndSerial issuerAndSerial; - Map mapping; - - if (issuer == null && serial == null) { - issuerAndSerial = ANONYMOUS_ISSUER_SERIAL; - } else { - issuerAndSerial = new IssuerAndSerial(issuer, serial); - } - - mapping = (Map) keyGroupMappings.get(issuerAndSerial); - if (mapping != null) { - KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); - - if (keyGroup != null) { - return keyGroup.getKeyGroupEntries(); - } - } - - // If no key group is available for a client identified by a certificate, - // try to find a key group in the anonymous key group mapping - if (issuer != null || serial != null) - { - mapping = (Map) keyGroupMappings.get(ANONYMOUS_ISSUER_SERIAL); - if (mapping != null) - { - KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); - if (keyGroup != null) return keyGroup.getKeyGroupEntries(); - } - } - - return null; - } - - /** - * Return the chaining mode for a given trust anchor. - * - * @param trustAnchor The trust anchor for which the chaining mode should be - * returned. - * @return The chaining mode for the given trust anchor. If the trust anchor - * has not been configured separately, the system default will be returned. - */ - public String getChainingMode(X509Certificate trustAnchor) { - Principal issuer = trustAnchor.getIssuerDN(); - BigInteger serial = trustAnchor.getSerialNumber(); - IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); - - String mode = (String) chainingModes.get(issuerAndSerial); - return mode != null ? mode : defaultChainingMode; - } - - /** - * Return the distribution points for a given CA. - * - * @param cert The certificate for which the distribution points should be - * looked up. The issuer information is used to perform the lookup. - * - * @return A <code>Set</code> of <code>DistributionPoint</code> objects. The - * set will be empty, if no distribution points have been configured - * for this certificate. - */ - public Set getDistributionPoints(X509Certificate cert) - { - try { - RFC2253NameParser nameParser = - new RFC2253NameParser(cert.getIssuerDN().toString()); - String caIssuerDN = nameParser.parse().getName(); - Set dps = (Set) distributionPoints.get(caIssuerDN); - - if (dps == null) { - return Collections.EMPTY_SET; - } - return dps; - } catch (RFC2253NameParserException e) { - return Collections.EMPTY_SET; - } - } - - /** - * Return the CRL archive duration. - * - * @return The duration of how long to keep CRL archive entries (measured in - * days). - */ - public int getCRLArchiveDuration() { - return cRLArchiveDuration; - } - - /** - * Returns whether revocation information should be archived. - * - * @return whether revocation information should be archived. - */ - public boolean getEnableRevocationArchiving() - { - return enableRevocationArchiving_; - } - - /** - * Returns the location of the certificate store. - * - * @return the location of the certificate store. - */ - public String getCertStoreLocation() - { - return certStoreLocation_; - } - - /** - * Return a <code>CreateTransformsInfoProfile</code> with the given ID. - * - * @param id The <code>CreateTransformsInfoProfile</code> ID. - * @return The <code>CreateTransformsInfoProfile</code> with the given - * ID or <code>null</code>, if none exists. - */ - public Element getCreateTransformsInfoProfile(String id) { - return (Element) createTransformsInfoProfiles.get(id); - } - - /** - * Return a <code>CreateSignatureEnvironmentProfile</code> with the given ID. - * - * @param id The <code>CreateSignatureEnvironmentProfile</code> ID. - * @return The <code>CreateSignatureEnvironmentProfile</code> with the given - * ID or <code>null</code>, if none exists. - */ - public Element getCreateSignatureEnvironmentProfile(String id) { - return (Element) createSignatureEnvironmentProfiles.get(id); - } - - /** - * Return a <code>VerifyTransformsInfoProfile</code> with the given ID. - * - * @param id The <code>VerifyTransformsInfoProfile</code> ID. - * @return The <code>VerifyTransformsInfoProfile</code> with the given ID or - * <code>null</code>, if none exists. - */ - public Element getVerifyTransformsInfoProfile(String id) { - return (Element) verifyTransformsInfoProfiles.get(id); - } - - /** - * Return a <code>SupplementProfile</code> with the given ID. - * - * @param id The <code>SupplementProfile</code> ID. - * @return The <code>SupplementProfile</code> with the given ID or - * <code>null</code>, if none exists. - */ - public Element getSupplementProfile(String id) { - return (Element) supplementProfiles.get(id); - } - - /** - * Return a <code>TrustProfile</code> with the given ID. - * - * @param id The <code>TrustProfile</code> ID. - * @return The <code>TrustProfile</code> with the given ID or - * <code>null</code>, if none exists. - */ - public TrustProfile getTrustProfile(String id) { - return (TrustProfile) trustProfiles.get(id); - } - - /** - * Log a warning. - * - * @param messageId The message ID. - * @param parameters Additional