CRLDistributionPoint.
- *
- * @param issuerName The name of the CA issuing the CRL referred to by this DP.
- *
- * @param uri The URI of the distribution point.
- *
- * @param reasonCodeStr A list of reason codes (a space-separated enumeration).
- */
- public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr)
- {
- super(uri);
- issuerName_ = issuerName;
- this.reasonCodes = extractReasonCodes(reasonCodeStr);
- }
-
- /**
- * @see DistributionPoint#getType()
- */
- public String getType()
- {
- return RevocationSourceTypes.CRL;
- }
-
- /**
- * Convert a list of reason codes provided as a String to a
- * binary representation.
- *
- * @param reasonCodeStr A String containing a blank-separated,
- * textual representation of reason codes.
- * @return int A binary representation of reason codes.
- * @see iaik.asn1.structures.DistributionPoint
- */
- private int extractReasonCodes(String reasonCodeStr) {
- int codes = 0;
- StringTokenizer tokenizer = new StringTokenizer(reasonCodeStr);
- String token;
- Integer reasonCode;
-
- while (tokenizer.hasMoreTokens()) {
- token = tokenizer.nextToken();
- reasonCode = (Integer) RC_MAPPING.get(token);
- if (reasonCode != null) {
- codes |= reasonCode.intValue();
- } else {
- MessageProvider msg = MessageProvider.getInstance();
- Logger.warn(
- new LogMsg(msg.getMessage("config.07", new Object[] { token })));
- }
- }
-
- // If reasonCodeStr is empty, set all possible reason codes
- if (codes == 0) codes =
- iaik.asn1.structures.DistributionPoint.unused |
- iaik.asn1.structures.DistributionPoint.keyCompromise |
- iaik.asn1.structures.DistributionPoint.cACompromise |
- iaik.asn1.structures.DistributionPoint.affiliationChanged |
- iaik.asn1.structures.DistributionPoint.superseded |
- iaik.asn1.structures.DistributionPoint.cessationOfOperation |
- iaik.asn1.structures.DistributionPoint.certificateHold |
- iaik.asn1.structures.DistributionPoint.privilegeWithdrawn |
- iaik.asn1.structures.DistributionPoint.aACompromise;
-
- return codes;
- }
-
- /**
- * Return a binary representation of the reason codes of this distribution
- * point.
- *
- * @return The binary representation of the reason codes.
- */
- public int getReasonCodes() {
- return reasonCodes;
- }
-
- /**
- * Return a String representation of this distribution point.
- *
- * @return The String representation of this distribution point.
- * @see java.lang.Object#toString()
- */
- public String toString() {
- return "(DistributionPoint - "
- + ("URI<" + getUri())
- + ("> REASONCODES<" + getReasonCodes() + ">)");
- }
-
- /**
- * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName()
- */
- public String getIssuerName()
- {
- return issuerName_;
- }
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java
deleted file mode 100644
index 4c2b3aea3..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java
+++ /dev/null
@@ -1,34 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-import at.gv.egovernment.moa.spss.MOASystemException;
-
-/**
- * Exception signalling an error in the configuration.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class ConfigurationException extends MOASystemException {
-
- /**
- * Create a ConfigurationException.
- *
- * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[])
- */
- public ConfigurationException(String messageId, Object[] parameters) {
- super(messageId, parameters);
- }
-
- /**
- * Create a ConfigurationException.
- * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[], Throwable)
- */
- public ConfigurationException(
- String messageId,
- Object[] parameters,
- Throwable wrapped) {
-
- super(messageId, parameters, wrapped);
- }
-
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
deleted file mode 100644
index 14ceb71cd..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ /dev/null
@@ -1,1239 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.math.BigInteger;
-import java.net.MalformedURLException;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import javax.xml.parsers.ParserConfigurationException;
-
-import org.w3c.dom.Attr;
-import org.w3c.dom.Element;
-import org.w3c.dom.traversal.NodeIterator;
-
-import org.xml.sax.SAXException;
-
-import iaik.ixsil.exceptions.URIException;
-import iaik.ixsil.util.URI;
-import iaik.pki.pathvalidation.ChainingModes;
-import iaik.pki.revocation.RevocationSourceTypes;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
-import at.gv.egovernment.moa.logging.LogMsg;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
-
-import at.gv.egovernment.moa.spss.util.MessageProvider;
-
-/**
- * A class that builds configuration data from a DOM based representation.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class ConfigurationPartsBuilder {
-
- //
- // XPath namespace prefix shortcuts
- //
-
- private static final String CONF = Constants.MOA_CONFIG_PREFIX + ":";
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
-
- //
- // chaining mode constants appearing in the configuration file
- //
-
- private static final String CM_CHAINING = "chaining";
- private static final String CM_PKIX = "pkix";
-
- //
- // XPath expressions to select certain parts of the configuration
- //
-
- private static final String ROOT = "/" + CONF + "MOAConfiguration/";
-
- private static final String DIGEST_METHOD_XPATH =
- ROOT + CONF + "SignatureCreation/"
- + CONF + "XMLDSig/"
- + CONF + "DigestMethodAlgorithm";
- private static final String C14N_ALGORITHM_XPATH =
- ROOT + CONF + "SignatureCreation/"
- + CONF + "XMLDSig/"
- + CONF + "CanonicalizationAlgorithm";
- private static final String HARDWARE_CRYPTO_MODULE_XPATH =
- ROOT + CONF + "Common/"
- + CONF + "HardwareCryptoModule";
- private static final String HARDWARE_KEY_XPATH =
- ROOT + CONF + "SignatureCreation/"
- + CONF + "KeyModules/"
- + CONF + "HardwareKeyModule";
- private static final String SOFTWARE_KEY_XPATH =
- ROOT + CONF + "SignatureCreation/"
- + CONF + "KeyModules/"
- + CONF + "SoftwareKeyModule";
- private static final String KEYGROUP_XPATH =
- ROOT + CONF + "SignatureCreation/"
- + CONF + "KeyGroup";
- private static final String KEYGROUP_MAPPING_XPATH =
- ROOT + CONF + "SignatureCreation/"
- + CONF + "KeyGroupMapping";
- private static final String ISSUER_XPATH =
- DSIG + "X509IssuerName";
- private static final String SERIAL_XPATH =
- DSIG + "X509SerialNumber";
- private static final String CERTSTORE_LOCATION_XPATH =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "PathConstruction/"
- + CONF + "CertificateStore/"
- + CONF + "DirectoryStore/"
- + CONF + "Location";
- private static final String AUTO_ADD_CERTIFICATES_XPATH_ =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "PathConstruction/"
- + CONF + "AutoAddCertificates";
- private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "PathConstruction/"
- + CONF + "UseAuthorityInformationAccess";
- private static final String CHAINING_MODES_XPATH =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "PathValidation/"
- + CONF + "ChainingMode";
- private static final String CHAINING_MODES_DEFAULT_XPATH =
- CHAINING_MODES_XPATH + "/"
- + CONF + "DefaultMode";
- private static final String TRUST_ANCHOR_XPATH =
- CHAINING_MODES_XPATH + "/"
- + CONF + "TrustAnchor";
- private static final String TRUST_PROFILE_XPATH =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "PathValidation/"
- + CONF + "TrustProfile";
- private static final String DISTRIBUTION_POINTS_XPATH =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "RevocationChecking/"
- + CONF + "DistributionPoint";
- private static final String ENABLE_REVOCATION_CHECKING_XPATH_ =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "RevocationChecking/"
- + CONF + "EnableChecking";
- private static final String MAX_REVOCATION_AGE_XPATH_ =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "RevocationChecking/"
- + CONF + "MaxRevocationAge";
- private static final String REVOCATION_SERVICEORDER_XPATH_ =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "RevocationChecking/"
- + CONF + "ServiceOrder/"
- + CONF + "Service";
- private static final String ENABLE_ARCHIVING_XPATH =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "RevocationChecking/"
- + CONF + "Archiving/"
- + CONF + "EnableArchiving";
- private static final String CRL_ARCHIVE_DURATION_XPATH =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "RevocationChecking/"
- + CONF + "Archiving/"
- + CONF + "ArchiveDuration";
- private static final String ACHIVE_JDBC_URL_ =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "RevocationChecking/"
- + CONF + "Archiving/"
- + CONF + "Archive/"
- + CONF + "DatabaseArchive/"
- + CONF + "JDBCURL";
- private static final String ACHIVE_JDBC_DRIVER_CLASS_ =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "CertificateValidation/"
- + CONF + "RevocationChecking/"
- + CONF + "Archiving/"
- + CONF + "Archive/"
- + CONF + "DatabaseArchive/"
- + CONF + "JDBCDriverClassName";
- private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH =
- ROOT + CONF + "SignatureCreation/"
- + CONF + "CreateTransformsInfoProfile";
- private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH =
- ROOT + CONF + "SignatureCreation/"
- + CONF + "CreateSignatureEnvironmentProfile";
- private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "VerifyTransformsInfoProfile";
- private static final String SUPPLEMENT_PROFILE_XPATH =
- ROOT + CONF + "SignatureVerification/"
- + CONF + "SupplementProfile";
-
- //
- // default values for configuration parameters
- //
-
- /** The accepted canonicalization algorithm URIs, as an array */
- private static final String[] ACCEPTED_C14N_ALGORITHMS_ARRAY =
- {
- Constants.C14N_URI,
- Constants.C14N_WITH_COMMENTS_URI,
- Constants.EXC_C14N_URI,
- Constants.EXC_C14N_WITH_COMMENTS_URI };
-
- /** The accepted canonicalization algorithm URIs, as a Set */
- private static final Set ACCEPTED_C14N_ALGORITHMS =
- new HashSet(Arrays.asList(ACCEPTED_C14N_ALGORITHMS_ARRAY));
-
- /** Default canonicalization algorithm, if none/illegal has been configured */
- private static final String C14N_ALGORITHM_DEFAULT = Constants.C14N_URI;
-
- /** The accepted digest method algorithm URIs, as an array */
- private static final String[] ACCEPTED_DIGEST_ALGORITHMS_ARRAY =
- { Constants.SHA1_URI };
-
- /** The accepted digest method algorithm URIs, as a Set */
- private static final Set ACCEPTED_DIGEST_ALGORITHMS =
- new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY));
-
- /** Default digest algorithm URI, if none/illegal has been configured */
- private static final String DIGEST_ALGORITHM_DEFAULT = Constants.SHA1_URI;
-
- /** The root element of the MOA configuration */
- private Element configElem;
-
- /**
- * The directory containing the underlying configuration file.
