diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-01-02 16:35:43 +0100 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-01-02 16:35:43 +0100 |
| commit | 8574f931c169248c67c3a5946351f9072628af46 (patch) | |
| tree | 56ac39e631af4cd11058c4ba1193180af9d2e1fe /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector | |
| parent | aabb36836ebfca9fe8cdc70dff13c0be7e5e761c (diff) | |
| download | moa-sig-8574f931c169248c67c3a5946351f9072628af46.tar.gz moa-sig-8574f931c169248c67c3a5946351f9072628af46.tar.bz2 moa-sig-8574f931c169248c67c3a5946351f9072628af46.zip | |
first untested beta version with new TSL lib
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector')
4 files changed, 0 insertions, 1455 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java deleted file mode 100644 index 39b2f8c..0000000 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java +++ /dev/null @@ -1,265 +0,0 @@ -package at.gv.egovernment.moa.spss.tsl.connector;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import java.security.cert.X509Certificate;
-import java.util.Iterator;
-import java.util.ListIterator;
-
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBIntrospector;
-import javax.xml.crypto.Data;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.NodeSetData;
-import javax.xml.crypto.URIReferenceException;
-import javax.xml.crypto.dom.DOMCryptoContext;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.dom.DOMValidateContext;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-import iaik.server.modules.xml.MOAXSecProvider;
-import iaik.xml.crypto.tsl.TSLConstants;
-import iaik.xml.crypto.tsl.TSLContext;
-import iaik.xml.crypto.tsl.TSLEngine;
-import iaik.xml.crypto.tsl.ex.SeverityAspect.Severity;
-import iaik.xml.crypto.tsl.ex.TSLSecurityException;
-import iaik.xml.crypto.tsl.ex.TSLVerificationException;
-import iaik.xml.crypto.tsl.gen.TrustStatusListType;
-import iaik.xml.crypto.tsl.verify.ITSLVerifier;
-import iaik.xml.crypto.utils.URIDereferencerImpl;
-
-public class MOATSLVerifier implements ITSLVerifier {
-
- private static final Logger logger = LoggerFactory.getLogger(MOATSLVerifier.class);
-
- private static iaik.xml.crypto.xmldsig.gen.ObjectFactory dsOf = new iaik.xml.crypto.xmldsig.gen.ObjectFactory();
-
- private static JAXBIntrospector JI = TSLEngine.jc.createJAXBIntrospector();
-
- public Boolean verifyTSL(Document tslDoc, TSLContext tslContext,
- ListIterator<X509Certificate> euTslCertsHash) {
-
- boolean coreValidity = false;
-
- try {
- // Signature s = new Signature();
- // TrustServiceStatusList tssl = new TrustServiceStatusList();
- JAXBElement<iaik.xml.crypto.xmldsig.gen.SignatureType> s = dsOf.createSignature(new iaik.xml.crypto.xmldsig.gen.SignatureType());
-// _l.debug(""+JI.getElementName(s));
- JAXBElement<TrustStatusListType> tssl = TSLConstants.TSL_OF.createTrustServiceStatusList(new TrustStatusListType());
-// _l.debug(""+JI.getElementName(tssl));
-
- Element tsslE = tslDoc.getDocumentElement();
-
- if (tsslE == null) {
- tslContext.throwException(new TSLVerificationException("Empty XML File", Severity.xml_failed));
- // } else if (!tsslE.getNamespaceURI().equals(tssl.getName().getNamespaceURI())) {
- } else if (!tsslE.getNamespaceURI().equals(JI.getElementName(tssl).getNamespaceURI())) {
- tslContext.throwException(new TSLVerificationException("Incorrect Namespace", Severity.xml_failed));
- // } else if (!tsslE.getLocalName().equals(tssl.getName().getLocalPart())) {
- } else if (!tsslE.getLocalName().equals(JI.getElementName(tssl).getLocalPart())) {
- tslContext.throwException(new TSLVerificationException("Wrong Document Element in document "+tslDoc.getDocumentURI(), Severity.xml_failed));
- }
-
- //now we can be sure the right document element is in place, Schema validation does not assure this for us
- //Schema validation however assures that the internal Structure of TrustServicesStatus List is correct
-
- // B.6 1) It MUST be an enveloped signature.
-
- Node n = tsslE.getLastChild();
-
- while ( n != null && ! (n instanceof Element) ) {
- n = n.getPreviousSibling();
- }
-
- Element sig = (Element) n;
-
- if (sig == null ||
- // ! sig.getNamespaceURI().equals(s.getName().getNamespaceURI()) ||
- // ! sig.getLocalName().equals(s.getName().getLocalPart())) {
- ! sig.getNamespaceURI().equals(JI.getElementName(s).getNamespaceURI()) ||
- ! sig.getLocalName().equals(JI.getElementName(s).getLocalPart())) {
-
- tslContext.throwException(
- new TSLVerificationException(
- TSLSecurityException.Type.NO_TSL_SIGNATURE)
- );
-
- } else {
-
- NodeList cn = tsslE.getChildNodes();
-
- for (int j = 0; j < cn.getLength(); j++) {
- cn.item(j);
- }
-
- //TODO assure connection with the PKI Module
- DOMValidateContext valContext = new DOMValidateContext(
- new MOATslKeySelector(euTslCertsHash, tslContext),
- sig);
-
- if (valContext.getURIDereferencer() == null) {
- valContext.setURIDereferencer(new URIDereferencerImpl());
- }
-
- // valContext.setProperty("iaik.xml.crypto.debug.OutputStream", System.out);
- valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
-
- XMLSignatureFactory fac = MOAXSecProvider.getXMLSignatureFactory();
-
- // unmarshal the XMLSignature
- XMLSignature signature = fac.unmarshalXMLSignature(valContext);
-
- // Validate the XMLSignature (generated above)
- coreValidity = signature.validate(valContext);
- // Check core validation status
- if (coreValidity == false) {
- debug(valContext, "Signature failed core validation");
- boolean sv = signature.getSignatureValue().validate(valContext);
- debug(valContext, "signature validation status: " + sv);
- // check the validation status of each Reference
- Iterator it = signature.getSignedInfo().getReferences().iterator();
- for (int j = 0; it.hasNext(); j++) {
- boolean refValid = ((Reference) it.next()).validate(valContext);
- debug(valContext, "ref[" + j + "] validity status: " + refValid);
- }
-
- tslContext.throwException(new TSLVerificationException("Signature failed core validation", Severity.signature_failed));
- }
-
- SignedInfo si = signature.getSignedInfo();
- Iterator it = si.getReferences().iterator();
-
-
- // 2) Its ds:SignedInfo element MUST contain a ds:Reference element with the
- // URI attribute set to a value referencing the TrustServiceStatusList
- // element enveloping the signature itself. This ds:Reference element MUST
- // satisfy the following requirements:
- // a) It MUST contain only one ds:Transforms element.
