diff options
| author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2015-11-03 14:38:34 +0100 |
|---|---|---|
| committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2015-11-03 14:38:34 +0100 |
| commit | 0872d2d8a64fd701776b272f49222428d8def07f (patch) | |
| tree | 0954a523ad2cc7ad615dbbae5282dd56497e4c6e /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server | |
| parent | e635718b8d6a12e4e80207c8bdf30b02eed3f2ab (diff) | |
| download | moa-sig-0872d2d8a64fd701776b272f49222428d8def07f.tar.gz moa-sig-0872d2d8a64fd701776b272f49222428d8def07f.tar.bz2 moa-sig-0872d2d8a64fd701776b272f49222428d8def07f.zip | |
initial commit
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server')
89 files changed, 16281 insertions, 0 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java new file mode 100644 index 0000000..bb2589a --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java @@ -0,0 +1,178 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.spss.server.config; + +import iaik.asn1.structures.Name; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.utils.RFC2253NameParserException; + +import java.util.HashMap; +import java.util.Map; +import java.util.StringTokenizer; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; + +import at.gv.egovernment.moa.spss.util.MessageProvider; + +/** + * A class representing a CRL distribution point. + * + * @author Sven Aigner + * @author Patrick Peck + * @version $Id$ + */ +public class CRLDistributionPoint extends DistributionPoint implements iaik.pki.revocation.CRLDistributionPoint { + + private static Map RC_MAPPING = new HashMap(); + + static { + + // create the mapping between reason code strings and their integer + // values + RC_MAPPING.put("unused", new Integer(iaik.asn1.structures.DistributionPoint.unused)); + RC_MAPPING.put("keyCompromise", new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise)); + RC_MAPPING.put("cACompromise", new Integer(iaik.asn1.structures.DistributionPoint.cACompromise)); + RC_MAPPING.put("affiliationChanged", new Integer(iaik.asn1.structures.DistributionPoint.affiliationChanged)); + RC_MAPPING.put("superseded", new Integer(iaik.asn1.structures.DistributionPoint.superseded)); + RC_MAPPING.put("cessationOfOperation", + new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation)); + RC_MAPPING.put("certificateHold", new Integer(iaik.asn1.structures.DistributionPoint.certificateHold)); + RC_MAPPING.put("privilegeWithdrawn", new Integer(iaik.asn1.structures.DistributionPoint.privilegeWithdrawn)); + RC_MAPPING.put("aACompromise", new Integer(iaik.asn1.structures.DistributionPoint.aACompromise)); + } + + /** + * The name of the CA issuing the CRL referred to by this DP. + */ + private String issuerName_; + + /** + * The reason codes applicable for the distribution point. + */ + private int reasonCodes; + + /** + * Create a <code>CRLDistributionPoint</code>. + * + * @param issuerName + * The name of the CA issuing the CRL referred to by this DP. + * + * @param uri + * The URI of the distribution point. + * + * @param reasonCodeStr + * A list of reason codes (a space-separated enumeration). + */ + public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) { + super(uri); + issuerName_ = issuerName; + this.reasonCodes = extractReasonCodes(reasonCodeStr); + } + + /** + * @see DistributionPoint#getType() + */ + public String getType() { + return RevocationSourceTypes.CRL; + } + + /** + * Convert a list of reason codes provided as a <code>String</code> to a + * binary representation. + * + * @param reasonCodeStr + * A <code>String</code> containing a blank-separated, textual + * representation of reason codes. + * @return int A binary representation of reason codes. + * @see iaik.asn1.structures.DistributionPoint + */ + private int extractReasonCodes(String reasonCodeStr) { + int codes = 0; + StringTokenizer tokenizer = new StringTokenizer(reasonCodeStr); + String token; + Integer reasonCode; + + while (tokenizer.hasMoreTokens()) { + token = tokenizer.nextToken(); + reasonCode = (Integer) RC_MAPPING.get(token); + if (reasonCode != null) { + codes |= reasonCode.intValue(); + } else { + MessageProvider msg = MessageProvider.getInstance(); + Logger.warn(new LogMsg(msg.getMessage("config.07", new Object[] { token }))); + } + } + + // If reasonCodeStr is empty, set all possible reason codes + if (codes == 0) + codes = iaik.asn1.structures.DistributionPoint.unused | iaik.asn1.structures.DistributionPoint.keyCompromise + | iaik.asn1.structures.DistributionPoint.cACompromise + | iaik.asn1.structures.DistributionPoint.affiliationChanged + | iaik.asn1.structures.DistributionPoint.superseded + | iaik.asn1.structures.DistributionPoint.cessationOfOperation + | iaik.asn1.structures.DistributionPoint.certificateHold + | iaik.asn1.structures.DistributionPoint.privilegeWithdrawn + | iaik.asn1.structures.DistributionPoint.aACompromise; + + return codes; + } + + /** + * Return a binary representation of the reason codes of this distribution + * point. + * + * @return The binary representation of the reason codes. + */ + public int getReasonCodes() { + return reasonCodes; + } + + /** + * Return a <code>String</code> representation of this distribution point. + * + * @return The <code>String</code> representation of this distribution + * point. + * @see java.lang.Object#toString() + */ + public String toString() { + return "(DistributionPoint - " + ("URI<" + getUri()) + ("> REASONCODES<" + getReasonCodes() + ">)"); + } + + /** + * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName() + */ + public String getIssuerName() { + return issuerName_; + } + + @Override + public Name getIssuerDN() { + try { + return new Name(this.issuerName_); + } catch (RFC2253NameParserException e) { + throw new RuntimeException(e); + } + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java new file mode 100644 index 0000000..6546e88 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java @@ -0,0 +1,63 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +import at.gv.egovernment.moa.spss.MOASystemException; + +/** + * Exception signalling an error in the configuration. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ConfigurationException extends MOASystemException { + + /** + * + */ + private static final long serialVersionUID = -1934466124930228755L; + +/** + * Create a <code>ConfigurationException</code>. + * + * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[]) + */ + public ConfigurationException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * Create a <code>ConfigurationException</code>. + * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[], Throwable) + */ + public ConfigurationException( + String messageId, + Object[] parameters, + Throwable wrapped) { + + super(messageId, parameters, wrapped); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java new file mode 100644 index 0000000..af67d30 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -0,0 +1,1825 @@ +/* + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +import iaik.asn1.structures.Name; +//import iaik.ixsil.exceptions.URIException; +//import iaik.ixsil.util.URI; +import iaik.pki.pathvalidation.ChainingModes; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.server.modules.xml.BlackListEntry; +import iaik.server.modules.xml.ExternalReferenceChecker; +import iaik.server.modules.xml.WhiteListEntry; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; +import iaik.xml.crypto.utils.URI; +import iaik.xml.crypto.utils.URIException; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.net.MalformedURLException; +import java.security.Principal; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Calendar; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.xml.bind.DatatypeConverter; +import javax.xml.parsers.ParserConfigurationException; + +import org.w3c.dom.Attr; +import org.w3c.dom.Element; +import org.w3c.dom.traversal.NodeIterator; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; +import at.gv.egovernment.moa.spss.api.impl.TSLConfigurationImpl; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * A class that builds configuration data from a DOM based representation. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ConfigurationPartsBuilder { + + // + // XPath namespace prefix shortcuts + // + + private static final String CONF = Constants.MOA_CONFIG_PREFIX + ":"; + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + + // + // chaining mode constants appearing in the configuration file + // + + private static final String CM_CHAINING = "chaining"; + private static final String CM_PKIX = "pkix"; + + // + // XPath expressions to select certain parts of the configuration + // + + private static final String ROOT = "/" + CONF + "MOAConfiguration/"; + + private static final String PDFAS_CONFIGURATION_XPATH = + ROOT + CONF + "PDFASConfig"; + + private static final String DIGEST_METHOD_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "XMLDSig/" + + CONF + "DigestMethodAlgorithm"; + private static final String XADES_VERSION_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "XAdES/" + + CONF + "Version"; + private static final String C14N_ALGORITHM_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "XMLDSig/" + + CONF + "CanonicalizationAlgorithm"; + private static final String HARDWARE_CRYPTO_MODULE_XPATH = + ROOT + CONF + "Common/" + + CONF + "HardwareCryptoModule"; + private static final String PERMIT_EXTERNAL_URIS_XPATH = + ROOT + CONF + "Common/" + + CONF + "PermitExternalUris"; + private static final String BLACK_LIST_URIS_XPATH = + ROOT + CONF + "Common/" + + CONF + "PermitExternalUris/" + + CONF + "BlackListUri"; + private static final String FORBID_EXTERNAL_URIS_XPATH = + ROOT + CONF + "Common/" + + CONF + "ForbidExternalUris"; + private static final String WHITE_LIST_URIS_XPATH = + ROOT + CONF + "Common/" + + CONF + "ForbidExternalUris/" + + CONF + "WhiteListUri"; + + private static final String HARDWARE_KEY_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyModules/" + + CONF + "HardwareKeyModule"; + private static final String SOFTWARE_KEY_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyModules/" + + CONF + "SoftwareKeyModule"; + private static final String KEYGROUP_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyGroup"; + private static final String KEYGROUP_MAPPING_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyGroupMapping"; + private static final String ISSUER_XPATH = + DSIG + "X509IssuerName"; + private static final String SERIAL_XPATH = + DSIG + "X509SerialNumber"; + private static final String CERTSTORE_LOCATION_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "CertificateStore/" + + CONF + "DirectoryStore/" + + CONF + "Location"; + private static final String AUTO_ADD_CERTIFICATES_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "AutoAddCertificates"; + private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "UseAuthorityInformationAccess"; + private static final String CHAINING_MODES_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathValidation/" + + CONF + "ChainingMode"; + private static final String CHAINING_MODES_DEFAULT_XPATH = + CHAINING_MODES_XPATH + "/" + + CONF + "DefaultMode"; + private static final String TRUST_ANCHOR_XPATH = + CHAINING_MODES_XPATH + "/" + + CONF + "TrustAnchor"; + private static final String TRUST_PROFILE_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathValidation/" + + CONF + "TrustProfile"; + private static final String DISTRIBUTION_POINTS_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "DistributionPoint"; + private static final String CRL_RETENTION_INTERVALS_CA_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "CrlRetentionIntervals/" + + CONF + "CA"; + private static final String ENABLE_REVOCATION_CHECKING_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "EnableChecking"; + private static final String MAX_REVOCATION_AGE_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "MaxRevocationAge"; + private static final String REVOCATION_SERVICEORDER_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "ServiceOrder/" + + CONF + "Service"; + private static final String ENABLE_ARCHIVING_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "EnableArchiving"; + private static final String CRL_ARCHIVE_DURATION_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "ArchiveDuration"; + private static final String ACHIVE_JDBC_URL_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "Archive/" + + CONF + "DatabaseArchive/" + + CONF + "JDBCURL"; + private static final String ACHIVE_JDBC_DRIVER_CLASS_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "Archive/" + + CONF + "DatabaseArchive/" + + CONF + "JDBCDriverClassName"; + private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "CreateTransformsInfoProfile"; + private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "CreateSignatureEnvironmentProfile"; + private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "VerifyTransformsInfoProfile"; + private static final String SUPPLEMENT_PROFILE_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "SupplementProfile"; + private static final String PERMIT_FILE_URIS_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "PermitFileURIs"; + + private static final String TSL_CONFIGURATION_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "TSLConfiguration/"; + // + // default values for configuration parameters + // + + /** The accepted canonicalization algorithm URIs, as an array */ + private static final String[] ACCEPTED_C14N_ALGORITHMS_ARRAY = + { + Constants.C14N_URI, + Constants.C14N_WITH_COMMENTS_URI, + Constants.EXC_C14N_URI, + Constants.EXC_C14N_WITH_COMMENTS_URI }; + + /** The accepted canonicalization algorithm URIs, as a Set */ + private static final Set ACCEPTED_C14N_ALGORITHMS = + new HashSet(Arrays.asList(ACCEPTED_C14N_ALGORITHMS_ARRAY)); + + /** Default canonicalization algorithm, if none/illegal has been configured */ + private static final String C14N_ALGORITHM_DEFAULT = Constants.C14N_URI; + + /** The accepted digest method algorithm URIs, as an array */ + private static final String[] ACCEPTED_DIGEST_ALGORITHMS_ARRAY = + { Constants.SHA1_URI, + Constants.SHA256_URI, + Constants.SHA384_URI, + Constants.SHA512_URI}; + + /** The accepted digest method algorithm URIs, as a Set */ + private static final Set ACCEPTED_DIGEST_ALGORITHMS = + new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY)); + + + /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.1.1) */ + private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 = Constants.SHA1_URI; + + /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.4.2) */ + private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 = Constants.SHA256_URI; + + /** The root element of the MOA configuration */ + private Element configElem; + + /** + * The directory containing the underlying configuration file. + */ + private File configRoot_; + + /** Whether any warnings were encountered building the configuration. */ + private List warnings = new ArrayList(); + + /** + * Create a new <code>ConfigurationPartsBuilder</code>. + * + * @param configElem The root element of the MOA configuration. + * + * @param configRoot The directory containing the underlying configuration file. + */ + public ConfigurationPartsBuilder(Element configElem, File configRoot) + { + this.configElem = configElem; + configRoot_ = configRoot; + } + + /** + * Returns the root element of the MOA configuration. + * + * @return The root element of the MOA configuration. + */ + public Element getConfigElem() { + return configElem; + } + + /** + * Returns the directory containing the underlying configuration file. + * + * @return the directory containing the underlying configuration file. + */ + public File getConfigRoot() + { + return configRoot_; + } + + /** + * Returns the warnings encountered during building the configuration. + * + * @return A <code>List</code> of <code>String</code>s, containing the + * warning messages. + */ + public List getWarnings() { + return warnings; + } + + /** + * Returns the digest method algorithm name. + * + * @return The digest method algorithm name from the configuration. + */ + public String getDigestMethodAlgorithmName() + { + String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null); + + if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) + { + String xadesVersion = this.getXAdESVersion(); + if (xadesVersion == null) { + info( + "config.23", + new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 }); + digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1; + } + else { + info( + "config.23", + new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 }); + digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2; + } + + + } + + return digestMethod; + } + + /** + * Returns the digest method algorithm name. + * + * @return The digest method algorithm name from the configuration. + */ + public String getXAdESVersion() + { + String xadesVersion = getElementValue(getConfigElem(), XADES_VERSION_XPATH, null); + + return xadesVersion; + } + + /** + * Returns the digest method algorithm name. + * + * @return The digest method algorithm name from the configuration. + */ + public String getPDFASConfiguration() + { + String pdfasConfiguration = getElementValue(getConfigElem(), PDFAS_CONFIGURATION_XPATH, null); + + return pdfasConfiguration; + } + + + /** + * Returns the canonicalization algorithm name. + * + * @return The canonicalization algorithm name from the configuration. + */ + public String getCanonicalizationAlgorithmName() + { + String c14nAlgorithm = getElementValue(getConfigElem(), C14N_ALGORITHM_XPATH, null); + + if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) + { + info( + "config.23", + new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT }); + c14nAlgorithm = C14N_ALGORITHM_DEFAULT; + } + + return c14nAlgorithm; + } + + /** + * Build the configured hardware crypto modules. + * + * @return The hardware crypto modules from the configuration. + */ + public List buildHardwareCryptoModules() + { + List modules = new ArrayList(); + NodeIterator modIter = XPathUtils.selectNodeIterator( + getConfigElem(), + HARDWARE_CRYPTO_MODULE_XPATH); + + Element modElem; + while ((modElem = (Element) modIter.nextNode()) != null) { + String name = getElementValue(modElem, CONF + "Name", null); + String slotId = getElementValue(modElem, CONF + "SlotId", null); + String userPIN = getElementValue(modElem, CONF + "UserPIN", null); + HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN); + modules.add(module); + } + + return modules; + } + + /** + * + * @return + */ + public boolean allowExternalUris() { + Element permitExtUris = (Element)XPathUtils.selectSingleNode(getConfigElem(), PERMIT_EXTERNAL_URIS_XPATH); + + // if PermitExternalUris element does not exist - don't allow external uris + if (permitExtUris == null) { + // set permitExtUris for iaik-moa + ExternalReferenceChecker.setPermitExternalURLs(false); + return false; + } + else { + // set permitExtUris for iaik-moa + ExternalReferenceChecker.setPermitExternalURLs(true); + return true; + } + } + + + /** + * + * @return + */ + public List buildPermitExternalUris() { + + info("config.33", null); + + List blacklist = new ArrayList(); + List blackListIaikMoa = new ArrayList(); + + NodeIterator permitExtIter = XPathUtils.selectNodeIterator( + getConfigElem(), + BLACK_LIST_URIS_XPATH); + + Element permitExtElem = null; + while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) { + String host = getElementValue(permitExtElem, CONF + "IP", null); + String port = getElementValue(permitExtElem, CONF + "Port", null); + + BlackListEntry entry =null; + if (port == null) { + entry = new BlackListEntry(host, -1); + info("config.34", new Object[]{host}); + } + else { + entry = new BlackListEntry(host, new Integer(port).intValue()); + info("config.34", new Object[]{host + ":" + port}); + } + + // add entry to iaik-moa blacklist + blackListIaikMoa.add(entry); + + + String array[] = new String[2]; + array[0] = host; + array[1] = port; + blacklist.add(array); + + } + + + // set blacklist for iaik-moa + ExternalReferenceChecker.setBlacklist(blackListIaikMoa); + + + if(blacklist.isEmpty()) // no blacklisted uris given + info("config.36", null); + + + return blacklist; + } + + /** + * + * @return + */ + public List buildForbidExternalUris() { + + //info("config.47", null); + + List whitelist = new ArrayList(); + List whiteListIaikMoa = new ArrayList(); + + NodeIterator forbidExtIter = XPathUtils.selectNodeIterator( + getConfigElem(), + WHITE_LIST_URIS_XPATH); + + Element permitExtElem = null; + while ((permitExtElem = (Element) forbidExtIter.nextNode()) != null) { + String host = getElementValue(permitExtElem, CONF + "IP", null); + String port = getElementValue(permitExtElem, CONF + "Port", null); + + // WhiteListeEntry + WhiteListEntry entry =null; + if (port == null) { + entry = new WhiteListEntry(host, -1); + info("config.49", new Object[]{host}); + } + else { + entry = new WhiteListEntry(host, new Integer(port).intValue()); + info("config.49", new Object[]{host + ":" + port}); + } + + // add entry to iaik-moa whitelist + whiteListIaikMoa.add(entry); + + + String array[] = new String[2]; + array[0] = host; + array[1] = port; + whitelist.add(array); + + } + + + // set whitelist for iaik-moa + ExternalReferenceChecker.setWhitelist(whiteListIaikMoa); + + + if(whitelist.isEmpty()) // no whitelisted uris given + info("config.48", null); + + + return whitelist; + } + + + + /** + * Build the configured hardware keys. + * + * @param keyModules The keyModules that the configuration already knows about. To + * prevent multiple key modules with the same ID. + * @return The hardware keys contained in the configuration. + */ + public List buildHardwareKeyModules(List keyModules) + { + Set existingIds = toIdSet(keyModules); + List hardwareKeys = new ArrayList(); + NodeIterator hkIter = + XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH); + Element keyElem; + + while ((keyElem = (Element) hkIter.nextNode()) != null) + { + String id = getElementValue(keyElem, CONF + "Id", null); + String name = getElementValue(keyElem, CONF + "Name", null); + String slotId = getElementValue(keyElem, CONF + "SlotId", null); + String userPIN = getElementValue(keyElem, CONF + "UserPIN", null); + + if (existingIds.contains(id)) + { + warn( + "config.04", + new Object[] { "Hardware- oder SoftwareKeyModule", id }); + } + else + { + KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN); + hardwareKeys.add(key); + existingIds.add(id); + } + + } + + return hardwareKeys; + } + + /** + * Build the configured software keys. + * + * @param keyModules The keyModules that the configuration already knows about. To + * prevent multiple key modules with the same ID. + * + * @return The software keys contained in the configuration. + */ + public List buildSoftwareKeyModules(List keyModules) + { + Set existingIds = toIdSet(keyModules); + List softwareKeys = new ArrayList(); + NodeIterator skIter = + XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH); + + Element keyElem; + while ((keyElem = (Element) skIter.nextNode()) != null) + { + String id = getElementValue(keyElem, CONF + "Id", null); + String fileName = getElementValue(keyElem, CONF + "FileName", null); + String passWord = getElementValue(keyElem, CONF + "Password", null); + + if (existingIds.contains(id)) + { + warn( + "config.04", + new Object[] { "Hardware- oder SoftwareKeyModule", id }); + } + else + { + File keyFile; + KeyModule key; + + // make keyFile absolute + keyFile = new File(fileName); + if (!keyFile.isAbsolute()) { + keyFile = new File(configRoot_, fileName); + } + + // check for existence + if (!keyFile.exists() || keyFile.isDirectory()) { + warn("config.25", new Object[] { id, keyFile.getAbsolutePath()}); + } else { + // create a new key module + key = new SoftwareKeyModule(id, keyFile.getAbsolutePath(), passWord); + softwareKeys.add(key); + existingIds.add(id); + } + } + } + + return softwareKeys; + } + + /** + * Build the key group configuration. + * + * @param keyModules The <code>KeyModule</code>s that the configuration + * knows about. Used to check for errors in the configuration. + * @return The mapping between key group IDs and key groups. + */ + public Map buildKeyGroups(List keyModules) + { + Set keyModuleIds = toIdSet(keyModules); + Map keyGroups = new HashMap(); + NodeIterator kgIter; + Element keyGroupElem; + + // select all KeyGroup elements and build the KeyGroup objects from them + kgIter = XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_XPATH); + while ((keyGroupElem = (Element) kgIter.nextNode()) != null) + { + String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null); + String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null); + Set keyGroupEntries = + buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); + KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm); + + if (keyGroups.containsKey(keyGroupId)) + { + warn("config.04", new Object[] { "KeyGroup", keyGroupId }); + } + else + { + keyGroups.put(keyGroup.getId(), keyGroup); + } + } + + return keyGroups; + } + + /** + * Return the set of IDs contained in the given <code>KeyModule</code>s. + * + * @param keyModules The <code>KeyModule</code>s from which to extract the + * IDs. + * @return The IDs from the given <code>KeyModule</code>s. + */ + private Set toIdSet(List keyModules) { + Set ids = new HashSet(); + Iterator iter; + + for (iter = keyModules.iterator(); iter.hasNext();) { + KeyModule keyModule = (KeyModule) iter.next(); + ids.add(keyModule.getId()); + } + + return ids; + } + + /** + * Build the key entries belonging to a key group. + * + * @param keyGroupId The ID of the key group we are building here. Passed + * for logging purposes. + * @param keyModuleIds The IDs of the <code>HardwareKeyModule</code>s and + * <code>SoftwareKeyModule</code>s that exist in the configuration. + * @param keyGroupElem The <code>KeyGroup</code> DOM element to parse. + * @return A <code>Set</code> of <code>KeyGroupEntry</code> objects. + */ + private Set buildKeyGroupEntries( + String keyGroupId, + Set keyModuleIds, + Element keyGroupElem) { + + Set entries = new HashSet(); + NodeIterator keyEntryIter; + Element keyEntryElem; + + // select all Key elements and put them into the Map + keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, CONF + "Key"); + while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) + { + String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", ""); + Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + "KeyCertIssuerSerial"); + IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem); + + if (!keyModuleIds.contains(keyModuleId)) { + warn("config.26", new Object[] { keyGroupId, keyModuleId }); + } else if (issuerSerial != null) { + KeyGroupEntry entry = new KeyGroupEntry(keyModuleId, issuerSerial); + entries.add(entry); + } + } + return entries; + } + + /** + * Build the key group mapping. + * + * @param keyGroups The available key groups. + * @param anonymous The <code>IssuerAndSerial</code> to be used for key group + * mappings not protected by a certificate. + * @return The key group mapping. + */ + public Map buildKeyGroupMappings(Map keyGroups, IssuerAndSerial anonymous) { + Map mappings = new HashMap(); + NodeIterator mappingIter; + Element mappingElem; + + // select all KeyGroupMapping elements + mappingIter = + XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH); + + // build the mapping for each KeyGroupMapping element + while ((mappingElem = (Element) mappingIter.nextNode()) != null) + { + Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + "CustomerId"); + + // build the IssuerAndSerial who has access to the key groups + IssuerAndSerial issuerAndSerial; + if (issuerSerialElem != null) + { + issuerAndSerial = buildIssuerAndSerial(issuerSerialElem); + } + else + { + // IssuerSerial element: the keygroup is generally available + issuerAndSerial = anonymous; + } + + // add the key groups to the mappings + if (issuerAndSerial != null) { + Map groups = (Map) mappings.get(issuerAndSerial); + NodeIterator keyGroupIter; + Element keyGroupElem; + + if (groups == null) + { + // no mapping exist -> build one + groups = new HashMap(); + mappings.put(issuerAndSerial, groups); + } + + // select the available key groups and add them to the mapping + keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId"); + while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) + { + String keyGroupId = getElementValue(keyGroupElem, ".", null); + KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId); + + if (keyGroup != null) + { + groups.put(keyGroupId, keyGroup); + } else + { + warn("config.00", new Object[] { keyGroupId }); + } + } + } + } + + return mappings; + } + + /** + * Returns the default chaining mode from the configuration. + * + * @return The default chaining mode. + */ + public String getDefaultChainingMode() + { + String defaultChaining = getElementValue( + getConfigElem(), + CHAINING_MODES_DEFAULT_XPATH, + CM_PKIX); + + return translateChainingMode(defaultChaining); + + } + + /** + * Build the chaining modes for all configured trust anchors. + * + * @return The mapping from trust anchors to chaining modes. + */ + public Map buildChainingModes() + { + Map chainingModes = new HashMap(); + NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); + + Element trustAnchorElem; + while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) + { + IssuerAndSerial issuerAndSerial = buildIssuerAndSerial( + (Element)XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification")); + String mode = getElementValue(trustAnchorElem, CONF + "Mode", null); + + if (issuerAndSerial != null) + { + chainingModes.put(issuerAndSerial, translateChainingMode(mode)); + } + } + + return chainingModes; + } + + /** + * Build an <code>IssuerAndSerial</code> from the DOM representation. + * + * @param root The root element (being of type <code>dsig: + * X509IssuerSerialType</code>. + * @return The issuer and serial number contained in the <code>root</code> + * element or <code>null</code> if could not be built for any reason. + */ + private IssuerAndSerial buildIssuerAndSerial(Element root) { + String issuer = getElementValue(root, ISSUER_XPATH, null); + String serial = getElementValue(root, SERIAL_XPATH, null); + + if (issuer != null && serial != null) { + try { + RFC2253NameParser nameParser = new RFC2253NameParser(issuer); + Principal issuerDN = nameParser.parse(); + + return new IssuerAndSerial(issuerDN, new BigInteger(serial)); + } catch (RFC2253NameParserException e) { + warn("config.16", new Object[] { issuer, serial }, e); + return null; + } catch (NumberFormatException e) { + warn("config.16", new Object[] { issuer, serial }, e); + return null; + } + } + return null; + } + + /** + * Translate the chaining mode from the configuration file to one used in the + * IAIK MOA API. + * + * @param chainingMode The chaining mode from the configuration. + * @return The chaining mode as provided by the <code>ChainingModes</code> + * interface. + * @see iaik.pki.pathvalidation.ChainingModes + */ + private String translateChainingMode(String chainingMode) { + if (chainingMode.equals(CM_CHAINING)) { + return ChainingModes.CHAIN_MODE; + } else if (chainingMode.equals(CM_PKIX)) { + return ChainingModes.PKIX_MODE; + } else { + return ChainingModes.PKIX_MODE; + } + } + + /** + * Build the distribution points mapping. + * + * @return The mapping from certificate authorities to distribution points. + */ + public Map buildDistributionPoints() + { + Map dPs = new HashMap(); + NodeIterator dPIter; + Element dPElem; + + // select all DistributionPoint elements + dPIter = XPathUtils.selectNodeIterator(getConfigElem(), DISTRIBUTION_POINTS_XPATH); + + // build the mapping of CA name to distribution points + while ((dPElem = (Element) dPIter.nextNode()) != null) { + String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", ""); + RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText); + NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP"); + NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP"); + + try + { + String caIssuerDN = nameParser.parse().getName(); + + // check, if a mapping exists or make a new mapping + Set dPsForCA = (Set) dPs.get(caIssuerDN); + if (dPsForCA == null) + { + dPsForCA = new HashSet(); + dPs.put(caIssuerDN, dPsForCA); + } + + // add the CRL distribution points of this CA to the set + Element cRLDPElem; + while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null) + { + CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, caIssuerDN); + dPsForCA.add(cRLDP); + } + + // add the OCSP distribution points of this CA to the set + Element oCSPPElem; + while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null) + { + OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(oCSPPElem, null); + dPsForCA.add(oCSPDP); + } +} + catch (RFC2253NameParserException e) + { + warn("config.13", new Object[] { caIssuerDNText }, e); + } + + } + + return dPs; + } + + /** + * Build a distribution point from the DOM representation. + * + * @param dpElem The root element of the distribution point. + * + * @param issuerName The name of the CA issuing the CRL referred to by this DP, or <code>null</code> + * if this DP refers to an OCSP responder. + * + * @return The distribution point. + */ + private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName) + { + String uri = getElementValue(dpElem, CONF + "Location", null); + + if ("CRLDP".equals(dpElem.getLocalName())) + { + NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode"); + Element reasonCodeElem; + StringBuffer reasonCodesSB = new StringBuffer(); + while ((reasonCodeElem = (Element)reasonCodesIter.nextNode()) != null) + { + if (reasonCodesSB.length() > 0) reasonCodesSB.append(" "); + reasonCodesSB.append(getElementValue(reasonCodeElem, ".", "").trim()); + } + return new CRLDistributionPoint(issuerName, uri, reasonCodesSB.toString()); + } + else + { + return new OCSPDistributionPoint(uri); + } + } + + /** + * Return the CRL archive duration. + * + * @return The value of the CRL archive duration setting from the configuration, or <code>0</code> if + * no value is set in the configuration. + */ + public int getRevocationArchiveDuration() + { + String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null); + try + { + return Integer.parseInt(archiveDuration); + } + catch (NumberFormatException e) + { + warn("config.01", null); + return 365; + } + } + + /** + * Build the <code>CreateTransformsInfoProfile</code>s. + * + * @return The mapping from profile ID to profile. + */ + public Map buildCreateTransformsInfoProfiles() + { + return loadProfiles(CREATE_TRANSFORMS_INFO_PROFILE_XPATH, "CreateTransformsInfoProfile"); + } + + /** + * Build the <code>CreateSignatureEnvironmentProfile</code>s. + * + * @return The mapping from profile ID to profile. + */ + public Map buildCreateSignatureEnvironmentProfiles() + { + return loadProfiles(CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, "CreateSignatureEnvironmentProfile"); + } + + /** + * Build the <code>VerifyTransformsInfoProfile</code>s. + * + * @return The mapping from profile ID to profile. + */ + public Map buildVerifyTransformsInfoProfiles() + { + return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile"); + } + + /** + * Build the <code>SupplementProfile</code>s. + * + * @return The mapping from profile ID to profile. + */ + public Map buildSupplementProfiles() + { + return loadProfiles(SUPPLEMENT_PROFILE_XPATH, "SupplementProfile"); + } + + /** + * Load a profile mapping. + * + * @param xpath The XPath to select the profiles from the configuration. + * + * @param profileRoot The name of the profile root element. + * + * @return Map The profile ID to profile mapping. + */ + private Map loadProfiles(String xpath, String profileRoot) + { + Map profiles = new HashMap(); + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath); + Element profileElem; + + while ((profileElem = (Element) profileIter.nextNode()) != null) + { + String id = getElementValue(profileElem, CONF + "Id", null); + String fileName = getElementValue(profileElem, CONF + "Location", null); + + if (profiles.containsKey(id)) + { + warn("config.04", new Object[] { profileRoot, id }); + } + else + { + try + { + File profileFile = new File(fileName); + + // make profileFile absolute + if (!profileFile.isAbsolute()) profileFile = new File(configRoot_, fileName); + + // load the profile + info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile()}); + Element profile = loadProfile(profileFile); + + if (Constants.MOA_NS_URI.equals(profile.getNamespaceURI()) && + profile.getLocalName().equals(profileRoot)) + { + profiles.put(id, profile); + } + else + { + warn("config.02", new Object[] { profileRoot, id, fileName }); + } + } catch (ConfigurationException e) { + warn("config.03", new Object[] { profileRoot, id }); + } + } + } + + return profiles; + } + + /** + * Load a profile from a file. + * + * @param root The absolute directory path of the main configuration file. + * @param profileFile The file containing the profile. + * @return The profile in its DOM representation. + * @throws ConfigurationException An error occurred loading the profile. + */ + private Element loadProfile(File profileFile) throws ConfigurationException { + + Element profile; + + try { + profile = parseXml(new FileInputStream(profileFile)); + } catch (Exception e) { + throw new ConfigurationException("config.12", null, e); + } + + return profile; + } + + /** + * Build the trust profile mapping. + * + * @return The profile ID to profile mapping. + */ + public Map buildTrustProfiles(String tslWorkingDir) + { + Map trustProfiles = new HashMap(); + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + Element profileElem; + + while ((profileElem = (Element) profileIter.nextNode()) != null) + { + String id = getElementValue(profileElem, CONF + "Id", null); + String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); + String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); + Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); + boolean tslEnabled = false; + if (eutslElem != null) //EUTSL element found --> TSL enabled + tslEnabled = true; + + String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", null); + + URI trustAnchorsLocURI = null; + try + { + trustAnchorsLocURI = new URI(trustAnchorsLocStr); + if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file + trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); + } + } + catch (URIException e) { + warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); + continue; + } + catch (MalformedURLException e) + { + warn("config.15", new Object[] {id}, e); + continue; + } + + File profileDir = new File(trustAnchorsLocURI.getPath()); + if (!profileDir.exists() || !profileDir.isDirectory()) { + warn("config.27", new Object[] { "uri", id }); + continue; + } + + + + if (trustProfiles.containsKey(id)) { + warn("config.04", new Object[] { "TrustProfile", id }); + continue; + } + + URI signerCertsLocURI = null; + if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) + { + try + { + signerCertsLocURI = new URI(signerCertsLocStr); + if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); + + File signerCertsDir = new File(signerCertsLocURI.getPath()); + if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { + warn("config.27", new Object[] { "signerCertsUri", id }); + continue; + } + } + catch (URIException e) { + warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); + continue; + } + catch (MalformedURLException e) { + warn("config.15", new Object[] {id}, e); + continue; + } + } + + signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; + + TrustProfile profile = null; + + if (tslEnabled) { + // create new trust anchor location (=tslworking trust profile) + File fTslWorkingDir = new File(tslWorkingDir); + File tp = new File(fTslWorkingDir, "trustprofiles"); + if (!tp.exists()) + tp.mkdir(); + if (!tp.isDirectory()) { + error("config.50", new Object[] { tp.getPath() }); + } + + File tpid = new File(tp, id); + if (!tpid.exists()) + tpid.mkdir(); + if (!tpid.isDirectory()) { + error("config.50", new Object[] { tpid.getPath() }); + } + + + // create profile + profile = new TrustProfile(id, tpid.getAbsolutePath(), signerCertsLocStr, tslEnabled, countries); + + // set original uri (save original trust anchor location) + profile.setUriOrig(trustAnchorsLocURI.getPath()); + + // delete files in tslworking trust profile + File[] files = tpid.listFiles(); + for (File file : files) + file.delete(); + + // copy files from trustAnchorsLocURI into tslworking trust profile kopieren + File src = new File(trustAnchorsLocURI.getPath()); + files = src.listFiles(); + for (File file : files) { + FileUtils.copyFile(file, new File(tpid, file.getName())); + } + + + } else { + + profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries); + + } + + trustProfiles.put(id, profile); + + } + + return trustProfiles; + } + + /** + * Build the trust profile mapping. + * + * @return The profile ID to profile mapping. + */ + public Map buildTrustProfiles() + { + Map trustProfiles = new HashMap(); + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + Element profileElem; + + while ((profileElem = (Element) profileIter.nextNode()) != null) + { + String id = getElementValue(profileElem, CONF + "Id", null); + String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); + String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); + + URI trustAnchorsLocURI = null; + try + { + trustAnchorsLocURI = new URI(trustAnchorsLocStr); + if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file + trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); + } + } + catch (URIException e) { + warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); + continue; + } + catch (MalformedURLException e) + { + warn("config.15", new Object[] {id}, e); + continue; + } + + File profileDir = new File(trustAnchorsLocURI.getPath()); + if (!profileDir.exists() || !profileDir.isDirectory()) { + warn("config.27", new Object[] { "uri", id }); + continue; + } + + + + if (trustProfiles.containsKey(id)) { + warn("config.04", new Object[] { "TrustProfile", id }); + continue; + } + + URI signerCertsLocURI = null; + if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) + { + try + { + signerCertsLocURI = new URI(signerCertsLocStr); + if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); + + File signerCertsDir = new File(signerCertsLocURI.getPath()); + if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { + warn("config.27", new Object[] { "signerCertsUri", id }); + continue; + } + } + catch (URIException e) { + warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); + continue; + } + catch (MalformedURLException e) { + warn("config.15", new Object[] {id}, e); + continue; + } + } + + signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; + + TrustProfile profile = null; + + profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null); + + trustProfiles.put(id, profile); + + } + + return trustProfiles; + } + + /** + * checks if a trustprofile with TSL support is enabled + * + * @return true if TSL support is enabled in at least one trustprofile, else false + */ + public boolean checkTrustProfilesTSLenabled() + { + NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + Element profileElem; + + boolean tslSupportEnabled = false; + while ((profileElem = (Element) profileIter.nextNode()) != null) { + Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); + if (eutslElem != null) //EUTSL element found --> TSL enabled + tslSupportEnabled = true; + } + + return tslSupportEnabled; + } + + /** + * Returns the location of the certificate store. + * + * @return the location of the certificate store. + */ + public String getCertStoreLocation() + { + String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null); + File certStoreLocFile; + + // No value specified in configuration file: Set it to a reasonable (absolute) default + if (certStoreLocStr == null) + return new File(configRoot_, "certstore").getAbsolutePath(); + + // Make cert store location an absolute value + certStoreLocFile = new File(certStoreLocStr); + if (!certStoreLocFile.isAbsolute()) + { + certStoreLocFile = new File(configRoot_, certStoreLocStr); + } + + // Check if cert store location exists, eventually try to create it + if (!certStoreLocFile.isDirectory()) + { + boolean created = false; + try + { + created = certStoreLocFile.mkdirs(); + } + finally + { + if (!created) + { + warn("config.32", new Object[] { certStoreLocFile.getAbsolutePath() }); + } + } + } + + return certStoreLocFile.getAbsolutePath(); + } + + // + // various utility methods + // + + /** + * Parse a configuration XML file. + * + * @param inputStream The stream from which to read the XML data. + * @return The DOM representation of the XML data. + * @throws ParserConfigurationException XML parser not configured properly. + * @throws SAXException An error parsing the XML file. + * @throws IOException An error reading the stream. + */ + private static Element parseXml(InputStream inputStream) + throws ParserConfigurationException, SAXException, IOException { + return DOMUtils + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) + .getDocumentElement(); + } + + /** + * Return the value of an element located by an XPath. + * + * @param root The root element from which to evaluate the <code>xpath</code>. + * @param xpath The XPath pointing to the element. + * @param def The default value, if no element can be found with the given + * <code>xpath</code>. + * @return The element value or <code>def</code>, if the element cannot be + * found. + */ + private String getElementValue(Element root, String xpath, String def) { + + Element elem = (Element) XPathUtils.selectSingleNode(root, xpath); + return elem != null ? DOMUtils.getText(elem) : def; + } + + /** + * Return the value of an attribute located by an XPath. + * + * @param root The root element from which to evaluate the <code>xpath</code>. + * @param xpath The XPath pointing to the attribute. + * @param def The default value, if no attribute can be found with the given + * <code>xpath</code>. + * @return The element value or <code>def</code>, if the attribute cannot be + * found. + */ + private String getAttributeValue(Element root, String xpath, String def) { + Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath); + return attr != null ? attr.getValue() : def; + } + + /** + * Log an info message. + * + * @param messageId The message ID. + * @param parameters Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private static void info(String messageId, Object[] parameters) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); + } + + /** + * Log a warning. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void warn(String messageId, Object[] args) { + MessageProvider msg = MessageProvider.getInstance(); + String txt = msg.getMessage(messageId, args); + + Logger.warn(new LogMsg(txt)); + warnings.add(txt); + } + + /** + * Log a warning. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void debug(String messageId, Object[] args) { + MessageProvider msg = MessageProvider.getInstance(); + String txt = msg.getMessage(messageId, args); + + Logger.debug(new LogMsg(txt)); + + } + + + /** + * Log a debug message. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void debug(String message) { + Logger.debug(new LogMsg(message)); + + } + + /** + * Log a warning. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @param t An exception being the cause of the warning. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void warn(String messageId, Object[] args, Throwable t) { + MessageProvider msg = MessageProvider.getInstance(); + String txt = msg.getMessage(messageId, args); + + Logger.warn(new LogMsg(txt), t); + warnings.add(txt); + } + + /** + * Log an error. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void error(String messageId, Object[] args) { + MessageProvider msg = MessageProvider.getInstance(); + String txt = msg.getMessage(messageId, args); + + Logger.error(new LogMsg(txt)); + warnings.add(txt); + } + + /** + * Log an error. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @param t An exception being the cause of the warning. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void error(String messageId, Object[] args, Throwable t) { + MessageProvider msg = MessageProvider.getInstance(); + String txt = msg.getMessage(messageId, args); + + Logger.error(new LogMsg(txt), t); + warnings.add(txt); + } + + /** + * Returns whether revocation information should be archived. + * + * @return whether revocation information should be archived. + */ + public boolean getEnableRevocationArchiving() + { + String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null); + return Boolean.valueOf(enableArchiving).booleanValue(); + } + + /** + * Returns the JDBC URL for the revocation archive database. + * + * @return the JDBC URL for the revocation archive database, or <code>null</code, if the corresponding + * parameter is not set in the configuration. + */ + public String getRevocationArchiveJDBCURL() + { + String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null); + return jDBCURL; + } + + /** + * Returns the JDBC driver class name for the revocation archive database. + * + * @return the JDBC driver class name for the revocation archive database, or <code>null</code, + * if the corresponding parameter is not set in the configuration. + */ + public String getRevocationArchiveJDBCDriverClass() + { + String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null); + return jDBCDriverClass; + } + + /** + * Returns whether revocation information should be archived. + */ + public boolean getEnableRevocationChecking() + { + String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null); + return Boolean.valueOf(enableChecking).booleanValue(); + } + + /** + * Returns the maximum age of a revocation information for considering it + * still as valid. + * + * @return the maximum age of a revocation information for considering it + * still as valid. + */ + public long getMaxRevocationAge() + { + String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null); + if (maxRevocationAge == null) return 0; + return Long.valueOf(maxRevocationAge).longValue(); + } + + /** + * Returns the service order for revocation checking. + * + * @return the service order for revocation checking. Valid array entries are + * {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. + * An empty array will be returned if no service order is specified in the + * configuration. + */ + public String[] getServiceOrder() + { + ArrayList list = new ArrayList(); + NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), REVOCATION_SERVICEORDER_XPATH_); + Element currentServiceNode; + while ((currentServiceNode = (Element)serviceIter.nextNode()) != null) + { + list.add(getElementValue(currentServiceNode, ".", null)); + } + Object[] serviceOrder = list.toArray(); + String[] returnValue = new String[serviceOrder.length]; + for (int i = 0; i < serviceOrder.length; i++) + { + if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.CRL)) { + returnValue[i] = RevocationSourceTypes.CRL; + } else if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.OCSP)) { + returnValue[i] = RevocationSourceTypes.OCSP; + } + + } + return returnValue; + } + + /** + * Returns whether the certificate extension Authority Info Access should + * be used during certificate path construction. + * + * @return whether the certificate extension Authority Info Access should + * be used during certificate path construction. + */ + public boolean getUseAuthorityInfoAccess() + { + String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null); + return Boolean.valueOf(useAIA).booleanValue(); + } + + /** + * Returns whether certificates found during certificate path construction + * should be added to the certificate store. + * + * @return whether certificates found during certificate path construction + * should be added to the certificate store. + */ + public boolean getAutoAddCertificates() + { + String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); + return Boolean.valueOf(autoAdd).booleanValue(); + } + + /** + * Returns whether file URIs are permitted + * @return whether file URIs are permitted + */ + public boolean getPermitFileURIs() + { + String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false"); + return Boolean.valueOf(permitFileURIs).booleanValue(); + } + + /** + * Returns the TSL configuration from the config file + * @return + */ + public TSLConfiguration getTSLConfiguration() { + TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl(); + + + String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null); + if (StringUtils.isEmpty(euTSLUrl)) { + euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL; + debug("config.39", new Object[] { "EUTSL", euTSLUrl }); + } + + String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null); + + if (StringUtils.isEmpty(updateSchedulePeriod)) { + updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD; + debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod }); + } + + String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "StartTime", null); + if (StringUtils.isEmpty(updateScheduleStartTime)) { + updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME; + debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime }); + + } + + String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "WorkingDirectory", null); + if (StringUtils.isEmpty(workingDirectoryStr)) { + workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; + debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + } + + // convert update schedule starting time to Date object + Calendar Cal = DatatypeConverter.parseDateTime(updateScheduleStartTime); + Date updateScheduleStartTimeDate = Cal.getTime(); + + // convert working directory + URI workingDirectoryURI = null; + try + { + workingDirectoryURI = new URI(workingDirectoryStr); + if (!workingDirectoryURI.isAbsolute()) { // make it absolute to the config file + workingDirectoryURI = new URI(configRoot_.toURL() + workingDirectoryStr); + } + } + catch (URIException e) { + warn("config.37", new Object[] { workingDirectoryStr }, e); + workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; + warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + } + catch (MalformedURLException e) + { + warn("config.37", new Object[] { workingDirectoryStr }, e); + workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; + warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + } + + File tslWorkingDir = new File(workingDirectoryURI.getPath()); + if (!tslWorkingDir.exists()) { + tslWorkingDir.mkdir(); + } + if (!tslWorkingDir.isDirectory()) { + error("config.38", new Object[] { workingDirectoryStr }); + return null; + } + + + debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl); + debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod); + debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime); + debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath()); + + + // set TSL configuration + tslconfiguration.setEuTSLUrl(euTSLUrl); + tslconfiguration.setUpdateSchedulePeriod(Long.valueOf(updateSchedulePeriod).longValue()); + tslconfiguration.setUpdateScheduleStartTime(updateScheduleStartTimeDate); + tslconfiguration.setWorkingDirectory(tslWorkingDir.getAbsolutePath()); + tslconfiguration.setWorkingDirectoryURI(workingDirectoryURI); + + return tslconfiguration; + } + + /** + * Returns a map of CRL retention intervals + * @return + */ + public Map getCrlRetentionIntervals() { + Map map = new HashMap(); + NodeIterator modIter = XPathUtils.selectNodeIterator( + getConfigElem(), + CRL_RETENTION_INTERVALS_CA_XPATH); + + Element modElem; + while ((modElem = (Element) modIter.nextNode()) != null) { + String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null); + String i = getElementValue(modElem, CONF + "Interval", null); + Integer interval = new Integer(i); + try { + RFC2253NameParser parser = new RFC2253NameParser(x509IssuerName); + Name name = parser.parse(); + map.put(name.getRFC2253String(), interval); + } catch (RFC2253NameParserException e) { + map.put(x509IssuerName, interval); + } + + } + + return map; + } + + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java new file mode 100644 index 0000000..6c1a192 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -0,0 +1,975 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +import iaik.asn1.structures.Name; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.net.URL; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * A class providing access to the MOA configuration data. + * + * <p>Configuration data is read from an XML file, whose location is given by + * the <code>moa.spss.server.configuration</code> system property.