- */
- private File configRoot_;
-
- /** Whether any warnings were encountered building the configuration. */
- private List warnings = new ArrayList();
-
- /**
- * Create a new ConfigurationPartsBuilder.
- *
- * @param configElem The root element of the MOA configuration.
- *
- * @param configRoot The directory containing the underlying configuration file.
- */
- public ConfigurationPartsBuilder(Element configElem, File configRoot)
- {
- this.configElem = configElem;
- configRoot_ = configRoot;
- }
-
- /**
- * Returns the root element of the MOA configuration.
- *
- * @return The root element of the MOA configuration.
- */
- public Element getConfigElem() {
- return configElem;
- }
-
- /**
- * Returns the directory containing the underlying configuration file.
- *
- * @return the directory containing the underlying configuration file.
- */
- public File getConfigRoot()
- {
- return configRoot_;
- }
-
- /**
- * Returns the warnings encountered during building the configuration.
- *
- * @return A List of Strings, containing the
- * warning messages.
- */
- public List getWarnings() {
- return warnings;
- }
-
- /**
- * Returns the digest method algorithm name.
- *
- * @return The digest method algorithm name from the configuration.
- */
- public String getDigestMethodAlgorithmName()
- {
- String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null);
-
- if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod))
- {
- info(
- "config.23",
- new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT });
- digestMethod = DIGEST_ALGORITHM_DEFAULT;
- }
-
- return digestMethod;
- }
-
- /**
- * Returns the canonicalization algorithm name.
- *
- * @return The canonicalization algorithm name from the configuration.
- */
- public String getCanonicalizationAlgorithmName()
- {
- String c14nAlgorithm = getElementValue(getConfigElem(), C14N_ALGORITHM_XPATH, null);
-
- if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm))
- {
- info(
- "config.23",
- new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT });
- c14nAlgorithm = C14N_ALGORITHM_DEFAULT;
- }
-
- return c14nAlgorithm;
- }
-
- /**
- * Build the configured hardware crypto modules.
- *
- * @return The hardware crypto modules from the configuration.
- */
- public List buildHardwareCryptoModules()
- {
- List modules = new ArrayList();
- NodeIterator modIter = XPathUtils.selectNodeIterator(
- getConfigElem(),
- HARDWARE_CRYPTO_MODULE_XPATH);
-
- Element modElem;
- while ((modElem = (Element) modIter.nextNode()) != null) {
- String name = getElementValue(modElem, CONF + "Name", null);
- String slotId = getElementValue(modElem, CONF + "SlotId", null);
- String userPIN = getElementValue(modElem, CONF + "UserPIN", null);
- HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN);
- modules.add(module);
- }
-
- return modules;
- }
-
- /**
- * Build the configured hardware keys.
- *
- * @param keyModules The keyModules that the configuration already knows about. To
- * prevent multiple key modules with the same ID.
- * @return The hardware keys contained in the configuration.
- */
- public List buildHardwareKeyModules(List keyModules)
- {
- Set existingIds = toIdSet(keyModules);
- List hardwareKeys = new ArrayList();
- NodeIterator hkIter =
- XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH);
- Element keyElem;
-
- while ((keyElem = (Element) hkIter.nextNode()) != null)
- {
- String id = getElementValue(keyElem, CONF + "Id", null);
- String name = getElementValue(keyElem, CONF + "Name", null);
- String slotId = getElementValue(keyElem, CONF + "SlotId", null);
- String userPIN = getElementValue(keyElem, CONF + "UserPIN", null);
-
- if (existingIds.contains(id))
- {
- warn(
- "config.04",
- new Object[] { "Hardware- oder SoftwareKeyModule", id });
- }
- else
- {
- KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN);
- hardwareKeys.add(key);
- existingIds.add(id);
- }
-
- }
-
- return hardwareKeys;
- }
-
- /**
- * Build the configured software keys.
- *
- * @param keyModules The keyModules that the configuration already knows about. To
- * prevent multiple key modules with the same ID.
- *
- * @return The software keys contained in the configuration.
- */
- public List buildSoftwareKeyModules(List keyModules)
- {
- Set existingIds = toIdSet(keyModules);
- List softwareKeys = new ArrayList();
- NodeIterator skIter =
- XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH);
-
- Element keyElem;
- while ((keyElem = (Element) skIter.nextNode()) != null)
- {
- String id = getElementValue(keyElem, CONF + "Id", null);
- String fileName = getElementValue(keyElem, CONF + "FileName", null);
- String passWord = getElementValue(keyElem, CONF + "Password", null);
-
- if (existingIds.contains(id))
- {
- warn(
- "config.04",
- new Object[] { "Hardware- oder SoftwareKeyModule", id });
- }
- else
- {
- File keyFile;
- KeyModule key;
-
- // make keyFile absolute
- keyFile = new File(fileName);
- if (!keyFile.isAbsolute()) {
- keyFile = new File(configRoot_, fileName);
- }
-
- // check for existence
- if (!keyFile.exists() || keyFile.isDirectory()) {
- warn("config.25", new Object[] { id, keyFile.getAbsolutePath()});
- } else {
- // create a new key module
- key = new SoftwareKeyModule(id, keyFile.getAbsolutePath(), passWord);
- softwareKeys.add(key);
- existingIds.add(id);
- }
- }
- }
-
- return softwareKeys;
- }
-
- /**
- * Build the key group configuration.
- *
- * @param keyModules The KeyModules that the configuration
- * knows about. Used to check for errors in the configuration.
- * @return The mapping between key group IDs and key groups.
- */
- public Map buildKeyGroups(List keyModules)
- {
- Set keyModuleIds = toIdSet(keyModules);
- Map keyGroups = new HashMap();
- NodeIterator kgIter;
- Element keyGroupElem;
-
- // select all KeyGroup elements and build the KeyGroup objects from them
- kgIter = XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_XPATH);
- while ((keyGroupElem = (Element) kgIter.nextNode()) != null)
- {
- String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null);
- Set keyGroupEntries =
- buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
- KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries);
-
- if (keyGroups.containsKey(keyGroupId))
- {
- warn("config.04", new Object[] { "KeyGroup", keyGroupId });
- }
- else
- {
- keyGroups.put(keyGroup.getId(), keyGroup);
- }
- }
-
- return keyGroups;
- }
-
- /**
- * Return the set of IDs contained in the given KeyModules.
- *
- * @param keyModules The KeyModules from which to extract the
- * IDs.
- * @return The IDs from the given KeyModules.