- // b) This ds:Transforms element MUST contain two ds:Transform elements. The
- // first one will be one whose Algorithm attribute indicates the enveloped
- // transformation with the value:
- // "http://www.w3.org/2000/09/xmldsig#enveloped-signature". The second one
- // will be one whose Algorithm attribute instructs to perform the exclusive
- // canonicalization "http://www.w3.org/2001/10/xml-exc-c14n#"
-
- boolean found_proper_tsslE_reference = false;
-
- for (int j = 0; it.hasNext(); j++) {
- Reference ref = ((Reference) it.next());
- Data d = valContext.getURIDereferencer().dereference(ref, valContext);
-
- if(!(d instanceof NodeSetData)) {
- continue;
- } else {
- NodeSetData nsd = (NodeSetData) d;
-
-
- if (nsd.iterator().next() == tsslE) {
-
- //Assured by XMLSchema
- //throw new TSLException("B.6 2 a) It MUST contain only one ds:Transforms element.");
-
- if(ref.getTransforms().size() != 2) {
- tslContext.throwException(
- new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE)
- );
- } else {
-
- Transform[] transforms = (Transform[]) ref.getTransforms().toArray(new Transform[2]);
-
- //TODO assign severity, code some heuristic showing the problems
- if (! transforms[0].getAlgorithm().equals("http://www.w3.org/2000/09/xmldsig#enveloped-signature")) {
- tslContext.throwException(
- new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE)
- );
-
- }
-
- //TODO assign severity, code some heuristic showing the problems
- if (! transforms[1].getAlgorithm().equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
- tslContext.throwException(
- new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE)
- );
- }
- }
-
- found_proper_tsslE_reference = true;
- }//if (nsd.iterator().next() == tsslE)
-
- }
- }
-
- if(!found_proper_tsslE_reference) {
- tslContext.throwException(
- new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE)
- );
- }
-
- // 3) ds:CanonicalizationMethod MUST be
- // "http://www.w3.org/2001/10/xml-exc-c14n#".
- if (! si.getCanonicalizationMethod().getAlgorithm().equals("http://www.w3.org/2001/10/xml-exc-c14n#")){
- tslContext.throwException(
- new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_CANONICALIZATION_METHOD)
- );
- }
-
- // 4) It MAY have other ds:Reference elements.
-
- }
- } catch (URIReferenceException e) {
- tslContext.throwException(new TSLVerificationException(e));
- } catch (MarshalException e) {
- tslContext.throwException(new TSLVerificationException(e));
- } catch (XMLSignatureException e) {
- logger.error("Failed to verify XML Signature for TSL!", e);
- return (Boolean) tslContext.throwException(
- new TSLSecurityException(TSLSecurityException.Type.ERRORS_IN_TSL_SIGNATURE),
- //we need an anonymous class to find the enclosing Method
- (new Object(){}).getClass().getEnclosingMethod(),
- null,
- new Object[] {tslDoc, tslContext, euTslCertsHash}
- );
- }
- return coreValidity;
- }
-
- public static void debug(DOMCryptoContext context, String message) {
-
- Object propDebug = context.getProperty("iaik.xml.crypto.debug.OutputStream");
-
- if ( propDebug == null) {
- return;
- }
-
- if (! (propDebug instanceof OutputStream)) {
- System.err.println("Failed to write to debug output stream. " +
- "DOMCryptoContext's Property (\"iaik.xml.crypto.debug.OutputStream\") " +
- "has to be of type OutputStream."
- );
- } else {
-
- OutputStream os = (OutputStream) propDebug;
- try {
- (new OutputStreamWriter(os)).write(message);
- } catch (IOException e) {
- System.err.println("Failed to write to debug output stream. " + e.getMessage());
- //TODO we cannot close the output stream here ...
- }
- }
-
- }
-
-}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java deleted file mode 100644 index efdd877..0000000 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java +++ /dev/null @@ -1,123 +0,0 @@ -package at.gv.egovernment.moa.spss.tsl.connector;
-
-import java.security.cert.X509Certificate;
-import java.util.List;
-import java.util.ListIterator;
-
-import javax.xml.crypto.AlgorithmMethod;
-import javax.xml.crypto.KeySelectorException;
-import javax.xml.crypto.KeySelectorResult;
-import javax.xml.crypto.XMLCryptoContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.X509Data;
-
-import iaik.server.modules.xmlverify.MOAKeySelector;
-import iaik.xml.crypto.tsl.TSLContext;
-import iaik.xml.crypto.tsl.ex.TSLSecurityException;
-import iaik.xml.crypto.tsl.ex.TSLVerificationException;
-import iaik.xml.crypto.tsl.verify.TslKeyInfoHints;
-import iaik.xml.crypto.utils.X509KeySelectorResult;
-
-public class MOATslKeySelector extends MOAKeySelector {
-
- private final ListIterator<X509Certificate> tslSignerCerts_;
- private TSLContext tslContextI_;
-
- public MOATslKeySelector(ListIterator<X509Certificate> euTslCertsHash, TSLContext tslContext) {
- if(euTslCertsHash == null){
- tslContext.throwException(
- new TSLVerificationException(
- TSLSecurityException.Type.MISSING_INFO_ON_TSL_SIGNER)
- );
- }
- tslSignerCerts_ = euTslCertsHash;
- tslContextI_ = tslContext;
- tslContext.toString();
- }
-
- @Override
- protected KeyInfoHints newKeyInfoHints(KeyInfo keyInfo,
- XMLCryptoContext context)
- throws KeySelectorException {
-
- return new TslKeyInfoHints(keyInfo, context, tslContextI_, tslSignerCerts_);
-
- }
-
- @Override
- protected KeySelectorResult select(KeyInfoHints hints,
- KeySelectorResult[] results) {
-
- if (results.length > 1){
-
- return (KeySelectorResult) tslContextI_.throwException(
- new TSLSecurityException(TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER),
- //we need an anonymous class to find the enclosing Method
- (new Object(){}).getClass().getEnclosingMethod(),
- this,
- new Object[] {hints, results}
- );
-
- } else {
- KeySelectorResult result = results[0];
- if (result instanceof X509KeySelectorResult) {
- result = new MOAX509KeySelectorResult((X509KeySelectorResult)result);
- } else {
- result = new MOAKeySelectorResult(result.getKey());
- }
- return result;
- }
- }
-
- @Override
