diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java')
| -rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java | 1943 |
1 files changed, 929 insertions, 1014 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 3c00232..41b0c29 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -20,22 +20,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; -import iaik.asn1.structures.Name; -//import iaik.ixsil.exceptions.URIException; -//import iaik.ixsil.util.URI; -import iaik.pki.pathvalidation.ChainingModes; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.server.modules.xml.BlackListEntry; -import iaik.server.modules.xml.ExternalReferenceChecker; -import iaik.server.modules.xml.WhiteListEntry; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; -import iaik.xml.crypto.utils.URI; -import iaik.xml.crypto.utils.URIException; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -70,14 +56,25 @@ import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.Constants; import at.gv.egovernment.moaspss.util.DOMUtils; -import at.gv.egovernment.moaspss.util.FileUtils; import at.gv.egovernment.moaspss.util.MiscUtil; import at.gv.egovernment.moaspss.util.StringUtils; import at.gv.egovernment.moaspss.util.XPathUtils; +import iaik.asn1.structures.Name; +//import iaik.ixsil.exceptions.URIException; +//import iaik.ixsil.util.URI; +import iaik.pki.pathvalidation.ChainingModes; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.server.modules.xml.BlackListEntry; +import iaik.server.modules.xml.ExternalReferenceChecker; +import iaik.server.modules.xml.WhiteListEntry; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; +import iaik.xml.crypto.utils.URI; +import iaik.xml.crypto.utils.URIException; /** * A class that builds configuration data from a DOM based representation. - * + * * @author Patrick Peck * @version $Id$ */ @@ -102,271 +99,274 @@ public class ConfigurationPartsBuilder { // private static final String ROOT = "/" + CONF + "MOAConfiguration/"; - + private static final String PDFAS_CONFIGURATION_XPATH = - ROOT + CONF + "Common/" + CONF + "PDFASConfig"; - + ROOT + CONF + "Common/" + CONF + "PDFASConfig"; + private static final String FORMRESULT_CONFIGURATION_XPATH = - ROOT + CONF + "Common/" + CONF + "AdESFormResult"; - + ROOT + CONF + "Common/" + CONF + "AdESFormResult"; + private static final String DIGEST_METHOD_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "XMLDSig/" - + CONF + "DigestMethodAlgorithm"; + ROOT + CONF + "SignatureCreation/" + + CONF + "XMLDSig/" + + CONF + "DigestMethodAlgorithm"; private static final String XADES_VERSION_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "XAdES/" - + CONF + "Version"; + ROOT + CONF + "SignatureCreation/" + + CONF + "XAdES/" + + CONF + "Version"; private static final String C14N_ALGORITHM_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "XMLDSig/" - + CONF + "CanonicalizationAlgorithm"; + ROOT + CONF + "SignatureCreation/" + + CONF + "XMLDSig/" + + CONF + "CanonicalizationAlgorithm"; private static final String HARDWARE_CRYPTO_MODULE_XPATH = - ROOT + CONF + "Common/" - + CONF + "HardwareCryptoModule"; + ROOT + CONF + "Common/" + + CONF + "HardwareCryptoModule"; private static final String PERMIT_EXTERNAL_URIS_XPATH = - ROOT + CONF + "Common/" - + CONF + "PermitExternalUris"; + ROOT + CONF + "Common/" + + CONF + "PermitExternalUris"; private static final String BLACK_LIST_URIS_XPATH = - ROOT + CONF + "Common/" - + CONF + "PermitExternalUris/" - + CONF + "BlackListUri"; + ROOT + CONF + "Common/" + + CONF + "PermitExternalUris/" + + CONF + "BlackListUri"; private static final String FORBID_EXTERNAL_URIS_XPATH = - ROOT + CONF + "Common/" - + CONF + "ForbidExternalUris"; + ROOT + CONF + "Common/" + + CONF + "ForbidExternalUris"; private static final String WHITE_LIST_URIS_XPATH = - ROOT + CONF + "Common/" - + CONF + "ForbidExternalUris/" - + CONF + "WhiteListUri"; - + ROOT + CONF + "Common/" + + CONF + "ForbidExternalUris/" + + CONF + "WhiteListUri"; + private static final String HARDWARE_KEY_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyModules/" - + CONF + "HardwareKeyModule"; + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyModules/" + + CONF + "HardwareKeyModule"; private static final String SOFTWARE_KEY_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyModules/" - + CONF + "SoftwareKeyModule"; - private static final String KEYGROUP_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyGroup"; + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyModules/" + + CONF + "SoftwareKeyModule"; + private static final String KEYGROUP_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyGroup"; private static final String KEYGROUP_MAPPING_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyGroupMapping"; - private static final String ISSUER_XPATH = - DSIG + "X509IssuerName"; - private static final String SERIAL_XPATH = - DSIG + "X509SerialNumber"; + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyGroupMapping"; + private static final String ISSUER_XPATH = + DSIG + "X509IssuerName"; + private static final String SERIAL_XPATH = + DSIG + "X509SerialNumber"; private static final String CERTSTORE_LOCATION_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "CertificateStore/" - + CONF + "DirectoryStore/" - + CONF + "Location"; - private static final String AUTO_ADD_CERTIFICATES_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "AutoAddCertificates"; - - private static final String AUTO_ADD_EE_CERTIFICATES_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "AutoAddEECertificates"; - + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "CertificateStore/" + + CONF + "DirectoryStore/" + + CONF + "Location"; + private static final String AUTO_ADD_CERTIFICATES_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "AutoAddCertificates"; + + private static final String AUTO_ADD_EE_CERTIFICATES_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "AutoAddEECertificates"; + private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "UseAuthorityInformationAccess"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "UseAuthorityInformationAccess"; private static final String CHAINING_MODES_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathValidation/" - + CONF + "ChainingMode"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathValidation/" + + CONF + "ChainingMode"; private static final String CHAINING_MODES_DEFAULT_XPATH = - CHAINING_MODES_XPATH + "/" - + CONF + "DefaultMode"; + CHAINING_MODES_XPATH + "/" + + CONF + "DefaultMode"; private static final String TRUST_ANCHOR_XPATH = - CHAINING_MODES_XPATH + "/" - + CONF + "TrustAnchor"; + CHAINING_MODES_XPATH + "/" + + CONF + "TrustAnchor"; private static final String TRUST_PROFILE_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathValidation/" - + CONF + "TrustProfile"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathValidation/" + + CONF + "TrustProfile"; private static final String DISTRIBUTION_POINTS_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "DistributionPoint"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "DistributionPoint"; private static final String CRL_RETENTION_INTERVALS_CA_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "CrlRetentionIntervals/" - + CONF + "CA"; - private static final String ENABLE_REVOCATION_CHECKING_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "EnableChecking"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "CrlRetentionIntervals/" + + CONF + "CA"; + private static final String ENABLE_REVOCATION_CHECKING_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "EnableChecking"; private static final String MAX_REVOCATION_AGE_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "MaxRevocationAge"; - private static final String REVOCATION_SERVICEORDER_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "ServiceOrder/" - + CONF + "Service"; - private static final String ENABLE_ARCHIVING_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "EnableArchiving"; - private static final String CRL_ARCHIVE_DURATION_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "ArchiveDuration"; - private static final String ACHIVE_JDBC_URL_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "Archive/" - + CONF + "DatabaseArchive/" - + CONF + "JDBCURL"; - private static final String ACHIVE_JDBC_DRIVER_CLASS_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "Archive/" - + CONF + "DatabaseArchive/" - + CONF + "JDBCDriverClassName"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "MaxRevocationAge"; + private static final String REVOCATION_SERVICEORDER_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "ServiceOrder/" + + CONF + "Service"; + private static final String ENABLE_ARCHIVING_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "EnableArchiving"; + private static final String CRL_ARCHIVE_DURATION_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "ArchiveDuration"; + private static final String ACHIVE_JDBC_URL_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "Archive/" + + CONF + "DatabaseArchive/" + + CONF + "JDBCURL"; + private static final String ACHIVE_JDBC_DRIVER_CLASS_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "Archive/" + + CONF + "DatabaseArchive/" + + CONF + "JDBCDriverClassName"; private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "CreateTransformsInfoProfile"; + ROOT + CONF + "SignatureCreation/" + + CONF + "CreateTransformsInfoProfile"; private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "CreateSignatureEnvironmentProfile"; + ROOT + CONF + "SignatureCreation/" + + CONF + "CreateSignatureEnvironmentProfile"; private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "VerifyTransformsInfoProfile"; + ROOT + CONF + "SignatureVerification/" + + CONF + "VerifyTransformsInfoProfile"; private static final String SUPPLEMENT_PROFILE_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "SupplementProfile"; + ROOT + CONF + "SignatureVerification/" + + CONF + "SupplementProfile"; private static final String PERMIT_FILE_URIS_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "PermitFileURIs"; - + ROOT + CONF + "SignatureVerification/" + + CONF + "PermitFileURIs"; + private static final String CONNECTION_TIMEOUT_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "ConnectionTimeout"; - + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "ConnectionTimeout"; + private static final String READ_TIMEOUT_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "ReadTimeout"; - - private static final String TSL_CONFIGURATION_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "TSLConfiguration/"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "ReadTimeout"; + + private static final String TSL_CONFIGURATION_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "TSLConfiguration/"; // - // default values for configuration parameters + // default values for configuration parameters // /** The accepted canonicalization algorithm URIs, as an array */ private static final String[] ACCEPTED_C14N_ALGORITHMS_ARRAY = - { - Constants.C14N_URI, - Constants.C14N_WITH_COMMENTS_URI, - Constants.EXC_C14N_URI, - Constants.EXC_C14N_WITH_COMMENTS_URI }; + { + Constants.C14N_URI, + Constants.C14N_WITH_COMMENTS_URI, + Constants.EXC_C14N_URI, + Constants.EXC_C14N_WITH_COMMENTS_URI }; /** The accepted canonicalization algorithm URIs, as a Set */ private static final Set ACCEPTED_C14N_ALGORITHMS = - new HashSet(Arrays.asList(ACCEPTED_C14N_ALGORITHMS_ARRAY)); + new HashSet(Arrays.asList(ACCEPTED_C14N_ALGORITHMS_ARRAY)); /** Default canonicalization algorithm, if none/illegal has been configured */ private static final String C14N_ALGORITHM_DEFAULT = Constants.C14N_URI; /** The accepted digest method algorithm URIs, as an array */ private static final String[] ACCEPTED_DIGEST_ALGORITHMS_ARRAY = - { Constants.SHA1_URI, - Constants.SHA256_URI, - Constants.SHA384_URI, - Constants.SHA512_URI}; + { Constants.SHA1_URI, + Constants.SHA256_URI, + Constants.SHA384_URI, + Constants.SHA512_URI }; /** The accepted digest method algorithm URIs, as a Set */ private static final Set ACCEPTED_DIGEST_ALGORITHMS = - new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY)); - - - /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.1.1) */ + new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY)); + + /** + * Default digest algorithm URI, if none/illegal has been configured (for XAdES + * 1.1.1) + */ private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 = Constants.SHA1_URI; - - /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.4.2) */ + + /** + * Default digest algorithm URI, if none/illegal has been configured (for XAdES + * 1.4.2) + */ private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 = Constants.SHA256_URI; - + /** The root element of the MOA configuration */ - private Element configElem; - + private final Element configElem; + /** * The directory containing the underlying configuration file. */ - private File configRoot_; + private final File configRoot_; /** Whether any warnings were encountered building the configuration. */ - private List warnings = new ArrayList(); + private final List warnings = new ArrayList(); /** * Create a new <code>ConfigurationPartsBuilder</code>. - * + * * @param configElem The root element of the MOA configuration. - * + * * @param configRoot The directory containing the underlying configuration file. */ - public ConfigurationPartsBuilder(Element configElem, File configRoot) - { + public ConfigurationPartsBuilder(Element configElem, File configRoot) { this.configElem = configElem; configRoot_ = configRoot; } /** - * Returns the root element of the MOA configuration. - * + * Returns the root element of the MOA configuration. + * * @return The root element of the MOA configuration. */ public Element getConfigElem() { return configElem; } - - /** + + /** * Returns the directory containing the underlying configuration file. - * + * * @return the directory containing the underlying configuration file. */ - public File getConfigRoot() - { + public File getConfigRoot() { return configRoot_; } /** * Returns the warnings encountered during building the configuration. - * - * @return A <code>List</code> of <code>String</code>s, containing the - * warning messages. + * + * @return A <code>List</code> of <code>String</code>s, containing the warning + * messages. */ public List getWarnings() { return warnings; @@ -374,124 +374,114 @@ public class ConfigurationPartsBuilder { /** * Returns the digest method algorithm name. - * + * * @return The digest method algorithm name from the configuration. */ - public String getDigestMethodAlgorithmName() - { + public String getDigestMethodAlgorithmName() { String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null); - - if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) - { - String xadesVersion = this.getXAdESVersion(); - if (xadesVersion == null) { - info( - "config.23", - new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 }); - digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1; - } - else { - info( - "config.23", - new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 }); - digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2; - } - - + + if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) { + final String xadesVersion = this.getXAdESVersion(); + if (xadesVersion == null) { + info( + "config.23", + new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 }); + digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1; + } else { + info( + "config.23", + new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 }); + digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2; + } + } return digestMethod; } - + /** * Returns the digest method algorithm name. - * + * * @return The digest method algorithm name from the configuration. */ - public String getXAdESVersion() - { - String xadesVersion = getElementValue(getConfigElem(), XADES_VERSION_XPATH, null); - + public String getXAdESVersion() { + final String xadesVersion = getElementValue(getConfigElem(), XADES_VERSION_XPATH, null); + return xadesVersion; } - + /** * Returns the digest method algorithm name. - * + * * @return The digest method algorithm name from the configuration. */ - public String getPDFASConfiguration() - { - String pdfasConfiguration = getElementValue(getConfigElem(), PDFAS_CONFIGURATION_XPATH, null); - + public String getPDFASConfiguration() { + final String pdfasConfiguration = getElementValue(getConfigElem(), PDFAS_CONFIGURATION_XPATH, null); + return pdfasConfiguration; } - + /** * Returns the digest method algorithm name. - * + * * @return The digest method algorithm name from the configuration. */ - public int getConnectionTimeout() - { - String connectionTimeout = getElementValue(getConfigElem(), CONNECTION_TIMEOUT_XPATH_, "30"); + public int getConnectionTimeout() { + final String connectionTimeout = getElementValue(getConfigElem(), CONNECTION_TIMEOUT_XPATH_, "30"); int defaultConnectionTimeout = 30; - - if(connectionTimeout != null) { - try { - defaultConnectionTimeout = Integer.parseInt(connectionTimeout); - } catch(NumberFormatException e) { - Logger.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); - } + + if (connectionTimeout != null) { + try { + defaultConnectionTimeout = Integer.parseInt(connectionTimeout); + } catch (final NumberFormatException e) { + Logger.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + + " should be a number defaulting to 30"); + } } - - if(defaultConnectionTimeout < 0) { - defaultConnectionTimeout = 30; + + if (defaultConnectionTimeout < 0) { + defaultConnectionTimeout = 30; } - + return defaultConnectionTimeout * 1000; } - - public int getReadTimeout() - { - String connectionTimeout = getElementValue(getConfigElem(), READ_TIMEOUT_XPATH_, "30"); + + public int getReadTimeout() { + final String connectionTimeout = getElementValue(getConfigElem(), READ_TIMEOUT_XPATH_, "30"); int defaultConnectionTimeout = 30; - - if(connectionTimeout != null) { - try { - defaultConnectionTimeout = Integer.parseInt(connectionTimeout); - } catch(NumberFormatException e) { - Logger.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); - } + + if (connectionTimeout != null) { + try { + defaultConnectionTimeout = Integer.parseInt(connectionTimeout); + } catch (final NumberFormatException e) { + Logger.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); + } } - - if(defaultConnectionTimeout < 0) { - defaultConnectionTimeout = 30; + + if (defaultConnectionTimeout < 0) { + defaultConnectionTimeout = 30; } - + return defaultConnectionTimeout * 1000; } - - public boolean getAdesFormResult() - { - String enableArchiving = getElementValue(getConfigElem(), FORMRESULT_CONFIGURATION_XPATH, null); - return Boolean.valueOf(enableArchiving).booleanValue(); + + public boolean getAdesFormResult() { + final String enableArchiving = getElementValue(getConfigElem(), FORMRESULT_CONFIGURATION_XPATH, null); + return Boolean.valueOf(enableArchiving).booleanValue(); } - + /** * Returns the canonicalization algorithm name. - * + * * @return The canonicalization algorithm name from the configuration. */ - public String getCanonicalizationAlgorithmName() - { + public String getCanonicalizationAlgorithmName() { String c14nAlgorithm = getElementValue(getConfigElem(), C14N_ALGORITHM_XPATH, null); - if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) - { + if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) { info( - "config.23", - new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT }); + "config.23", + new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT }); c14nAlgorithm = C14N_ALGORITHM_DEFAULT; } @@ -500,189 +490,172 @@ public class ConfigurationPartsBuilder { /** * Build the configured hardware crypto modules. - * + * * @return The hardware crypto modules from the configuration. */ - public List buildHardwareCryptoModules() - { - List modules = new