From 664d28dce2c23cd324fae76c40ad07b023e27129 Mon Sep 17 00:00:00 2001 From: gregor Date: Fri, 5 Aug 2005 12:13:37 +0000 Subject: Bug 271: Adpation auf neue Struktur des Konfigurationsfiles abgeschlossen. Noch ungetestet. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@414 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../spss/server/config/ConfigurationProvider.java | 337 +++++++++++---------- 1 file changed, 170 insertions(+), 167 deletions(-) (limited to 'spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java') diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 4927bb9b0..a6cbcc159 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -16,6 +16,7 @@ import java.util.Set; import org.w3c.dom.Element; import iaik.asn1.structures.Name; +import iaik.pki.revocation.RevocationSourceTypes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; @@ -42,8 +43,8 @@ import at.gv.egovernment.moa.spss.util.MessageProvider; * @author Sven Aigner * @version $Id$ */ -public class ConfigurationProvider { - +public class ConfigurationProvider +{ /** * The name of the system property which contains the file name of the * configuration file. @@ -51,54 +52,6 @@ public class ConfigurationProvider { public static final String CONFIG_PROPERTY_NAME = "moa.spss.server.configuration"; - /** - * The name of the generic configuration property giving the root directory of - * a directory based cert store. - */ - public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY = - "DirectoryCertStoreParameters.RootDir"; - - /** The name of the generic configuration property which determines if - * certificates should be added to the cert store automatically. */ - public static final String AUTO_ADD_CERTIFICATES_PROPERTY = - "autoAddCertificates"; - - /** The name of the generic configuration property whether the authority - * info access should be used. */ - public static final String USE_AUTHORITY_INFO_ACCESS_PROPERTY = - "useAuthorityInfoAccess"; - - /** The name of the generic configuration property determining the maximum - * age of CRL entries. */ - public static final String MAX_REVOCATION_AGE_PROPERTY = "maxRevocationAge"; - - /** - * The name of the generic configuration property giving the database URL of - * the CRL archive. - */ - public static final String DATABASE_ARCHIVE_PARAMETER_URL_PROPERTY = - "DataBaseArchiveParameter.JDBCUrl"; - - /** - * The name of the generic configuration property giving the JDBC driver - * class name for accessing the database used for the the CRL archive. - */ - public static final String DATABASE_ARCHIVE_PARAMETER_DRIVERCLASS_PROPERTY = - "DataBaseArchiveParameter.JDBCDriverClass"; - - /** The name of the generic configuration property determining whether - * to check the revocation status of signer certificates. */ - public static final String REVOCATION_CHECKING_PROPERTY = "checkRevocation"; - - /** The name of the generic configuration property determining whether to - * archive revocation information. */ - public static final String ARCHIVE_REVOCATION_INFO_PROPERTY = - "archiveRevocationInfo"; - - /** The name of the generic configuration property used for setting the - * signing time to a predefined value. (Use for testing purposes only). */ - public static final String TEST_SIGNING_TIME_PROPERTY = "test.SigningTime"; - /** * A fake IssuerAndSerial object for storing KeyGroup information * accessible by all clients. @@ -122,13 +75,6 @@ public class ConfigurationProvider { /** The default canonicalization algorithm name */ private String canonicalizationAlgorithmName; - /** - * A Map which contains generic configuration information. Maps a - * configuration name (a String) to a configuration value (also a - * String). - */ - private Map genericConfiguration; - /** * A List of HardwareCryptoModule objects for * configuring hardware modules. @@ -173,10 +119,22 @@ public class ConfigurationProvider { * to distribution points (a Set of * DistributionPoints) mapping. */ - private Map crlDistributionPoints; + private Map distributionPoints; - /** The CRL archive duration. */ + /** + * The CRL archive duration. + */ private int cRLArchiveDuration; + + /** + * Indicates whether revocation information should be archived. + */ + private boolean enableRevocationArchiving_; + + /** + * The location of the certificate store. + */ + private String certStoreLocation_; /** * A Map which contains a mapping from @@ -212,6 +170,43 @@ public class ConfigurationProvider { */ private Map trustProfiles; + /** + * The JDBC URL for the revocation archive database. + */ + private String revocationArchiveJDBCURL_; + + /** + * The JDBC driver class name for the revocation archive database. + */ + private String revocationArchiveJDBCDriverClass_; + + /** + * Indicates whether revocation checking should be done. + */ + private boolean enableRevocationChecking_; + + /** + * The maximum age of a revocation information for considering it still as valid. + */ + private long