- */
- private Set toIdSet(List keyModules) {
- Set ids = new HashSet();
- Iterator iter;
-
- for (iter = keyModules.iterator(); iter.hasNext();) {
- KeyModule keyModule = (KeyModule) iter.next();
- ids.add(keyModule.getId());
- }
-
- return ids;
- }
-
- /**
- * Build the key entries belonging to a key group.
- *
- * @param keyGroupId The ID of the key group we are building here. Passed
- * for logging purposes.
- * @param keyModuleIds The IDs of the HardwareKeyModules and
- * SoftwareKeyModules that exist in the configuration.
- * @param keyGroupElem The KeyGroup DOM element to parse.
- * @return A Set of KeyGroupEntry objects.
- */
- private Set buildKeyGroupEntries(
- String keyGroupId,
- Set keyModuleIds,
- Element keyGroupElem) {
-
- Set entries = new HashSet();
- NodeIterator keyEntryIter;
- Element keyEntryElem;
-
- // select all Key elements and put them into the Map
- keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, CONF + "Key");
- while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null)
- {
- String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", "");
- Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + "KeyCertIssuerSerial");
- IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem);
-
- if (!keyModuleIds.contains(keyModuleId)) {
- warn("config.26", new Object[] { keyGroupId, keyModuleId });
- } else if (issuerSerial != null) {
- KeyGroupEntry entry = new KeyGroupEntry(keyModuleId, issuerSerial);
- entries.add(entry);
- }
- }
- return entries;
- }
-
- /**
- * Build the key group mapping.
- *
- * @param keyGroups The available key groups.
- * @param anonymous The IssuerAndSerial to be used for key group
- * mappings not protected by a certificate.
- * @return The key group mapping.
- */
- public Map buildKeyGroupMappings(Map keyGroups, IssuerAndSerial anonymous) {
- Map mappings = new HashMap();
- NodeIterator mappingIter;
- Element mappingElem;
-
- // select all KeyGroupMapping elements
- mappingIter =
- XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH);
-
- // build the mapping for each KeyGroupMapping element
- while ((mappingElem = (Element) mappingIter.nextNode()) != null)
- {
- Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + "CustomerId");
-
- // build the IssuerAndSerial who has access to the key groups
- IssuerAndSerial issuerAndSerial;
- if (issuerSerialElem != null)
- {
- issuerAndSerial = buildIssuerAndSerial(issuerSerialElem);
- }
- else
- {
- // IssuerSerial element: the keygroup is generally available
- issuerAndSerial = anonymous;
- }
-
- // add the key groups to the mappings
- if (issuerAndSerial != null) {
- Map groups = (Map) mappings.get(issuerAndSerial);
- NodeIterator keyGroupIter;
- Element keyGroupElem;
-
- if (groups == null)
- {
- // no mapping exist -> build one
- groups = new HashMap();
- mappings.put(issuerAndSerial, groups);
- }
-
- // select the available key groups and add them to the mapping
- keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId");
- while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null)
- {
- String keyGroupId = getElementValue(keyGroupElem, ".", null);
- KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
-
- if (keyGroup != null)
- {
- groups.put(keyGroupId, keyGroup);
- } else
- {
- warn("config.00", new Object[] { keyGroupId });
- }
- }
- }
- }
-
- return mappings;
- }
-
- /**
- * Returns the default chaining mode from the configuration.
- *
- * @return The default chaining mode.
- */
- public String getDefaultChainingMode()
- {
- String defaultChaining = getElementValue(
- getConfigElem(),
- CHAINING_MODES_DEFAULT_XPATH,
- CM_PKIX);
-
- return translateChainingMode(defaultChaining);
-
- }
-
- /**
- * Build the chaining modes for all configured trust anchors.
- *
- * @return The mapping from trust anchors to chaining modes.
- */
- public Map buildChainingModes()
- {
- Map chainingModes = new HashMap();
- NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH);
-
- Element trustAnchorElem;
- while ((trustAnchorElem = (Element) trustIter.nextNode()) != null)
- {
- IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(
- (Element)XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification"));
- String mode = getElementValue(trustAnchorElem, CONF + "Mode", null);
-
- if (issuerAndSerial != null)
- {
- chainingModes.put(issuerAndSerial, translateChainingMode(mode));
- }
- }
-
- return chainingModes;
- }
-
- /**
- * Build an IssuerAndSerial from the DOM representation.
- *
- * @param root The root element (being of type dsig:
- * X509IssuerSerialType.
- * @return The issuer and serial number contained in the root
- * element or null if could not be built for any reason.
- */
- private IssuerAndSerial buildIssuerAndSerial(Element root) {
- String issuer = getElementValue(root, ISSUER_XPATH, null);
- String serial = getElementValue(root, SERIAL_XPATH, null);
-
- if (issuer != null && serial != null) {
- try {
- RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
- Principal issuerDN = nameParser.parse();
-
- return new IssuerAndSerial(issuerDN, new BigInteger(serial));
- } catch (RFC2253NameParserException e) {
- warn("config.16", new Object[] { issuer, serial }, e);
- return null;
- } catch (NumberFormatException e) {
- warn("config.16", new Object[] { issuer, serial }, e);
- return null;
- }
- }
- return null;
- }
-
- /**
- * Translate the chaining mode from the configuration file to one used in the
- * IAIK MOA API.
- *
- * @param chainingMode The chaining mode from the configuration.
- * @return The chaining mode as provided by the ChainingModes
- * interface.
- * @see iaik.pki.pathvalidation.ChainingModes
- */
- private String translateChainingMode(String chainingMode) {
- if (chainingMode.equals(CM_CHAINING)) {
- return ChainingModes.CHAIN_MODE;
- } else if (chainingMode.equals(CM_PKIX)) {
- return ChainingModes.PKIX_MODE;
- } else {
- return ChainingModes.PKIX_MODE;
- }
- }
-
- /**
- * Build the distribution points mapping.
- *
- * @return The mapping from certificate authorities to distribution points.
- */
- public Map buildDistributionPoints()
- {
- Map dPs = new HashMap();
- NodeIterator dPIter;
- Element dPElem;
-
- // select all DistributionPoint elements
- dPIter = XPathUtils.selectNodeIterator(getConfigElem(), DISTRIBUTION_POINTS_XPATH);
-
- // build the mapping of CA name to distribution points
- while ((dPElem = (Element) dPIter.nextNode()) != null) {
- String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", "");
- RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText);
- NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP");
- NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP");
-
- try
- {
- String caIssuerDN = nameParser.parse().getName();
-
- // check, if a mapping exists or make a new mapping
- Set dPsForCA = (Set) dPs.get(caIssuerDN);
- if (dPsForCA == null)
- {
- dPsForCA = new HashSet();
- dPs.put(caIssuerDN, dPsForCA);
- }
-
- // add the CRL distribution points of this CA to the set
- Element cRLDPElem;
- while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null)
- {
- CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, caIssuerDN);
- dPsForCA.add(cRLDP);
- }
-
- // add the OCSP distribution points of this CA to the set
- Element oCSPPElem;
- while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null)
- {
- OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(oCSPPElem, null);
- dPsForCA.add(oCSPDP);
- }
-}
- catch (RFC2253NameParserException e)
- {
- warn("config.13", new Object[] { caIssuerDNText }, e);
- }
-
- }
-
- return dPs;
- }
-
- /**
- * Build a distribution point from the DOM representation.
- *
- * @param dpElem The root element of the distribution point.
- *
- * @param issuerName The name of the CA issuing the CRL referred to by this DP, or null
- * if this DP refers to an OCSP responder.
- *
- * @return The distribution point.
- */
- private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName)
- {
- String uri = getElementValue(dpElem, CONF + "Location", null);
-
- if ("CRLDP".equals(dpElem.getLocalName()))
- {
- NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode");
- Element reasonCodeElem;
- StringBuffer reasonCodesSB = new StringBuffer();
- while ((reasonCodeElem = (Element)reasonCodesIter.nextNode()) != null)
- {
- if (reasonCodesSB.length() > 0) reasonCodesSB.append(" ");
- reasonCodesSB.append(getElementValue(reasonCodeElem, ".", "").trim());
- }
- return new CRLDistributionPoint(issuerName, uri, reasonCodesSB.toString());
- }
- else
- {
- return new OCSPDistributionPoint(uri);
- }
- }
-
- /**
- * Return the CRL archive duration.
- *
- * @return The value of the CRL archive duration setting from the configuration, or 0 if
- * no value is set in the configuration.