parameters for the message. - * @see at.gv.egovernment.moa.spss.server.util.MessageProvider - */ - private static void info(String messageId, Object[] parameters) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); - } - - /** - * Log a warning. - * - * @param messageId The message ID. - * @param args Additional parameters for the message. - * @see at.gv.egovernment.moa.spss.server.util.MessageProvider - */ - private void warn(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); - - Logger.warn(new LogMsg(txt)); - warnings.add(txt); - } - - /** - * Returns the JDBC URL for the revocation archive database. - * - * @return the JDBC URL for the revocation archive database. - */ - public String getRevocationArchiveJDBCURL() - { - return revocationArchiveJDBCURL_; - } - - /** - * Returns the JDBC driver class name for the revocation archive database. - * - * @return the JDBC driver class name for the revocation archive database. - */ - public String getRevocationArchiveJDBCDriverClass() - { - return revocationArchiveJDBCDriverClass_; - } - - /** - * Returns whether revocation checking should be done. - * - * @return whether revocation checking should be done. - */ - public boolean getEnableRevocationChecking() - { - return enableRevocationChecking_; - } - - /** - * Returns the maximum age of a revocation information for considering it - * still as valid. - * - * @return the maximum age of a revocation information for considering it - * still as valid. - */ - public long getMaxRevocationAge() - { - return maxRevocationAge_; - } - - /** - * Returns the service order for revocation checking. - * - * @return the service order for revocation checking. Valid array entries are - * {@link evocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. - */ - public String[] getServiceOrder() - { - return serviceOrder_; - } - - /** - * Returns whether certificates found during certificate path construction - * should be added to the certificate store. - * - * @return whether certificates found during certificate path construction - * should be added to the certificate store. - */ - public boolean getAutoAddCertificates() - { - return autoAddCertificates_; - } - - /** - * Returns whether the certificate extension Authority Info Access should - * be used during certificate path construction. - * - * @return whether the certificate extension Authority Info Access should - * be used during certificate path construction. - */ - public boolean getUseAuthorityInfoAccess() - { - return useAuthorityInfoAccess_; - } - -}
\ No newline at end of file diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java deleted file mode 100644 index 5c0646449..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java +++ /dev/null @@ -1,38 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -/** - * Abstract base class for distribution points. - * - * @author Gregor Karlinger - * @version $Id$ - * */ -public abstract class DistributionPoint implements iaik.pki.revocation.DistributionPoint -{ - /** - * The distribution point URI. - */ - private String uri_; - - /** - * Create a <code>DistributionPoint</code> with a URI. - * - * @param uri The URI of the distribution point. - */ - public DistributionPoint(String uri) - { - uri_ = uri; - } - - /** - * @see iaik.pki.revocation.DistributionPoint#getType() - */ - public abstract String getType(); - - /** - * @see iaik.pki.revocation.DistributionPoint#getUri() - */ - public String getUri() - { - return uri_; - } -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java deleted file mode 100644 index 62e8d63a6..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java +++ /dev/null @@ -1,60 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -/** - * Contains configuration data for a hardware crypto module. - * - * @author Patrick Peck - * @version $Id$ - */ -public class HardwareCryptoModule { - /** The name of the module. */ - private String name; - /** The slod ID of the module. */ - private String slotID; - /** The user PIN of the module. */ - private String userPIN; - - /** - * Create a new <code>HardwareCryptoModule</code>. - * - * @param name The name of this <code>HardwareCryptoModule</code>. - * @param slotID The slot ID of this <code>HardwareCryptoModule</code>. - * @param userPIN The user PIN to access this - * <code>HardwareCryptoModule</code>. - */ - public HardwareCryptoModule(String name, String slotID, String userPIN) { - this.name = name; - this.slotID = slotID; - this.userPIN = userPIN; - } - - /** - * Returns the name of this <code>HardwareCryptoModule</code>. - * - * @return The name of this <code>HardwareCryptoModule</code>. - */ - public String getName() { - return name; - } - - /** - * Returns the slot ID of this <code>HardwareCryptoModule</code>. - * - * @return The slot ID. - */ - public String getSlotID() { - return slotID; - } - - - /** - * Returns the user PIN of this <code>HardwareCryptoModule</code>. - * - * @return The user PIN used to access the module. - */ - public String getUserPIN() { - return userPIN; - } - - -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java deleted file mode 100644 index 622c8d110..