maxRevocationAge_; + + /** + * The service order for revocation checking. + */ + private String[] serviceOrder_; + + /** + * Indicates whether certificates found during certificate path construction + * should be added to the certificate store. + */ + private boolean autoAddCertificates_; + + /** + * Indicates whether the certificate extension Authority Info Access should + * be used during certificate path construction. + */ + private boolean useAuthorityInfoAccess_; + /** * Return the single instance of configuration data. * @@ -291,7 +286,7 @@ public class ConfigurationProvider { // build the internal datastructures try { - builder = new ConfigurationPartsBuilder(configElem); + builder = new ConfigurationPartsBuilder(configElem, configRoot); digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName(); canonicalizationAlgorithmName = builder.getCanonicalizationAlgorithmName(); @@ -299,7 +294,7 @@ public class ConfigurationProvider { hardwareKeyModules = builder.buildHardwareKeyModules(Collections.EMPTY_LIST); softwareKeyModules = - builder.buildSoftwareKeyModules(hardwareKeyModules, configRoot); + builder.buildSoftwareKeyModules(hardwareKeyModules); allKeyModules = new ArrayList(hardwareKeyModules); allKeyModules.addAll(softwareKeyModules); keyGroups = builder.buildKeyGroups(allKeyModules); @@ -307,20 +302,23 @@ public class ConfigurationProvider { builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); defaultChainingMode = builder.getDefaultChainingMode(); chainingModes = builder.buildChainingModes(); - crlDistributionPoints = builder.buildCRLDistributionPoints(); - cRLArchiveDuration = builder.getCRLArchiveDuration(); - genericConfiguration = builder.buildGenericConfiguration(); - absolutizeCertStoreRoot(configRoot); - createTransformsInfoProfiles = - builder.buildCreateTransformsInfoProfiles(configRoot); - createSignatureEnvironmentProfiles = - builder.buildCreateSignatureEnvironmentProfiles(configRoot); - verifyTransformsInfoProfiles = - builder.buildVerifyTransformsInfoProfiles(configRoot); - supplementProfiles = builder.buildSupplementProfiles(configRoot); - trustProfiles = builder.buildTrustProfiles(configRoot); + useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess(); + autoAddCertificates_ = builder.getAutoAddCertificates(); + distributionPoints = builder.buildDistributionPoints(); + enableRevocationChecking_ = builder.getEnableRevocationChecking(); + maxRevocationAge_ = builder.getMaxRevocationAge(); + serviceOrder_ = builder.getServiceOrder(); + enableRevocationArchiving_ = builder.getEnableRevocationArchiving(); + cRLArchiveDuration = builder.getRevocationArchiveDuration(); + revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL(); + revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass(); + certStoreLocation_ = builder.getCertStoreLocation(); + createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles(); + createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles(); + verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles(); + supplementProfiles = builder.buildSupplementProfiles(); + trustProfiles = builder.buildTrustProfiles(); warnings = new ArrayList(builder.getWarnings()); - checkConsistency(); } catch (Throwable t) { throw new ConfigurationException("config.11", null, t); } finally { @@ -344,63 +342,6 @@ public class ConfigurationProvider { return warnings; } - /** - * Make the DIRECTORY_CERTSTORE_PARAMETER_PROPERTY generic - * configuration value an absolute file name. - * - * @param configRoot The root directory of the main configuration file. - */ - private void absolutizeCertStoreRoot(File configRoot) { - String certStoreRoot = - getGenericConfiguration(DIRECTORY_CERTSTORE_PARAMETER_PROPERTY); - - if (certStoreRoot != null) { - if (!new File(certStoreRoot).isAbsolute()) { - // make the cert store absolute - File absCertStore = new File(configRoot, certStoreRoot); - - setGenericConfiguration( - DIRECTORY_CERTSTORE_PARAMETER_PROPERTY, - absCertStore.getAbsolutePath()); - } - } else { - // no value given: set it to a reasonable (absolute) default - File absCertStore = new File(configRoot, "certstore"); - - setGenericConfiguration( - DIRECTORY_CERTSTORE_PARAMETER_PROPERTY, - absCertStore.getAbsolutePath()); - } - } - - /** - * Do some additional consistency checks on the configuration. - */ - private void checkConsistency() { - // check for valid DirectoryCertStoreParameters.RootDir - String certStoreRoot = - getGenericConfiguration(DIRECTORY_CERTSTORE_PARAMETER_PROPERTY); - - if (certStoreRoot != null) { - File certStore = new File(certStoreRoot); - - if (!certStore.exists() && !certStore.isDirectory()) { - boolean created = false; - - try { - created = certStore.mkdirs(); - } finally { - if (!created) { - warn( - "config.30", - new Object[] { DIRECTORY_CERTSTORE_PARAMETER_PROPERTY }); - } - } - } - } - - } - /** * Return the name of the digest algorithm used during signature creation. * @@ -530,20 +471,22 @@ public