- */
- public int getRevocationArchiveDuration()
- {
- String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null);
- try
- {
- return Integer.parseInt(archiveDuration);
- }
- catch (NumberFormatException e)
- {
- warn("config.01", null);
- return 365;
- }
- }
-
- /**
- * Build the CreateTransformsInfoProfiles.
- *
- * @return The mapping from profile ID to profile.
- */
- public Map buildCreateTransformsInfoProfiles()
- {
- return loadProfiles(CREATE_TRANSFORMS_INFO_PROFILE_XPATH, "CreateTransformsInfoProfile");
- }
-
- /**
- * Build the CreateSignatureEnvironmentProfiles.
- *
- * @return The mapping from profile ID to profile.
- */
- public Map buildCreateSignatureEnvironmentProfiles()
- {
- return loadProfiles(CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, "CreateSignatureEnvironmentProfile");
- }
-
- /**
- * Build the VerifyTransformsInfoProfiles.
- *
- * @return The mapping from profile ID to profile.
- */
- public Map buildVerifyTransformsInfoProfiles()
- {
- return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile");
- }
-
- /**
- * Build the SupplementProfiles.
- *
- * @return The mapping from profile ID to profile.
- */
- public Map buildSupplementProfiles()
- {
- return loadProfiles(SUPPLEMENT_PROFILE_XPATH, "SupplementProfile");
- }
-
- /**
- * Load a profile mapping.
- *
- * @param xpath The XPath to select the profiles from the configuration.
- *
- * @param profileRoot The name of the profile root element.
- *
- * @return Map The profile ID to profile mapping.
- */
- private Map loadProfiles(String xpath, String profileRoot)
- {
- Map profiles = new HashMap();
- NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath);
- Element profileElem;
-
- while ((profileElem = (Element) profileIter.nextNode()) != null)
- {
- String id = getElementValue(profileElem, CONF + "Id", null);
- String fileName = getElementValue(profileElem, CONF + "Location", null);
-
- if (profiles.containsKey(id))
- {
- warn("config.04", new Object[] { profileRoot, id });
- }
- else
- {
- try
- {
- File profileFile = new File(fileName);
-
- // make profileFile absolute
- if (!profileFile.isAbsolute()) profileFile = new File(configRoot_, fileName);
-
- // load the profile
- info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile()});
- Element profile = loadProfile(profileFile);
-
- if (profile.getTagName().equals(profileRoot))
- {
- profiles.put(id, profile);
- }
- else
- {
- warn("config.02", new Object[] { profileRoot, id, fileName });
- }
- } catch (ConfigurationException e) {
- warn("config.03", new Object[] { profileRoot, id });
- }
- }
- }
-
- return profiles;
- }
-
- /**
- * Load a profile from a file.
- *
- * @param root The absolute directory path of the main configuration file.
- * @param profileFile The file containing the profile.
- * @return The profile in its DOM representation.
- * @throws ConfigurationException An error occurred loading the profile.
- */
- private Element loadProfile(File profileFile) throws ConfigurationException {
-
- Element profile;
-
- try {
- profile = parseXml(new FileInputStream(profileFile));
- } catch (Exception e) {
- throw new ConfigurationException("config.12", null, e);
- }
-
- return profile;
- }
-
- /**
- * Bulid the trust profile mapping.
- *
- * @return The profile ID to profile mapping.
- */
- public Map buildTrustProfiles()
- {
- Map trustProfiles = new HashMap();
- NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
- Element profileElem;
-
- while ((profileElem = (Element) profileIter.nextNode()) != null)
- {
- String id = getElementValue(profileElem, CONF + "Id", null);
- String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
- String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
-
- URI trustAnchorsLocURI = null;
- try
- {
- trustAnchorsLocURI = new URI(trustAnchorsLocStr);
- if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file
- trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr);
- }
- }
- catch (URIException e) {
- warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e);
- continue;
- }
- catch (MalformedURLException e)
- {
- warn("config.15", new Object[] {id}, e);
- continue;
- }
-
- File profileDir = new File(trustAnchorsLocURI.getPath());
- if (!profileDir.exists() || !profileDir.isDirectory()) {
- warn("config.27", new Object[] { "uri", id });
- continue;
- }
-
- if (trustProfiles.containsKey(id)) {
- warn("config.04", new Object[] { "TrustProfile", id });
- continue;
- }
-
- URI signerCertsLocURI = null;
- if (signerCertsLocStr != null && !"".equals(signerCertsLocStr))
- {
- try
- {
- signerCertsLocURI = new URI(signerCertsLocStr);
- if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr);
-
- File signerCertsDir = new File(signerCertsLocURI.getPath());
- if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) {
- warn("config.27", new Object[] { "signerCertsUri", id });
- continue;
- }
- }
- catch (URIException e) {
- warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e);
- continue;
- }
- catch (MalformedURLException e) {
- warn("config.15", new Object[] {id}, e);
- continue;
- }
- }
-
- signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
- TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr);
- trustProfiles.put(id, profile);
- }
-
- return trustProfiles;
- }
-
- /**
- * Returns the location of the certificate store.
- *
- * @return the location of the certificate store.
- */
- public String getCertStoreLocation()
- {
- String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null);
- File certStoreLocFile;
-
- // No value specified in configuration file: Set it to a reasonable (absolute) default
- if (certStoreLocStr == null)
- return new File(configRoot_, "certstore").getAbsolutePath();
-
- // Make cert store location an absolute value
- certStoreLocFile = new File(certStoreLocStr);
- if (!certStoreLocFile.isAbsolute())
- {
- certStoreLocFile = new File(configRoot_, certStoreLocStr);
- }
-
- // Check if cert store location exists, eventually try to create it
- if (!certStoreLocFile.isDirectory())
- {
- boolean created = false;
- try
- {
- created = certStoreLocFile.mkdirs();
- }
- finally
- {
- if (!created)
- {
- warn("config.32", new Object[] { certStoreLocFile.getAbsolutePath() });
- }
- }
- }
-
- return certStoreLocFile.getAbsolutePath();
- }
-
- //
- // various utility methods
- //
-
- /**
- * Parse a configuration XML file.
- *
- * @param inputStream The stream from which to read the XML data.
- * @return The DOM representation of the XML data.
- * @throws ParserConfigurationException XML parser not configured properly.
- * @throws SAXException An error parsing the XML file.
- * @throws IOException An error reading the stream.
- */
- private static Element parseXml(InputStream inputStream)
- throws ParserConfigurationException, SAXException, IOException {
- return DOMUtils
- .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
- .getDocumentElement();
- }
-
- /**
- * Return the value of an element located by an XPath.
- *
- * @param root The root element from which to evaluate the xpath.
- * @param xpath The XPath pointing to the element.
- * @param def The default value, if no element can be found with the given
- * xpath.
- * @return The element value or def, if the element cannot be
- * found.
- */
- private String getElementValue(Element root, String xpath, String def) {
-
- Element elem = (Element) XPathUtils.selectSingleNode(root, xpath);
- return elem != null ? DOMUtils.getText(elem) : def;
- }
-
- /**
- * Return the value of an attribute located by an XPath.
- *
- * @param root The root element from which to evaluate the xpath.
- * @param xpath The XPath pointing to the attribute.
- * @param def The default value, if no attribute can be found with the given
- * xpath.
- * @return The element value or def, if the attribute cannot be
- * found.
- */
- private String getAttributeValue(Element root, String xpath, String def) {
- Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath);
- return attr != null ? attr.getValue() : def;
- }
-
- /**
- * Log an info message.
- *
- * @param messageId The message ID.
- * @param parameters Additional parameters for the message.
- * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
- */
- private static void info(String messageId, Object[] parameters) {
- MessageProvider msg = MessageProvider.getInstance();
- Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
- }
-
- /**
- * Log a warning.
- *
- * @param messageId The message ID.
- * @param args Additional parameters for the message.
- * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
- */
- private void warn(String messageId, Object[] args) {
- MessageProvider msg = MessageProvider.getInstance();
- String txt = msg.getMessage(messageId, args);
-
- Logger.warn(new LogMsg(txt));
- warnings.add(txt);
- }
-
- /**
- * Log a warning.
- *
- * @param messageId The message ID.
- * @param args Additional parameters for the message.
- * @param t An exception being the cause of the warning.
- * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
- */
- private void warn(String messageId, Object[] args, Throwable t) {
- MessageProvider msg = MessageProvider.getInstance();
- String txt = msg.getMessage(messageId, args);
-
- Logger.warn(new LogMsg(txt), t);
- warnings.add(txt);
- }
-
- /**
- * Returns whether revocation information should be archived.
