aboutsummaryrefslogtreecommitdiff
path: root/spss.server/src/at/gv/egovernment/moa/spss
diff options
context:
space:
mode:
Diffstat (limited to 'spss.server/src/at/gv/egovernment/moa/spss')
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java165
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java769
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java337
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java148
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java33
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java22
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CRLDistributionPointAdapter.java54
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java26
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java2
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java17
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java38
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java23
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java16
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java20
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java26
-rw-r--r--spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java41
16 files changed, 977 insertions, 760 deletions
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
new file mode 100644
index 000000000..bd78012ef
--- /dev/null
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
@@ -0,0 +1,165 @@
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.pki.revocation.RevocationSourceTypes;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.StringTokenizer;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+
+/**
+ * A class representing a CRL distribution point.
+ *
+ * @author Sven Aigner
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class CRLDistributionPoint
+ extends DistributionPoint
+ implements iaik.pki.revocation.CRLDistributionPoint
+{
+
+ private static Map RC_MAPPING = new HashMap();
+
+ static {
+
+ // create the mapping between reason code strings and their integer values
+ RC_MAPPING.put(
+ "unused",
+ new Integer(iaik.asn1.structures.DistributionPoint.unused));
+ RC_MAPPING.put(
+ "keyCompromise",
+ new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise));
+ RC_MAPPING.put(
+ "cACompromise",
+ new Integer(iaik.asn1.structures.DistributionPoint.cACompromise));
+ RC_MAPPING.put(
+ "affiliationChanged",
+ new Integer(iaik.asn1.structures.DistributionPoint.affiliationChanged));
+ RC_MAPPING.put(
+ "superseded",
+ new Integer(iaik.asn1.structures.DistributionPoint.superseded));
+ RC_MAPPING.put(
+ "cessationOfOperation",
+ new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
+ RC_MAPPING.put(
+ "certificateHold",
+ new Integer(iaik.asn1.structures.DistributionPoint.certificateHold));
+ RC_MAPPING.put(
+ "privilegeWithdrawn",
+ new Integer(iaik.asn1.structures.DistributionPoint.privilegeWithdrawn));
+ RC_MAPPING.put(
+ "aACompromise",
+ new Integer(iaik.asn1.structures.DistributionPoint.aACompromise));
+ }
+
+ /**
+ * The name of the CA issuing the CRL referred to by this DP.
+ */
+ private String issuerName_;
+
+ /**
+ * The reason codes applicable for the distribution point.
+ */
+ private int reasonCodes;
+
+ /**
+ * Create a <code>CRLDistributionPoint</code>.
+ *
+ * @param issuerName The name of the CA issuing the CRL referred to by this DP.
+ *
+ * @param uri The URI of the distribution point.
+ *
+ * @param reasonCodeStr A list of reason codes (a space-separated enumeration).
+ */
+ public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr)
+ {
+ super(uri);
+ issuerName_ = issuerName;
+ this.reasonCodes = extractReasonCodes(reasonCodeStr);
+ }
+
+ /**
+ * @see DistributionPoint#getType()
+ */
+ public String getType()
+ {
+ return RevocationSourceTypes.CRL;
+ }
+
+ /**
+ * Convert a list of reason codes provided as a <code>String</code> to a
+ * binary representation.
+ *
+ * @param reasonCodeStr A <code>String</code> containing a blank-separated,
+ * textual representation of reason codes.
+ * @return int A binary representation of reason codes.
+ * @see iaik.asn1.structures.DistributionPoint
+ */
+ private int extractReasonCodes(String reasonCodeStr) {
+ int codes = 0;
+ StringTokenizer tokenizer = new StringTokenizer(reasonCodeStr);
+ String token;
+ Integer reasonCode;
+
+ while (tokenizer.hasMoreTokens()) {
+ token = tokenizer.nextToken();
+ reasonCode = (Integer) RC_MAPPING.get(token);
+ if (reasonCode != null) {
+ codes |= reasonCode.intValue();
+ } else {
+ MessageProvider msg = MessageProvider.getInstance();
+ Logger.warn(
+ new LogMsg(msg.getMessage("config.07", new Object[] { token })));
+ }
+ }
+
+ // If reasonCodeStr is empty, set all possible reason codes
+ if (codes == 0) codes =
+ iaik.asn1.structures.DistributionPoint.unused |
+ iaik.asn1.structures.DistributionPoint.keyCompromise |
+ iaik.asn1.structures.DistributionPoint.cACompromise |
+ iaik.asn1.structures.DistributionPoint.affiliationChanged |
+ iaik.asn1.structures.DistributionPoint.superseded |
+ iaik.asn1.structures.DistributionPoint.cessationOfOperation |
+ iaik.asn1.structures.DistributionPoint.certificateHold |
+ iaik.asn1.structures.DistributionPoint.privilegeWithdrawn |
+ iaik.asn1.structures.DistributionPoint.aACompromise;
+
+ return codes;
+ }
+
+ /**
+ * Return a binary representation of the reason codes of this distribution
+ * point.
+ *
+ * @return The binary representation of the reason codes.
+ */
+ public int getReasonCodes() {
+ return reasonCodes;
+ }
+
+ /**
+ * Return a <code>String</code> representation of this distribution point.
+ *
+ * @return The <code>String</code> representation of this distribution point.
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ return "(DistributionPoint - "
+ + ("URI<" + getUri())
+ + ("> REASONCODES<" + getReasonCodes() + ">)");
+ }
+
+ /**
+ * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName()
+ */
+ public String getIssuerName()
+ {
+ return issuerName_;
+ }
+}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 96a90980d..b5bb461d1 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -27,6 +27,7 @@ import org.xml.sax.SAXException;
import iaik.ixsil.exceptions.URIException;
import iaik.ixsil.util.URI;
import iaik.pki.pathvalidation.ChainingModes;
+import iaik.pki.revocation.RevocationSourceTypes;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
@@ -65,52 +66,130 @@ public class ConfigurationPartsBuilder {
//
private static final String ROOT = "/" + CONF + "MOAConfiguration/";
+
private static final String DIGEST_METHOD_XPATH =
- ROOT + CONF + "DigestMethodAlgorithm/@name";
+ ROOT + CONF + "SignatureCreation/"
+ + CONF + "XMLDSIG/"
+ + CONF + "DigestMethodAlgorithm";
private static final String C14N_ALGORITHM_XPATH =
- ROOT + CONF + "CanonicalizationAlgorithm/@name";
+ ROOT + CONF + "SignatureCreation/"
+ + CONF + "XMLDSIG/"
+ + CONF + "CanonicalizationAlgorithm";
private static final String HARDWARE_CRYPTO_MODULE_XPATH =
ROOT + CONF + "HardwareCryptoModule";
private static final String HARDWARE_KEY_XPATH =
- ROOT + CONF + "HardwareKeyModule";
+ ROOT + CONF + "SignatureCreation/"
+ + CONF + "KeyModules/"
+ + CONF + "HardwareKeyModule";
private static final String SOFTWARE_KEY_XPATH =
- ROOT + CONF + "SoftwareKeyModule";
- private static final String KEYGROUP_XPATH = ROOT + CONF + "KeyGroup";
- private static final String KEY_XPATH = CONF + "Key";
- private static final String KEY_MODULE_ID_XPATH = CONF + "KeyModuleID";
- private static final String KEY_CERT_XPATH = CONF + "KeyCertIssuerSerial";
+ ROOT + CONF + "SignatureCreation/"
+ + CONF + "KeyModules/"
+ + CONF + "SoftwareKeyModule";
+ private static final String KEYGROUP_XPATH =
+ ROOT + CONF + "SignatureCreation/"
+ + CONF + "KeyGroup";
private static final String KEYGROUP_MAPPING_XPATH =
- ROOT + CONF + "KeyGroupMapping";
- private static final String KEYGROUP_MAPPING_KEYGROUP_XPATH =
- CONF + "KeyGroup";
- private static final String ISSUER_SERIAL_XPATH = CONF + "X509IssuerSerial";
- private static final String ISSUER_XPATH = DSIG + "X509IssuerName";
- private static final String SERIAL_XPATH = DSIG + "X509SerialNumber";
+ ROOT + CONF + "SignatureCreation/"
+ + CONF + "KeyGroupMapping";
+ private static final String ISSUER_XPATH =
+ DSIG + "X509IssuerName";
+ private static final String SERIAL_XPATH =
+ DSIG + "X509SerialNumber";
+ private static final String CERTSTORE_LOCATION_XPATH =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "PathConstruction/"
+ + CONF + "CertificateStore"
+ + CONF + "DirectoryStore"
+ + CONF + "Location";
+ private static final String AUTO_ADD_CERTIFICATES_XPATH_ =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "PathConstruction/"
+ + CONF + "AutoAddCertificates";
+ private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "PathConstruction/"
+ + CONF + "UseAuthorityInformationAccess";
private static final String CHAINING_MODES_XPATH =
- ROOT + CONF + "ChainingModes";
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "PathValidation/"
+ + CONF + "ChainingMode";
private static final String CHAINING_MODES_DEFAULT_XPATH =
- CHAINING_MODES_XPATH + "/@systemDefaultMode";
+ CHAINING_MODES_XPATH
+ + CONF + "/DefaultMode";
private static final String TRUST_ANCHOR_XPATH =
- ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor";
- private static final String CRL_DISTRIBUTION_POINT_XPATH =
- ROOT + CONF + "CRLDistributionPoint";
- private static final String CA_ISSUER_DN_XPATH = CONF + "CAIssuerDN";
- private static final String DISTRIBUTION_POINT_XPATH =
- CONF + "DistributionPoint";
- private static final String CRL_ARCHIVE_XPATH = ROOT + CONF + "CRLArchive";
- private static final String GENERIC_CONFIGURATION_XPATH =
- ROOT + CONF + "GenericConfiguration";
+ CHAINING_MODES_XPATH
+ + CONF + "TrustAnchor";
+ private static final String TRUST_PROFILE_XPATH =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "PathValidation/"
+ + CONF + "TrustProfile";
+ private static final String DISTRIBUTION_POINTS_XPATH =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "RevocationChecking/"
+ + CONF + "DistributionPoints";
+ private static final String ENABLE_REVOCATION_CHECKING_XPATH_ =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "RevocationChecking/"
+ + CONF + "EnableChecking";
+ private static final String MAX_REVOCATION_AGE_XPATH_ =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "RevocationChecking/"
+ + CONF + "MaxRevocationAge";
+ private static final String REVOCATION_SERVICEORDER_XPATH_ =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "RevocationChecking/"
+ + CONF + "ServiceOrder"
+ + CONF + "Service";
+ private static final String ENABLE_ARCHIVING_XPATH =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "RevocationChecking/"
+ + CONF + "Archiving/"
+ + CONF + "EnableArchiving";
+ private static final String CRL_ARCHIVE_DURATION_XPATH =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "RevocationChecking/"
+ + CONF + "Archiving/"
+ + CONF + "ArchiveDuration";
+ private static final String ACHIVE_JDBC_URL_ =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "RevocationChecking/"
+ + CONF + "Archiving/"
+ + CONF + "Archive/"
+ + CONF + "DatabaseArchive"
+ + CONF + "JDBCURL";
+ private static final String ACHIVE_JDBC_DRIVER_CLASS_ =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "CertificateValidation/"
+ + CONF + "RevocationChecking/"
+ + CONF + "Archiving/"
+ + CONF + "Archive/"
+ + CONF + "DatabaseArchive"
+ + CONF + "JDBCDriverClassName";
private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH =
- ROOT + CONF + "CreateTransformsInfoProfile";
+ ROOT + CONF + "SignatureCreation/"
+ + CONF + "CreateTransformsInfoProfile";
private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH =
- ROOT + CONF + "CreateSignatureEnvironmentProfile";
+ ROOT + CONF + "SignatureCreation/"
+ + CONF + "CreateSignatureEnvironmentProfile";
private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH =
- ROOT + CONF + "VerifyTransformsInfoProfile";
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "VerifyTransformsInfoProfile";
private static final String SUPPLEMENT_PROFILE_XPATH =
- ROOT + CONF + "SupplementProfile";
- private static final String TRUST_PROFILE_XPATH =
- ROOT + CONF + "TrustProfile";
-
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "SupplementProfile";
+
//
// default values for configuration parameters
//
@@ -143,6 +222,11 @@ public class ConfigurationPartsBuilder {
/** The root element of the MOA configuration */
private Element configElem;
+
+ /**
+ * The directory containing the underlying configuration file.
