diff options
Diffstat (limited to 'spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki')
4 files changed, 424 insertions, 0 deletions
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java new file mode 100644 index 000000000..c204eface --- /dev/null +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -0,0 +1,127 @@ +package at.gv.egovernment.moa.spss.server.iaik.pki; + +import iaik.pki.PKIProfile; +import iaik.pki.pathvalidation.ValidationProfile; +import iaik.pki.revocation.RevocationProfile; +import iaik.pki.store.truststore.TrustStoreProfile; + +import at.gv.egovernment.moa.util.BoolUtils; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl; + +/** + * Implementation of the <code>PKIProfile</code> interface containing + * information needed for certificate path validation. It uses configuration + * data from the MOA configuration. + * + * @author Patrick Peck + * @version $Id$ + */ +public class PKIProfileImpl implements PKIProfile { + + /** Profile information for revocation checking. */ + private RevocationProfile revocationProfile; + /** Profile information about the trust profile to use. */ + private TrustStoreProfile trustStoreProfile; + /** Profile information about the certificate validation. */ + private ValidationProfile validationProfile; + /** The <code>ConfigurationProvider</code> to read the MOA configuration data + * from. */ + private ConfigurationProvider config; + + /** + * Create a new <code>PKIProfileImpl</code>. + * + * @param config The MOA configuration providing configuration data about + * certificate path validation. + * @param trustProfileID The trust profile ID denoting the location of the + * trust store. + * @throws MOAApplicationException An error occurred building the profile. + */ + public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) + throws MOAApplicationException { + + this.config = config; + setRevocationProfile(new RevocationProfileImpl(config)); + setTrustStoreProfile(new TrustStoreProfileImpl(config, trustProfileID)); + setValidationProfile(new ValidationProfileImpl(config)); + } + + /** + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ + public boolean autoAddCertificates() { + String boolStr = + config.getGenericConfiguration( + ConfigurationProvider.AUTO_ADD_CERTIFICATES_PROPERTY, + "true"); + boolean boolValue = BoolUtils.valueOf(boolStr); + + return useAuthorityInfoAccess() ? true : boolValue; + } + + /** + * @see iaik.pki.PKIProfile#getRevocationProfile() + */ + public RevocationProfile getRevocationProfile() { + return revocationProfile; + } + + /** + * Sets the <code>RevocationProfile</code>. + * + * @param revocationProfile The <code>RevocationProfile</code> used for + * revocation checking. + */ + protected void setRevocationProfile(RevocationProfile revocationProfile) { + this.revocationProfile = revocationProfile; + } + + /** + * @see iaik.pki.PKIProfile#getTrustStoreProfile() + */ + public TrustStoreProfile getTrustStoreProfile() { + return trustStoreProfile; + } + + /** + * Sets the <code>TrustStoreProfile</code>. + * + * @param trustStoreProfile The <code>TrustStoreProfile</code>. + */ + protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) { + this.trustStoreProfile = trustStoreProfile; + } + + /** + * @see iaik.pki.PKIProfile#getValidationProfile() + */ + public ValidationProfile getValidationProfile() { + return validationProfile; + } + + /** + * Sets the <code>ValidationProfile</code>. + * + * @param validationProfile The <code>ValidationProfile</code> to set. + */ + protected void setValidationProfile(ValidationProfile validationProfile) { + this.validationProfile = validationProfile; + } + + /** + * @see iaik.pki.PKIProfile#useAuthorityInfoAccess() + */ + public boolean useAuthorityInfoAccess() { + String boolStr = + config.getGenericConfiguration( + ConfigurationProvider.USE_AUTHORITY_INFO_ACCESS_PROPERTY, + "true"); + return BoolUtils.valueOf(boolStr); + } + +} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java new file mode 100644 index 000000000..3327b3a50 --- /dev/null +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java @@ -0,0 +1,113 @@ +package at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation; + +import iaik.pki.pathvalidation.ValidationProfile; + +import at.gv.egovernment.moa.util.BoolUtils; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +import java.util.Collections; +import java.util.Set; + +/** + * An implementation of the <code>ValidationProfile</code> interface providing + * information about certificat path validation. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ValidationProfileImpl implements ValidationProfile { + + /** The <code>ConfigurationProvider</code> to read the configuration data + * from. */ + private ConfigurationProvider config; + private boolean initialAnyPolicyInhibit; + private boolean initialExplicitPolicy; + private boolean initialPolicyMappingInhibit; + private Set initialPolicySet; + private boolean nameConstraintsProcessing; + private boolean policyProcessing; + + /** + * Create a new <code>ValidationProfileImpl</code> object. + * + * This objects's fields are preset to the following values: + * + * <ul> + * <li><code>initialAnyPolicyInhibit = true</code></li> + * <li><code>initialExplicitPoliy = true</code></li> + * <li><code>initialPolicyMappingInhibit = true</code></li> + * <li><code>initialPolicySet = empty</code></li> + * <li><code>policyProcessing = false</code></li> + * <li><code>nameConstraintsProcessing = false</code></li> + * <li><code>revocationChecking = false</code></li> + * </ul> + * + * @param config MOA configuration data for additional configuration + * information (currently unused). + */ + public ValidationProfileImpl(ConfigurationProvider config) { + this.config = config; + initialAnyPolicyInhibit = true; + initialExplicitPolicy = true; + initialPolicyMappingInhibit = true; + initialPolicySet = Collections.EMPTY_SET; + policyProcessing = false; + nameConstraintsProcessing = false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit() + */ + public boolean getInitialAnyPolicyInhibit() { + return initialAnyPolicyInhibit; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy() + */ + public boolean getInitialExplicitPolicy() { + return initialExplicitPolicy; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit() + */ + public boolean getInitialPolicyMappingInhibit() { + return initialPolicyMappingInhibit; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet() + */ + public Set getInitialPolicySet() { + return initialPolicySet; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing() + */ + public boolean getPolicyProcessing() { + return policyProcessing; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing() + */ + public boolean getNameConstraintsProcessing() { + return nameConstraintsProcessing; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking() + */ + public boolean getRevocationChecking() { + String checkingStr = + config.getGenericConfiguration( + ConfigurationProvider.REVOCATION_CHECKING_PROPERTY, + "false"); + + return BoolUtils.valueOf(checkingStr); + } + +}
\ No newline at end of file diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java new file mode 100644 index 000000000..186d24934 --- /dev/null +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.spss.server.iaik.pki.revocation; + +import java.security.cert.X509Certificate; + +import iaik.pki.revocation.RevocationProfile; +import iaik.pki.revocation.RevocationSourceTypes; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * An implementation of the <code>RevocationProfile</code> interface providing + * information about revocation status checking, based on MOA configuration + * data. + * + * @author Patrick Peck + * @version $Id$ + */ +public class RevocationProfileImpl implements RevocationProfile { + /** The default service order. */ + private static final String[] DEFAULT_SERVICE_ORDER = + { RevocationSourceTypes.CRL }; + /** The <code>ConfigurationProvider</code> to read the MOA configuration data + * from. */ + private ConfigurationProvider config; + /** The OCSP request hash algorithm. */ + private String oCSPRequestHashAlgorithm; + + /** + * Create a new <code>RevocationProfileImpl</code>. + * + * @param config The MOA configuration data. + */ + public RevocationProfileImpl(ConfigurationProvider config) { + this.config = config; + this.oCSPRequestHashAlgorithm = ""; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(String) + */ + public long getMaxRevocationAge(String distributionPointUri) { + String maxRevocationAgeStr = + config.getGenericConfiguration( + ConfigurationProvider.MAX_REVOCATION_AGE_PROPERTY, + "0"); + long revocationAge = Long.parseLong(maxRevocationAgeStr); + + return revocationAge; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm() + */ + public String getOCSPRequestHashAlgorithm() { + return oCSPRequestHashAlgorithm; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate) + */ + public String[] getPreferredServiceOrder(X509Certificate cert) { + return DEFAULT_SERVICE_ORDER; + } + +} diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java new file mode 100644 index 000000000..8a1161b95 --- /dev/null +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java @@ -0,0 +1,119 @@ +package at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; +import iaik.servertools.observer.NotificationData; +import iaik.servertools.observer.Observer; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; + +/** + * An implementation of the <code>TrustStoreProfile</code> interface, using data + * from the MOA configuration. + * + * @see iaik.pki.store.truststore.TrustStoreProfile + * @author Patrick Peck + * @version $Id$ + */ +public class TrustStoreProfileImpl implements TrustStoreProfile { + + /** The observers of this profile. */ + private List observers = new ArrayList(); + /** The type of the trust profile. */ + private String type; + /** The URI of the trust profile.*/ + private String URI; + + /** + * Create a new <code>TrustStoreProfileImpl</code>. + * + * @param config The MOA configuration data, from which trust store + * configuration data is read. + * @param trustProfileId The trust profile id on which this + * <code>TrustStoreProfile</code> is based. + * @throws MOAApplicationException The <code>trustProfileId</code> could not + * be found in the MOA configuration. + */ + public TrustStoreProfileImpl( + ConfigurationProvider config, + String trustProfileId) + throws MOAApplicationException { + + TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId); + if (tp != null) { + setURI(tp.getUri()); + setType(TrustStoreTypes.DIRECTORY); + } else { + throw new MOAApplicationException( + "2203", + new Object[] { trustProfileId }); + } + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getType() + */ + public String getType() { + return type; + } + + /** + * Sets the the trust store type. + * + * @param type The trust store type to set. + */ + protected void setType(String type) { + this.type = type; + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getURI() + */ + public String getURI() { + return URI; + } + + /** + * Sets the trust store URI. + * + * @param URI The trust store URI to set. + */ + protected void setURI(String URI) { + this.URI = URI; + } + + // + // Methods of iaik.utils.observer.Observable interface + // + + /** + * @see iaik.utils.observer.Observable#addObserver(Observer) + */ + public void addObserver(Observer observer) { + observers.add(observer); + } + + /** + * @see iaik.utils.observer.Observable#removeObserver(Observer) + */ + public boolean removeObserver(Observer observer) { + return observers.remove(observer); + } + + /** + * @see iaik.utils.observer.Observable#notify(NotificationData) + */ + public void notify(NotificationData notificationData) { + for (Iterator iter = observers.iterator(); iter.hasNext();) { + Observer observer = (Observer) iter.next(); + observer.notify(notificationData); + } + } + +} |