class ConfigurationProvider { } /** - * Return the CRL distribution points for a given CA. + * Return the distribution points for a given CA. + * + * @param cert The certificate for which the distribution points should be + * looked up. The issuer information is used to perform the lookup. * - * @param cert The certificate for which the CRL distribution points should be - * looked up. The issuer information is used to perform the lookup. * @return A Set of DistributionPoint objects. The - * set will be empty, if no distribution points have been configured for this - * certificate. + * set will be empty, if no distribution points have been configured + * for this certificate. */ - public Set getCRLDP(X509Certificate cert) { + public Set getDistributionPoints(X509Certificate cert) + { try { RFC2253NameParser nameParser = new RFC2253NameParser(cert.getIssuerDN().toString()); String caIssuerDN = nameParser.parse().getName(); - Set dps = (Set) crlDistributionPoints.get(caIssuerDN); + Set dps = (Set) distributionPoints.get(caIssuerDN); if (dps == null) { return Collections.EMPTY_SET; @@ -563,42 +506,25 @@ public class ConfigurationProvider { public int getCRLArchiveDuration() { return cRLArchiveDuration; } - - /** - * Sets a generic configuration value. - * - * Existing values are overridden. - * - * @param name The name of the generic configuration. - * @param value The new value of the generic configuration. - */ - private void setGenericConfiguration(String name, String value) { - genericConfiguration.put(name, value); - } - + /** - * Return the value of a generic configuration. + * Returns whether revocation information should be archived. * - * @param name The name of the generic configuration. - * @return The value of the generic configuration with the given name, or - * null, if none can be found. + * @return whether revocation information should be archived. */ - public String getGenericConfiguration(String name) { - return (String) genericConfiguration.get(name); + public boolean getEnableRevocationArchiving() + { + return enableRevocationArchiving_; } - + /** - * Return the value of a generic configuration, or a given default value. + * Returns the location of the certificate store. * - * @param name The name of the generic configuration. - * @param defaultValue A default value to be returned in case that the generic - * configuration with the given name does not exist. - * @return The value of the generic configuration with the given name, or the - * defaultValue, if none can be found. + * @return the location of the certificate store. */ - public String getGenericConfiguration(String name, String defaultValue) { - String value = (String) genericConfiguration.get(name); - return value != null ? value : defaultValue; + public String getCertStoreLocation() + { + return certStoreLocation_; } /** @@ -683,4 +609,81 @@ public class ConfigurationProvider { warnings.add(txt); } + /** + * Returns the JDBC URL for the revocation archive database. + * + * @return the JDBC URL for the revocation archive database. + */ + public String getRevocationArchiveJDBCURL() + { + return revocationArchiveJDBCURL_; + } + + /** + * Returns the JDBC driver class name for the revocation archive database. + * + * @return the JDBC driver class name for the revocation archive database. + */ + public String getRevocationArchiveJDBCDriverClass() + { + return revocationArchiveJDBCDriverClass_; + } + + /** + * Returns whether revocation checking should be done. + * + * @return whether revocation checking should be done. + */ + public boolean getEnableRevocationChecking() + { + return enableRevocationChecking_; + } + + /** + * Returns the maximum age of a revocation information for considering it + * still as valid. + * + * @return the maximum age of a revocation information for considering it + * still as valid. + */ + public long getMaxRevocationAge() + { + return maxRevocationAge_; + } + + /** + * Returns the service order for revocation checking. + * + * @return the service order for revocation checking. Valid array entries are + * {@link evocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. + */ + public String[] getServiceOrder() + { + return serviceOrder_; + } + + /** + * Returns whether certificates found during certificate path construction + * should be added to the certificate store. + * + * @return whether certificates found during certificate path construction + * should be added to the certificate store. + */ + public boolean getAutoAddCertificates() + { + return autoAddCertificates_; + } + + /** + * Returns whether the certificate extension Authority Info Access should + * be used during certificate path construction. + * + * @return whether the certificate extension Authority Info Access should + * be used during certificate path construction. + */ + public boolean getUseAuthorityInfoAccess() + { + return useAuthorityInfoAccess_; + } + } \ No newline at end of file -- cgit v1.2.3