- public KeySelectorResult select(X509Data x509Data,
- Purpose purpose,
- AlgorithmMethod method,
- XMLCryptoContext context) throws KeySelectorException {
-
- X509KeySelectorResult ksr;
- try {
- ksr = (X509KeySelectorResult) super.select(x509Data, purpose, method, context);
- } catch (ClassCastException e) {
- ksr = (X509KeySelectorResult) tslContextI_.throwException(
- e,
- //we need an anonymous class to find the enclosing Method
- (new Object(){}).getClass().getEnclosingMethod(),
- this,
- new Object[]{x509Data, purpose, method, context});
- }
-
- if (ksr == null){
- //there has been a Problem with the X509Data
- ksr = (X509KeySelectorResult) tslContextI_.throwException(
- new KeySelectorException(failReason_.replace(". ", ".\n")),
- //we need an anonymous class to find the enclosing Method
- (new Object(){}).getClass().getEnclosingMethod(),
- this,
- new Object[]{x509Data, purpose, method, context});
- }
-
- List l = ksr.getCertificates();
- tslContextI_.securityCheck(
- TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER,
- (X509Certificate[]) l.toArray(new X509Certificate[l.size()]),
- tslSignerCerts_
- );
-
- return ksr;
- }
-
- @Override
- protected KeySelectorResult select(X509Certificate cert, Purpose purpose,
- AlgorithmMethod method, XMLCryptoContext context)
- throws KeySelectorException {
-
- tslContextI_.securityCheck(
- TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER,
- cert,
- tslSignerCerts_
- );
-
- return super.select(cert, purpose, method, context);
- }
-}
\ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java deleted file mode 100644 index 5620a20..0000000 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ /dev/null @@ -1,972 +0,0 @@ -package at.gv.egovernment.moa.spss.tsl.connector;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.nio.channels.ByteChannel;
-import java.nio.channels.FileChannel;
-import java.security.Security;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-
-import org.apache.log4j.Logger;
-
-import at.gv.egovernment.moa.spss.tsl.config.Configurator;
-import at.gv.egovernment.moa.spss.tsl.utils.TSLEUImportFromFileContext;
-import at.gv.egovernment.moa.spss.tsl.utils.TSLEvaluationContext;
-import at.gv.egovernment.moa.spss.tsl.utils.TSLImportFromFileContext;
-import iaik.asn1.ObjectID;
-import iaik.util.GeneralUtils15;
-import iaik.util.logging.GeneralLog;
-import iaik.utils.RFC2253NameParser;
-import iaik.xml.crypto.EccProviderAdapter;
-import iaik.xml.crypto.XSecProvider;
-import iaik.xml.crypto.tsl.DbTables;
-import iaik.xml.crypto.tsl.DbTables.MODE;
-import iaik.xml.crypto.tsl.DbTables.Service;
-import iaik.xml.crypto.tsl.TSLCertEvaluator;
-import iaik.xml.crypto.tsl.TSLCertsExporter;
-import iaik.xml.crypto.tsl.TSLEngine;
-import iaik.xml.crypto.tsl.TSLEngine.LocationAndCertHash;
-import iaik.xml.crypto.tsl.TSLEngine.TSLEngineEU;
-import iaik.xml.crypto.tsl.TSLImportContext;
-import iaik.xml.crypto.tsl.TSLResult;
-import iaik.xml.crypto.tsl.TSLResultEndEntity;
-import iaik.xml.crypto.tsl.TSLResultImpl;
-import iaik.xml.crypto.tsl.TslSqlConnectionWrapper;
-import iaik.xml.crypto.tsl.constants.Countries;
-import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
-import iaik.xml.crypto.tsl.ex.TSLEngineFatalException;
-import iaik.xml.crypto.tsl.ex.TSLEngineFatalRuntimeException;
-import iaik.xml.crypto.tsl.ex.TSLExceptionB;
-import iaik.xml.crypto.tsl.ex.TSLRuntimeException;
-import iaik.xml.crypto.tsl.ex.TSLSearchException;
-import iaik.xml.crypto.tsl.ex.TSLTransactionFailedRuntimeException;
-import iaik.xml.crypto.tsl.fetch.TLS;
-import iaik.xml.crypto.tsl.sie.gen.QualifierType;
-
-public class TSLConnector implements TSLConnectorInterface {
-
- static final String _QCSSCDURI = "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/SvcInfoExt/QCWithSSCD";
- static final String _STYPETEMPLATE_CAQC = "CA/QC";
- static final String _STYPETEMPLATE_TSAQTST = "TSA/QTST";
-
- private static final String DEFAULT_HASHCACHE_DIR = "./hashcache/";
-
- static final List<String> STYPETEMPLATES = Collections.unmodifiableList(new ArrayList<String>(){
- private static final long serialVersionUID = 1L;
- {
- add(_STYPETEMPLATE_CAQC);
- add(_STYPETEMPLATE_TSAQTST);
- }
- });
-
-
- static Logger log = Logger.getLogger(TSLConnector.class);
-
- public void initialize(String euTSLURL, String TSLWorkingDirectoryPath, String jdbcURL, String jdbcDriverClass)
- throws TSLEngineDiedException {
-
- Configurator.initial(euTSLURL, TSLWorkingDirectoryPath, jdbcURL, jdbcDriverClass);
-
- }
-
- public ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime,
- String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- return updateAndGetQualifiedCACertificates(dateTime, null, serviceLevelStatus);
- }
-
- public void updateTSLs(Date dateTime,
- String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- updateTSLs(dateTime, null, serviceLevelStatus);
- }
-
- public ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime,
- String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
-
-// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
-// System.out.println("hashcachedir: " + hashcachedir);
-// if (hashcachedir==null)
-// hashcachedir = DEFAULT_HASHCACHE_DIR;
-
-// File hashcachefile = new File(hashcachedir);
-// File[] filelist = hashcachefile.listFiles();
-// if (filelist != null) {
-// for (File f : filelist)
-// f.delete();
-// }
-
- File tsldownloadfile = new File(tsldownloaddir);
- if (!tsldownloadfile.exists()) {
- tsldownloadfile.mkdir();
- }
- File[] tslfilelist = tsldownloadfile.listFiles();
- if (tslfilelist != null) {
- for (File f : tslfilelist)
- f.delete();
- }
-
- //create sqlLite database
- File dbFile = new File(Configurator.get_TempdbFile());
- try {
- dbFile.delete();
- dbFile.createNewFile();
- } catch (IOException e) {
- throw new TSLEngineDiedException("Could not create temporary data base file", e);
- }
-
- //the TSL library uses the iaik.util.logging environment.