ArrayList(); - NodeIterator modIter = XPathUtils.selectNodeIterator( - getConfigElem(), - HARDWARE_CRYPTO_MODULE_XPATH); + public List buildHardwareCryptoModules() { + final List modules = new ArrayList(); + final NodeIterator modIter = XPathUtils.selectNodeIterator( + getConfigElem(), + HARDWARE_CRYPTO_MODULE_XPATH); Element modElem; while ((modElem = (Element) modIter.nextNode()) != null) { - String name = getElementValue(modElem, CONF + "Name", null); - String slotId = getElementValue(modElem, CONF + "SlotId", null); - String userPIN = getElementValue(modElem, CONF + "UserPIN", null); - HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN); + final String name = getElementValue(modElem, CONF + "Name", null); + final String slotId = getElementValue(modElem, CONF + "SlotId", null); + final String userPIN = getElementValue(modElem, CONF + "UserPIN", null); + final HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN); modules.add(module); } return modules; } - + /** - * + * * @return */ public boolean allowExternalUris() { - Element permitExtUris = (Element)XPathUtils.selectSingleNode(getConfigElem(), PERMIT_EXTERNAL_URIS_XPATH); - - // if PermitExternalUris element does not exist - don't allow external uris - if (permitExtUris == null) { - // set permitExtUris for iaik-moa - ExternalReferenceChecker.setPermitExternalURLs(false); - return false; - } - else { - // set permitExtUris for iaik-moa - ExternalReferenceChecker.setPermitExternalURLs(true); - return true; - } + final Element permitExtUris = (Element) XPathUtils.selectSingleNode(getConfigElem(), + PERMIT_EXTERNAL_URIS_XPATH); + + // if PermitExternalUris element does not exist - don't allow external uris + if (permitExtUris == null) { + // set permitExtUris for iaik-moa + ExternalReferenceChecker.setPermitExternalURLs(false); + return false; + } else { + // set permitExtUris for iaik-moa + ExternalReferenceChecker.setPermitExternalURLs(true); + return true; + } } - - + /** - * + * * @return */ public List buildPermitExternalUris() { - - info("config.33", null); - - List blacklist = new ArrayList(); - List blackListIaikMoa = new ArrayList(); - - NodeIterator permitExtIter = XPathUtils.selectNodeIterator( - getConfigElem(), - BLACK_LIST_URIS_XPATH); - - Element permitExtElem = null; - while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) { - String host = getElementValue(permitExtElem, CONF + "IP", null); - String port = getElementValue(permitExtElem, CONF + "Port", null); - - BlackListEntry entry =null; - if (port == null) { - entry = new BlackListEntry(host, -1); - info("config.34", new Object[]{host}); - } - else { - entry = new BlackListEntry(host, new Integer(port).intValue()); - info("config.34", new Object[]{host + ":" + port}); - } - - // add entry to iaik-moa blacklist - blackListIaikMoa.add(entry); - - - String array[] = new String[2]; - array[0] = host; - array[1] = port; - blacklist.add(array); - - } - - - // set blacklist for iaik-moa - ExternalReferenceChecker.setBlacklist(blackListIaikMoa); - - - if(blacklist.isEmpty()) // no blacklisted uris given - info("config.36", null); - - - return blacklist; + + info("config.33", null); + + final List blacklist = new ArrayList(); + final List blackListIaikMoa = new ArrayList(); + + final NodeIterator permitExtIter = XPathUtils.selectNodeIterator( + getConfigElem(), + BLACK_LIST_URIS_XPATH); + + Element permitExtElem = null; + while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) { + final String host = getElementValue(permitExtElem, CONF + "IP", null); + final String port = getElementValue(permitExtElem, CONF + "Port", null); + + BlackListEntry entry = null; + if (port == null) { + entry = new BlackListEntry(host, -1); + info("config.34", new Object[] { host }); + } else { + entry = new BlackListEntry(host, new Integer(port).intValue()); + info("config.34", new Object[] { host + ":" + port }); + } + + // add entry to iaik-moa blacklist + blackListIaikMoa.add(entry); + + final String array[] = new String[2]; + array[0] = host; + array[1] = port; + blacklist.add(array); + + } + + // set blacklist for iaik-moa + ExternalReferenceChecker.setBlacklist(blackListIaikMoa); + + if (blacklist.isEmpty()) { + info("config.36", null); + } + + return blacklist; } - + /** - * + * * @return */ public List buildForbidExternalUris() { - - //info("config.47", null); - - List whitelist = new ArrayList(); - List whiteListIaikMoa = new ArrayList(); - - NodeIterator forbidExtIter = XPathUtils.selectNodeIterator( - getConfigElem(), - WHITE_LIST_URIS_XPATH); - - Element permitExtElem = null; - while ((permitExtElem = (Element) forbidExtIter.nextNode()) != null) { - String host = getElementValue(permitExtElem, CONF + "IP", null); - String port = getElementValue(permitExtElem, CONF + "Port", null); - - // WhiteListeEntry - WhiteListEntry entry =null; - if (port == null) { - entry = new WhiteListEntry(host, -1); - info("config.49", new Object[]{host}); + + // info("config.47", null); + + final List whitelist = new ArrayList(); + final List whiteListIaikMoa = new ArrayList(); + + final NodeIterator forbidExtIter = XPathUtils.selectNodeIterator( + getConfigElem(), + WHITE_LIST_URIS_XPATH); + + Element permitExtElem = null; + while ((permitExtElem = (Element) forbidExtIter.nextNode()) != null) { + final String host = getElementValue(permitExtElem, CONF + "IP", null); + final String port = getElementValue(permitExtElem, CONF + "Port", null); + + // WhiteListeEntry + WhiteListEntry entry = null; + if (port == null) { + entry = new WhiteListEntry(host, -1); + info("config.49", new Object[] { host }); + } else { + entry = new WhiteListEntry(host, new Integer(port).intValue()); + info("config.49", new Object[] { host + ":" + port }); } - else { - entry = new WhiteListEntry(host, new Integer(port).intValue()); - info("config.49", new Object[]{host + ":" + port}); - } - - // add entry to iaik-moa whitelist - whiteListIaikMoa.add(entry); - - - String array[] = new String[2]; - array[0] = host; - array[1] = port; - whitelist.add(array); - - } - - - // set whitelist for iaik-moa - ExternalReferenceChecker.setWhitelist(whiteListIaikMoa); - - - if(whitelist.isEmpty()) // no whitelisted uris given - info("config.48", null); - - - return whitelist; + + // add entry to iaik-moa whitelist + whiteListIaikMoa.add(entry); + + final String array[] = new String[2]; + array[0] = host; + array[1] = port; + whitelist.add(array); + + } + + // set whitelist for iaik-moa + ExternalReferenceChecker.setWhitelist(whiteListIaikMoa); + + if (whitelist.isEmpty()) { + info("config.48", null); + } + + return whitelist; } - - /** - * Build the configured hardware keys. - * - * @param keyModules The keyModules that the configuration already knows about. To - * prevent multiple key modules with the same ID. + * Build the configured hardware keys. + * + * @param keyModules The keyModules that the configuration already knows about. + * To prevent multiple key modules with the same ID. * @return The hardware keys contained in the configuration. */ - public List buildHardwareKeyModules(List keyModules) - { - Set existingIds = toIdSet(keyModules); - List hardwareKeys = new ArrayList(); - NodeIterator hkIter = - XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH); + public List buildHardwareKeyModules(List keyModules) { + final Set existingIds = toIdSet(keyModules); + final List hardwareKeys = new ArrayList(); + final NodeIterator hkIter = + XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH); Element keyElem; - while ((keyElem = (Element) hkIter.nextNode()) != null) - { - String id = getElementValue(keyElem, CONF + "Id", null); - String name = getElementValue(keyElem, CONF + "Name", null); - String slotId = getElementValue(keyElem, CONF + "SlotId", null); - String userPIN = getElementValue(keyElem, CONF + "UserPIN", null); + while ((keyElem = (Element) hkIter.nextNode()) != null) { + final String id = getElementValue(keyElem, CONF + "Id", null); + final String name = getElementValue(keyElem, CONF + "Name", null); + final String slotId = getElementValue(keyElem, CONF + "SlotId", null); + final String userPIN = getElementValue(keyElem, CONF + "UserPIN", null); - if (existingIds.contains(id)) - { + if (existingIds.contains(id)) { warn( - "config.04", - new Object[] { "Hardware- oder SoftwareKeyModule", id }); - } - else - { - KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN); + "config.04", + new Object[] { "Hardware- oder SoftwareKeyModule", id }); + } else { + final KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN); hardwareKeys.add(key); existingIds.add(id); } @@ -694,34 +667,29 @@ public class ConfigurationPartsBuilder { /** * Build the configured software keys. - * - * @param keyModules The keyModules that the configuration already knows about. To - * prevent multiple key modules with the same ID. + * + * @param keyModules The keyModules that the configuration already knows about. + * To prevent multiple key modules with the same ID. * * @return The software keys contained in the configuration. */ - public List buildSoftwareKeyModules(List keyModules) - { - Set existingIds = toIdSet(keyModules); - List softwareKeys = new ArrayList(); - NodeIterator skIter = - XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH); + public List buildSoftwareKeyModules(List keyModules) { + final Set existingIds = toIdSet(keyModules); + final List softwareKeys = new ArrayList(); + final NodeIterator skIter = + XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH); Element keyElem; - while ((keyElem = (Element) skIter.nextNode()) != null) - { - String id = getElementValue(keyElem, CONF + "Id", null); - String fileName = getElementValue(keyElem, CONF + "FileName", null); - String passWord = getElementValue(keyElem, CONF + "Password", null); + while ((keyElem = (Element) skIter.nextNode()) != null) { + final String id = getElementValue(keyElem, CONF + "Id", null); + final String fileName = getElementValue(keyElem, CONF + "FileName", null); + final String passWord = getElementValue(keyElem, CONF + "Password", null); - if (existingIds.contains(id)) - { + if (existingIds.contains(id)) { warn( - "config.04", - new Object[] { "Hardware- oder SoftwareKeyModule", id }); - } - else - { + "config.04", + new Object[] { "Hardware- oder SoftwareKeyModule", id }); + } else { File keyFile; KeyModule key; @@ -733,7 +701,7 @@ public class ConfigurationPartsBuilder { // check for existence if (!keyFile.exists() || keyFile.isDirectory()) { - warn("config.25", new Object[] { id, keyFile.getAbsolutePath()}); + warn("config.25", new Object[] { id, keyFile.getAbsolutePath() }); } else { // create a new key module key = new SoftwareKeyModule(id, keyFile.getAbsolutePath(), passWord); @@ -748,39 +716,36 @@ public class ConfigurationPartsBuilder { /** * Build the key group configuration. - * - * @param keyModules The <code>KeyModule</code>s that the configuration - * knows about. Used to check for errors in the configuration. + * + * @param keyModules The <code>KeyModule</code>s that the configuration knows + * about. Used to check for errors in the configuration. * @return The mapping between key group IDs and key groups. */ - public Map buildKeyGroups(List keyModules) - { - Set keyModuleIds = toIdSet(keyModules); - Map keyGroups = new HashMap(); + public Map buildKeyGroups(List keyModules) { + final Set keyModuleIds = toIdSet(keyModules); + final Map keyGroups = new HashMap(); NodeIterator kgIter; Element keyGroupElem; // select all KeyGroup elements and build the KeyGroup objects from them kgIter = XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_XPATH); - while ((keyGroupElem = (Element) kgIter.nextNode()) != null) - { + while ((keyGroupElem = (Element) kgIter.nextNode()) != null) { String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null); - //switch all keyGroupIds to lower case, only - if (MiscUtil.isNotEmpty(keyGroupId)) - keyGroupId = keyGroupId.trim().toLowerCase(); - - String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null); - Set keyGroupEntries = - buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); - KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm); + // switch all keyGroupIds to lower case, only + if (MiscUtil.isNotEmpty(keyGroupId)) { + keyGroupId = keyGroupId.trim().toLowerCase(); + } - if (keyGroups.containsKey(keyGroupId)) - { + final String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + + "DigestMethodAlgorithm", null); + final Set keyGroupEntries = + buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); + final KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm); + + if (keyGroups.containsKey(keyGroupId)) { warn("config.04", new Object[] { "KeyGroup", keyGroupId }); - } - else - { + } else { keyGroups.put(keyGroup.getId(), keyGroup); } } @@ -790,17 +755,16 @@ public class ConfigurationPartsBuilder { /** * Return the set of IDs contained in the given <code>KeyModule</code>s. - * - * @param keyModules The <code>KeyModule</code>s from which to extract the - * IDs. + * + * @param keyModules The <code>KeyModule</code>s from which to extract the IDs. * @return The IDs from the given <code>KeyModule</code>s. */ private Set toIdSet(List keyModules) { - Set ids = new HashSet(); + final Set ids = new HashSet(); Iterator iter; for (iter = keyModules.iterator(); iter.hasNext();) { - KeyModule keyModule = (KeyModule) iter.next(); + final KeyModule keyModule = (KeyModule) iter.next(); ids.add(keyModule.getId()); } @@ -809,35 +773,36 @@ public class ConfigurationPartsBuilder { /** * Build the key entries belonging to a key group. - * - * @param keyGroupId The ID of the key group we are building here. Passed - * for logging purposes. + * + * @param keyGroupId The ID of the key group we are building here. Passed for + * logging purposes. * @param keyModuleIds The IDs of the <code>HardwareKeyModule</code>s and - * <code>SoftwareKeyModule</code>s that exist in the configuration. + * <code>SoftwareKeyModule</code>s that exist in the + * configuration. * @param keyGroupElem The <code>KeyGroup</code> DOM element to parse. * @return A <code>Set</code> of <code>KeyGroupEntry</code> objects. */ private Set buildKeyGroupEntries( - String keyGroupId, - Set keyModuleIds, - Element keyGroupElem) { + String keyGroupId, + Set keyModuleIds, + Element keyGroupElem) { - Set entries = new HashSet(); + final Set entries = new HashSet(); NodeIterator keyEntryIter; Element keyEntryElem; // select all Key elements and put them into the Map keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, CONF + "Key"); - while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) - { - String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", ""); - Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + "KeyCertIssuerSerial"); - IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem); + while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) { + final String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", ""); + final Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + + "KeyCertIssuerSerial"); + final IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem); if (!keyModuleIds.contains(keyModuleId)) { warn("config.26", new Object[] { keyGroupId, keyModuleId }); } else if (issuerSerial != null) { - KeyGroupEntry entry = new KeyGroupEntry(keyModuleId, issuerSerial); + final KeyGroupEntry entry = new KeyGroupEntry(keyModuleId, issuerSerial); entries.add(entry); } } @@ -846,34 +811,31 @@ public class ConfigurationPartsBuilder { /** * Build the key group mapping. - * + * * @param keyGroups The available key groups. * @param anonymous The <code>IssuerAndSerial</code> to be used for key group - * mappings not protected by a certificate. + * mappings not protected by a certificate. * @return The key group mapping. */ public Map buildKeyGroupMappings(Map keyGroups, IssuerAndSerial anonymous) { - Map mappings = new HashMap(); + final Map mappings = new HashMap(); NodeIterator mappingIter; Element mappingElem; // select all KeyGroupMapping elements mappingIter = - XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH); + XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH); // build the mapping for each KeyGroupMapping element - while ((mappingElem = (Element) mappingIter.nextNode()) != null) - { - Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + "CustomerId"); + while ((mappingElem = (Element) mappingIter.nextNode()) != null) { + final Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + + "CustomerId"); // build the IssuerAndSerial who has access to the key groups IssuerAndSerial issuerAndSerial; - if (issuerSerialElem != null) - { + if (issuerSerialElem != null) { issuerAndSerial = buildIssuerAndSerial(issuerSerialElem); - } - else - { + } else { // IssuerSerial element: the keygroup is generally available issuerAndSerial = anonymous; } @@ -884,8 +846,7 @@ public class ConfigurationPartsBuilder { NodeIterator keyGroupIter; Element keyGroupElem; - if (groups == null) - { + if (groups == null) { // no mapping exist -> build one groups = new HashMap(); mappings.put(issuerAndSerial, groups); @@ -893,16 +854,13 @@ public class ConfigurationPartsBuilder { // select the available key groups and add them to the mapping keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId"); - while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) - { - String keyGroupId = getElementValue(keyGroupElem, ".", null); - KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); - - if (keyGroup != null) - { + while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) { + final String keyGroupId = getElementValue(keyGroupElem, ".", null); + final KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); + + if (keyGroup != null) { groups.put(keyGroupId, keyGroup); - } else - { + } else { warn("config.00", new Object[] { keyGroupId }); } } @@ -914,15 +872,14 @@ public class ConfigurationPartsBuilder { /** * Returns the default chaining mode from the configuration. - * + * * @return The default chaining mode. */ - public String getDefaultChainingMode() - { - String defaultChaining = getElementValue( - getConfigElem(), - CHAINING_MODES_DEFAULT_XPATH, - CM_PKIX); + public String getDefaultChainingMode() { + final String defaultChaining = getElementValue( + getConfigElem(), + CHAINING_MODES_DEFAULT_XPATH, + CM_PKIX); return translateChainingMode(defaultChaining); @@ -930,23 +887,20 @@ public class ConfigurationPartsBuilder { /** * Build the chaining modes for all configured trust anchors. - * + * * @return The mapping from trust anchors to chaining modes. */ - public Map buildChainingModes() - { - Map chainingModes = new HashMap(); - NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); + public Map buildChainingModes() { + final Map chainingModes = new HashMap(); + final NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); Element trustAnchorElem; - while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) - { - IssuerAndSerial issuerAndSerial = buildIssuerAndSerial( - (Element)XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification")); - String mode = getElementValue(trustAnchorElem, CONF + "Mode", null); + while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { + final IssuerAndSerial issuerAndSerial = buildIssuerAndSerial( + (Element) XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification")); + final String mode = getElementValue(trustAnchorElem, CONF + "Mode", null); - if (issuerAndSerial != null) - { + if (issuerAndSerial != null) { chainingModes.put(issuerAndSerial, translateChainingMode(mode)); } } @@ -956,26 +910,26 @@ public class ConfigurationPartsBuilder { /** * Build an <code>IssuerAndSerial</code> from the DOM representation. - * + * * @param root The root element (being of type <code>dsig: * X509IssuerSerialType</code>. * @return The issuer and serial number contained in the <code>root</code> - * element or <code>null</code> if could not be built for