+ */
+ private File configRoot_;
/** Whether any warnings were encountered building the configuration. */
private List warnings = new ArrayList();
@@ -151,9 +235,13 @@ public class ConfigurationPartsBuilder {
* Create a new <code>ConfigurationPartsBuilder</code>.
*
* @param configElem The root element of the MOA configuration.
+ *
+ * @param configRoot The directory containing the underlying configuration file.
*/
- public ConfigurationPartsBuilder(Element configElem) {
+ public ConfigurationPartsBuilder(Element configElem, File configRoot)
+ {
this.configElem = configElem;
+ configRoot_ = configRoot;
}
/**
@@ -164,6 +252,16 @@ public class ConfigurationPartsBuilder {
public Element getConfigElem() {
return configElem;
}
+
+ /**
+ * Returns the directory containing the underlying configuration file.
+ *
+ * @return the directory containing the underlying configuration file.
+ */
+ public File getConfigRoot()
+ {
+ return configRoot_;
+ }
/**
* Returns the warnings encountered during building the configuration.
@@ -180,12 +278,12 @@ public class ConfigurationPartsBuilder {
*
* @return The digest method algorithm name from the configuration.
*/
- public String getDigestMethodAlgorithmName() {
- String digestMethod =
- getAttributeValue(getConfigElem(), DIGEST_METHOD_XPATH, null);
+ public String getDigestMethodAlgorithmName()
+ {
+ String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null);
- if (digestMethod == null
- || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) {
+ if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod))
+ {
warn(
"config.23",
new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT });
@@ -200,12 +298,12 @@ public class ConfigurationPartsBuilder {
*
* @return The canonicalization algorithm name from the configuration.
*/
- public String getCanonicalizationAlgorithmName() {
- String c14nAlgorithm =
- getAttributeValue(getConfigElem(), C14N_ALGORITHM_XPATH, null);
+ public String getCanonicalizationAlgorithmName()
+ {
+ String c14nAlgorithm = getElementValue(getConfigElem(), C14N_ALGORITHM_XPATH, null);
- if (c14nAlgorithm == null
- || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) {
+ if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm))
+ {
warn(
"config.23",
new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT });
@@ -216,52 +314,23 @@ public class ConfigurationPartsBuilder {
}
/**
- * Build the mapping of generic configuration properties.
- *
- * @return The mapping of generic configuration properties (a name to value
- * mapping) from the configuration.
- */
- public Map buildGenericConfiguration() {
- Map genericConfiguration = new HashMap();
- NodeIterator gcIter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- GENERIC_CONFIGURATION_XPATH);
- Element gcElem;
-
- while ((gcElem = (Element) gcIter.nextNode()) != null) {
- String gcName = gcElem.getAttribute("name");
- String gcValue = gcElem.getAttribute("value");
-
- if (genericConfiguration.containsKey(gcName)) {
- warn("config.24", new Object[] { gcName });
- } else {
- genericConfiguration.put(gcName, gcValue);
- }
- }
-
- return genericConfiguration;
- }
-
- /**
* Build the configured hardware crypto modules.
*
* @return The hardware crypto modules from the configuration.
*/
- public List buildHardwareCryptoModules() {
+ public List buildHardwareCryptoModules()
+ {
List modules = new ArrayList();
- NodeIterator modIter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- HARDWARE_CRYPTO_MODULE_XPATH);
- Element modElem;
+ NodeIterator modIter = XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ HARDWARE_CRYPTO_MODULE_XPATH);
+ Element modElem;
while ((modElem = (Element) modIter.nextNode()) != null) {
- String name = modElem.getAttribute("name");
- String slotID = modElem.getAttribute("slotID");
- String userPIN = modElem.getAttribute("userPIN");
- HardwareCryptoModule module =
- new HardwareCryptoModule(name, slotID, userPIN);
+ String name = getElementValue(modElem, CONF + "Name", null);
+ String slotId = getElementValue(modElem, CONF + "SlotId", null);
+ String userPIN = getElementValue(modElem, CONF + "UserPIN", null);
+ HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN);
modules.add(module);
}
@@ -275,25 +344,30 @@ public class ConfigurationPartsBuilder {
* prevent multiple key modules with the same ID.
* @return The hardware keys contained in the configuration.
*/
- public List buildHardwareKeyModules(List keyModules) {
+ public List buildHardwareKeyModules(List keyModules)
+ {
Set existingIds = toIdSet(keyModules);
List hardwareKeys = new ArrayList();
NodeIterator hkIter =
XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH);
Element keyElem;
- while ((keyElem = (Element) hkIter.nextNode()) != null) {
- String id = keyElem.getAttribute("id");
- String name = keyElem.getAttribute("name");
- String slotID = keyElem.getAttribute("slotID");
- String userPIN = keyElem.getAttribute("userPIN");
+ while ((keyElem = (Element) hkIter.nextNode()) != null)
+ {
+ String id = getElementValue(keyElem, CONF + "Id", null);
+ String name = getElementValue(keyElem, CONF + "Name", null);
+ String slotId = getElementValue(keyElem, CONF + "SlotId", null);
+ String userPIN = getElementValue(keyElem, CONF + "UserPIN", null);
- if (existingIds.contains(id)) {
+ if (existingIds.contains(id))
+ {
warn(
"config.04",
new Object[] { "Hardware- oder SoftwareKeyModule", id });
- } else {
- KeyModule key = new HardwareKeyModule(id, name, slotID, userPIN);
+ }
+ else
+ {
+ KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN);
hardwareKeys.add(key);
existingIds.add(id);
}
@@ -307,36 +381,39 @@ public class ConfigurationPartsBuilder {
* Build the configured software keys.
*
* @param The keyModules that the configuration already knows about. To
- * prevent multiple key modules with the same ID.
- * @param configRoot The directory containing the main configuration file.
- * Used to resolve keystore files configured using a relative URI.
+ * prevent multiple key modules with the same ID.
+ *
* @return The software keys contained in the configuration.
*/
- public List buildSoftwareKeyModules(List keyModules, File configRoot) {
+ public List buildSoftwareKeyModules(List keyModules)
+ {
Set existingIds = toIdSet(keyModules);
List softwareKeys = new ArrayList();
NodeIterator skIter =
XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH);
Element keyElem;
+ while ((keyElem = (Element) skIter.nextNode()) != null)
+ {
+ String id = getElementValue(keyElem, CONF + "Id", null);
+ String fileName = getElementValue(keyElem, CONF + "Filename", null);
+ String passWord = getElementValue(keyElem, CONF + "Password", null);
- while ((keyElem = (Element) skIter.nextNode()) != null) {
- String id = keyElem.getAttribute("id");
- String fileName = keyElem.getAttribute("filename");
- String passWord = keyElem.getAttribute("password");
-
- if (existingIds.contains(id)) {
+ if (existingIds.contains(id))
+ {
warn(
"config.04",
new Object[] { "Hardware- oder SoftwareKeyModule", id });
- } else {
+ }
+ else
+ {
File keyFile;
KeyModule key;
// make keyFile absolute
keyFile = new File(fileName);
if (!keyFile.isAbsolute()) {
- keyFile = new File(configRoot, fileName);
+ keyFile = new File(configRoot_, fileName);
}
// check for existence
@@ -349,7 +426,6 @@ public class ConfigurationPartsBuilder {
existingIds.add(id);
}
}
-
}
return softwareKeys;
@@ -362,7 +438,8 @@ public class ConfigurationPartsBuilder {
* knows about. Used to check for errors in the configuration.