</p> + * <p>This class implements the Singleton pattern. The <code>reload()</code> + * method can be used to update the configuration data. Therefore, it is not + * guaranteed that consecutive calls to <code>getInstance()</code> will return + * the same <code>ConfigurationProvider</code> all the time. During the + * processing of a web service request, the current + * <code>TransactionContext</code> should be used to obtain the + * <code>ConfigurationProvider</code> local to that request.</p> + * + * @author Patrick Peck + * @author Sven Aigner + * @version $Id$ + */ +public class ConfigurationProvider +{ + /** + * The name of the system property which contains the file name of the + * configuration file. + */ + public static final String CONFIG_PROPERTY_NAME = + "moa.spss.server.configuration"; + + /** + * A fake <code>IssuerAndSerial</code> object for storing KeyGroup information + * accessible by all clients. + */ + private static final IssuerAndSerial ANONYMOUS_ISSUER_SERIAL = + new IssuerAndSerial(new Name(), new BigInteger("0")); + + /** Singleton instance. <code>null</code>, if none has been created. */ + private static ConfigurationProvider instance; + + // + // configuration data + // + + /** The warnings generated when building the configuration. */ + private List warnings = new ArrayList(); + + /** The default digest method algorithm name */ + private String digestMethodAlgorithmName; + + /** The default canonicalization algorithm name */ + private String canonicalizationAlgorithmName; + + /** The XAdES version used for signature creation */ + private String xadesVersion; + + /** PDF AS Configuration */ + private String pdfAsConfiguration; + + /** + * A <code>List</code> of <code>HardwareCryptoModule</code> objects for + * configuring hardware modules. + */ + private List hardwareCryptoModules; + + /** + * A <code>List</code> of <code>HardwareKey</code> objects containing the + * configuration data for hardware keys. + */ + private List hardwareKeyModules; + + /** + * A <code>List</code> of <code>SoftwareKey</code> objects containing the + * configuration data for software keys. + */ + private List softwareKeyModules; + + /** + * A <code>Map</code> which contains a KeyGroupId (a <code>String</code>) to + * KeyGroup mapping. + */ + private Map keyGroups; + + /** + * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to + * <code>KeyGroup</code> mapping. + */ + private Map keyGroupMappings; + + /** The default chaining mode. */ + private String defaultChainingMode; + + /** + * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to + * chaining mode (a <code>String</code>) mapping. + */ + private Map chainingModes; + + /** + * A <code>Map</code> which contains the CAIssuerDN (a <code>String</code>) + * to distribution points (a <code>Set</code> of + * <code>DistributionPoint</code>s) mapping. + */ + + private Map distributionPoints; + /** + * The CRL archive duration. + */ + private int cRLArchiveDuration; + + /** + * Indicates whether revocation information should be archived. + */ + private boolean enableRevocationArchiving_; + + /** + * The location of the certificate store. + */ + private String certStoreLocation_; + + /** + * A <code>Map</code> which contains a mapping from + * CreateSignatureEnvironmentProfile Ids (<code>String</code>) to + * CreateSignatureEnvironmentProfile elements (an <code>Element</code>). + */ + private Map createSignatureEnvironmentProfiles; + + /** + * A <code>Map</code> which contains a mapping from + * CreateTransformsInfoProfile Ids (<code>String</code>) to + * CreateTransformsInfoProfile elements (an <code>Element</code>). + */ + private Map createTransformsInfoProfiles; + + /** + * A <code>Map</code> which contains a mapping from + * VerifyTransformsInfoProfile Ids (<code>String</code>) to + * VerifyTransformsInfoProfile elements (an <code>Element</code>). + */ + private Map verifyTransformsInfoProfiles; + + /** + * A <code>Map</code> which contains a mapping from + * SupplementProfile Ids (<code>String</code>) to SupplementProfile elements + * (an <code>Element</code>). + */ + private Map supplementProfiles; + + /** + * A <code>Map</code> which contains a TrustProfile Id (a <code>String</code> + * to trust profile (a <code>TrustProfile</code>) mapping. + */ + private Map trustProfiles; + + /** + * The JDBC URL for the revocation archive database. + */ + private String revocationArchiveJDBCURL_; + + /** + * The JDBC driver class name for the revocation archive database. + */ + private String revocationArchiveJDBCDriverClass_; + + /** + * Indicates whether revocation checking should be done. + */ + private boolean enableRevocationChecking_; + + /** + * The maximum age of a revocation information for considering it still as valid. + */ + private long maxRevocationAge_; + + /** + * The service order for revocation checking. + */ + private String[] serviceOrder_; + + /** + * Indicates whether certificates found during certificate path construction + * should be added to the certificate store. + */ + private boolean autoAddCertificates_; + + /** + * Indicates whether the certificate extension Authority Info Access should + * be used during certificate path construction. + */ + private boolean useAuthorityInfoAccess_; + /** + * Indicates whether file URIs are allowed or not + */ + private boolean permitFileURIs; + + /** + * Indicates the CRL retention intervals + */ + private Map crlRetentionIntervals; + + /** + * Indicates wether external URIs are allowed or not + */ + private boolean allowExternalUris_; + + /** + * A <code>List</code> of black listed URIs (host and port) + */ + private List blackListedUris_; + + /** + * A <code>List</code> of white listed URIs (host and port) + */ + private List whiteListedUris_; + + /** + * A <code>TSLConfiguration</code> that represents the global TSL configuration + */ + private TSLConfiguration tslconfiguration_; + + + /** + * Return the single instance of configuration data. + * + * @return MOAConfigurationProvider The current configuration data. + * @throws ConfigurationException Failure to load the configuration data. + */ + public static synchronized ConfigurationProvider getInstance() + throws ConfigurationException { + + if (instance == null) { + reload(); + } + return instance; + } + + /** + * Reload the configuration data and set it if successful. + * + * @return MOAConfigurationProvider The loaded configuration data. + * @throws ConfigurationException Failure to load the configuration data. + */ + public static synchronized ConfigurationProvider reload() + throws ConfigurationException { + String fileName = System.getProperty(CONFIG_PROPERTY_NAME); + + if (fileName == null) { + // find out where we are running and use the configuration provided + // under WEB-INF/conf/moa-spss/MOA-SPSSConfiguration + URL url = ConfigurationProvider.class.getResource("/"); + fileName = + new File(url.getPath()).getParent() + + "/conf/moa-spss/MOA-SPSSConfiguration.xml"; + info("config.05", new Object[] { CONFIG_PROPERTY_NAME }); + } + + instance = new ConfigurationProvider(fileName); + return instance; + } + + /** + * Constructor for ConfigurationProvider. + * + * @param fileName The name of the configuration file. + * @throws ConfigurationException An error occurred loading the configuration. + */ + public ConfigurationProvider(String fileName) throws ConfigurationException { + load(fileName); + } + + /** + * Load the configuration data from XML file with the given name and build + * the internal data structures representing the MOA configuration. + * + * @param fileName The name of the XML file to load. + * @throws ConfigurationException The MOA configuration could not be + * read/built. + */ + private void load(String fileName) throws ConfigurationException { + FileInputStream stream = null; + File configFile; + File configRoot; + Element configElem; + ConfigurationPartsBuilder builder; + List allKeyModules; + + + // load the main config file + try { + configFile = new File(fileName); + configRoot = new File(configFile.getParent()); + info("config.21", new Object[] { configFile.getAbsoluteFile()}); + stream = new FileInputStream(fileName); + configElem = DOMUtils.parseXmlValidating(new FileInputStream(fileName)); + } catch (Throwable t) { + throw new ConfigurationException("config.10", null, t); + } + + // build the internal datastructures + try { + builder = new ConfigurationPartsBuilder(configElem, configRoot); + + if (builder.checkTrustProfilesTSLenabled()) { + debug("TSL support enabled for at least one trustprofile."); + tslconfiguration_ = builder.getTSLConfiguration(); + trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + } + else { + tslconfiguration_ = null; + trustProfiles = builder.buildTrustProfiles(); + } + + digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName(); + canonicalizationAlgorithmName = + builder.getCanonicalizationAlgorithmName(); + hardwareCryptoModules = builder.buildHardwareCryptoModules(); + hardwareKeyModules = + builder.buildHardwareKeyModules(Collections.EMPTY_LIST); + softwareKeyModules = + builder.buildSoftwareKeyModules(hardwareKeyModules); + allKeyModules = new ArrayList(hardwareKeyModules); + allKeyModules.addAll(softwareKeyModules); + keyGroups = builder.buildKeyGroups(allKeyModules); + keyGroupMappings = + builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); + + pdfAsConfiguration = builder.getPDFASConfiguration(); + xadesVersion = builder.getXAdESVersion(); + defaultChainingMode = builder.getDefaultChainingMode(); + chainingModes = builder.buildChainingModes(); + useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess(); + autoAddCertificates_ = builder.getAutoAddCertificates(); + //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + + + distributionPoints = builder.buildDistributionPoints(); + enableRevocationChecking_ = builder.getEnableRevocationChecking(); + maxRevocationAge_ = builder.getMaxRevocationAge(); + serviceOrder_ = builder.getServiceOrder(); + enableRevocationArchiving_ = builder.getEnableRevocationArchiving(); + cRLArchiveDuration = builder.getRevocationArchiveDuration(); + revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL(); + revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass(); + + + + //check TSL configuration + checkTSLConfiguration(); + + + + certStoreLocation_ = builder.getCertStoreLocation(); + createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles(); + createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles(); + verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles(); + supplementProfiles = builder.buildSupplementProfiles(); + warnings = new ArrayList(builder.getWarnings()); + permitFileURIs = builder.getPermitFileURIs(); + crlRetentionIntervals = builder.getCrlRetentionIntervals(); + + allowExternalUris_= builder.allowExternalUris(); + + if (allowExternalUris_) { + blackListedUris_ = builder.buildPermitExternalUris(); + whiteListedUris_ = null; + } + else { + info("config.35", null); + blackListedUris_ = null; + whiteListedUris_ = builder.buildForbidExternalUris(); + } + + + +// Set set = crlRetentionIntervals.entrySet(); +// Iterator i = set.iterator(); +// while(i.hasNext()){ +// Map.Entry me = (Map.Entry)i.next(); +// System.out.println("Key: " + me.getKey() + " - Value: " + me.getValue() ); +// } + + + } catch (Throwable t) { + throw new ConfigurationException("config.11", null, t); + } finally { + try { + if (stream != null) { + stream.close(); + } + } catch (IOException e) { + // don't complain about this + } + } + } + + private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException { + boolean bTSLEnabledTPExist = false; + Iterator it = trustProfiles.entrySet().iterator(); + while (it.hasNext()) { + Map.Entry pairs = (Map.Entry)it.next(); + TrustProfile tp = (TrustProfile) pairs.getValue(); + if (tp.isTSLEnabled()) + bTSLEnabledTPExist = bTSLEnabledTPExist || true; + } + + return bTSLEnabledTPExist; + + } + + private void checkTSLConfiguration() throws ConfigurationException { + boolean bTSLEnabledTPExist = false; + Iterator it = trustProfiles.entrySet().iterator(); + while (it.hasNext()) { + Map.Entry pairs = (Map.Entry)it.next(); + TrustProfile tp = (TrustProfile) pairs.getValue(); + if (tp.isTSLEnabled()) + bTSLEnabledTPExist = bTSLEnabledTPExist || true; + } + + if (!bTSLEnabledTPExist) { + // if no trustprofile has TSL support enabled, delete TSL configuration + tslconfiguration_ = null; + return; + } + + if (bTSLEnabledTPExist && (tslconfiguration_ == null)) { + error("config.40", null); + throw new ConfigurationException("config.40", null); + } + + File workingDir = new File(tslconfiguration_.getWorkingDirectory()); + File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu"); + if (!eu_trust.exists()) { + error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); + throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); + } + else { + File[] eutrustFiles = eu_trust.listFiles(); + if (eutrustFiles == null) { + error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + } + else { + if (eutrustFiles.length == 0) { + error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); + } + } + + } + + File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache"); + if (!hashcache.exists()) { + hashcache.mkdir(); + } + if (!hashcache.isDirectory()) { + error("config.38", new Object[] { hashcache.getAbsolutePath() }); + return; + } + + System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath()); +// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR"); +// System.out.println("Hashcache: " + hashcachedir); + + + Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath()); + + + } + + + /** + * Returns the warnings encountered during building the configuration. + * + * @return A <code>List</code> of <code>String</code>s, containing the + * warning messages. + */ + public List getWarnings() { + return warnings; + } + + /** + * Return the name of the digest algorithm used during signature creation. + * + * @return The digest method algorithm name, or an empty <code>String</code>, + * if none has been configured. + */ + public String getDigestMethodAlgorithmName() { + return digestMethodAlgorithmName; + } + + /** + * Return the XAdES version used for signature creation. + * + * @return The XAdES version used for signature creation, or an empty <code>String</code>, + * if none has been configured. + */ + public String getXAdESVersion() { + return xadesVersion; + } + + public String getPDFASConfiguration() { + return pdfAsConfiguration; + } + + public boolean getAllowExternalUris() { + return this.allowExternalUris_; + } + + public List getBlackListedUris() { + return this.blackListedUris_; + } + public List getWhiteListedUris() { + return this.whiteListedUris_; + } + + /** + * Return the name of the canonicalization algorithm used during signature + * creation. + * + * @return The canonicalization algorithm name, or an empty + * <code>String</code> if none has been configured. + */ + public String getCanonicalizationAlgorithmName() { + return canonicalizationAlgorithmName; + } + + /** + * Return the configured hardware crypto modules. + * + * @return A <code>List</code> of <code>HardwareCryptoModule</code> objects + * containing the hardware crypto module configurations. + */ + public List getHardwareCryptoModules() { + return hardwareCryptoModules; + } + + /** + * Return the hardware key modules configuration. + * + * @return A <code>List</code> of <code>HardwareKeyModule</code> objects + * containing the configuration of the hardware key modules. + */ + public List getHardwareKeyModules() { + return hardwareKeyModules; + } + + /** + * Return the software key module configuration. + * + * @return A <code>List</code> of <code>SoftwareKeyModule</code> objects + * containing the configuration of the software key modules. + */ + public List getSoftwareKeyModules() { + return softwareKeyModules; + } + + /** + * Return the key group mapping. + * + * @return A mapping from key group ID (a <code>String</code>) to + * <code>KeyGroup</code> mapping. + */ + public Map getKeyGroups() { + return keyGroups; + } + + public KeyGroup getKeyGroup(String keyGroupId) { + KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId); + return keyGroup; + } + + /** + * Return the set of <code>KeyGroupEntry</code>s of a given key group, which a + * client (identified by an issuer/serial pair) may access. + * + * @param issuer The issuer of the client certificate. + * @param serial The serial number of the client certificate. + * @param keyGroupId The ID of the key group. + * @return A <code>Set</code> of all the <code>KeyGroupEntry</code>s in the + * given key group, if the user may access them. Returns <code>null</code>, if + * the user may not access the given key group or if the key group does not + * exist. + */ + public Set getKeyGroupEntries( + Principal issuer, + BigInteger serial, + String keyGroupId) { + + IssuerAndSerial issuerAndSerial; + Map mapping; + + if (issuer == null && serial == null) { + issuerAndSerial = ANONYMOUS_ISSUER_SERIAL; + } else { + issuerAndSerial = new IssuerAndSerial(issuer, serial); + } + +// System.out.println("Issuer: " + issuer); +// System.out.println("serial: " + serial); +// +// Iterator entries = keyGroupMappings.entrySet().iterator(); +// while (entries.hasNext()) { +// Entry thisEntry = (Entry) entries.next(); +// System.out.println("Entry: " + thisEntry.getKey()); +// System.out.println("Value: " + thisEntry.getValue()); +// } + + mapping = (Map) keyGroupMappings.get(issuerAndSerial); + if (mapping != null) { + KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); + + if (keyGroup != null) { + return keyGroup.getKeyGroupEntries(); + } + } + + // If no key group is available for a client identified by a certificate, + // try to find a key group in the anonymous key group mapping + if (issuer != null || serial != null) + { + mapping = (Map) keyGroupMappings.get(ANONYMOUS_ISSUER_SERIAL); + if (mapping != null) + { + KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); + if (keyGroup != null) return keyGroup.getKeyGroupEntries(); + } + } + + return null; + } + + /** + * Return the chaining mode for a given trust anchor. + * + * @param trustAnchor The trust anchor for which the chaining mode should be + * returned. + * @return The chaining mode for the given trust anchor. If the trust anchor + * has not been configured separately, the system default will be returned. + */ + public String getChainingMode(X509Certificate trustAnchor) { + Principal issuer = trustAnchor.getIssuerDN(); + BigInteger serial = trustAnchor.getSerialNumber(); + IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); + + String mode = (String) chainingModes.get(issuerAndSerial); + return mode != null ? mode : defaultChainingMode; + } + + /** + * Return the distribution points for a given CA. + * + * @param cert The certificate for which the distribution points should be + * looked up. The issuer information is used to perform the lookup. + * + * @return A <code>Set</code> of <code>DistributionPoint</code> objects. The + * set will be empty, if no distribution points have been configured + * for this certificate. + */ + public Set getDistributionPoints(X509Certificate cert) + { + try { + RFC2253NameParser nameParser = + new RFC2253NameParser(cert.getIssuerDN().toString()); + String caIssuerDN = nameParser.parse().getName(); + Set dps = (Set) distributionPoints.get(caIssuerDN); + + if (dps == null) { + return Collections.EMPTY_SET; + } + return dps; + } catch (RFC2253NameParserException e) { + return Collections.EMPTY_SET; + } + } + + /** + * Return the CRL archive duration. + * + * @return The duration of how long to keep CRL archive entries (measured in + * days). + */ + public int getCRLArchiveDuration() { + return cRLArchiveDuration; + } + + /** + * Returns whether revocation information should be archived. + * + * @return whether revocation information should be archived. + */ + public boolean getEnableRevocationArchiving() + { + return enableRevocationArchiving_; + } + + /** + * Returns the location of the certificate store. + * + * @return the location of the certificate store. + */ + public String getCertStoreLocation() + { + return certStoreLocation_; + } + + /** + * Return a <code>CreateTransformsInfoProfile</code> with the given ID. + * + * @param id The <code>CreateTransformsInfoProfile</code> ID. + * @return The <code>CreateTransformsInfoProfile</code> with the given + * ID or <code>null</code>, if none exists. + */ + public Element getCreateTransformsInfoProfile(String id) { + return (Element) createTransformsInfoProfiles.get(id); + } + + /** + * Return a <code>CreateSignatureEnvironmentProfile</code> with the given ID. + * + * @param id The <code>CreateSignatureEnvironmentProfile</code> ID. + * @return The <code>CreateSignatureEnvironmentProfile</code> with the given + * ID or <code>null</code>, if none exists. + */ + public Element getCreateSignatureEnvironmentProfile(String id) { + return (Element) createSignatureEnvironmentProfiles.get(id); + } + + /** + * Return a <code>VerifyTransformsInfoProfile</code> with the given ID. + * + * @param id The <code>VerifyTransformsInfoProfile</code> ID. + * @return The <code>VerifyTransformsInfoProfile</code> with the given ID or + * <code>null</code>, if none exists. + */ + public Element getVerifyTransformsInfoProfile(String id) { + return (Element) verifyTransformsInfoProfiles.get(id); + } + + /** + * Return a <code>SupplementProfile</code> with the given ID. + * + * @param id The <code>SupplementProfile</code> ID. + * @return The <code>SupplementProfile</code> with the given ID or + * <code>null</code>, if none exists. + */ + public Element getSupplementProfile(String id) { + return (Element) supplementProfiles.get(id); + } + + /** + * Return a <code>TrustProfile</code> with the given ID. + * + * @param id The <code>TrustProfile</code> ID. + * @return The <code>TrustProfile</code> with the given ID or + * <code>null</code>, if none exists. + */ + public TrustProfile getTrustProfile(String id) { + return (TrustProfile) trustProfiles.get(id); + } + + /** + * Returns a map of <code>TrustProfiles</code> + * @return + */ + public Map getTrustProfiles() { + return trustProfiles; + } + + /** + * Log a warning. + * + * @param messageId The message ID. + * @param parameters Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private static void info(String messageId, Object[] parameters) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); + } + + /** + * Log a debug message. + * + * @param messageId The message ID. + * @param parameters Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private static void debug(String message) { + Logger.debug(message); + } + + /** + * Log a warning. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void warn(String messageId, Object[] args) { + MessageProvider msg = MessageProvider.getInstance(); + String txt = msg.getMessage(messageId, args); + + Logger.warn(new LogMsg(txt)); + warnings.add(txt); + } + + /** + * Log an error. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void error(String messageId, Object[] args) { + MessageProvider msg = MessageProvider.getInstance(); + String txt = msg.getMessage(messageId, args); + + Logger.warn(new LogMsg(txt)); +// warnings.add(txt); + } + + /** + * Returns the JDBC URL for the revocation archive database. + * + * @return the JDBC URL for the revocation archive database. + */ + public String getRevocationArchiveJDBCURL() + { + return revocationArchiveJDBCURL_; + } + + /** + * Returns the JDBC driver class name for the revocation archive database. + * + * @return the JDBC driver class name for the revocation archive database. + */ + public String getRevocationArchiveJDBCDriverClass() + { + return revocationArchiveJDBCDriverClass_; + } + + /** + * Returns whether revocation checking should be done. + * + * @return whether revocation checking should be done. + */ + public boolean getEnableRevocationChecking() + { + return enableRevocationChecking_; + } + + /** + * Returns the maximum age of a revocation information for considering it + * still as valid. + * + * @return the maximum age of a revocation information for considering it + * still as valid. + */ + public long getMaxRevocationAge() + { + return maxRevocationAge_; + } + + /** + * Returns the service order for revocation checking. + * + * @return the service order for revocation checking. Valid array entries are + * {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. + */ + public String[] getServiceOrder() + { + return serviceOrder_; + } + + /** + * Returns whether certificates found during certificate path construction + * should be added to the certificate store. + * + * @return whether certificates found during certificate path construction + * should be added to the certificate store. + */ + public boolean getAutoAddCertificates() + { + return autoAddCertificates_; + } + + /** + * Returns whether the certificate extension Authority Info Access should + * be used during certificate path construction. + * + * @return whether the certificate extension Authority Info Access should + * be used during certificate path construction. + */ + public boolean getUseAuthorityInfoAccess() + { + return useAuthorityInfoAccess_; + } + + /** + * Returns whether the file URIs are permitted or not + * @return whether the file URIs are permitted or not + */ + public boolean getPermitFileURIs() + { + return permitFileURIs; + } + + /** + * Returns the map of retention intervals + * @return The map of retention intervals + */ + public Map getCrlRetentionIntervals() { + return crlRetentionIntervals; + } + + /** + * Returns the global TSL configuration + * @return The global TSL configuration + */ + public TSLConfiguration getTSLConfiguration() { + return tslconfiguration_; + } + +}
\ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java new file mode 100644 index 0000000..a2e5b93 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java @@ -0,0 +1,62 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +/** + * Abstract base class for distribution points. + * + * @author Gregor Karlinger + * @version $Id$ + * */ +public abstract class DistributionPoint implements iaik.pki.revocation.DistributionPoint +{ + /** + * The distribution point URI. + */ + private String uri_; + + /** + * Create a <code>DistributionPoint</code> with a URI. + * + * @param uri The URI of the distribution point. + */ + public DistributionPoint(String uri) + { + uri_ = uri; + } + + /** + * @see iaik.pki.revocation.DistributionPoint#getType() + */ + public abstract String getType(); + + /** + * @see iaik.pki.revocation.DistributionPoint#getUri() + */ + public String getUri() + { + return uri_; + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java new file mode 100644 index 0000000..c0487f6 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java @@ -0,0 +1,84 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +/** + * Contains configuration data for a hardware crypto module. + * + * @author Patrick Peck + * @version $Id$ + */ +public class HardwareCryptoModule { + /** The name of the module. */ + private String name; + /** The slod ID of the module. */ + private String slotID; + /** The user PIN of the module. */ + private String userPIN; + + /** + * Create a new <code>HardwareCryptoModule</code>. + * + * @param name The name of this <code>HardwareCryptoModule</code>. + * @param slotID The slot ID of this <code>HardwareCryptoModule</code>. + * @param userPIN The user PIN to access this + * <code>HardwareCryptoModule</code>. + */ + public HardwareCryptoModule(String name, String slotID, String userPIN) { + this.name = name; + this.slotID = slotID; + this.userPIN = userPIN; + } + + /** + * Returns the name of this <code>HardwareCryptoModule</code>. + * + * @return The name of this <code>HardwareCryptoModule</code>. + */ + public String getName() { + return name; + } + + /** + * Returns the slot ID of this <code>HardwareCryptoModule</code>. + * + * @return The slot ID. + */ + public String getSlotID() { + return slotID; + } + + + /** + * Returns the user PIN of this <code>HardwareCryptoModule</code>. + * + * @return The user PIN used to access the module. + */ + public String getUserPIN() { + return userPIN; + } + + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java new file mode 100644 index 0000000..18fd085 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java @@ -0,0 +1,83 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +/** + * A class that contains information about a hardware key module. + * + * @author Patrick Peck + * @version $Id$ + */ +public class HardwareKeyModule extends KeyModule { + /** The name of the module. */ + private String name; + /** The slod ID of the module. */ + private String slotID; + /** The user PIN of the module. */ + private String userPIN; + + /** + * Create a new <code>HardwareKey</code>. + * + * @param id The key module ID. + * @param name The name of the key. + * @param slotID The slot ID of the key within the hardware module. May be + * <code>null</code>. + * @param userPIN The user PIN to access the key. + */ + public HardwareKeyModule(String id, String name, String slotID, String userPIN) { + super(id); + this.name = name; + this.slotID = slotID; + this.userPIN = userPIN; + } + + /** + * Return the name of this <code>HardwareKey</code>. + * + * @return The name of this <code>HardwareKey</code>. + */ + public String getName() { + return name; + } + + /** + * Return the slot ID of this <code>HardwareKey</code>. + * + * @return The slot ID of this <code>HardwareKey</code>. + */ + public String getSlotID() { + return slotID; + } + + /** + * Return the user PIN to access this <code>HardwareKey</code>. + * + * @return The user PIN to access this <code>HardwareKey</code>. + */ + public String getUserPIN() { + return userPIN; + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java new file mode 100644 index 0000000..38a3ae9 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java @@ -0,0 +1,149 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +import java.math.BigInteger; +import java.security.Principal; + +import iaik.asn1.structures.Name; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; + +/** + * A class containing the issuer and serial number of a certificate, which can + * be used to uniquely identify the certificate. + * + * The issuer is contained as an RFC2253 encoded <code>String</code>. + * + * @author Patrick Peck + * @version $Id$ + */ +public class IssuerAndSerial { + + /** The issuer distinguished name. */ + private String issuerDN; + /** The certificate serial number. */ + private BigInteger serial; + + /** + * Create an <code>IssuerAndSerial</code> object. + * + * The name of the issuer is converted to RFC2253. If it cannot be parsed, the + * DN contained in the <code>issuer</code> is set. + * + * @param issuer The isser of a certificate. + * @param serial The serial number of the certificate. + */ + public IssuerAndSerial(Principal issuer, BigInteger serial) { + String issuerDN = null; + if (issuer instanceof Name) { + try { + issuerDN = ((Name)issuer).getRFC2253String(); + } catch (RFC2253NameParserException e) { + // do nothing + } + } + if (issuerDN == null) { + RFC2253NameParser parser = new RFC2253NameParser(issuer.getName()); + try { + issuerDN = ((Name)parser.parse()).getRFC2253String(); + } catch (RFC2253NameParserException e) { + issuerDN = issuer.getName(); + } + } + this.serial = serial; + this.issuerDN = issuerDN; + } + + /** + * Create an <code>IssuerAndSerial</code> object. + * + * @param issuerDN The issuer distinguished name. Should be an RFC2253 name. + * @param serial The serial number of the certificate. + */ + public IssuerAndSerial(String issuerDN, BigInteger serial) { + this.issuerDN = issuerDN; + this.serial = serial; + } + + /** + * Return the issuer DN in RFC2253 format. + * + * @return The issuer part of this object. + */ + public String getIssuerDN() { + return issuerDN; + } + + /** + * Return the serial number. + * + * @return The serial number of this object. + */ + public BigInteger getSerial() { + return serial; + } + + /** + * Compare this <code>IssuerAndSerial</code> to another object. + * + * @param other The object to compare this <code>IssuerAndSerial</code> to. + * @return <code>true</code>, if <code>other</code> is an + * <code>IssuerAndSerial</code> object and the <code>issuer</code> and + * <code>serial</code> fields are both equal. <code>false</code> otherwise. + * @see java.lang.Object#equals(java.lang.Object) + */ + public boolean equals(Object other) { + if (other instanceof IssuerAndSerial) { + IssuerAndSerial ias = (IssuerAndSerial) other; + return getIssuerDN().equals(ias.getIssuerDN()) + && getSerial().equals(ias.getSerial()); + } + return false; + } + + /** + * Return the hash code of this <code>IssuerAndSerial</code>. + * + * @return The hash code of this <code>IssuerAndSerial</code>. + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return issuerDN.hashCode() ^ serial.hashCode(); + } + + /** + * Return a <code>String</code> representation of this + * <code>IssuerAndSerial</code> object. + * + * @return The <code>String</code> representation. + * @see java.lang.Object#toString() + */ + public String toString() { + return ("(IssuerAndSerial - Issuer<" + getIssuerDN()) + + ("> Serial<" + serial.toString() + ">)"); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java new file mode 100644 index 0000000..c2490f9 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java @@ -0,0 +1,105 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +import java.util.Iterator; +import java.util.Set; + +/** + * A collection of <code>KeyGroupEntry</code>s with its own ID. + * + * @author Sven Aigner + * @author Patrick Peck + * @version $Id$ + */ +public class KeyGroup { + + /** The keys belonging to this key group. */ + private Set keyGroupEntries; + /** The key group ID. */ + private String id; + /** The digest method algorithm for the key group */ + private String digestMethodAlgorithm; + + /** + * Create a <code>KeyGroup</code>. + * + * @param id The ID of this <code>KeyGroup</code>. + * @param keyGroupEntries The keys belonging to this <code>KeyGroup</code>. + * @param digestMethodAlgorithm The signature algorithm used for this key group + */ + public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm) { + this.id = id; + this.keyGroupEntries = keyGroupEntries; + this.digestMethodAlgorithm = digestMethodAlgorithm; + } + + /** + * Return the <code>KeyEntry</code>s contained in this <code>KeyGroup</code>. + * + * @return The <code>KeyEntry</code>s contained in this <code>KeyGroup</code>. + */ + public Set getKeyGroupEntries() { + return keyGroupEntries; + } + + /** + * Returnd the digest method algorithm used for this key group + * @return The digest method signature algorithm used for this key group + */ + public String getDigestMethodAlgorithm() { + return digestMethodAlgorithm; + } + + /** + * Return the ID of this <code>KeyGroup</code>. + * + * @return The <code>KeyGroup</code> ID. + */ + public String getId() { + return id; + } + + /** + * Return a <code>String</code> representation of this <code>KeyGroup</code>. + * + * @return The <code>String</code> representation. + * @see java.lang.Object#toString() + */ + public String toString() { + StringBuffer sb = new StringBuffer(); + Iterator i; + + if (getKeyGroupEntries() != null) { + i = getKeyGroupEntries().iterator(); + + while (i.hasNext()) { + sb.append(" " + i.next()); + } + } + return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: " + digestMethodAlgorithm; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java new file mode 100644 index 0000000..fcedfb0 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java @@ -0,0 +1,130 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +import java.math.BigInteger; + +/** + * A class containing information about an entry in a key group. + * + * @author Patrick Peck + * @version $Id$ + */ +public class KeyGroupEntry { + /** The module ID of the key. */ + private String moduleID; + /** The issuer DN of the certificate identifying the key. */ + private String issuerDN; + /** The serial number of the certificate identifying the key. */ + private BigInteger serialNumber; + + /** + * Create a new <code>KeyGroupEntry</code>. + * + * @param moduleID The key module ID to which this entry belongs to. + * @param issuerAndSerial The issuer and serial number which uniquely + * identifies a certificate within the key module. + */ + public KeyGroupEntry(String moduleID, IssuerAndSerial issuerAndSerial) { + this.moduleID = moduleID; + this.issuerDN = issuerAndSerial.getIssuerDN(); + this.serialNumber = issuerAndSerial.getSerial(); + } + + /** + * Create a new <code>KeyGroupEntry</code>. + * + * @param moduleID The key module ID to which this entry belongs to. + * @param issuerDN The isser DN of the certificate within the key module. + * @param serialNumber The serial number of the certificate within the key + * module. + */ + public KeyGroupEntry( + String moduleID, + String issuerDN, + BigInteger serialNumber) { + this.moduleID = moduleID; + this.issuerDN = issuerDN; + this.serialNumber = serialNumber; + } + + /** + * Return the key module ID to which this <code>KeyGroupEntry</code> belongs + * to. + * + * @return The key module ID. + */ + public String getModuleID() { + return moduleID; + } + + /** + * Return the issuer DN of this <code>KeyGroupEntry</code> for identifying the + * certificate within the key module. + * + * @return The issuer DN of the certificate. + */ + public String getIssuerDN() { + return issuerDN; + } + + /** + * Return the serial number of this <code>KeyGroupEntry</code> for identifying + * the certificate within the key module. + * + * @return The serial number of the certificate. + */ + public BigInteger getSerialNumber() { + return serialNumber; + } + + /** + * Compare this <code>KeyGroupEntry</code> to another. + * + * @param other The <code>KeyGroupEntry</code> to compare to. + * @return <code>true</code>, if module ID, isser DN and serial number of + * <code>other</code> match the ones contained in this object, otherwise + * <code>false</code>. + * @see java.lang.Object#equals(Object) + */ + public boolean equals(Object other) { + if (other instanceof KeyGroupEntry) { + KeyGroupEntry entry = (KeyGroupEntry) other; + return getModuleID().equals(entry.getModuleID()) + && getIssuerDN().equals(entry.getIssuerDN()) + && getSerialNumber().equals(entry.getSerialNumber()); + } + return false; + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return getModuleID().hashCode() + ^ getIssuerDN().hashCode() + ^ getSerialNumber().hashCode(); + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java new file mode 100644 index 0000000..45d8d7e --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java @@ -0,0 +1,65 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +/** + * A class that contains information about a key module. + * + * @author Patrick Peck + * @version $Id$ + */ +public class KeyModule { + + /** The key module ID. */ + private String id; + + /** + * Create a <code>Key</code> object. + * + * @param id The key module ID. + */ + public KeyModule(String id) { + this.id = id; + } + + /** + * Return the key ID. + * + * @return The key ID. + */ + public String getId() { + return id; + } + + /** + * Return a <code>String</code> representation of this <code>Key</code>. + * + * @return The <code>String</code> representation. + * @see java.lang.Object#toString() + */ + public String toString() { + return "(Key - Id<" + id + ">)"; + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java new file mode 100644 index 0000000..2e91c6b --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java @@ -0,0 +1,57 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +import iaik.pki.revocation.RevocationSourceTypes; + +/** + * A class representing a CRL distribution point. + * + * @author Gregor Karlinger + * @version $Id$ + */ +public class OCSPDistributionPoint + extends DistributionPoint + implements iaik.pki.revocation.DistributionPoint +{ + /** + * Create a <code>OCSPDistributionPoint</code> with a URI. + * + * @param uri The URI of the ocsp distribution point. + */ + public OCSPDistributionPoint(String uri) + { + super(uri); + } + + /** + * @see iaik.pki.revocation.DistributionPoint#getType() + */ + public String getType() + { + return RevocationSourceTypes.OCSP; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java new file mode 100644 index 0000000..0ed83bb --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java @@ -0,0 +1,72 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +/** + * A class containing information about a software key, stored in PKCS12 format. + * + * @author Patrick Peck + * @version $Id$ + */ +public class SoftwareKeyModule extends KeyModule { + /** The name of the file containing the keys. */ + private String fileName; + /** The password for accessing the file. */ + private String passWord; + + /** + * Create a new <code>SoftwareKey</code>. + * + * @param id The key ID. + * @param fileName The name of the PKCS12 keystore file containing the key. + * @param passWord The password to access the keystore file. + */ + public SoftwareKeyModule(String id, String fileName, String passWord) { + super(id); + this.fileName = fileName; + this.passWord = passWord; + } + + /** + * Return the name of the PKCS12 keystore file containing this + * <code>SoftwareKey</code>. + * + * @return The name of the PKCS12 keystore file. + */ + public String getFileName() { + return fileName; + } + + /** + * Return the password to access the keystore file. + * + * @return The password to access the keystore file. + */ + public String getPassWord() { + return passWord; + } + + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java new file mode 100644 index 0000000..21063c7 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -0,0 +1,132 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.config; + +import iaik.x509.X509Certificate; + +/** + * Information about a trust profile. + * + * @author Patrick Peck + * @version $Id$ + */ +public class TrustProfile { + /** The ID of the trust profile. */ + private String id; + /** The URI giving the location of the trust profile. */ + private String uri; + /** The URI giving the location of the allowed signer certificates. */ + private String signerCertsUri; + /** Defines if Trustprofile makes use of EU TSL*/ + private boolean tslEnabled; + /** The original URI (out of the configuration) giving the location of the trust profile (used when TSL is enabled) */ + private String uriOrig; + /** The countries given */ + private String countries; + /** */ + private X509Certificate[] certificatesToBeRemoved; + + /** + * Create a <code>TrustProfile</code>. + * + * @param id The ID of the <code>TrustProfile</code> to create. + * @param uri The URI of the <code>TrustProfile</code> to create. + * @param signerCertsUri The URI of the location of the allowed signer + * certificates of the <code>TrustProfile</code> to create. + */ + public TrustProfile(String id, String uri, String signerCertsUri, boolean tslEnabled, String countries) { + this.id = id; + this.uri = uri; + this.signerCertsUri = signerCertsUri; + this.tslEnabled = tslEnabled; + this.countries = countries; + this.certificatesToBeRemoved = new X509Certificate[0]; + } + + /** + * Return the ID of this <code>TrustProfile</code>. + * + * @return The <code>TrustProfile</code> ID. + */ + public String getId() { + return id; + } + + /** + * Return the URI of this <code>TrustProfile</code>. + * + * @return The URI of <code>TrustProfile</code>. + */ + public String getUri() { + return uri; + } + + /** + * Return the original URI of this <code>TrustProfile</code>. + * + * @return The original URI of <code>TrustProfile</code>. + */ + public String getUriOrig() { + return uriOrig; + } + + /** + * Return the URI giving the location of the allowed signer certificates + * of this <code>TrustProfile</code>. + * + * @return The URI of <code>TrustProfile</code>. + */ + public String getSignerCertsUri() { + return signerCertsUri; + } + /** + * Returns if Trustprofile is TSL enabled + * @return + */ + public boolean isTSLEnabled() { + return tslEnabled; + } + /** + * Returns the given countries + * @return Given countries + */ + public String getCountries() { + if (!tslEnabled) + return null; + else + return countries; + } + + + /** + * Sets the original URI of this <code>TrustProfile</code>. + * + * @return The original URI of <code>TrustProfile</code>. + */ + public void setUriOrig(String uriOrig) { + this.uriOrig = uriOrig; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java new file mode 100644 index 0000000..49e5ecc --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java @@ -0,0 +1,249 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.cmssign; + +import iaik.server.modules.algorithms.SignatureAlgorithms; +import iaik.server.modules.cmssign.CMSSignatureCreationProfile; +import iaik.server.modules.keys.AlgorithmUnavailableException; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; +import iaik.server.modules.keys.UnknownKeyException; + +import java.util.List; +import java.util.Set; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; + +/** + * An object providing auxiliary information for creating a CMS signature. + * + * @author Patrick Peck + * @version $Id$ + */ +public class CMSSignatureCreationProfileImpl + implements CMSSignatureCreationProfile { + + /** The set of keys available to the signing process. */ + private Set keySet; + /** The MIME type of the data to be signed*/ + private String mimeType; + /** Whether the created signature is to be Security Layer conform. */ + private boolean securityLayerConform; + /** Properties to be signed during signature creation. */ + private List signedProperties; + /** Specifies whether the content data shall be included in the CMS SignedData or shall be not included. */ + private boolean includeData; + /** Digest Method algorithm */ + private String digestMethod; + + + /** + * Create a new <code>XMLSignatureCreationProfileImpl</code>. + * + * @param createProfileCount Provides external information about the + * number of calls to the signature creation module, using the same request. + * @param reservedIDs The set of IDs that must not be used while generating + * new IDs. + */ + public CMSSignatureCreationProfileImpl( + Set keySet, + String digestMethod, + List signedProperties, + boolean securityLayerConform, + boolean includeData, + String mimeType) { + this.keySet = keySet; + this.signedProperties = signedProperties; + this.securityLayerConform = securityLayerConform; + this.includeData = includeData; + this.mimeType = mimeType; + this.digestMethod = digestMethod; + + } + + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet() + */ + public Set getKeySet() { + return keySet; + } + + /** + * Set the set of <code>KeyEntryID</code>s which may be used for signature + * creation. + * + * @param keySet The set of <code>KeyEntryID</code>s to set. + */ + public void setKeySet(Set keySet) { + this.keySet = keySet; + } + + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID) + */ + public String getSignatureAlgorithmName(KeyEntryID selectedKeyID) + throws AlgorithmUnavailableException { + + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + TransactionId tid = new TransactionId(context.getTransactionID()); + KeyModule module = KeyModuleFactory.getInstance(tid); + Set algorithms; + + try { + algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID); + } catch (UnknownKeyException e) { + throw new AlgorithmUnavailableException( + "Unknown key entry: " + selectedKeyID, + e, + null); + } + + if (digestMethod.compareTo("SHA-1") == 0) { + Logger.warn("SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); + + if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { + return SignatureAlgorithms.SHA1_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { + return SignatureAlgorithms.ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + + } else if (digestMethod.compareTo("SHA-256") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + return SignatureAlgorithms.SHA256_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { + return SignatureAlgorithms.SHA256_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethod.compareTo("SHA-384") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { + return SignatureAlgorithms.SHA384_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { + return SignatureAlgorithms.SHA384_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethod.compareTo("SHA-512") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { + return SignatureAlgorithms.SHA512_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { + return SignatureAlgorithms.SHA512_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } + else { + throw new AlgorithmUnavailableException( + "No signature algorithm found for digest algorithm '" + digestMethod, + null, + null); + } + + + } + + + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties() + */ + public List getSignedProperties() { + return signedProperties; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform() + */ + public boolean isSecurityLayerConform() { + return securityLayerConform; + } + + /** + * Sets the security layer conformity. + * + * @param securityLayerConform <code>true</code>, if the created signature + * is to be conform to the Security Layer specification. + */ + public void setSecurityLayerConform(boolean securityLayerConform) { + this.securityLayerConform = securityLayerConform; + } + + + public void setDigestMethod(String digestMethod) { + this.digestMethod = digestMethod; + } + + + public String getMimeType() { + return mimeType; + } + + public boolean includeData() { + return this.includeData; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java new file mode 100644 index 0000000..972b540 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java @@ -0,0 +1,61 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.cmsverify; + +import iaik.pki.PKIProfile; +import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; + +/** + * An implementation of the <code>CMSSignatureVerificationProfile</code> + * interface. + * + * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile + * @author Patrick Peck + * @version $Id$ + */ +public class CMSSignatureVerificationProfileImpl + implements CMSSignatureVerificationProfile { + + /** The profile for validating the certificate. */ + private PKIProfile certificateValidationProfile; + + /** + * @see iaik.server.modules.cmsverify.CMSSignatureVerificationProfile#getCertificateValidationProfile() + */ + public PKIProfile getCertificateValidationProfile() { + return certificateValidationProfile; + } + + /** + * Sets the profile for validating the signer certificate. + * + * @param certificateValidationProfile The certificate validation profile to + * set. + */ + public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) { + this.certificateValidationProfile = certificateValidationProfile; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java new file mode 100644 index 0000000..90e6793 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractKeyModuleConfigurationImpl.java @@ -0,0 +1,60 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.server.modules.keys.KeyModuleConfiguration; + +/** + * Base implementation class for the <code>KeyModuleConfiguration</code> + * interface and the interfaces derived from it. + * + * @see iaik.server.modules.keys.KeyModuleConfiguration + * @author Patrick Peck + * @version $Id$ + */ +public abstract class AbstractKeyModuleConfigurationImpl + implements KeyModuleConfiguration { + + /** The module ID. */ + private String moduleID; + + /** + * Creata new <code>AbstractKeyModuleConfigurationImpl</code>. + * + * @param moduleID The key module ID of this + * <code>KeyModuleConfiguration</code>. + */ + public AbstractKeyModuleConfigurationImpl(String moduleID) { + this.moduleID = moduleID; + } + + /** + * @see iaik.server.modules.keys.KeyModuleConfiguration#getModuleID() + */ + public String getModuleID() { + return moduleID; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java new file mode 100644 index 0000000..e2d828b --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/AbstractObservableConfiguration.java @@ -0,0 +1,72 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import iaik.pki.store.observer.NotificationData; +import iaik.pki.store.observer.Observable; +import iaik.pki.store.observer.Observer; + +/** + * A base class for observable configuration data. + * + * @author Patrick Peck + * @version $Id$ + */ +public abstract class AbstractObservableConfiguration implements Observable { + + /** The observers registered with this <code>Observable</code>. */ + private List observers = new ArrayList(); + + /** + * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer) + */ + public void addObserver(Observer observer) { + observers.add(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer) + */ + public boolean removeObserver(Observer observer) { + return observers.remove(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData) + */ + public void notify(NotificationData data) { + Iterator iter = observers.iterator(); + + for (iter = observers.iterator(); iter.hasNext();) { + Observer observer = (Observer) iter.next(); + observer.notify(data); + } + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java new file mode 100644 index 0000000..4a300a2 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ArchiveConfigurationImpl.java @@ -0,0 +1,121 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.pki.store.revocation.archive.ArchiveConfiguration; +import iaik.pki.store.revocation.archive.ArchiveParameters; +import iaik.pki.store.revocation.archive.ArchiveTypes; + +import java.sql.Driver; +import java.sql.DriverManager; +import java.util.Enumeration; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * An implementation of the <code>ArchiveConfiguration</code> interface + * using configuration data provided by the MOA configuration file. + * + * @see iaik.pki.store.revocation.archive.ArchiveConfiguration + * @author Patrick Peck + * @version $Id$ + */ +public class ArchiveConfigurationImpl + extends AbstractObservableConfiguration + implements ArchiveConfiguration { + + /** The configuration parameters of the archive. */ + private ArchiveParameters archiveParameters; + + /** + * Create a new <code>ArchiveConfigurationImpl</code>. + * + * @param config The MOA configuration from which the configuration data is being read. + */ + public ArchiveConfigurationImpl(ConfigurationProvider config) + { + String jdbcUrl = config.getRevocationArchiveJDBCURL(); + this.archiveParameters = new DataBaseArchiveParameterImpl(jdbcUrl); + + // Register JDBC driver class + if (jdbcUrl != null) + { + String jdbcDriverClass = config.getRevocationArchiveJDBCDriverClass(); + try + { + Class.forName(jdbcDriverClass); + } + catch (ClassNotFoundException e) + { + // TODO 20030709 GK Improve exception handling + throw new RuntimeException("JDBC driver class \"" + jdbcDriverClass + " could not be found."); + } + + Enumeration regDrivers = DriverManager.getDrivers(); + boolean isRegistered = false; + while (regDrivers.hasMoreElements()) + { + Object currentDriver = regDrivers.nextElement(); + if (jdbcDriverClass.equals(currentDriver.getClass().getName())) isRegistered = true; + } + if (!isRegistered) + { + // Workaround for a driver which does not register itselve at invocation of Class.forName(drvname) + try + { + DriverManager.registerDriver((Driver)Class.forName(jdbcDriverClass).newInstance()); + } + catch (Exception e) + { + // TODO 20030709 GK Improve exception handling + throw new RuntimeException("Registering JDBC driver \"" + jdbcDriverClass + " failed."); + } + } + } + } + + /** + * Return the type of archive. + * + * This will always return <code>ArchiveTypes.DATABASE</code>. + * @return <code>ArchiveTypes.DATABASE</code>. + * @see iaik.pki.store.revocation.archive.ArchiveConfiguration#getType() + */ + public String getType() { + return ArchiveTypes.DATABASE; + } + + /** + * Return the <code>ArchiveParameters</code> describing this + * <code>ArchiveConfiguration</code>. + * + * @return The archive parameters. + * @see iaik.pki.store.revocation.archive.ArchiveConfiguration#getArchiveParameters() + */ + public ArchiveParameters getArchiveParameters() { + return archiveParameters; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java new file mode 100644 index 0000000..981ea05 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java @@ -0,0 +1,93 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.logging.TransactionId; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.pki.store.revocation.RevocationInfoRetriever; +import iaik.pki.store.revocation.RevocationSource; +import iaik.pki.store.revocation.RevocationStoreException; +import iaik.pki.ldap.Handler; + +import java.io.InputStream; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLStreamHandler; +import java.util.Collection; +import java.util.Date; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * A customized implementation of + * {@link iaik.pki.store.revocation.RevocationInfoRetriever}. Will be used + * instead of the default implementation + * {@link iaik.pki.store.revocation.CRLRetriever} to overcome a classloader + * problem in connection with the {@link java.net.URL} class in a Tomcat + * deployment environment. + * + * @author Gregor Karlinger + * @version $$ + */ +public class CRLRetriever implements RevocationInfoRetriever { + public void update(RevocationSource source, Collection supplementalRequestData, TransactionId tid) + throws RevocationStoreException { + if (source == null) { + throw new NullPointerException("RevocationSource parameter mustn't be null."); + } + Logger.info("Downloading crl from " + source.getUri()); + if (!source.getType().equals(RevocationSourceTypes.CRL)) { + throw new RevocationStoreException(source.getType() + " not supported", null, getClass().getName() + ":1"); + } + try { + URL crlUrl; + try { + crlUrl = new URL(source.getUri()); + } catch (MalformedURLException e) { + // Workaround for classloader problem with deployment in Tomcat + // 4.1 + URLStreamHandler handler = new Handler(); + crlUrl = new URL(null, source.getUri(), handler); + } + + InputStream crlInputStream = crlUrl.openStream(); + source.readFrom(crlInputStream, tid); + source.setDownloadTime(new Date()); + crlInputStream.close(); + } catch (Exception iox) { + Logger.warn("Cannot retrieve crl", iox); + throw new RevocationStoreException("Cannot retrieve CRL", iox, getClass().getName() + ":1"); + } + } + + @Override + public void setConnectTimeout(int arg0) { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + } + + @Override + public void setReadTimeout(int arg0) { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java new file mode 100644 index 0000000..a4f7660 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java @@ -0,0 +1,81 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import java.io.File; +import java.io.IOException; + +import org.apache.commons.io.FileUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.logging.IaikLog; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import iaik.logging.Log; +import iaik.pki.store.certstore.CertStoreConfiguration; +import iaik.pki.store.certstore.CertStoreParameters; +import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; +import iaik.pki.store.certstore.directory.DirectoryStoreException; +import iaik.pki.store.certstore.utils.DirectoryCertStoreConverter; + +/** + * An implementation of the <code>CertStoreConfiguration</code> interface based + * on MOA configuration data. + * + * @see iaik.pki.store.certstore.CertStoreConfiguration + * @author Patrick Peck + * @version $Id$ + */ +public class CertStoreConfigurationImpl extends AbstractObservableConfiguration implements CertStoreConfiguration { + + private static final Logger logger = LoggerFactory.getLogger(CertStoreConfigurationImpl.class); + + /** The configuration parameters of the <code>CertStore</code>. */ + private CertStoreParameters[] parameters; + + /** + * Create a new <code>CertStoreConfigurationImpl</code>. + * + * @param config + * The MOA configuration from which the configuration data is + * being read. + */ + public CertStoreConfigurationImpl(ConfigurationProvider config) { + String certStoreRoot = config.getCertStoreLocation(); + + DirectoryCertStoreParameters dirParameters = new DirectoryCertStoreParametersImpl("MOA Directory CertStore", + certStoreRoot, true, false); + + parameters = new CertStoreParameters[] { dirParameters }; + } + + /** + * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters() + */ + public CertStoreParameters[] getParameters() { + return parameters; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java new file mode 100644 index 0000000..dff78d6 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ConfigurationDataImpl.java @@ -0,0 +1,145 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import iaik.logging.LoggerConfig; +import iaik.pki.PKIConfiguration; +import iaik.server.ConfigurationData; + +import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule; +import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule; + +/** + * An implementation of the <code>ConfigurationData</code> interface using + * MOA configuration data. + * + * @see iaik.server.ConfigurationData + * @author Patrick Peck + * @version $Id$ + */ +public class ConfigurationDataImpl implements ConfigurationData { + /** PKI configuration data. */ + private PKIConfiguration pkiConfiguration; + /** Crypto modules configuration data. */ + private List cryptoModuleConfigurations; + /** Key modules configuration data. */ + private List keyModuleConfigurations; + /** Logging configuration data. */ + private LoggerConfig loggerConfig; + + /** + * Create a new <code>ConfigurationDataImpl</code>. + * + * @param config The underlying MOA configuration data. + */ + public ConfigurationDataImpl(ConfigurationProvider config) { + this.pkiConfiguration = new PKIConfigurationImpl(config); + this.cryptoModuleConfigurations = buildCryptoModuleConfigurations(config); + this.keyModuleConfigurations = buildKeyModuleConfigurations(config); + this.loggerConfig = new LoggerConfigImpl(); + } + + /** + * Build the list of <code>CryptoModuleConfiguration</code>s. + * + * @param config The underlying MOA configuration data. + * @return The list of <code>CryptoModuleConfiguration</code>s configured in + * the MOA configuration. + */ + private List buildCryptoModuleConfigurations(ConfigurationProvider config) { + List modules = new ArrayList(); + Iterator iter = config.getHardwareCryptoModules().iterator(); + + while (iter.hasNext()) { + HardwareCryptoModule module = (HardwareCryptoModule) iter.next(); + modules.add(new HardwareCryptoModuleConfigurationImpl(module)); + } + + return modules; + } + + /** + * Build the list of <code>KeyModuleConfiguration</code>s. + * + * @param config The underlying MOA configuration data. + * @return The list of <code>KeyModuleConfiguration</code>s configured in the + * MOA configuration. + */ + private List buildKeyModuleConfigurations(ConfigurationProvider config) { + List keys = new ArrayList(); + Iterator iter; + + // add the hardware keys + iter = config.getHardwareKeyModules().iterator(); + while (iter.hasNext()) { + HardwareKeyModule key = (HardwareKeyModule) iter.next(); + keys.add(new HardwareKeyModuleConfigurationImpl(key)); + } + + // add the software keys + iter = config.getSoftwareKeyModules().iterator(); + while (iter.hasNext()) { + SoftwareKeyModule key = (SoftwareKeyModule) iter.next(); + keys.add(new SoftwareKeyModuleConfigurationImpl(key)); + } + + return keys; + } + + /** + * @see iaik.server.ConfigurationData#getPKIConfiguration() + */ + public PKIConfiguration getPKIConfiguration() { + return pkiConfiguration; + } + + /** + * @see iaik.server.ConfigurationData#getCryptoModuleConfigurations() + */ + public List getCryptoModuleConfigurations() { + return cryptoModuleConfigurations; + } + + /** + * @see iaik.server.ConfigurationData#getKeyModuleConfigurations() + */ + public List getKeyModuleConfigurations() { + return keyModuleConfigurations; + } + + /** + * @see iaik.server.ConfigurationData#getLoggerConfig() + */ + public LoggerConfig getLoggerConfig() { + return loggerConfig; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java new file mode 100644 index 0000000..f4658a2 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java @@ -0,0 +1,57 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.pki.store.revocation.archive.DataBaseArchiveParameters; + +/** + * An implementation of the <code>DataBaseArchiveParameter</code> interface. + * + * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter + * @author Patrick Peck + * @version $Id$ + */ +public class DataBaseArchiveParameterImpl implements DataBaseArchiveParameters { + + /** The JDBC URL for accessing the archive. */ + private String jDBCUrl; + + /** + * Create a new <code>DataBaseArchiveParameterImpl</code>. + * + * @param jDBCUrl The JDBC URL of the archive. + */ + public DataBaseArchiveParameterImpl(String jDBCUrl) { + this.jDBCUrl = jDBCUrl; + } + + /** + * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter#getJDBCUrl() + */ + public String getJDBCUrl() { + return jDBCUrl; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java new file mode 100644 index 0000000..9dd0ffe --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DirectoryCertStoreParametersImpl.java @@ -0,0 +1,115 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import java.util.Collections; +import java.util.Set; + +import iaik.pki.store.certstore.CertStoreParameters; +import iaik.pki.store.certstore.CertStoreTypes; +import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters; + +/** + * An implementation of the <code>DirectoryCertStoreParameters</code> interface. + * + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters + * @author Patrick Peck + * @version $Id$ + */ +public class DirectoryCertStoreParametersImpl + implements DirectoryCertStoreParameters { + + /** The root directory of the <code>CertStore</code>. */ + private String rootDirectory; + /** Whether a new directory may be created. */ + private boolean createNew; + /** The <code>CertStore</code> ID. */ + private String id; + /** Whether the <code>CertStore</code> is read-only. */ + private boolean readOnly; + + /** + * Create a new <code>DirectoryCertStoreParameterImpl</code>. + * + * @param id The <code>CertStore</code> ID. + * @param rootDirectory The root directory of the <code>CertStore</code>. + * @param createNew Whether a new directory may be created. + * @param readOnly Whether the <code>CertStore</code> is read-only. + */ + public DirectoryCertStoreParametersImpl( + String id, + String rootDirectory, + boolean createNew, + boolean readOnly) { + + this.id = id; + this.rootDirectory = rootDirectory; + this.createNew = createNew; + this.readOnly = readOnly; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory() + */ + public String getRootDirectory() { + return rootDirectory; + } + + /** + * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew() + */ + public boolean createNew() { + return createNew; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#getId() + */ + public String getId() { + return id; + } + + /** + * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly() + */ + public boolean isReadOnly() { + return readOnly; + } + + /** + * @return <code>CertStoreTypes.DIRECTORY</code> + * @see iaik.pki.store.certstore.CertStoreParameters#getType() + */ + public String getType() { + return CertStoreTypes.DIRECTORY; + } + +@Override +public Set getVirtualStores() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return Collections.EMPTY_SET; +} + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java new file mode 100644 index 0000000..c9904c5 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareCryptoModuleConfigurationImpl.java @@ -0,0 +1,75 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.server.modules.crypto.HardwareCryptoModuleConfiguration; + +import at.gv.egovernment.moa.spss.server.config.HardwareCryptoModule; + +/** + * An implementation of the <code>HardwareCryptoModuleConfiguration</code> + * wrapping a <code>HardwareCryptoModule</code> from the MOA configuration. + * + * @author Patrick Peck + * @version $Id$ + */ +public class HardwareCryptoModuleConfigurationImpl + implements HardwareCryptoModuleConfiguration { + + /** The wrapped <code>HardwareCryptoModule</code>. */ + private HardwareCryptoModule module; + + /** + * Create a new <code>HardwareCryptoModuleConfigurationImpl</code>. + * + * @param module The <code>HardwareCryptoModule</code> from the underlying MOA + * configuration. + */ + public HardwareCryptoModuleConfigurationImpl(HardwareCryptoModule module) { + this.module = module; + } + + /** + * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getModuleName() + */ + public String getModuleName() { + return module.getName(); + } + + /** + * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getSlotID() + */ + public String getSlotID() { + return module.getSlotID(); + } + + /** + * @see iaik.server.modules.crypto.HardwareCryptoModuleConfiguration#getUserPIN() + */ + public char[] getUserPIN() { + return module.getUserPIN().toCharArray(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java new file mode 100644 index 0000000..05f5633 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/HardwareKeyModuleConfigurationImpl.java @@ -0,0 +1,79 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.server.modules.keys.HardwareKeyModuleConfiguration; + +import at.gv.egovernment.moa.spss.server.config.HardwareKeyModule; + +/** + * An implementation of the <code>HardwareKeyModuleConfiguration</code> + * interface wrapping a <code>HardwareKeyModule</code> from the MOA + * configuration. + * + * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration + * @author Patrick Peck + * @version $Id$ + */ +public class HardwareKeyModuleConfigurationImpl + extends AbstractKeyModuleConfigurationImpl + implements HardwareKeyModuleConfiguration { + + /** The wrapped <code>HardwareKeyModule</code>. */ + private HardwareKeyModule keyModule; + + /** + * Create a new <code>HardwareKeyModuleConfigurationImpl</code>. + * + * @param keyModule The <code>HardwareKeyModule</code> from the underlying + * MOA configuration. + */ + public HardwareKeyModuleConfigurationImpl(HardwareKeyModule keyModule) { + super(keyModule.getId()); + this.keyModule = keyModule; + } + + /** + * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getModuleName() + */ + public String getModuleName() { + return keyModule.getName(); + } + + /** + * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getSlotID() + */ + public String getSlotID() { + return keyModule.getSlotID(); + } + + /** + * @see iaik.server.modules.keys.HardwareKeyModuleConfiguration#getUserPIN() + */ + public char[] getUserPIN() { + return keyModule.getUserPIN().toCharArray(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java new file mode 100644 index 0000000..87dd572 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -0,0 +1,217 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.pki.store.revocation.RevocationFactory; +import iaik.pki.store.revocation.RevocationSourceStore; +import iaik.pki.store.truststore.TrustStoreFactory; +import iaik.security.ec.provider.ECCelerate; +import iaik.server.ConfigurationData; +import iaik.server.Configurator; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; + +import java.security.Security; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.server.config.ConfigurationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.KeyGroup; +import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.util.CertStoreConverter; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.spss.util.SecProviderUtils; + +/** + * A class responsible for configuring the IAIK MOA modules. + * + * @author Patrick Peck + * @version $Id$ + */ +public class IaikConfigurator { + + /** The warnings encountered during configuration. */ + private List warnings = new ArrayList(); + + /** + * Configure the IAIK MOA subsystem. + * + * + * @param moaConfig The underlying MOA configuration. + * @return Returns the config data of the underlying MOA subsystem + * @throws ConfigurationException An error occurred configuring the IAIK + * MOA subsystem. + */ + public ConfigurationData configure(ConfigurationProvider moaConfig) + throws ConfigurationException { + ConfigurationData configData = new ConfigurationDataImpl(moaConfig); + + warnings = new ArrayList(); + + try { + TransactionId transId = new TransactionId("IaikConfigurator"); + + //SecProviderUtils.dumpSecProviders("Starting configuration"); + + try { + iaik.pki.Configurator.initCommon(configData.getLoggerConfig(), + transId); + //SecProviderUtils.dumpSecProviders("initCommon"); + String certStoreRoot = moaConfig.getCertStoreLocation(); + CertStoreConverter.convert(certStoreRoot, transId); + } finally { + //Security.removeProvider(ECCelerate.getInstance().getName()); + } + + Configurator.init(configData, transId); + + SecProviderUtils.dumpSecProviders("Fully configured!"); + + // Set customized CRL retriever to overcome a classloader problem when MOA is deployed in Tomcat + RevocationSourceStore rss = RevocationFactory.getInstance(transId).getRevocationSourceStore(); + //rss.setRetriever(new CRLRetriever(), RevocationSourceTypes.CRL); + if ((moaConfig.getSoftwareKeyModules().size() > 0) || (moaConfig.getHardwareKeyModules().size() > 0)) { + dumpKeyEntryIDs(); + } + checkKeyGroupConfig(moaConfig); + TrustStoreFactory.reset(); + + return configData; + } catch (iaik.server.ConfigurationException e) { + throw new ConfigurationException("config.08", null, e); + } catch (Throwable t) { + throw new ConfigurationException("config.08", null, t); + } + } + + /** + * Return the warnings encountered during configuration. + * + * @return The warnings. + */ + public List getWarnings() { + return warnings; + } + + /** + * Dump all <code>KeyEntryID</code>s contained in the configured + * <code>KeyModule</code>s to the log file. + */ + private void dumpKeyEntryIDs() { + MessageProvider msg = MessageProvider.getInstance(); + KeyModule module = KeyModuleFactory.getInstance(new TransactionId("dump")); + Set keyEntryIds = module.getPrivateKeyEntryIDs(); + Iterator iter; + + for (iter = keyEntryIds.iterator(); iter.hasNext();) { + KeyEntryID keyEntryId = (KeyEntryID) iter.next(); + Logger.info( + new LogMsg(msg.getMessage("config.19", new Object[] { keyEntryId }))); + } + } + + /** + * Check that each key group entry in each key group can be resolved to a + * KeyEntryID. + * + * Logs a warning for each key group entry that cannot be resolved. + * + * @param moaConfig The MOA configuration to check. + */ + private void checkKeyGroupConfig(ConfigurationProvider moaConfig) { + Map keyGroups = moaConfig.getKeyGroups(); + Iterator iter; + + for (iter = keyGroups.values().iterator(); iter.hasNext();) { + KeyGroup keyGroup = (KeyGroup) iter.next(); + Set keyGroupEntries = keyGroup.getKeyGroupEntries(); + Iterator kgIter; + + for (kgIter = keyGroupEntries.iterator(); kgIter.hasNext();) { + KeyGroupEntry entry = (KeyGroupEntry) kgIter.next(); + + if (!findKeyEntryID(entry)) { + warn( + "config.31", + new Object[] { + keyGroup.getId(), + entry.getModuleID(), + entry.getIssuerDN(), + entry.getSerialNumber()}); + } + } + } + } + + /** + * Find out that a certain KeyGroupEntry could be resolved to a KeyEntryID + * by the Configurator. + * + * @param keyGroupEntry The key group entry to find. + * @return <code>true</code>, if the <code>keyGroupEntry</code> could be + * resolved to a <code>KeyEntryID</code>; otherwise <code>false</code>. + */ + private boolean findKeyEntryID(KeyGroupEntry keyGroupEntry) { + KeyModule module = KeyModuleFactory.getInstance(new TransactionId("check")); + Set keyEntryIDs = module.getPrivateKeyEntryIDs(); + Iterator iter; + + for (iter = keyEntryIDs.iterator(); iter.hasNext();) { + KeyEntryID entry = (KeyEntryID) iter.next(); + + if (entry.getCertificateIssuer().equals(keyGroupEntry.getIssuerDN()) + && entry.getCertificateSerialNumber().equals( + keyGroupEntry.getSerialNumber()) + && entry.getModuleID().equals(keyGroupEntry.getModuleID())) { + return true; + } + } + + return false; + } + + /** + * Log a warning. + * + * @param messageId The message ID. + * @param args Additional parameters for the message. + * @see at.gv.egovernment.moa.spss.server.util.MessageProvider + */ + private void warn(String messageId, Object[] args) { + MessageProvider msg = MessageProvider.getInstance(); + String txt = msg.getMessage(messageId, args); + + Logger.warn(new LogMsg(txt)); + warnings.add(txt); + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java new file mode 100644 index 0000000..3fb842f --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/LoggerConfigImpl.java @@ -0,0 +1,58 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import java.util.Properties; + +import iaik.logging.LogConfigurationException; +import iaik.logging.LoggerConfig; + +import at.gv.egovernment.moa.logging.LoggingContextManager; + +/** + * Default implementation of the <code>LoggerConfig</code> interface. + * + * @author Patrick Peck + * @version $Id$ + */ +public class LoggerConfigImpl implements LoggerConfig { + + /** The implementation of iaik.logging.LogFactory. */ + private static final String DEFAULT_IMPLEMENTATION = + "at.gv.egovernment.moa.spss.server.logging.IaikLogFactory"; + + public String getFactory() { + return DEFAULT_IMPLEMENTATION; + } + + public Properties getProperties() throws LogConfigurationException { + return new Properties(); + } + + public String getNodeId() { + return LoggingContextManager.getInstance().getLoggingContext().getNodeID(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java new file mode 100644 index 0000000..5e29b5c --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/PKIConfigurationImpl.java @@ -0,0 +1,113 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.pki.PKIConfiguration; +import iaik.pki.pathvalidation.ValidationConfiguration; +import iaik.pki.revocation.RevocationConfiguration; +import iaik.pki.store.certstore.CertStoreConfiguration; +import iaik.pki.store.revocation.archive.ArchiveConfiguration; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * An implementation of the <code>PKIConfiguration</code> interface using data + * from the MOA configuration. + * + * @see iaik.pki.PKIConfiguration + * @author Patrick Peck + * @version $Id$ + */ +public class PKIConfigurationImpl implements PKIConfiguration { + /** The <code>CertStore</code> configuration. */ + private CertStoreConfiguration certStoreConfiguration; + /** The revocation checking configuration. */ + private RevocationConfiguration revocationConfiguration; + /** The revocation archive configuration. */ + private ArchiveConfiguration archiveConfiguration; + /** The certificate validation configuration. */ + private ValidationConfiguration validationConfiguration; + + /** + * Create a new <code>PKIConfigurationImpl</code>. + * + * @param config + * The underlying MOA configuration which will be used to build + * the configuration data contained in this object. + */ + public PKIConfigurationImpl(ConfigurationProvider config) { + + this.certStoreConfiguration = new CertStoreConfigurationImpl(config); + this.revocationConfiguration = new RevocationConfigurationImpl(config); + + boolean archiveInfo = config.getEnableRevocationArchiving(); + if (archiveInfo) { + this.archiveConfiguration = new ArchiveConfigurationImpl(config); + } else { + this.archiveConfiguration = null; + } + + this.validationConfiguration = new ValidationConfigurationImpl(config); + } + + /** + * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration() + */ + public CertStoreConfiguration getCertStoreConfiguration() { + return certStoreConfiguration; + } + + /** + * @see iaik.pki.PKIConfiguration#getRevocationConfiguration() + */ + public RevocationConfiguration getRevocationConfiguration() { + return revocationConfiguration; + } + + /** + * @see iaik.pki.PKIConfiguration#getArchiveConfiguration() + */ + public ArchiveConfiguration getArchiveConfiguration() { + return archiveConfiguration; + } + + /** + * @see iaik.pki.PKIConfiguration#getValidationConfiguration() + */ + public ValidationConfiguration getValidationConfiguration() { + return validationConfiguration; + } + + @Override + public int getConnectTimeout() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return 0; + } + + @Override + public int getReadTimeout() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return 0; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java new file mode 100644 index 0000000..b03c4a2 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java @@ -0,0 +1,112 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import iaik.pki.revocation.RevocationConfiguration; +import iaik.pki.revocation.dbcrl.config.DBCrlConfig; + +import java.security.cert.X509Certificate; +import java.util.Date; +import java.util.Map; +import java.util.Set; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * An implementation of the <code>RevocationConfiguration</code> interface using + * MOA configuration data. + * + * @see iaik.pki.revocation.RevocationConfiguration + * @author Patrick Peck + * @version $Id$ + */ +public class RevocationConfigurationImpl extends AbstractObservableConfiguration implements RevocationConfiguration { + + /** + * The <code>ConfigurationProvider</code> to read the configuration data + * from. + */ + private ConfigurationProvider config; + + /** + * Create a new <code>RevocationConfigurationImpl</code>. + * + * @param config + * The underlying MOA configuration containing the configuration + * data. + */ + public RevocationConfigurationImpl(ConfigurationProvider config) { + this.config = config; + } + + /** + * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints + */ + public Set getAlternativeDistributionPoints(X509Certificate cert, X509Certificate issuer, Date date) { + return config.getDistributionPoints(cert); + } + + /** + * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, + * java.lang.String) + */ + public boolean archiveRevocationInfo(String type, String uri) { + return config.getEnableRevocationArchiving(); + } + + /** + * @see iaik.pki.revocation.RevocationConfiguration#getCrlRetentionInterval(java.lang.String) + */ + public Integer getCrlRetentionInterval(String issuername) { + Map map = config.getCrlRetentionIntervals(); + Integer interval = (Integer) map.get(issuername); + + return interval; + } + + @Override + public DBCrlConfig getDataBaseCRLConfig() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return null; + } + + @Override + public boolean getKeepRevocationInfo() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return false; + } + + @Override + public Set getPositiveOCSPResponders() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return null; + } + + @Override + public boolean skipIndirectCRLCheckForAlternativeDistributionPoints() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return false; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java new file mode 100644 index 0000000..937f32f --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/SoftwareKeyModuleConfigurationImpl.java @@ -0,0 +1,99 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; + +import iaik.server.modules.keys.ConfigurationException; +import iaik.server.modules.keys.SoftwareKeyModuleConfiguration; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; + +import at.gv.egovernment.moa.spss.server.config.SoftwareKeyModule; +import at.gv.egovernment.moa.spss.util.MessageProvider; + +/** + * An implementation of the <code>SoftwareKeyModuleConfiguration</code> wrapping + * a <code>SoftwareKeyModule</code> from the MOA configuration. + * + * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration + * @author Patrick Peck + * @version $Id$ + */ +public class SoftwareKeyModuleConfigurationImpl + extends AbstractKeyModuleConfigurationImpl + implements SoftwareKeyModuleConfiguration { + + /** The wrapped <code>SoftwareKeyModule</code>. */ + private SoftwareKeyModule keyModule; + + /** + * Create a new <code>SoftwareKeyModuleConfigurationImpl</code>. + * + * @param keyModule The <code>SoftwareKeyModule</code> from the underlying MOA + * configuration. + */ + public SoftwareKeyModuleConfigurationImpl(SoftwareKeyModule keyModule) { + super(keyModule.getId()); + this.keyModule = keyModule; + } + + /** + * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreTypeName() + */ + public String getKeyStoreTypeName() { + return KEY_STORE_TYPE_NAME_PKCS12; + } + + /** + * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreAsStream() + */ + public InputStream getKeyStoreAsStream() { + MessageProvider msg = MessageProvider.getInstance(); + + try { + String message = + msg.getMessage("config.18", new Object[] { keyModule.getFileName()}); + Logger.info(new LogMsg(message)); + return new FileInputStream(keyModule.getFileName()); + } catch (FileNotFoundException e) { + String message = + msg.getMessage("config.09", new Object[] { keyModule.getFileName()}); + + throw new ConfigurationException(message, e, null); + } + } + + /** + * @see iaik.server.modules.keys.SoftwareKeyModuleConfiguration#getKeyStoreAuthenticationData() + */ + public char[] getKeyStoreAuthenticationData() { + return keyModule.getPassWord().toCharArray(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java new file mode 100644 index 0000000..9e26fb8 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/ValidationConfigurationImpl.java @@ -0,0 +1,80 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.config; + +import java.security.cert.X509Certificate; +import java.security.spec.AlgorithmParameterSpec; + +import iaik.pki.pathvalidation.ValidationConfiguration; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * An implementation of the <code>ValidationConfiguration</code> interface using + * MOA configuration data. + * + * @see iaik.pki.pathvalidation.ValidationConfiguration + * @author Patrick Peck + * @version $Id$ + */ +public class ValidationConfigurationImpl + extends AbstractObservableConfiguration + implements ValidationConfiguration { + + /** The <code>ConfigurationProvider</code> to read the configuration data + * from. */ + private ConfigurationProvider config; + + /** + * Create a new <code>ValidationConfigurationImpl</code>. + * + * @param config The underlying MOA configuration data. + */ + public ValidationConfigurationImpl(ConfigurationProvider config) { + this.config = config; + } + + /** + * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate) + */ + public String getChainingMode(X509Certificate cert) { + return config.getChainingMode(cert); + } + + /** + * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate) + */ + public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate cert) { + return null; + } + + /** + * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate) + */ + public X509Certificate getPublicKeyParamsAsCert(X509Certificate cert) { + return null; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java new file mode 100644 index 0000000..491986b --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -0,0 +1,158 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.spss.server.iaik.pki; + +import iaik.pki.PKIProfile; +import iaik.pki.pathvalidation.ValidationProfile; +import iaik.pki.revocation.RevocationProfile; +import iaik.pki.store.truststore.TrustStoreProfile; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl; + +/** + * Implementation of the <code>PKIProfile</code> interface containing + * information needed for certificate path validation. It uses configuration + * data from the MOA configuration. + * + * @author Patrick Peck + * @version $Id$ + */ +public class PKIProfileImpl implements PKIProfile { + + /** Profile information for revocation checking. */ + private RevocationProfile revocationProfile; + /** Profile information about the trust profile to use. */ + private TrustStoreProfile trustStoreProfile; + /** Profile information about the certificate validation. */ + private ValidationProfile validationProfile; + /** + * The <code>ConfigurationProvider</code> to read the MOA configuration data + * from. + */ + private ConfigurationProvider config; + + /** + * Create a new <code>PKIProfileImpl</code>. + * + * @param config + * The MOA configuration providing configuration data about + * certificate path validation. + * @param trustProfileID + * The trust profile ID denoting the location of the trust store. + * @throws MOAApplicationException + * An error occurred building the profile. + */ + public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException { + + this.config = config; + setRevocationProfile(new RevocationProfileImpl(config)); + setTrustStoreProfile(new TrustStoreProfileImpl(config, trustProfileID)); + setValidationProfile(new ValidationProfileImpl(config)); + } + + /** + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ + /*public boolean autoAddCertificates() { + return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates(); + }*/ + + /** + * @see iaik.pki.PKIProfile#getRevocationProfile() + */ + public RevocationProfile getRevocationProfile() { + return revocationProfile; + } + + /** + * Sets the <code>RevocationProfile</code>. + * + * @param revocationProfile + * The <code>RevocationProfile</code> used for revocation + * checking. + */ + protected void setRevocationProfile(RevocationProfile revocationProfile) { + this.revocationProfile = revocationProfile; + } + + /** + * @see iaik.pki.PKIProfile#getTrustStoreProfile() + */ + public TrustStoreProfile getTrustStoreProfile() { + return trustStoreProfile; + } + + /** + * Sets the <code>TrustStoreProfile</code>. + * + * @param trustStoreProfile + * The <code>TrustStoreProfile</code>. + */ + protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) { + this.trustStoreProfile = trustStoreProfile; + } + + /** + * @see iaik.pki.PKIProfile#getValidationProfile() + */ + public ValidationProfile getValidationProfile() { + return validationProfile; + } + + /** + * Sets the <code>ValidationProfile</code>. + * + * @param validationProfile + * The <code>ValidationProfile</code> to set. + */ + protected void setValidationProfile(ValidationProfile validationProfile) { + this.validationProfile = validationProfile; + } + + /** + * @see iaik.pki.PKIProfile#useAuthorityInfoAccess() + */ + public boolean useAuthorityInfoAccess() { + return config.getUseAuthorityInfoAccess(); + } + + /** + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ + @Override + public int autoAddCertificates() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return 0; + } + + @Override + public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return null; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java new file mode 100644 index 0000000..7e62d60 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java @@ -0,0 +1,131 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation; + +import iaik.pki.pathvalidation.ValidationProfile; + +import java.util.Collections; +import java.util.Set; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * An implementation of the <code>ValidationProfile</code> interface providing + * information about certificat path validation. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ValidationProfileImpl implements ValidationProfile { + + /** The <code>ConfigurationProvider</code> to read the configuration data + * from. */ + private ConfigurationProvider config; + private boolean initialAnyPolicyInhibit; + private boolean initialExplicitPolicy; + private boolean initialPolicyMappingInhibit; + private Set initialPolicySet; + private boolean nameConstraintsProcessing; + private boolean policyProcessing; + + /** + * Create a new <code>ValidationProfileImpl</code> object. + * + * This objects's fields are preset to the following values: + * + * <ul> + * <li><code>initialAnyPolicyInhibit = true</code></li> + * <li><code>initialExplicitPoliy = true</code></li> + * <li><code>initialPolicyMappingInhibit = true</code></li> + * <li><code>initialPolicySet = empty</code></li> + * <li><code>policyProcessing = false</code></li> + * <li><code>nameConstraintsProcessing = false</code></li> + * <li><code>revocationChecking = false</code></li> + * </ul> + * + * @param config MOA configuration data for additional configuration + * information (currently unused). + */ + public ValidationProfileImpl(ConfigurationProvider config) { + this.config = config; + initialAnyPolicyInhibit = true; + initialExplicitPolicy = true; + initialPolicyMappingInhibit = true; + initialPolicySet = Collections.EMPTY_SET; + policyProcessing = false; + nameConstraintsProcessing = false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit() + */ + public boolean getInitialAnyPolicyInhibit() { + return initialAnyPolicyInhibit; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy() + */ + public boolean getInitialExplicitPolicy() { + return initialExplicitPolicy; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit() + */ + public boolean getInitialPolicyMappingInhibit() { + return initialPolicyMappingInhibit; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet() + */ + public Set getInitialPolicySet() { + return initialPolicySet; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing() + */ + public boolean getPolicyProcessing() { + return policyProcessing; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing() + */ + public boolean getNameConstraintsProcessing() { + return nameConstraintsProcessing; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking() + */ + public boolean getRevocationChecking() + { + return config.getEnableRevocationChecking(); + } + +}
\ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java new file mode 100644 index 0000000..14627b2 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java @@ -0,0 +1,88 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.pki.revocation; + +import java.security.cert.X509Certificate; + +import iaik.pki.revocation.RevocationProfile; +import iaik.pki.revocation.RevocationSourceTypes; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * An implementation of the <code>RevocationProfile</code> interface providing + * information about revocation status checking, based on MOA configuration + * data. + * + * @author Patrick Peck + * @version $Id$ + */ +public class RevocationProfileImpl implements RevocationProfile { + /** The default service order. */ + private static final String[] DEFAULT_SERVICE_ORDER = + { RevocationSourceTypes.CRL, RevocationSourceTypes.OCSP }; + /** The <code>ConfigurationProvider</code> to read the MOA configuration data + * from. */ + private ConfigurationProvider config; + /** The OCSP request hash algorithm. Currently only "SHA" is supported. */ + private static final String oCSPRequestHashAlgorithm = "SHA"; + + /** + * Create a new <code>RevocationProfileImpl</code>. + * + * @param config The MOA configuration data. + */ + public RevocationProfileImpl(ConfigurationProvider config) { + this.config = config; + // currently only "SHA" is supported +// this.oCSPRequestHashAlgorithm = ""; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(String) + */ + public long getMaxRevocationAge(String distributionPointUri) + { + return config.getMaxRevocationAge(); + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm() + */ + public String getOCSPRequestHashAlgorithm() { + return oCSPRequestHashAlgorithm; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate) + */ + public String[] getPreferredServiceOrder(X509Certificate cert) + { + String[] serviceOrder = config.getServiceOrder(); + if (serviceOrder == null || serviceOrder.length == 0) return DEFAULT_SERVICE_ORDER; + return serviceOrder; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java new file mode 100644 index 0000000..50f237a --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java @@ -0,0 +1,159 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; +import iaik.pki.store.observer.NotificationData; +import iaik.pki.store.observer.Observer; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; + +/** + * An implementation of the <code>TrustStoreProfile</code> interface, using data + * from the MOA configuration. + * + * @see iaik.pki.store.truststore.TrustStoreProfile + * @author Patrick Peck + * @version $Id$ + */ +public class TrustStoreProfileImpl implements TrustStoreProfile { + + /** The observers of this profile. */ + private List observers = new ArrayList(); + + /** + * The trust profile identifier. + */ + private String id_; + + /** The type of the trust profile. */ + private String type; + /** The URI of the trust profile.*/ + private String URI; + + /** + * Create a new <code>TrustStoreProfileImpl</code>. + * + * @param config The MOA configuration data, from which trust store + * configuration data is read. + * @param trustProfileId The trust profile id on which this + * <code>TrustStoreProfile</code> is based. + * @throws MOAApplicationException The <code>trustProfileId</code> could not + * be found in the MOA configuration. + */ + public TrustStoreProfileImpl( + ConfigurationProvider config, + String trustProfileId) + throws MOAApplicationException { + + TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId); + if (tp != null) + { + id_ = trustProfileId; + setURI(tp.getUri()); + setType(TrustStoreTypes.DIRECTORY); + } + else + { + throw new MOAApplicationException("2203", new Object[] { trustProfileId }); + } + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getType() + */ + public String getType() { + return type; + } + + /** + * Sets the the trust store type. + * + * @param type The trust store type to set. + */ + protected void setType(String type) { + this.type = type; + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getURI() + */ + public String getURI() { + return URI; + } + + /** + * Sets the trust store URI. + * + * @param URI The trust store URI to set. + */ + protected void setURI(String URI) { + this.URI = URI; + } + + // + // Methods of iaik.pki.store.observer.Observable interface + // + + /** + * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer) + */ + public void addObserver(Observer observer) { + observers.add(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer) + */ + public boolean removeObserver(Observer observer) { + return observers.remove(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData) + */ + public void notify(NotificationData notificationData) { + for (Iterator iter = observers.iterator(); iter.hasNext();) { + Observer observer = (Observer) iter.next(); + observer.notify(notificationData); + } + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getId() + */ + public String getId() + { + return id_; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java new file mode 100644 index 0000000..cc12861 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/Base64TransformationImpl.java @@ -0,0 +1,67 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import iaik.server.modules.xml.Base64Transformation; + +/** + * An implementation of the <code>Base64Transformation</code> + * <code>Transformation</code> type. + * + * @author Patrick Peck + * @version $Id$ + */ +public class Base64TransformationImpl + extends TransformationImpl + implements Base64Transformation { + + /** + * Create a new <code>Base64TransformationImpl</code>. + * + * @see java.lang.Object#Object() + */ + public Base64TransformationImpl() { + setAlgorithmURI(Base64Transformation.BASE64_DECODING); + } + + /** + * Compare this <code>Base64Transformation</code> to another. + * + * @param other The object to compare this<code>Base64Transformation</code> + * to. + * @return <code>true</code>, if <code>other</code> is a + * <code>Base64Transformation</code> and the algorithm URIs match, otherwise + * <code>false</code>. + * @see java.lang.Object#equals(Object) + */ + public boolean equals(Object other) { + if (other instanceof Base64Transformation) { + Base64Transformation transform = (Base64Transformation) other; + return getAlgorithmURI().equals(transform.getAlgorithmURI()); + } + return false; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java new file mode 100644 index 0000000..4d627d7 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteArrayDataObjectImpl.java @@ -0,0 +1,78 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import iaik.server.modules.xml.BinaryDataObject; + +/** + * A <code>BinaryDataObject</code> encapsulating Base64 data. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ByteArrayDataObjectImpl + extends DataObjectImpl + implements BinaryDataObject { + + /** The binary data contained in this <code>BinaryDataObject</code>. */ + private byte[] bytes; + + /** + * Create a new <code>ByteArrayDataObjectImpl</code>. + * + * @param bytes The binary data contained in this + * <code>BinaryDataObject</code>. + */ + public ByteArrayDataObjectImpl(byte[] bytes) { + setBytes(bytes); + } + + /** + * Set the Base64 data. + * + * @param bytes The binary data contained in this + * <code>BinaryDataObject</code>. + */ + public void setBytes(byte[] bytes) { + this.bytes = bytes; + } + + /** + * Return the binary data encoded in the Base64 <code>String</code> as a + * stream. + * + * @return The binary data contained in this object, as a + * <code>InputStream</code>. Repeated calls to this function will return a + * new stream to the Base64 data. + * @see iaik.server.modules.xml.BinaryDataObject#getInputStream() + */ + public InputStream getInputStream() { + return new ByteArrayInputStream(bytes); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java new file mode 100644 index 0000000..b982c8e --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ByteStreamDataObjectImpl.java @@ -0,0 +1,73 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import java.io.InputStream; + +import iaik.server.modules.xml.BinaryDataObject; + +/** + * A <code>BinaryDataObject</code> encapsulating binary data from a stream. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ByteStreamDataObjectImpl + extends DataObjectImpl + implements BinaryDataObject { + + /** The <code>InputStream</code> containing the binary data. */ + private InputStream inputStream; + + /** + * Create a new <code>ByteStreamDataObjectImpl</code>. + * + * @param inputStream The stream from which to read the binary data. + */ + public ByteStreamDataObjectImpl(InputStream inputStream) { + setInputStream(inputStream); + } + + /** + * Set the input stream from which to read the binary data. + * + * @param inputStream The input stream from which to read the binary data. + */ + public void setInputStream(InputStream inputStream) { + this.inputStream = inputStream; + } + + /** + * Return the binary data from this object as a stream. + * + * @return The stream containing the binary data. Calling this function + * repeatedly will always return the same <code>InputStream</code>. + * @see iaik.server.modules.xml.BinaryDataObject#getInputStream() + */ + public InputStream getInputStream() { + return inputStream; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java new file mode 100644 index 0000000..0c3a8da --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/CanonicalizationImpl.java @@ -0,0 +1,67 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import iaik.server.modules.xml.Canonicalization; + +/** + * An implementation of the <code>CanonicalizationTransform</code> + * <code>Transformation</code> type. + * + * @author Patrick Peck + * @version $Id$ + */ +public class CanonicalizationImpl + extends TransformationImpl + implements Canonicalization { + + /** + * Create a new <code>CanonicalizationTransformImpl</code> object. + * + * @param algorithmURI The canonicalization algorithm URI. + */ + public CanonicalizationImpl(String algorithmURI) { + setAlgorithmURI(algorithmURI); + } + + /** + * Compare this object to another <code>Canonicalization</code>. + * + * @param other The object to compare this + * <code>Canonicalization</code> to. + * @return <code>true</code>, if <code>other</code> is a + * <code>Canonicalization</code> and the algorithm URIs match, otherwise + * <code>false</code>. + * @see java.lang.Object#equals(Object) + */ + public boolean equals(Object other) { + if (other instanceof Canonicalization) { + Canonicalization c14n = (Canonicalization) other; + return getAlgorithmURI().equals(c14n.getAlgorithmURI()); + } + return false; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java new file mode 100644 index 0000000..702caaf --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/DataObjectImpl.java @@ -0,0 +1,111 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import iaik.server.modules.xml.DataObject; + +/** + * Abstract base implementation for the classes derived from + * <code>DataObject</code>. + * + * @author Patrick Peck + * @version $Id$ + */ +public abstract class DataObjectImpl implements DataObject { + + /** The MIME type of the data object. */ + private String mimeType; + /** The refernce ID. */ + private String referenceID; + /** The URI of the type. */ + private String typeURI; + /** The URI identifying the data. */ + private String URI; + + /** + * @see iaik.server.modules.xml.DataObject#getMimeType() + */ + public String getMimeType() { + return mimeType; + } + + /** + * Set the mime type. + * + * @param mimeType The mime type to set. + */ + public void setMimeType(String mimeType) { + this.mimeType = mimeType; + } + + /** + * @see iaik.server.modules.xml.DataObject#getReferenceID() + */ + public String getReferenceID() { + return referenceID; + } + + /** + * Set the reference ID. + * + * @param referenceID The reference ID. + */ + public void setReferenceID(String referenceID) { + this.referenceID = referenceID; + } + + /** + * @see iaik.server.modules.xml.DataObject#getTypeURI() + */ + public String getTypeURI() { + return typeURI; + } + + /** + * Set the type URI. + * + * @param typeURI The type URI. + */ + public void setTypeURI(String typeURI) { + this.typeURI = typeURI; + } + + /** + * @see iaik.server.modules.xml.DataObject#getURI() + */ + public String getURI() { + return URI; + } + + /** + * Set the URI. + * + * @param URI The URI. + */ + public void setURI(String URI) { + this.URI = URI; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java new file mode 100644 index 0000000..d582594 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/EnvelopedSignatureTransformationImpl.java @@ -0,0 +1,66 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import iaik.server.modules.xml.EnvelopedSignatureTransformation; + +/** + * An implementation of the <code>EnvelopedSignatureTransformation</code> + * <code>Transformation</code> type. + * + * @author Patrick Peck + * @version $Id$ + */ +public class EnvelopedSignatureTransformationImpl + extends TransformationImpl + implements EnvelopedSignatureTransformation { + + /** + * Create a new <code>EnvelopedSignatureTransformationImpl</code>. + */ + public EnvelopedSignatureTransformationImpl() { + setAlgorithmURI(EnvelopedSignatureTransformation.ENVELOPED_SIGNATURE); + } + + /** + * Compare this object to another <code>EnvelopedSignatureTransformation</code>. + * + * @param other The object to compare this + * <code>EnvelopedSignatureTransformation</code> to. + * @return <code>true</code>, if <code>other</code> is a + * <code>EnvelopedSignatureTransformation</code>, otherwise + * <code>false</code>. + * @see java.lang.Object#equals(Object) + */ + public boolean equals(Object other) { + if (other instanceof EnvelopedSignatureTransformation) { + EnvelopedSignatureTransformation transform = + (EnvelopedSignatureTransformation) other; + return getAlgorithmURI().equals(transform.getAlgorithmURI()); + } + return false; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java new file mode 100644 index 0000000..dfadf0c --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/ExclusiveCanonicalizationImpl.java @@ -0,0 +1,100 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import java.util.List; + +import iaik.server.modules.xml.ExclusiveCanonicalization; + +/** + * An implementation of the <code>ExclusiveCanonicalization</code> type + * of <code>Transformation</code>. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ExclusiveCanonicalizationImpl + extends TransformationImpl + implements ExclusiveCanonicalization { + + /** The prefixes of the namespaces to treat according to canonical XML. */ + private List inclusiveNamespacePrefixes; + + /** + * Create a new <code>ExclusiveCanonicalizationImpl</code> object. + * + * @param algorithmURI The exclusive canonicalization algorithm URI. + * @param inclusiveNamespacePrefixes The namespace prefixes to be processed + * according to canonical XML. + */ + public ExclusiveCanonicalizationImpl( + String algorithmURI, + List inclusiveNamespacePrefixes) { + setAlgorithmURI(algorithmURI); + setInclusiveNamespacePrefixes(inclusiveNamespacePrefixes); + } + + /** + * Sets the namespace prefixes to be processed according to canonical XML. + * + * @param inclusiveNamespacePrefixes The prefixes of the namespaces to treat + * according to canonical XML. + */ + protected void setInclusiveNamespacePrefixes(List inclusiveNamespacePrefixes) { + this.inclusiveNamespacePrefixes = inclusiveNamespacePrefixes; + } + + /** + * @see iaik.server.modules.xml.ExclusiveCanonicalization#getInclusiveNamespacePrefixes() + */ + public List getInclusiveNamespacePrefixes() { + return inclusiveNamespacePrefixes; + } + + /** + * Compare this object to another <code>CanonicalizationTransform</code>. + * + * @param other The object to compare this + * <code>ExclusiveCanonicalization</code> to. + * @return <code>true</code>, if <code>other</code> is a + * <code>ExclusiveCanonicalization</code> and the algorithm URIs match, + * otherwise <code>false</code>. + * @see java.lang.Object#equals(Object) + */ + public boolean equals(Object other) { + if (other instanceof ExclusiveCanonicalization) { + ExclusiveCanonicalization eC14n = + (ExclusiveCanonicalization) other; + boolean algURIEquals = getAlgorithmURI().equals(eC14n.getAlgorithmURI()); + boolean inclNSPrefs = + (getInclusiveNamespacePrefixes() == null || getInclusiveNamespacePrefixes().isEmpty()) + ? eC14n.getInclusiveNamespacePrefixes() == null || eC14n.getInclusiveNamespacePrefixes().isEmpty() + : getInclusiveNamespacePrefixes().equals(eC14n.getInclusiveNamespacePrefixes()); + return algURIEquals && inclNSPrefs; + } + return false; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java new file mode 100644 index 0000000..9026d33 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/SigningTimeImpl.java @@ -0,0 +1,58 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import java.util.Date; + +import iaik.server.modules.xml.SigningTime; + +/** + * An implementation of the <code>SigningTime</code> <code>Property</code>. + * + * @author Patrick Peck + * @version $Id$ + */ +public class SigningTimeImpl implements SigningTime { + + /** The signing time. */ + private Date signingTime; + + /** + * Create a new <code>SigningTimeImpl</code>. + * + * @param signingTime The signing time. + */ + public SigningTimeImpl(Date signingTime) { + this.signingTime = signingTime; + } + + /** + * @see iaik.server.modules.xml.SigningTime#getSigningTime() + */ + public Date getSigningTime() { + return signingTime; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java new file mode 100644 index 0000000..1595446 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/TransformationImpl.java @@ -0,0 +1,67 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import iaik.server.modules.xml.Transformation; + +/** + * Base implementation class for <code>Transformation</code> derived classes. + * + * @author Patrick Peck + * @version $Id$ + */ +public abstract class TransformationImpl implements Transformation { + + /** The algorithm URI identifying the transformation algorithm. */ + private String algorithmURI; + + /** + * @see iaik.server.modules.xml.Transformation#getAlgorithmURI() + */ + public String getAlgorithmURI() { + return algorithmURI; + } + + /** + * Sets the algorithm URI. + * + * @param algorithmURI The algorithm URI to set. + */ + protected void setAlgorithmURI(String algorithmURI) { + this.algorithmURI = algorithmURI; + } + + /** + * Returns the hash code of the algorithm URI. Should be overridden if a + * transformation distinguishes itself from others by more than just the + * algorithm URI. + * + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return getAlgorithmURI().hashCode(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java new file mode 100644 index 0000000..e8444b9 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLDataObjectImpl.java @@ -0,0 +1,70 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import org.w3c.dom.Element; + +import iaik.server.modules.xml.XMLDataObject; + +/** + * A <code>DataObject</code> containing a single DOM element. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLDataObjectImpl + extends DataObjectImpl + implements XMLDataObject { + + /** The XML data contained in this <code>XMLDataObject</code>. */ + private Element element; + + /** + * Create a new <code>XMLDataObjectImpl</code>. + * + * @param element The DOM element contained in this + * <code>XMLDataObject</code>. + */ + public XMLDataObjectImpl(Element element) { + setElement(element); + } + + /** + * @see iaik.server.modules.xml.XMLDataObject#getElement() + */ + public Element getElement() { + return element; + } + + /** + * Set the DOM element contained in this <code>XMLDataObject</code>. + * + * @param element The DOM element to set. + */ + public void setElement(Element element) { + this.element = element; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java new file mode 100644 index 0000000..2fb9df9 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLNodeListDataObjectImpl.java @@ -0,0 +1,71 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import org.w3c.dom.NodeList; + +import iaik.server.modules.xml.XMLNodeListDataObject; + +/** + * A <code>DataObject</code> containing a list of DOM nodes. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLNodeListDataObjectImpl + extends DataObjectImpl + implements XMLNodeListDataObject { + + /** The nodes contained in this <code>XMLNodeListDataObject</code>. */ + private NodeList nodeList; + + /** + * Create a new <code>XMLNodeListDataObjectImpl</code>. + * + * @param nodeList The list of DOM nodes contained in this + * <code>XMLNodeListDataObject</code>. + */ + public XMLNodeListDataObjectImpl(NodeList nodeList) { + setNodeList(nodeList); + } + + /** + * Set the list of DOM nodes contained in this + * <code>XMLNodeListDataObject</code>. + * + * @param nodeList The list of DOM nodes to set. + */ + public void setNodeList(NodeList nodeList) { + this.nodeList = nodeList; + } + + /** + * @see iaik.server.modules.xml.XMLNodeListDataObject#getNodeList() + */ + public NodeList getNodeList() { + return nodeList; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java new file mode 100644 index 0000000..0774726 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XMLSignatureImpl.java @@ -0,0 +1,67 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import org.w3c.dom.Element; + +import iaik.server.modules.xml.XMLSignature; + +/** + * An object containing an XMLDsig signature in the form of a + * <code>dsig:Signature</code> DOM element. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLSignatureImpl implements XMLSignature { + /** The signature DOM element. */ + private Element element; + + /** + * Create a new <code>XMLSignatureImpl</code>. + * + * @param element The <code>dsig:Signature</code> DOM element. + */ + public XMLSignatureImpl(Element element) { + setElement(element); + } + + /** + * Set the <code>dsig:Signature</code> DOM element. + * + * @param element The <code>dsig:Signature</code> element to set. + */ + public void setElement(Element element) { + this.element = element; + } + + /** + * @see iaik.server.modules.xml.XMLSignature#getElement() + */ + public Element getElement() { + return element; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java new file mode 100644 index 0000000..d309302 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2FilterImpl.java @@ -0,0 +1,140 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import java.util.Map; + +import iaik.server.modules.xml.XPath2Transformation; +import iaik.server.modules.xml.XPath2Transformation.XPath2Filter; + +/** + * An object encapsulating an XPath-Filter2 expression. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XPath2FilterImpl implements XPath2Filter { + + /** The type of this filter. */ + private String filterType; + /** The XPath expression of this filter. */ + private String xPathExpression; + /** The namespace prefix to URI mapping to use for evaluating the XPath. */ + private Map namespaceDeclarations; + + /** + * Create a new <code>XPath2FilterImpl</code> object. + * + * @param filterType The type of filter. Must be one of the filter type + * constants declared in <code>iaik.server.modules.xml.XPath2Transformation.XPath2Filter</code> + * @param xPathExpression The XPath expression belonging to this filter. + * @param namespaceDeclarations The namespace declarations visible for this + * XPath2Filter. + */ + public XPath2FilterImpl( + String filterType, + String xPathExpression, + Map namespaceDeclarations) { + + setFilterType(filterType); + setXPathExpression(xPathExpression); + setNamespaceDeclarations(namespaceDeclarations); + } + + /** + * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getFilterType() + */ + public String getFilterType() { + return filterType; + } + + /** + * Set the filter type. + * + * @param filterType The filter type to set. + */ + protected void setFilterType(String filterType) { + this.filterType = filterType; + } + + /** + * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getXPathExpression() + */ + public String getXPathExpression() { + return xPathExpression; + } + + /** + * Set the XPath expression. + * + * @param xPathExpression The XPath expression to set. + */ + protected void setXPathExpression(String xPathExpression) { + this.xPathExpression = xPathExpression; + } + + /** + * @see iaik.server.modules.xml.XPath2Transformation.XPath2Filter#getNamespaceDeclarations() + */ + public Map getNamespaceDeclarations() { + return namespaceDeclarations; + } + + /** + * Set the namespace declarations. + * + * @param namespaceDeclarations The mapping between namespace prefixes and + * their associated URI. + */ + protected void setNamespaceDeclarations(Map namespaceDeclarations) { + this.namespaceDeclarations = namespaceDeclarations; + } + + /** + * Compare this object to another. + * + * @param other The object to compare this <code>XPath2Filter</code> to. + * @return <code>true</code>, if <code>other</code> is a + * <code>XPath2Filter</code> and the filter types match and the XPath + * expressions match. Otherwise <code>false</code> is returned. + * @see java.lang.Object#equals(java.lang.Object) + */ + public boolean equals(Object other) { + if (other instanceof XPath2Transformation.XPath2Filter) { + XPath2Filter filter = (XPath2Transformation.XPath2Filter) other; + return getFilterType().equals(filter.getFilterType()) + && getXPathExpression().equals(filter.getXPathExpression()); + } + return false; + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return getXPathExpression().hashCode() * 31 + getFilterType().hashCode(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java new file mode 100644 index 0000000..f483b18 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPath2TransformationImpl.java @@ -0,0 +1,106 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import iaik.server.modules.xml.XPath2Transformation; + +/** + * An object encapsulating a <code>Transformation</code> containing several + * XPath-Filter2 expressions. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XPath2TransformationImpl + extends TransformationImpl + implements XPath2Transformation { + + /** The filters contained in this <code>XPath2Transformation</code> */ + private List xPathFilters = new ArrayList(); + + /** + * Create a new <code>XPath2TransformationImpl</code>. + * + * The list of XPath-Filter2 expression is initially empty. + */ + public XPath2TransformationImpl() { + setAlgorithmURI(XPath2Transformation.XPATH2); + } + + /** + * @see iaik.server.modules.xml.XPath2Transformation#getXPathFilters() + */ + public List getXPathFilters() { + return xPathFilters; + } + + /** + * Add an XPath-Filter2 expression to the list of filters. + * + * @param filter The filter to add. + */ + public void addXPathFilter(XPath2Filter filter) { + xPathFilters.add(filter); + } + + /** + * Compare this <code>XPath2Transformation</code> to another. + * + * @param other The object to compare this + * <code>XPath2Transformation</code> to. + * @return <code>true</code>, if <code>other</code> is an + * <code>XPath2Transformation</code> and <code>getXPathFilters()</code> equals + * <code>other.getXPathFilters()</code>. Otherwise <code>false</code> is + * returned. + * @see java.lang.Object#equals(Object) + */ + public boolean equals(Object other) { + if (other instanceof XPath2Transformation) { + XPath2Transformation transform = (XPath2Transformation) other; + + return getXPathFilters().equals(transform.getXPathFilters()); + } + return false; + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + Iterator iter = getXPathFilters().iterator(); + int hashCode = 0; + + while (iter.hasNext()) { + hashCode ^= iter.next().hashCode(); + } + + return hashCode; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java new file mode 100644 index 0000000..06cc319 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XPathTransformationImpl.java @@ -0,0 +1,122 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import java.util.Map; + +import iaik.server.modules.xml.XPathTransformation; + +/** + * A <code>Transformation</code> containing an XPath expression. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XPathTransformationImpl + extends TransformationImpl + implements XPathTransformation { + + /** The XPath expression. */ + private String xPathExpression; + /** The namespace prefix to URI mapping to use for XPath evaluation. */ + private Map namespaceDeclarations; + + /** + * Create a new <code>XPathTransformationImpl</code>. + * + * The namespace declarations are initialized empty. + * + * @param xPathExpression The XPath expression this object will contain. + * @param namespaceDeclarations The namespace declarations visible for this + * XPath. + */ + public XPathTransformationImpl( + String xPathExpression, + Map namespaceDeclarations) { + + setAlgorithmURI(XPathTransformation.XPATH); + setXPathExpression(xPathExpression); + setNamespaceDeclarations(namespaceDeclarations); + } + + /** + * Set the XPath expression. + * + * @param xPathExpression The XPath expression. + */ + protected void setXPathExpression(String xPathExpression) { + this.xPathExpression = xPathExpression; + } + + /** + * @see iaik.server.modules.xml.XPathTransformation#getXPathExpression() + */ + public String getXPathExpression() { + return xPathExpression; + } + + /** + * @see iaik.server.modules.xml.XPathTransformation#getNamespaceDeclarations() + */ + public Map getNamespaceDeclarations() { + return namespaceDeclarations; + } + + /** + * Set the namespace declarations. + * + * @param namespaceDeclarations The mapping between namespace prefixes and + * their associated URI. + */ + protected void setNamespaceDeclarations(Map namespaceDeclarations) { + this.namespaceDeclarations = namespaceDeclarations; + } + + /** + * Compare this <code>XPathTransformation</code> to another. + * + * @param other The object to compare this + * <code>XPathTransformation</code> to. + * @return <code>true</code>, if <code>other</code> is an + * <code>XPathTransformation</code> and if this object contains the same XPath + * expression as <code>other</code>. Otherwise <code>false</code> is returned. + * @see java.lang.Object#equals(Object) + */ + public boolean equals(Object other) { + if (other instanceof XPathTransformation) { + XPathTransformation transform = (XPathTransformation) other; + return getXPathExpression().equals(transform.getXPathExpression()); + } + return false; + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + return getXPathExpression().hashCode(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java new file mode 100644 index 0000000..1c5d26a --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xml/XSLTTransformationImpl.java @@ -0,0 +1,217 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.spss.server.iaik.xml; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.util.Collections; + +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.TransformException; +import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.spss.util.NodeListToNodeSetDataAdapter; +import at.gv.egovernment.moa.util.NodeListAdapter; +import at.gv.egovernment.moa.util.StreamUtils; +import at.gv.egovernment.moa.util.XPathException; +import at.gv.egovernment.moa.util.XPathUtils; +import iaik.server.modules.xml.XSLTTransformation; +import iaik.xml.crypto.dsig.XMLSignatureFactory; + +/** + * A <code>Transformation</code> containing an XSLT transformation. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XSLTTransformationImpl extends TransformationImpl implements XSLTTransformation { + + /** The XSLT stylesheet. */ + private Element styleSheetElement; + /** + * The hash code of the canonicalized stylesheet. If calculated, this value + * should be != 0. + */ + private int hashCode; + + /** + * Create a new <code>XSLTTransformationImpl</code> object. + * + * @param styleSheetElement + * The XSLT stylesheet element. + */ + public XSLTTransformationImpl(Element styleSheetElement) { + setAlgorithmURI(XSLTTransformation.XSLT); + setStyleSheetElement(styleSheetElement); + } + + /** + * Set the XSLT stylesheet element. + * + * @param styleSheetElement + * The XSLT stylesheet element to set. + */ + protected void setStyleSheetElement(Element styleSheetElement) { + this.styleSheetElement = styleSheetElement; + this.hashCode = 0; + } + + /** + * @see iaik.server.modules.xml.XSLTTransformation#getStylesheetElement() + */ + public Element getStylesheetElement() { + return styleSheetElement; + } + + /** + * Compare this <code>XSLTTransformation</code> to another. + * + * @param other + * The object to compare this <code>XSLTTransformation</code> to. + * @return <code>true</code>, if <code>other</code> is an + * <code>XSLTTransformation</code> and if the canonicalized + * representations of the stylesheets contained in <code>this</code> + * and <code>other</code> match. Otherwise, <code>false</code> is + * returned. + * @see java.lang.Object#equals(Object) + */ + public boolean equals(Object other) { + if (other instanceof XSLTTransformation) { + XSLTTransformation xslt = (XSLTTransformation) other; + + return compareElements(getStylesheetElement(), xslt.getStylesheetElement()); + } + return false; + } + + /** + * @see java.lang.Object#hashCode() + */ + public int hashCode() { + if (hashCode == 0) { + hashCode = calculateHashCode(getStylesheetElement()); + } + return hashCode; + } + + /** + * Calculate the hash code for a DOM element by canonicalizing it. + * + * @param element + * The DOM element for which the hash code is to be calculated. + * @return int The hash code, or <code>0</code>, if it could not be + * calculated. + */ + private static int calculateHashCode(Element element) { + try { + InputStream is = canonicalize(element); + byte[] buf = new byte[256]; + int hashCode = 1; + int length; + int i; + + while ((length = is.read(buf)) > 0) { + for (i = 0; i < length; i++) { + hashCode += buf[i] * 31 + i; + } + } + is.close(); + return hashCode; + } catch (IOException e) { + return 0; + } catch (NoSuchAlgorithmException e) { + return 0; + } catch (InvalidAlgorithmParameterException e) { + return 0; + } catch (TransformException e) { + return 0; + } + } + + /** + * Compare two DOM elements by canonicalizing their contents and comparing + * the resulting byte stream. + * + * @param elem1 + * The 1st element to compare. + * @param elem2 + * The 2nd element to compare. + * @return boolean <code>true</code>, if the elements are considered equal + * after canonicalization. Otherwise <code>false</code> is returned. + */ + private static boolean compareElements(Element elem1, Element elem2) { + try { + InputStream is1 = canonicalize(elem1); + InputStream is2 = canonicalize(elem2); + return StreamUtils.compareStreams(is1, is2); + } catch (IOException e) { + return false; + } catch (NoSuchAlgorithmException e) { + return false; + } catch (InvalidAlgorithmParameterException e) { + return false; + } catch (TransformException e) { + return false; + } + } + + /** + * Canonicalize a DOM element. + * + * @param element The element to canonicalize. + * @return InputStream A stream with the canonicalized data. + * @throws InvalidAlgorithmParameterException + * @throws IOException + * @throws TransformException + * @throws AlgorithmException An error occurred canonicalizing the element. + */ + private static InputStream canonicalize(Element element) + throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException, TransformException { + CanonicalizationMethod canonicalizationMethod = XMLSignatureFactory.getInstance().newCanonicalizationMethod( + CanonicalizationMethod.EXCLUSIVE, new ExcC14NParameterSpec()); + + //CanonicalizationAlgorithm c14n = + // new CanonicalizationAlgorithmImplExclusiveCanonicalXML(); + NodeList nodeList; + + try { + nodeList = XPathUtils.selectNodeList(element, XPathUtils.ALL_NODES_XPATH); + } catch (XPathException e) { + nodeList = new NodeListAdapter(Collections.EMPTY_LIST); + } + //c14n.setInput(nodeList); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + canonicalizationMethod.transform(new NodeListToNodeSetDataAdapter(nodeList), null, baos); + baos.close(); + return new ByteArrayInputStream(baos.toByteArray()); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java new file mode 100644 index 0000000..310f2dd --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/DataObjectTreatmentImpl.java @@ -0,0 +1,174 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xmlsign; + +import java.util.List; + +import iaik.server.modules.xmlsign.DataObjectTreatment; + +import at.gv.egovernment.moa.spss.server.util.IdGenerator; + +/** + * An object encapsulating how to treat an associated <code>DataObject</code> + * when creating a signature. + * + * @author Patrick Peck + * @version $Id$ + */ +public class DataObjectTreatmentImpl implements DataObjectTreatment { + /** The final content MIME type. */ + private String finalContentType; + /** The name of the hash algorithm. */ + private String hashAlgorithmName; + /** This transformations to apply to the associated data object. */ + private List transformationList; + /** Supplemental information for the transformations. */ + private List transformationSupplements; + /** Whether to include the associated data object in the signature. */ + private boolean includedInSignature; + /** Whether to include the associated data object in the manifest. */ + private boolean referenceInManifest; + /** The object ID generator. */ + private IdGenerator objIdGen; + + /** + * Create a new <code>DataObjectTreatmentImpl</code>. + * + * @param objIdGen The <code>IdGenerator</code> for unique object IDs. + */ + public DataObjectTreatmentImpl(IdGenerator objIdGen) { + this.objIdGen = objIdGen; + } + + /** + * @see iaik.server.modules.xmlsign.DataObjectTreatment#getFinalContentType() + */ + public String getFinalContentType() { + return finalContentType; + } + + /** + * Sets the final content type. + * + * @param finalContentType The final content type to set (a MIME-type type of + * <code>String</code>). + */ + public void setFinalContentType(String finalContentType) { + this.finalContentType = finalContentType; + } + + /** + * @see iaik.server.modules.xmlsign.DataObjectTreatment#getHashAlgorithmName() + */ + public String getHashAlgorithmName() { + return hashAlgorithmName; + } + + /** + * Sets the hash algorithm name. + * + * @param hashAlgorithmName The hash algorithm name to set. + */ + public void setHashAlgorithmName(String hashAlgorithmName) { + this.hashAlgorithmName = hashAlgorithmName; + } + + /** + * @see iaik.server.modules.xmlsign.DataObjectTreatment#isIncludedInSignature() + */ + public boolean isIncludedInSignature() { + return includedInSignature; + } + + /** + * Sets whether the associated <code>DataObject</code> is to be included in + * the signature. + * + * @param includedInSignature If <code>true</code>, the associated + * <code>DataObject</code> will be included in the signature, otherwise not. + */ + public void setIncludedInSignature(boolean includedInSignature) { + this.includedInSignature = includedInSignature; + } + + /** + * @see iaik.server.modules.xmlsign.DataObjectTreatment#isReferenceInManifest() + */ + public boolean isReferenceInManifest() { + return referenceInManifest; + } + + /** + * Sets whether the associated <code>DataObject</code> is + * to be included in the <code>dsig:Manifest</code>. + * + * @param referenceInManifest If <code>true</code>, the associated + * <code>DataObject</code> will be included in the manifest, otherwise not. + */ + public void setReferenceInManifest(boolean referenceInManifest) { + this.referenceInManifest = referenceInManifest; + } + + /** + * @see iaik.server.modules.xmlsign.DataObjectTreatment#getTransformationList() + */ + public List getTransformationList() { + return transformationList; + } + + /** + * Set the list of transformations for the associated <code>DataObject</code>. + * + * @param transformationList The transformations to set. + */ + public void setTransformationList(List transformationList) { + this.transformationList = transformationList; + } + + /** + * @see iaik.server.modules.xmlsign.DataObjectTreatment#getTransformationSupplements() + */ + public List getTransformationSupplements() { + return transformationSupplements; + } + + /** + * Sets the transformation supplements for the associated + * <code>DataObject</code>. + * + * @param transformationSupplements The transformation supplements to set. + */ + public void setTransformationSupplements(List transformationSupplements) { + this.transformationSupplements = transformationSupplements; + } + + /** + * @see iaik.server.modules.xmlsign.DataObjectTreatment#getDsigDataObjectID() + */ + public String getDsigDataObjectID() { + return objIdGen.uniqueId(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java new file mode 100644 index 0000000..7d0c5a0 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -0,0 +1,399 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xmlsign; + +import iaik.server.modules.algorithms.SignatureAlgorithms; +import iaik.server.modules.keys.AlgorithmUnavailableException; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; +import iaik.server.modules.keys.UnknownKeyException; +import iaik.server.modules.xml.Canonicalization; +import iaik.server.modules.xmlsign.XMLSignatureCreationProfile; +import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation; + +import java.util.List; +import java.util.Set; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.server.util.IdGenerator; + +/** + * An object providing auxiliary information for creating an XML signature. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLSignatureCreationProfileImpl + implements XMLSignatureCreationProfile { + + /** The transformations to apply to a data object. */ + private List dataObjectTreatmentList; + /** The set of keys available to the signing process. */ + private Set keySet; + /** The type URI of the signature manifest. */ + private String securityLayerManifestTypeURI; + /** Whether the created signature is to be Security Layer conform. */ + private boolean securityLayerConform; + /** Where to insert the signature into the signature environment. */ + private XMLSignatureInsertionLocation signatureInsertionLocation; + /** The signature structur type. */ + private String signatureStructureType; + /** The type of <code>Canonicalization</code> to use for the signed info. */ + private Canonicalization signedInfoCanonicalization; + /** Properties to be signed during signature creation. */ + private List signedProperties; + /** The ID generator for signature IDs. */ + private IdGenerator signatureIDGenerator; + /** The ID generator for manifst IDs. */ + private IdGenerator manifestIDGenerator; + /** The ID generator for XMLDsig manifest IDs. */ + private IdGenerator dsigManifestIDGenerator; + /** The ID generator for signed property IDs. */ + private IdGenerator propertyIDGenerator; + /** The selected digest method algorithm if XAdES 1.4.2 is used */ + private String digestMethodXAdES142; + + + /** + * Create a new <code>XMLSignatureCreationProfileImpl</code>. + * + * @param createProfileCount Provides external information about the + * number of calls to the signature creation module, using the same request. + * @param reservedIDs The set of IDs that must not be used while generating + * new IDs. + */ + public XMLSignatureCreationProfileImpl( + int createProfileCount, + Set reservedIDs, + String digestMethodXAdES142) { + signatureIDGenerator = + new IdGenerator("signature-" + createProfileCount, reservedIDs); + manifestIDGenerator = + new IdGenerator("manifest-" + createProfileCount, reservedIDs); + dsigManifestIDGenerator = + new IdGenerator("dsig-manifest-" + createProfileCount, reservedIDs); + propertyIDGenerator = + new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs); + this.digestMethodXAdES142 = digestMethodXAdES142; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDataObjectTreatmentList() + */ + public List getDataObjectTreatmentList() { + return dataObjectTreatmentList; + } + + /** + * Sets the list of <code>DataObjectTreatment</code>s. + * + * @param dataObjectTreatmentList The <code>DataObjectTreatment</code>s to + * set. + */ + public void setDataObjectTreatmentList(List dataObjectTreatmentList) { + this.dataObjectTreatmentList = dataObjectTreatmentList; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getKeySet() + */ + public Set getKeySet() { + return keySet; + } + + /** + * Set the set of <code>KeyEntryID</code>s which may be used for signature + * creation. + * + * @param keySet The set of <code>KeyEntryID</code>s to set. + */ + public void setKeySet(Set keySet) { + this.keySet = keySet; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestTypeURI() + */ + public String getSecurityLayerManifestTypeURI() { + return securityLayerManifestTypeURI; + } + + /** + * Set the SecurityLayerManifestTypeURI. + * + * @param securityLayerManifestTypeURI The SecurityLayerManifestTypeURI to + * set. + */ + public void setSecurityLayerManifestTypeURI(String securityLayerManifestTypeURI) { + this.securityLayerManifestTypeURI = securityLayerManifestTypeURI; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureAlgorithmName(KeyEntryID) + */ + public String getSignatureAlgorithmName(KeyEntryID selectedKeyID) + throws AlgorithmUnavailableException { + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + TransactionId tid = new TransactionId(context.getTransactionID()); + KeyModule module = KeyModuleFactory.getInstance(tid); + Set algorithms; + + try { + algorithms = module.getSupportedSignatureAlgorithms(selectedKeyID); + } catch (UnknownKeyException e) { + throw new AlgorithmUnavailableException( + "Unknown key entry: " + selectedKeyID, + e, + null); + } + + if (digestMethodXAdES142 == null) { + // XAdES 1.4.2 not enabled - legacy MOA + if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + + return SignatureAlgorithms.SHA1_WITH_RSA; + } else if ( + algorithms.contains(SignatureAlgorithms.ECDSA)) { + return SignatureAlgorithms.ECDSA; + } else if ( + algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } + else { + // XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method + if (digestMethodXAdES142.compareTo("SHA-1") == 0) { + Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); + + if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { + return SignatureAlgorithms.SHA1_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { + return SignatureAlgorithms.ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + + } else if (digestMethodXAdES142.compareTo("SHA-256") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + return SignatureAlgorithms.SHA256_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { + return SignatureAlgorithms.SHA256_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethodXAdES142.compareTo("SHA-384") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { + return SignatureAlgorithms.SHA384_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { + return SignatureAlgorithms.SHA384_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } else if (digestMethodXAdES142.compareTo("SHA-512") == 0) { + if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { + return SignatureAlgorithms.SHA512_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { + return SignatureAlgorithms.SHA512_WITH_ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); + } + } + else { + throw new AlgorithmUnavailableException( + "No signature algorithm found for digest algorithm '" + digestMethodXAdES142, + null, + null); + } + + } + + + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureInsertionLocation() + */ + public XMLSignatureInsertionLocation getSignatureInsertionLocation() { + return signatureInsertionLocation; + } + + /** + * Set the location where the signature is to be inserted into the signature + * parent. + * + * @param signatureInsertionLocation The location to set. + */ + public void setSignatureInsertionLocation(XMLSignatureInsertionLocation signatureInsertionLocation) { + this.signatureInsertionLocation = signatureInsertionLocation; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureStructureType() + */ + public String getSignatureStructureType() { + return signatureStructureType; + } + + /** + * Set the signature structure type. + * @param signatureStructureType The signature structure type to set. + */ + public void setSignatureStructureType(String signatureStructureType) { + this.signatureStructureType = signatureStructureType; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedInfoCanonicalization() + */ + public Canonicalization getSignedInfoCanonicalization() { + return signedInfoCanonicalization; + } + + /** + * Sets the canonicalization method to use for the SignedInfo object. + * + * @param signedInfoCanonicalization The canonicalization method to set. + */ + public void setSignedInfoCanonicalization(Canonicalization signedInfoCanonicalization) { + this.signedInfoCanonicalization = signedInfoCanonicalization; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties() + */ + public List getSignedProperties() { + return signedProperties; + } + + /** + * Set the signed properties. + * + * @param signedProperties The signed properties to set. + */ + public void setSignedProperties(List signedProperties) { + this.signedProperties = signedProperties; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform() + */ + public boolean isSecurityLayerConform() { + return securityLayerConform; + } + + /** + * Sets the security layer conformity. + * + * @param securityLayerConform <code>true</code>, if the created signature + * is to be conform to the Security Layer specification. + */ + public void setSecurityLayerConform(boolean securityLayerConform) { + this.securityLayerConform = securityLayerConform; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignatureID() + */ + public String getSignatureID() { + return signatureIDGenerator.uniqueId(); + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSecurityLayerManifestID() + */ + public String getSecurityLayerManifestID() { + return manifestIDGenerator.uniqueId(); + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getDsigManifestID() + */ + public String getDsigManifestID() { + return dsigManifestIDGenerator.uniqueId(); + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedPropertiesID() + */ + public String getSignedPropertiesID() { + return propertyIDGenerator.uniqueId(); + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return false; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java new file mode 100644 index 0000000..90c1f49 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureInsertionLocationImpl.java @@ -0,0 +1,69 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xmlsign; + +import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation; + +/** + * An object giving the location of where the signature will be + * inserted into the parent element. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLSignatureInsertionLocationImpl + implements XMLSignatureInsertionLocation { + + /** Where to put the signature into the signature parent element. */ + private int signatureChildIndex; + + /** + * Create a new <code>XMLSignatureInsertLocationImpl</code>. + * + * @param signatureChildIndex The position index at which to append the + * signature to the parent element. + */ + public XMLSignatureInsertionLocationImpl(int signatureChildIndex) { + setSignatureChildIndex(signatureChildIndex); + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureInsertionLocation#getSignatureChildIndex() + */ + public int getSignatureChildIndex() { + return signatureChildIndex; + } + + /** + * Sets the position index at which to append the signature to the parent + * element. + * + * @param signatureChildIndex The position index to set. + */ + public void setSignatureChildIndex(int signatureChildIndex) { + this.signatureChildIndex = signatureChildIndex; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java new file mode 100644 index 0000000..f4c9126 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java @@ -0,0 +1,177 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.xmlverify; + +import java.util.List; + +import iaik.pki.PKIProfile; +import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; + +/** + * An object providing auxiliary information for verifying an XML signature. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLSignatureVerificationProfileImpl + implements XMLSignatureVerificationProfile { + + /** Whether to check the Security Layer manifest. */ + private boolean checkSecurityLayerManifest; + /** Whether to check the XMLDsig manifest. */ + private boolean checkXMLDsigManifests; + /** The profile for validating the signer certificate. */ + private PKIProfile certificateValidationProfile; + /** Supplements for the transformations. */ + private List transformationSupplements; + /** Whether to include hash input data in the response. */ + private boolean includeHashInputData; + /** Whether to include reference input data in the response. */ + private boolean includeReferenceInputData; + /** Whether the file URIs are permitted */ + private boolean permitFileURIs; + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest() + */ + public boolean checkSecurityLayerManifest() { + return checkSecurityLayerManifest; + } + + /** + * Set whether to check the references in the Security Layer manifest. + * + * @param checkSecurityLayerManifest <code>true</code>, if the references + * in the Security Layer manifest must be checked. + */ + public void setCheckSecurityLayerManifest(boolean checkSecurityLayerManifest) { + this.checkSecurityLayerManifest = checkSecurityLayerManifest; + } + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkXMLDsigManifests() + */ + public boolean checkXMLDsigManifests() { + return checkXMLDsigManifests; + } + + /** + * Sets whether to check the references of all XML Dsig manifests. + * + * @param checkXMLDSigManifests <code>true</code>, if the references in the + * XML Dsig manifest must be checked. + */ + public void setCheckXMLDsigManifests(boolean checkXMLDSigManifests) { + this.checkXMLDsigManifests = checkXMLDSigManifests; + } + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getCertificateValidationProfile() + */ + public PKIProfile getCertificateValidationProfile() { + return certificateValidationProfile; + } + + /** + * Sets the profile for validating the signer certificate. + * + * @param certificateValidationProfile The certificate validation profile to + * set. + */ + public void setCertificateValidationProfile(PKIProfile certificateValidationProfile) { + this.certificateValidationProfile = certificateValidationProfile; + } + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getTransformationSupplements() + */ + public List getTransformationSupplements() { + return transformationSupplements; + } + + /** + * Sets the transformation supplements. + * + * @param transformationSupplements The transformation supplements to set. + */ + public void setTransformationSupplements(List transformationSupplements) { + this.transformationSupplements = transformationSupplements; + } + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#includeHashInputData() + */ + public boolean includeHashInputData() { + return includeHashInputData; + } + + /** + * Set whether to include the hash input data in the result. + * + * @param includeHashInputData If <code>true</code>, the hash input data + * will be returned in the result. + */ + public void setIncludeHashInputData(boolean includeHashInputData) { + this.includeHashInputData = includeHashInputData; + } + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#includeReferenceInputData() + */ + public boolean includeReferenceInputData() { + return includeReferenceInputData; + } + + /** + * Set whether to include the reference input data in the result. + * + * @param includeReferenceInputData If <code>true</code>, the reference + * input data will be included in the result. + */ + public void setIncludeReferenceInputData(boolean includeReferenceInputData) { + this.includeReferenceInputData = includeReferenceInputData; + } + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return permitFileURIs; + } + + /** + * Set whether the file URIs are permitted or not + * + * @param permitFileURIs whether the file URIs are permitted or not + */ + public void setPermitFileURIs(boolean permitFileURIs) + { + this.permitFileURIs = permitFileURIs; + } + + @Override + public String getTargetLevel() { + return XMLSignatureVerificationProfile.LEVEL_B; + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ConfiguratorImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ConfiguratorImpl.java new file mode 100644 index 0000000..8ab01d6 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ConfiguratorImpl.java @@ -0,0 +1,66 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.init; + +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moa.spss.server.config.ConfigurationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; + +/** + * Default implementation of <code>Configurator</code>. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ConfiguratorImpl extends Configurator { + /** whether the configuration has been initialized */ + private boolean initialized = false; + + public void init() throws MOAException { + if (!initialized) { + SystemInitializer.init(); + initialized = true; + } + } + + public void update() throws MOAException { + if (!initialized) { + return; + } + + try { + // reconfigure the system + ConfigurationProvider config = ConfigurationProvider.reload(); + new IaikConfigurator().configure(config); + } catch (MOAException e) { + throw e; + } catch (Throwable t) { + throw new ConfigurationException("", null, t); + } + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ExternalInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ExternalInitializer.java new file mode 100644 index 0000000..692ee53 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/ExternalInitializer.java @@ -0,0 +1,7 @@ +package at.gv.egovernment.moa.spss.server.init; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +public interface ExternalInitializer { + public void initialize(ConfigurationProvider configurationProvider); +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java new file mode 100644 index 0000000..f2663cf --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -0,0 +1,253 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.init; + +import java.io.FileNotFoundException; +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.Calendar; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.Iterator; +import java.util.ServiceLoader; +import java.util.Timer; + +import org.slf4j.LoggerFactory; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; +import at.gv.egovernment.moa.spss.server.service.RevocationArchiveCleaner; +import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector; +import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import iaik.pki.store.certstore.CertStoreException; +import iaik.pki.store.truststore.TrustStoreException; +import iaik.server.ConfigurationData; +import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; +import iaik.xml.crypto.tsl.ex.TSLSearchException; + +/** + * MOA SP/SS web service initialization. + * + * @author Patrick Peck + * @version $Id$ + */ +public class SystemInitializer { + /** Interval between archive cleanups in seconds */ + private static final long ARCHIVE_CLEANUP_INTERVAL = 60 * 60; // 1h + /** The MOA SP/SS logging hierarchy. */ + private static final String LOGGING_HIERARCHY = "moa.spss.server"; + /** Whether XML schema grammars have been initialized. */ + private static boolean grammarsInitialized = false; + + private static final org.slf4j.Logger logger = LoggerFactory.getLogger(SystemInitializer.class); + + private static ServiceLoader<ExternalInitializer> initializerServices = + ServiceLoader.load(ExternalInitializer.class); + + + private static void runInitializer(ConfigurationProvider configurationProvider) { + Iterator<ExternalInitializer> initializerIterator = initializerServices.iterator(); + + while(initializerIterator.hasNext()) { + ExternalInitializer externalInitializer = initializerIterator.next(); + externalInitializer.initialize(configurationProvider); + } + } + + /** + * Initialize the MOA SP/SS webservice. + */ + public static void init() { + + logger.info("##############################################################################"); + logger.info("##############################################################################"); + logger.info("### ###"); + logger.info("### LOADING MOA-SIG ###"); + logger.info("### =============== ###"); + logger.info("### ###"); + logger.info("##############################################################################"); + logger.info("##############################################################################"); + + MessageProvider msg = MessageProvider.getInstance(); + + Thread archiveCleaner; + + // set up the MOA SPSS logging hierarchy + Logger.setHierarchy(LOGGING_HIERARCHY); + + // set up a logging context for logging the startup + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + +// AxisProperties.setProperty("enableNamespacePrefixOptimization","false"); +// AxisProperties.setProperty("disablePrettyXML", "true"); +// AxisProperties.setProperty("axis.doAutoTypes", "true"); + + // initialize preparsed Xerces grammar pool for faster XML + // parsing/validating + try { + if (!grammarsInitialized) { + Class clazz = SystemInitializer.class; + // preparse XML schema + DOMUtils.addSchemaToPool( + clazz.getResourceAsStream(Constants.XML_SCHEMA_LOCATION), + Constants.XML_NS_URI); + // preparse XMLDsig Filter2 schema + DOMUtils.addSchemaToPool( + clazz.getResourceAsStream(Constants.DSIG_FILTER2_SCHEMA_LOCATION), + Constants.DSIG_FILTER2_NS_URI); + // preparse XMLDsig schema + DOMUtils.addSchemaToPool( + clazz.getResourceAsStream(Constants.DSIG_SCHEMA_LOCATION), + Constants.DSIG_NS_URI); + // preparse MOA schema + DOMUtils.addSchemaToPool( + clazz.getResourceAsStream(Constants.MOA_SCHEMA_LOCATION), + Constants.MOA_NS_URI); + grammarsInitialized = true; + } + } catch (IOException e) { + Logger.warn(new LogMsg(msg.getMessage("init.04", null)), e); + } + + // initialize configuration + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + Logger.info("Building ConfigurationData"); + ConfigurationData configData = new IaikConfigurator().configure(config); + + //initialize TSL module + TSLConfiguration tslconfig = config.getTSLConfiguration(); + + TSLConnector tslconnector = new TSLConnector(); + if (tslconfig != null) { + //Logger.info(new LogMsg(msg.getMessage("init.01", null))); + Logger.info(new LogMsg(msg.getMessage("config.41", null))); + tslconnector.initialize(tslconfig.getEuTSLUrl(), tslconfig.getWorkingDirectory(), null, null); + + } + + //start TSL Update + TSLUpdaterTimerTask.tslconnector_ = tslconnector; + TSLUpdaterTimerTask.configData_ = configData; + TSLUpdaterTimerTask.update(); + + //initialize TSL Update Task + initTSLUpdateTask(tslconfig); + + runInitializer(config); + + Logger.info(new LogMsg(msg.getMessage("init.01", null))); + } catch (MOAException e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } + catch (TSLEngineDiedException e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } + catch (TSLSearchException e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } + catch (CertStoreException e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } catch (TrustStoreException e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } catch (FileNotFoundException e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } catch (IOException e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } catch (CertificateException e) { + Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); + } + + + + // CHANGE IXSIL to XSECT + // set IXSIL debug output + //IXSILInit.setPrintDebugLog( + // Logger.isDebugEnabled(IaikLog.IAIK_LOG_HIERARCHY)); + //Logger.info("Registering XSECT"); + //XSecProvider.addAsProvider(true); + + // start the archive cleanup thread + archiveCleaner = + new Thread(new RevocationArchiveCleaner(ARCHIVE_CLEANUP_INTERVAL)); + archiveCleaner.setName("RevocationArchiveCleaner"); + archiveCleaner.setDaemon(true); + archiveCleaner.setPriority(Thread.MIN_PRIORITY); + archiveCleaner.start(); + + // unset the startup logging context + LoggingContextManager.getInstance().setLoggingContext(null); + logger.info("=============================================================================="); + logger.info("=== CONFIGURATION DONE ==="); + logger.info("=============================================================================="); + } + + private static void initTSLUpdateTask(TSLConfiguration tslconfig) { + MessageProvider msg = MessageProvider.getInstance(); + if (tslconfig != null) { + // get start time and period from config + long period = tslconfig.getUpdateSchedulePeriod(); + Date startConfig = tslconfig.getUpdateScheduleStartTime(); + + // get hh:mm:ss from config date + Calendar calendar = GregorianCalendar.getInstance(); // creates a new calendar instance + calendar.setTime(startConfig); // assigns calendar to given date + int hour = calendar.get(Calendar.HOUR_OF_DAY); + int min = calendar.get(Calendar.MINUTE); + int sec = calendar.get(Calendar.SECOND); + + // create date with today and time from config + Calendar cal = Calendar.getInstance(); + Date now = cal.getTime(); + cal.set(Calendar.HOUR_OF_DAY, hour); + cal.set(Calendar.MINUTE, min); + cal.set(Calendar.SECOND, sec); + + // proposed start time + Date start = cal.getTime(); + + // if start time has already passed today - add one day (86400000 milliseconds = 1 day) + if (start.before(now)) + start = new Date(start.getTime() + 86400000); + + Logger.debug(new LogMsg(msg.getMessage("config.46", new String[]{start.toString(), "" + period}))); + + // start TSL updater task + Timer timer = new Timer(); + timer.schedule(new TSLUpdaterTimerTask(), start, period); + } + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java new file mode 100644 index 0000000..718673a --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -0,0 +1,437 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.server.modules.algorithms.HashAlgorithms; +import iaik.server.modules.cmssign.CMSSignature; +import iaik.server.modules.cmssign.CMSSignatureCreationException; +import iaik.server.modules.cmssign.CMSSignatureCreationModule; +import iaik.server.modules.cmssign.CMSSignatureCreationModuleFactory; +import iaik.server.modules.cmssign.CMSSignatureCreationProfile; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.math.BigDecimal; +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.cmssign.SingleSignatureInfo; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; +import at.gv.egovernment.moa.spss.api.common.MetaInfo; +import at.gv.egovernment.moa.spss.api.impl.CreateCMSSignatureResponseImpl; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry; +import at.gv.egovernment.moa.spss.server.iaik.cmssign.CMSSignatureCreationProfileImpl; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.util.Constants; + +/** + * A class providing an API based interface to the + * <code>CMSSignatureCreationModule</code>. + * + * This class performs the invocation of the + * <code>iaik.server.modules.cmssign.CMSSignatureCreationModule</code> from a + * <code>CreateCMSSignatureRequest</code> given as an API object. The result of + * the invocation is integrated into a <code>CreateCMSSignatureResponse</code> + * and returned. + * + * @version $Id$ + */ +public class CMSSignatureCreationInvoker { + + private static Map HASH_ALGORITHM_MAPPING; + + static { + HASH_ALGORITHM_MAPPING = new HashMap(); + HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1); + HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256); + HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384); + HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512); + } + + + /** The single instance of this class. */ + private static CMSSignatureCreationInvoker instance = null; + + /** + * Get the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureCreationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureCreationInvoker(); + } + return instance; + } + + /** + * Create a new <code>CMSSignatureCreationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureCreationInvoker() { + } + + + + /** + * Process the <code>CreateCMSSignatureRequest<code> message and invoke the + * <code>XMLSignatureCreationModule</code> for every + * <code>SingleSignatureInfo</code> contained in the request. + * + * @param request A <code>CreateCMSSignatureRequest<code> API object + * containing the information for creating the signature(s). + * @param reserved A <code>Set</code> of reserved object IDs. + * + * @return A <code>CreateCMSSignatureResponse</code> API object containing + * the created signature(s). The response contains either a + * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code> + * for each <code>SingleSignatureInfo</code> in the request. + * @throws MOAException An error occurred during signature creation. + */ + public CreateCMSSignatureResponse createCMSSignature( + CreateCMSSignatureRequest request, + Set reserved) + throws MOAException { + + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + //LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); + + CreateCMSSignatureResponseBuilder responseBuilder = new CreateCMSSignatureResponseBuilder(); + CreateCMSSignatureResponse response = new CreateCMSSignatureResponseImpl(); + + boolean isSecurityLayerConform = false; + String structure = null; + String mimetype = null; + + // select the SingleSignatureInfo elements + Iterator singleSignatureInfoIter = request.getSingleSignatureInfos().iterator(); + + // iterate over all the SingleSignatureInfo elements in the request + while (singleSignatureInfoIter.hasNext()) { + SingleSignatureInfo singleSignatureInfo = (SingleSignatureInfo) singleSignatureInfoIter.next(); + isSecurityLayerConform = singleSignatureInfo.isSecurityLayerConform(); + + + DataObjectInfo dataObjectInfo = singleSignatureInfo.getDataObjectInfo(); + structure = dataObjectInfo.getStructure(); + + CMSDataObject dataobject = dataObjectInfo.getDataObject(); + MetaInfo metainfo = dataobject.getMetaInfo(); + mimetype = metainfo.getMimeType(); + + CMSContent content = dataobject.getContent(); + InputStream contentIs = null; + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT : + contentIs = ((CMSContentExcplicit) content).getBinaryContent(); + break; + case CMSContent.REFERENCE_CONTENT : + String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + ExternalURIResolver resolver = new ExternalURIResolver(); + contentIs = resolver.resolve(reference); + } else { + throw new MOAApplicationException("2301", null); + } + break; + default : { + throw new MOAApplicationException("2301", null); + } + } + + // create CMSSignatureCreationModuleFactory + CMSSignatureCreationModule module = CMSSignatureCreationModuleFactory.getInstance(); + + List signedProperties = null; + boolean includeData = true; + if (structure.compareTo("enveloping") == 0) + includeData = true; + if (structure.compareTo("detached") == 0) + includeData = false; + + ConfigurationProvider config = context.getConfiguration(); + + // get the key group id + String keyGroupID = request.getKeyIdentifier(); + // set the key set + Set keySet = buildKeySet(keyGroupID); + if (keySet == null) { + throw new MOAApplicationException("2231", null); + } else if (keySet.size() == 0) { + throw new MOAApplicationException("2232", null); + } + + // get digest algorithm + String digestAlgorithm = getDigestAlgorithm(config, keyGroupID); + + // create CMSSignatureCreation profile: + CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl( + keySet, + digestAlgorithm, + signedProperties, + isSecurityLayerConform, + includeData, + mimetype); + + // create CMSSignature from the CMSSignatureCreationModule + // build the additionalSignedProperties + List additionalSignedProperties = buildAdditionalSignedProperties(); + TransactionId tid = new TransactionId(context.getTransactionID()); + try { + CMSSignature signature = module.createSignature(profile, additionalSignedProperties, tid); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + // get CMS SignedData output stream from the CMSSignature and wrap it around out + boolean base64 = true; + OutputStream signedDataStream = signature.getSignature(out, base64); + + // now write the data to be signed to the signedDataStream + + int byteRead; + BigDecimal counter = new BigDecimal("0"); + BigDecimal one = new BigDecimal("1"); + + while ((byteRead=contentIs.read()) >= 0) { + //System.out.println("counterXX: " + counter); + + if (inRange(counter, dataobject)) { + //System.out.println("Lösche..."); + // set byte to 0x00 + signedDataStream.write(0); + } + else + signedDataStream.write(byteRead); + + counter = counter.add(one); + } + + +// byte[] buf = new byte[4096]; +// int bytesRead; +// while ((bytesRead = contentIs.read(buf)) >= 0) { +// signedDataStream.write(buf, 0, bytesRead); +// } +// + // finish SignedData processing by closing signedDataStream + signedDataStream.close(); + String base64value = out.toString(); + + responseBuilder.addCMSSignature(base64value); + + + } catch (CMSSignatureCreationException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + + responseBuilder.addError( + moaException.getMessageId(), + moaException.getMessage()); + Logger.warn(moaException.getMessage(), e); + + } + catch (IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + + return responseBuilder.getResponse(); + } + + private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ( (from == null) || (to == null)) + return false; + + int compare = counter.compareTo(from); + if (compare == -1) + return false; + else { + compare = counter.compareTo(to); + if (compare == 1) + return false; + else + return true; + } + + + + } + + + private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException { + // get digest method on key group level (if configured) + String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm(); + // get default digest method (if configured) + String configDigestMethod = config.getDigestMethodAlgorithmName(); + + + String digestMethod = null; + if (configDigestMethodKG != null) { + // if KG specific digest method is configured + digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG); + if (digestMethod == null) { + error( + "config.17", + new Object[] { configDigestMethodKG}); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethod + "(configured in KeyGroup)"); + } + else { + // else get default configured digest method + digestMethod = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod); + if (digestMethod == null) { + error( + "config.17", + new Object[] { configDigestMethod}); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethod + "(default)"); + + } + return digestMethod; + } + + /** + * Utility function to issue an error message to the log. + * + * @param messageId The ID of the message to log. + * @param parameters Additional message parameters. + */ + private static void error(String messageId, Object[] parameters) { + MessageProvider msg = MessageProvider.getInstance(); + + Logger.error(new LogMsg(msg.getMessage(messageId, parameters))); + } + + /** + * Build the set of <code>KeyEntryID</code>s available to the given + * <code>keyGroupID</code>. + * + * @param keyGroupID The keygroup ID for which the available keys should be + * returned. + * @return The <code>Set</code> of <code>KeyEntryID</code>s + * identifying the available keys. + */ + private Set buildKeySet(String keyGroupID) { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + Set keyGroupEntries; + + // get the KeyGroup entries from the configuration + if (context.getClientCertificate() != null) { + X509Certificate cert = context.getClientCertificate()[0]; + Principal issuer = cert.getIssuerDN(); + BigInteger serialNumber = cert.getSerialNumber(); + + keyGroupEntries = + config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); + } else { + keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); + } + + // map the KeyGroup entries to a set of KeyEntryIDs + if (keyGroupEntries == null) { + return null; + } else if (keyGroupEntries.size() == 0) { + return Collections.EMPTY_SET; + } else { + KeyModule module = + KeyModuleFactory.getInstance( + new TransactionId(context.getTransactionID())); + Set keyEntryIDs = module.getPrivateKeyEntryIDs(); + Set keySet = new HashSet(); + Iterator iter; + + // filter out the keys that do not exist in the IAIK configuration + // by walking through the key entries and checking if the exist in the + // keyGroupEntries + for (iter = keyEntryIDs.iterator(); iter.hasNext();) { + KeyEntryID entryID = (KeyEntryID) iter.next(); + KeyGroupEntry entry = + new KeyGroupEntry( + entryID.getModuleID(), + entryID.getCertificateIssuer(), + entryID.getCertificateSerialNumber()); + if (keyGroupEntries.contains(entry)) { + keySet.add(entryID); + } + } + return keySet; + } + } + + /** + * Build the list of additional signed properties. + * + * Based on the generic configuration setting + * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a + * constant <code>SigningTime</code> will be added to the properties. + * + * @return The <code>List</code> of additional signed properties. + */ + private List buildAdditionalSignedProperties() { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + List additionalSignedProperties = Collections.EMPTY_LIST; + + return additionalSignedProperties; + } + +}
\ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java new file mode 100644 index 0000000..aca6f58 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -0,0 +1,371 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.server.modules.IAIKException; +import iaik.server.modules.IAIKRuntimeException; +import iaik.server.modules.cmsverify.CMSSignatureVerificationModule; +import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; +import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; +import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.x509.X509Certificate; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.math.BigDecimal; +import java.util.Date; +import java.util.Iterator; +import java.util.List; + +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentExcplicit; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; +import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; +import at.gv.egovernment.moa.spss.server.logging.IaikLog; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.CertificateUtils; +import at.gv.egovernment.moa.spss.util.QCSSCDResult; + +/** + * A class providing an interface to the + * <code>CMSSignatureVerificationModule</code>. + * + * This class performs the invocation of the + * <code>iaik.server.modules.cmsverify.CMSSignatureVerificationModule</code> + * from a <code>VerifyCMSSignatureRequest</code>. The result of the invocation + * is integrated into a <code>VerifyCMSSignatureResponse</code> returned. + * + * @author Patrick Peck + * @version $Id$ + */ +public class CMSSignatureVerificationInvoker { + + /** The single instance of this class. */ + private static CMSSignatureVerificationInvoker instance = null; + + /** + * Return the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized CMSSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new CMSSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new <code>CMSSignatureVerificationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected CMSSignatureVerificationInvoker() { + } + + /** + * Verify a CMS signature. + * + * @param request The <code>VerifyCMSSignatureRequest</code> containing the + * CMS signature, as well as additional data needed for verification. + * @return Element A <code>VerifyCMSSignatureResponse</code> containing the + * answer to the <code>VerifyCMSSignatureRequest</code>. + * @throws MOAException An error occurred while processing the request. + */ + public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) + throws MOAException { + + CMSSignatureVerificationProfileFactory profileFactory = + new CMSSignatureVerificationProfileFactory(request); + VerifyCMSSignatureResponseBuilder responseBuilder = + new VerifyCMSSignatureResponseBuilder(); + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + LoggingContext loggingCtx = + LoggingContextManager.getInstance().getLoggingContext(); + InputStream signature; + InputStream signedContent = null; + CMSSignatureVerificationProfile profile; + Date signingTime; + List results; + CMSSignatureVerificationResult result; + int[] signatories; + InputStream input; + byte[] buf = new byte[256]; + + // get the signature + signature = request.getCMSSignature(); + + // get the actual trustprofile + TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + + try { + // get the signed content + signedContent = getSignedContent(request); + + // build the profile + profile = profileFactory.createProfile(); + + // get the signing time + signingTime = request.getDateTime(); + + // verify the signature + CMSSignatureVerificationModule module = + CMSSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + module.init( + signature, + signedContent, + profile, + new TransactionId(context.getTransactionID())); + input = module.getInputStream(); + + while (input.read(buf) > 0); + results = module.verifySignature(signingTime); + + + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IOException e) { + throw new MOAApplicationException("2244", null, e); + } catch (MOAException e) + { + throw e; + } + finally + { + try + { + if (signedContent != null) signedContent.close(); + } + catch (Throwable t) + { + // Intentionally do nothing here + } + } + + QCSSCDResult qcsscdresult = new QCSSCDResult(); + + // build the response: for each signatory add the result to the response + signatories = request.getSignatories(); + if (signatories == VerifyCMSSignatureRequest.ALL_SIGNATORIES) { + Iterator resultIter; + + for (resultIter = results.iterator(); resultIter.hasNext();) { + result = (CMSSignatureVerificationResult) resultIter.next(); + String issuerCountryCode = null; + // QC/SSCD check + List list = result.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); + + } + + responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode); + } + } else { + int i; + + for (i = 0; i < signatories.length; i++) { + int sigIndex = signatories[i] - 1; + + try { + result = + (CMSSignatureVerificationResult) results.get(signatories[i] - 1); + + String issuerCountryCode = null; + // QC/SSCD check + List list = result.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int j = 0; + while(it.hasNext()) { + chain[j] = (X509Certificate)it.next(); + j++; + } + + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, trustProfile.isTSLEnabled()); + + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); + } + + responseBuilder.addResult(result, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode); + } catch (IndexOutOfBoundsException e) { + throw new MOAApplicationException( + "2249", + new Object[] { new Integer(sigIndex)}); + } + } + } + + return responseBuilder.getResponse(); + } + + + /** + * Get the signed content contained either in the request itself or given as a + * reference to external data. + * + * @param request The <code>VerifyCMSSignatureRequest</code> containing the + * signed content (or the reference to the signed content). + * @return InputStream A stream providing the signed content data, or + * <code>null</code> if no signed content was provided with the request. + * @throws MOAApplicationException An error occurred building the stream. + */ + private InputStream getSignedContent(VerifyCMSSignatureRequest request) + throws MOAApplicationException { + + InputStream is = null; + CMSDataObject dataObj; + CMSContent content; + + // select the Content element + dataObj = request.getDataObject(); + if (dataObj == null) { + return null; + } + content = dataObj.getContent(); + + // build the content data + switch (content.getContentType()) { + case CMSContent.EXPLICIT_CONTENT : + is = ((CMSContentExcplicit) content).getBinaryContent(); + is = excludeByteRange(is, request); + return is; + case CMSContent.REFERENCE_CONTENT : + String reference = ((CMSContentReference) content).getReference(); + if (!"".equals(reference)) { + ExternalURIResolver resolver = new ExternalURIResolver(); + is = resolver.resolve(reference); + is = excludeByteRange(is, request); + return is; + } else { + return null; + } + default : + return null; + } + + + + } + + private InputStream excludeByteRange(InputStream contentIs, VerifyCMSSignatureRequest request) throws MOAApplicationException { + + int byteRead; + + ByteArrayOutputStream contentOs = new ByteArrayOutputStream(); + + CMSDataObject dataobject = request.getDataObject(); + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ( (from == null) || (to == null)) + return contentIs; + + BigDecimal counter = new BigDecimal("0"); + BigDecimal one = new BigDecimal("1"); + + try { + while ((byteRead=contentIs.read()) >= 0) { + + if (inRange(counter, dataobject)) { + // if byte is in byte range, set byte to 0x00 + contentOs.write(0); + } + else + contentOs.write(byteRead); + + counter = counter.add(one); + } + + InputStream is = new ByteArrayInputStream(contentOs.toByteArray()); + + return is; + + + } catch (IOException e) { + throw new MOAApplicationException("2301", null, e); + } + + } + + + private boolean inRange(BigDecimal counter, CMSDataObject dataobject) { + BigDecimal from = dataobject.getExcludeByteRangeFrom(); + BigDecimal to = dataobject.getExcludeByteRangeTo(); + + if ( (from == null) || (to == null)) + return false; + + int compare = counter.compareTo(from); + if (compare == -1) + return false; + else { + compare = counter.compareTo(to); + if (compare == 1) + return false; + else + return true; + } + + + + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java new file mode 100644 index 0000000..5f459ac --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationProfileFactory.java @@ -0,0 +1,85 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; + +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.cmsverify.CMSSignatureVerificationProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; + +/** + * A factory to create a <code>CMSSignatureVerificationProfile</code> from a + * <code>VerifyCMSSignatureRequest</code> and the current MOA configuration + * data. + * + * @author Patrick Peck + * @version $Id$ + */ +public class CMSSignatureVerificationProfileFactory { + + /** The <code>VerifyCMSSignatureRequest</code> to draw profile data from. */ + private VerifyCMSSignatureRequest request; + + /** + * Create a new <code>CMSSignatureVerificationProfileFactory</code>. + * + * @param request The <code>VerifyCMSSignatureRequest</code> to draw profile + * data from. + */ + public CMSSignatureVerificationProfileFactory(VerifyCMSSignatureRequest request) { + this.request = request; + } + + /** + * Create a <code>CMSSignatureVerificationProfile</code> from the given + * request and the current MOA configuration. + * + * @return The <code>CMSSignatureVerificationProfile</code> for the + * <code>request</code>, based on the current configuration. + * @throws MOAException An error occurred creating the profile. + */ + public CMSSignatureVerificationProfile createProfile() + throws MOAException { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + CMSSignatureVerificationProfileImpl profile = + new CMSSignatureVerificationProfileImpl(); + String trustProfileID; + + // set the certificate validation profile + trustProfileID = request.getTrustProfileId(); + profile.setCertificateValidationProfile( + new PKIProfileImpl(config, trustProfileID)); + + return profile; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java new file mode 100644 index 0000000..aa52fe0 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java @@ -0,0 +1,93 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.cmssign.CMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmssign.CreateCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; + +/** + * A class to build a <code>CreateCMSSignatureResponse</code>. + * + * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be + * called in any combination to add <code>CMSignature</code> and + * <code>ErrorResponse</code> elements to the response. One of these functions + * must be called at least once to produce a + * <code>CreateCMSSignatureResponse</code>.</p> + * + * <p>The <code>getResponseElement()</code> method then returns the + * <code>CreateXMLSignatureResponse</code> built so far.</p> + * + * @author Patrick Peck + * @version $Id$ + */ +public class CreateCMSSignatureResponseBuilder { + + /** The <code>SPSSFactory</code> for creating API objects. */ + private SPSSFactory factory = SPSSFactory.getInstance(); + /** The elements to add to the response. */ + private List responseElements = new ArrayList(); + + /** + * Get the <code>CreateCMSSignatureResponse</code> built so far. + * + * @return The <code>CreateCMSSignatureResponse</code> built so far. + */ + public CreateCMSSignatureResponse getResponse() { + return factory.createCreateCMSSignatureResponse(responseElements); + } + + /** + * Add a <code>SignatureEnvironment</code> element to the response. + * + * @param signatureEnvironment The content to put under the + * <code>SignatureEnvironment</code> element. This should either be a + * <code>dsig:Signature</code> element (in case of a detached signature) or + * the signature environment containing the signature (in case of + * an enveloping signature). + */ + public void addCMSSignature(String base64value) { + CMSSignatureResponse responseElement = + factory.createCMSSignatureResponse(base64value); + responseElements.add(responseElement); + } + + /** + * Add a <code>ErrorResponse</code> element to the response. + * + * @param errorCode The error code. + * @param info Additional information about the error. + */ + public void addError(String errorCode, String info) { + ErrorResponse errorResponse = + factory.createErrorResponse(Integer.parseInt(errorCode), info); + responseElements.add(errorResponse); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java new file mode 100644 index 0000000..7a7161d --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateXMLSignatureResponseBuilder.java @@ -0,0 +1,95 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.util.ArrayList; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse; +import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse; + +/** + * A class to build a <code>CreateXMLSignatureResponse</code>. + * + * <p>The methods <code>addSignature()</code> and <code>addError()</code> may be + * called in any combination to add <code>SignatureEnvironment</code> and + * <code>ErrorResponse</code> elements to the response. One of these functions + * must be called at least once to produce a + * <code>CreateXMLSignatureResponse</code>.</p> + * + * <p>The <code>getResponseElement()</code> method then returns the + * <code>CreateXMLSignatureResponse</code> built so far.</p> + * + * @author Patrick Peck + * @version $Id$ + */ +public class CreateXMLSignatureResponseBuilder { + + /** The <code>SPSSFactory</code> for creating API objects. */ + private SPSSFactory factory = SPSSFactory.getInstance(); + /** The elements to add to the response. */ + private List responseElements = new ArrayList(); + + /** + * Get the <code>CreateXMLSignatureResponse</code> built so far. + * + * @return The <code>CreateXMLSignatureResponse</code> built so far. + */ + public CreateXMLSignatureResponse getResponse() { + return factory.createCreateXMLSignatureResponse(responseElements); + } + + /** + * Add a <code>SignatureEnvironment</code> element to the response. + * + * @param signatureEnvironment The content to put under the + * <code>SignatureEnvironment</code> element. This should either be a + * <code>dsig:Signature</code> element (in case of a detached signature) or + * the signature environment containing the signature (in case of + * an enveloping signature). + */ + public void addSignatureEnvironment(Element signatureEnvironment) { + SignatureEnvironmentResponse responseElement = + factory.createSignatureEnvironmentResponse(signatureEnvironment); + responseElements.add(responseElement); + } + + /** + * Add a <code>ErrorResponse</code> element to the response. + * + * @param errorCode The error code. + * @param info Additional information about the error. + */ + public void addError(String errorCode, String info) { + ErrorResponse errorResponse = + factory.createErrorResponse(Integer.parseInt(errorCode), info); + responseElements.add(errorResponse); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java new file mode 100644 index 0000000..d775fdb --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java @@ -0,0 +1,1039 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import javax.xml.crypto.Data; +import javax.xml.crypto.NodeSetData; +import javax.xml.crypto.OctetStreamData; +import javax.xml.crypto.URIReference; +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.xerces.dom.CoreDocumentImpl; +import org.w3c.dom.Attr; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.EntityResolver; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.ContentBinary; +import at.gv.egovernment.moa.spss.api.common.ContentLocRef; +import at.gv.egovernment.moa.spss.api.common.ContentXML; +import at.gv.egovernment.moa.spss.api.common.MetaInfo; +import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; +import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter; +import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterBinary; +import at.gv.egovernment.moa.spss.server.iaik.xml.ByteArrayDataObjectImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.ByteStreamDataObjectImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.DataObjectImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.XMLDataObjectImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.XMLNodeListDataObjectImpl; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.MOASPSSEntityResolver; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.EntityResolverChain; +import at.gv.egovernment.moa.util.MOAErrorHandler; +import at.gv.egovernment.moa.util.StreamEntityResolver; +import at.gv.egovernment.moa.util.StreamUtils; +import at.gv.egovernment.moa.util.XPathUtils; +import iaik.server.modules.xml.DataObject; +import iaik.server.modules.xml.NodeListImplementation; +import iaik.server.modules.xml.URIReferenceImpl; +import iaik.server.modules.xml.XMLDataObject; +import iaik.xml.crypto.utils.URIDereferencerImpl; + +/** + * A class to create <code>DataObject</code>s contained in different + * locations of the MOA XML request format. + * + * @author Patrick Peck + * @author Gregor Karlinger + * @version $Id$ + */ +public class DataObjectFactory { + + /** + * XPATH for registering ID attributes of known schemas if + * validating parsing fails. + */ + private static final String XPATH = + "descendant-or-self::node()[" + + "namespace-uri()='http://www.w3.org/2000/09/xmldsig#' " + + "or namespace-uri()='http://reference.e-government.gv.at/namespace/persondata/20020228#' " + + "or starts-with(namespace-uri(), 'http://uri.etsi.org/01903/')" + + "]/attribute::Id"; + + /** The single instance of this class. */ + private static DataObjectFactory instance = null; + + /** + * Return the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized DataObjectFactory getInstance() { + if (instance == null) { + instance = new DataObjectFactory(); + } + return instance; + } + + /** + * Create a new <code>DataObjectFactory</code>. + * + * Protected to disallow multiple instances. + */ + protected DataObjectFactory() { + } + + /** + * Return the signature environment, i.e., the root element of the + * document, into which the signature will be inserted (if created) or which + * contains the signature (if verified). + * + * @param content The <code>Content</code> object containing the signature + * environment. + * @param supplements Additional schema or DTD information. + * @return The signature environment or <code>null</code>, if no + * signature environment exists. + * @throws MOASystemException A system error occurred building the signature + * environment (see message for details). + * @throws MOAApplicationException An error occurred building the signature + * environment (see message for details). + */ + public XMLDataObject createSignatureEnvironment( + Content content, + List supplements) + throws MOASystemException, MOAApplicationException { + + String reference = content.getReference(); + EntityResolver entityResolver; + byte[] contentBytes; + + // check for content and reference not being set at the same time + checkAllowContentAndReference(content, false); + + // build the EntityResolver for validating parsing + if ((supplements == null) || supplements.isEmpty()) { + entityResolver = new MOASPSSEntityResolver(); + } else { + EntityResolverChain chain = new EntityResolverChain(); + + chain.addEntityResolver(buildSupplementEntityResolver(supplements)); + chain.addEntityResolver(new MOASPSSEntityResolver()); + entityResolver = chain; + } + + // convert the content into a byte array + try { + switch (content.getContentType()) { + case Content.BINARY_CONTENT : + { + InputStream is = ((ContentBinary) content).getBinaryContent(); + contentBytes = StreamUtils.readStream(is); + break; + } + case Content.LOCREF_CONTENT: + { + String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); + InputStream is = null; + try + { + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + is = context.ResolveURI(locRefURI); + if (is == null) { + ExternalURIResolver uriResolver = new ExternalURIResolver(); + is = uriResolver.resolve(locRefURI); + } + contentBytes = StreamUtils.readStream(is); + } + catch (MOAApplicationException e) + { + throw new MOAApplicationException("3203", new Object[]{reference, locRefURI}, e); + } + finally + { + closeInputStream(is); + } + break; + } + case Content.REFERENCE_CONTENT : + { + ExternalURIResolver uriResolver = new ExternalURIResolver(); + InputStream is = null; + try + { + is = uriResolver.resolve(reference); + contentBytes = StreamUtils.readStream(is); + } + catch (Exception e) + { + throw e; + } + finally + { + closeInputStream(is); + } + break; + } + case Content.XML_CONTENT : + { + Element element = + checkForSingleElement(((ContentXML) content).getXMLContent()); + contentBytes = DOMUtils.serializeNode(element, "UTF-8"); + + break; + } + default : { + contentBytes = null; // this will not happen + } + } + } catch (MOAApplicationException e) { + throw e; + } catch (Exception e) { + throw new MOAApplicationException("2219", null); + } + + if (Logger.isTraceEnabled()) { + // For logging in Debug-Mode: Mask baseid with xxx + String logString = new String(contentBytes); + // TODO use RegExp + String startS = "<pr:Identification><pr:Value>"; + String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>"; + String logWithMaskedBaseid = logString; + int start = logString.indexOf(startS); + if (start > -1) { + int end = logString.indexOf(endS); + if (end > -1) { + logWithMaskedBaseid = logString.substring(0, start); + logWithMaskedBaseid += startS; + logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; + logWithMaskedBaseid += logString.substring(end, logString.length()); + } + } + + // try to parse validating + Logger.trace(">>> parsing the following content: \n" + logWithMaskedBaseid); + } + try { + ByteArrayInputStream is = new ByteArrayInputStream(contentBytes); + Document doc = + DOMUtils.parseDocument( + is, + true, + Constants.ALL_SCHEMA_LOCATIONS, + null, + entityResolver, + new MOAErrorHandler()); + Logger.trace("<<< parsed"); + + return new XMLDataObjectImpl(doc.getDocumentElement()); + } catch (Exception e) { + // never mind, we'll try non-validating + MessageProvider msg = MessageProvider.getInstance(); + Logger.info(new LogMsg(msg.getMessage("invoker.00", null))); + } + + // try to parse non-validating + try { + ByteArrayInputStream is = new ByteArrayInputStream(contentBytes); + Document doc = DOMUtils.parseDocument(is, false, null, null); + // Since the parse tree will not contain any post schema validation information, + // we need to register any attributes known to be of type xsd:Id manually. + NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH); + for (int i = 0; i < idAttributes.getLength(); i++) { + Node item = idAttributes.item(i); + if (item instanceof Attr) { + Attr attr = (Attr) item; + Element owner = attr.getOwnerElement(); + // Only available in DOM-Level 3 (Java 1.5): + // owner.setIdAttributeNode(attr, true); + if (doc instanceof CoreDocumentImpl) { + ((CoreDocumentImpl) doc).putIdentifier(attr.getValue(), owner); + } + } + } + return new XMLDataObjectImpl(doc.getDocumentElement()); + } catch (Exception e) { + throw new MOAApplicationException("2218", null); + } + } + + /** + * Create an <code>XMLDataObject</code> from the given signature environment. + * + * @param signatureEnvironment The signature environment contained in the + * result. + * @param uri The URI identifying the data. This must be either the empty + * URI, an URI starting with <code>"#xpointer"</code>, <code>"#xmlns"</code> + * or <code>"#element"</code>; or an URI starting with <code>"#"</code> and + * followed by an element ID. + * @param referenceID The reference ID to set for the data object. + * @return A data object containing the signature environment. + */ + public DataObject createFromSignatureEnvironment( + Element signatureEnvironment, + String uri, + String referenceID) + throws MOAApplicationException { + + DataObjectImpl dataObject = null; + + if ("".equals(uri)) { + dataObject = new XMLDataObjectImpl(signatureEnvironment); + } else if ( + uri.startsWith("#xpointer") + || uri.startsWith("#xmlns") + || uri.startsWith("#element")) { + try { + // CHANGE IXSIL to XSECT + // maybe use URIDereferencerImpl or XPath ...?? + //XPointerReferenceResolver resolver = new XPointerReferenceResolver(); + URIDereferencerImpl uriDereferencer = new URIDereferencerImpl(); + URIReference uriReference = new URIReferenceImpl(uri, null, signatureEnvironment); + Data returnedData = uriDereferencer.dereference(uriReference, null); + + if(returnedData instanceof NodeSetData) { + NodeSetData nodeSetData = (NodeSetData)returnedData; + Iterator nodesIterator = nodeSetData.iterator(); + List nodeList = new ArrayList(); + + while(nodesIterator.hasNext()) { + nodeList.add(nodesIterator.next()); + } + + NodeList nodes = new NodeListImplementation(nodeList); + dataObject = new XMLNodeListDataObjectImpl(nodes); + } else if(returnedData instanceof OctetStreamData) { + OctetStreamData streamData = (OctetStreamData)returnedData; + dataObject = new ByteStreamDataObjectImpl(streamData.getOctetStream()); + } else { + throw new MOAApplicationException("2237", new Object[] { uri }); + } + + //URI uriObj = new URI(uri); + //NodeList nodes = + // resolver.resolveForest( + // uriObj, + // signatureEnvironment.getOwnerDocument(), + // null); + + } catch (Exception e) { + throw new MOAApplicationException("2237", new Object[] { uri }); + } + } else if (uri.startsWith("#")) { + String id = uri.substring(1); + Element refElem = + signatureEnvironment.getOwnerDocument().getElementById(id); + + if (refElem == null) { + throw new MOAApplicationException("2237", new Object[] { id }); + } + dataObject = new XMLDataObjectImpl(refElem); + } + + dataObject.setReferenceID(referenceID); + dataObject.setURI(uri); + + return dataObject; + } + + /** + * Build a <code>StreamEntityResolver</code> from a <code>List</code> of + * supplements. + * + * @param supplements The supplements, given as + * <code>XMLDataObjectAssociation</code>s. + * @return A <code>StreamEntityResolver</code> mapping the supplements by + * their reference URI to an <code>InputStream</code> of their respective + * content. + */ + private static StreamEntityResolver buildSupplementEntityResolver(List supplements) + throws MOAApplicationException + { + Map entities = new HashMap(); + Iterator iter; + + for (iter = supplements.iterator(); iter.hasNext();) { + XMLDataObjectAssociation supplement = + (XMLDataObjectAssociation) iter.next(); + Content content = supplement.getContent(); + String reference = content.getReference(); + + switch (content.getContentType()) { + case Content.BINARY_CONTENT : + { + entities.put(reference, ((ContentBinary) content).getBinaryContent()); + break; + } + case Content.LOCREF_CONTENT: + { + String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); + + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + if (context.FindResolvedEntity(locRefURI)==null) { + + ExternalURIResolver uriResolver = new ExternalURIResolver(); + InputStream uriStream = null; + byte[] contentBytes; + String contentType = null; + try + { + uriStream = uriResolver.resolve(locRefURI); + contentBytes = StreamUtils.readStream(uriStream); + contentType = uriResolver.getContentType(); + } + catch (Exception e) + { + throw new MOAApplicationException("3202", new Object[]{reference, locRefURI}, e); + } + finally + { + closeInputStream(uriStream); + } + context.PutResolvedEntity(locRefURI, contentBytes, contentType); + } + InputStream contentIS = context.ResolveURI(locRefURI); + entities.put(reference, contentIS); + break; + } + case Content.XML_CONTENT : + { + // serialize the first element node that is found in the supplement + // and make it available as a stream + NodeList nodes = ((ContentXML) content).getXMLContent(); + int i = 0; + + // find the first element node + while ((i < nodes.getLength()) + && (nodes.item(i).getNodeType() != Node.ELEMENT_NODE)) { + i++; + } + + // serialize the node + if (i < nodes.getLength()) { + try + { + byte[] serialized = DOMUtils.serializeNode(nodes.item(i), "UTF-8"); + entities.put(reference, new ByteArrayInputStream(serialized)); + } + catch (Exception e) + { + throw new MOAApplicationException("2281", new Object[]{reference}, e); + } + } + break; + } + } + } + + return new StreamEntityResolver(entities); + } + + /** + * Create a <code>DataObject</code> from a <code>Content</code> object. + * + * @param content The <code>Content</code> object containing the data. + * @param finalDataMetaInfo The meta information corresponding with <code>content</code>. + * @param referenceID The reference ID to set in the resulting + * <code>DataObject</code>. May be <code>null</code>. + * @param allowContentAndReference If <code>true</code>, then + * <code>content</code> is allowed to contain both a <code>Reference</code> + * attribute and content. Otherwise, either a <code>Reference</code> + * attribute or content must be set. + * @param binaryAsXml If <code>true</code>, a content child given as + * <code>Base64Content</code> must contain XML data. + * @param xmlAsNodeList If <code>true</code>, the children of a + * <code>XMLContent</code> child element are returned as a + * <code>XMLNodeListDataObject</code>. Otherwise, <code>XMLContent</code> may + * only contain a single child node, which must be an element and which is + * returned as an <code>XMLDataObject</code>. + * @param referenceAsXml If <code>true</code>, then content loaded from the + * URI given as the <code>Reference</code> attribute must be XML data. + * If <code>false</code>, an attempt is made to parse the data as XML and + * return an <code>XMLDataObject</code> but if this fails, a + * <code>BinaryDataObject</code> is returned containing a byte stream to the + * data. + * @return A <code>DataObject</code> representing the data in + * <code>content</code>. If <code>base64AsXml==true</code> and + * <code>xmlAsNodeList==false</code> and <code>referenceAsXml==true</code>, + * then the result can safely be cast to an <code>XMLDataObject</code>. + * @throws MOASystemException An error indicating an internal problem. See the + * wrapped exception for details. + * @throws MOAApplicationException An error occurred handling the content + * (probably while opening a reference or parsing the data). See the wrapped + * exception for details. + */ + public DataObject createFromContentOptionalRefType( + Content content, + MetaInfo finalDataMetaInfo, + String referenceID, + boolean allowContentAndReference, + boolean binaryAsXml, + boolean xmlAsNodeList, + boolean referenceAsXml) + throws MOASystemException, MOAApplicationException { + + String reference = content.getReference(); + DataObjectImpl dataObject = null; + + checkAllowContentAndReference(content, allowContentAndReference); + + // ok, build the data object; use content first, if available + switch (content.getContentType()) + { + case Content.XML_CONTENT : + { + ContentXML contentXml = (ContentXML) content; + dataObject = createFromXmlContent(contentXml, xmlAsNodeList); + break; + } + case Content.BINARY_CONTENT : + { + ContentBinary contentBinary = (ContentBinary) content; + dataObject = createFromBinaryContent(contentBinary, binaryAsXml, false); + break; + } + case Content.LOCREF_CONTENT : + { + String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); + try + { + dataObject = createFromURIImpl(locRefURI, referenceAsXml); + } + catch (MOAApplicationException e) + { + throw new MOAApplicationException("3201", new Object[]{reference, locRefURI}, e); + } + break; + } + case Content.REFERENCE_CONTENT : + { + dataObject = createFromURIImpl(reference, referenceAsXml); + break; + } + } + + // set URI and reference ID + dataObject.setURI(reference); + dataObject.setReferenceID(referenceID); + + // set Type gathered from corresponding meta information + dataObject.setTypeURI(finalDataMetaInfo.getType()); + + return dataObject; + } + + /** + * Check, if content and reference URIs are allowed in the content an throw + * an exception if an illegal combination of the two occurs. + * + * @param content The <code>Content</code> to check. + * @param allowContentAndReference Whether explicit content and a reference + * are allowed at the same time. + * @throws MOAApplicationException If <code>allowContentAndRefernece</code> + * is <code>false</code> and both explicit content and reference are set, + * an exception is thrown. + */ + private static void checkAllowContentAndReference( + Content content, + boolean allowContentAndReference) + throws MOAApplicationException { + String reference = content.getReference(); + + // check for content and reference not being set + if ((content.getContentType() == Content.REFERENCE_CONTENT) + && (reference == null)) { + String errorCode = allowContentAndReference ? "1111" : "1110"; + throw new MOAApplicationException(errorCode, null); + } + + // if we only allow either content or reference being set at once, check + if (!allowContentAndReference + && (content.getContentType() != Content.REFERENCE_CONTENT) + && (reference != null)) { + throw new MOAApplicationException("1110", null); + } + } + + /** + * Create a <code>DataObject</code> from a + * <code>XMLDataObjectAssociation</code> object. + * + * @param xmlDataObjAssoc The <code>XMLDataObjectAssociation</code> object. + * @param xmlContentAllowed Whether the content contained in the + * <code>xmlDataObjAssoc</code> is allowed to be of type + * <code>XML_CONTENT</code>. + * @param binaryContentRepeatable If binary content must be provided as a + * <code>DataObject</code> that can be read multiple times. + * @return A <code>DataObject</code> representing the data in + * <code>xmlDataObjAssoc</code>. + * @throws MOASystemException An error indicating an internal problem. See the + * wrapped exception for details. + * @throws MOAApplicationException An error occurred handling the content + * (probably while parsing the data). See the wrapped exception for details. + */ + public DataObject createFromXmlDataObjectAssociation( + XMLDataObjectAssociation xmlDataObjAssoc, + boolean xmlContentAllowed, + boolean binaryContentRepeatable) + throws MOASystemException, MOAApplicationException { + + Content content = xmlDataObjAssoc.getContent(); + MetaInfo metaInfo = xmlDataObjAssoc.getMetaInfo(); + String mimeType = metaInfo != null ? metaInfo.getMimeType() : null; + DataObjectImpl dataObject = null; + + switch (content.getContentType()) + { + case Content.XML_CONTENT : + { + if (xmlContentAllowed) + { + dataObject = createFromXmlContent((ContentXML) content, true); + } + else + { + throw new MOAApplicationException("2280", null); + } + break; + } + case Content.BINARY_CONTENT : + { + dataObject = createFromBinaryContent( + (ContentBinary) content, + false, + binaryContentRepeatable); + break; + } + case Content.LOCREF_CONTENT : + { + String locRefURI = ((ContentLocRef) content).getLocationReferenceURI(); + try + { + dataObject = createFromURIImpl(locRefURI, false); + } + catch (MOAApplicationException