- *
- * @return whether revocation information should be archived.
- */
- public boolean getEnableRevocationArchiving()
- {
- String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null);
- return Boolean.valueOf(enableArchiving).booleanValue();
- }
-
- /**
- * Returns the JDBC URL for the revocation archive database.
- *
- * @return the JDBC URL for the revocation archive database, or nullnullConfiguration data is read from an XML file, whose location is given by
- * the moa.spss.server.configuration system property.
- * This class implements the Singleton pattern. The reload()
- * method can be used to update the configuration data. Therefore, it is not
- * guaranteed that consecutive calls to getInstance() will return
- * the same ConfigurationProvider all the time. During the
- * processing of a web service request, the current
- * TransactionContext should be used to obtain the
- * ConfigurationProvider local to that request.
- *
- * @author Patrick Peck
- * @author Sven Aigner
- * @version $Id$
- */
-public class ConfigurationProvider
-{
- /**
- * The name of the system property which contains the file name of the
- * configuration file.
- */
- public static final String CONFIG_PROPERTY_NAME =
- "moa.spss.server.configuration";
-
- /**
- * A fake IssuerAndSerial object for storing KeyGroup information
- * accessible by all clients.
- */
- private static final IssuerAndSerial ANONYMOUS_ISSUER_SERIAL =
- new IssuerAndSerial(new Name(), new BigInteger("0"));
-
- /** Singleton instance. null, if none has been created. */
- private static ConfigurationProvider instance;
-
- //
- // configuration data
- //
-
- /** The warnings generated when building the configuration. */
- private List warnings = new ArrayList();
-
- /** The default digest method algorithm name */
- private String digestMethodAlgorithmName;
-
- /** The default canonicalization algorithm name */
- private String canonicalizationAlgorithmName;
-
- /**
- * A List of HardwareCryptoModule objects for
- * configuring hardware modules.
- */
- private List hardwareCryptoModules;
-
- /**
- * A List of HardwareKey objects containing the
- * configuration data for hardware keys.
- */
- private List hardwareKeyModules;
-
- /**
- * A List of SoftwareKey objects containing the
- * configuration data for software keys.
- */
- private List softwareKeyModules;
-
- /**
- * A Map which contains a KeyGroupId (a String) to
- * KeyGroup mapping.
- */
- private Map keyGroups;
-
- /**
- * A Map which contains the IssuerAndSerial to
- * KeyGroup mapping.
- */
- private Map keyGroupMappings;
-
- /** The default chaining mode. */
- private String defaultChainingMode;
-
- /**
- * A Map which contains the IssuerAndSerial to
- * chaining mode (a String) mapping.
- */
- private Map chainingModes;
-
- /**
- * A Map which contains the CAIssuerDN (a String)
- * to distribution points (a Set of
- * DistributionPoints) mapping.
- */
- private Map distributionPoints;
-
- /**
- * The CRL archive duration.
- */
- private int cRLArchiveDuration;
-
- /**
- * Indicates whether revocation information should be archived.
- */
- private boolean enableRevocationArchiving_;
-
- /**
- * The location of the certificate store.
- */
- private String certStoreLocation_;
-
- /**
- * A Map which contains a mapping from
- * CreateSignatureEnvironmentProfile Ids (String) to
- * CreateSignatureEnvironmentProfile elements (an Element).
- */
- private Map createSignatureEnvironmentProfiles;
-
- /**
- * A Map which contains a mapping from
- * CreateTransformsInfoProfile Ids (String) to
- * CreateTransformsInfoProfile elements (an Element).
- */
- private Map createTransformsInfoProfiles;
-
- /**
- * A Map which contains a mapping from
- * VerifyTransformsInfoProfile Ids (String) to
- * VerifyTransformsInfoProfile elements (an Element).
- */
- private Map verifyTransformsInfoProfiles;
-
- /**
- * A Map which contains a mapping from
- * SupplementProfile Ids (String) to SupplementProfile elements
- * (an Element).
- */
- private Map supplementProfiles;
-
- /**
- * A Map which contains a TrustProfile Id (a String
- * to trust profile (a TrustProfile) mapping.
- */
- private Map trustProfiles;
-
- /**
- * The JDBC URL for the revocation archive database.
- */
- private String revocationArchiveJDBCURL_;
-
- /**
- * The JDBC driver class name for the revocation archive database.
- */
- private String revocationArchiveJDBCDriverClass_;
-
- /**
- * Indicates whether revocation checking should be done.
- */
- private boolean enableRevocationChecking_;
-
- /**
- * The maximum age of a revocation information for considering it still as valid.
- */
- private long maxRevocationAge_;
-
- /**
- * The service order for revocation checking.
- */
- private String[] serviceOrder_;
-
- /**
- * Indicates whether certificates found during certificate path construction
- * should be added to the certificate store.
- */
- private boolean autoAddCertificates_;
-
- /**
- * Indicates whether the certificate extension Authority Info Access should
- * be used during certificate path construction.
- */
- private boolean useAuthorityInfoAccess_;
-
- /**
- * Return the single instance of configuration data.
- *
- * @return MOAConfigurationProvider The current configuration data.
- * @throws ConfigurationException Failure to load the configuration data.
- */
- public static synchronized ConfigurationProvider getInstance()
- throws ConfigurationException {
-
- if (instance == null) {
- reload();
- }
- return instance;
- }
-
- /**
- * Reload the configuration data and set it if successful.
- *
- * @return MOAConfigurationProvider The loaded configuration data.
- * @throws ConfigurationException Failure to load the configuration data.
- */
- public static synchronized ConfigurationProvider reload()
- throws ConfigurationException {
- String fileName = System.getProperty(CONFIG_PROPERTY_NAME);
-
- if (fileName == null) {
- // find out where we are running and use the configuration provided
- // under WEB-INF/conf/moa-spss/MOA-SPSSConfiguration
- URL url = ConfigurationProvider.class.getResource("/");
- fileName =
- new File(url.getPath()).getParent()
- + "/conf/moa-spss/MOA-SPSSConfiguration.xml";
- info("config.05", new Object[] { CONFIG_PROPERTY_NAME });
- }
-
- instance = new ConfigurationProvider(fileName);
- return instance;
- }
-
- /**
- * Constructor for ConfigurationProvider.
- *
- * @param fileName The name of the configuration file.
- * @throws ConfigurationException An error occurred loading the configuration.
- */
- public ConfigurationProvider(String fileName) throws ConfigurationException {
- load(fileName);
- }
-
- /**
- * Load the configuration data from XML file with the given name and build
- * the internal data structures representing the MOA configuration.
- *
- * @param fileName The name of the XML file to load.
- * @throws ConfigurationException The MOA configuration could not be
- * read/built.
- */
- private void load(String fileName) throws ConfigurationException {
- FileInputStream stream = null;
- File configFile;
- File configRoot;
- Element configElem;
- ConfigurationPartsBuilder builder;
- List allKeyModules;
-
-
- // load the main config file
- try {
- configFile = new File(fileName);
- configRoot = new File(configFile.getParent());
- info("config.21", new Object[] { configFile.getAbsoluteFile()});
- stream = new FileInputStream(fileName);
- configElem = DOMUtils.parseXmlValidating(new FileInputStream(fileName));
- } catch (Throwable t) {
- throw new ConfigurationException("config.10", null, t);
- }
-
- // build the internal datastructures
- try {
- builder = new ConfigurationPartsBuilder(configElem, configRoot);
- digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
- canonicalizationAlgorithmName =
- builder.getCanonicalizationAlgorithmName();
- hardwareCryptoModules = builder.buildHardwareCryptoModules();
- hardwareKeyModules =
- builder.buildHardwareKeyModules(Collections.EMPTY_LIST);
- softwareKeyModules =
- builder.buildSoftwareKeyModules(hardwareKeyModules);
- allKeyModules = new ArrayList(hardwareKeyModules);
- allKeyModules.addAll(softwareKeyModules);
- keyGroups = builder.buildKeyGroups(allKeyModules);
- keyGroupMappings =
- builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
- defaultChainingMode = builder.getDefaultChainingMode();
- chainingModes = builder.buildChainingModes();
- useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
- autoAddCertificates_ = builder.getAutoAddCertificates();
- trustProfiles = builder.buildTrustProfiles();
- distributionPoints = builder.buildDistributionPoints();
- enableRevocationChecking_ = builder.getEnableRevocationChecking();
- maxRevocationAge_ = builder.getMaxRevocationAge();
- serviceOrder_ = builder.getServiceOrder();
- enableRevocationArchiving_ = builder.getEnableRevocationArchiving();
- cRLArchiveDuration = builder.getRevocationArchiveDuration();
- revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL();
- revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
- certStoreLocation_ = builder.getCertStoreLocation();
- createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles();
- createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles();
- verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles();
- supplementProfiles = builder.buildSupplementProfiles();
- warnings = new ArrayList(builder.getWarnings());
- } catch (Throwable t) {
- throw new ConfigurationException("config.11", null, t);
- } finally {
- try {
- if (stream != null) {
- stream.close();
- }
- } catch (IOException e) {
- // don't complain about this
- }
- }
- }
-
- /**
- * Returns the warnings encountered during building the configuration.