- //iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.WARN);
- iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.OFF);
-
- log.info("Starting EU TSL import.");
-
- // Certificates in Germany, Estonia, Greece, Cyprus,
- // Lithuainia, Hungary, Poland, Finland, Norway use SURNAME
- log.debug("### SURNAME registered as " + ObjectID.surName + " ###");
- RFC2253NameParser.register("SURNAME", ObjectID.surName);
-
- XSecProvider.addAsProvider(false);
-
- TSLEngine tslEngine;
- TslSqlConnectionWrapper connection = null;
-
- try {
- // register the Https JSSE Wrapper
- TLS.register();
- log.trace("### Https JSSE Wrapper registered ###");
-
-
- log.debug("### Connect to Database.###");
- connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);
-
- log.trace("### Connected ###");
-
- // empty the database and recreate the tables
- tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(),
- connection, true, true);
-
- } catch (TSLEngineFatalException e1) {
- throw new TSLEngineDiedException(e1);
-
- }
-
- // H.2.2.1 Same-scheme searching
- // H.2.2.2 Known scheme searching
- // H.2.2.3 "Blind" (unknown) scheme searching
- Number tId = null;
- Countries euTerritory = Countries.EU;
- TSLImportContext topLevelTslContext = new TSLEUImportFromFileContext(
- euTerritory, Configurator.get_euTSLURL(), Configurator.get_TSLWorkingDirectoryPath(),
- Configurator.is_sqlMultithreaded(),
- Configurator.is_throwExceptions(), Configurator.is_logExceptions(),
- Configurator.is_throwWarnings(), Configurator.is_logWarnings(),
- Configurator.is_nullRedundancies());
-
- TSLEngineEU tslengineEU;
- try {
- tslengineEU = tslEngine.new TSLEngineEU();
-
- } catch (TSLEngineFatalException e1) {
- throw new TSLEngineDiedException(e1);
- }
-
- // establish EU TSL trust anchor
- ListIterator<java.security.cert.X509Certificate> expectedEuTslSignerCerts =
- tslEngine.loadCertificatesFromResource(
- Configurator.get_euTrustAnchorsPath(), topLevelTslContext);
-
- log.debug("Process EU TSL");
- // process the EU TSL to receive the pointers to the other TSLs
- // and the trust anchors for the TSL signers
- Set<Entry<Number, LocationAndCertHash>> pointersToMsTSLs = null;
-
- try {
-
- tId = tslengineEU.processEUTSL(topLevelTslContext, expectedEuTslSignerCerts);
- log.info("Process EU TSL finished");
-
- log.debug(Thread.currentThread() + " waiting for other threads ...");
-
- topLevelTslContext.waitForAllOtherThreads();
- log.debug(Thread.currentThread()
- + " reactivated after other threads finished ...");
-
-
- // get the TSLs pointed from the EU TSL
- LinkedHashMap<Number, LocationAndCertHash> tslMap = tslengineEU
- .getOtherTslMap(tId, topLevelTslContext);
-
- pointersToMsTSLs = tslMap.entrySet();
-
- //set Errors and Warrnings
-
- } catch (TSLEngineFatalRuntimeException e) {
- throw new TSLEngineDiedException(topLevelTslContext.dumpFatals());
-
- } catch (TSLTransactionFailedRuntimeException e) {
- throw new TSLEngineDiedException(topLevelTslContext.dumpTransactionFaliures());
- }
-
- //Backup implementation if the EU TSL includes a false signer certificate
- // establish additional trust anchors for member states
-// Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {
-// Countries.CZ,
-// Countries.LU,
-// Countries.ES,
-// Countries.AT,
-// };
- Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {};
-
- Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>
- trustAnchorsWrongOnEuTsl = loadCertificatesFromResource(
- Configurator.get_msTrustAnchorsPath(), tslEngine, topLevelTslContext,
- countriesWithPotentiallyWrongCertsOnEuTsl);
-
- log.info("Starting EU member TSL import.");
-
- for (Entry<Number, LocationAndCertHash> entry : pointersToMsTSLs) {
-
- TSLImportContext msTslContext;
-
- Countries expectedTerritory = entry.getValue().getSchemeTerritory();
- try {
-
-// if (expectedTerritory.equals("RO"))
-// System.out.println("Stop");
-
- Number otpId = entry.getKey();
- LocationAndCertHash lac = entry.getValue();
-
- URL uriReference = null;
- try {
- uriReference = new URL(lac.getUrl());
-
- } catch (MalformedURLException e) {
- log.warn("Could not process: " + uriReference, e);
- continue;
- }
-
- String baseURI = uriReference == null ? "" : "" + uriReference;
-
- msTslContext = new TSLImportFromFileContext(
- expectedTerritory, uriReference, otpId, Configurator.get_TSLWorkingDirectoryPath(),
- Configurator.is_sqlMultithreaded(),
- Configurator.is_throwExceptions(), Configurator.is_logExceptions(),
- Configurator.is_throwWarnings(), Configurator.is_logWarnings(),
- Configurator.is_nullRedundancies(), baseURI, trustAnchorsWrongOnEuTsl,
- topLevelTslContext);
-
- ListIterator<X509Certificate> expectedTslSignerCerts = null;
- expectedTslSignerCerts = tslEngine.getCertificates(lac, msTslContext);
-
- if (expectedTslSignerCerts == null) {
-
- // no signer certificate on the EU TSL
- // ignore this msTSL and log a warning
- log.warn("NO signer certificate found on EU TSL! "
- + lac.getSchemeTerritory() + "TSL ignored.");
-
- }
- else {
- tslEngine.processMSTSL(topLevelTslContext, msTslContext, expectedTslSignerCerts);
- }
-
- } catch (TSLExceptionB e) {
- log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()
- + " TSL ignored.");
- log.debug("Failed to process TSL. " + entry, e);
- continue;
- } catch (TSLRuntimeException e) {
- log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()
- + " TSL ignored.");
- log.debug("Failed to process TSL. " + entry, e);
- continue;
- }
- }
-
- log.debug(Thread.currentThread() + " waiting for other threads ...");
- topLevelTslContext.waitForAllOtherThreads();
-
- log.debug(GeneralUtils15.dumpAllThreads());
- log.debug(Thread.currentThread() + " reactivated after other threads finished ...");
-
- connection = null;
- try {
- connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);
- tslEngine.recreateTablesInvalidatedByImport(connection);
-
-
- //TODO: implement database copy operation!