e) + { + throw new MOAApplicationException("3201", new Object[]{content.getReference(), locRefURI}, e); + } + break; + } + } + + dataObject.setURI(content.getReference()); + dataObject.setMimeType(mimeType); + return dataObject; + } + + /** + * Create a <code>DataObject</code> from a <code>TransformParameter</code> + * object. + * + * @param transformParameter The <code>TransformParameter</code> object + * containing the data. + * @return A <code>DataObject</code> representing the data in + * <code>root</code>. + * @throws MOASystemException An error indicating an internal problem. See the + * wrapped exception for details. + * @throws MOAApplicationException An error occurred handling the content + * (probably while opening a reference or parsing the data). See the wrapped + * exception for details. + */ + public DataObject createFromTransformParameter(TransformParameter transformParameter) + throws MOASystemException, MOAApplicationException { + + DataObjectImpl dataObject; + + switch (transformParameter.getTransformParameterType()) { + case TransformParameter.BINARY_TRANSFORMPARAMETER : + TransformParameterBinary tpBinary = + (TransformParameterBinary) transformParameter; + + try { + //dataObject = new ByteArrayDataObjectImpl(Base64Utils.encode(tpBinary.getBinaryContent())); + dataObject = + new ByteArrayDataObjectImpl( + StreamUtils.readStream(tpBinary.getBinaryContent())); + } catch (Exception e) { + return null; + } + //dataObject = new ByteStreamDataObjectImpl(tpBinary.getBinaryContent()); + break; + default : + // resolve uri and build the content + ExternalURIResolver resolver = new ExternalURIResolver(); + InputStream is = resolver.resolve(transformParameter.getURI()); + ByteArrayInputStream bis; + try + { + bis = new ByteArrayInputStream(StreamUtils.readStream(is)); + } + catch (IOException e) + { + throw new MOAApplicationException("2238", new Object[] {transformParameter.getURI()}, e); + } + finally + { + closeInputStream(is); + } + String contentType = resolver.getContentType(); + dataObject = new ByteStreamDataObjectImpl(bis); + dataObject.setMimeType(contentType); + break; + } + + dataObject.setURI(transformParameter.getURI()); + + return dataObject; + } + + /** + * Create a <code>DataObject</code> from data located at the given URI. + * + * @param uri The <code>URI</code> where the data is located. This method uses + * an <code>ExternalURIResolver</code> to resolve URIs. + * @param asXml If <code>true</code>, a <code>DataObject</code> is only + * returned, if the content consists of XML data. If it does not consist of + * XML data, an <code>MOAApplicationException</code> will be thrown. If this + * parameter is <code>false</code> and the content consists of XML data, this + * method will still attempt to parse it. + * @return The <code>DataObject</code> contained at the URI. + * @throws MOASystemException A system error parsing the XML content. + * @throws MOAApplicationException An error occurred on opening, reading or + * parsing the data behind the URI. + */ + public DataObject createFromURI(String uri, boolean asXml) + throws MOASystemException, MOAApplicationException { + return createFromURIImpl(uri, asXml); + } + + /** + * Create a <code>DataObject</code> from data located at the given URI. + * + * @param uri The <code>URI</code> where the data is located. This method uses + * an <code>ExternalURIResolver</code> to resolve URIs. + * @param asXml If <code>true</code>, a <code>DataObject</code> is only + * returned, if the content consists of XML data. If it does not consist of + * XML data, an <code>MOAApplicationException</code> will be thrown. If this + * parameter is <code>false</code> and the content type is detected as being + * XML data, this method will still attemt to parse it. + * @return The <code>DataObject</code> contained at the URI. + * @throws MOASystemException A system error parsing the XML content. + * @throws MOAApplicationException An error occurred on opening, reading or + * parsing the data behind the URI. + */ + private DataObjectImpl createFromURIImpl(String uri, boolean asXml) + throws MOASystemException, MOAApplicationException { + + Logger.trace(">>> resolving uri \"" + uri + "\""); + + ExternalURIResolver resolver = new ExternalURIResolver(); + + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + InputStream is = context.ResolveURI(uri); + String contentType = null; + boolean foundURI = false; + if (is == null) { + is = resolver.resolve(uri); + contentType = resolver.getContentType(); + } else { + foundURI = true; + contentType = (String) context.FindResolvedEntity(uri).get(1); + Logger.trace("found \"" + uri + "\" InputStream in preread Supplements!, do not read any more. Content=" + contentType); + } + + DataObjectImpl dataObject; + + // read the content + if ((contentType != null) && contentTypeIsXml(contentType)) { + Document doc; + + if (asXml) { + try { + // try parsing non-validating: this has to succeed or we + // bail out by throwing an exception + is = resolver.resolve(uri); + doc = DOMUtils.parseDocument(is, false, null, null); + dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); + } catch (ParserConfigurationException e) { + throw new MOASystemException("1106", null, e); + } catch (SAXException e) { + throw new MOAApplicationException("2209", null, e); + } catch (IOException e) { + throw new MOAApplicationException("2210", null, e); + } + finally + { + closeInputStream(is); + } + } else { + try { + // try parsing non-validating: need not succeed + is = resolver.resolve(uri); + doc = DOMUtils.parseDocument(is, false, null, null); + closeInputStream(is); + dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); + } catch (Exception e) { + // this is the last chance: return the data as a byte stream + Logger.trace(">>> reading stream for \"" + uri + "\""); + is = resolver.resolve(uri); + ByteArrayInputStream bis; + try + { + bis = new ByteArrayInputStream(StreamUtils.readStream(is)); + dataObject = new ByteStreamDataObjectImpl(bis); + } + catch (IOException e1) + { + throw new MOAApplicationException("2210", new Object[] { uri }, e1); + } + finally + { + closeInputStream(is); + } + Logger.trace(">>> read stream for \"" + uri + "\""); + } + } + } + + else if (asXml) + { + // if we need XML data, we're in the wrong place here + closeInputStream(is); + throw new MOAApplicationException("2211", new Object[] { uri }); + } + else + { + // content is binary: make it available as a binary input stream + Logger.trace(">>> getting binary input for \"" + uri + "\""); + byte[] contentBytes; + ByteArrayInputStream bis; + try + { + contentBytes = StreamUtils.readStream(is); + bis = new ByteArrayInputStream(contentBytes); + } + catch (IOException e) + { + throw new MOAApplicationException("2210", null, e); + } + finally + { + closeInputStream(is); + } + if (!foundURI) { + context.PutResolvedEntity(uri, contentBytes, contentType); + } + dataObject = new ByteStreamDataObjectImpl(bis); + Logger.trace("<<< got binary input for \"" + uri + "\""); + } + + dataObject.setMimeType(contentType); + dataObject.setURI(uri); + + Logger.trace("<<< resolved uri \"" + uri + "\""); + + return dataObject; + } + + /** + * Savely closes the specified input stream. + * + * @param is The input stream to be closed. + */ + private static void closeInputStream(InputStream is) + { + try + { + if (is != null) { + is.close(); + } + } + catch (Throwable t) + { + // Intentionally do nothing here + } + } + + /** + * Determine whether the content type is XML. + * + * Content types recognized as XML start with <code>text/xml</code> and + * <code>application/xml</code>. + * + * @param contentType The content MIME type. + * @return boolean If <code>true</code>, the content type is XML, otherwise + * not. + */ + private static boolean contentTypeIsXml(String contentType) { + return contentType.startsWith("text/xml") + || (contentType.startsWith("application/xml")); + } + + /** + * Create a <code>DataObject</code> from a <code>ContentXML</code> object. + * + * @param xmlContent The <code>ContentXML</code> object from + * which the <code>DataObject</code> is to be built. + * @param xmlAsNodeList If <code>true</code>, the children of + * <code>xmlContent</code> are returned as a + * <code>XMLNodeListDataObject</code>. Otherwise, + * <code>xmlContent</code> may only contain a single child node, which must be + * an element and which is returned as an <code>XMLDataObject</code>. + * @return A <code>DataObject</code> representing the XML content in + * <code>xmlContent</code>. + * @throws MOAApplicationException If <code>xmlAsNodeList</code> is + * <code>false</code> and <code>xmlContent</code> does not have a single child + * element. + */ + private DataObjectImpl createFromXmlContent( + ContentXML xmlContent, + boolean xmlAsNodeList) + throws MOAApplicationException { + + DataObjectImpl dataObject; + + if (xmlAsNodeList) { + dataObject = new XMLNodeListDataObjectImpl(xmlContent.getXMLContent()); + } else { + NodeList nodes = xmlContent.getXMLContent(); + Element element = checkForSingleElement(nodes); + + // build the XMLDataObject + dataObject = new XMLDataObjectImpl(element); + } + return dataObject; + } + + /** + * Check, that the given <code>NodeList</code> contains a single DOM element + * node and return it, otherwise throw an exception. + * + * @param nodes The <code>NodeList</code> to check for a single element. + * @return The single element contained in <code>nodes</code>. + * @throws MOAApplicationException Thrown, if <code>nodes</code> does not + * contain exactly 1 element node. + */ + private Element checkForSingleElement(NodeList nodes) + throws MOAApplicationException { + + Element element = null; + int i; + + // check for a single element node + for (i = 0; i < nodes.getLength(); i++) { + if (nodes.item(i).getNodeType() == Node.ELEMENT_NODE) { + if (element == null) { + element = (Element) nodes.item(i); + } else { + throw new MOAApplicationException("1109", null); + } + } + } + + // return the element node + if (element == null) { + throw new MOAApplicationException("1107", null); + } else { + return element; + } + } + + /** + * Create a <code>DataObject</code> from a <code>ContentBinary</code> object. + * + * @param binaryContent The <code>ContentBinary</code> object containing the + * data. + * @param asXml If <code>true</code>, <code>binaryContent</code> must + * contain XML data. Otherwise, a <code>BinaryDataObject</code> will be + * returned containing a byte stream to the decoded Base64 data. + * @param repeatable If multiple calls to <code>getInputStream()</code> must + * repeatedly return the content of the data object. + * @return A <code>DataObject</code> representing the content contained in + * <code>binaryContent</code>. + * @throws MOASystemException An error indicating an internal problem. See the + * wrapped exception for details. + * @throws MOAApplicationException An error occurred handling the content + * (probably while parsing the data). See the wrapped exception for details. + */ + private DataObjectImpl createFromBinaryContent( + ContentBinary binaryContent, + boolean asXml, + boolean repeatable) + throws MOASystemException, MOAApplicationException { + + InputStream byteStream = binaryContent.getBinaryContent(); + DataObjectImpl dataObject; + + if (asXml) { + Document doc; + + try { + doc = DOMUtils.parseDocument(byteStream, false, null, null); + dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); + } catch (ParserConfigurationException e) { + throw new MOASystemException("1106", null, e); + } catch (SAXException e) { + throw new MOAApplicationException("2209", null, e); + } catch (IOException e) { + throw new MOAApplicationException("2210", null, e); + } + } else { + if (repeatable) { + try { + dataObject = + new ByteArrayDataObjectImpl(StreamUtils.readStream(byteStream)); + } catch (IOException e) { + throw new MOAApplicationException("2210", null); + } + } else { + dataObject = new ByteStreamDataObjectImpl(byteStream); + } + } + + return dataObject; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java new file mode 100644 index 0000000..933d058 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ExternalURIResolver.java @@ -0,0 +1,177 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.xml.crypto.utils.URI; +import iaik.xml.crypto.utils.URIException; + +import java.io.IOException; +import java.io.InputStream; +import java.net.HttpURLConnection; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLConnection; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.ExternalURIVerifier; + +/** + * Resolve external URIs and provide them as a stream. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ExternalURIResolver { + + /** The MIME type of the content currently resolved. */ + private String contentType; + + /** + * Return a stream to data at the given URI. + * + * This method will try to open an <code>URLConnection</code> to the given + * URI. Access to the file system is disallowed. + * + * @param uriStr The URI to resolve. + * @return InputStream The data contained at the URI. + * @throws MOAApplicationException An error occurred resolving the URI (e.g., + * the URI is syntactically incorrect or the stream could not be opened). + */ + public InputStream resolve(String uriStr) throws MOAApplicationException { + URI uri; + URL url; + URLConnection connection; + InputStream is; + + // build the URI + try { + uri = new URI(uriStr); + } catch (URIException e) { + throw new MOAApplicationException("2207", new Object[] { uriStr }); + } + + // disallow access to local file system + if ("".equals(uri.getScheme()) || "file".equals(uri.getScheme())) { + throw new MOAApplicationException("2213", new Object[] { uriStr }); + } + + // if we have local content (SOAP with attachments) + if ("formdata".equals(uri.getScheme())) { + TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); + if (context==null) { + //no transaction + throw new MOAApplicationException("2282", new Object[] { uri }); + } else { + InputStream attachmentIs = context.getAttachmentInputStream(uri); + if (attachmentIs != null) { + setContentType(context.getAttachmentContentType(uri.getPath())); + return attachmentIs; + } else { + //maybe attachments provided but no suiting attachment found + throw new MOAApplicationException("2282", new Object[] { uri }); + } + } + } + + // convert URI to URL + try { + // create the URL + url = new URL(uriStr); + //System.out.println("ExternalURIResolver: " + url); + ExternalURIVerifier.verify(url.getHost(), url.getPort()); + + } catch (MalformedURLException e) { + throw new MOAApplicationException("2214", new Object[] { uriStr }); + } + + // build the URLConnection + try { + connection = url.openConnection(); + if ("http".equals(url.getProtocol())) { + HttpURLConnection httpConnection = (HttpURLConnection) connection; + // disallow redirects + httpConnection.setInstanceFollowRedirects(false); + + httpConnection.connect(); + if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) { + throw new MOAApplicationException("2208", new Object[] { uri }); + } + } else if ("https".equals(url.getProtocol())) { + /* + * this doesn't work because of some interaction between the IAIK + * JCE and Sun JSSE that results in an "Invalid AVA format" exception + */ + + /* + HttpsURLConnection httpsConnection = (HttpsURLConnection) connection; + InputStream trustStore = + getClass().getResourceAsStream(DEFAULT_TRUST_STORE); + SSLSocketFactory factory = + SSLUtils.getSSLSocketFactory("jks", trustStore, "changeit"); + httpsConnection.setSSLSocketFactory(factory); + httpsConnection.connect(); + if (httpConnection.getResponseCode() != HttpURLConnection.HTTP_OK) { + throw new MOAApplicationException("2208", new Object[] { uri }); + } + */ + connection.connect(); + } else { + connection.connect(); + } + is = connection.getInputStream(); + } catch (IOException e) { + throw new MOAApplicationException("2208", new Object[] { uri }, e); + } /*catch (GeneralSecurityException e) { + throw new MOAApplicationException("2208", new Object[] { uri }, e); + }*/ + + // set the content type + setContentType(connection.getContentType()); + + return is; + } + + /** + * Set the content type of the data at the URI. + * + * @param contentType The content type to set. + */ + protected void setContentType(String contentType) { + this.contentType = contentType; + } + + /** + * Return the content type of the data detected at the URI from the previous + * call of <code>resolve()</code>. + * + * @return String The content type. + */ + public String getContentType() { + return contentType; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java new file mode 100644 index 0000000..1136ff2 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/IaikExceptionMapper.java @@ -0,0 +1,318 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.server.modules.IAIKException; +import iaik.server.modules.IAIKRuntimeException; + +import java.lang.reflect.Constructor; +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.MOASystemException; + + +/** + * Map an exception from the <code>iaik</code> namespace to a + * <code>MOAException</code>. + * + * @author Patrick Peck + * @version $Id$ + */ +public class IaikExceptionMapper { + + /** The argument classes for <code>MOAException</code>s. */ + private static final Class[] CONSTRUCTOR_ARGS = + new Class[] { String.class, Object[].class, Throwable.class }; + /** The exception mapping, as an array. */ + private static final Object[][] MESSAGES = + { + { iaik.server.modules.IAIKException.class, "9900", MOASystemException.class }, + { iaik.server.modules.IAIKRuntimeException.class, "9901", MOASystemException.class }, + { iaik.server.modules.xmlsign.XMLSignatureCreationException.class, "2220", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.XMLSignatureCreationRuntimeException.class, "2220", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.InvalidKeyException.class, "2221", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.ManifestException.class, "2222", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.ReferenceException.class, "2223", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.HashUnavailableException.class, "2224", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignatureAlgorithmException.class, "2225", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignatureEmbeddingException.class, "2226", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignatureValueException.class, "2227", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignedPropertyException.class, "2228", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SignerCertificateUnavailableException.class, "2229", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.SupplementException.class, "2230", MOAApplicationException.class }, + { iaik.server.modules.xmlsign.TransformationException.class, "2233", MOAApplicationException.class }, + { iaik.server.modules.cmsverify.CMSSignatureVerificationException.class, "2240", MOAApplicationException.class }, + { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2240", MOAApplicationException.class }, + { iaik.server.modules.cmsverify.AlgorithmNotSupportedException.class, "2241", MOAApplicationException.class }, + { iaik.server.modules.cmsverify.CMSSignatureParsingException.class, "2242", MOAApplicationException.class }, + { iaik.server.modules.cmsverify.SignerCertificateUnavailableException.class, "2243", MOAApplicationException.class }, + { iaik.server.modules.cmsverify.CMSSignatureVerificationRuntimeException.class, "2247", MOAApplicationException.class }, + { iaik.server.modules.cmsverify.InitException.class, "2248", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.XMLSignatureVerificationException.class, "2240", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.XMLSignatureVerificationRuntimeException.class, "2240", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.AlgorithmNotSupportedException.class, "2241", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.ManifestException.class, "2262", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.PropertiesException.class, "2263", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.ReferenceException.class, "2264", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.HashUnavailableException.class, "2224", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.SignerCertificateUnavailableException.class, "2243", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.SupplementException.class, "2230", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.TransformationException.class, "2265", MOAApplicationException.class }, + { iaik.server.modules.xmlverify.TransformationParsingException.class, "2269", MOAApplicationException.class }, + { iaik.xml.crypto.tsl.ex.TSLEngineDiedException.class, "2290", MOAApplicationException.class }, + { iaik.xml.crypto.tsl.ex.TSLSearchException.class, "2290", MOAApplicationException.class } , + { iaik.server.modules.cmssign.CMSSignatureCreationException.class, "2300", MOAApplicationException.class } , + + + }; + + /** The single instance of this class. */ + private static IaikExceptionMapper instance; + /** The exception mapping, as a <code>Map</code> for fast lookup. */ + private Map messages = new HashMap(); + + /** + * Get the single instance of this class. + * + * @return The single instance of this class. + */ + public static synchronized IaikExceptionMapper getInstance() { + if (instance == null) { + instance = new IaikExceptionMapper(); + } + return instance; + } + + /** + * Create a new <code>IaikExceptionMapper</code>. + * + * Protected to disallow multple instances. + */ + protected IaikExceptionMapper() { + registerMessages(); + } + + /** + * Build the complete <code>IAIKException</code> to message code mapping. + */ + protected void registerMessages() { + int i; + + for (i = 0; i < MESSAGES.length; i++) { + registerMessage( + (Class) MESSAGES[i][0], + (String) MESSAGES[i][1], + (Class) MESSAGES[i][2]); + } + } + + /** + * Register a single <code>IAIKException</code> to message mapping. + * + * @param iaikExceptionClass An exception from the <code>iaik</code> package. + * @param messageId The corresponding error message id. + * @param moaExceptionClass The type of <code>MOAException</code> that the + * <code>IAIKException</code> is mapped to (usually + * <code>MOAApplicationException</code> or <code>MOASystemException</code>). + */ + protected void registerMessage( + Class iaikExceptionClass, + String messageId, + Class moaExceptionClass) { + + messages.put( + iaikExceptionClass, + new ExceptionMappingInfo(messageId, moaExceptionClass)); + } + + /** + * Map an <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> to a <code>MOAException</code>. + * + * @param tslSearchException The <code>iaik.xml.crypto.tsl.ex.TSLSearchException</code> to map. + * @return A <code>MOAException</code> containing the message for the + * given <code>IAIKException</code>. + */ + public MOAException map(iaik.xml.crypto.tsl.ex.TSLSearchException tslSearchException) { + return mapImpl(tslSearchException); + } + + /** + * Map an <code>iaik.xml.crypto.tsl.ex.TSLEngineDiedException</code> to a <code>MOAException</code>. + * + * @param tslEngineDiedException The <code>iaik.xml.crypto.tsl.ex.TSLEngineDiedException</code> to map. + * @return A <code>MOAException</code> containing the message for the + * given <code>IAIKException</code>. + */ + public MOAException map(iaik.xml.crypto.tsl.ex.TSLEngineDiedException tslEngineDiedException) { + return mapImpl(tslEngineDiedException); + } + + /** + * Map an <code>IAIKException</code> to a <code>MOAException</code>. + * + * @param iaikException The <code>IAIKException</code> to map. + * @return A <code>MOAException</code> containing the message for the + * given <code>IAIKException</code>. + */ + public MOAException map(IAIKException iaikException) { + return mapImpl(iaikException); + } + + /** + * Map an <code>IAIKRuntimeException</code> to a <code>MOAException</code>. + * + * @param iaikException The <code>IAIKException</code> to map. + * @return A <code>MOAException</code> containing the message for the + * given <code>IAIKRuntimeException</code>. + */ + public MOAException map(IAIKRuntimeException iaikException) { + return mapImpl(iaikException); + } + + /** + * Map an <code>IAIKException</code> or <code>IAIKRuntimeException</code> to a + * <code>MOAException</code>. + * + * @param iaikException The <code>IAIKException</code> or + * <code>IAIKRuntimeException</code> to map. + * @return A <code>MOAException</code> containing the message for the + * given <code>IAIKRuntimeException</code>. + */ + private MOAException mapImpl(Exception iaikException) { + MOAException moaException = createMoaException(iaikException); + + if (moaException == null) { + return new MOASystemException("9999", null, iaikException); + } + return moaException; + } + + /** + * Create a <code>MOAException</code> from a given <code>IAIKException</code> + * by looking it up in the mapping. + * + * @param iaikException The <code>IAIKException</code> to map. + * @return A <code>MOAException</code> with an error code corresponding to + * the given <code>IAIKException</code>. Returns <code>null</code>, if no + * mapping could be found. + */ + protected MOAException createMoaException(Exception iaikException) { + ExceptionMappingInfo info = lookupMessage(iaikException.getClass()); + Constructor constructor; + + if (info == null) { + return null; + } + + // instantiate the proper MOAException and return it + try { + constructor = + info.getMoaExceptionClass().getConstructor(CONSTRUCTOR_ARGS); + return (MOAException) constructor.newInstance( + new Object[] { + info.getMessageId(), + new Object[] { iaikException.getMessage()}, + iaikException }); + } catch (Exception e) { + return null; + } + } + + /** + * Recursively look up the message associated with an + * <code>IAIKException</code>. + * + * This method walks up the exception inheritance hierarchy until it finds a + * mapping. + * + * @param iaikExceptionClass The <code>IAIKException</code> to look up. + * @return Information about the message id and + * <code>MOAException</code> class that the <code>iaikExceptionClass</code> + * maps to. If no mapping could be found, <code>null</code> is returned. + */ + protected ExceptionMappingInfo lookupMessage(Class iaikExceptionClass) { + ExceptionMappingInfo info; + + // break if + if (iaikExceptionClass.equals(Exception.class)) { + return null; + } + + // look up the exception class + info = (ExceptionMappingInfo) messages.get(iaikExceptionClass); + if (info == null) { + return lookupMessage(iaikExceptionClass.getSuperclass()); + } + return info; + } + +} + +/** + * A class containing a mapping from an error message ID to a + * <code>MOAException</code> class. + * + * @author Patrick Peck + * @version $Id$ + */ +class ExceptionMappingInfo { + /** The message ID. */ + private String messageId; + /** The <code>MOAException</code> class. */ + private Class moaExceptionClass; + + /** + * Create a new <code>ExceptionMappingInfo</code>. + * + * @param messageId The message ID. + * @param moaExceptionClass The <code>MOAException</code> class. + */ + public ExceptionMappingInfo(String messageId, Class moaExceptionClass) { + this.messageId = messageId; + this.moaExceptionClass = moaExceptionClass; + } + + /** + * Return the message ID. + * + * @return The message ID. + */ + public String getMessageId() { + return messageId; + } + + /** + * Returns the <code>MOAException</code> class that the message ID maps to. + * + * @return The <code>MOAException</code> class. + */ + public Class getMoaExceptionClass() { + return moaExceptionClass; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java new file mode 100644 index 0000000..0bca8ae --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/InvokerUtils.java @@ -0,0 +1,87 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.util.XPathException; +import at.gv.egovernment.moa.util.XPathUtils; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.api.common.ElementSelector; + +/** + * Utility methods for invoking the IAIK MOA modules. + * + * @author Patrick Peck + * @version $Id$ + */ +public class InvokerUtils { + + /** + * Select the signature parent element. + * + * @param root The root DOM element which contains the signature parent + * element somewhere in its subtree. + * @param location The <code>ElementSelector</code> containing the XPath + * expression to select the signature parent element from the document. + * It is also contains the namespace prefix to URI mapping. + * @return Element The signature parent element. + * @throws MOAApplicationException An error occurred evaluating the + * <code>location</code>. + */ + public static Element evaluateSignatureLocation( + Element root, + ElementSelector location) + throws MOAApplicationException { + + NodeList nodes; + + try { + nodes = + XPathUtils.selectNodeList( + root, + location.getNamespaceDeclarations(), + location.getXPathExpression()); + } catch (XPathException e) { + throw new MOAApplicationException( + "2212", + new Object[] { location.getXPathExpression()}, + e); + } + + if (nodes.getLength() != 1 + || !(nodes.item(0).getNodeType() == Node.ELEMENT_NODE)) { + throw new MOAApplicationException( + "2212", + new Object[] { location.getXPathExpression()}); + } + return (Element) nodes.item(0); + } + + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java new file mode 100644 index 0000000..c6eaa4f --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ProfileMapper.java @@ -0,0 +1,273 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.api.xmlbind.ProfileParser; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileID; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileID; +import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfile; +import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileID; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfile; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileID; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * Map ProfileID objects to their explicit represantation. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ProfileMapper { + + /** The parser to parse the profiles. */ + private static ProfileParser profileParser = new ProfileParser(); + + /** + * Map a <code>CreateTransformsInfoProfile</code> to a + * <code>CreateTransformsInfoProfileExplicit</code>. + * + * @param profile The profile object to map. + * @param config The MOA configuration to use for looking up the profile. + * @return <code>profile</code>, if the given profile is of type + * <code>EXPLICIT_CREATETRANSFORMSINFOPROFILE</code>, otherwise the profile + * that is looked up and parsed from the configuration. + * @throws MOAApplicationException An error occurred parsing the profile. + */ + public static CreateTransformsInfoProfileExplicit mapCreateTransformsInfoProfile( + CreateTransformsInfoProfile profile, + ConfigurationProvider config) + throws MOAApplicationException { + + switch (profile.getCreateTransformsInfoProfileType()) { + case CreateTransformsInfoProfile.EXPLICIT_CREATETRANSFORMSINFOPROFILE : + return (CreateTransformsInfoProfileExplicit) profile; + + case CreateTransformsInfoProfile.ID_CREATETRANSFORMSINFOPROFILE : + CreateTransformsInfoProfileID profileIdObj = + (CreateTransformsInfoProfileID) profile; + String profileID = profileIdObj.getCreateTransformsInfoProfileID(); + Element profileElem = config.getCreateTransformsInfoProfile(profileID); + + if (profileElem == null) { + throw new MOAApplicationException("2234", new Object[] { profileID }); + } + + return ( + CreateTransformsInfoProfileExplicit) profileParser + .parseCreateTransformsInfoProfile( + profileElem); + } + return null; // this will not happen + } + + /** + * Map a <code>CreateSignatureEnvironmentProfile</code> to a + * <code>CreateSignatureEnvironmentProfileExplicit</code>. + * + * @param profile The profile object to map. + * @param config The MOA configuration to use for looking up the profile. + * @return <code>profile</code>, if the given profile is of type + * <code>EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE</code>, otherwise the + * profile that is looked up and parsed from the configuration. + * @throws MOAApplicationException An error occurred parsing the profile. + */ + public static CreateSignatureEnvironmentProfileExplicit mapCreateSignatureEnvironmentProfile( + CreateSignatureEnvironmentProfile profile, + ConfigurationProvider config) + throws MOAApplicationException { + + switch (profile.getCreateSignatureEnvironmentProfileType()) { + case CreateSignatureEnvironmentProfile + .EXPLICIT_CREATESIGNATUREENVIRONMENTPROFILE : + + return (CreateSignatureEnvironmentProfileExplicit) profile; + + case CreateSignatureEnvironmentProfile + .ID_CREATESIGNATUREENVIRONMENTPROFILE : + + CreateSignatureEnvironmentProfileID profileIdObj = + (CreateSignatureEnvironmentProfileID) profile; + String profileID = + profileIdObj.getCreateSignatureEnvironmentProfileID(); + Element profileElem = + config.getCreateSignatureEnvironmentProfile(profileID); + + if (profileElem == null) { + throw new MOAApplicationException("2236", new Object[] { profileID }); + } + + return ( + CreateSignatureEnvironmentProfileExplicit) profileParser + .parseCreateSignatureEnvironmentProfile( + profileElem); + + } + return null; + + } + + /** + * Map a <code>List</code> of <code>SupplementProfile</code>s to their + * explicit representation. + * + * @param profiles The profiles to map. + * @param config The MOA configuration to use for looking up profiles. + * @return The mapped profiles. + * @throws MOAApplicationException An error occurred mapping one of the + * profiles. + */ + public static List mapSupplementProfiles( + List profiles, + ConfigurationProvider config) + throws MOAApplicationException { + + List mappedProfiles = new ArrayList(); + Iterator iter; + + for (iter = profiles.iterator(); iter.hasNext();) { + SupplementProfile profile = (SupplementProfile) iter.next(); + mappedProfiles.add(mapSupplementProfile(profile, config)); + } + + return mappedProfiles; + } + + /** + * Map a <code>SupplementProfile</code> to a + * <code>SupplementProfileExplicit</code>. + * + * @param profile The profile object to map. + * @param config The MOA configuration to use for looking up the profile. + * @return <code>profile</code>, if the given profile is of type + * <code>EXPLICIT_SUPPLEMENTPROFILE</code>, otherwise the + * profile that is looked up and parsed from the configuration. + * @throws MOAApplicationException An error occurred parsing the profile. + */ + public static SupplementProfileExplicit mapSupplementProfile( + SupplementProfile profile, + ConfigurationProvider config) + throws MOAApplicationException { + + switch (profile.getSupplementProfileType()) { + case SupplementProfile.EXPLICIT_SUPPLEMENTPROFILE : + return (SupplementProfileExplicit) profile; + + case SupplementProfile.ID_SUPPLEMENTPROFILE : + SupplementProfileID profileIdObj = (SupplementProfileID) profile; + String profileID = profileIdObj.getSupplementProfileID(); + Element profileElem = config.getSupplementProfile(profileID); + + if (profileElem == null) { + throw new MOAApplicationException("2267", new Object[] { profileID }); + } + + return ( + SupplementProfileExplicit) profileParser.parseSupplementProfile( + profileElem); + } + + return null; + } + + /** + * Map a <code>List</code> of <code>VerifyTransformsInfoProfile</code>s to + * their explicit representation. + * + * @param profiles The profiles to map. + * @param config The MOA configuration to use for looking up profiles. + * @return The mapped profiles. + * @throws MOAApplicationException An error occurred mapping one of the + * profiles. + */ + public static List mapVerifyTransformsInfoProfiles( + List profiles, + ConfigurationProvider config) + throws MOAApplicationException { + + List mappedProfiles = new ArrayList(); + Iterator iter; + + for (iter = profiles.iterator(); iter.hasNext();) { + VerifyTransformsInfoProfile profile = + (VerifyTransformsInfoProfile) iter.next(); + mappedProfiles.add(mapVerifyTransformsInfoProfile(profile, config)); + } + + return mappedProfiles; + } + + /** + * Map a <code>VerifyTransformsInfoProfile</code> to a + * <code>VerifyTransformsInfoProfileExplicit</code>. + * + * @param profile The profile object to map. + * @param config The MOA configuration to use for looking up the profile. + * @return <code>profile</code>, if the given profile is of type + * <code>EXPLICIT_VERIFYTRANSFORMSINFOPROFILE</code>, otherwise the + * profile that is looked up and parsed from the configuration. + * @throws MOAApplicationException An error occurred parsing the profile. + */ + public static VerifyTransformsInfoProfileExplicit mapVerifyTransformsInfoProfile( + VerifyTransformsInfoProfile profile, + ConfigurationProvider config) + throws MOAApplicationException { + + switch (profile.getVerifyTransformsInfoProfileType()) { + case VerifyTransformsInfoProfile.EXPLICIT_VERIFYTRANSFORMSINFOPROFILE : + return (VerifyTransformsInfoProfileExplicit) profile; + + case VerifyTransformsInfoProfile.ID_VERIFYTRANSFORMSINFOPROFILE : + VerifyTransformsInfoProfileID profileIdObj = + (VerifyTransformsInfoProfileID) profile; + String profileID = profileIdObj.getVerifyTransformsInfoProfileID(); + Element profileElem = + config.getVerifyTransformsInfoProfile(profileID); + + if (profileElem == null) { + throw new MOAApplicationException("2268", new Object[] { profileID }); + } + + return ( + VerifyTransformsInfoProfileExplicit) profileParser + .parseVerifyTransformsInfoProfile( + profileElem); + } + + return null; + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java new file mode 100644 index 0000000..8f3c075 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/ServiceContextUtils.java @@ -0,0 +1,75 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; + +/** + * A utility class for setting up and tearing down thread-local context + * information needed for calling the <code>Invoker</code> classes. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ServiceContextUtils { + + /** + * Set up the thread-local context information needed for calling the various + * <code>Invoker</code> classes. + * + * @throws ConfigurationException An error occurred setting up the + * configuration in the <code>TransactionContext</code>. + */ + public static void setUpContexts() throws ConfigurationException { + TransactionContextManager txMgr = TransactionContextManager.getInstance(); + LoggingContextManager logMgr = LoggingContextManager.getInstance(); + String transactionID = Thread.currentThread().getName(); + + if (txMgr.getTransactionContext() == null) { + TransactionContext ctx = new TransactionContext(transactionID, null, ConfigurationProvider.getInstance()); + txMgr.setTransactionContext(ctx); + } + + if (logMgr.getLoggingContext() == null) { + LoggingContext ctx = new LoggingContext(transactionID); + logMgr.setLoggingContext(ctx); + } + } + + /** + * Tear down thread-local context information. + */ + public static void tearDownContexts() { + TransactionContextManager.getInstance().setTransactionContext(null); + LoggingContextManager.getInstance().setLoggingContext(null); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java new file mode 100644 index 0000000..b746333 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureCreationServiceImpl.java @@ -0,0 +1,71 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.util.Collections; + +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moa.spss.api.SignatureCreationService; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse; + +/** + * An implementation of the <code>SignatureCreationService</code>, using + * the <code>XMLSignatureCreationInvoker</code>. + * + * @author Patrick Peck + * @version $Id$ + */ +public class SignatureCreationServiceImpl extends SignatureCreationService { + + /** + * Create an XML signature. + * + * @param request The <code>CreateXMLSignatureRequest</code> containing + * information about the signature(s) to create. + * @return The created signature(s). + * @throws MOAException An error occurred creating the signature(s). + */ + public CreateXMLSignatureResponse createXMLSignature(CreateXMLSignatureRequest request) + throws MOAException { + + XMLSignatureCreationInvoker invoker = + XMLSignatureCreationInvoker.getInstance(); + CreateXMLSignatureResponse response; + + try { + + Configurator.getInstance().init(); + ServiceContextUtils.setUpContexts(); + response = invoker.createXMLSignature(request, Collections.EMPTY_SET); + + return response; + } finally { + ServiceContextUtils.tearDownContexts(); + } + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java new file mode 100644 index 0000000..5b6033c --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/SignatureVerificationServiceImpl.java @@ -0,0 +1,100 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moa.spss.api.SignatureVerificationService; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; + +/** + * An implementation of the <code>SignatureVerificationService</code> using + * the <code>XMLSignatureVerificationInvoker</code> and the + * <code>CMSSignatureVerificationInvoker</code>. + * + * @author Patrick Peck + * @version $Id$ + */ +public class SignatureVerificationServiceImpl + extends SignatureVerificationService { + + /** + * Verify a CMS signature. + * + * @param request The <code>VerifyCMSSignatureRequest</code> containing + * information about the signature verification. + * @return The result of the signature verification. + * @throws MOAException An error occurred during signature verification. + */ + public VerifyCMSSignatureResponse verifyCMSSignature(VerifyCMSSignatureRequest request) + throws MOAException { + + CMSSignatureVerificationInvoker invoker = + CMSSignatureVerificationInvoker.getInstance(); + VerifyCMSSignatureResponse response; + + try { + Configurator.getInstance().init(); + ServiceContextUtils.setUpContexts(); + response = invoker.verifyCMSSignature(request); + + return response; + } finally { + ServiceContextUtils.tearDownContexts(); + } + } + + /** + * Verify an XML signature. + * + * @param request The <code>VerifyXMLSignatureRequest</code> containinig + * information about the signature verification. + * @return The result of the signature verification. + * @throws MOAException An error occurred during signature verification. + */ + public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) + throws MOAException { + + XMLSignatureVerificationInvoker invoker = + XMLSignatureVerificationInvoker.getInstance(); + VerifyXMLSignatureResponse response; + + try { + + + Configurator.getInstance().init(); + ServiceContextUtils.setUpContexts(); + response = invoker.verifyXMLSignature(request); + + return response; + } finally { + ServiceContextUtils.tearDownContexts(); + } + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java new file mode 100644 index 0000000..7842f14 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/TransformationFactory.java @@ -0,0 +1,282 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import iaik.server.modules.xml.Base64Transformation; +import iaik.server.modules.xml.Canonicalization; +import iaik.server.modules.xml.EnvelopedSignatureTransformation; +import iaik.server.modules.xml.Transformation; +import iaik.server.modules.xml.XPath2Transformation; +import iaik.server.modules.xml.XPathTransformation; +import iaik.server.modules.xml.XSLTTransformation; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.api.common.ExclusiveCanonicalizationTransform; +import at.gv.egovernment.moa.spss.api.common.Transform; +import at.gv.egovernment.moa.spss.api.common.XPathFilter; +import at.gv.egovernment.moa.spss.api.common.XPathFilter2Transform; +import at.gv.egovernment.moa.spss.api.common.XPathTransform; +import at.gv.egovernment.moa.spss.api.common.XSLTTransform; +import at.gv.egovernment.moa.spss.server.iaik.xml.Base64TransformationImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.EnvelopedSignatureTransformationImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.ExclusiveCanonicalizationImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.XPath2FilterImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.XPath2TransformationImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.XPathTransformationImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.XSLTTransformationImpl; + +/** + * A factory to create <code>Transformation</code> objects from + * <code>Transform</code> objects. + * + * @author Patrick Peck + * @version $Id$ + */ +public class TransformationFactory { + + + /** The single instance of this class. */ + private static TransformationFactory instance = null; + + /** Maps <code>XPathFilter</code> filter types to + * <code>XPath2Transformation</code> filter types. */ + private static Map FILTER_TYPE_MAPPING; + + static { + FILTER_TYPE_MAPPING = new HashMap(); + + FILTER_TYPE_MAPPING.put( + XPathFilter.INTERSECT_TYPE, + XPath2Transformation.XPath2Filter.INTERSECTION); + FILTER_TYPE_MAPPING.put( + XPathFilter.SUBTRACT_TYPE, + XPath2Transformation.XPath2Filter.SUBTRACTION); + FILTER_TYPE_MAPPING.put( + XPathFilter.UNION_TYPE, + XPath2Transformation.XPath2Filter.UNION); + } + + /** + * Get the single instance of the factory. + * + * @return TransformationFactory The single instance. + */ + public static synchronized TransformationFactory getInstance() { + if (instance == null) { + instance = new TransformationFactory(); + } + return instance; + } + + /** + * Create a new <code>TransformationFactory</code>. + * + * Protected to disallow multiple instances. + */ + protected TransformationFactory() { + } + + /** + * Create a <code>Transformation</code> based on a + * <code>Transform</code> object. + * + * @param transform The <code>Transform</code> object to extract + * transformation data from. + * @return The transformation contained in the <code>transform</code> + * object. + * @throws MOAApplicationException An error occured creating the + * <code>Transformation</code>. See exception message for details. + */ + public Transformation createTransformation(Transform transform) + throws MOAApplicationException { + String algorithmUri = transform.getAlgorithmURI(); + + if (Canonicalization.CANONICAL_XML.equals(algorithmUri) + || Canonicalization.CANONICAL_XML_WITH_COMMENTS.equals(algorithmUri)) { + return createC14nTransformation(algorithmUri); + } else if ( + Canonicalization.EXCLUSIVE_CANONICAL_XML.equals(algorithmUri) + || Canonicalization.EXCLUSIVE_CANONICAL_XML_WITH_COMMENTS.equals( + algorithmUri)) { + + return createExclusiveC14nTransformation( + (ExclusiveCanonicalizationTransform) transform); + + } else if (Base64Transformation.ALL.contains(algorithmUri)) { + return createBase64Transformation(); + } else if (EnvelopedSignatureTransformation.ALL.contains(algorithmUri)) { + return createEnvelopedSignatureTransformation(); + } else if (XPathTransformation.ALL.contains(algorithmUri)) { + return createXPathTransformation((XPathTransform) transform); + } else if (XPath2Transformation.ALL.contains(algorithmUri)) { + return createXPath2Transformation((XPathFilter2Transform) transform); + } else if (XSLTTransformation.ALL.contains(algorithmUri)) { + return createXSLTTransformation((XSLTTransform) transform); + } else { + throw new MOAApplicationException("1108", new Object[] { algorithmUri }); + } + } + + /** + * Create a <code>List</code> of <code>Transformation</code>s from a + * <code>List</code> of <code>Transform</code>s. + * + * @param transforms The <code>List</code> containing the + * <code>Transform</code>s. + * @return The <code>List</code> of <code>Transformation</code>s corresponding + * to the <code>transforms</code>. + * @throws MOAApplicationException An error occurred building one of the + * transformations. See exception message for details. + */ + public List createTransformationList(List transforms) + throws MOAApplicationException { + List transformationList = new ArrayList(); + Iterator trIter; + + for (trIter = transforms.iterator(); trIter.hasNext();) { + Transform transform = (Transform) trIter.next(); + transformationList.add(createTransformation(transform)); + } + + return transformationList; + } + + /** + * Create a <code>Canonicalization</code>. + * + * @param algorithmUri The algorithm URI of the canonicalization. + * @return The <code>Canonicalization</code>. + */ + private Transformation createC14nTransformation(String algorithmUri) { + return new CanonicalizationImpl(algorithmUri); + } + + /** + * Create a <code>ExclusiveCanonicalization</code>. + * + * @param transform The <code>ExclusiveCanonicalizationTransform</code> + * containing the transformation data. + * @return The <code>ExclusiveCanonicalization</code>. + */ + private Transformation createExclusiveC14nTransformation(ExclusiveCanonicalizationTransform transform) { + return new ExclusiveCanonicalizationImpl( + transform.getAlgorithmURI(), + transform.getInclusiveNamespacePrefixes()); + } + + /** + * Create a <code>Base64Transformation</code>. + * + * @return The <code></code> + */ + private Transformation createBase64Transformation() { + return new Base64TransformationImpl(); + } + + /** + * Create an <code>EnvelopedSignatureTransformation</code>. + * + * @return An <code>EnvelopedSignatureTransformation</code>. + */ + private Transformation createEnvelopedSignatureTransformation() { + return new EnvelopedSignatureTransformationImpl(); + } + + /** + * Create an <code>XPathTransformation</code>. + * + * @param transform The <code>Transform</code> object containing the + * XPath transformation. + * @return An <code>XPathTransformation</code> corresponding the + * transformation given in <code>transform</code>. + * @throws MOAApplicationException An error occurred creating the + * <code>Transformation</code>. + */ + private Transformation createXPathTransformation(XPathTransform transform) + throws MOAApplicationException { + + return new XPathTransformationImpl( + transform.getXPathExpression(), + transform.getNamespaceDeclarations()); + } + + /** + * Create an <code>XPath2Transformation</code>. + * + * @param transform The <code>Transform</code> object containing the + * XPath filter transformation. + * @return An <code>XPath2Transformation</code> corresponding the + * transformation given in <code>transform</code>. + * @throws MOAApplicationException An error occurred creating the + * <code>Transformation</code>. + */ + private Transformation createXPath2Transformation(XPathFilter2Transform transform) + throws MOAApplicationException { + + XPath2TransformationImpl xpath2 = new XPath2TransformationImpl(); + Iterator iter; + + for (iter = transform.getFilters().iterator(); iter.hasNext();) { + XPathFilter filter = (XPathFilter) iter.next(); + String mappedFilterType = + (String) FILTER_TYPE_MAPPING.get(filter.getFilterType()); + XPath2FilterImpl mappedFilter = + new XPath2FilterImpl( + mappedFilterType, + filter.getXPathExpression(), + filter.getNamespaceDeclarations()); + xpath2.addXPathFilter(mappedFilter); + } + + if (xpath2.getXPathFilters().size() == 0) { + throw new MOAApplicationException("2216", null); + } + + return xpath2; + } + + /** + * Create an <code>XSLTTransformation</code>. + * + * @param transform The <code>Transform</code> containing the XSLT stylesheet. + * @return An <code>XSLTTransformation</code> corresponding the transformation + * given in <code>transform</code>. + * @throws MOAApplicationException An error occurred creating the + * <code>Transformation</code>. + */ + private Transformation createXSLTTransformation(XSLTTransform transform) + throws MOAApplicationException { + + return new XSLTTransformationImpl(transform.getStylesheet()); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java new file mode 100644 index 0000000..1ea10cb --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -0,0 +1,127 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.server.modules.cmsverify.CertificateValidationResult; + +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; +import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.SignerInfo; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; + +/** + * A class to build a <code>VerifyCMSSignatureResponse</code> object. + * + * <p>Via subsequent calls to <code>addResult()</code> a number of results from + * a CMS signature verification can be added to the response.</p> + * + * <p>The <code>getResponseElement()</code> method then returns the + * <code>VerifyCMSSignatureResponse</code> built so far.