* @return The mapping between key group IDs and key groups.
*/
- public Map buildKeyGroups(List keyModules) {
+ public Map buildKeyGroups(List keyModules)
+ {
Set keyModuleIds = toIdSet(keyModules);
Map keyGroups = new HashMap();
NodeIterator kgIter;
@@ -370,15 +447,19 @@ public class ConfigurationPartsBuilder {
// select all KeyGroup elements and build the KeyGroup objects from them
kgIter = XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_XPATH);
- while ((keyGroupElem = (Element) kgIter.nextNode()) != null) {
- String keyGroupId = keyGroupElem.getAttribute("id");
+ while ((keyGroupElem = (Element) kgIter.nextNode()) != null)
+ {
+ String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null);
Set keyGroupEntries =
buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries);
- if (keyGroups.containsKey(keyGroupId)) {
+ if (keyGroups.containsKey(keyGroupId))
+ {
warn("config.04", new Object[] { "KeyGroup", keyGroupId });
- } else {
+ }
+ else
+ {
keyGroups.put(keyGroup.getId(), keyGroup);
}
}
@@ -425,12 +506,11 @@ public class ConfigurationPartsBuilder {
Element keyEntryElem;
// select all Key elements and put them into the Map
- keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, KEY_XPATH);
- while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) {
- String keyModuleId =
- getElementValue(keyEntryElem, KEY_MODULE_ID_XPATH, "");
- Element keyCertElem =
- (Element) XPathUtils.selectSingleNode(keyEntryElem, KEY_CERT_XPATH);
+ keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, CONF + "Key");
+ while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null)
+ {
+ String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", "");
+ Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + "KeyCertIsuerSerial");
IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem);
if (!keyModuleIds.contains(keyModuleId)) {
@@ -461,15 +541,18 @@ public class ConfigurationPartsBuilder {
XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH);
// build the mapping for each KeyGroupMapping element
- while ((mappingElem = (Element) mappingIter.nextNode()) != null) {
- Element issuerSerialElem =
- (Element) XPathUtils.selectSingleNode(mappingElem, ISSUER_SERIAL_XPATH);
- IssuerAndSerial issuerAndSerial;
+ while ((mappingElem = (Element) mappingIter.nextNode()) != null)
+ {
+ Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + "CustomerId");
// build the IssuerAndSerial who has access to the key groups
- if (issuerSerialElem != null) {
+ IssuerAndSerial issuerAndSerial;
+ if (issuerSerialElem != null)
+ {
issuerAndSerial = buildIssuerAndSerial(issuerSerialElem);
- } else {
+ }
+ else
+ {
// IssuerSerial element: the keygroup is generally available
issuerAndSerial = anonymous;
}
@@ -480,24 +563,25 @@ public class ConfigurationPartsBuilder {
NodeIterator keyGroupIter;
Element keyGroupElem;
- if (groups == null) {
+ if (groups == null)
+ {
// no mapping exist -> build one
groups = new HashMap();
mappings.put(issuerAndSerial, groups);
}
// select the available key groups and add them to the mapping
- keyGroupIter =
- XPathUtils.selectNodeIterator(
- mappingElem,
- KEYGROUP_MAPPING_KEYGROUP_XPATH);
- while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) {
- String keyGroupId = keyGroupElem.getAttribute("id");
+ keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId");
+ while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null)
+ {
+ String keyGroupId = getElementValue(keyGroupElem, ".", null);
KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
- if (keyGroup != null) {
+ if (keyGroup != null)
+ {
groups.put(keyGroupId, keyGroup);
- } else {
+ } else
+ {
warn("config.00", new Object[] { keyGroupId });
}
}
@@ -512,12 +596,12 @@ public class ConfigurationPartsBuilder {
*
* @return The default chaining mode.
*/
- public String getDefaultChainingMode() {
- String defaultChaining =
- getAttributeValue(
- getConfigElem(),
- CHAINING_MODES_DEFAULT_XPATH,
- CM_CHAINING);
+ public String getDefaultChainingMode()
+ {
+ String defaultChaining = getElementValue(
+ getConfigElem(),
+ CHAINING_MODES_DEFAULT_XPATH,
+ CM_CHAINING);
return translateChainingMode(defaultChaining);
@@ -528,17 +612,20 @@ public class ConfigurationPartsBuilder {
*
* @return The mapping from trust anchors to chaining modes.
*/
- public Map buildChainingModes() {
+ public Map buildChainingModes()
+ {
Map chainingModes = new HashMap();
- NodeIterator trustIter =
- XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
- Element trustAnchorElem;
+ NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
- while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) {
- IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem);
- String mode = trustAnchorElem.getAttribute("mode");
+ Element trustAnchorElem;
+ while ((trustAnchorElem = (Element) trustIter.nextNode()) != null)
+ {
+ IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(
+ (Element)XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification"));
+ String mode = getElementValue(trustAnchorElem, CONF + "Mode", null);
- if (issuerAndSerial != null) {
+ if (issuerAndSerial != null)
+ {
chainingModes.put(issuerAndSerial, translateChainingMode(mode));
}
}
@@ -595,89 +682,111 @@ public class ConfigurationPartsBuilder {
}
/**
- * Build the CRL distribution points mapping.
+ * Build the distribution points mapping.
*
* @return The mapping from certificate authorities to distribution points.
*/
- public Map buildCRLDistributionPoints() {
- Map crlDps = new HashMap();
- NodeIterator crlDpIter;
- Element crlDpElem;
+ public Map buildDistributionPoints()
+ {
+ Map dPs = new HashMap();
+ NodeIterator dPIter;
+ Element dPElem;
- // select all CRLDistributionPoint elements and build the
- // CRLDistributionPoints
- crlDpIter =
- XPathUtils.selectNodeIterator(
- getConfigElem(),
- CRL_DISTRIBUTION_POINT_XPATH);
+ // select all DistributionPoint elements
+ dPIter = XPathUtils.selectNodeIterator(getConfigElem(), DISTRIBUTION_POINTS_XPATH);
// build the mapping of CA name to distribution points
- while ((crlDpElem = (Element) crlDpIter.nextNode()) != null) {
- String caIssuerDNText =
- getElementValue(crlDpElem, CA_ISSUER_DN_XPATH, "");
+ while ((dPElem = (Element) dPIter.nextNode()) != null) {
+ String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", "");
RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText);
- NodeIterator dpIter =
- XPathUtils.selectNodeIterator(crlDpElem, DISTRIBUTION_POINT_XPATH);
- String caIssuerDN;
- Set dps;
- Element dpElem;
+ NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP");
+ NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP");
- try {
- caIssuerDN = nameParser.parse().getName();
+ try
+ {
+ String caIssuerDN = nameParser.parse().getName();
// check, if a mapping exists or make a new mapping
- dps = (Set) crlDps.get(caIssuerDN);
- if (dps == null) {
- dps = new HashSet();
- crlDps.put(caIssuerDN, dps);
+ Set dPsForCA = (Set) dPs.get(caIssuerDN);
+ if (dPsForCA == null)
+ {
+ dPsForCA = new HashSet();
+ dPs.put(caIssuerDN, dPsForCA);
}
- // add the distribution points of this CA to the set
- while ((dpElem = (Element) dpIter.nextNode()) != null) {
- DistributionPoint dp = buildDistributionPoint(dpElem);
- dps.add(dp);
+ // add the CRL distribution points of this CA to the set
+ Element cRLDPElem;
+ while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null)
+ {
+ CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, caIssuerDN);
+ dPsForCA.add(cRLDP);
}
- } catch (RFC2253NameParserException e) {
+
+ // add the OCSP distribution points of this CA to the set
+ Element oCSPPElem;
+ while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null)
+ {
+ OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(cRLDPElem, null);
+ dPsForCA.add(oCSPDP);
+ }
+}
+ catch (RFC2253NameParserException e)
+ {
warn("config.13", new Object[] { caIssuerDNText }, e);
}
}
- return crlDps;
+ return dPs;
}
/**
* Build a distribution point from the DOM representation.
*
* @param dpElem The root element of the distribution point.
+ *
+ * @param issuerName The name of the CA issuing the CRL referred to by this DP, or <code>null</code>
+ * if this DP refers to an OCSP responder.
+ *
* @return The distribution point.
*/
- private DistributionPoint buildDistributionPoint(Element dpElem) {
- String uri = dpElem.getAttribute("uri");
- String reasonCodes = dpElem.getAttribute("reasonCodes");
-
- return new DistributionPoint(uri, reasonCodes != null ? reasonCodes : "");
+ private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName)
+ {
+ String uri = getElementValue(dpElem, CONF + "Location", null);
+
+ if ("CRLDP".equals(dpElem.getLocalName()))
+ {
+ NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode");
+ Element reasonCodeElem;
+ StringBuffer reasonCodesSB = new StringBuffer();
+ while ((reasonCodeElem = (Element)reasonCodesIter.nextNode()) != null)
+ {
+ if (reasonCodesSB.length() > 0) reasonCodesSB.append(" ");
+ reasonCodesSB.append(getElementValue(reasonCodeElem, ".", "").trim());
+ }
+ return new CRLDistributionPoint(uri, reasonCodesSB.toString(), issuerName);
+ }
+ else
+ {
+ return new OCSPDistributionPoint(uri);
+ }
}
/**
* Return the CRL archive duration.