- *
- * @return A List of Strings, containing the
- * warning messages.
- */
- public List getWarnings() {
- return warnings;
- }
-
- /**
- * Return the name of the digest algorithm used during signature creation.
- *
- * @return The digest method algorithm name, or an empty String,
- * if none has been configured.
- */
- public String getDigestMethodAlgorithmName() {
- return digestMethodAlgorithmName;
- }
-
- /**
- * Return the name of the canonicalization algorithm used during signature
- * creation.
- *
- * @return The canonicalization algorithm name, or an empty
- * String if none has been configured.
- */
- public String getCanonicalizationAlgorithmName() {
- return canonicalizationAlgorithmName;
- }
-
- /**
- * Return the configured hardware crypto modules.
- *
- * @return A List of HardwareCryptoModule objects
- * containing the hardware crypto module configurations.
- */
- public List getHardwareCryptoModules() {
- return hardwareCryptoModules;
- }
-
- /**
- * Return the hardware key modules configuration.
- *
- * @return A List of HardwareKeyModule objects
- * containing the configuration of the hardware key modules.
- */
- public List getHardwareKeyModules() {
- return hardwareKeyModules;
- }
-
- /**
- * Return the software key module configuration.
- *
- * @return A List of SoftwareKeyModule objects
- * containing the configuration of the software key modules.
- */
- public List getSoftwareKeyModules() {
- return softwareKeyModules;
- }
-
- /**
- * Return the key group mapping.
- *
- * @return A mapping from key group ID (a String) to
- * KeyGroup mapping.
- */
- public Map getKeyGroups() {
- return keyGroups;
- }
-
- /**
- * Return the set of KeyGroupEntrys of a given key group, which a
- * client (identified by an issuer/serial pair) may access.
- *
- * @param issuer The issuer of the client certificate.
- * @param serial The serial number of the client certificate.
- * @param keyGroupId The ID of the key group.
- * @return A Set of all the KeyGroupEntrys in the
- * given key group, if the user may access them. Returns null, if
- * the user may not access the given key group or if the key group does not
- * exist.
- */
- public Set getKeyGroupEntries(
- Principal issuer,
- BigInteger serial,
- String keyGroupId) {
-
- IssuerAndSerial issuerAndSerial;
- Map mapping;
-
- if (issuer == null && serial == null) {
- issuerAndSerial = ANONYMOUS_ISSUER_SERIAL;
- } else {
- issuerAndSerial = new IssuerAndSerial(issuer, serial);
- }
-
- mapping = (Map) keyGroupMappings.get(issuerAndSerial);
- if (mapping != null) {
- KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId);
-
- if (keyGroup != null) {
- return keyGroup.getKeyGroupEntries();
- }
- }
-
- // If no key group is available for a client identified by a certificate,
- // try to find a key group in the anonymous key group mapping
- if (issuer != null || serial != null)
- {
- mapping = (Map) keyGroupMappings.get(ANONYMOUS_ISSUER_SERIAL);
- if (mapping != null)
- {
- KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId);
- if (keyGroup != null) return keyGroup.getKeyGroupEntries();
- }
- }
-
- return null;
- }
-
- /**
- * Return the chaining mode for a given trust anchor.
- *
- * @param trustAnchor The trust anchor for which the chaining mode should be
- * returned.
- * @return The chaining mode for the given trust anchor. If the trust anchor
- * has not been configured separately, the system default will be returned.
- */
- public String getChainingMode(X509Certificate trustAnchor) {
- Principal issuer = trustAnchor.getIssuerDN();
- BigInteger serial = trustAnchor.getSerialNumber();
- IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
-
- String mode = (String) chainingModes.get(issuerAndSerial);
- return mode != null ? mode : defaultChainingMode;
- }
-
- /**
- * Return the distribution points for a given CA.
- *
- * @param cert The certificate for which the distribution points should be
- * looked up. The issuer information is used to perform the lookup.
- *
- * @return A Set of DistributionPoint objects. The
- * set will be empty, if no distribution points have been configured
- * for this certificate.
- */
- public Set getDistributionPoints(X509Certificate cert)
- {
- try {
- RFC2253NameParser nameParser =
- new RFC2253NameParser(cert.getIssuerDN().toString());
- String caIssuerDN = nameParser.parse().getName();
- Set dps = (Set) distributionPoints.get(caIssuerDN);
-
- if (dps == null) {
- return Collections.EMPTY_SET;
- }
- return dps;
- } catch (RFC2253NameParserException e) {
- return Collections.EMPTY_SET;
- }
- }
-
- /**
- * Return the CRL archive duration.
- *
- * @return The duration of how long to keep CRL archive entries (measured in
- * days).
- */
- public int getCRLArchiveDuration() {
- return cRLArchiveDuration;
- }
-
- /**
- * Returns whether revocation information should be archived.
- *
- * @return whether revocation information should be archived.
- */
- public boolean getEnableRevocationArchiving()
- {
- return enableRevocationArchiving_;
- }
-
- /**
- * Returns the location of the certificate store.
- *
- * @return the location of the certificate store.
- */
- public String getCertStoreLocation()
- {
- return certStoreLocation_;
- }
-
- /**
- * Return a CreateTransformsInfoProfile with the given ID.
- *
- * @param id The CreateTransformsInfoProfile ID.
- * @return The CreateTransformsInfoProfile with the given
- * ID or null, if none exists.
- */
- public Element getCreateTransformsInfoProfile(String id) {
- return (Element) createTransformsInfoProfiles.get(id);
- }
-
- /**
- * Return a CreateSignatureEnvironmentProfile with the given ID.
- *
- * @param id The CreateSignatureEnvironmentProfile ID.
- * @return The CreateSignatureEnvironmentProfile with the given
- * ID or null, if none exists.
- */
- public Element getCreateSignatureEnvironmentProfile(String id) {
- return (Element) createSignatureEnvironmentProfiles.get(id);
- }
-
- /**
- * Return a VerifyTransformsInfoProfile with the given ID.
- *
- * @param id The VerifyTransformsInfoProfile ID.
- * @return The VerifyTransformsInfoProfile with the given ID or
- * null, if none exists.
- */
- public Element getVerifyTransformsInfoProfile(String id) {
- return (Element) verifyTransformsInfoProfiles.get(id);
- }
-
- /**
- * Return a SupplementProfile with the given ID.
- *
- * @param id The SupplementProfile ID.
- * @return The SupplementProfile with the given ID or
- * null, if none exists.
- */
- public Element getSupplementProfile(String id) {
- return (Element) supplementProfiles.get(id);
- }
-
- /**
- * Return a TrustProfile with the given ID.
- *
- * @param id The TrustProfile ID.
- * @return The TrustProfile with the given ID or
- * null, if none exists.
- */
- public TrustProfile getTrustProfile(String id) {
- return (TrustProfile) trustProfiles.get(id);
- }
-
- /**
- * Log a warning.
- *
- * @param messageId The message ID.
- * @param parameters Additional parameters for the message.
- * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
- */
- private static void info(String messageId, Object[] parameters) {
- MessageProvider msg = MessageProvider.getInstance();
- Logger.info(new LogMsg(msg.getMessage(messageId, parameters)));
- }
-
- /**
- * Log a warning.
- *
- * @param messageId The message ID.
- * @param args Additional parameters for the message.
- * @see at.gv.egovernment.moa.spss.server.util.MessageProvider
- */
- private void warn(String messageId, Object[] args) {
- MessageProvider msg = MessageProvider.getInstance();
- String txt = msg.getMessage(messageId, args);
-
- Logger.warn(new LogMsg(txt));
- warnings.add(txt);
- }
-
- /**
- * Returns the JDBC URL for the revocation archive database.
- *
- * @return the JDBC URL for the revocation archive database.