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java +++ /dev/null @@ -1,59 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -/** - * A class that contains information about a hardware key module. - * - * @author Patrick Peck - * @version $Id$ - */ -public class HardwareKeyModule extends KeyModule { - /** The name of the module. */ - private String name; - /** The slod ID of the module. */ - private String slotID; - /** The user PIN of the module. */ - private String userPIN; - - /** - * Create a new <code>HardwareKey</code>. - * - * @param id The key module ID. - * @param name The name of the key. - * @param slotID The slot ID of the key within the hardware module. May be - * <code>null</code>. - * @param userPIN The user PIN to access the key. - */ - public HardwareKeyModule(String id, String name, String slotID, String userPIN) { - super(id); - this.name = name; - this.slotID = slotID; - this.userPIN = userPIN; - } - - /** - * Return the name of this <code>HardwareKey</code>. - * - * @return The name of this <code>HardwareKey</code>. - */ - public String getName() { - return name; - } - - /** - * Return the slot ID of this <code>HardwareKey</code>. - * - * @return The slot ID of this <code>HardwareKey</code>. - */ - public String getSlotID() { - return slotID; - } - - /** - * Return the user PIN to access this <code>HardwareKey</code>. - * - * @return The user PIN to access this <code>HardwareKey</code>. - */ - public String getUserPIN() { - return userPIN; - } -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java deleted file mode 100644 index 9d9262785..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java +++ /dev/null @@ -1,115 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -import java.math.BigInteger; -import java.security.Principal; - -import iaik.asn1.structures.Name; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - -/** - * A class containing the issuer and serial number of a certificate, which can - * be used to uniquely identify the certificate. - * - * The issuer is contained as an RFC2253 encoded <code>String</code>. - * - * @author Patrick Peck - * @version $Id$ - */ -public class IssuerAndSerial { - - /** The issuer distinguished name. */ - private String issuerDN; - /** The certificate serial number. */ - private BigInteger serial; - - /** - * Create an <code>IssuerAndSerial</code> object. - * - * The name of the issuer is converted to RFC2253. If it cannot be parsed, the - * DN contained in the <code>issuer</code> is set. - * - * @param issuer The isser of a certificate. - * @param serial The serial number of the certificate. - */ - public IssuerAndSerial(Principal issuer, BigInteger serial) { - RFC2253NameParser parser = new RFC2253NameParser(issuer.getName()); - - try { - this.issuerDN = ((Name) parser.parse()).getRFC2253String(); - } catch (RFC2253NameParserException e) { - this.issuerDN = issuer.getName(); - } - this.serial = serial; - } - - /** - * Create an <code>IssuerAndSerial</code> object. - * - * @param issuerDN The issuer distinguished name. Should be an RFC2253 name. - * @param serial The serial number of the certificate. - */ - public IssuerAndSerial(String issuerDN, BigInteger serial) { - this.issuerDN = issuerDN; - this.serial = serial; - } - - /** - * Return the issuer DN in RFC2253 format. - * - * @return The issuer part of this object. - */ - public String getIssuerDN() { - return issuerDN; - } - - /** - * Return the serial number. - * - * @return The serial number of this object. - */ - public BigInteger getSerial() { - return serial; - } - - /** - * Compare this <code>IssuerAndSerial</code> to another object. - * - * @param other The object to compare this <code>IssuerAndSerial</code> to. - * @return <code>true</code>, if <code>other</code> is an - * <code>IssuerAndSerial</code> object and the <code>issuer</code> and - * <code>serial</code> fields are both equal. <code>false</code> otherwise. - * @see java.lang.Object#equals(java.lang.Object) - */ - public boolean equals(Object other) { - if (other instanceof IssuerAndSerial) { - IssuerAndSerial ias = (IssuerAndSerial) other; - return getIssuerDN().equals(ias.getIssuerDN()) - && getSerial().equals(ias.getSerial()); - } - return false; - } - - /** - * Return the hash code of this <code>IssuerAndSerial</code>. - * - * @return The hash code of this <code>IssuerAndSerial</code>. - * @see java.lang.Object#hashCode() - */ - public int hashCode() { - return issuerDN.hashCode() ^ serial.hashCode(); - } - - /** - * Return a <code>String</code> representation of this - * <code>IssuerAndSerial</code> object. - * - * @return The <code>String</code> representation. - * @see java.lang.Object#toString() - */ - public String toString() { - return ("(IssuerAndSerial - Issuer<" + getIssuerDN()) - + ("> Serial<" + serial.toString() + ">)"); - } - -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroup.java deleted file mode 100644 index 5fd108e1a..