*
- * @return The value of the CRL archive duration setting from the
- * configuration.
+ * @return The value of the CRL archive duration setting from the configuration, or <code>0</code> if
+ * no value is set in the configuration.
*/
- public int getCRLArchiveDuration() {
- Element crlArchiveElem =
- (Element) XPathUtils.selectSingleNode(getConfigElem(), CRL_ARCHIVE_XPATH);
- String crlArchiveDuration;
-
- if (crlArchiveElem == null) {
- return 0;
- }
-
- try {
- crlArchiveDuration = crlArchiveElem.getAttribute("duration");
- return Integer.parseInt(crlArchiveDuration);
- } catch (NumberFormatException e) {
+ public int getRevocationArchiveDuration()
+ {
+ String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null);
+ try
+ {
+ return Integer.parseInt(archiveDuration);
+ }
+ catch (NumberFormatException e)
+ {
warn("config.01", null);
return 0;
}
@@ -686,106 +795,92 @@ public class ConfigurationPartsBuilder {
/**
* Build the <code>CreateTransformsInfoProfile</code>s.
*
- * @param configRoot The directory of the main configuration file. Used for
- * lookup of profiles with relative file names.
* @return The mapping from profile ID to profile.
*/
- public Map buildCreateTransformsInfoProfiles(File configRoot) {
- return loadProfiles(
- configRoot,
- CREATE_TRANSFORMS_INFO_PROFILE_XPATH,
- "CreateTransformsInfoProfile");
+ public Map buildCreateTransformsInfoProfiles()
+ {
+ return loadProfiles(CREATE_TRANSFORMS_INFO_PROFILE_XPATH, "CreateTransformsInfoProfile");
}
/**
* Build the <code>CreateSignatureEnvironmentProfile</code>s.
*
- * @param configRoot The directory of the main configuration file. Used for
- * lookup of profiles with relative file names.
* @return The mapping from profile ID to profile.
*/
- public Map buildCreateSignatureEnvironmentProfiles(File configRoot) {
- return loadProfiles(
- configRoot,
- CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH,
- "CreateSignatureEnvironmentProfile");
+ public Map buildCreateSignatureEnvironmentProfiles()
+ {
+ return loadProfiles(CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, "CreateSignatureEnvironmentProfile");
}
/**
* Build the <code>VerifyTransformsInfoProfile</code>s.
*
- * @param configRoot The directory of the main configuration file. Used for
- * lookup of profiles with relative file names.
* @return The mapping from profile ID to profile.
*/
- public Map buildVerifyTransformsInfoProfiles(File configRoot) {
- return loadProfiles(
- configRoot,
- VERIFY_TRANSFORMS_INFO_PROFILE_XPATH,
- "VerifyTransformsInfoProfile");
+ public Map buildVerifyTransformsInfoProfiles()
+ {
+ return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile");
}
/**
* Build the <code>SupplementProfile</code>s.
*
- * @param configRoot The directory of the main configuration file. Used for
- * lookup of profiles with relative file names.
* @return The mapping from profile ID to profile.
*/
- public Map buildSupplementProfiles(File configRoot) {
- return loadProfiles(
- configRoot,
- SUPPLEMENT_PROFILE_XPATH,
- "SupplementProfile");
+ public Map buildSupplementProfiles()
+ {
+ return loadProfiles(SUPPLEMENT_PROFILE_XPATH, "SupplementProfile");
}
/**
* Load a profile mapping.
*
- * @param root The absolute directory path of the main configuration file.
* @param xpath The XPath to select the profiles from the configuration.
+ *
* @param profileRoot The name of the profile root element.
+ *
* @return Map The profile ID to profile mapping.
*/
- private Map loadProfiles(File root, String xpath, String profileRoot) {
+ private Map loadProfiles(String xpath, String profileRoot)
+ {
Map profiles = new HashMap();
- NodeIterator profileIter =
- XPathUtils.selectNodeIterator(getConfigElem(), xpath);
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath);
Element profileElem;
- while ((profileElem = (Element) profileIter.nextNode()) != null) {
- String id = profileElem.getAttribute("id");
- String fileName = profileElem.getAttribute("filename");
+ while ((profileElem = (Element) profileIter.nextNode()) != null)
+ {
+ String id = getElementValue(profileElem, CONF + "Id", null);
+ String fileName = getElementValue(profileElem, CONF + "Location", null);
- if (profiles.containsKey(id)) {
+ if (profiles.containsKey(id))
+ {
warn("config.04", new Object[] { profileRoot, id });
- } else {
- Element profile;
-
- try {
+ }
+ else
+ {
+ try
+ {
File profileFile = new File(fileName);
// make profileFile absolute
- if (!profileFile.isAbsolute()) {
- profileFile = new File(root, fileName);
- }
+ if (!profileFile.isAbsolute()) profileFile = new File(configRoot_, fileName);
// load the profile
- info(
- "config.22",
- new Object[] { profileRoot, id, profileFile.getAbsoluteFile()});
- profile = loadProfile(profileFile);
+ info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile()});
+ Element profile = loadProfile(profileFile);
- if (profile.getTagName().equals(profileRoot)) {
+ if (profile.getTagName().equals(profileRoot))
+ {
profiles.put(id, profile);
- } else {
+ }
+ else
+ {
warn("config.02", new Object[] { profileRoot, id, fileName });
}
} catch (ConfigurationException e) {
warn("config.03", new Object[] { profileRoot, id });
}
}
-
}
return profiles;
@@ -815,30 +910,30 @@ public class ConfigurationPartsBuilder {
/**
* Bulid the trust profile mapping.
*
- * @param configRoot The absolute path to the main configuration file.
* @return The profile ID to profile mapping.
*/
- public Map buildTrustProfiles(File configRoot) {
+ public Map buildTrustProfiles()
+ {
Map trustProfiles = new HashMap();
- NodeIterator profileIter =
- XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
+ NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
Element profileElem;
- while ((profileElem = (Element) profileIter.nextNode()) != null) {
- String id = profileElem.getAttribute("id");
- String uriStr = profileElem.getAttribute("uri");
- String signerCertsUriStr = profileElem.getAttribute("signerCertsUri");
+ while ((profileElem = (Element) profileIter.nextNode()) != null)
+ {
+ String id = getElementValue(profileElem, CONF + "Id", null);
+ String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
+ String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
- URI uri = null;
+ URI trustAnchorsLocURI = null;
try
{
- uri = new URI(uriStr);
- if (!uri.isAbsolute()) { // make it absolute to the config file
- uri = new URI(configRoot.toURL() + uriStr);
+ trustAnchorsLocURI = new URI(trustAnchorsLocStr);
+ if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
+ trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
}
}
catch (URIException e) {
- warn("config.14", new Object[] { "uri", id, uriStr }, e);
+ warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
continue;
}
catch (MalformedURLException e)
@@ -847,7 +942,7 @@ public class ConfigurationPartsBuilder {
continue;
}
- File profileDir = new File(uri.getPath());
+ File profileDir = new File(trustAnchorsLocURI.getPath());
if (!profileDir.exists() || !profileDir.isDirectory()) {
warn("config.27", new Object[] { "uri", id });
continue;
@@ -858,22 +953,22 @@ public class ConfigurationPartsBuilder {
continue;
}
- URI signerCertsUri = null;
- if (signerCertsUriStr != null && !"".equals(signerCertsUriStr))
+ URI signerCertsLocURI = null;
+ if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
{
try
{
- signerCertsUri = new URI(signerCertsUriStr);
- if (!signerCertsUri.isAbsolute()) signerCertsUri = new URI(configRoot.toURL() + signerCertsUriStr);
+ signerCertsLocURI = new URI(signerCertsLocStr);
+ if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
- File signerCertsDir = new File(signerCertsUri.getPath());
+ File signerCertsDir = new File(signerCertsLocURI.getPath());
if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
warn("config.27", new Object[] { "signerCertsUri", id });
continue;
}
}
catch (URIException e) {
- warn("config.14", new Object[] { "signerCertsUri", id, uriStr }, e);
+ warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
continue;
}
catch (MalformedURLException e) {
@@ -882,13 +977,50 @@ public class ConfigurationPartsBuilder {
}
}
- signerCertsUriStr = (signerCertsUri != null) ? signerCertsUri.toString() : null;
- TrustProfile profile = new TrustProfile(id, uri.toString(), signerCertsUriStr);
+ signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
+ TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr);
trustProfiles.put(id, profile);
}
return trustProfiles;
}
+
+ /**
+ * Returns the location of the certificate store.
+ *
+ * @return the location of the certificate store.
+ */
+ public String getCertStoreLocation()
+ {
+ String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null);
+ File certStoreLocFile;
+
+ // Make cert store location an absolute value
+ certStoreLocFile = new File(certStoreLocStr);
+ if (!certStoreLocFile.isAbsolute())
+ {
+ certStoreLocFile = new File(configRoot_, certStoreLocStr);
+ }
+
+ // Check if cert store location exists, eventually try to create it
+ if (!certStoreLocFile.isDirectory())
+ {
+ boolean created = false;
+ try
+ {
+ created = certStoreLocFile.mkdirs();
+ }
+ finally
+ {
+ if (!created)
+ {
+ warn("config.32", new Object[] { certStoreLocFile.getAbsolutePath() });
+ }
+ }
+ }
+
+ return certStoreLocFile.getAbsolutePath();
+ }
//
// various utility methods
@@ -984,4 +1116,107 @@ public class ConfigurationPartsBuilder {
warnings.add(txt);
}
+ /**
+ * Returns whether revocation information should be archived.