- */
- public String getRevocationArchiveJDBCURL()
- {
- return revocationArchiveJDBCURL_;
- }
-
- /**
- * Returns the JDBC driver class name for the revocation archive database.
- *
- * @return the JDBC driver class name for the revocation archive database.
- */
- public String getRevocationArchiveJDBCDriverClass()
- {
- return revocationArchiveJDBCDriverClass_;
- }
-
- /**
- * Returns whether revocation checking should be done.
- *
- * @return whether revocation checking should be done.
- */
- public boolean getEnableRevocationChecking()
- {
- return enableRevocationChecking_;
- }
-
- /**
- * Returns the maximum age of a revocation information for considering it
- * still as valid.
- *
- * @return the maximum age of a revocation information for considering it
- * still as valid.
- */
- public long getMaxRevocationAge()
- {
- return maxRevocationAge_;
- }
-
- /**
- * Returns the service order for revocation checking.
- *
- * @return the service order for revocation checking. Valid array entries are
- * {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}.
- */
- public String[] getServiceOrder()
- {
- return serviceOrder_;
- }
-
- /**
- * Returns whether certificates found during certificate path construction
- * should be added to the certificate store.
- *
- * @return whether certificates found during certificate path construction
- * should be added to the certificate store.
- */
- public boolean getAutoAddCertificates()
- {
- return autoAddCertificates_;
- }
-
- /**
- * Returns whether the certificate extension Authority Info Access should
- * be used during certificate path construction.
- *
- * @return whether the certificate extension Authority Info Access should
- * be used during certificate path construction.
- */
- public boolean getUseAuthorityInfoAccess()
- {
- return useAuthorityInfoAccess_;
- }
-
-}
\ No newline at end of file
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java
deleted file mode 100644
index 5c0646449..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java
+++ /dev/null
@@ -1,38 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-/**
- * Abstract base class for distribution points.
- *
- * @author Gregor Karlinger
- * @version $Id$
- * */
-public abstract class DistributionPoint implements iaik.pki.revocation.DistributionPoint
-{
- /**
- * The distribution point URI.
- */
- private String uri_;
-
- /**
- * Create a DistributionPoint with a URI.
- *
- * @param uri The URI of the distribution point.
- */
- public DistributionPoint(String uri)
- {
- uri_ = uri;
- }
-
- /**
- * @see iaik.pki.revocation.DistributionPoint#getType()
- */
- public abstract String getType();
-
- /**
- * @see iaik.pki.revocation.DistributionPoint#getUri()
- */
- public String getUri()
- {
- return uri_;
- }
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java
deleted file mode 100644
index 62e8d63a6..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java
+++ /dev/null
@@ -1,60 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-/**
- * Contains configuration data for a hardware crypto module.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class HardwareCryptoModule {
- /** The name of the module. */
- private String name;
- /** The slod ID of the module. */
- private String slotID;
- /** The user PIN of the module. */
- private String userPIN;
-
- /**
- * Create a new HardwareCryptoModule.
- *
- * @param name The name of this HardwareCryptoModule.
- * @param slotID The slot ID of this HardwareCryptoModule.
- * @param userPIN The user PIN to access this
- * HardwareCryptoModule.
- */
- public HardwareCryptoModule(String name, String slotID, String userPIN) {
- this.name = name;
- this.slotID = slotID;
- this.userPIN = userPIN;
- }
-
- /**
- * Returns the name of this HardwareCryptoModule.
- *
- * @return The name of this HardwareCryptoModule.
- */
- public String getName() {
- return name;
- }
-
- /**
- * Returns the slot ID of this HardwareCryptoModule.
- *
- * @return The slot ID.
- */
- public String getSlotID() {
- return slotID;
- }
-
-
- /**
- * Returns the user PIN of this HardwareCryptoModule.
- *
- * @return The user PIN used to access the module.
- */
- public String getUserPIN() {
- return userPIN;
- }
-
-
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java
deleted file mode 100644
index 622c8d110..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java
+++ /dev/null
@@ -1,59 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-/**
- * A class that contains information about a hardware key module.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class HardwareKeyModule extends KeyModule {
- /** The name of the module. */
- private String name;
- /** The slod ID of the module. */
- private String slotID;
- /** The user PIN of the module. */
- private String userPIN;
-
- /**
- * Create a new HardwareKey.
- *
- * @param id The key module ID.
- * @param name The name of the key.
- * @param slotID The slot ID of the key within the hardware module. May be
- * null.
- * @param userPIN The user PIN to access the key.
- */
- public HardwareKeyModule(String id, String name, String slotID, String userPIN) {
- super(id);
- this.name = name;
- this.slotID = slotID;
- this.userPIN = userPIN;
- }
-
- /**
- * Return the name of this HardwareKey.
- *
- * @return The name of this HardwareKey.
- */
- public String getName() {
- return name;
- }
-
- /**
- * Return the slot ID of this HardwareKey.
- *
- * @return The slot ID of this HardwareKey.
- */
- public String getSlotID() {
- return slotID;
- }
-
- /**
- * Return the user PIN to access this HardwareKey.
- *
- * @return The user PIN to access this HardwareKey.
- */
- public String getUserPIN() {
- return userPIN;
- }
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java
deleted file mode 100644
index 0814c90d6..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java
+++ /dev/null
@@ -1,125 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-import java.math.BigInteger;
-import java.security.Principal;
-
-import iaik.asn1.structures.Name;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
-/**
- * A class containing the issuer and serial number of a certificate, which can
- * be used to uniquely identify the certificate.
- *
- * The issuer is contained as an RFC2253 encoded String.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class IssuerAndSerial {
-
- /** The issuer distinguished name. */
- private String issuerDN;
- /** The certificate serial number. */
- private BigInteger serial;
-
- /**
- * Create an IssuerAndSerial object.
- *
- * The name of the issuer is converted to RFC2253. If it cannot be parsed, the
- * DN contained in the issuer is set.
- *
- * @param issuer The isser of a certificate.
- * @param serial The serial number of the certificate.
- */
- public IssuerAndSerial(Principal issuer, BigInteger serial) {
- String issuerDN = null;
- if (issuer instanceof Name) {
- try {
- issuerDN = ((Name)issuer).getRFC2253String();
- } catch (RFC2253NameParserException e) {
- // do nothing
- }
- }
- if (issuerDN == null) {
- RFC2253NameParser parser = new RFC2253NameParser(issuer.getName());
- try {
- issuerDN = ((Name)parser.parse()).getRFC2253String();
- } catch (RFC2253NameParserException e) {
- issuerDN = issuer.getName();
- }
- }
- this.serial = serial;
- this.issuerDN = issuerDN;
- }
-
- /**
- * Create an IssuerAndSerial object.
- *
- * @param issuerDN The issuer distinguished name. Should be an RFC2253 name.
- * @param serial The serial number of the certificate.
- */
- public IssuerAndSerial(String issuerDN, BigInteger serial) {
- this.issuerDN = issuerDN;
- this.serial = serial;
- }
-
- /**
- * Return the issuer DN in RFC2253 format.
- *
- * @return The issuer part of this object.
- */
- public String getIssuerDN() {
- return issuerDN;
- }
-
- /**
- * Return the serial number.
- *
- * @return The serial number of this object.
- */
- public BigInteger getSerial() {
- return serial;
- }
-
- /**
- * Compare this IssuerAndSerial to another object.
- *
- * @param other The object to compare this IssuerAndSerial to.
- * @return true, if other is an
- * IssuerAndSerial object and the issuer and
- * serial fields are both equal. false otherwise.
- * @see java.lang.Object#equals(java.lang.Object)
- */
- public boolean equals(Object other) {
- if (other instanceof IssuerAndSerial) {
- IssuerAndSerial ias = (IssuerAndSerial) other;
- return getIssuerDN().equals(ias.getIssuerDN())
- && getSerial().equals(ias.getSerial());
- }
- return false;
- }
-
- /**
- * Return the hash code of this IssuerAndSerial.
- *
- * @return The hash code of this IssuerAndSerial.
- * @see java.lang.Object#hashCode()
- */
- public int hashCode() {
- return issuerDN.hashCode() ^ serial.hashCode();
- }
-
- /**
- * Return a String representation of this
- * IssuerAndSerial object.
- *
- * @return The String representation.
- * @see java.lang.Object#toString()
- */
- public String toString() {
- return ("(IssuerAndSerial - Issuer<" + getIssuerDN())
- + ("> Serial<" + serial.toString() + ">)");
- }
-
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
deleted file mode 100644
index 5fd108e1a..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
+++ /dev/null
@@ -1,69 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-import java.util.Iterator;
-import java.util.Set;
-
-/**
- * A collection of KeyGroupEntrys with its own ID.