- File working_database = new File(Configurator.get_dbFile());
- working_database.delete();
- copy(dbFile, working_database);
-
-
- } catch (TSLEngineFatalException e) {
- throw new TSLEngineDiedException(e);
-
- } finally {
- try {
- connection.closeConnection();
-
- } catch (TSLEngineFatalException e) {
- throw new TSLEngineDiedException(e);
-
- }
- }
-
- return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);
- }
-
- public void updateTSLs(Date dateTime,
- String[] countries, String[] serviceLevelStatus) throws TSLEngineDiedException, TSLSearchException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
-
-// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
-// System.out.println("hashcachedir: " + hashcachedir);
-// if (hashcachedir==null)
-// hashcachedir = DEFAULT_HASHCACHE_DIR;
-
-// File hashcachefile = new File(hashcachedir);
-// File[] filelist = hashcachefile.listFiles();
-// if (filelist != null) {
-// for (File f : filelist)
-// f.delete();
-// }
-
- File tsldownloadfile = new File(tsldownloaddir);
- if (!tsldownloadfile.exists()) {
- tsldownloadfile.mkdir();
- }
- File[] tslfilelist = tsldownloadfile.listFiles();
- if (tslfilelist != null) {
- for (File f : tslfilelist)
- f.delete();
- }
-
- //create sqlLite database
- File dbFile = new File(Configurator.get_TempdbFile());
- try {
- dbFile.delete();
- dbFile.createNewFile();
- } catch (IOException e) {
- throw new TSLEngineDiedException("Could not create temporary data base file", e);
- }
-
- //the TSL library uses the iaik.util.logging environment.
- //iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.WARN);
- iaik.util.logging.Log.setLogLevel(iaik.util.logging.LogLevels.OFF);
-
- log.info("Starting EU TSL import.");
-
- // Certificates in Germany, Estonia, Greece, Cyprus,
- // Lithuainia, Hungary, Poland, Finland, Norway use SURNAME
- log.debug("### SURNAME registered as " + ObjectID.surName + " ###");
- RFC2253NameParser.register("SURNAME", ObjectID.surName);
-
- //XSecProvider.addAsProvider(false);
-
- TSLEngine tslEngine;
- TslSqlConnectionWrapper connection = null;
-
- try {
- // register the Https JSSE Wrapper
- TLS.register();
- log.trace("### Https JSSE Wrapper registered ###");
-
-
- log.debug("### Connect to Database.###");
- connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);
-
- log.trace("### Connected ###");
-
- // empty the database and recreate the tables
- tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(),
- connection, true, true);
-
- } catch (TSLEngineFatalException e1) {
- throw new TSLEngineDiedException(e1);
-
- }
-
- // H.2.2.1 Same-scheme searching
- // H.2.2.2 Known scheme searching
- // H.2.2.3 "Blind" (unknown) scheme searching
- Number tId = null;
- Countries euTerritory = Countries.EU;
- TSLImportContext topLevelTslContext = new TSLEUImportFromFileContext(
- euTerritory, Configurator.get_euTSLURL(), Configurator.get_TSLWorkingDirectoryPath(),
- Configurator.is_sqlMultithreaded(),
- Configurator.is_throwExceptions(), Configurator.is_logExceptions(),
- Configurator.is_throwWarnings(), Configurator.is_logWarnings(),
- Configurator.is_nullRedundancies());
-
- TSLEngineEU tslengineEU;
- try {
- tslengineEU = tslEngine.new TSLEngineEU();
-
- } catch (TSLEngineFatalException e1) {
- throw new TSLEngineDiedException(e1);
- }
-
- // establish EU TSL trust anchor
- ListIterator<java.security.cert.X509Certificate> expectedEuTslSignerCerts =
- tslEngine.loadCertificatesFromResource(
- Configurator.get_euTrustAnchorsPath(), topLevelTslContext);
-
- log.debug("Process EU TSL");
- // process the EU TSL to receive the pointers to the other TSLs
- // and the trust anchors for the TSL signers
- Set<Entry<Number, LocationAndCertHash>> pointersToMsTSLs = null;
-
- try {
-
- tId = tslengineEU.processEUTSL(topLevelTslContext, expectedEuTslSignerCerts);
- log.info("Process EU TSL finished");
-
- log.debug(Thread.currentThread() + " waiting for other threads ...");
-
- topLevelTslContext.waitForAllOtherThreads();
- log.debug(Thread.currentThread()
- + " reactivated after other threads finished ...");
-
-
- // get the TSLs pointed from the EU TSL
- LinkedHashMap<Number, LocationAndCertHash> tslMap = tslengineEU
- .getOtherTslMap(tId, topLevelTslContext);
-
- pointersToMsTSLs = tslMap.entrySet();
-
- //set Errors and Warrnings
-
- } catch (TSLEngineFatalRuntimeException e) {
- throw new TSLEngineDiedException(topLevelTslContext.dumpFatals());
-
- } catch (TSLTransactionFailedRuntimeException e) {
- throw new TSLEngineDiedException(topLevelTslContext.dumpTransactionFaliures());
- }
-
- //Backup implementation if the EU TSL includes a false signer certificate
- // establish additional trust anchors for member states
-// Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {
-// Countries.CZ,
-// Countries.LU,
-// Countries.ES,
-// Countries.AT,
-// };
- Countries[] countriesWithPotentiallyWrongCertsOnEuTsl = {};
-
- Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>
- trustAnchorsWrongOnEuTsl = loadCertificatesFromResource(
- Configurator.get_msTrustAnchorsPath(), tslEngine, topLevelTslContext,
- countriesWithPotentiallyWrongCertsOnEuTsl);
-
- log.info("Starting EU member TSL import.");
-
- for (Entry<Number, LocationAndCertHash> entry : pointersToMsTSLs) {
-
- TSLImportContext msTslContext;
-
- Countries expectedTerritory = entry.getValue().getSchemeTerritory();
- try {
-
-// if (expectedTerritory.equals("RO"))
-// System.out.println("Stop");
-
- Number otpId = entry.getKey();
- LocationAndCertHash lac = entry.getValue();
-
- URL uriReference = null;
- try {
- uriReference = new URL(lac.getUrl());
-
- } catch (MalformedURLException e) {
- log.warn("Could not process: " + uriReference, e);
- continue;
- }
-
- String baseURI = uriReference == null ? "" : "" + uriReference;
-
- msTslContext = new TSLImportFromFileContext(
- expectedTerritory, uriReference, otpId, Configurator.get_TSLWorkingDirectoryPath(),
- Configurator.is_sqlMultithreaded(),
- Configurator.is_throwExceptions(), Configurator.is_logExceptions(),
- Configurator.is_throwWarnings(), Configurator.is_logWarnings(),
- Configurator.is_nullRedundancies(), baseURI, trustAnchorsWrongOnEuTsl,
- topLevelTslContext);
-
- ListIterator<X509Certificate> expectedTslSignerCerts = null;
- expectedTslSignerCerts = tslEngine.getCertificates(lac, msTslContext);
-
- if (expectedTslSignerCerts == null) {
-
- // no signer certificate on the EU TSL
- // ignore this msTSL and log a warning
- log.warn("NO signer certificate found on EU TSL! "
- + lac.getSchemeTerritory() + "TSL ignored.");
-
- }
- else {
- tslEngine.processMSTSL(topLevelTslContext, msTslContext, expectedTslSignerCerts);
- }
-
- } catch (TSLExceptionB e) {
- log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()
- + " TSL ignored.");
- log.debug("Failed to process TSL. " + entry, e);
- continue;
- } catch (TSLRuntimeException e) {
- log.warn("Failed to process TSL. " + entry.getValue().getSchemeTerritory()
- + " TSL ignored.");
- log.debug("Failed to process TSL. " + entry, e);
- continue;
- }
- }
-
- log.debug(Thread.currentThread() + " waiting for other threads ...");
- topLevelTslContext.waitForAllOtherThreads();
-
- log.debug(GeneralUtils15.dumpAllThreads());
- log.debug(Thread.currentThread() + " reactivated after other threads finished ...");
-
- connection = null;
- try {
- connection = DbTables.connectToDatabaBase(dbFile, MODE.AUTO_COMMIT_ON);
- tslEngine.recreateTablesInvalidatedByImport(connection);
-
-
- //TODO: implement database copy operation!