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroup.java +++ /dev/null @@ -1,69 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -import java.util.Iterator; -import java.util.Set; - -/** - * A collection of <code>KeyGroupEntry</code>s with its own ID. - * - * @author Sven Aigner - * @author Patrick Peck - * @version $Id$ - */ -public class KeyGroup { - - /** The keys belonging to this key group. */ - private Set keyGroupEntries; - /** The key group ID. */ - private String id; - - /** - * Create a <code>KeyGroup</code>. - * - * @param id The ID of this <code>KeyGroup</code>. - * @param keyGroupEntries The keys belonging to this <code>KeyGroup</code>. - */ - public KeyGroup(String id, Set keyGroupEntries) { - this.id = id; - this.keyGroupEntries = keyGroupEntries; - } - - /** - * Return the <code>KeyEntry</code>s contained in this <code>KeyGroup</code>. - * - * @return The <code>KeyEntry</code>s contained in this <code>KeyGroup</code>. - */ - public Set getKeyGroupEntries() { - return keyGroupEntries; - } - - /** - * Return the ID of this <code>KeyGroup</code>. - * - * @return The <code>KeyGroup</code> ID. - */ - public String getId() { - return id; - } - - /** - * Return a <code>String</code> representation of this <code>KeyGroup</code>. - * - * @return The <code>String</code> representation. - * @see java.lang.Object#toString() - */ - public String toString() { - StringBuffer sb = new StringBuffer(); - Iterator i; - - if (getKeyGroupEntries() != null) { - i = getKeyGroupEntries().iterator(); - - while (i.hasNext()) { - sb.append(" " + i.next()); - } - } - return "(KeyGroup - ID:" + id + " " + sb.toString() + ")"; - } - -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java deleted file mode 100644 index 2e39d6aa3..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java +++ /dev/null @@ -1,106 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -import java.math.BigInteger; - -/** - * A class containing information about an entry in a key group. - * - * @author Patrick Peck - * @version $Id$ - */ -public class KeyGroupEntry { - /** The module ID of the key. */ - private String moduleID; - /** The issuer DN of the certificate identifying the key. */ - private String issuerDN; - /** The serial number of the certificate identifying the key. */ - private BigInteger serialNumber; - - /** - * Create a new <code>KeyGroupEntry</code>. - * - * @param moduleID The key module ID to which this entry belongs to. - * @param issuerAndSerial The issuer and serial number which uniquely - * identifies a certificate within the key module. - */ - public KeyGroupEntry(String moduleID, IssuerAndSerial issuerAndSerial) { - this.moduleID = moduleID; - this.issuerDN = issuerAndSerial.getIssuerDN(); - this.serialNumber = issuerAndSerial.getSerial(); - } - - /** - * Create a new <code>KeyGroupEntry</code>. - * - * @param moduleID The key module ID to which this entry belongs to. - * @param issuerDN The isser DN of the certificate within the key module. - * @param serialNumber The serial number of the certificate within the key - * module. - */ - public KeyGroupEntry( - String moduleID, - String issuerDN, - BigInteger serialNumber) { - this.moduleID = moduleID; - this.issuerDN = issuerDN; - this.serialNumber = serialNumber; - } - - /** - * Return the key module ID to which this <code>KeyGroupEntry</code> belongs - * to. - * - * @return The key module ID. - */ - public String getModuleID() { - return moduleID; - } - - /** - * Return the issuer DN of this <code>KeyGroupEntry</code> for identifying the - * certificate within the key module. - * - * @return The issuer DN of the certificate. - */ - public String getIssuerDN() { - return issuerDN; - } - - /** - * Return the serial number of this <code>KeyGroupEntry</code> for identifying - * the certificate within the key module. - * - * @return The serial number of the certificate. - */ - public BigInteger getSerialNumber() { - return serialNumber; - } - - /** - * Compare this <code>KeyGroupEntry</code> to another. - * - * @param other The <code>KeyGroupEntry</code> to compare to. - * @return <code>true</code>, if module ID, isser DN and serial number of - * <code>other</code> match the ones contained in this object, otherwise - * <code>false</code>. - * @see java.lang.Object#equals(Object) - */ - public boolean equals(Object other) { - if (other instanceof KeyGroupEntry) { - KeyGroupEntry entry = (KeyGroupEntry) other; - return getModuleID().equals(entry.getModuleID()) - && getIssuerDN().equals(entry.getIssuerDN()) - && getSerialNumber().equals(entry.getSerialNumber()); - } - return false; - } - - /** - * @see java.lang.Object#hashCode() - */ - public int hashCode() { - return getModuleID().hashCode() - ^ getIssuerDN().hashCode() - ^ getSerialNumber().hashCode(); - } -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyModule.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyModule.java deleted file mode 100644 index 412516d82..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyModule.java +++ /dev/null @@ -1,41 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -/** - * A class that contains information about a key module. - * - * @author Patrick Peck - * @version $Id$ - */ -public class KeyModule { - - /** The key module ID. */ - private String id; - - /** - * Create a <code>Key</code> object. - * - * @param id The key module ID. - */ - public KeyModule(String id) { - this.id = id; - } - - /** - * Return the key ID. - * - * @return The key ID. - */ - public String getId() { - return id; - } - - /** - * Return a <code>String</code> representation of this <code>Key</code>. - * - * @return The <code>String</code> representation. - * @see java.lang.Object#toString() - */ - public String toString() { - return "(Key - Id<" + id + ">)"; - } -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java deleted file mode 100644 index e4509ac97..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java +++ /dev/null @@ -1,33 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -import iaik.pki.revocation.RevocationSourceTypes; - -/** - * A class representing a CRL distribution point. - * - * @author Gregor Karlinger - * @version $Id$ - */ -public class OCSPDistributionPoint - extends DistributionPoint - implements iaik.pki.revocation.DistributionPoint -{ - /** - * Create a <code>OCSPDistributionPoint</code> with a URI. - * - * @param uri The URI of the ocsp distribution point. - */ - public OCSPDistributionPoint(String uri) - { - super(uri); - } - - /** - * @see iaik.pki.revocation.DistributionPoint#getType() - */ - public String getType() - { - return RevocationSourceTypes.OCSP; - } - -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java deleted file mode 100644 index 479e98ca5..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java +++ /dev/null @@ -1,48 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -/** - * A class containing information about a software key, stored in PKCS12 format. - * - * @author Patrick Peck - * @version $Id$ - */ -public class SoftwareKeyModule extends KeyModule { - /** The name of the file containing the keys. */ - private String fileName; - /** The password for accessing the file. */ - private String passWord; - - /** - * Create a new <code>SoftwareKey</code>. - * - * @param id The key ID. - * @param fileName The name of the PKCS12 keystore file containing the key. - * @param passWord The password to access the keystore file. - */ - public SoftwareKeyModule(String id, String fileName, String passWord) { - super(id); - this.fileName = fileName; - this.passWord = passWord; - } - - /** - * Return the name of the PKCS12 keystore file containing this - * <code>SoftwareKey</code>. - * - * @return The name of the PKCS12 keystore file. - */ - public String getFileName() { - return fileName; - } - - /** - * Return the password to access the keystore file. - * - * @return The password to access the keystore file. - */ - public String getPassWord() { - return passWord; - } - - -} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/TrustProfile.java deleted file mode 100644 index 929d5ce2b..000000000 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ /dev/null @@ -1,58 +0,0 @@ -package at.gv.egovernment.moa.spss.server.config; - -/** - * Information about a trust profile. - * - * @author Patrick Peck - * @version $Id$ - */ -public class TrustProfile { - /** The ID of the trust profile. */ - private String id; - /** The URI giving the location of the trust profile. */ - private String uri; - /** The URI giving the location of the allowed signer certificates. */ - private String signerCertsUri; - - /** - * Create a <code>TrustProfile</code>. - * - * @param id The ID of the <code>TrustProfile</code> to create. - * @param uri The URI of the <code>TrustProfile</code> to create. - * @param signerCertsUri The URI of the location of the allowed signer - * certificates of the <code>TrustProfile</code> to create. - */ - public TrustProfile(String id, String uri, String signerCertsUri) { - this.id = id; - this.uri = uri; - this.signerCertsUri = signerCertsUri; - } - - /** - * Return the ID of this <code>TrustProfile</code>. - * - * @return The <code>TrustProfile</code> ID. - */ - public String getId() { - return id; - } - - /** - * Return the URI of this <code>TrustProfile</code>. - * - * @return The URI of <code>TrustProfile</code>. - */ - public String getUri() { - return uri; - } - - /** - * Return the URI giving the location of the allowed signer certificates - * of this <code>TrustProfile</code>. - * - * @return The URI of <code>TrustProfile</code>. - */ - public String getSignerCertsUri() { - return signerCertsUri; - } -} |