any reason. + * element or <code>null</code> if could not be built for any reason. */ private IssuerAndSerial buildIssuerAndSerial(Element root) { - String issuer = getElementValue(root, ISSUER_XPATH, null); - String serial = getElementValue(root, SERIAL_XPATH, null); + final String issuer = getElementValue(root, ISSUER_XPATH, null); + final String serial = getElementValue(root, SERIAL_XPATH, null); if (issuer != null && serial != null) { try { - RFC2253NameParser nameParser = new RFC2253NameParser(issuer); - Principal issuerDN = nameParser.parse(); + final RFC2253NameParser nameParser = new RFC2253NameParser(issuer); + final Principal issuerDN = nameParser.parse(); return new IssuerAndSerial(issuerDN, new BigInteger(serial)); - } catch (RFC2253NameParserException e) { + } catch (final RFC2253NameParserException e) { warn("config.16", new Object[] { issuer, serial }, e); return null; - } catch (NumberFormatException e) { + } catch (final NumberFormatException e) { warn("config.16", new Object[] { issuer, serial }, e); return null; } @@ -986,10 +940,10 @@ public class ConfigurationPartsBuilder { /** * Translate the chaining mode from the configuration file to one used in the * IAIK MOA API. - * + * * @param chainingMode The chaining mode from the configuration. * @return The chaining mode as provided by the <code>ChainingModes</code> - * interface. + * interface. * @see iaik.pki.pathvalidation.ChainingModes */ private String translateChainingMode(String chainingMode) { @@ -1004,55 +958,50 @@ public class ConfigurationPartsBuilder { /** * Build the distribution points mapping. - * + * * @return The mapping from certificate authorities to distribution points. */ - public Map buildDistributionPoints() - { - Map dPs = new HashMap(); + public Map buildDistributionPoints() { + final Map dPs = new HashMap(); NodeIterator dPIter; Element dPElem; - // select all DistributionPoint elements + // select all DistributionPoint elements dPIter = XPathUtils.selectNodeIterator(getConfigElem(), DISTRIBUTION_POINTS_XPATH); - // build the mapping of CA name to distribution points + // build the mapping of CA name to distribution points while ((dPElem = (Element) dPIter.nextNode()) != null) { - String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", ""); - RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText); - NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP"); - NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP"); + final String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", ""); + final RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText); + final NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP"); + final NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP"); - try - { - String caIssuerDN = nameParser.parse().getName(); + try { + final String caIssuerDN = nameParser.parse().getName(); - // check, if a mapping exists or make a new mapping + // check, if a mapping exists or make a new mapping Set dPsForCA = (Set) dPs.get(caIssuerDN); - if (dPsForCA == null) - { + if (dPsForCA == null) { dPsForCA = new HashSet(); dPs.put(caIssuerDN, dPsForCA); } // add the CRL distribution points of this CA to the set Element cRLDPElem; - while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null) - { - CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, caIssuerDN); + while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null) { + final CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, + caIssuerDN); dPsForCA.add(cRLDP); } // add the OCSP distribution points of this CA to the set Element oCSPPElem; - while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null) - { - OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(oCSPPElem, null); + while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null) { + final OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(oCSPPElem, + null); dPsForCA.add(oCSPDP); } -} - catch (RFC2253NameParserException e) - { + } catch (final RFC2253NameParserException e) { warn("config.13", new Object[] { caIssuerDNText }, e); } @@ -1063,143 +1012,126 @@ public class ConfigurationPartsBuilder { /** * Build a distribution point from the DOM representation. - * - * @param dpElem The root element of the distribution point. - * - * @param issuerName The name of the CA issuing the CRL referred to by this DP, or <code>null</code> - * if this DP refers to an OCSP responder. - * + * + * @param dpElem The root element of the distribution point. + * + * @param issuerName The name of the CA issuing the CRL referred to by this DP, + * or <code>null</code> if this DP refers to an OCSP + * responder. + * * @return The distribution point. */ - private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName) - { - String uri = getElementValue(dpElem, CONF + "Location", null); - - if ("CRLDP".equals(dpElem.getLocalName())) - { - NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode"); + private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName) { + final String uri = getElementValue(dpElem, CONF + "Location", null); + + if ("CRLDP".equals(dpElem.getLocalName())) { + final NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode"); Element reasonCodeElem; - StringBuffer reasonCodesSB = new StringBuffer(); - while ((reasonCodeElem = (Element)reasonCodesIter.nextNode()) != null) - { - if (reasonCodesSB.length() > 0) reasonCodesSB.append(" "); + final StringBuffer reasonCodesSB = new StringBuffer(); + while ((reasonCodeElem = (Element) reasonCodesIter.nextNode()) != null) { + if (reasonCodesSB.length() > 0) { + reasonCodesSB.append(" "); + } reasonCodesSB.append(getElementValue(reasonCodeElem, ".", "").trim()); } return new CRLDistributionPoint(issuerName, uri, reasonCodesSB.toString()); - } - else - { + } else { return new OCSPDistributionPoint(uri); } } /** * Return the CRL archive duration. - * - * @return The value of the CRL archive duration setting from the configuration, or <code>0</code> if - * no value is set in the configuration. + * + * @return The value of the CRL archive duration setting from the configuration, + * or <code>0</code> if no value is set in the configuration. */ - public int getRevocationArchiveDuration() - { - String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null); - try - { + public int getRevocationArchiveDuration() { + final String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null); + try { return Integer.parseInt(archiveDuration); - } - catch (NumberFormatException e) - { + } catch (final NumberFormatException e) { warn("config.01", null); return 365; } } /** - * Build the <code>CreateTransformsInfoProfile</code>s. - * + * Build the <code>CreateTransformsInfoProfile</code>s. + * * @return The mapping from profile ID to profile. */ - public Map buildCreateTransformsInfoProfiles() - { + public Map buildCreateTransformsInfoProfiles() { return loadProfiles(CREATE_TRANSFORMS_INFO_PROFILE_XPATH, "CreateTransformsInfoProfile"); } /** * Build the <code>CreateSignatureEnvironmentProfile</code>s. - * + * * @return The mapping from profile ID to profile. */ - public Map buildCreateSignatureEnvironmentProfiles() - { + public Map buildCreateSignatureEnvironmentProfiles() { return loadProfiles(CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, "CreateSignatureEnvironmentProfile"); } /** * Build the <code>VerifyTransformsInfoProfile</code>s. - * + * * @return The mapping from profile ID to profile. */ - public Map buildVerifyTransformsInfoProfiles() - { + public Map buildVerifyTransformsInfoProfiles() { return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile"); } /** * Build the <code>SupplementProfile</code>s. - * + * * @return The mapping from profile ID to profile. */ - public Map buildSupplementProfiles() - { + public Map buildSupplementProfiles() { return loadProfiles(SUPPLEMENT_PROFILE_XPATH, "SupplementProfile"); } /** * Load a profile mapping. - * - * @param xpath The XPath to select the profiles from the configuration. - * + * + * @param xpath The XPath to select the profiles from the configuration. + * * @param profileRoot The name of the profile root element. - * + * * @return Map The profile ID to profile mapping. */ - private Map loadProfiles(String xpath, String profileRoot) - { - Map profiles = new HashMap(); - NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath); + private Map loadProfiles(String xpath, String profileRoot) { + final Map profiles = new HashMap(); + final NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath); Element profileElem; - while ((profileElem = (Element) profileIter.nextNode()) != null) - { - String id = getElementValue(profileElem, CONF + "Id", null); - String fileName = getElementValue(profileElem, CONF + "Location", null); + while ((profileElem = (Element) profileIter.nextNode()) != null) { + final String id = getElementValue(profileElem, CONF + "Id", null); + final String fileName = getElementValue(profileElem, CONF + "Location", null); - if (profiles.containsKey(id)) - { + if (profiles.containsKey(id)) { warn("config.04", new Object[] { profileRoot, id }); - } - else - { - try - { + } else { + try { File profileFile = new File(fileName); // make profileFile absolute - if (!profileFile.isAbsolute()) profileFile = new File(configRoot_, fileName); + if (!profileFile.isAbsolute()) { + profileFile = new File(configRoot_, fileName); + } // load the profile - info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile()}); - Element profile = loadProfile(profileFile); + info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile() }); + final Element profile = loadProfile(profileFile); - if (Constants.MOA_NS_URI.equals(profile.getNamespaceURI()) && - profile.getLocalName().equals(profileRoot)) - { + if (Constants.MOA_NS_URI.equals(profile.getNamespaceURI()) && + profile.getLocalName().equals(profileRoot)) { profiles.put(id, profile); - } - else - { + } else { warn("config.02", new Object[] { profileRoot, id, fileName }); } - } catch (ConfigurationException e) { + } catch (final ConfigurationException e) { warn("config.03", new Object[] { profileRoot, id }); } } @@ -1210,8 +1142,9 @@ public class ConfigurationPartsBuilder { /** * Load a profile from a file. - * - * @param root The absolute directory path of the main configuration file. + * + * @param root The absolute directory path of the main configuration + * file. * @param profileFile The file containing the profile. * @return The profile in its DOM representation. * @throws ConfigurationException An error occurred loading the profile. @@ -1222,7 +1155,7 @@ public class ConfigurationPartsBuilder { try { profile = parseXml(new FileInputStream(profileFile)); - } catch (Exception e) { + } catch (final Exception e) { throw new ConfigurationException("config.12", null, e); } @@ -1231,146 +1164,136 @@ public class ConfigurationPartsBuilder { /** * Build the trust profile mapping. - * + * * @return The profile ID to profile mapping. */ - - public Map buildTrustProfiles() - { - Map trustProfiles = new HashMap(); - NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + + public Map buildTrustProfiles() { + final Map trustProfiles = new HashMap(); + final NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); Element profileElem; - while ((profileElem = (Element) profileIter.nextNode()) != null) { - //load basic TrustProfile information - - //check TrustProfileId - String id = getElementValue(profileElem, CONF + "Id", null); - if (MiscUtil.isEmpty(id)) { - warn("config.52", new Object[]{"Id des TrustProfiles ist leer."}); - continue; - - } - //cast profileId to lowercase (changed in 3.0.1) - id = id.trim().toLowerCase(); - if (trustProfiles.containsKey(id)) { - warn("config.04", new Object[] { "TrustProfile", id }); + while ((profileElem = (Element) profileIter.nextNode()) != null) { + // load basic TrustProfile information + + // check TrustProfileId + String id = getElementValue(profileElem, CONF + "Id", null); + if (MiscUtil.isEmpty(id)) { + warn("config.52", new Object[] { "Id des TrustProfiles ist leer." }); + continue; + + } + // cast profileId to lowercase (changed in 3.0.1) + id = id.trim().toLowerCase(); + if (trustProfiles.containsKey(id)) { + warn("config.04", new Object[] { "TrustProfile", id }); + continue; + } + + // check location of TrustAnchor directory + final String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); + URI trustAnchorsLocURI = null; + try { + trustAnchorsLocURI = new URI(trustAnchorsLocStr); + if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file + trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); + } + } catch (final URIException e) { + warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); + continue; + } catch (final MalformedURLException e) { + warn("config.15", new Object[] { id }, e); + continue; + } + final File profileDir = new File(trustAnchorsLocURI.getPath()); + if (!profileDir.exists() || !profileDir.isDirectory()) { + warn("config.27", new Object[] { "uri", id }); + continue; + } + + // check signerCertsLocation URL + String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); + URI signerCertsLocURI = null; + if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) { + try { + signerCertsLocURI = new URI(signerCertsLocStr); + if (!signerCertsLocURI.isAbsolute()) { + signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); + } + + final File signerCertsDir = new File(signerCertsLocURI.getPath()); + if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { + warn("config.27", new Object[] { "signerCertsUri", id }); continue; - } - - //check location of TrustAnchor directory - String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); - URI trustAnchorsLocURI = null; - try - { - trustAnchorsLocURI = new URI(trustAnchorsLocStr); - if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file - trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); } - } - catch (URIException e) { - warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); - continue; - } - catch (MalformedURLException e) - { - warn("config.15", new Object[] {id}, e); + } catch (final URIException e) { + warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); continue; - } - File profileDir = new File(trustAnchorsLocURI.getPath()); - if (!profileDir.exists() || !profileDir.isDirectory()) { - warn("config.27", new Object[] { "uri", id }); + } catch (final MalformedURLException e) { + warn("config.15", new Object[] { id }, e); continue; } + } + signerCertsLocStr = signerCertsLocURI != null ? signerCertsLocURI.toString() : null; + + // check if TSL support is enabled + final Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); + boolean tslEnabled = false; + if (eutslElem != null) { + tslEnabled = true; + } + + // load TSL configuration + final String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", + null); + final String allowedTspStatus = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + + "AllowedTSPStatus", null); + final String allowedTspServiceTypes = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + + "AllowedTSPServiceTypes", null); + + // create profile configuration + final TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, + tslEnabled, countries, allowedTspStatus, allowedTspServiceTypes); + trustProfiles.put(id, profile); - //check signerCertsLocation URL - String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - URI signerCertsLocURI = null; - if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) - { - try - { - signerCertsLocURI = new URI(signerCertsLocStr); - if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); - - File signerCertsDir = new File(signerCertsLocURI.getPath()); - if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { - warn("config.27", new Object[] { "signerCertsUri", id }); - continue; - } - } - catch (URIException e) { - warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); - continue; - } - catch (MalformedURLException e) { - warn("config.15", new Object[] {id}, e); - continue; - } - } - signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - - - //check if TSL support is enabled - Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); - boolean tslEnabled = false; - if (eutslElem != null) //EUTSL element found --> TSL enabled - tslEnabled = true; - - //load TSL configuration - String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", null); - String allowedTspStatus = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "AllowedTSPStatus", null); - String allowedTspServiceTypes = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "AllowedTSPServiceTypes", null); - - - //create profile configuration - TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, - tslEnabled, countries, allowedTspStatus, allowedTspServiceTypes); - trustProfiles.put(id, profile); - } return trustProfiles; } - + /** * Returns the location of the certificate store. - * + * * @return the location of the certificate store. */ - public String getCertStoreLocation() - { - String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null); + public String getCertStoreLocation() { + final String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null); File certStoreLocFile; - - // No value specified in configuration file: Set it to a reasonable (absolute) default - if (certStoreLocStr == null) - return new File(configRoot_, "certstore").getAbsolutePath(); - + + // No value specified in configuration file: Set it to a reasonable (absolute) + // default + if (certStoreLocStr == null) { + return new File(configRoot_, "certstore").getAbsolutePath(); + } + // Make cert store location an absolute value certStoreLocFile = new File(certStoreLocStr); - if (!certStoreLocFile.isAbsolute()) - { + if (!certStoreLocFile.isAbsolute()) { certStoreLocFile = new File(configRoot_, certStoreLocStr); } - + // Check if cert store location exists, eventually try to create it - if (!certStoreLocFile.isDirectory()) - { + if (!certStoreLocFile.isDirectory()) { boolean created = false; - try - { + try { created = certStoreLocFile.mkdirs(); - } - finally - { - if (!created) - { + } finally { + if (!created) { warn("config.32", new Object[] { certStoreLocFile.getAbsolutePath() }); } } } - + return certStoreLocFile.getAbsolutePath(); } @@ -1380,437 +1303,429 @@ public class ConfigurationPartsBuilder { /** * Parse a configuration XML file. - * + * * @param inputStream The stream from which to read the XML data. * @return The DOM representation of the XML data. * @throws ParserConfigurationException XML parser not configured properly. - * @throws SAXException An error parsing the XML file. - * @throws IOException An error reading the stream. + * @throws SAXException An error parsing the XML file. + * @throws IOException An error reading the stream. */ private static Element parseXml(InputStream inputStream) - throws ParserConfigurationException, SAXException, IOException { + throws ParserConfigurationException, SAXException, IOException { return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) - .getDocumentElement(); + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) + .getDocumentElement(); } /** * Return the value of an element located by an XPath. - * - * @param root The root element from which to evaluate the <code>xpath</code>. + * + * @param root The root element from which to evaluate the <code>xpath</code>. * @param xpath The XPath pointing to the element. - * @param def The default value, if no element can be found with the given - * <code>xpath</code>. + * @param def The default value, if no element can be found with the given + * <code>xpath</code>. * @return The element value or <code>def</code>, if the element cannot be - * found. + * found. */ private String getElementValue(Element root, String xpath, String def) { - Element elem = (Element) XPathUtils.selectSingleNode(root, xpath); + final Element elem = (Element) XPathUtils.selectSingleNode(root, xpath); return elem != null ? DOMUtils.getText(elem) : def; } /** * Return the value of an attribute located by an XPath. - * - * @param root The root element from which to evaluate the <code>xpath</code>. + * + * @param root The root element from which to evaluate the <code>xpath</code>. * @param xpath The XPath pointing to the attribute. - * @param def The default value, if no attribute can be found with the given - * <code>xpath</code>. + * @param def The default value, if no attribute can be found with the given + * <code>xpath</code>. * @return The element value or <code>def</code>, if the attribute cannot be - * found. + * found. */ private String getAttributeValue(Element root, String xpath, String def) { - Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath); + final Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath); return attr != null ? attr.getValue() : def; } /** * Log an info message. - * - * @param messageId The message ID. + * + * @param messageId The message ID. * @param parameters Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private static void info(String messageId, Object[] parameters) { - MessageProvider msg = MessageProvider.getInstance(); + final MessageProvider msg = MessageProvider.getInstance(); Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); } /** * Log a warning. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void warn(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.warn(new LogMsg(txt)); warnings.add(txt); } - + /** * Log a warning. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void debug(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.debug(new LogMsg(txt)); - + } - /** * Log a debug message. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void debug(String message) { Logger.debug(new LogMsg(message)); } - + /** * Log a warning. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. - * @param t An exception being the cause of the warning. + * @param args Additional parameters for the message. + * @param t An exception being the cause of the warning. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void warn(String messageId, Object[] args, Throwable t) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); - Logger.warn(new LogMsg(txt), t); + Logger.warn(new LogMsg(txt), t); warnings.add(txt); } /** * Log an error. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void error(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.error(new LogMsg(txt)); warnings.add(txt); } - + /** * Log an error. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. - * @param t An exception being the cause of the warning. + * @param args Additional parameters for the message. + * @param t An exception being the cause of the warning. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void error(String messageId, Object[] args, Throwable t) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); - Logger.error(new LogMsg(txt), t); + Logger.error(new LogMsg(txt), t); warnings.add(txt); } - + /** * Returns whether revocation information should be archived. - * + * * @return whether revocation information should be archived. */ - public boolean getEnableRevocationArchiving() - { - String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null); + public boolean getEnableRevocationArchiving() { + final String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null); return Boolean.valueOf(enableArchiving).booleanValue(); } /** * Returns the JDBC URL for the revocation archive database. - * - * @return the JDBC URL for the revocation archive database, or <code>null</code, if the corresponding - * parameter is not set in the configuration. + * + * @return the JDBC URL for the revocation archive database, or + * <code>null</code, if the corresponding parameter is not set in the + * configuration. */ - public String getRevocationArchiveJDBCURL() - { - String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null); + public String getRevocationArchiveJDBCURL() { + final String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null); return jDBCURL; } /** * Returns the JDBC driver class name for the revocation archive database. - * - * @return the JDBC driver class name for the revocation archive database, or <code>null</code, - * if the corresponding parameter is not set in the configuration. + * + * @return the JDBC driver class name for the revocation archive database, or + * <code>null</code, if the corresponding parameter is not set in the + * configuration. */ - public String getRevocationArchiveJDBCDriverClass() - { - String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null); + public String getRevocationArchiveJDBCDriverClass() { + final String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null); return jDBCDriverClass; } /** * Returns whether revocation information should be archived. */ - public boolean getEnableRevocationChecking() - { - String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null); + public boolean getEnableRevocationChecking() { + final String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null); return Boolean.valueOf(enableChecking).booleanValue(); } /** - * Returns the maximum age of a revocation information for considering it - * still as valid. - * - * @return the maximum age of a revocation information for considering it - * still as valid. + * Returns the maximum age of a revocation information for considering it still + * as valid. + * + * @return the maximum age of a revocation information for considering it still + * as valid. */ - public long getMaxRevocationAge() - { - String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null); - if (maxRevocationAge == null) return 0; + public long getMaxRevocationAge() { + final String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null); + if (maxRevocationAge == null) { + return 0; + } return Long.valueOf(maxRevocationAge).longValue(); } /** * Returns the service order for revocation checking. - * + * * @return the service order for revocation checking. Valid array entries are - * {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. - * An empty array will be returned if no service order is specified in the - * configuration. + * {@link RevocationSourceTypes#OCSP} and + * {@link RevocationSourceTypes#CRL}. An empty array will be returned if + * no service order is specified in the configuration. */ - public String[] getServiceOrder() - { - ArrayList list = new ArrayList(); - NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), REVOCATION_SERVICEORDER_XPATH_); + public String[] getServiceOrder() { + final ArrayList list = new ArrayList(); + final NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), + REVOCATION_SERVICEORDER_XPATH_); Element currentServiceNode; - while ((currentServiceNode = (Element)serviceIter.nextNode()) != null) - { + while ((currentServiceNode = (Element) serviceIter.nextNode()) != null) { list.add(getElementValue(currentServiceNode, ".", null)); } - Object[] serviceOrder = list.toArray(); - String[] returnValue = new String[serviceOrder.length]; - for (int i = 0; i < serviceOrder.length; i++) - { - if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.CRL)) { + final Object[] serviceOrder = list.toArray(); + final String[] returnValue = new String[serviceOrder.length]; + for (int i = 0; i < serviceOrder.length; i++) { + if (((String) serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.CRL)) { returnValue[i] = RevocationSourceTypes.CRL; - } else if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.OCSP)) { + } else if (((String) serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.OCSP)) { returnValue[i] = RevocationSourceTypes.OCSP; } - + } return returnValue; } /** - * Returns whether the certificate extension Authority Info Access should - * be used during certificate path construction. - * - * @return whether the certificate extension Authority Info Access should - * be used during certificate path construction. + * Returns whether the certificate extension Authority Info Access should be + * used during certificate path construction. + * + * @return whether the certificate extension Authority Info Access should be + * used during certificate path construction. */ - public boolean getUseAuthorityInfoAccess() - { - String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null); + public boolean getUseAuthorityInfoAccess() { + final String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null); return Boolean.valueOf(useAIA).booleanValue(); } /** - * Returns whether certificates found during certificate path construction + * Returns whether certificates found during certificate path construction * should be added to the certificate store. - * - * @return whether certificates found during certificate path construction + * + * @return whether certificates found during certificate path construction * should be added to the certificate store. */ - public boolean getAutoAddCertificates() - { - String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); + public boolean getAutoAddCertificates() { + final String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); return Boolean.valueOf(autoAdd).booleanValue(); } - - + public boolean getAutoEEAddCertificates() { - String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_EE_CERTIFICATES_XPATH_, null); - if (autoAdd != null) - return Boolean.valueOf(autoAdd).booleanValue(); - else - return false; - - } - + final String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_EE_CERTIFICATES_XPATH_, null); + if (autoAdd != null) { + return Boolean.valueOf(autoAdd).booleanValue(); + } else { + return false; + } + + } + /** - * Returns whether file URIs are permitted + * Returns whether file URIs are permitted + * * @return whether file URIs are permitted */ - public boolean getPermitFileURIs() - { - String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false"); + public boolean getPermitFileURIs() { + final