- File working_database = new File(Configurator.get_dbFile());
- working_database.delete();
- copy(dbFile, working_database);
-
-
- } catch (TSLEngineFatalException e) {
- throw new TSLEngineDiedException(e);
-
- } finally {
- try {
- connection.closeConnection();
-
- } catch (TSLEngineFatalException e) {
- throw new TSLEngineDiedException(e);
-
- }
- }
-
- //return getQualifiedCACertificates(dateTime, countries, serviceLevelStatus);
- }
-
- public ArrayList<File> getQualifiedCACertificates(Date dateTime,
- String[] serviceLevelStatus) throws TSLEngineDiedException,
- TSLSearchException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- return getQualifiedCACertificates(dateTime, null, serviceLevelStatus);
- }
-
- public ArrayList<File> getQualifiedCACertificates(Date dateTime,
- String[] countries, String[] serviceLevelStatus)
- throws TSLEngineDiedException, TSLSearchException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- //TODO: database
- File dbFile = new File(Configurator.get_TempdbFile());
- //File dbFile = new File(Configurator.get_dbFile());
- if(!dbFile.exists())
- throw new TSLEngineDiedException("Could not open data base file");
-
- log.debug("### Connect to Database ###");
- TslSqlConnectionWrapper readConnection = null;
-
- try {
- readConnection = DbTables.connectToDatabaBase(dbFile, MODE.READ_ONLY);
-
- TSLEngine tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(),
- readConnection, false, false);
-
- log.debug("### Connected ###");
- //TODO: maybe add "TSA/QTST for qualified timestamps
- try {
- TSLCertsExporter certsExporter;
- certsExporter = tslEngine.createCertsExporter(
- readConnection,
- countries,
- null,//new String[]{_STYPETEMPLATE_CAQC},
- serviceLevelStatus
- );
-
- return certsExporter.exportAsArray(dateTime, null);
-
- } catch (TSLEngineFatalException e) {
- e.printStackTrace();
- GeneralLog.err("could not export Certs", e);
- throw new TSLEngineDiedException(e);
- }
-
- } catch (TSLEngineFatalException e1) {
- throw new TSLEngineDiedException(e1);
-
- } finally {
- try {
- readConnection.closeConnection();
-
- } catch (TSLEngineFatalException e) {
- throw new TSLEngineDiedException(e);
- }
- }
- }
-
- public boolean checkQC(java.security.cert.X509Certificate[] chain)
- throws TSLSearchException, TSLEngineDiedException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- return checkQC(chain, 1);
- }
-
- public boolean checkSSCD(java.security.cert.X509Certificate[] chain)
- throws TSLSearchException, TSLEngineDiedException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- return checkSSCD(chain, 1);
- }
-
- public boolean checkQC(java.security.cert.X509Certificate[] chain, int cnt)
- throws TSLSearchException, TSLEngineDiedException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- LinkedHashMap<X509Certificate, TSLResult> tslResultC = checkchain(chain, cnt);
-
- //get first result
- java.util.Map.Entry<java.security.cert.X509Certificate, TSLResult> resultmap = tslResultC.entrySet().iterator().next();
- TSLResult tslresult = tslResultC.entrySet().iterator().next().getValue();
-
-
-
- if (tslresult == null) {
- log.info("Certificate: " + resultmap.getKey().getSubjectDN()
- + " not on the TSL");
- throw new TSLSearchException("Certificate: " + resultmap.getKey().getSubjectDN()
- + " not on the TSL");
- }
-
- if (tslresult instanceof TSLResultEndEntity) {
- TSLResultEndEntity ree = (TSLResultEndEntity) tslresult;
-
-
- String sType = (String) ree.get(Service.C.sType);
-
- log.info("Cert: " + resultmap.getKey().getSubjectDN() + " sType=" + sType);
-
- //TODO: maybe add "TSA/QTST for qualified timestamps
- if (sType.equals(_STYPETEMPLATE_CAQC))
- return true;
- else
- return false;
- }
-
- else if (tslresult instanceof TSLResultImpl) {
-
- //TODO: Certificate is not of Type EndEntity (equal to QCSSCD check)
- // Is FALSE the correct answer?
- return false;
- }
-
- throw new TSLEngineDiedException("TSL Result has an unknown Class type");
- }
-
- public boolean checkSSCD(java.security.cert.X509Certificate[] chain, int cnt)
- throws TSLSearchException, TSLEngineDiedException {
-
- if (Configurator.is_isInitialised() == false)
- new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- LinkedHashMap<X509Certificate, TSLResult> tslResultC = checkchain(chain, cnt);
-
- //get first result
- java.util.Map.Entry<java.security.cert.X509Certificate, TSLResult> resultmap = tslResultC.entrySet().iterator().next();
- TSLResult tslresult = tslResultC.entrySet().iterator().next().getValue();
-
- if (tslresult == null) {
- log.info("Certificate: " + resultmap.getKey().getSubjectDN() + " not on the TSL");
- throw new TSLSearchException("Certificate: " + resultmap.getKey().getSubjectDN()
- + " not on the TSL");
- }
-
- if (tslresult instanceof TSLResultEndEntity) {
- TSLResultEndEntity ree = (TSLResultEndEntity) tslresult;
-
- List<QualifierType> qualifier = ree.getQualifierList();
-
- Iterator<QualifierType> qualifierlist = qualifier.iterator();
-
- String uri = "";
-
- while (qualifierlist.hasNext()) {
- uri = qualifierlist.next().getUri();
-
- log.debug("Cert: " + resultmap.getKey().getSubjectDN() + " SSCD=" + uri);
-
- if (uri.contains(_QCSSCDURI)) {
- return true;
- }
- else {
- return false;
- }
- }
- return false;
- }
-
- else if (tslresult instanceof TSLResultImpl) {
-
- //TODO: Certificate is not of Type EndEntity (equal to QC check)
- // Is FALSE the correct answer?