</p> + * + * @author Patrick Peck + * @version $Id$ + */ +public class VerifyCMSSignatureResponseBuilder { + /** The <code>SPSSFactory</code> for creating API objects. */ + private SPSSFactory factory = SPSSFactory.getInstance(); + /** The elements making up the response. */ + private List responseElements = new ArrayList(); + + /** + * Get the <code>VerifyCMSSignatureResponse</code> built so far. + * + * @return The <code>VerifyCMSSignatureResponse</code> built so far. + */ + public VerifyCMSSignatureResponse getResponse() { + return factory.createVerifyCMSSignatureResponse(responseElements); + } + + /** + * Add a verification result to the response. + * + * @param result The result to add. + * @param trustprofile The actual trustprofile + * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the + * certificate as qualified, otherwise <code>false</code>. + * @param checkSSCD <code>true</code>, if the TSL check verifies the + * signature based on a SSDC, otherwise <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, + * otherwise <code>false</code>. + * @throws MOAException + */ + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL, String issuerCountryCode) + throws MOAException { + + CertificateValidationResult certResult = + result.getCertificateValidationResult(); + int signatureCheckCode = + result.getSignatureValueVerificationCode().intValue(); + int certificateCheckCode = certResult.getValidationResultCode().intValue(); + + VerifyCMSSignatureResponseElement responseElement; + SignerInfo signerInfo; + CheckResult signatureCheck; + CheckResult certificateCheck; + + boolean qualifiedCertificate = checkQC; + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode); + + // add SignatureCheck element + signatureCheck = factory.createCheckResult(signatureCheckCode, null); + + // add CertificateCheck element + certificateCheck = factory.createCheckResult(certificateCheckCode, null); + + // build the response element + responseElement = + factory.createVerifyCMSSignatureResponseElement( + signerInfo, + signatureCheck, + certificateCheck); + responseElements.add(responseElement); + } + + + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java new file mode 100644 index 0000000..9021785 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -0,0 +1,501 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import javax.xml.crypto.OctetStreamData; +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec; + +import org.w3c.dom.DocumentFragment; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.InputData; +import at.gv.egovernment.moa.spss.api.common.SignerInfo; +import at.gv.egovernment.moa.spss.api.impl.InputDataBinaryImpl; +import at.gv.egovernment.moa.spss.api.impl.InputDataXMLImpl; +import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo; +import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; +import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.util.CollectionUtils; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.NodeListAdapter; +import iaik.server.modules.xml.BinaryDataObject; +import iaik.server.modules.xml.DataObject; +import iaik.server.modules.xml.XMLDataObject; +import iaik.server.modules.xml.XMLNodeListDataObject; +import iaik.server.modules.xmlverify.CertificateValidationResult; +import iaik.server.modules.xmlverify.DsigManifest; +import iaik.server.modules.xmlverify.HashUnavailableException; +import iaik.server.modules.xmlverify.ReferenceData; +import iaik.server.modules.xmlverify.ReferenceInfo; +import iaik.server.modules.xmlverify.SecurityLayerManifest; +import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; +import iaik.server.modules.xmlverify.XMLSignatureVerificationResult; +import iaik.x509.X509Certificate; +import iaik.xml.crypto.alg.transform.C14NTransformService; +import iaik.xml.crypto.dsig.CanonicalizationMethodImpl; + +/** + * A class to build a <code>VerifyXMLSignatureResponse</code> object. + * + * <p>Via a call to <code>addResult()</code> the only result of the + * signature verification must be added.</p> + * + * <p>The <code>getResponseElement()</code> method then returns the + * <code>VerifyXMLSignatureResponse</code> built so far.</p> + * + * @author Patrick Peck + * @version $Id$ + */ +public class VerifyXMLSignatureResponseBuilder { + + /** The <code>SPSSFactory</code> for creating API objects. */ + private SPSSFactory factory = SPSSFactory.getInstance(); + + /** Information about the signer certificate. */ + private SignerInfo signerInfo; + /** The hash input data. */ + private List hashInputDatas; + /** The reference input data. */ + private List referenceInputDatas; + /** The result of the signature check. */ + private ReferencesCheckResult signatureCheck; + /** The result of the signature manifest check. */ + private ReferencesCheckResult signatureManifestCheck; + /** The result of the XMLDsig manifest check. */ + private List xmlDsigManifestChecks; + /** The result of the certificate check. */ + private CheckResult certificateCheck; + + /** + * Get the <code>VerifyMLSignatureResponse</code> built so far. + * + * @return The <code>VerifyXMLSignatureResponse</code> built so far. + */ + public VerifyXMLSignatureResponse getResponse() { + return factory.createVerifyXMLSignatureResponse( + signerInfo, + hashInputDatas, + referenceInputDatas, + signatureCheck, + signatureManifestCheck, + xmlDsigManifestChecks, + certificateCheck); + } + + /** + * Sets the verification result to the response. + * + * This method must be called exactly once to ensure a valid + * <code>VerifyXMLSignatureResponse</code>. + * + * @param result The result to set for the response. + * @param profile The profile used for verifying the signature. + * @param transformsSignatureManifestCheck The overall result for the signature + * manifest check. + * @param certificateCheck The overall result for the certificate check. + * @param checkQC <code>true</code>, if the certificate is QC, otherwise <code>false</code>. + * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL, + * otherwise <code>false</code>. + * @param checkSSCD <code>true</code>, if the signature is created by an SSCD, otherwise <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, + * otherwise <code>false</code>. + * @throws MOAApplicationException An error occurred adding the result. + */ + public void setResult( + XMLSignatureVerificationResult result, + XMLSignatureVerificationProfile profile, + ReferencesCheckResult transformsSignatureManifestCheck, + CheckResult certificateCheck, + boolean checkQC, + boolean qcSourceTSL, + boolean checkSSCD, + boolean sscdSourceTSL, + boolean isTSLEnabledTrustprofile, + String issuerCountryCode) + throws MOAApplicationException { + + CertificateValidationResult certResult = + result.getCertificateValidationResult(); + List referenceDataList; + ReferenceData referenceData; + List dsigManifestList; + ReferencesCheckResultInfo checkResultInfo; + int[] failedReferences; + Iterator iter; + + boolean qualifiedCertificate = false; + + qualifiedCertificate = checkQC; + + // create the SignerInfo; + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode); + + // Create HashInputData Content objects + referenceDataList = result.getReferenceDataList(); + if (profile.includeHashInputData()) { + hashInputDatas = new ArrayList(); + + // Include SignedInfo references + addHashInputDatas( + hashInputDatas, + referenceDataList, + InputData.CONTAINER_SIGNEDINFO_, + InputData.REFERER_NONE_); + + // Include XMLDSIGManifest references + List xMLDSIGManifests = result.getDsigManifestList(); + for (iter = xMLDSIGManifests.iterator(); iter.hasNext();) + { + DsigManifest currentMF = (DsigManifest) iter.next(); + List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList(); + addHashInputDatas( + hashInputDatas, + xMLDSIGMFReferenceDataList, + InputData.CONTAINER_XMLDSIGMANIFEST_, + currentMF.getReferringReferenceInfo().getReferenceIndex()); + } + } + + // Create the ReferenceInputData Content objects + if (profile.includeReferenceInputData()) { + referenceInputDatas = new ArrayList(); + + // Include SignedInfo references + addReferenceInputDatas( + referenceInputDatas, + referenceDataList, + InputData.CONTAINER_SIGNEDINFO_, + InputData.REFERER_NONE_); + + // Include XMLDSIGManifest references + List xMLDSIGManifests = result.getDsigManifestList(); + for (iter = xMLDSIGManifests.iterator(); iter.hasNext();) + { + DsigManifest currentMF = (DsigManifest) iter.next(); + List xMLDSIGMFReferenceDataList = currentMF.getReferenceDataList(); + addReferenceInputDatas( + referenceInputDatas, + xMLDSIGMFReferenceDataList, + InputData.CONTAINER_XMLDSIGMANIFEST_, + currentMF.getReferringReferenceInfo().getReferenceIndex()); + } + } + + // create the signature check + failedReferences = buildFailedReferences(result.getReferenceDataList()); + checkResultInfo = + failedReferences != null + ? factory.createReferencesCheckResultInfo(null, failedReferences) + : null; + signatureCheck = + factory.createReferencesCheckResult( + result.getSignatureValueVerificationCode().intValue(), + checkResultInfo); + + // create the signature manifest check + if (profile.checkSecurityLayerManifest()) + { + if (transformsSignatureManifestCheck.getCode() == 1) + { + // checking the transforms failed + signatureManifestCheck = transformsSignatureManifestCheck; + } + else if (result.isSecurityLayerManifestRequired()) + { + if (!result.containsSecurityLayerManifest()) + { + // required security layer manifest is missing in signature + signatureManifestCheck = factory.createReferencesCheckResult(2, null); + } + else + { + // security layer manifest exists, so we have to check its validity + SecurityLayerManifest slManifest = result.getSecurityLayerManifest(); + int verificationResult = slManifest.getManifestVerificationResult().intValue(); + + if (SecurityLayerManifest.CODE_MANIFEST_VALID.intValue() == verificationResult) + { + // security layer manifest exists and is free of errors + signatureManifestCheck = factory.createReferencesCheckResult(0, null); + } + else + { + // security layer manifest exists, but has errors + failedReferences = buildFailedReferences(slManifest.getReferenceDataList()); + checkResultInfo = (failedReferences != null) + ? factory.createReferencesCheckResultInfo(null, failedReferences) + : null; + if (SecurityLayerManifest.CODE_MANIFEST_INCOMPLETE.intValue() == verificationResult) + { + signatureManifestCheck = factory.createReferencesCheckResult(3, checkResultInfo); + } + else if (SecurityLayerManifest.CODE_REFERENCE_HASH_INVALID.intValue() == verificationResult) + { + signatureManifestCheck = factory.createReferencesCheckResult(4, checkResultInfo); + } + else + { + // Should not happen + throw new RuntimeException("Unexpected result from security layer manifest verification."); + } + } + } + } + else + { + // no security layer manifest is required, so the signature manifest check is ok + signatureManifestCheck = factory.createReferencesCheckResult(0, null); + } + } + + // create the xmlDsigManifestCheck + if (profile.checkXMLDsigManifests()) { + xmlDsigManifestChecks = new ArrayList(); + dsigManifestList = result.getDsigManifestList(); + for (iter = dsigManifestList.iterator(); iter.hasNext();) { + DsigManifest dsigManifest = (DsigManifest) iter.next(); + int refIndex = + dsigManifest.getReferringReferenceInfo().getReferenceIndex(); + ManifestRefsCheckResultInfo manifestCheckResultInfo; + + failedReferences = + buildFailedReferences(dsigManifest.getReferenceDataList()); + manifestCheckResultInfo = + factory.createManifestRefsCheckResultInfo( + null, + failedReferences, + refIndex); + xmlDsigManifestChecks.add( + factory.createManifestRefsCheckResult( + dsigManifest.getManifestVerificationResult().intValue(), + manifestCheckResultInfo)); + } + } + + // create the certificate check + this.certificateCheck = certificateCheck; + + + + } + + /** + * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. The content of the entry will + * be created from {@link ReferenceData#getHashInputData()}. + * + * @param inputDatas The list to be amended. + * + * @param referenceDataList The list of {@link ReferenceData} objects to be investigated. + * + * @param containerType The type of container of the {@link InputData} objects to be created. + * + * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created. + * + * @throws MOAApplicationException if creating an {@link InputData} fails. + */ + private void addHashInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber) + throws MOAApplicationException + { + for (Iterator iter = referenceDataList.iterator(); iter.hasNext();) + { + ReferenceData referenceData = (ReferenceData) iter.next(); + inputDatas.add(buildInputData( + referenceData.getHashInputData(), + containerType, + refererNumber)); + } + } + + /** + * Adds {@link InputData} entries to the specified <code>inputDatas</code> list. The content of the entry will + * be created from {@link ReferenceData#getReferenceInputData()}. + * + * @param inputDatas The list to be amended. + * + * @param referenceDataList The list of {@link ReferenceData} objects to be investigated. + * + * @param containerType The type of container of the {@link InputData} objects to be created. + * + * @param refererNumber The number of the referring reference for the {@link InputData} objects to be created. + * + * @throws MOAApplicationException if creating an {@link InputData} fails. + */ + private void addReferenceInputDatas(List inputDatas, List referenceDataList, String containerType, int refererNumber) + throws MOAApplicationException + { + for (Iterator iter = referenceDataList.iterator(); iter.hasNext();) + { + ReferenceData referenceData = (ReferenceData) iter.next(); + inputDatas.add(buildInputData( + referenceData.getReferenceInputData(), + containerType, + refererNumber)); + } + } + + /** + * Build a <code>InputDataBinaryImpl</code> or an <code>InputDataXMLImpl</code> + * object from the given <code>DataObject</code> and the given attributes. + * + * @param dataObject The <code>DataObject</code> from which to build the result. + * Based on the type of this parameter, the type of the result will either be + * <code>InputDataBinaryImpl</code> or <code>InputDataXMLImpl</code>. + * + * @param partof see {@link InputData} + * + * @param referringReferenceNumber see {@link InputData} + * + * @return The corresponinding input data implementation. + * + * @throws MOAApplicationException An error occurred creating the result. + */ + private Content buildInputData(DataObject dataObject, String partOf, int referringReferenceNumber) + throws MOAApplicationException { + + if (dataObject instanceof BinaryDataObject) { + BinaryDataObject binaryData = (BinaryDataObject) dataObject; + return new InputDataBinaryImpl( + factory.createContent(binaryData.getInputStream(), null), + partOf, + referringReferenceNumber); + } else if (dataObject instanceof XMLDataObject) { + XMLDataObject xmlData = (XMLDataObject) dataObject; + List nodes = new ArrayList(); + + nodes.add(xmlData.getElement()); + return new InputDataXMLImpl( + factory.createContent(new NodeListAdapter(nodes), null), + partOf, + referringReferenceNumber); + } else { // dataObject instanceof XMLNodeListDataObject + // if the data in the NodeList can be converted back to valid XML, + // write it as XMLContent; otherwise, write it as Base64Content + XMLNodeListDataObject nodeData = (XMLNodeListDataObject) dataObject; + NodeList nodes = nodeData.getNodeList(); + + if (DOMUtils.checkAttributeParentsInNodeList(nodes)) { + // insert as XMLContent + try { + DocumentFragment fragment = DOMUtils.nodeList2DocumentFragment(nodes); + + return new InputDataXMLImpl( + factory.createContent(fragment.getChildNodes(), null), + partOf, + referringReferenceNumber); + } catch (Exception e) { + // not successful -> fall through to the Base64Content + } + } + + // insert canonicalized NodeList as binary content + try { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + for(int i = 0; i < nodes.getLength(); i++) { + baos.write(DOMUtils.nodeToByteArray(nodes.item(i))); + } + baos.close(); + ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray()); + OctetStreamData inputData = new OctetStreamData(bais); + + CanonicalizationMethodImpl canonicalizationMethodImpl = new CanonicalizationMethodImpl( + CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS, new ExcC14NParameterSpec()); + OctetStreamData data = (OctetStreamData)canonicalizationMethodImpl.transform(inputData, null); + bais.close(); + //CanonicalizationAlgorithm c14n = + //new CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments(); + InputStream is = data.getOctetStream(); + + //c14n.setInput(nodes); + //is = c14n.canonicalize(); + return new InputDataBinaryImpl( + factory.createContent(is, null), + partOf, + referringReferenceNumber); + } catch (Exception e) { + throw new MOAApplicationException("2200", null); + } + } + } + + /** + * Build the failed references. + * + * Failed references are references for which the <code>isHashValid()</code> + * method returns <code>false</code>. + * + * @param refInfos A <code>List</code> containing the + * <code>ReferenceInfo</code> objects to be checked. + * @return The indexes of the failed references. + */ + private int[] buildFailedReferences(List refInfos) { + List failedReferencesList = new ArrayList(); + int i; + + // find out the failed references + for (i = 0; i < refInfos.size(); i++) { + ReferenceInfo refInfo = (ReferenceInfo) refInfos.get(i); + + try { + if (refInfo.isHashCalculated() && !refInfo.isHashValid()) { + failedReferencesList.add(new Integer(i + 1)); + } + } catch (HashUnavailableException e) { + // nothing to do here because we called refInfo.isHashCalculated first + } + } + + // convert to an int array + if (failedReferencesList.isEmpty()) { + return null; + } else { + int[] failedReferences = CollectionUtils.toIntArray(failedReferencesList); + + return failedReferences; + } + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java new file mode 100644 index 0000000..7debb7b --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java @@ -0,0 +1,586 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.server.modules.IAIKException; +import iaik.server.modules.IAIKRuntimeException; +import iaik.server.modules.xml.DataObject; +import iaik.server.modules.xml.XMLDataObject; +import iaik.server.modules.xml.XMLSignature; +import iaik.server.modules.xmlsign.XMLSignatureCreationModule; +import iaik.server.modules.xmlsign.XMLSignatureCreationModuleFactory; +import iaik.server.modules.xmlsign.XMLSignatureCreationProfile; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.common.Content; +import at.gv.egovernment.moa.spss.api.common.MetaInfo; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.xml.XMLDataObjectImpl; +import at.gv.egovernment.moa.spss.server.logging.IaikLog; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.server.util.IdGenerator; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * A class providing an API based interface to the + * <code>XMLSignatureCreationModule</code>. + * + * This class performs the invocation of the + * <code>iaik.server.modules.xmlsign.XMLSignatureCreationModule</code> from a + * <code>CreateXMLSignatureRequest</code> given as an API object. The result of + * the invocation is integrated into a <code>CreateXMLSignatureResponse</code> + * and returned. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLSignatureCreationInvoker { + + /** The single instance of this class. */ + private static XMLSignatureCreationInvoker instance = null; + + /** + * Get the only instance of this class. + * + * @return The only instance of this class. + */ + public static synchronized XMLSignatureCreationInvoker getInstance() { + if (instance == null) { + instance = new XMLSignatureCreationInvoker(); + } + return instance; + } + + /** + * Create a new <code>XMLSignatureCreationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected XMLSignatureCreationInvoker() { + } + + /** + * Process the <code>CreateXMLSignatureRequest<code> message and invoke the + * <code>XMLSignatureCreationModule</code> for every + * <code>SingleSignatureInfo</code> contained in the request. + * + * @param request A <code>CreateXMLSignatureRequest<code> API object + * containing the information for creating the signature(s). + * @param reserved A <code>Set</code> of reserved object IDs. + * + * @return A <code>CreateXMLSignatureResponse</code> API object containing + * the created signature(s). The response contains either a + * <code>SignatureEnvironment</code> or a <code>ErrorResponse</code> + * for each <code>SingleSignatureInfo</code> in the request. + * @throws MOAException An error occurred during signature creation. + */ + public CreateXMLSignatureResponse createXMLSignature( + CreateXMLSignatureRequest request, + Set reserved) + throws MOAException { + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + LoggingContext loggingCtx = + LoggingContextManager.getInstance().getLoggingContext(); + reserved = new HashSet(reserved); + XMLSignatureCreationProfileFactory profileFactory = + new XMLSignatureCreationProfileFactory(request, reserved); + CreateXMLSignatureResponseBuilder responseBuilder = + new CreateXMLSignatureResponseBuilder(); + int createCount = 1; + IdGenerator refIdGen; + XMLSignatureCreationModule module; + Iterator singleSignatureInfoIter; + + // create the XMLSignatureCreationModule and configure it + module = XMLSignatureCreationModuleFactory.getInstance(); + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + // select the SingleSignatureInfo elements + singleSignatureInfoIter = request.getSingleSignatureInfos().iterator(); + + // iterate over all the SingleSignatureInfo elements in the request + while (singleSignatureInfoIter.hasNext()) { + SingleSignatureInfo singleSignatureInfo = + (SingleSignatureInfo) singleSignatureInfoIter.next(); + CreateSignatureInfo createSignatureInfo; + List dataObjectList; + XMLSignatureCreationProfile profile; + XMLDataObject signatureEnvironment; + XMLDataObject signatureParent; + XMLSignature signature; + List additionalSignedProperties; + Node signatureEnvironmentParent = null; + Element requestElement = null; + + try { + + // build the signature environment + createSignatureInfo = singleSignatureInfo.getCreateSignatureInfo(); + if (createSignatureInfo != null) { + DataObjectFactory dataObjFactory = DataObjectFactory.getInstance(); + + signatureEnvironment = + dataObjFactory.createSignatureEnvironment( + createSignatureInfo.getCreateSignatureEnvironment(), + getCreateSignatureEnvironmentProfileSupplements(singleSignatureInfo)); + } else { + signatureEnvironment = null; + } + + HashSet sigInfoReservedIDs = new HashSet(); + if (signatureEnvironment != null) + { + // Find Id attributes of existing XML signatures in signature environment + HashMap nSMap = new HashMap(); + String dsp = Constants.DSIG_PREFIX; + nSMap.put(dsp, Constants.DSIG_NS_URI); + String xPathExpr = "//" + dsp + ":Signature/@Id | //" + dsp + ":Reference/@Id | //" + + dsp + ":Object/@Id | //" + dsp + ":Manifest/@Id"; + NodeList idAttrs = XPathUtils.selectNodeList(signatureEnvironment.getElement(), nSMap, xPathExpr); + + // Add found Id attributes to set of reserved IDs + for (int i = 0; i < idAttrs.getLength(); i++) sigInfoReservedIDs.add(idAttrs.item(i).getNodeValue()); + } + + // create the reference id generator + HashSet allReservedIDs = new HashSet(reserved); + allReservedIDs.addAll(sigInfoReservedIDs); + refIdGen = new IdGenerator("reference-" + createCount++, allReservedIDs); + + // build the list of DataObjects + List createTransformsProfiles = profileFactory.getCreateTransformsInfoProfiles(singleSignatureInfo); + dataObjectList = + buildDataObjectList( + singleSignatureInfo, + createTransformsProfiles, + signatureEnvironment, + refIdGen); + + // build the XMLSignatureCreationProfile + profile = profileFactory.createProfile(singleSignatureInfo, sigInfoReservedIDs); + + // build the additionalSignedProperties + additionalSignedProperties = buildAdditionalSignedProperties(); + + // build the signatureParentElement + if (signatureEnvironment != null) { + signatureParent = + buildSignatureParentElement( + signatureEnvironment.getElement(), + singleSignatureInfo); + } else { + signatureParent = null; + } + + // make the signature environment the root of the document, if it is + // not a separate document anyway; this is done to assure that + // canonicalization of the signature environment contains the correct + // namespace declarations + if (signatureEnvironment != null) { + Document requestDoc = + signatureEnvironment.getElement().getOwnerDocument(); + requestElement = requestDoc.getDocumentElement(); + if (requestElement != signatureEnvironment.getElement()) { + signatureEnvironmentParent = + signatureEnvironment.getElement().getParentNode(); + requestElement.getOwnerDocument().replaceChild( + signatureEnvironment.getElement(), + requestElement); + } + } + + try { + ConfigurationProvider config = context.getConfiguration(); + String xadesVersion = config.getXAdESVersion(); + + if (xadesVersion!= null && xadesVersion.compareTo(XMLSignatureCreationModule.XADES_VERSION_1_4_2) == 0) { + // create the signature (XAdES 1.4.2) + signature = + module.createSignature( + dataObjectList, + profile, + additionalSignedProperties, + signatureParent, + XMLSignatureCreationModule.XADES_VERSION_1_4_2, + new TransactionId(context.getTransactionID())); + } + else { + // create the signature (XAdES 1.1.1 = default) + signature = + module.createSignature( + dataObjectList, + profile, + additionalSignedProperties, + signatureParent, + XMLSignatureCreationModule.XADES_VERSION_1_1_1, + new TransactionId(context.getTransactionID())); + } + + // insert the result into the response + if (signatureParent != null) { + responseBuilder.addSignatureEnvironment( + signatureEnvironment.getElement()); + } else { + responseBuilder.addSignatureEnvironment(signature.getElement()); + } + + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + + responseBuilder.addError( + moaException.getMessageId(), + moaException.getMessage()); + Logger.warn(moaException.getMessage(), e); + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + + responseBuilder.addError( + moaException.getMessageId(), + moaException.getMessage()); + Logger.warn(moaException.getMessage(), e); + } + + // swap back in the request as root document + if (signatureEnvironment != null) { + if (requestElement != signatureEnvironment.getElement()) { + requestElement.getOwnerDocument().replaceChild( + requestElement, + signatureEnvironment.getElement()); + signatureEnvironmentParent.appendChild( + signatureEnvironment.getElement()); + } + } + + } catch (MOAException e) { + responseBuilder.addError(e.getMessageId(), e.getMessage()); + Logger.warn(e.getMessage(), e); + } + + } + + return responseBuilder.getResponse(); + } + + /** + * Build the list of <code>DataObject</code>s from the given + * <code>SingleSignatureInfo</code> object. + * + * <p> + * Only the following cases of <code>DataObject</code>s are + * valid in case of an enveloping signature: + * + * <ul> + * <li><code>Reference == null && Content != null</code>: The + * <code>Content</code> will be used in the <code>DataObject</code>.</li> + * <li><code>Reference != null && Content == null</code>: Resolve the + * <code>Reference</code> and use it as <code>DataObject</code>. + * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li> + * </ul> + * </p> + * + * <p> + * Only the following cases of <code>DataObject</code>s are valid in case + * of a detached signature: + * + * <ul> + * <li><code>Reference != null && Content == null</code>: Resolve the + * <code>Reference</code> and use it as <code>DataObject</code>. + * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li> + * <li><code>Reference != null && Content != null</code>: The + * <code>Content</code> will be used in the <code>DataObject</code>. + * Set the <code>Reference</code> in the <code>DataObject</code> as well.</li> + * </ul> + * </p> + * + * <p> + * All other cases will lead to an error. + * </p> + * + * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object + * containing the <code>DataObjectInfo</code> objects. + * @param createTransformsProfiles A list of objects of type {@link CreateTransformsInfoProfileExplicit}, + * each representing the transforms info profile information for the corresponding <code>DataObject</code>. + * @param signatureEnvironment The + * @param idGen The ID generator for <code>DataObject</code> references. + * @return The <code>List</code> of <code>DataObject</code>s contained in the + * given <code>singleSignatureInfo</code>. + * @throws MOASystemException A system error occurred building the data + * objects. + * @throws MOAApplicationException An error occurred building the data + * objects. + */ + private List buildDataObjectList( + SingleSignatureInfo singleSignatureInfo, + List createTransformsProfiles, + XMLDataObject signatureEnvironment, + IdGenerator idGen) + throws MOASystemException, MOAApplicationException { + + List dataObjInfos = singleSignatureInfo.getDataObjectInfos(); + List dataObjects = new ArrayList(); + Iterator dtIter; + Iterator ctpIter = createTransformsProfiles.iterator(); + + for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) + { + DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next(); + String structure = dataObjInfo.getStructure(); + + CreateTransformsInfoProfileExplicit transformsProfile = + (CreateTransformsInfoProfileExplicit) ctpIter.next(); + MetaInfo finalDataMetaInfo = transformsProfile.getCreateTransformsInfo().getFinalDataMetaInfo(); + + if (DataObjectInfo.STRUCTURE_ENVELOPING.equals(structure)) { + dataObjects.add( + buildEnvelopingDataObject( + dataObjInfo.getDataObject(), + finalDataMetaInfo, + idGen.uniqueId())); + } else if (DataObjectInfo.STRUCTURE_DETACHED.equals(structure)) { + dataObjects.add( + buildDetachedDataObject( + dataObjInfo.getDataObject(), + finalDataMetaInfo, + signatureEnvironment, + idGen.uniqueId())); + } else { + throw new MOAApplicationException("1103", new Object[] { structure }); + } + } + + return dataObjects; + + } + + /** + * Build a <code>DataObject</code> to be used in an enveloping + * signature. + * + * @param content The <code>Content</code> object containing the data object. + * <code>ContentOptionalRefType</code>. + * @param finalDataMetaInfo The meta information corresponding with <code>content</code>. + * @param referenceID The reference ID to use in the signature for the + * <code>DataObject</code> created. + * @return The <code>DataObject</code> representing the data contained in + * <code>dataObjectElem</code>. + * @throws MOAApplicationException An error occurred during the creation of + * the <code>DataObject</code>. + * @throws MOASystemException A system error occurred during the creation of + * the <code>DataObject</code>. + */ + private DataObject buildEnvelopingDataObject( + Content content, + MetaInfo finalDataMetaInfo, + String referenceID) + throws MOASystemException, MOAApplicationException { + + DataObjectFactory factory = DataObjectFactory.getInstance(); + DataObject dataObject; + + dataObject = + factory.createFromContentOptionalRefType( + content, + finalDataMetaInfo, + referenceID, + false, + false, + true, + false); + + return dataObject; + } + + /** + * Build a <code>DataObject</code> to be used in a detached signature. + * + * @param content The <code>Content</code> object containing an the data. + * @param finalDataMetaInfo The meta information corresponding with <code>content</code>. + * @param signatureEnvironment The signature environment where the signature + * will be inserted. + * @param referenceID The reference ID to use in the signature for the + * <code>DataObject</code> created. + * @return The <code>DataObject</code> representing the data contained in + * <code>dataObjectElem</code>. + * @throws MOAApplicationException An error occurred during the creation of + * the <code>DataObject</code>. + * @throws MOASystemException A system error occurred during the creation of + * the <code>DataObject</code>. + */ + private DataObject buildDetachedDataObject( + Content content, + MetaInfo finalDataMetaInfo, + XMLDataObject signatureEnvironment, + String referenceID) + throws MOASystemException, MOAApplicationException { + + String reference = content.getReference(); + DataObjectFactory factory = DataObjectFactory.getInstance(); + DataObject dataObject; + + if (reference == null) { + throw new MOAApplicationException("1102", null); + } else if ("".equals(reference) || reference.startsWith("#")) { + dataObject = + factory.createFromSignatureEnvironment( + signatureEnvironment.getElement(), + reference, + referenceID); + } else { + dataObject = + factory.createFromContentOptionalRefType( + content, + finalDataMetaInfo, + referenceID, + true, + false, + true, + false); + } + return dataObject; + } + + /** + * Build the signature parent element. + * + * @param signatureEnvironment The signature environment containing the + * document in which to insert the signature. + * @param singleSignatureInfo The <code>SingleSignatureInfo</code> + * containing the signature parent element. + * @return An <code>XMLDataObject</code> containing the signature parent + * element or <code>null</code>, if the <code>CreateSignatureInfo</code> is + * <code>null</code>. + * @throws MOAApplicationException An error occurred during the creation of + * the signature parent. + */ + private XMLDataObject buildSignatureParentElement( + Element signatureEnvironment, + SingleSignatureInfo singleSignatureInfo) + throws MOAApplicationException { + + CreateSignatureInfo createInfo = + singleSignatureInfo.getCreateSignatureInfo(); + + // evaluate the CreateSignatureLocation + if (createInfo != null) { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + CreateSignatureEnvironmentProfileExplicit createProfile = + ProfileMapper.mapCreateSignatureEnvironmentProfile( + createInfo.getCreateSignatureEnvironmentProfile(), + config); + CreateSignatureLocation location = + createProfile.getCreateSignatureLocation(); + Element signatureParent = + InvokerUtils.evaluateSignatureLocation(signatureEnvironment, location); + + return new XMLDataObjectImpl(signatureParent); + } else { + return null; + } + } + + /** + * Get the supplements contained in the + * <code>CreateSignatureEnvironmentProfile</code> of the given + * <code>SingleSignatureInfo</code>. + * + * @param singleSigInfo The <code>SingleSignatureInfo</code> from which + * to extract the supplements. + * @return A <code>List</code> of <code>XMLDataObjectAssociation</code>s + * or <code>null</code>, if the <code>singleSigInfo</code> does not contain + * supplements. + * @throws MOAApplicationException An error occurred parsing the + * <code>CreateSignatureEnvironmentProfile</code>. + */ + private List getCreateSignatureEnvironmentProfileSupplements(SingleSignatureInfo singleSigInfo) + throws MOAApplicationException { + CreateSignatureInfo sigInfo = singleSigInfo.getCreateSignatureInfo(); + + if (sigInfo != null) { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + CreateSignatureEnvironmentProfileExplicit profile = + ProfileMapper.mapCreateSignatureEnvironmentProfile( + sigInfo.getCreateSignatureEnvironmentProfile(), + config); + List supplements = profile.getSupplements(); + + return supplements; + } + return null; + } + + /** + * Build the list of additional signed properties. + * + * Based on the generic configuration setting + * <code>ConfigurationProvider.TEST_SIGNING_TIME_PROPERTY</code>, a + * constant <code>SigningTime</code> will be added to the properties. + * + * @return The <code>List</code> of additional signed properties. + */ + private List buildAdditionalSignedProperties() { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + List additionalSignedProperties = Collections.EMPTY_LIST; + + return additionalSignedProperties; + } + +}
\ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java new file mode 100644 index 0000000..6a85415 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java @@ -0,0 +1,543 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.server.modules.algorithms.HashAlgorithms; +import iaik.server.modules.keys.KeyEntryID; +import iaik.server.modules.keys.KeyModule; +import iaik.server.modules.keys.KeyModuleFactory; +import iaik.server.modules.xmlsign.SignatureStructureTypes; +import iaik.server.modules.xmlsign.XMLSignatureCreationProfile; +import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation; + +import java.math.BigInteger; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo; +import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.KeyGroup; +import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry; +import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl; +import at.gv.egovernment.moa.spss.server.iaik.xmlsign.DataObjectTreatmentImpl; +import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureCreationProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureInsertionLocationImpl; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.server.util.IdGenerator; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.util.Constants; + +/** + * A factory to create <code>XMLSignatureCreationProfile</code>s from a + * <code>CreateXMLSignatureRequest</code>, based on the current MOA + * configuration. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLSignatureCreationProfileFactory { + + private static Map HASH_ALGORITHM_MAPPING; + + static { + HASH_ALGORITHM_MAPPING = new HashMap(); + HASH_ALGORITHM_MAPPING.put(Constants.SHA1_URI, HashAlgorithms.SHA1); + HASH_ALGORITHM_MAPPING.put(Constants.SHA256_URI, HashAlgorithms.SHA256); + HASH_ALGORITHM_MAPPING.put(Constants.SHA384_URI, HashAlgorithms.SHA384); + HASH_ALGORITHM_MAPPING.put(Constants.SHA512_URI, HashAlgorithms.SHA512); + } + + /** The <code>CreateXMLSignatureRequest</code> for which to create the + * profile.*/ + private CreateXMLSignatureRequest request; + /** How many profiles have been created based on the same request. */ + private int createProfileCount; + /** The <code>Set</code> of reserved object IDs.*/ + private Set reserved; + + /** + * Create a new <code>XMLSignatureCreationProfileFactory</code>. + * + * @param request The request for which to create profiles. + * @param reserved The <code>Set</code> of reserved object IDs. IDs will + * be added during signature creation. + */ + public XMLSignatureCreationProfileFactory( + CreateXMLSignatureRequest request, + Set reserved) { + this.request = request; + this.reserved = reserved; + createProfileCount = 1; + } + + /** + * Create a <code>XMLSignatureCreationProfile</code> for the given + * <code>SingleSignatureInfo</code> object.. + * + * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object + * containing information about the creation of a signature. + * @param sigInfoReservedIDs The <code>Set</code> of reserved ID attribue values + * for the particular <code>singleSignatureInfo</code>. + * @return The <code>XMLSignatureCreationProfile</code> containing additional + * information for creating an XML signature. + * @throws MOASystemException A system error occurred during creation of the + * profile. See message for details + * @throws MOAApplicationException An application error occurred during + * creation of the profile. See message for details. + */ + public XMLSignatureCreationProfile createProfile(SingleSignatureInfo singleSignatureInfo, + Set sigInfoReservedIDs) throws MOASystemException, MOAApplicationException { + + HashSet allReservedIDs = new HashSet(reserved); + allReservedIDs.addAll(sigInfoReservedIDs); + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + CanonicalizationImpl canonicalization; + List dataObjectTreatmentList; + Set keySet; + List transformationSupplements; + List createTransformsProfiles; + + // get the key group id + String keyGroupID = request.getKeyIdentifier(); + // get digest method on key group level (if configured) + KeyGroup keygroup = config.getKeyGroup(keyGroupID); + if(null == keygroup) { + Logger.error("Could not find key group '" + keyGroupID + "'"); + throw new MOAApplicationException("2231", null); + } + String configDigestMethodKG = keygroup.getDigestMethodAlgorithm(); + // get default digest method (if configured) + String configDigestMethod = config.getDigestMethodAlgorithmName(); + + String xadesVersion = config.getXAdESVersion(); + + String digestMethodXAdES142 = null; + boolean isXAdES142 = false; + // if XAdES Version 1.4.2 is configured + if (xadesVersion != null && xadesVersion.compareTo("1.4.2") == 0) { + isXAdES142 = true; + Logger.debug("XAdES version '" + xadesVersion + "' used"); + } + + if (isXAdES142) { + if (configDigestMethodKG != null) { + // if KG specific digest method is configured + digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethodKG); + if (digestMethodXAdES142 == null) { + error( + "config.17", + new Object[] { configDigestMethodKG}); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(configured in KeyGroup)"); + } + else { + // else get default configured digest method + digestMethodXAdES142 = (String) HASH_ALGORITHM_MAPPING.get(configDigestMethod); + if (digestMethodXAdES142 == null) { + error( + "config.17", + new Object[] { configDigestMethod}); + throw new MOASystemException("2900", null); + } + Logger.debug("Digest algorithm: " + digestMethodXAdES142 + "(default)"); + + } + } + + XMLSignatureCreationProfileImpl profile = + new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142); + + + // build the transformation supplements + createTransformsProfiles = + getCreateTransformsInfoProfiles(singleSignatureInfo); + transformationSupplements = + buildTransformationSupplements(createTransformsProfiles); + + // build and set the data object treatment list + dataObjectTreatmentList = + buildDataObjectTreatmentList( + singleSignatureInfo, + createTransformsProfiles, + transformationSupplements, + allReservedIDs, + digestMethodXAdES142); + profile.setDataObjectTreatmentList(dataObjectTreatmentList); + + // set the key set + keySet = buildKeySet(keyGroupID); + if (keySet == null) { + throw new MOAApplicationException("2231", null); + } else if (keySet.size() == 0) { + throw new MOAApplicationException("2232", null); + } + profile.setKeySet(keySet); + + // set the Security Layer manifest algorithm name + profile.setSecurityLayerManifestTypeURI(Constants.SL_MANIFEST_TYPE_URI); + + // set the structure type + if (singleSignatureInfo.getCreateSignatureInfo() != null) { + profile.setSignatureStructureType(SignatureStructureTypes.ENVELOPED); + } else { + profile.setSignatureStructureType(SignatureStructureTypes.DETACHED); + } + + // set insertion location + profile.setSignatureInsertionLocation( + getSignatureInsertionLocationIndex(singleSignatureInfo)); + + // set the canonicalization algorithm + canonicalization = + new CanonicalizationImpl(config.getCanonicalizationAlgorithmName()); + profile.setSignedInfoCanonicalization(canonicalization); + + // set the signed properties + profile.setSignedProperties(Collections.EMPTY_LIST); + + // set security layer conformity + profile.setSecurityLayerConform( + singleSignatureInfo.isSecurityLayerConform()); + + // update the createProfileCount + createProfileCount++; + + return profile; + } + + /** + * Get the <code>List</code> of all <code>CreateTransformsInfoProfile</code>s + * contained in all the <code>DataObjectInfo</code>s of the given + * <code>SingleSignatureInfo</code>. + * + * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object from + * which to extract the <code>CreateTransformsInfoProfile</code>s. + * @return All <code>CreateTransformsInfoProfile</code>s of all + * <code>DataObjectInfo</code>s of <code>singleSignatureInfo</code>. + * @throws MOAApplicationException An error occurred creating one of the + * profiles. + */ + List getCreateTransformsInfoProfiles(SingleSignatureInfo singleSignatureInfo) + throws MOAApplicationException { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + List dataObjInfos = singleSignatureInfo.getDataObjectInfos(); + List profiles = new ArrayList(); + Iterator dtIter; + + for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) { + DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next(); + CreateTransformsInfoProfileExplicit profile = + ProfileMapper.mapCreateTransformsInfoProfile( + dataObjInfo.getCreateTransformsInfoProfile(), + config); + profiles.add(profile); + } + + return profiles; + } + + /** + * Build the <code>List</code> of transformation supplements contained in a + * <code>SingleSignatureInfo</code> object. + * + * @param createTransformsInfoProfiles The + * <code>CreateTransformsInfoProfile</code> object from which to extract the + * transformation supplements. + * @return A <code>List</code> of <code>DataObject</code>s containing the + * transformation supplements. + * @throws MOASystemException A system error occurred creating one of the + * transformation supplements. + * @throws MOAApplicationException An error occurred creating one of the + * transformation supplements. + */ + private List buildTransformationSupplements(List createTransformsInfoProfiles) + throws MOASystemException, MOAApplicationException { + + List transformationSupplements = new ArrayList(); + DataObjectFactory factory = DataObjectFactory.getInstance(); + Iterator iter; + + for (iter = createTransformsInfoProfiles.iterator(); iter.hasNext();) { + CreateTransformsInfoProfileExplicit profile = + (CreateTransformsInfoProfileExplicit) iter.next(); + List supplements = profile.getSupplements(); + + if (supplements != null) { + Iterator supplIter; + + for (supplIter = supplements.iterator(); supplIter.hasNext();) { + XMLDataObjectAssociation supplement = + (XMLDataObjectAssociation) supplIter.next(); + + transformationSupplements.add( + factory.createFromXmlDataObjectAssociation( + supplement, + false, + true)); + } + } + } + + return transformationSupplements; + } + + /** + * Build the <code>List</code> of <code>DataObjectTreatment</code>s for the + * given <code>SingleSignatureInfo</code> object.. + * + * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object + * from which to exctract the <code>CreateTransformsInfoProfile</code>s + * containing the data for the <code>DataObjectTreatment</code>s. + * @param createTransformsInfoProfiles The + * <code>CreateTransformsInfoProfile</code>s contained in the + * <code>singleSignatureInfo</code>. + * @param transformationSupplements Additional parameters for + * transformations contained in <code>DataObjectTreatment</code>s. + * @param reservedIDs The <code>Set</code> of reserved object IDs. + * @return A <code>List</code> of <code>DataObjectTreatment</code> objects. + * @throws MOAApplicationException An error occurred building one of the + * <code>DataObjectTreatment</code>s. + * @throws MOASystemException A system error occurred building one of the + * <code>DataObjectTreatment</code>s. + */ + private List buildDataObjectTreatmentList( + SingleSignatureInfo singleSignatureInfo, + List createTransformsInfoProfiles, + List transformationSupplements, + Set reservedIDs, + String digestMethodXAdES142) + throws MOASystemException, MOAApplicationException { + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + List treatments = new ArrayList(); + List dataObjInfos = singleSignatureInfo.getDataObjectInfos(); + int dataObjectTreatmentCount = 1; + String hashAlgorithmName; + Iterator dtIter; + Iterator prIter; + + prIter = createTransformsInfoProfiles.iterator(); + for (dtIter = dataObjInfos.iterator(); dtIter.hasNext();) { + CreateTransformsInfoProfileExplicit profile = + (CreateTransformsInfoProfileExplicit) prIter.next(); + DataObjectInfo dataObjInfo = (DataObjectInfo) dtIter.next(); + IdGenerator objIdGen = + new IdGenerator( + ("signed-data-" + createProfileCount) + + ("-" + dataObjectTreatmentCount++), + reservedIDs); + DataObjectTreatmentImpl treatment = new DataObjectTreatmentImpl(objIdGen); + + treatment.setFinalContentType( + profile.getCreateTransformsInfo().getFinalDataMetaInfo().getMimeType()); + treatment.setTransformationList(buildTransformationList(profile)); + treatment.setReferenceInManifest(dataObjInfo.isChildOfManifest()); + + // if XAdES version is 1.4.2 + if (digestMethodXAdES142 != null) { + // use configured digest algorithm + hashAlgorithmName = digestMethodXAdES142; + } + else { + // stay as it is + hashAlgorithmName = (String) HASH_ALGORITHM_MAPPING.get( + config.getDigestMethodAlgorithmName()); + if (hashAlgorithmName == null) { + error( + "config.17", + new Object[] { config.getDigestMethodAlgorithmName()}); + throw new MOASystemException("2900", null); + } + } + + + + + treatment.setHashAlgorithmName(hashAlgorithmName); + treatment.setIncludedInSignature( + DataObjectInfo.STRUCTURE_ENVELOPING.equals(dataObjInfo.getStructure())); + treatment.setTransformationSupplements(transformationSupplements); + + treatments.add(treatment); + + } + + return treatments; + } + + /** + * Build the <code>List</code> of transformations contained in a + * <code>CreateTransformsInfoProfile</code> object. + * + * @param profile The <code>CreateTransformsInfoProfile</code> object + * from which to extract the <code>Transform</code>s. + * @return A <code>List</code> of <code>Transformation</code>s contained in + * the given <code>CreateTransformsInfoProfile</code>. + * @throws MOAApplicationException An error occurred building one of the + * <code>Transformation</code>s. + */ + private List buildTransformationList(CreateTransformsInfoProfileExplicit profile) + throws MOAApplicationException { + + TransformationFactory factory = TransformationFactory.getInstance(); + List transforms = profile.getCreateTransformsInfo().getTransforms(); + + return transforms != null + ? factory.createTransformationList(transforms) + : Collections.EMPTY_LIST; + } + + /** + * Build the set of <code>KeyEntryID</code>s available to the given + * <code>keyGroupID</code>. + * + * @param keyGroupID The keygroup ID for which the available keys should be + * returned. + * @return The <code>Set</code> of <code>KeyEntryID</code>s + * identifying the available keys. + */ + private Set buildKeySet(String keyGroupID) { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + Set keyGroupEntries; + + // get the KeyGroup entries from the configuration + if (context.getClientCertificate() != null) { + X509Certificate cert = context.getClientCertificate()[0]; + Principal issuer = cert.getIssuerDN(); + BigInteger serialNumber = cert.getSerialNumber(); + + keyGroupEntries = + config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); + } else { + keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); + } + + // map the KeyGroup entries to a set of KeyEntryIDs + if (keyGroupEntries == null) { + return null; + } else if (keyGroupEntries.size() == 0) { + return Collections.EMPTY_SET; + } else { + KeyModule module = + KeyModuleFactory.getInstance( + new TransactionId(context.getTransactionID())); + Set keyEntryIDs = module.getPrivateKeyEntryIDs(); + Set keySet = new HashSet(); + Iterator iter; + + // filter out the keys that do not exist in the IAIK configuration + // by walking through the key entries and checking if the exist in the + // keyGroupEntries + for (iter = keyEntryIDs.iterator(); iter.hasNext();) { + KeyEntryID entryID = (KeyEntryID) iter.next(); + KeyGroupEntry entry = + new KeyGroupEntry( + entryID.getModuleID(), + entryID.getCertificateIssuer(), + entryID.getCertificateSerialNumber()); + if (keyGroupEntries.contains(entry)) { + keySet.add(entryID); + } + } + return keySet; + } + } + + /** + * Get the signature location index where the signature will be inserted into + * the signature parent element. + * + * @param singleSignatureInfo The <code>SingleSignatureInfo</code> object + * containing the <code>CreateSignatureLocation</code>. + * @return The index at which to insert the signature into the signature + * environment. + * @throws MOAApplicationException An error occurred parsing the + * <code>CreateSignatureEnvironmentProfile</code>. + */ + private XMLSignatureInsertionLocation getSignatureInsertionLocationIndex(SingleSignatureInfo singleSignatureInfo) + throws MOAApplicationException { + + CreateSignatureInfo createInfo = + singleSignatureInfo.getCreateSignatureInfo(); + + if (createInfo != null) { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + CreateSignatureEnvironmentProfileExplicit profile = + ProfileMapper.mapCreateSignatureEnvironmentProfile( + createInfo.getCreateSignatureEnvironmentProfile(), + config); + int index = profile.getCreateSignatureLocation().getIndex(); + + return new XMLSignatureInsertionLocationImpl(index); + } else { + return new XMLSignatureInsertionLocationImpl(0); + } + } + + /** + * Utility function to issue an error message to the log. + * + * @param messageId The ID of the message to log. + * @param parameters Additional message parameters. + */ + private static void error(String messageId, Object[] parameters) { + MessageProvider msg = MessageProvider.getInstance(); + + Logger.error(new LogMsg(msg.getMessage(messageId, parameters))); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java new file mode 100644 index 0000000..2b158dd --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -0,0 +1,727 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import iaik.xml.crypto.utils.URI; +import iaik.xml.crypto.utils.URIException; +import iaik.server.modules.IAIKException; +import iaik.server.modules.IAIKRuntimeException; +import iaik.server.modules.xml.DataObject; +import iaik.server.modules.xml.XMLDataObject; +import iaik.server.modules.xml.XMLSignature; +import iaik.server.modules.xmlsign.XMLConstants; +import iaik.server.modules.xmlverify.DsigManifest; +import iaik.server.modules.xmlverify.ReferenceData; +import iaik.server.modules.xmlverify.SecurityLayerManifest; +import iaik.server.modules.xmlverify.XMLSignatureVerificationModule; +import iaik.server.modules.xmlverify.XMLSignatureVerificationModuleFactory; +import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; +import iaik.server.modules.xmlverify.XMLSignatureVerificationResult; +import iaik.x509.X509Certificate; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.logging.LoggingContext; +import at.gv.egovernment.moa.logging.LoggingContextManager; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.SPSSFactory; +import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; +import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; +import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; +import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResultInfo; +import at.gv.egovernment.moa.spss.api.xmlverify.SupplementProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter; +import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameterHash; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; +import at.gv.egovernment.moa.spss.server.iaik.xml.XMLSignatureImpl; +import at.gv.egovernment.moa.spss.server.logging.IaikLog; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.util.CertificateUtils; +import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.spss.util.QCSSCDResult; +import at.gv.egovernment.moa.util.CollectionUtils; +import at.gv.egovernment.moa.util.Constants; + +/** + * A class providing a DOM based interface to the + * <code>XMLSignatureVerificationModule</code>. + * + * This class performs the invocation of the + * <code>iaik.server.modules.xmlverify.XMLSignatureVerificationModule</code> + * from a <code>VerifyXMLSignatureRequest</code> given as a DOM element. The + * result of the invocation is integrated into a + * <code>VerifyXMLSignatureResponse</code> and returned. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLSignatureVerificationInvoker { + + /** The single instance of this class. */ + private static XMLSignatureVerificationInvoker instance = null; + + private static Set FILTERED_REF_TYPES; + + static { + FILTERED_REF_TYPES = new HashSet(); + FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE); + FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE); + FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD); + FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties"); + FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties"); + } + + /** + * Get the single instance of this class. + * + * @return The single instance of this class. + */ + public static synchronized XMLSignatureVerificationInvoker getInstance() { + if (instance == null) { + instance = new XMLSignatureVerificationInvoker(); + } + return instance; + } + + /** + * Create a new <code>XMLSignatureCreationInvoker</code>. + * + * Protected to disallow multiple instances. + */ + protected XMLSignatureVerificationInvoker() { + } + + /** + * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the + * <code>XMLSignatureVerificationModule</code>. + * + * @param request A <code>VerifyXMLSignatureRequest<code> API object + * containing the data for verifying an XML signature. + * @return A <code>VerifyXMLSignatureResponse</code> containing the + * answert to the <code>VerifyXMLSignatureRequest</code>. + * MOA schema definition. + * @throws MOAException An error occurred during signature verification. + */ + public VerifyXMLSignatureResponse verifyXMLSignature(VerifyXMLSignatureRequest request) + throws MOAException { + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + LoggingContext loggingCtx = + LoggingContextManager.getInstance().getLoggingContext(); + XMLSignatureVerificationProfileFactory profileFactory = + new XMLSignatureVerificationProfileFactory(request); + VerifyXMLSignatureResponseBuilder responseBuilder = + new VerifyXMLSignatureResponseBuilder(); + XMLSignatureVerificationResult result; + XMLSignatureVerificationProfile profile; + ReferencesCheckResult signatureManifestCheck; + DataObjectFactory dataObjFactory; + XMLDataObject signatureEnvironment; + Node signatureEnvironmentParent = null; + Element requestElement = null; + XMLSignature xmlSignature; + Date signingTime; + List supplements; + List dataObjectList; + + // get the supplements + supplements = getSupplements(request); + + // build XMLSignature + dataObjFactory = DataObjectFactory.getInstance(); + signatureEnvironment = + dataObjFactory.createSignatureEnvironment( + request.getSignatureInfo().getVerifySignatureEnvironment(), + supplements); + xmlSignature = buildXMLSignature(signatureEnvironment, request); + + // build the list of DataObjects + dataObjectList = buildDataObjectList(supplements); + + // build profile + profile = profileFactory.createProfile(); + + // get the signingTime + signingTime = request.getDateTime(); + + // make the signature environment the root of the document, if it is not a + // separate document anyway; this is done to assure that canonicalization + // of the signature environment contains the correct namespace declarations + requestElement = + signatureEnvironment.getElement().getOwnerDocument().getDocumentElement(); + if (requestElement != signatureEnvironment.getElement()) { + signatureEnvironmentParent = + signatureEnvironment.getElement().getParentNode(); + requestElement.getOwnerDocument().replaceChild( + signatureEnvironment.getElement(), + requestElement); + } + + QCSSCDResult qcsscdresult = new QCSSCDResult(); + String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId(); + ConfigurationProvider config = ConfigurationProvider.getInstance(); + TrustProfile tp = config.getTrustProfile(tpID); + + // verify the signature + try { + XMLSignatureVerificationModule module = + XMLSignatureVerificationModuleFactory.getInstance(); + + module.setLog(new IaikLog(loggingCtx.getNodeID())); + + result = + module.verifySignature( + xmlSignature, + dataObjectList, + profile, + signingTime, + new TransactionId(context.getTransactionID())); + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } + + + // QC/SSCD check + List list = result.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + qcsscdresult = CertificateUtils.checkQCSSCD(chain, tp.isTSLEnabled()); + } + + + // get signer certificate issuer country code + String issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate)list.get(0)); + + // swap back in the request as root document + if (requestElement != signatureEnvironment.getElement()) { + requestElement.getOwnerDocument().replaceChild( + requestElement, + signatureEnvironment.getElement()); + signatureEnvironmentParent.appendChild(signatureEnvironment.getElement()); + } + + // check the result + signatureManifestCheck = + validateSignatureManifest(request, result, profile); + + // Check if signer certificate is in trust profile's allowed signer certificates pool + TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + CheckResult certificateCheck = validateSignerCertificate(result, trustProfile); + + + // build the response + responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), tp.isTSLEnabled(), issuerCountryCode); + return responseBuilder.getResponse(); + } + + /** + * Checks if the signer certificate matches one of the allowed signer certificates specified + * in the provided <code>trustProfile</code>. + * + * @param result The result produced by the <code>XMLSignatureVerificationModule</code>. + * + * @param trustProfile The trust profile the signer certificate is validated against. + * + * @return The overal result of the certificate validation for the signer certificate. + * + * @throws MOAException if one of the signer certificates specified in the <code>trustProfile</code> + * cannot be read from the file system. + */ + private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException + { + MessageProvider msg = MessageProvider.getInstance(); + + int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue(); + if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) + { + X509Certificate signerCertificate = (X509Certificate) result.getCertificateValidationResult().getCertificateChain().get(0); + + File signerCertsDir = null; + try + { + signerCertsDir = new File(new URI(trustProfile.getSignerCertsUri()).getPath()); + } + catch (URIException e) + { + throw new MOASystemException("2900", null, e); // Should not happen, already checked at loading the MOA configuration + } + + File[] files = signerCertsDir.listFiles(); + if (files == null) resultCode = 1; + int i; + for (i = 0; i < files.length; i++) + { + if (!files[i].isDirectory()) + { + FileInputStream currentFIS = null; + try + { + currentFIS = new FileInputStream(files[i]); + } + catch (FileNotFoundException e) { + throw new MOASystemException("2900", null, e); + } + + try + { + X509Certificate currentCert = new X509Certificate(currentFIS); + currentFIS.close(); + if (currentCert.equals(signerCertificate)) break; + } + catch (Exception e) + { + // Simply ignore file if it cannot be interpreted as certificate + String logMsg = msg.getMessage("invoker.03", new Object[]{trustProfile.getId(), files[i].getName()}); + Logger.warn(logMsg); + try + { + currentFIS.close(); + } + catch (IOException e1) { + // If clean-up fails, do nothing + } + } + } + } + if (i >= files.length) + { + resultCode = 1; // No signer certificate from the trustprofile pool matches the actual signer certificate + } + } + + SPSSFactory factory = SPSSFactory.getInstance(); + return factory.createCheckResult(resultCode, null); + } + + + + /** + * Select the <code>dsig:Signature</code> DOM element within the signature + * environment. + * + * @param signatureEnvironment The signature environment containing the + * <code>dsig:Signature</code>. + * @param request The <code>VerifyXMLSignatureRequest</code> containing the + * signature environment. + * @return The <code>dsig:Signature</code> element wrapped in a + * <code>XMLSignature</code> object. + * @throws MOAApplicationException An error occurred locating the + * <code>dsig:Signature</code>. + */ + private XMLSignature buildXMLSignature( + XMLDataObject signatureEnvironment, + VerifyXMLSignatureRequest request) + throws MOAApplicationException { + + VerifySignatureLocation signatureLocation = + request.getSignatureInfo().getVerifySignatureLocation(); + Element signatureParent; + + // evaluate the VerifySignatureLocation to get the signature parent + signatureParent = + InvokerUtils.evaluateSignatureLocation( + signatureEnvironment.getElement(), + signatureLocation); + + // check for signatureParent to be a dsig:Signature element + if (!"Signature".equals(signatureParent.getLocalName()) + || !Constants.DSIG_NS_URI.equals(signatureParent.getNamespaceURI())) { + throw new MOAApplicationException("2266", null); + } + + return new XMLSignatureImpl(signatureParent); + } + + /** + * Build the supplemental data objects contained in the + * <code>VerifyXMLSignatureRequest</code>. + * + * @param supplements A <code>List</code> of + * <code>XMLDataObjectAssociation</code>s containing the supplement data. + * @return A <code>List</code> of <code>DataObject</code>s representing the + * supplemental data objects. + * @throws MOASystemException A system error occurred building one of the data + * objects. + * @throws MOAApplicationException An error occurred building one of the data + * objects. + */ + private List buildDataObjectList(List supplements) + throws MOASystemException, MOAApplicationException { + List dataObjectList = new ArrayList(); + + DataObjectFactory factory = DataObjectFactory.getInstance(); + DataObject dataObject; + Iterator iter; + + if (supplements != null) { + for (iter = supplements.iterator(); iter.hasNext();) { + XMLDataObjectAssociation supplement = + (XMLDataObjectAssociation) iter.next(); + dataObject = + factory.createFromXmlDataObjectAssociation(supplement, true, false); + dataObjectList.add(dataObject); + } + } + + return dataObjectList; + + } + + /** + * Get the supplemental data contained in the + * <code>VerifyXMLSignatureRequest</code>. + * + * @param request The <code>VerifyXMLSignatureRequest</code> containing the + * supplemental data. + * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> + * objects containing the supplemental data. + * @throws MOAApplicationException An error occurred resolving one of the + * supplement profiles. + */ + private List getSupplements(VerifyXMLSignatureRequest request) + throws MOAApplicationException { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + List supplementProfiles = request.getSupplementProfiles(); + + List supplements = new ArrayList(); + + if (supplementProfiles != null) { + + List mappedProfiles = + ProfileMapper.mapSupplementProfiles(supplementProfiles, config); + Iterator iter; + + for (iter = mappedProfiles.iterator(); iter.hasNext();) { + SupplementProfileExplicit profile = + (SupplementProfileExplicit) iter.next(); + supplements.add(profile.getSupplementProfile()); + } + + } + return supplements; + } + + /** + * Perform additional validations of the + * <code>XMLSignatureVerificationResult</code>. + * + * <p> In particular, it is verified that: + * <ul> + * <li>Each <code>ReferenceData</code> object contains transformation + * chain that matches one of the <code>Transforms</code> given in the + * corresponding <code>SignatureManifestCheckParams/ReferenceInfo</code></li> + * <li>The hash values of the <code>TransformParameter</code>s are valid. + * </li> + * </ul> + * </p> + * + * @param request The <code>VerifyXMLSignatureRequest</code> containing the + * signature to verify. + * @param result The result produced by + * <code>XMLSignatureVerificationModule</code>. + * @param profile The profile used for validating the <code>request</code>. + * @return The result of additional validations of the signature manifest. + * @throws MOAApplicationException Post-validation of the + * <code>XMLSignatureVerificaitonResult</code> failed. + */ + private ReferencesCheckResult validateSignatureManifest( + VerifyXMLSignatureRequest request, + XMLSignatureVerificationResult result, + XMLSignatureVerificationProfile profile) + throws MOAApplicationException { + + SPSSFactory factory = SPSSFactory.getInstance(); + MessageProvider msg = MessageProvider.getInstance(); + + // validate that each ReferenceData object contains transforms specified + // in the corresponding SignatureManifestCheckParams/ReferenceInfo + if (request.getSignatureManifestCheckParams() != null) { + List refInfos = + request.getSignatureManifestCheckParams().getReferenceInfos(); + List refDatas = filterReferenceInfos(result.getReferenceDataList()); + List failedReferencesList = new ArrayList(); + Iterator refInfoIter; + Iterator refDataIter; + + if (refInfos.size() != refDatas.size()) { + return factory.createReferencesCheckResult(1, null); + } + + refInfoIter = refInfos.iterator(); + refDataIter = + filterReferenceInfos(result.getReferenceDataList()).iterator(); + + while (refInfoIter.hasNext()) { + ReferenceInfo refInfo = (ReferenceInfo) refInfoIter.next(); + ReferenceData refData = (ReferenceData) refDataIter.next(); + List transforms = buildTransformsList(refInfo); + boolean found = false; + Iterator trIter; + + for (trIter = transforms.iterator(); trIter.hasNext() && !found;) { + found = trIter.next().equals(refData.getTransformationList()); + } + + if (!found) { + Integer refIndex = new Integer(refData.getReferenceIndex()); + String logMsg = + msg.getMessage("invoker.01", new Object[] { refIndex }); + + failedReferencesList.add(refIndex); + Logger.debug(new LogMsg(logMsg)); + } + } + + if (!failedReferencesList.isEmpty()) { + // at least one reference failed - return their indexes and check code 1 + int[] failedReferences = + CollectionUtils.toIntArray(failedReferencesList); + ReferencesCheckResultInfo checkInfo = + factory.createReferencesCheckResultInfo(null, failedReferences); + + return factory.createReferencesCheckResult(1, checkInfo); + } + } + + // validate the hashes contained in all the ReferenceInfo objects of the + // security layer manifest + if (request.getSignatureManifestCheckParams() != null + && result.containsSecurityLayerManifest()) { + Map hashValues = buildTransformParameterHashValues(request); + Set transformParameterURIs = + buildTransformParameterURIs(profile.getTransformationSupplements()); + List referenceInfoList = + result.getSecurityLayerManifest().getReferenceDataList(); + Iterator refIter; + + for (refIter = referenceInfoList.iterator(); refIter.hasNext();) { + iaik.server.modules.xmlverify.ReferenceInfo ref = + (iaik.server.modules.xmlverify.ReferenceInfo) refIter.next(); + byte[] hash = (byte[]) hashValues.get(ref.getURI()); + + if (!transformParameterURIs.contains(ref.getURI()) + || (hash != null && !Arrays.equals(hash, ref.getHashValue()))) { + + // the transform parameter doesn't exist or the hashs do not match + // return the index of the failed reference and check code 1 + int[] failedReferences = new int[] { ref.getReferenceIndex()}; + ReferencesCheckResultInfo checkInfo = + factory.createReferencesCheckResultInfo(null, failedReferences); + String logMsg = + msg.getMessage( + "invoker.02", + new Object[] { new Integer(ref.getReferenceIndex())}); + + Logger.debug(new LogMsg(logMsg)); + + return factory.createReferencesCheckResult(1, checkInfo); + } + } + } + + return factory.createReferencesCheckResult(0, null); + } + + /** + * Get all <code>Transform</code>s contained in all the + * <code>VerifyTransformsInfoProfile</code>s of the given + * <code>ReferenceInfo</code>. + * + * @param refInfo The <code>ReferenceInfo</code> object containing + * the transformations. + * @return A <code>List</code> of <code>List</code>s. Each of the + * <code>List</code>s contains <code>Transformation</code> objects. + * @throws MOAApplicationException An error occurred building one of the + * <code>Transformation</code>s. + */ + private List buildTransformsList(ReferenceInfo refInfo) + throws MOAApplicationException { + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + List profiles = refInfo.getVerifyTransformsInfoProfiles(); + List mappedProfiles = + ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); + List transformsList = new ArrayList(); + TransformationFactory factory = TransformationFactory.getInstance(); + Iterator iter; + + for (iter = mappedProfiles.iterator(); iter.hasNext();) { + VerifyTransformsInfoProfileExplicit profile = + (VerifyTransformsInfoProfileExplicit) iter.next(); + List transforms = profile.getTransforms(); + + if (transforms != null) { + transformsList.add(factory.createTransformationList(transforms)); + } + } + + return transformsList; + } + + /** + * Build the <code>Set</code> of all <code>TransformParameter</code> URIs. + * + * @param transformParameters The <code>List</code> of + * <code>TransformParameter</code>s, as provided to the verification. + * @return The <code>Set</code> of all <code>TransformParameter</code> URIs. + */ + private Set buildTransformParameterURIs(List transformParameters) { + Set uris = new HashSet(); + Iterator iter; + + for (iter = transformParameters.iterator(); iter.hasNext();) { + DataObject transformParameter = (DataObject) iter.next(); + uris.add(transformParameter.getURI()); + } + + return uris; + } + + /** + * Build a mapping between <code>TransformParameter</code> URIs (a + * <code>String</code> and <code>dsig:HashValue</code> (a + * <code>byte[]</code>). + * + * @param request The <code>VerifyXMLSignatureRequest</code>. + * @return Map The resulting mapping. + * @throws MOAApplicationException An error occurred accessing one of + * the profiles. + */ + private Map buildTransformParameterHashValues(VerifyXMLSignatureRequest request) + throws MOAApplicationException { + + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + Map hashValues = new HashMap(); + List refInfos = + request.getSignatureManifestCheckParams().getReferenceInfos(); + Iterator refIter; + + for (refIter = refInfos.iterator(); refIter.hasNext();) { + ReferenceInfo refInfo = (ReferenceInfo) refIter.next(); + List profiles = refInfo.getVerifyTransformsInfoProfiles(); + List mappedProfiles = + ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config); + Iterator prIter; + + for (prIter = mappedProfiles.iterator(); prIter.hasNext();) { + VerifyTransformsInfoProfileExplicit profile = + (VerifyTransformsInfoProfileExplicit) prIter.next(); + List trParameters = profile.getTransformParameters(); + Iterator trIter; + + for (trIter = trParameters.iterator(); trIter.hasNext();) { + TransformParameter transformParameter = + (TransformParameter) trIter.next(); + String uri = transformParameter.getURI(); + + if (transformParameter.getTransformParameterType() + == TransformParameter.HASH_TRANSFORMPARAMETER) { + hashValues.put( + uri, + ((TransformParameterHash) transformParameter).getDigestValue()); + } + + } + } + } + return hashValues; + } + + /** + * Filter the <code>ReferenceInfo</code>s returned by the + * <code>VerifyXMLSignatureResult</code> for comparison with the + * <code>ReferenceInfo</code> elements in the request. + * + * @param referenceInfos The <code>ReferenceInfo</code>s from the + * <code>VerifyXMLSignatureResult</code>. + * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type + * is not a XMLDsig manifest, Security Layer manifest, or ETSI signed + * property. + */ + private List filterReferenceInfos(List referenceInfos) { + List filtered = new ArrayList(); + Iterator iter; + + for (iter = referenceInfos.iterator(); iter.hasNext();) { + iaik.server.modules.xmlverify.ReferenceInfo refInfo = + (iaik.server.modules.xmlverify.ReferenceInfo) iter.next(); + String refType = refInfo.getReferenceType(); + + if (refType == null || !FILTERED_REF_TYPES.contains(refType)) { + filtered.add(refInfo); + } + } + + return filtered; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java new file mode 100644 index 0000000..3e4c712 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java @@ -0,0 +1,170 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.invoke; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; + +import iaik.server.modules.xmlverify.XMLSignatureVerificationProfile; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOASystemException; +import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; +import at.gv.egovernment.moa.spss.api.xmlverify.SignatureManifestCheckParams; +import at.gv.egovernment.moa.spss.api.xmlverify.TransformParameter; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyTransformsInfoProfileExplicit; +import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.xmlverify.XMLSignatureVerificationProfileImpl; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; +import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; + +/** + * A factory to create a <code>XMLSignatureVerificationProfile</code> from a + * <code>VerifyXMLSignatureRequest</code>, based on the current MOA + * configuration. + * + * @author Patrick Peck + * @version $Id$ + */ +public class XMLSignatureVerificationProfileFactory { + + /** The <code>VerifyXMLSignatureRequest</code> for which to create profile + * information. */ + private VerifyXMLSignatureRequest request; + + /** + * Create a new <code>XMLSignatureVerificationProfileFactory</code>. + * + * @param request The <code>VerifyXMLSignatureRequest</code> to extract + * profile data from. + */ + public XMLSignatureVerificationProfileFactory(VerifyXMLSignatureRequest request) { + this.request = request; + } + + /** + * Create a <code>XMLSignatureCreationProfile</code> from the + * <code>VerifyXMLSignaturesRequest</code> and the current MOA configuration. + * + * @return The <code>XMLSignatureVerificationProfile</code> containing + * additional information for verifying an XML signature. + * @throws MOASystemException A system error occurred building the profile. + * @throws MOAApplicationException An error occurred building the profile. + */ + public XMLSignatureVerificationProfile createProfile() + throws MOASystemException, MOAApplicationException { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + XMLSignatureVerificationProfileImpl profile = + new XMLSignatureVerificationProfileImpl(); + SignatureManifestCheckParams checkParams; + String trustProfileID; + + // set whether to check XMLDsig manifests + profile.setCheckXMLDsigManifests(true); + + // set the certificate validation profile + trustProfileID = request.getTrustProfileId(); + profile.setCertificateValidationProfile( + new PKIProfileImpl(config, trustProfileID)); + + // set whether hash input data is to be included + profile.setIncludeHashInputData(request.getReturnHashInputData()); + + // set the security layer manifest check parameters + // and transformation supplements (if present) + checkParams = request.getSignatureManifestCheckParams(); + profile.setCheckSecurityLayerManifest(true); + profile.setIncludeReferenceInputData(checkParams != null ? checkParams.getReturnReferenceInputData() : false); + if (checkParams != null) { + List transformationSupplements; + transformationSupplements = buildTransformationSupplements(); + profile.setTransformationSupplements(transformationSupplements); + } else { + profile.setTransformationSupplements(Collections.EMPTY_LIST); + } + + profile.setPermitFileURIs(config.getPermitFileURIs()); + + return profile; + } + + /** + * Build supplemental data objects used in the transformations. + * + * @return A <code>List</code> of <code>DataObject</code>s providing + * supplemental data to the transformations. + * @throws MOASystemException A system error occurred building one of the + * transformations. + * @throws MOAApplicationException An error occurred building one of the + * transformations. + */ + public List buildTransformationSupplements() + throws MOASystemException, MOAApplicationException { + TransactionContext context = + TransactionContextManager.getInstance().getTransactionContext(); + ConfigurationProvider config = context.getConfiguration(); + SignatureManifestCheckParams checkParams = + request.getSignatureManifestCheckParams(); + List transformsProfiles = new ArrayList(); + List transformationSupplements = new ArrayList(); + DataObjectFactory factory = DataObjectFactory.getInstance(); + List refInfos = checkParams.getReferenceInfos(); + Iterator refIter; + Iterator prIter; + Iterator trIter; + + // build the list of all VerifyTransformsInfoProfiles in all ReferenceInfos + refInfos = checkParams.getReferenceInfos(); + for (refIter = refInfos.iterator(); refIter.hasNext();) { + ReferenceInfo refInfo = (ReferenceInfo) refIter.next(); + List profiles = refInfo.getVerifyTransformsInfoProfiles(); + + transformsProfiles.addAll( + ProfileMapper.mapVerifyTransformsInfoProfiles(profiles, config)); + } + + // build the DataObjects + for (prIter = transformsProfiles.iterator(); prIter.hasNext();) { + VerifyTransformsInfoProfileExplicit profile = + (VerifyTransformsInfoProfileExplicit) prIter.next(); + List transformParameters = profile.getTransformParameters(); + + for (trIter = transformParameters.iterator(); trIter.hasNext();) { + TransformParameter trParam = (TransformParameter) trIter.next(); + transformationSupplements.add( + factory.createFromTransformParameter(trParam)); + } + } + + return transformationSupplements; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java new file mode 100644 index 0000000..10dc79d --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLog.java @@ -0,0 +1,150 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.logging; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import iaik.logging.TransactionId; + +/** + * An implementation of the <code>iaik.logging.Log</code> + * interface that is based on Jakarta Commons-Logging. + * + * @author Fatemeh Philippi + * @version $Id$ + */ +public class IaikLog implements iaik.logging.Log { + /** The hierarchy to log all IAIK output to. */ + public static final String IAIK_LOG_HIERARCHY = "iaik.server"; + /** The commons-loggin <code>Log</code> to use for logging the messages. */ + private static Log log = LogFactory.getLog(IAIK_LOG_HIERARCHY); + /** The node ID to use. */ + private String nodeId; + + /** + * Create a new <code>IaikLog</code>. + * + * @param nodeId The node ID for this <code>Log</code> object. + */ + public IaikLog(String nodeId) { + this.nodeId = nodeId; + } + + /** + * @see iaik.logging.Log#isDebugEnabled() + */ + public boolean isDebugEnabled() { + return log.isDebugEnabled(); + } + + /** + * @see iaik.logging.Log#debug(TransactionId, Object, Throwable) + */ + public void debug(TransactionId transactionId, Object message, Throwable t) { + IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); + + log.debug(msg, t); + } + + /** + * @see iaik.logging.Log#isInfoEnabled() + */ + public boolean isInfoEnabled() { + return log.isInfoEnabled(); + } + + /** + * @see iaik.logging.Log#info(TransactionId, Object, Throwable) + */ + public void info(TransactionId transactionId, Object message, Throwable t) { + IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); + + log.info(msg, t); + } + + /** + * @see iaik.logging.Log#isWarnEnabled() + */ + public boolean isWarnEnabled() { + return log.isWarnEnabled(); + } + + /** + * @see iaik.logging.Log#warn(TransactionId, Object, Throwable) + */ + public void warn(TransactionId transactionId, Object message, Throwable t) { + IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); + + log.warn(msg, t); + } + + /** + * @see iaik.logging.Log#isErrorEnabled() + */ + public boolean isErrorEnabled() { + return log.isErrorEnabled(); + } + + /** + * @see iaik.logging.Log#error(TransactionId, Object, Throwable) + */ + public void error(TransactionId transactionId, Object message, Throwable t) { + IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); + + log.error(msg, t); + } + + /** + * @see iaik.logging.Log#isFatalEnabled() + */ + public boolean isFatalEnabled() { + return log.isFatalEnabled(); + } + + /** + * @see iaik.logging.Log#fatal(TransactionId, Object, Throwable) + */ + public void fatal(TransactionId transactionId, Object message, Throwable t) { + IaikLogMsg msg = new IaikLogMsg(transactionId, nodeId, message); + + log.fatal(msg, t); + } + + /** + * @see iaik.logging.Log#setNodeId(String) + */ + public void setNodeId(String nodeId) { + this.nodeId = nodeId; + } + + /** + * @see iaik.logging.Log#getNodeId() + */ + public String getNodeId() { + return nodeId; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java new file mode 100644 index 0000000..64810a8 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogFactory.java @@ -0,0 +1,66 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.logging; + +import iaik.logging.Log; +import iaik.logging.LogConfigurationException; +import iaik.logging.LogFactory; + +import at.gv.egovernment.moa.logging.LoggingContextManager; + +/** + * An implementation of the <code>iaik.logging.LogFactory</code> abstract + * class to log messages to the MOA logging subsystem. + * + * @author Patrick Peck + * @version $Id$ + */ +public class IaikLogFactory extends LogFactory { + + public Log getInstance(Class clazz) throws LogConfigurationException { + return getInstanceImpl(); + } + + public Log getInstance(String name) throws LogConfigurationException { + return getInstanceImpl(); + } + + /** + * Return an instance of <code>iaik.logging.Log</code>. + * + * @return The <code>iaik.logging.Log</code> object to log messages to. + */ + private Log getInstanceImpl() { + String nodeID = + LoggingContextManager.getInstance().getLoggingContext().getNodeID(); + + return new IaikLog(nodeID); + } + + public void release() { + // we do not hold any resources + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogMsg.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogMsg.java new file mode 100644 index 0000000..7e4ff84 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/IaikLogMsg.java @@ -0,0 +1,78 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.logging; + +import iaik.logging.TransactionId; + +/** + * A unified message type to log messages from the IAIK subsystem. + * + * @author Patrick Peck + * @version $Id$ + */ +public class IaikLogMsg { + + /** The transaction ID of this message. */ + private TransactionId transactionId; + /** The node ID of this message. */ + private String nodeId; + /** The message to log. */ + private Object message; + + /** + * Create a <code>IaikLogMsg</code> object. + * + * @param transactionId The transaction id of the transaction which + * generated this log message. May be <code>null</code>. + * @param nodeId The node id where this message was generated. May be + * <code>null</code>. + * @param message The actual message to log. May be <code>null</code>. + */ + public IaikLogMsg(TransactionId transactionId, String nodeId, Object message) { + this.transactionId = transactionId; + this.nodeId = nodeId; + this.message = message; + } + + + /** + * Convert this log message to a <code>String</code>. + * + * @return The <code>String</code> representation of this log message. + */ + public String toString() { + StringBuffer msg = new StringBuffer(); + + msg.append("TID="); + msg.append(transactionId != null ? transactionId.getLogID() : "<null>"); + msg.append(" NID="); + msg.append(nodeId != null ? nodeId : "<null>"); + msg.append(" MSG="); + msg.append(message != null ? message.toString() : "<null>"); + + return msg.toString(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/TransactionId.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/TransactionId.java new file mode 100644 index 0000000..ba76c0b --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/logging/TransactionId.java @@ -0,0 +1,62 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.logging; + +/** + * An implementation of the <code>iaik.logging.TransactionId</code> interface. + * + * @author Patrick Peck + * @version $Id$ + */ +public class TransactionId implements iaik.logging.TransactionId { + + /** The String representation for logging the transaction ID. */ + private String logID; + + /** + * Create a <code>TransactionId</code> object. + * + * @param logID The transaction id as it should be presented to the logging + * subsystem. + */ + public TransactionId(String logID) { + this.logID = logID; + } + + /** + * @see iaik.logging.TransactionId#getLogID() + */ + public String getLogID() { + return logID; + } + + /** + * @see java.lang.Object#toString() + */ + public String toString() { + return getLogID(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java new file mode 100644 index 0000000..f6d84c7 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/service/RevocationArchiveCleaner.java @@ -0,0 +1,102 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.service; + +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.pki.store.revocation.archive.Archive; +import iaik.pki.store.revocation.archive.ArchiveFactory; + +import java.util.Date; + +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.util.MessageProvider; + +/** + * A <code>Runnable</code> for periodically cleaning up the revocation archive. + * @author Patrick Peck + * @version $Id$ + */ +public class RevocationArchiveCleaner implements Runnable { + + /** The inverval between two clean-ups of the revocation archive. */ + private long archiveCleanupInterval; + + /** + * Create a new <code>RevocationArchiveCleaner</code>. + * + * @param archiveCleanupInterval The interval between two clean-ups of the + * revocation archive. + */ + public RevocationArchiveCleaner(long archiveCleanupInterval) { + this.archiveCleanupInterval = archiveCleanupInterval; + } + + /** + * Run the <code>RevocationArchiveCleaner</code> in its own + * <code>Thread</code>. + */ + public void run() { + while (true) { + try { + ConfigurationProvider config = ConfigurationProvider.getInstance(); + boolean enableArchiving = config.getEnableRevocationArchiving(); + + if (enableArchiving) + { + Archive archive = ArchiveFactory.getInstance().getArchive(); + long archiveDurationMillis = + (long) config.getCRLArchiveDuration() * 86400000; + + // delete old archive data + if (archiveDurationMillis > 0) { + Date olderThan = + new Date(System.currentTimeMillis() - archiveDurationMillis); + + archive.deleteOldArchiveEntries( + RevocationSourceTypes.CRL, + olderThan, + new TransactionId("RevocationArchiveCleaner")); + } + } + + } catch (Exception e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("init.02", null)), e); + } + + // sleep + try { + Thread.sleep(archiveCleanupInterval * 1000); + } catch (InterruptedException e) { + // ok to do nothing here + } + + } + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java new file mode 100644 index 0000000..a5ea592 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java @@ -0,0 +1,7 @@ +package at.gv.egovernment.moa.spss.server.transaction; + +import javax.activation.DataSource; + +public interface DeleteableDataSource extends DataSource { + public void delete(); +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java new file mode 100644 index 0000000..3425dac --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java @@ -0,0 +1,385 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.transaction; + +import iaik.xml.crypto.utils.URI; + +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Vector; + +import javax.activation.DataSource; + +import java.util.Map.Entry; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * Contains information about the current request. + * + * @author Stefan Knirsch + * @author Patrick Peck + */ +public class TransactionContext { + + /** The client certificate. */ + private X509Certificate[] clientCertificate = null; + /** The transaction ID. */ + private String transactionID = null; + /** The name of the request. */ + private String requestName = null; + /** The SOAP embedded request */ + private Element request; + /** The response which is to embed by SOAP */ + private Element response; + /** The map pointing to SOAP attachments needed by the request. */ + private HashMap attachments = null; + /** The map containing cashed entities used in DataObjectFactory. */ + private HashMap resolvedEntities = null; + /** The configuration to use throughout the request. */ + private ConfigurationProvider configuration = null; + + /** + * Create a <code>TransactionContext</code> object. + * + * @param transactionID A unique ID for this <code>TransactionContext</code>. + * @param clientCertificate The client certificate chain. + * @param configuration The MOA configuration to use for this transaction. + */ + public TransactionContext( + String transactionID, + X509Certificate[] clientCertificate, + ConfigurationProvider configuration) { + + this.transactionID = transactionID; + this.clientCertificate = clientCertificate; + this.configuration = configuration; + } + + /** + * Create a <code>TransactionContext</code> object. + * + * @param transactionID A unique ID for this <code>TransactionContext</code>. + * @param clientCertificate The client certificate chain. + * @param configuration The MOA configuration to use for this transaction. + * @param attachments to use for this transaction. + */ + public TransactionContext( + String transactionID, + X509Certificate[] clientCertificate, + ConfigurationProvider configuration, + Element request, + HashMap attachments) { + + this.transactionID = transactionID; + this.clientCertificate = clientCertificate; + this.configuration = configuration; + this.request = request; + this.attachments = attachments; + } + + /** + * Returns the client certificate. + * + * @return The client certificate chain, if SSL client authentication has been + * configured in the web server and has been used by the client. The 0th + * element of the array contains the client certificate. <code>null</code> + * otherwise. + */ + public X509Certificate[] getClientCertificate() { + return clientCertificate; + } + + /** + * Returns the unique transaction ID. + * + * @return The transaction ID. + */ + public String getTransactionID() { + return transactionID; + } + + /** + * Returns the name of the request. + * + * @return The name of the request. + */ + public String getRequestName() { + return requestName; + } + + /** + * Sets the name of the request. + * + * @param requestName The request name to set. + */ + public void setRequestName(String requestName) { + this.requestName = requestName; + } + + /** + * Sets the the request. + * + * @param request The request to set. + */ + public void setRequest(Element request) { + this.request = request; + } + + /** + * Returns the request. + * + * @return The request. + */ + public Element getRequest() { + return request; + } + + /** + * Sets the the response. + * + * @param response The response to set. + */ + public void setResponse(Element response) { + this.response = response; + } + + /** + * Returns the response. + * + * @return The response. + */ + public Element getResponse() { + return response; + } + + /** + * Adds an attachment to the transactions list of SOAP attachments. + * + * @param referenceId Identification value for the SOAP attachment. + * @param contentType MIME type of the SOAP attachment. + * @param is Handle to the ManagedMemoryDataSource of the SOAP attachment. + */ + public void addAttachment(String referenceId, String contentType, DataSource is) { + if (this.attachments == null) this.attachments = new HashMap(); + Vector entry = new Vector(2); + entry.add(contentType); + entry.add(is); + this.attachments.put(referenceId, entry); + } + + /** + * Adds an attachment to the transactions list of SOAP attachments. + * + * @param referenceId Identification value for the SOAP attachment. + * @param contentType MIME type of the SOAP attachment. + * @param is Handle to the InputStream of the SOAP attachment. + * @param filename Filename of the temporary file the InputStream belongs to + */ + public void addAttachment(String referenceId, String contentType, InputStream is, String filename) { + if (this.attachments == null) this.attachments = new HashMap(); + Vector entry = new Vector(3); + entry.add(contentType); + entry.add(is); + entry.add(filename); + this.attachments.put(referenceId, entry); + } + + /** + * Returns the ManagedMemoryDataSource to a specific SOAP attachment identified by referenceId. + * + * @param referenceId Identification value for the SOAP attachment. + */ + public DataSource getAttachment(String referenceId) { + if (attachments==null) { + return null; + } + Vector entry = (Vector) attachments.get(referenceId); + if (entry==null) { + return null; + } + Object object = entry.get(1); + if (object instanceof DataSource) { + return (DataSource) object; + } else { + return null; + } + } + + /** + * Returns the InputStream to a specific SOAP attachment identified by uri. + * + * @param uri Identification value for the SOAP attachment. + */ + public InputStream getAttachmentInputStream(URI uri) throws MOAApplicationException { + if (attachments==null) { + return null; + } + String referenceId = uri.getPath(); + Vector entry = (Vector) attachments.get(referenceId); + if (entry==null) { + return null; + } + + InputStream attachmentIs = null; + Object object = entry.get(1); + + if (object instanceof DataSource) { + try { + attachmentIs = (InputStream) ( ((DataSource)object).getInputStream()); + } catch (IOException e) { + throw new MOAApplicationException("2208", new Object[] { uri }, e); + } + } else { + attachmentIs = (InputStream) object; + } + return attachmentIs; + //If we would return the whole mmds: return (ManagedMemoryDataSource) entry.get(1); + } + + /** + * Returns the content type to a specific SOAP attachment identified by referenceId. + * + * @param referenceId Identification value for the SOAP attachment. + */ + public String getAttachmentContentType(String referenceId) { + Vector entry = (Vector) attachments.get(referenceId); + if (entry==null) { + return null; + } + return (String) entry.get(0); + } + + /** + * Delete the temporary attachment files. + */ +public void cleanAttachmentCache() { + if (null==attachments) { + return; + } + Iterator iterator = attachments.entrySet().iterator(); + while (iterator.hasNext()) { + Entry hmEntry = (Entry) iterator.next(); + Vector entry = (Vector)hmEntry.getValue(); + Object object = entry.get(1); + if (object instanceof DataSource) { + DataSource mmds = (DataSource)object; + try { + if (mmds!=null) { + InputStream is = mmds.getInputStream(); + if (is!=null) is.close(); +// not available in Axis 1.0 to 1.1 +// File f = mmds.getDiskCacheFile(); +// if (f!=null) f.delete(); + if(mmds instanceof DeleteableDataSource) { + ((DeleteableDataSource)mmds).delete(); + } + //mmds..delete(); + } + } catch (IOException e) { + // ok to do nothing here + } + } else if (object instanceof InputStream) { + InputStream is = (InputStream)object; + try { + if (is!=null) is.close(); + String tempFile = (String) entry.get(2); + if (tempFile!=null){ + File f = new File(tempFile); + f.delete(); + } + } catch (IOException e) { + // ok to do nothing here + } + } + } + } + + /** + * Returns the <code>ConfigurationProvider</code> associated with this + * transaction. + * + * @return The ConfigurationProvider associated with this transaction. + */ + public ConfigurationProvider getConfiguration() { + return configuration; + } + + /** + * Search an uri content in cashed map. + * + * @param uri The value to look for. + * @return If found the cached entity, <code>null<code> otherwise. + */ + public Vector FindResolvedEntity(String uri) { + if (resolvedEntities==null) return null; + return (Vector) resolvedEntities.get(uri); + } + + /** + * Get a new InputStream of a cached entity. + * + * @param uri The value to look for. + * @return A new InputStream of the cached entity. + */ + public InputStream ResolveURI(String uri) { + InputStream is = null; + Vector entity = FindResolvedEntity(uri); + if (entity!=null) { + byte[] contentBytes = (byte[]) entity.get(0); + if (contentBytes!=null) { + is = new ByteArrayInputStream(contentBytes); + } + } + return is; + } + + /** + * Put a read entity (supplement, detached content, data object) on + * transactions entity cash, to prevent repeated reading on slower channels. + * + * @param uri A transaction-wide unique URI used as key of the entity cash + * table. + * @param contentBytes The cached content belonging to the uri. + * @param contentType If known, the MIME-type of the cashed content. + */ + public void PutResolvedEntity(String uri, byte[] contentBytes, String contentType) { + Logger.trace(" storing uri content of uri \"" + uri + "\" for future references"); + if (resolvedEntities==null) resolvedEntities = new HashMap(); + Vector entity = new Vector(); + entity.add(contentBytes); + entity.add(contentType); + resolvedEntities.put(uri, entity); + } +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContextManager.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContextManager.java new file mode 100644 index 0000000..8a45ddf --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContextManager.java @@ -0,0 +1,86 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.transaction; + +/** + * Provides each thread with an instance of <code>TransactionContext</code>. + * + * The single instance of the <code>TransactionContextManager</code> should be + * used to access contextual information for each web service transaction, e.g. + * the transaction ID, MOA configuration, client certificate, etc. + * + * @author Stefan Knirsch + * @author Patrick Peck + */ +public class TransactionContextManager { + + /** The single instance of <code>TransactionContextManager</code> */ + private static TransactionContextManager instance = null; + + /** Contains a single <code>TransactionContext</code> for each thread. */ + private ThreadLocal context = null; + + /** + * Get the single instance of <code>TransactionContextManager</code>. + * + * @return The single instanc of <code>TransactionContextManager</code>. + */ + public static synchronized TransactionContextManager getInstance() { + if (instance == null) { + instance = new TransactionContextManager(); + } + return instance; + } + + /** + * Creates a new <code>TransactionContextManager</code>. + * + * Protected to disallow direct instantiation. + */ + protected TransactionContextManager() { + context = new ThreadLocal(); + } + + /** + * Set the <code>TransactionContext</code> for the current thread. + * + * @param txContext The <code>TransactionContext</code> for this thread. + */ + public void setTransactionContext(TransactionContext txContext) { + context.set(txContext); + } + + /** + * Get the <code>TransactionContext</code> for the current thread. + * + * @return The <code>TransactionContext</code> for the current thread or + * <code>null</code>, if none has been set (or if this method is being invoked + * outside the bounds of a transaction). + */ + public TransactionContext getTransactionContext() { + return (TransactionContext) context.get(); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionIDGenerator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionIDGenerator.java new file mode 100644 index 0000000..b173308 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionIDGenerator.java @@ -0,0 +1,75 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.transaction; + + +/** + * A generator for unique transaction IDs. + * + * <p>The transaction IDs are of the form "<base>-<counter>", where: + * <ul> + * <li><code>base</code> is initialized with the system time when this class is + * being loaded</li> + * <li><code>counter</code> is incremented sequentially on each call to + * <code>nextID()</code></li> + * </ul> + * </p> + * + * <p> Assuming that it is highly unlikely that MOA servers are started at + * exactly the same time instant, the mechanism provided by this class should + * guarantee unique transaction IDs across multiple restarts and/or instances of + * the server.</p> + * + * @author Patrick Peck + * @author Stefan Knirsch + */ +public class TransactionIDGenerator { + + /** Request sequence number. */ + private static long counter = 0; + /** The base value to which to append the sequence number. */ + private static String base = null; + + /** + * Set up the initial base value. + */ + static { + synchronized (TransactionIDGenerator.class) { + base = Long.toString(System.currentTimeMillis()); + } + } + + /** + * Returns the next transaction ID. + * + * @return The next transaction ID. + */ + public static synchronized String nextID() { + counter++; + + return (base + "-" + counter); + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/util/IdGenerator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/util/IdGenerator.java new file mode 100644 index 0000000..a8d9e1b --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/util/IdGenerator.java @@ -0,0 +1,85 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.util; + +import java.util.Set; + +/** + * Generate unique ID values for various objects in the response. + * + * @author Patrick Peck + * @version $Id$ + */ +public class IdGenerator { + /** The base value to append the counter to. */ + private String base; + /** The <code>Set</code> of reserved ID values. */ + private Set reserved; + /** The sequence number. */ + private int count; + + /** + * Create a new <code>IdGenerator</code>. + * + * @param base A base value to append the IDs to. The creator of this object + * should provide a base value, so that appending the counter leads to unique + * IDs. + * @param reserved The <code>Set</code> of reserved IDs. A call to + * <code>uniqueId()</code> will respect the reserved IDs. + */ + public IdGenerator(String base, Set reserved) { + this.base = base; + this.reserved = reserved; + count = 1; + } + + /** + * Create the next ID value in the sequence. + * + * @return The next ID value in the sequence. + */ + protected String nextId() { + return base + "-" + count++; + } + + /** + * Create the next unique ID value which is unique in the reserved ID set. + * + * The created ID is added to the set of reserved IDs. + * + * @return The next ID value. + */ + public String uniqueId() { + String nextId; + + while (reserved.contains(nextId = nextId())); + + reserved.add(nextId); + + return nextId; + + } + +} |