+ *
+ * @return whether revocation information should be archived.
+ */
+ public boolean getEnableRevocationArchiving()
+ {
+ String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null);
+ return Boolean.valueOf(enableArchiving).booleanValue();
+ }
+
+ /**
+ * Returns the JDBC URL for the revocation archive database.
+ *
+ * @return the JDBC URL for the revocation archive database, or <code>null</code, if the corresponding
+ * parameter is not set in the configuration.
+ */
+ public String getRevocationArchiveJDBCURL()
+ {
+ String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null);
+ return jDBCURL;
+ }
+
+ /**
+ * Returns the JDBC driver class name for the revocation archive database.
+ *
+ * @return the JDBC driver class name for the revocation archive database, or <code>null</code,
+ * if the corresponding parameter is not set in the configuration.
+ */
+ public String getRevocationArchiveJDBCDriverClass()
+ {
+ String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null);
+ return jDBCDriverClass;
+ }
+
+ /**
+ * Returns whether revocation information should be archived.
+ */
+ public boolean getEnableRevocationChecking()
+ {
+ String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null);
+ return Boolean.valueOf(enableChecking).booleanValue();
+ }
+
+ /**
+ * Returns the maximum age of a revocation information for considering it
+ * still as valid.
+ *
+ * @return the maximum age of a revocation information for considering it
+ * still as valid.
+ */
+ public long getMaxRevocationAge()
+ {
+ String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null);
+ return Long.valueOf(maxRevocationAge).longValue();
+ }
+
+ /**
+ * Returns the service order for revocation checking.
+ *
+ * @return the service order for revocation checking. Valid array entries are
+ * {@link evocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}.
+ * An empty array will be returned if no service order is specified in the
+ * configuration.
+ */
+ public String[] getServiceOrder()
+ {
+ ArrayList list = new ArrayList();
+ NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), REVOCATION_SERVICEORDER_XPATH_);
+ Element currentServiceNode;
+ while ((currentServiceNode = (Element)serviceIter.nextNode()) != null)
+ {
+ list.add(getElementValue(currentServiceNode, ".", null));
+ }
+ return (String[])list.toArray();
+ }
+
+ /**
+ * Returns whether the certificate extension Authority Info Access should
+ * be used during certificate path construction.
+ *
+ * @return whether the certificate extension Authority Info Access should
+ * be used during certificate path construction.
+ */
+ public boolean getUseAuthorityInfoAccess()
+ {
+ String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null);
+ return Boolean.valueOf(useAIA).booleanValue();
+ }
+
+ /**
+ * Returns whether certificates found during certificate path construction
+ * should be added to the certificate store.
+ *
+ * @return whether certificates found during certificate path construction
+ * should be added to the certificate store.
+ */
+ public boolean getAutoAddCertificates()
+ {
+ String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null);
+ return Boolean.valueOf(autoAdd).booleanValue();
+ }
+
}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 4927bb9b0..a6cbcc159 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -16,6 +16,7 @@ import java.util.Set;
import org.w3c.dom.Element;
import iaik.asn1.structures.Name;
+import iaik.pki.revocation.RevocationSourceTypes;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
@@ -42,8 +43,8 @@ import at.gv.egovernment.moa.spss.util.MessageProvider;
* @author Sven Aigner
* @version $Id$
*/
-public class ConfigurationProvider {
-
+public class ConfigurationProvider
+{
/**
* The name of the system property which contains the file name of the
* configuration file.
@@ -51,54 +52,6 @@ public class ConfigurationProvider {
public static final String CONFIG_PROPERTY_NAME =
"moa.spss.server.configuration";
- /**
- * The name of the generic configuration property giving the root directory of
- * a directory based cert store.
- */
- public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
- "DirectoryCertStoreParameters.RootDir";
-
- /** The name of the generic configuration property which determines if
- * certificates should be added to the cert store automatically. */
- public static final String AUTO_ADD_CERTIFICATES_PROPERTY =
- "autoAddCertificates";
-
- /** The name of the generic configuration property whether the authority
- * info access should be used. */
- public static final String USE_AUTHORITY_INFO_ACCESS_PROPERTY =
- "useAuthorityInfoAccess";
-
- /** The name of the generic configuration property determining the maximum
- * age of CRL entries. */
- public static final String MAX_REVOCATION_AGE_PROPERTY = "maxRevocationAge";
-
- /**
- * The name of the generic configuration property giving the database URL of
- * the CRL archive.
- */
- public static final String DATABASE_ARCHIVE_PARAMETER_URL_PROPERTY =
- "DataBaseArchiveParameter.JDBCUrl";
-
- /**
- * The name of the generic configuration property giving the JDBC driver
- * class name for accessing the database used for the the CRL archive.
- */
- public static final String DATABASE_ARCHIVE_PARAMETER_DRIVERCLASS_PROPERTY =
- "DataBaseArchiveParameter.JDBCDriverClass";
-
- /** The name of the generic configuration property determining whether
- * to check the revocation status of signer certificates. */
- public static final String REVOCATION_CHECKING_PROPERTY = "checkRevocation";
-
- /** The name of the generic configuration property determining whether to
- * archive revocation information. */
- public static final String ARCHIVE_REVOCATION_INFO_PROPERTY =
- "archiveRevocationInfo";
-
- /** The name of the generic configuration property used for setting the
- * signing time to a predefined value. (Use for testing purposes only). */
- public static final String TEST_SIGNING_TIME_PROPERTY = "test.SigningTime";
-
/**
* A fake <code>IssuerAndSerial</code> object for storing KeyGroup information
* accessible by all clients.
@@ -122,13 +75,6 @@ public class ConfigurationProvider {
/** The default canonicalization algorithm name */
private String canonicalizationAlgorithmName;
- /**
- * A <code>Map</code> which contains generic configuration information. Maps a
- * configuration name (a <code>String</code>) to a configuration value (also a
- * <code>String</code>).
- */
- private Map genericConfiguration;
-
/**
* A <code>List</code> of <code>HardwareCryptoModule</code> objects for
* configuring hardware modules.
@@ -173,10 +119,22 @@ public class ConfigurationProvider {
* to distribution points (a <code>Set</code> of
* <code>DistributionPoint</code>s) mapping.
*/
- private Map crlDistributionPoints;
+ private Map distributionPoints;
- /** The CRL archive duration. */
+ /**
+ * The CRL archive duration.
+ */
private int cRLArchiveDuration;
+
+ /**
+ * Indicates whether revocation information should be archived.
+ */
+ private boolean enableRevocationArchiving_;
+
+ /**
+ * The location of the certificate store.
+ */
+ private String certStoreLocation_;
/**
* A <code>Map</code> which contains a mapping from
@@ -213,6 +171,43 @@ public class ConfigurationProvider {
private Map trustProfiles;
/**
+ * The JDBC URL for the revocation archive database.
+ */
+ private String revocationArchiveJDBCURL_;
+
+ /**
+ * The JDBC driver class name for the revocation archive database.
+ */
+ private String revocationArchiveJDBCDriverClass_;
+
+ /**
+ * Indicates whether revocation checking should be done.
+ */
+ private boolean enableRevocationChecking_;
+
+ /**
+ * The maximum age of a revocation information for considering it still as valid.
+ */
+ private long maxRevocationAge_;
+
+ /**
+ * The service order for revocation checking.
+ */
+ private String[] serviceOrder_;
+
+ /**
+ * Indicates whether certificates found during certificate path construction
+ * should be added to the certificate store.
+ */
+ private boolean autoAddCertificates_;
+
+ /**
+ * Indicates whether the certificate extension Authority Info Access should
+ * be used during certificate path construction.
+ */
+ private boolean useAuthorityInfoAccess_;
+
+ /**
* Return the single instance of configuration data.
*
* @return MOAConfigurationProvider The current configuration data.
@@ -291,7 +286,7 @@ public class ConfigurationProvider {
// build the internal datastructures
try {
- builder = new ConfigurationPartsBuilder(configElem);
+ builder = new ConfigurationPartsBuilder(configElem, configRoot);
digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
canonicalizationAlgorithmName =
builder.getCanonicalizationAlgorithmName();
@@ -299,7 +294,7 @@ public class ConfigurationProvider {
hardwareKeyModules =
builder.buildHardwareKeyModules(Collections.EMPTY_LIST);
softwareKeyModules =
- builder.buildSoftwareKeyModules(hardwareKeyModules, configRoot);
+ builder.buildSoftwareKeyModules(hardwareKeyModules);
allKeyModules = new ArrayList(hardwareKeyModules);
allKeyModules.addAll(softwareKeyModules);
keyGroups = builder.buildKeyGroups(allKeyModules);
@@ -307,20 +302,23 @@ public class ConfigurationProvider {
builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
defaultChainingMode = builder.getDefaultChainingMode();
chainingModes = builder.buildChainingModes();
- crlDistributionPoints = builder.buildCRLDistributionPoints();
- cRLArchiveDuration = builder.getCRLArchiveDuration();
- genericConfiguration = builder.buildGenericConfiguration();
- absolutizeCertStoreRoot(configRoot);
- createTransformsInfoProfiles =
- builder.buildCreateTransformsInfoProfiles(configRoot);
- createSignatureEnvironmentProfiles =
- builder.buildCreateSignatureEnvironmentProfiles(configRoot);
- verifyTransformsInfoProfiles =
- builder.buildVerifyTransformsInfoProfiles(configRoot);
- supplementProfiles = builder.buildSupplementProfiles(configRoot);
- trustProfiles = builder.buildTrustProfiles(configRoot);
+ useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
+ autoAddCertificates_ = builder.getAutoAddCertificates();
+ distributionPoints = builder.buildDistributionPoints();
+ enableRevocationChecking_ = builder.getEnableRevocationChecking();
+ maxRevocationAge_ = builder.getMaxRevocationAge();
+ serviceOrder_ = builder.getServiceOrder();
+ enableRevocationArchiving_ = builder.getEnableRevocationArchiving();
+ cRLArchiveDuration = builder.getRevocationArchiveDuration();
+ revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL();
+ revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
+ certStoreLocation_ = builder.getCertStoreLocation();
+ createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles();
+ createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles();
+ verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles();
+ supplementProfiles = builder.buildSupplementProfiles();
+ trustProfiles = builder.buildTrustProfiles();
warnings = new ArrayList(builder.getWarnings());
- checkConsistency();
} catch (Throwable t) {
throw new ConfigurationException("config.11", null, t);
} finally {
@@ -345,63 +343,6 @@ public class ConfigurationProvider {
}
/**
- * Make the <code>DIRECTORY_CERTSTORE_PARAMETER_PROPERTY</code> generic
- * configuration value an absolute file name.