String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false"); return Boolean.valueOf(permitFileURIs).booleanValue(); } - + /** * Returns the TSL configuration from the config file + * * @return */ public TSLConfiguration getTSLConfiguration() { - TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl(); - - - String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null); - if (StringUtils.isEmpty(euTSLUrl)) { - euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL; - debug("config.39", new Object[] { "EUTSL", euTSLUrl }); - } - - String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null); - - if (StringUtils.isEmpty(updateSchedulePeriod)) { - updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD; - debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod }); - } - - String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "StartTime", null); - if (StringUtils.isEmpty(updateScheduleStartTime)) { - updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME; - debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime }); - - } - - String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "WorkingDirectory", null); - if (StringUtils.isEmpty(workingDirectoryStr)) { - workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; - debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); - } - - String qcQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "Evaluation/" + CONF + "QCQualifier", null); - if (MiscUtil.isEmpty(qcQualifier)) - info("config.39", new Object[] { "Evaluation/QCQualifier", " EMPTY" }); - - else { - String[] qcQualList = qcQualifier.split(","); - for (String el : qcQualList) { - try { - tslconfiguration.addQualifierForQC(new java.net.URI(el.trim())); - //info("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }); - - } catch (URISyntaxException e) { - warn("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }, e); - - } - - } - } - - String sscdQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "Evaluation/" + CONF + "SSCDQualifier", null); - if (MiscUtil.isEmpty(qcQualifier)) - info("config.39", new Object[] { "Evaluation/SSCDQualifier", " EMPTY" }); - - else { - String[] sscdQualList = sscdQualifier.split(","); - for (String el : sscdQualList) { - try { - tslconfiguration.addQualifierForSSCD(new java.net.URI(el.trim())); - //info("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }); - - } catch (URISyntaxException e) { - warn("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }, e); - - } - - } - } - - // convert update schedule starting time to Date object - Calendar Cal = DatatypeConverter.parseDateTime(updateScheduleStartTime); - Date updateScheduleStartTimeDate = Cal.getTime(); - - // convert working directory - URI workingDirectoryURI = null; - try - { - workingDirectoryURI = new URI(workingDirectoryStr); - if (!workingDirectoryURI.isAbsolute()) { // make it absolute to the config file - workingDirectoryURI = new URI(configRoot_.toURL() + workingDirectoryStr); + final TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl(); + + String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null); + if (StringUtils.isEmpty(euTSLUrl)) { + euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL; + debug("config.39", new Object[] { "EUTSL", euTSLUrl }); + } + + String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + + "UpdateSchedule/" + CONF + "Period", null); + + if (StringUtils.isEmpty(updateSchedulePeriod)) { + updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD; + debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod }); + } + + String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + + "UpdateSchedule/" + CONF + "StartTime", null); + if (StringUtils.isEmpty(updateScheduleStartTime)) { + updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME; + debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime }); + + } + + String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + + "WorkingDirectory", null); + if (StringUtils.isEmpty(workingDirectoryStr)) { + workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; + debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + } + + final String qcQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "Evaluation/" + + CONF + "QCQualifier", null); + if (MiscUtil.isEmpty(qcQualifier)) { + info("config.39", new Object[] { "Evaluation/QCQualifier", " EMPTY" }); + } else { + final String[] qcQualList = qcQualifier.split(","); + for (final String el : qcQualList) { + try { + tslconfiguration.addQualifierForQC(new java.net.URI(el.trim())); + // info("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }); + + } catch (final URISyntaxException e) { + warn("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }, e); + } + } - catch (URIException e) { - warn("config.37", new Object[] { workingDirectoryStr }, e); - workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; - warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); - } - catch (MalformedURLException e) - { - warn("config.37", new Object[] { workingDirectoryStr }, e); - workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; - warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); - } + } + + final String sscdQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + + "Evaluation/" + CONF + "SSCDQualifier", null); + if (MiscUtil.isEmpty(qcQualifier)) { + info("config.39", new Object[] { "Evaluation/SSCDQualifier", " EMPTY" }); + } else { + final String[] sscdQualList = sscdQualifier.split(","); + for (final String el : sscdQualList) { + try { + tslconfiguration.addQualifierForSSCD(new java.net.URI(el.trim())); + // info("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }); + + } catch (final URISyntaxException e) { + warn("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }, e); + + } - File tslWorkingDir = new File(workingDirectoryURI.getPath()); - if (!tslWorkingDir.exists()) { - tslWorkingDir.mkdir(); } - if (!tslWorkingDir.isDirectory()) { - error("config.38", new Object[] { workingDirectoryStr }); - return null; + } + + // convert update schedule starting time to Date object + final Calendar Cal = DatatypeConverter.parseDateTime(updateScheduleStartTime); + final Date updateScheduleStartTimeDate = Cal.getTime(); + + // convert working directory + URI workingDirectoryURI = null; + try { + workingDirectoryURI = new URI(workingDirectoryStr); + if (!workingDirectoryURI.isAbsolute()) { // make it absolute to the config file + workingDirectoryURI = new URI(configRoot_.toURL() + workingDirectoryStr); } - - - debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl); - debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod); - debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime); - debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath()); - - - // set TSL configuration - tslconfiguration.setEuTSLUrl(euTSLUrl); - tslconfiguration.setUpdateSchedulePeriod(Long.valueOf(updateSchedulePeriod).longValue()); - tslconfiguration.setUpdateScheduleStartTime(updateScheduleStartTimeDate); - tslconfiguration.setWorkingDirectory(tslWorkingDir.getAbsolutePath()); - tslconfiguration.setWorkingDirectoryURI(workingDirectoryURI); - - return tslconfiguration; + } catch (final URIException e) { + warn("config.37", new Object[] { workingDirectoryStr }, e); + workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; + warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + } catch (final MalformedURLException e) { + warn("config.37", new Object[] { workingDirectoryStr }, e); + workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; + warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + } + + final File tslWorkingDir = new File(workingDirectoryURI.getPath()); + if (!tslWorkingDir.exists()) { + tslWorkingDir.mkdir(); + } + if (!tslWorkingDir.isDirectory()) { + error("config.38", new Object[] { workingDirectoryStr }); + return null; + } + + debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl); + debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod); + debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime); + debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath()); + + // set TSL configuration + tslconfiguration.setEuTSLUrl(euTSLUrl); + tslconfiguration.setUpdateSchedulePeriod(Long.valueOf(updateSchedulePeriod).longValue()); + tslconfiguration.setUpdateScheduleStartTime(updateScheduleStartTimeDate); + tslconfiguration.setWorkingDirectory(tslWorkingDir.getAbsolutePath()); + tslconfiguration.setWorkingDirectoryURI(workingDirectoryURI); + + return tslconfiguration; } - + /** * Returns a map of CRL retention intervals + * * @return */ public Map getCrlRetentionIntervals() { - Map map = new HashMap(); - NodeIterator modIter = XPathUtils.selectNodeIterator( - getConfigElem(), - CRL_RETENTION_INTERVALS_CA_XPATH); - - Element modElem; - while ((modElem = (Element) modIter.nextNode()) != null) { - String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null); - String i = getElementValue(modElem, CONF + "Interval", null); - Integer interval = new Integer(i); - try { - RFC2253NameParser parser = new RFC2253NameParser(x509IssuerName); - Name name = parser.parse(); - map.put(name.getRFC2253String(), interval); - } catch (RFC2253NameParserException e) { - map.put(x509IssuerName, interval); - } + final Map map = new HashMap(); + final NodeIterator modIter = XPathUtils.selectNodeIterator( + getConfigElem(), + CRL_RETENTION_INTERVALS_CA_XPATH); + + Element modElem; + while ((modElem = (Element) modIter.nextNode()) != null) { + final String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null); + final String i = getElementValue(modElem, CONF + "Interval", null); + final Integer interval = new Integer(i); + try { + final RFC2253NameParser parser = new RFC2253NameParser(x509IssuerName); + final Name name = parser.parse(); + map.put(name.getRFC2253String(), interval); + } catch (final RFC2253NameParserException e) { + map.put(x509IssuerName, interval); + } - } + } - return map; + return map; } - + } |