package at.gv.egovernment.moa.spss.server.iaik.config;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import iaik.pki.revocation.RevocationSourceTypes;
import iaik.pki.store.revocation.RevocationFactory;
import iaik.pki.store.revocation.RevocationSourceStore;
import iaik.pki.store.truststore.TrustStoreFactory;
import iaik.server.ConfigurationData;
import iaik.server.Configurator;
import iaik.server.modules.keys.KeyEntryID;
import iaik.server.modules.keys.KeyModule;
import iaik.server.modules.keys.KeyModuleFactory;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.KeyGroup;
import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.util.MessageProvider;
/**
* A class responsible for configuring the IAIK MOA modules.
*
* @author Patrick Peck
* @version $Id$
*/
public class IaikConfigurator {
/** The warnings encountered during configuration. */
private List warnings = new ArrayList();
/**
* Configure the IAIK MOA subsystem.
*
*
* @param moaConfig The underlying MOA configuration.
* @throws ConfigurationException An error occurred configuring the IAIK
* MOA subsystem.
*/
public void configure(ConfigurationProvider moaConfig)
throws ConfigurationException {
ConfigurationData configData = new ConfigurationDataImpl(moaConfig);
warnings = new ArrayList();
try {
TransactionId transId = new TransactionId("IaikConfigurator");
Configurator.init(configData, transId);
// Set customized CRL retriever to overcome a classloader problem when MOA is deployed in Tomcat
RevocationSourceStore rss = RevocationFactory.getInstance(transId).getRevocationSourceStore();
rss.setRetriever(new CRLRetriever(), RevocationSourceTypes.CRL);
dumpKeyEntryIDs();
checkKeyGroupConfig(moaConfig);
TrustStoreFactory.reset();
} catch (iaik.server.ConfigurationException e) {
throw new ConfigurationException("config.08", null, e);
} catch (Throwable t) {
throw new ConfigurationException("config.08", null, t);
}
}
/**
* Return the warnings encountered during configuration.
*
* @return The warnings.
*/
public List getWarnings() {
return warnings;
}
/**
* Dump all KeyEntryID
s contained in the configured
* KeyModule
s to the log file.
*/
private void dumpKeyEntryIDs() {
MessageProvider msg = MessageProvider.getInstance();
KeyModule module = KeyModuleFactory.getInstance(new TransactionId("dump"));
Set keyEntryIds = module.getPrivateKeyEntryIDs();
Iterator iter;
for (iter = keyEntryIds.iterator(); iter.hasNext();) {
KeyEntryID keyEntryId = (KeyEntryID) iter.next();
Logger.info(
new LogMsg(msg.getMessage("config.19", new Object[] { keyEntryId })));
}
}
/**
* Check that each key group entry in each key group can be resolved to a
* KeyEntryID.
*
* Logs a warning for each key group entry that cannot be resolved.
*
* @param moaConfig The MOA configuration to check.
*/
private void checkKeyGroupConfig(ConfigurationProvider moaConfig) {
Map keyGroups = moaConfig.getKeyGroups();
Iterator iter;
for (iter = keyGroups.values().iterator(); iter.hasNext();) {
KeyGroup keyGroup = (KeyGroup) iter.next();
Set keyGroupEntries = keyGroup.getKeyGroupEntries();
Iterator kgIter;
for (kgIter = keyGroupEntries.iterator(); kgIter.hasNext();) {
KeyGroupEntry entry = (KeyGroupEntry) kgIter.next();
if (!findKeyEntryID(entry)) {
warn(
"config.31",
new Object[] {
keyGroup.getId(),
entry.getModuleID(),
entry.getIssuerDN(),
entry.getSerialNumber()});
}
}
}
}
/**
* Find out that a certain KeyGroupEntry could be resolved to a KeyEntryID
* by the Configurator.
*
* @param keyGroupEntry The key group entry to find.
* @return true
, if the keyGroupEntry
could be
* resolved to a KeyEntryID
; otherwise false
.
*/
private boolean findKeyEntryID(KeyGroupEntry keyGroupEntry) {
KeyModule module = KeyModuleFactory.getInstance(new TransactionId("check"));
Set keyEntryIDs = module.getPrivateKeyEntryIDs();
Iterator iter;
for (iter = keyEntryIDs.iterator(); iter.hasNext();) {
KeyEntryID entry = (KeyEntryID) iter.next();
if (entry.getCertificateIssuer().equals(keyGroupEntry.getIssuerDN())
&& entry.getCertificateSerialNumber().equals(
keyGroupEntry.getSerialNumber())
&& entry.getModuleID().equals(keyGroupEntry.getModuleID())) {
return true;
}
}
return false;
}
/**
* Log a warning.
*
* @param messageId The message ID.
* @param args Additional parameters for the message.
* @see at.gv.egovernment.moa.spss.server.util.MessageProvider
*/
private void warn(String messageId, Object[] args) {
MessageProvider msg = MessageProvider.getInstance();
String txt = msg.getMessage(messageId, args);
Logger.warn(new LogMsg(txt));
warnings.add(txt);
}
}