- return false;
- }
-
- throw new TSLEngineDiedException("TSL Result has an unknown Class type");
- }
-
-
-
- private LinkedHashMap<java.security.cert.X509Certificate, TSLResult> checkchain(java.security.cert.X509Certificate[] chain, int cnt)
- throws TSLSearchException, TSLEngineDiedException {
-
- File dbFile = new File(Configurator.get_dbFile());
- if(!dbFile.exists())
- throw new TSLEngineDiedException("Could not open data base file");
-
- try {
-
- log.debug("### Connect to Database ###");
- TslSqlConnectionWrapper readConnection;
- readConnection = DbTables.connectToDatabaBase(dbFile, MODE.READ_ONLY);
- log.debug("### Connected ###");
-
- TSLEngine tslEngine = new TSLEngine(dbFile, Configurator.get_TSLWorkingDirectoryPath(),
- readConnection, false, false);
-
- XSecProvider.addAsProvider(false);
- log.debug("### XSECT registered ###");
- // register the additional IAIK ECC provider
- Security.addProvider(EccProviderAdapter.getEccProvider());
- log.debug("### ECC registered ###");
-
-
- TSLEvaluationContext context = new TSLEvaluationContext(
- Configurator.get_TSLWorkingDirectoryPath(),
- Configurator.is_sqlMultithreaded(),
- Configurator.is_throwExceptions(),
- Configurator.is_logExceptions(),
- Configurator.is_throwWarnings(),
- Configurator.is_logWarnings());
-
- TSLCertEvaluator tslCertEvaluator = tslEngine.createEvaluator(context,
- readConnection);
-
- Date signingTime = new Date();
-
- // has to be later or equal
- Date now = new Date();
-
- LinkedHashMap<java.security.cert.X509Certificate, TSLResult> tslResultC = tslCertEvaluator
- .evaluate(TSLCertEvaluator.CHAIN_MODEL, chain, signingTime, now, context);
-
- return tslResultC;
-
- } catch (TSLEngineFatalException e1) {
- throw new TSLEngineDiedException(e1);
- }
-
-
- }
-
- private static Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>> loadCertificatesFromResource(
- final String msTrustAnchorsPath, TSLEngine tslEngine,
- TSLImportContext topLevelTslContext, Countries[] countriesWithNoCertsOnEuTsl)
- throws TSLEngineDiedException {
- Map<Countries, java.util.ListIterator<java.security.cert.X509Certificate>> trustAnchorsMissingOnEuTsl;
- trustAnchorsMissingOnEuTsl =
- new HashMap<Countries, java.util.ListIterator<java.security.cert.X509Certificate>>(
- countriesWithNoCertsOnEuTsl.length);
-
- for (int i = 0; i < countriesWithNoCertsOnEuTsl.length; i++) {
- Countries country = countriesWithNoCertsOnEuTsl[i];
-
- final String mspath = msTrustAnchorsPath + country + "/";
-
- ListIterator<java.security.cert.X509Certificate> msCerts =
- tslEngine.loadCertificatesFromResource(mspath, topLevelTslContext);
-
- trustAnchorsMissingOnEuTsl.put(country, msCerts);
- }
- return trustAnchorsMissingOnEuTsl;
- }
-
-
- private void copy(File source, File destination) throws TSLEngineDiedException {
- try {
- FileInputStream fileInputStream = new FileInputStream(source);
- FileOutputStream fileOutputStream = new FileOutputStream(destination);
- FileChannel inputChannel = fileInputStream.getChannel();
- FileChannel outputChannel = fileOutputStream.getChannel();
-
- transfer(inputChannel, outputChannel, source.length(), false);
-
- fileInputStream.close();
- fileOutputStream.close();
-
- destination.setLastModified(source.lastModified());
- } catch (Exception e) {
-
- throw new TSLEngineDiedException("Error during TSL database copy operation!.");
- }
- }
-
- private void transfer(FileChannel fileChannel, ByteChannel byteChannel, long lengthInBytes, boolean verbose)
- throws IOException {
-
- long overallBytesTransfered = 0L;
- long time = -System.currentTimeMillis();
-
- while (overallBytesTransfered < lengthInBytes) {
- long bytesTransfered = 0L;
- bytesTransfered = fileChannel.transferTo(overallBytesTransfered, Math.min(1024 * 1024, lengthInBytes - overallBytesTransfered), byteChannel);
- overallBytesTransfered += bytesTransfered;
- if (verbose) {
- System.out.println("overall bytes transfered: " + overallBytesTransfered + " progress " + (Math.round(overallBytesTransfered / ((double) lengthInBytes) * 100.0)) + "%");
- }
- }
- time += System.currentTimeMillis();
-
- if (verbose) {
- System.out.println("Transfered: " + overallBytesTransfered + " bytes in: " + (time / 1000) + " s -> " + (overallBytesTransfered / 1024.0) / (time / 1000.0) + " kbytes/s");
- }
- }
-
-
-// /**
-// * @param tslResultC
-// * @param context
-// */
-// private static void printResultDetails(
-// LinkedHashMap<java.security.cert.X509Certificate, TSLResult> tslResultC, TSLContext context) {
-//
-// for (java.util.Map.Entry<java.security.cert.X509Certificate, TSLResult> e : tslResultC
-// .entrySet()) {
-//
-// TSLResult r = e.getValue();
-//
-// if (r == null) {
-// log.info("Certificate: " + e.getKey().getSubjectDN()
-// + " not on the TSL");
-// continue;
-// }
-//
-// if (r instanceof TSLResultEndEntity) {
-// TSLResultEndEntity ree = (TSLResultEndEntity) r;
-//
-// String status = (String) ree.get(Service.C.status);
-//
-// Date startDate = context.getDate(ree.get(Service.C.startDate));
-// Long endDateL = (Long) ree.get(ServiceView.C.endDate);
-// Date endDate = endDateL == null ? null : new Date(endDateL);
-//
-// String sType = (String) ree.get(Service.C.sType);
-//
-// List<QualifierType> tslQual = ree.getQualifierList();
-//
-// StringBuilder qualList = new StringBuilder("");
-// if (!tslQual.isEmpty()) {
-// qualList.append("\n~~~~~~~~~~~~ TSL-Qualifiers ~~~~~~~~~~~~\n");
-// for (QualifierType qual : tslQual) {
-// qualList.append(qual.getUri() + "\n");
-// }
-// qualList.append("~~~~~~~~~~~~~~~~~ End ~~~~~~~~~~~~~~~~\n");
-// }
-//
-// log.info("############### EndEntity ###############\n"
-// + _.printCertificate(e.getKey()) + qualList + "\nServiceProvider: "
-// + ree.getSerivceProvider().getSubjectDN() + "\n" + Service.C.sType
-// + ": " + sType + "\n" + Service.C.status + ": " + status + "\n"