- *
- * @param configRoot The root directory of the main configuration file.
- */
- private void absolutizeCertStoreRoot(File configRoot) {
- String certStoreRoot =
- getGenericConfiguration(DIRECTORY_CERTSTORE_PARAMETER_PROPERTY);
-
- if (certStoreRoot != null) {
- if (!new File(certStoreRoot).isAbsolute()) {
- // make the cert store absolute
- File absCertStore = new File(configRoot, certStoreRoot);
-
- setGenericConfiguration(
- DIRECTORY_CERTSTORE_PARAMETER_PROPERTY,
- absCertStore.getAbsolutePath());
- }
- } else {
- // no value given: set it to a reasonable (absolute) default
- File absCertStore = new File(configRoot, "certstore");
-
- setGenericConfiguration(
- DIRECTORY_CERTSTORE_PARAMETER_PROPERTY,
- absCertStore.getAbsolutePath());
- }
- }
-
- /**
- * Do some additional consistency checks on the configuration.
- */
- private void checkConsistency() {
- // check for valid DirectoryCertStoreParameters.RootDir
- String certStoreRoot =
- getGenericConfiguration(DIRECTORY_CERTSTORE_PARAMETER_PROPERTY);
-
- if (certStoreRoot != null) {
- File certStore = new File(certStoreRoot);
-
- if (!certStore.exists() && !certStore.isDirectory()) {
- boolean created = false;
-
- try {
- created = certStore.mkdirs();
- } finally {
- if (!created) {
- warn(
- "config.30",
- new Object[] { DIRECTORY_CERTSTORE_PARAMETER_PROPERTY });
- }
- }
- }
- }
-
- }
-
- /**
* Return the name of the digest algorithm used during signature creation.
*
* @return The digest method algorithm name, or an empty <code>String</code>,
@@ -530,20 +471,22 @@ public class ConfigurationProvider {
}
/**
- * Return the CRL distribution points for a given CA.
+ * Return the distribution points for a given CA.
+ *
+ * @param cert The certificate for which the distribution points should be
+ * looked up. The issuer information is used to perform the lookup.
*
- * @param cert The certificate for which the CRL distribution points should be
- * looked up. The issuer information is used to perform the lookup.
* @return A <code>Set</code> of <code>DistributionPoint</code> objects. The
- * set will be empty, if no distribution points have been configured for this
- * certificate.
+ * set will be empty, if no distribution points have been configured
+ * for this certificate.
*/
- public Set getCRLDP(X509Certificate cert) {
+ public Set getDistributionPoints(X509Certificate cert)
+ {
try {
RFC2253NameParser nameParser =
new RFC2253NameParser(cert.getIssuerDN().toString());
String caIssuerDN = nameParser.parse().getName();
- Set dps = (Set) crlDistributionPoints.get(caIssuerDN);
+ Set dps = (Set) distributionPoints.get(caIssuerDN);
if (dps == null) {
return Collections.EMPTY_SET;
@@ -563,42 +506,25 @@ public class ConfigurationProvider {
public int getCRLArchiveDuration() {
return cRLArchiveDuration;
}
-
- /**
- * Sets a generic configuration value.
- *
- * Existing values are overridden.
- *
- * @param name The name of the generic configuration.
- * @param value The new value of the generic configuration.
- */
- private void setGenericConfiguration(String name, String value) {
- genericConfiguration.put(name, value);
- }
-
+
/**
- * Return the value of a generic configuration.
+ * Returns whether revocation information should be archived.
*
- * @param name The name of the generic configuration.
- * @return The value of the generic configuration with the given name, or
- * <code>null</code>, if none can be found.
+ * @return whether revocation information should be archived.
*/
- public String getGenericConfiguration(String name) {
- return (String) genericConfiguration.get(name);
+ public boolean getEnableRevocationArchiving()
+ {
+ return enableRevocationArchiving_;
}
-
+
/**
- * Return the value of a generic configuration, or a given default value.
+ * Returns the location of the certificate store.
*
- * @param name The name of the generic configuration.
- * @param defaultValue A default value to be returned in case that the generic
- * configuration with the given name does not exist.
- * @return The value of the generic configuration with the given name, or the
- * <code>defaultValue</code>, if none can be found.
+ * @return the location of the certificate store.
*/
- public String getGenericConfiguration(String name, String defaultValue) {
- String value = (String) genericConfiguration.get(name);
- return value != null ? value : defaultValue;
+ public String getCertStoreLocation()
+ {
+ return certStoreLocation_;
}
/**
@@ -683,4 +609,81 @@ public class ConfigurationProvider {
warnings.add(txt);
}
+ /**
+ * Returns the JDBC URL for the revocation archive database.
+ *
+ * @return the JDBC URL for the revocation archive database.
+ */
+ public String getRevocationArchiveJDBCURL()
+ {
+ return revocationArchiveJDBCURL_;
+ }
+
+ /**
+ * Returns the JDBC driver class name for the revocation archive database.
+ *
+ * @return the JDBC driver class name for the revocation archive database.
+ */
+ public String getRevocationArchiveJDBCDriverClass()
+ {
+ return revocationArchiveJDBCDriverClass_;
+ }
+
+ /**
+ * Returns whether revocation checking should be done.
+ *
+ * @return whether revocation checking should be done.
+ */
+ public boolean getEnableRevocationChecking()
+ {
+ return enableRevocationChecking_;
+ }
+
+ /**
+ * Returns the maximum age of a revocation information for considering it
+ * still as valid.
+ *
+ * @return the maximum age of a revocation information for considering it
+ * still as valid.
+ */
+ public long getMaxRevocationAge()
+ {
+ return maxRevocationAge_;
+ }
+
+ /**
+ * Returns the service order for revocation checking.
+ *
+ * @return the service order for revocation checking. Valid array entries are
+ * {@link evocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}.
+ */
+ public String[] getServiceOrder()
+ {
+ return serviceOrder_;
+ }
+
+ /**
+ * Returns whether certificates found during certificate path construction
+ * should be added to the certificate store.
+ *
+ * @return whether certificates found during certificate path construction
+ * should be added to the certificate store.
+ */
+ public boolean getAutoAddCertificates()
+ {
+ return autoAddCertificates_;
+ }
+
+ /**
+ * Returns whether the certificate extension Authority Info Access should
+ * be used during certificate path construction.
+ *
+ * @return whether the certificate extension Authority Info Access should
+ * be used during certificate path construction.
+ */
+ public boolean getUseAuthorityInfoAccess()
+ {
+ return useAuthorityInfoAccess_;
+ }
+
} \ No newline at end of file
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java
index 7863eabe1..5c0646449 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java
@@ -1,146 +1,38 @@
package at.gv.egovernment.moa.spss.server.config;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.StringTokenizer;
-
-import at.gv.egovernment.moa.logging.LogMsg;
-import at.gv.egovernment.moa.logging.Logger;
-
-import at.gv.egovernment.moa.spss.util.MessageProvider;
-
/**
- * A class containing information about a CRL distribution point.
+ * Abstract base class for distribution points.
*
- * @author Sven Aigner
- * @author Patrick Peck
+ * @author Gregor Karlinger
* @version $Id$
- */
-public class DistributionPoint {
-
- private static Map RC_MAPPING = new HashMap();
-
- static {
-
- // create the mapping between reason code strings and their integer values
- RC_MAPPING.put(
- "unused",
- new Integer(iaik.asn1.structures.DistributionPoint.unused));
- RC_MAPPING.put(
- "keyCompromise",
- new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise));
- RC_MAPPING.put(
- "cACompromise",
- new Integer(iaik.asn1.structures.DistributionPoint.cACompromise));
- RC_MAPPING.put(
- "affiliationChanged",
- new Integer(iaik.asn1.structures.DistributionPoint.affiliationChanged));
- RC_MAPPING.put(
- "superseded",
- new Integer(iaik.asn1.structures.DistributionPoint.superseded));
- RC_MAPPING.put(
- "cessationOfOperation",
- new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
- RC_MAPPING.put(
- "certificateHold",
- new Integer(iaik.asn1.structures.DistributionPoint.certificateHold));
- RC_MAPPING.put(
- "privilegeWithdrawn",
- new Integer(iaik.asn1.structures.DistributionPoint.privilegeWithdrawn));
- RC_MAPPING.put(
- "aACompromise",
- new Integer(iaik.asn1.structures.DistributionPoint.aACompromise));
- }
-
- /** The distribution point URI. */
- private String uri;
- /** The reason codes applicable for the distribution point. */
- private int reasonCodes;
-
- /**
- * Create a <code>DistributionPoint</code> with a URI and a list of reason
- * codes.