- *
- * @author Sven Aigner
- * @author Patrick Peck
- * @version $Id$
- */
-public class KeyGroup {
-
- /** The keys belonging to this key group. */
- private Set keyGroupEntries;
- /** The key group ID. */
- private String id;
-
- /**
- * Create a KeyGroup.
- *
- * @param id The ID of this KeyGroup.
- * @param keyGroupEntries The keys belonging to this KeyGroup.
- */
- public KeyGroup(String id, Set keyGroupEntries) {
- this.id = id;
- this.keyGroupEntries = keyGroupEntries;
- }
-
- /**
- * Return the KeyEntrys contained in this KeyGroup.
- *
- * @return The KeyEntrys contained in this KeyGroup.
- */
- public Set getKeyGroupEntries() {
- return keyGroupEntries;
- }
-
- /**
- * Return the ID of this KeyGroup.
- *
- * @return The KeyGroup ID.
- */
- public String getId() {
- return id;
- }
-
- /**
- * Return a String representation of this KeyGroup.
- *
- * @return The String representation.
- * @see java.lang.Object#toString()
- */
- public String toString() {
- StringBuffer sb = new StringBuffer();
- Iterator i;
-
- if (getKeyGroupEntries() != null) {
- i = getKeyGroupEntries().iterator();
-
- while (i.hasNext()) {
- sb.append(" " + i.next());
- }
- }
- return "(KeyGroup - ID:" + id + " " + sb.toString() + ")";
- }
-
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java
deleted file mode 100644
index 2e39d6aa3..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java
+++ /dev/null
@@ -1,106 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-import java.math.BigInteger;
-
-/**
- * A class containing information about an entry in a key group.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class KeyGroupEntry {
- /** The module ID of the key. */
- private String moduleID;
- /** The issuer DN of the certificate identifying the key. */
- private String issuerDN;
- /** The serial number of the certificate identifying the key. */
- private BigInteger serialNumber;
-
- /**
- * Create a new KeyGroupEntry.
- *
- * @param moduleID The key module ID to which this entry belongs to.
- * @param issuerAndSerial The issuer and serial number which uniquely
- * identifies a certificate within the key module.
- */
- public KeyGroupEntry(String moduleID, IssuerAndSerial issuerAndSerial) {
- this.moduleID = moduleID;
- this.issuerDN = issuerAndSerial.getIssuerDN();
- this.serialNumber = issuerAndSerial.getSerial();
- }
-
- /**
- * Create a new KeyGroupEntry.
- *
- * @param moduleID The key module ID to which this entry belongs to.
- * @param issuerDN The isser DN of the certificate within the key module.
- * @param serialNumber The serial number of the certificate within the key
- * module.
- */
- public KeyGroupEntry(
- String moduleID,
- String issuerDN,
- BigInteger serialNumber) {
- this.moduleID = moduleID;
- this.issuerDN = issuerDN;
- this.serialNumber = serialNumber;
- }
-
- /**
- * Return the key module ID to which this KeyGroupEntry belongs
- * to.
- *
- * @return The key module ID.
- */
- public String getModuleID() {
- return moduleID;
- }
-
- /**
- * Return the issuer DN of this KeyGroupEntry for identifying the
- * certificate within the key module.
- *
- * @return The issuer DN of the certificate.
- */
- public String getIssuerDN() {
- return issuerDN;
- }
-
- /**
- * Return the serial number of this KeyGroupEntry for identifying
- * the certificate within the key module.
- *
- * @return The serial number of the certificate.
- */
- public BigInteger getSerialNumber() {
- return serialNumber;
- }
-
- /**
- * Compare this KeyGroupEntry to another.
- *
- * @param other The KeyGroupEntry to compare to.
- * @return true, if module ID, isser DN and serial number of
- * other match the ones contained in this object, otherwise
- * false.
- * @see java.lang.Object#equals(Object)
- */
- public boolean equals(Object other) {
- if (other instanceof KeyGroupEntry) {
- KeyGroupEntry entry = (KeyGroupEntry) other;
- return getModuleID().equals(entry.getModuleID())
- && getIssuerDN().equals(entry.getIssuerDN())
- && getSerialNumber().equals(entry.getSerialNumber());
- }
- return false;
- }
-
- /**
- * @see java.lang.Object#hashCode()
- */
- public int hashCode() {
- return getModuleID().hashCode()
- ^ getIssuerDN().hashCode()
- ^ getSerialNumber().hashCode();
- }
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyModule.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyModule.java
deleted file mode 100644
index 412516d82..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/KeyModule.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-/**
- * A class that contains information about a key module.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class KeyModule {
-
- /** The key module ID. */
- private String id;
-
- /**
- * Create a Key object.
- *
- * @param id The key module ID.
- */
- public KeyModule(String id) {
- this.id = id;
- }
-
- /**
- * Return the key ID.
- *
- * @return The key ID.
- */
- public String getId() {
- return id;
- }
-
- /**
- * Return a String representation of this Key.
- *
- * @return The String representation.
- * @see java.lang.Object#toString()
- */
- public String toString() {
- return "(Key - Id<" + id + ">)";
- }
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java
deleted file mode 100644
index e4509ac97..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java
+++ /dev/null
@@ -1,33 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-import iaik.pki.revocation.RevocationSourceTypes;
-
-/**
- * A class representing a CRL distribution point.
- *
- * @author Gregor Karlinger
- * @version $Id$
- */
-public class OCSPDistributionPoint
- extends DistributionPoint
- implements iaik.pki.revocation.DistributionPoint
-{
- /**
- * Create a OCSPDistributionPoint with a URI.
- *
- * @param uri The URI of the ocsp distribution point.
- */
- public OCSPDistributionPoint(String uri)
- {
- super(uri);
- }
-
- /**
- * @see iaik.pki.revocation.DistributionPoint#getType()
- */
- public String getType()
- {
- return RevocationSourceTypes.OCSP;
- }
-
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java
deleted file mode 100644
index 479e98ca5..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-/**
- * A class containing information about a software key, stored in PKCS12 format.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class SoftwareKeyModule extends KeyModule {
- /** The name of the file containing the keys. */
- private String fileName;
- /** The password for accessing the file. */
- private String passWord;
-
- /**
- * Create a new SoftwareKey.
- *
- * @param id The key ID.
- * @param fileName The name of the PKCS12 keystore file containing the key.
- * @param passWord The password to access the keystore file.
- */
- public SoftwareKeyModule(String id, String fileName, String passWord) {
- super(id);
- this.fileName = fileName;
- this.passWord = passWord;
- }
-
- /**
- * Return the name of the PKCS12 keystore file containing this
- * SoftwareKey.
- *
- * @return The name of the PKCS12 keystore file.
- */
- public String getFileName() {
- return fileName;
- }
-
- /**
- * Return the password to access the keystore file.
- *
- * @return The password to access the keystore file.
- */
- public String getPassWord() {
- return passWord;
- }
-
-
-}
diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
deleted file mode 100644
index 929d5ce2b..000000000
--- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package at.gv.egovernment.moa.spss.server.config;
-
-/**
- * Information about a trust profile.
- *
- * @author Patrick Peck
- * @version $Id$
- */
-public class TrustProfile {
- /** The ID of the trust profile. */
- private String id;
- /** The URI giving the location of the trust profile. */
- private String uri;
- /** The URI giving the location of the allowed signer certificates. */
- private String signerCertsUri;
-
- /**
- * Create a TrustProfile.
- *
- * @param id The ID of the TrustProfile to create.
- * @param uri The URI of the TrustProfile to create.
- * @param signerCertsUri The URI of the location of the allowed signer
- * certificates of the TrustProfile to create.
- */
- public TrustProfile(String id, String uri, String signerCertsUri) {
- this.id = id;
- this.uri = uri;
- this.signerCertsUri = signerCertsUri;
- }
-
- /**
- * Return the ID of this TrustProfile.
- *
- * @return The TrustProfile ID.
- */
- public String getId() {
- return id;
- }
-
- /**
- * Return the URI of this TrustProfile.
- *
- * @return The URI of TrustProfile.
- */
- public String getUri() {
- return uri;
- }
-
- /**
- * Return the URI giving the location of the allowed signer certificates
- * of this TrustProfile.
- *
- * @return The URI of TrustProfile.
- */
- public String getSignerCertsUri() {
- return signerCertsUri;
- }
-}
--
cgit v1.2.3