-// + Service.C.startDate + ": " + startDate + "\n"
-// + ServiceView.C.endDate + ": " + endDate);
-// log.info("############ ServiceProvider ############\n"
-// + _.printCertificate(ree.getSerivceProvider()));
-// log.info("################# END #################");
-//
-// continue;
-// }
-//
-// if (r instanceof TSLResultImpl) {
-// TSLResultImpl ri = (TSLResultImpl) r;
-// log.info("----------------- BEGIN -----------------\n"
-// + "Certificate: " + e.getKey().getSubjectDN() + "\n" + ri.toString());
-//
-// int i = 1;
-// for (Iterator iter = ri.getRows().iterator(); iter.hasNext();) {
-// Row row = (Row) iter.next();
-// // TSPServiceInformationType sInfo =
-// // ((JAXBElement<TSPServiceInformationType>)
-// // row.s_.get(Service.C.sInfo)).getValue();
-// String status = (String) row.s_.get(Service.C.status);
-//
-// Date startDate = context.getDate(row.s_.get(Service.C.startDate));
-//
-// Date endDate = context.getDate(row.s_.get(ServiceView.C.endDate));
-//
-// String sType = (String) row.s_.get(Service.C.sType);
-//
-// log.info("----------------- (" + (i++) + ") -----------------\n"
-// + Service.C.sType + ": " + sType + " " + Service.C.status + ": "
-// + status + "\n" + Service.C.startDate + ": " + startDate + "\n"
-// + ServiceView.C.endDate + ": " + endDate + "\n" + row.s_);
-//
-// row.s_.get(Service.C.sExt);
-// }
-// log.info("----------------- END -----------------");
-// }
-// }
-// }
-}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnectorInterface.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnectorInterface.java deleted file mode 100644 index 4992f75..0000000 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnectorInterface.java +++ /dev/null @@ -1,95 +0,0 @@ -package at.gv.egovernment.moa.spss.tsl.connector;
-
-import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
-import iaik.xml.crypto.tsl.ex.TSLSearchException;
-
-import java.io.File;
-import java.util.ArrayList;
-import java.util.Date;
-
-import java.security.cert.X509Certificate;
-
-public interface TSLConnectorInterface {
-
- /**
- * Initial the MOA TSL Connector.<br>
- * <b>The hashcache directory must be set via "System-Property "iaik.xml.crypto.tsl.BinaryHashCache.DIR"!!!</b>
- *
- * @author TLenz
- * @param euTSLURL - URL to TrustList
- * @param TSLWorkingDirectoryPath - Path to a folder which should be used by the TSL engine. (/A/B/.../)
- * @param jdbcURL - ...
- * @param jdbcDriverClass - ...
- */
- void initialize(String euTSLURL, String TSLWorkingDirectoryPath, String jdbcURL, String jdbcDriverClass) throws TSLEngineDiedException;
-
-
- /**
- * Perform an update of all certificates which are on EU TSL and all MS TSLs and create an locale TSL database.
- * The old locale TSL database is removed and a new database is created.
- *
- * @author TLenz
- * @param dateTime - ...
- * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}
- * @return List of certificates with the selected properties
- */
- ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime, String[] serviceLevelStatus)
- throws TSLEngineDiedException, TSLSearchException ;
-
- /**
- * Perform an update of all certificates which are on EU TSL and all MS TSLs and create an locale TSL database.
- * The old locale TSL database is removed and a new database is created.
- *
- * @author TLenz
- * @param dateTime - ...
- * @param countries - String Array of country codes. For example new Sting[]{"AT","IT","BE"}
- * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}
- * @return List of certificates with the selected properties
- */
- ArrayList<File> updateAndGetQualifiedCACertificates(Date dateTime, String[] countries, String[] serviceLevelStatus)
- throws TSLEngineDiedException, TSLSearchException ;
-
- /**
- * Check the http://uri.etis.org/TrstSvc/Svctype/CA/QC characteristic of a certificate by using the TSL information.
- * This method uses information from the local TSL database.
- *
- * @author TLenz
- * @param certificate - An X509 certificate.
- * @return Return true, if the certificate comprises the http://uri.etis.org/TrstSvc/Svctype/CA/QC characteristic.
- */
- boolean checkQC(X509Certificate[] certificate) throws TSLSearchException, TSLEngineDiedException;
-
- /**
- * Check the http://uri.etis.org/TrstSvc/eSigDir-1999-93-ECTrustedList/SvcInfoExt/QCWithSSCD characteristic of a certificate by using the TSL information.
- * This method uses information from the local TSL database.
- *
- * @author TLenz
- * @param certificate - An X509 certificate.
- * @return Return true, if the certificate comprises the http://uri.etis.org/TrstSvc/eSigDir-1999-93-ECTrustedList/SvcInfoExt/QCWithSSCD characteristic.
- */
- boolean checkSSCD(X509Certificate[] certificate) throws TSLSearchException, TSLEngineDiedException;
-
- /**
- * Get a list of certificates form the local TSL database with the selected properties.
- *
- * @author TLenz
- * @param dateTime - ...
- * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}
- * @return List of certificates with the selected properties
- */
- ArrayList<File> getQualifiedCACertificates(Date dateTime, String[] serviceLevelStatus)
- throws TSLEngineDiedException, TSLSearchException;
-
- /**
- * Get a list of certificates form the local TSL database with the selected properties.
- *
- * @author TLenz
- * @param dateTime - ...
- * @param countries - String Array of countrie codes. For example new Sting[]{"AT","IT","BE"}
- * @param serviceLevelStatus - String Array of ServiceLevelStatus. For example new String[]{"accredited","undersupervision"}
- * @return List of certificates with the selected properties
- */
- ArrayList<File> getQualifiedCACertificates(Date dateTime, String[] countries, String[] serviceLevelStatus)
- throws TSLEngineDiedException, TSLSearchException;
-
-}
|