- *
- * @param uri The URI of the distribution point.
- * @param reasonCodeStr A list of reason codes (a space-separated
- * enumeration).
- */
- public DistributionPoint(String uri, String reasonCodeStr) {
- this.uri = uri;
- this.reasonCodes = extractReasonCodes(reasonCodeStr);
- }
-
- /**
- * Convert a list of reason codes provided as a <code>String</code> to a
- * binary representation.
- *
- * @param reasonCodeStr A <code>String</code> containing a blank-separated,
- * textual representation of reason codes.
- * @return int A binary representation of reason codes.
- * @see iaik.asn1.structures.DistributionPoint
+ * */
+public abstract class DistributionPoint implements iaik.pki.revocation.DistributionPoint
+{
+ /**
+ * The distribution point URI.
*/
- private int extractReasonCodes(String reasonCodeStr) {
- int codes = 0;
- StringTokenizer tokenizer = new StringTokenizer(reasonCodeStr);
- String token;
- Integer reasonCode;
-
- while (tokenizer.hasMoreTokens()) {
- token = tokenizer.nextToken();
- reasonCode = (Integer) RC_MAPPING.get(token);
- if (reasonCode != null) {
- codes |= reasonCode.intValue();
- } else {
- MessageProvider msg = MessageProvider.getInstance();
- Logger.warn(
- new LogMsg(msg.getMessage("config.07", new Object[] { token })));
- }
- }
-
- // If reasonCodeStr is empty, set all possible reason codes
- if (codes == 0) codes =
- iaik.asn1.structures.DistributionPoint.unused |
- iaik.asn1.structures.DistributionPoint.keyCompromise |
- iaik.asn1.structures.DistributionPoint.cACompromise |
- iaik.asn1.structures.DistributionPoint.affiliationChanged |
- iaik.asn1.structures.DistributionPoint.superseded |
- iaik.asn1.structures.DistributionPoint.cessationOfOperation |
- iaik.asn1.structures.DistributionPoint.certificateHold |
- iaik.asn1.structures.DistributionPoint.privilegeWithdrawn |
- iaik.asn1.structures.DistributionPoint.aACompromise;
-
- return codes;
- }
+ private String uri_;
/**
- * Return the URI of the distribution point.
+ * Create a <code>DistributionPoint</code> with a URI.
*
- * @return The URI of the distribution point.
+ * @param uri The URI of the distribution point.
*/
- public String getUri() {
- return uri;
+ public DistributionPoint(String uri)
+ {
+ uri_ = uri;
}
-
+
/**
- * Return a binary representation of the reason codes of this distribution
- * point.
- *
- * @return The binary representation of the reason codes.
+ * @see iaik.pki.revocation.DistributionPoint#getType()
*/
- public int getReasonCodes() {
- return reasonCodes;
- }
+ public abstract String getType();
/**
- * Return a <code>String</code> representation of this distribution point.
- *
- * @return The <code>String</code> representation of this distribution point.
- * @see java.lang.Object#toString()
+ * @see iaik.pki.revocation.DistributionPoint#getUri()
*/
- public String toString() {
- return "(DistributionPoint - "
- + ("URI<" + getUri())
- + ("> REASONCODES<" + getReasonCodes() + ">)");
+ public String getUri()
+ {
+ return uri_;
}
-
}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java
new file mode 100644
index 000000000..e4509ac97
--- /dev/null
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java
@@ -0,0 +1,33 @@
+package at.gv.egovernment.moa.spss.server.config;
+
+import iaik.pki.revocation.RevocationSourceTypes;
+
+/**
+ * A class representing a CRL distribution point.
+ *
+ * @author Gregor Karlinger
+ * @version $Id$
+ */
+public class OCSPDistributionPoint
+ extends DistributionPoint
+ implements iaik.pki.revocation.DistributionPoint
+{
+ /**
+ * Create a <code>OCSPDistributionPoint</code> with a URI.
+ *
+ * @param uri The URI of the ocsp distribution point.
+ */
+ public OCSPDistributionPoint(String uri)
+ {
+ super(uri);
+ }
+
+ /**
+ * @see iaik.pki.revocation.DistributionPoint#getType()
+ */
+ public String getType()
+ {
+ return RevocationSourceTypes.OCSP;
+ }
+
+}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java
index daff07bd2..bf56d437c 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java
@@ -28,23 +28,17 @@ public class ArchiveConfigurationImpl
/**
* Create a new <code>ArchiveConfigurationImpl</code>.
*
- * @param config The MOA configuration from which the configuration data is
- * being read.
+ * @param config The MOA configuration from which the configuration data is being read.
*/
- public ArchiveConfigurationImpl(ConfigurationProvider config) {
- String jdbcUrl =
- config.getGenericConfiguration(
- ConfigurationProvider.DATABASE_ARCHIVE_PARAMETER_URL_PROPERTY);
-
- if (jdbcUrl != null) {
- this.archiveParameters = new DataBaseArchiveParameterImpl(jdbcUrl);
- }
+ public ArchiveConfigurationImpl(ConfigurationProvider config)
+ {
+ String jdbcUrl = config.getRevocationArchiveJDBCURL();
+ this.archiveParameters = new DataBaseArchiveParameterImpl(jdbcUrl);
- // Register JDBC driver class specified in generic configuration parameters
- String jdbcDriverClass = config.getGenericConfiguration(
- ConfigurationProvider.DATABASE_ARCHIVE_PARAMETER_DRIVERCLASS_PROPERTY);
- if (jdbcDriverClass != null)
+ // Register JDBC driver class
+ if (jdbcUrl != null)
{
+ String jdbcDriverClass = config.getRevocationArchiveJDBCDriverClass();
try
{
Class.forName(jdbcDriverClass);
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CRLDistributionPointAdapter.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CRLDistributionPointAdapter.java
deleted file mode 100644
index 1c2df80a5..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CRLDistributionPointAdapter.java
+++ /dev/null
@@ -1,54 +0,0 @@
-package at.gv.egovernment.moa.spss.server.iaik.config;
-
-import iaik.pki.revocation.CRLDistributionPoint;
-import iaik.pki.revocation.RevocationSourceTypes;
-
-import at.gv.egovernment.moa.spss.server.config.DistributionPoint;
-
-/**
- * A class that wraps an
- * at.gv.egovernment.moa.spss.server.config.DistributionPoint as a
- * iaik.pki.revocation.CRLDistributionPoint.
- *
- * @see iaik.pki.revocation.CRLDistributionPoint
- * @author Patrick Peck
- * @version $Id$
- */
-public class CRLDistributionPointAdapter implements CRLDistributionPoint {
-
- /** The wrapped <code>DistributionPoint</code>. */
- private DistributionPoint distributionPoint;
-
- /**
- * Create a new <code>CRLDistributionPointAdapter</code>.
- *
- * @param distributionPoint The <code>DistributionPoint</code> to wrap. It
- * contains the data configured in the MOA configuration.
- */
- public CRLDistributionPointAdapter(DistributionPoint distributionPoint) {
- this.distributionPoint = distributionPoint;
- }
-
- /**
- * @see iaik.pki.revocation.CRLDistributionPoint#getReasonCodes()
- */
- public int getReasonCodes() {
- return distributionPoint.getReasonCodes();
- }
-
- /**
- * @return <code>RevocationSourceTypes.CRL</code>
- * @see iaik.pki.revocation.DistributionPoint#getType()
- */
- public String getType() {
- return RevocationSourceTypes.CRL;
- }
-
- /**
- * @see iaik.pki.revocation.DistributionPoint#getUri()
- */
- public String getUri() {
- return distributionPoint.getUri();
- }
-
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
index c9be3fc2b..e6e084e11 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
@@ -27,21 +27,17 @@ public class CertStoreConfigurationImpl
* @param config The MOA configuration from which the configuration data is
* being read.
*/
- public CertStoreConfigurationImpl(ConfigurationProvider config) {
- String certStoreRoot =
- config.getGenericConfiguration(
- ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY,
- "certstore");
-
- if (certStoreRoot != null) {
- DirectoryCertStoreParameters dirParameters =
- new DirectoryCertStoreParametersImpl(
- "MOA Directory CertStore",
- certStoreRoot,
- true,
- false);
- parameters = new CertStoreParameters[] { dirParameters };
- }
+ public CertStoreConfigurationImpl(ConfigurationProvider config)
+ {
+ String certStoreRoot = config.getCertStoreLocation();
+
+ DirectoryCertStoreParameters dirParameters = new DirectoryCertStoreParametersImpl(
+ "MOA Directory CertStore",
+ certStoreRoot,
+ true,
+ false);
+
+ parameters = new CertStoreParameters[] { dirParameters };
}
/**
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
index 6562ef1f4..a7ec91472 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -61,7 +61,7 @@ public class IaikConfigurator {
dumpKeyEntryIDs();
checkKeyGroupConfig(moaConfig);
- TrustStoreFactory.reset();
+ TrustStoreFactory.removeAllHandlers();
} catch (iaik.server.ConfigurationException e) {
throw new ConfigurationException("config.08", null, e);
} catch (Throwable t) {
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java
index 0703cd326..1c42cc4af 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java
@@ -5,9 +5,6 @@ import iaik.pki.pathvalidation.ValidationConfiguration;
import iaik.pki.revocation.RevocationConfiguration;
import iaik.pki.store.certstore.CertStoreConfiguration;
import iaik.pki.store.revocation.archive.ArchiveConfiguration;
-
-import at.gv.egovernment.moa.util.BoolUtils;
-
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
/**
@@ -35,19 +32,17 @@ public class PKIConfigurationImpl implements PKIConfiguration {
* the configuration data contained in this object.
*/
public PKIConfigurationImpl(ConfigurationProvider config) {
- String archiveInfo;
this.certStoreConfiguration = new CertStoreConfigurationImpl(config);
-
this.revocationConfiguration = new RevocationConfigurationImpl(config);
- archiveInfo =
- config.getGenericConfiguration(
- ConfigurationProvider.ARCHIVE_REVOCATION_INFO_PROPERTY,
- "false");
- if (archiveInfo != null && BoolUtils.valueOf(archiveInfo)) {
+ boolean archiveInfo = config.getEnableRevocationArchiving();
+ if (archiveInfo)
+ {
this.archiveConfiguration = new ArchiveConfigurationImpl(config);
- } else {
+ }
+ else
+ {
this.archiveConfiguration = null;
}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java
index 466234a11..bccb04a09 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java
@@ -1,16 +1,11 @@
package at.gv.egovernment.moa.spss.server.iaik.config;
+import iaik.pki.revocation.RevocationConfiguration;
+
import java.security.cert.X509Certificate;
import java.util.Date;
-import java.util.HashSet;
-import java.util.Iterator;
import java.util.Set;
-import iaik.pki.revocation.RevocationConfiguration;
-
-import at.gv.egovernment.moa.util.BoolUtils;
-
-import at.gv.egovernment.moa.spss.server.config.DistributionPoint;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
/**
@@ -40,34 +35,19 @@ public class RevocationConfigurationImpl
}
/**
- * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.util.Date)
+ * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints
*/
- public Set getAlternativeDistributionPoints(
- X509Certificate cert,
- Date date) {
-
- Set configuredPoints = config.getCRLDP(cert);
- Set distributionPoints = new HashSet();
- Iterator iter;
-
- for (iter = configuredPoints.iterator(); iter.hasNext();) {
- DistributionPoint dp = (DistributionPoint) iter.next();
- distributionPoints.add(new CRLDistributionPointAdapter(dp));
- }
-
- return distributionPoints;
+ public Set getAlternativeDistributionPoints(X509Certificate cert, X509Certificate issuer, Date date)
+ {
+ return config.getDistributionPoints(cert);
}
/**
* @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
*/
- public boolean archiveRevocationInfo(String type, String uri) {
- String info =
- config.getGenericConfiguration(
- ConfigurationProvider.ARCHIVE_REVOCATION_INFO_PROPERTY,
- "false");
-
- return info != null ? BoolUtils.valueOf(info) : false;
+ public boolean archiveRevocationInfo(String type, String uri)
+ {
+ return config.getEnableRevocationArchiving();
}
}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
index c204eface..76f03ae07 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
@@ -4,9 +4,6 @@ import iaik.pki.PKIProfile;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.revocation.RevocationProfile;
import iaik.pki.store.truststore.TrustStoreProfile;
-
-import at.gv.egovernment.moa.util.BoolUtils;
-
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl;
@@ -54,14 +51,9 @@ public class PKIProfileImpl implements PKIProfile {
/**
* @see iaik.pki.PKIProfile#autoAddCertificates()
*/
- public boolean autoAddCertificates() {
- String boolStr =
- config.getGenericConfiguration(
- ConfigurationProvider.AUTO_ADD_CERTIFICATES_PROPERTY,
- "true");
- boolean boolValue = BoolUtils.valueOf(boolStr);
-
- return useAuthorityInfoAccess() ? true : boolValue;
+ public boolean autoAddCertificates()
+ {
+ return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates();
}
/**
@@ -116,12 +108,9 @@ public class PKIProfileImpl implements PKIProfile {
/**
* @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
*/
- public boolean useAuthorityInfoAccess() {
- String boolStr =
- config.getGenericConfiguration(
- ConfigurationProvider.USE_AUTHORITY_INFO_ACCESS_PROPERTY,
- "true");
- return BoolUtils.valueOf(boolStr);
+ public boolean useAuthorityInfoAccess()
+ {
+ return config.getUseAuthorityInfoAccess();
}
}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java
index a2e3d6766..a4d7ea7fa 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java
@@ -2,13 +2,11 @@ package at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation;
import iaik.pki.pathvalidation.ValidationProfile;
-import at.gv.egovernment.moa.util.BoolUtils;
-
-import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
-
import java.util.Collections;
import java.util.Set;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+
/**
* An implementation of the <code>ValidationProfile</code> interface providing
* information about certificat path validation.
@@ -101,13 +99,9 @@ public class ValidationProfileImpl implements ValidationProfile {
/**
* @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
*/
- public boolean getRevocationChecking() {
- String checkingStr =
- config.getGenericConfiguration(
- ConfigurationProvider.REVOCATION_CHECKING_PROPERTY,
- "true");
-
- return BoolUtils.valueOf(checkingStr);
+ public boolean getRevocationChecking()
+ {
+ return config.getEnableRevocationChecking();
}
} \ No newline at end of file
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java
index 186d24934..164ae8a75 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java
@@ -18,7 +18,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
public class RevocationProfileImpl implements RevocationProfile {
/** The default service order. */
private static final String[] DEFAULT_SERVICE_ORDER =
- { RevocationSourceTypes.CRL };
+ { RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL };
/** The <code>ConfigurationProvider</code> to read the MOA configuration data
* from. */
private ConfigurationProvider config;
@@ -38,14 +38,9 @@ public class RevocationProfileImpl implements RevocationProfile {
/**
* @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(String)
*/
- public long getMaxRevocationAge(String distributionPointUri) {
- String maxRevocationAgeStr =
- config.getGenericConfiguration(
- ConfigurationProvider.MAX_REVOCATION_AGE_PROPERTY,
- "0");
- long revocationAge = Long.parseLong(maxRevocationAgeStr);
-
- return revocationAge;
+ public long getMaxRevocationAge(String distributionPointUri)
+ {
+ return config.getMaxRevocationAge();
}
/**
@@ -58,8 +53,11 @@ public class RevocationProfileImpl implements RevocationProfile {
/**
* @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
*/
- public String[] getPreferredServiceOrder(X509Certificate cert) {
- return DEFAULT_SERVICE_ORDER;
+ public String[] getPreferredServiceOrder(X509Certificate cert)
+ {
+ String[] serviceOrder = config.getServiceOrder();
+ if (serviceOrder == null || serviceOrder.length == 0) return DEFAULT_SERVICE_ORDER;
+ return serviceOrder;
}
}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
index 8a1161b95..37ded77e6 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
@@ -25,6 +25,12 @@ public class TrustStoreProfileImpl implements TrustStoreProfile {
/** The observers of this profile. */
private List observers = new ArrayList();
+
+ /**
+ * The trust profile identifier.
+ */
+ private String id_;
+
/** The type of the trust profile. */
private String type;
/** The URI of the trust profile.*/
@@ -46,13 +52,15 @@ public class TrustStoreProfileImpl implements TrustStoreProfile {
throws MOAApplicationException {
TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId);
- if (tp != null) {
+ if (tp != null)
+ {
+ id_ = trustProfileId;
setURI(tp.getUri());
setType(TrustStoreTypes.DIRECTORY);
- } else {
- throw new MOAApplicationException(
- "2203",
- new Object[] { trustProfileId });
+ }
+ else
+ {
+ throw new MOAApplicationException("2203", new Object[] { trustProfileId });
}
}
@@ -116,4 +124,12 @@ public class TrustStoreProfileImpl implements TrustStoreProfile {
}
}
+ /**
+ * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
+ */
+ public String getId()
+ {
+ return id_;
+ }
+
}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
index 15e5955aa..fd207ddea 100644
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
+++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
@@ -1,6 +1,14 @@
package at.gv.egovernment.moa.spss.server.invoke;
-import java.text.ParseException;
+import iaik.IAIKException;
+import iaik.IAIKRuntimeException;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
+import iaik.server.modules.xml.XMLSignature;
+import iaik.server.modules.xmlsign.XMLSignatureCreationModule;
+import iaik.server.modules.xmlsign.XMLSignatureCreationModuleFactory;
+import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
+
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -14,22 +22,9 @@ import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
-import iaik.IAIKException;
-import iaik.IAIKRuntimeException;
-import iaik.server.modules.xml.DataObject;
-import iaik.server.modules.xml.XMLDataObject;
-import iaik.server.modules.xml.XMLSignature;
-import iaik.server.modules.xmlsign.XMLSignatureCreationModule;
-import iaik.server.modules.xmlsign.XMLSignatureCreationModuleFactory;
-import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
-
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.logging.LoggingContext;
import at.gv.egovernment.moa.logging.LoggingContextManager;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DateTimeUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.MOAException;
import at.gv.egovernment.moa.spss.MOASystemException;
@@ -44,13 +39,14 @@ import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
-import at.gv.egovernment.moa.spss.server.iaik.xml.SigningTimeImpl;
import at.gv.egovernment.moa.spss.server.iaik.xml.XMLDataObjectImpl;
import at.gv.egovernment.moa.spss.server.logging.IaikLog;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.server.util.IdGenerator;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
/**
* A class providing an API based interface to the
@@ -542,21 +538,6 @@ public class XMLSignatureCreationInvoker {
TransactionContextManager.getInstance().getTransactionContext();
ConfigurationProvider config = context.getConfiguration();
List additionalSignedProperties = Collections.EMPTY_LIST;
- String testSigningTime =
- config.getGenericConfiguration(
- ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY);
-
- if (testSigningTime != null) {
- try {
- SigningTimeImpl signingTime =
- new SigningTimeImpl(DateTimeUtils.parseDateTime(testSigningTime));
- additionalSignedProperties = new ArrayList();
- additionalSignedProperties.add(signingTime);
- } catch (ParseException e) {
- // if we fail here, the signing time will simply not be added to
- // the list of signed properties
- }
- }
return additionalSignedProperties;
}