diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java')
-rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java | 689 |
1 files changed, 332 insertions, 357 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 34db547..330ba69 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -21,14 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; -import iaik.asn1.structures.Name; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -41,7 +35,6 @@ import java.util.Collections; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import java.util.Set; import org.w3c.dom.Element; @@ -52,39 +45,45 @@ import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.DOMUtils; import at.gv.egovernment.moaspss.util.MiscUtil; +import iaik.asn1.structures.Name; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; /** * A class providing access to the MOA configuration data. - * - * <p>Configuration data is read from an XML file, whose location is given by - * the <code>moa.spss.server.configuration</code> system property.</p> - * <p>This class implements the Singleton pattern. The <code>reload()</code> - * method can be used to update the configuration data. Therefore, it is not - * guaranteed that consecutive calls to <code>getInstance()</code> will return - * the same <code>ConfigurationProvider</code> all the time. During the - * processing of a web service request, the current - * <code>TransactionContext</code> should be used to obtain the - * <code>ConfigurationProvider</code> local to that request.</p> - * + * + * <p> + * Configuration data is read from an XML file, whose location is given by the + * <code>moa.spss.server.configuration</code> system property. + * </p> + * <p> + * This class implements the Singleton pattern. The <code>reload()</code> method + * can be used to update the configuration data. Therefore, it is not guaranteed + * that consecutive calls to <code>getInstance()</code> will return the same + * <code>ConfigurationProvider</code> all the time. During the processing of a + * web service request, the current <code>TransactionContext</code> should be + * used to obtain the <code>ConfigurationProvider</code> local to that request. + * </p> + * * @author Patrick Peck * @author Sven Aigner * @version $Id$ */ -public class ConfigurationProvider -{ - /** - * The name of the system property which contains the file name of the +public class ConfigurationProvider { + /** + * The name of the system property which contains the file name of the * configuration file. */ public static final String CONFIG_PROPERTY_NAME = - "moa.spss.server.configuration"; + "moa.spss.server.configuration"; - /** + /** * A fake <code>IssuerAndSerial</code> object for storing KeyGroup information * accessible by all clients. */ private static final IssuerAndSerial ANONYMOUS_ISSUER_SERIAL = - new IssuerAndSerial(new Name(), new BigInteger("0")); + new IssuerAndSerial(new Name(), new BigInteger("0")); /** Singleton instance. <code>null</code>, if none has been created. */ private static ConfigurationProvider instance; @@ -101,23 +100,23 @@ public class ConfigurationProvider /** The default canonicalization algorithm name */ private String canonicalizationAlgorithmName; - + /** The XAdES version used for signature creation */ private String xadesVersion; - + /** PDF AS Configuration */ private String pdfAsConfiguration; - + private int connectionTimeout; private int readTimeout; - - /** - * A <code>List</code> of <code>HardwareCryptoModule</code> objects for + + /** + * A <code>List</code> of <code>HardwareCryptoModule</code> objects for * configuring hardware modules. */ private List hardwareCryptoModules; - /** + /** * A <code>List</code> of <code>HardwareKey</code> objects containing the * configuration data for hardware keys. */ @@ -144,29 +143,29 @@ public class ConfigurationProvider /** The default chaining mode. */ private String defaultChainingMode; - /** + /** * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to * chaining mode (a <code>String</code>) mapping. */ private Map chainingModes; /** - * A <code>Map</code> which contains the CAIssuerDN (a <code>String</code>) - * to distribution points (a <code>Set</code> of - * <code>DistributionPoint</code>s) mapping. + * A <code>Map</code> which contains the CAIssuerDN (a <code>String</code>) to + * distribution points (a <code>Set</code> of <code>DistributionPoint</code>s) + * mapping. */ private Map distributionPoints; - /** - * The CRL archive duration. + /** + * The CRL archive duration. */ private int cRLArchiveDuration; - + /** * Indicates whether revocation information should be archived. */ private boolean enableRevocationArchiving_; - + /** * The location of the certificate store. */ @@ -180,29 +179,29 @@ public class ConfigurationProvider private Map createSignatureEnvironmentProfiles; /** - * A <code>Map</code> which contains a mapping from - * CreateTransformsInfoProfile Ids (<code>String</code>) to - * CreateTransformsInfoProfile elements (an <code>Element</code>). + * A <code>Map</code> which contains a mapping from CreateTransformsInfoProfile + * Ids (<code>String</code>) to CreateTransformsInfoProfile elements (an + * <code>Element</code>). */ private Map createTransformsInfoProfiles; /** - * A <code>Map</code> which contains a mapping from - * VerifyTransformsInfoProfile Ids (<code>String</code>) to - * VerifyTransformsInfoProfile elements (an <code>Element</code>). + * A <code>Map</code> which contains a mapping from VerifyTransformsInfoProfile + * Ids (<code>String</code>) to VerifyTransformsInfoProfile elements (an + * <code>Element</code>). */ private Map verifyTransformsInfoProfiles; /** - * A <code>Map</code> which contains a mapping from - * SupplementProfile Ids (<code>String</code>) to SupplementProfile elements - * (an <code>Element</code>). + * A <code>Map</code> which contains a mapping from SupplementProfile Ids + * (<code>String</code>) to SupplementProfile elements (an + * <code>Element</code>). */ private Map supplementProfiles; /** - * A <code>Map</code> which contains a TrustProfile Id (a <code>String</code> - * to trust profile (a <code>TrustProfile</code>) mapping. + * A <code>Map</code> which contains a TrustProfile Id (a <code>String</code> to + * trust profile (a <code>TrustProfile</code>) mapping. */ private Map trustProfiles; @@ -222,7 +221,8 @@ public class ConfigurationProvider private boolean enableRevocationChecking_; /** - * The maximum age of a revocation information for considering it still as valid. + * The maximum age of a revocation information for considering it still as + * valid. */ private long maxRevocationAge_; @@ -232,63 +232,58 @@ public class ConfigurationProvider private String[] serviceOrder_; private boolean adesFormResults; - + /** - * Indicates whether certificates found during certificate path construction + * Indicates whether certificates found during certificate path construction * should be added to the certificate store. */ private boolean autoAddCertificates_; - private boolean autoAddEECertificates_; - - + /** - * Indicates whether the certificate extension Authority Info Access should - * be used during certificate path construction. + * Indicates whether the certificate extension Authority Info Access should be + * used during certificate path construction. */ private boolean useAuthorityInfoAccess_; /** - * Indicates whether file URIs are allowed or not + * Indicates whether file URIs are allowed or not */ private boolean permitFileURIs; - + /** * Indicates the CRL retention intervals */ private Map crlRetentionIntervals; - + /** * Indicates wether external URIs are allowed or not */ private boolean allowExternalUris_; - + /** * A <code>List</code> of black listed URIs (host and port) */ private List blackListedUris_; - + /** * A <code>List</code> of white listed URIs (host and port) */ private List whiteListedUris_; - + /** * A <code>TSLConfiguration</code> that represents the global TSL configuration */ private TSLConfiguration tslconfiguration_; - - - /** * Return the single instance of configuration data. - * + * * @return MOAConfigurationProvider The current configuration data. * @throws ConfigurationException Failure to load the configuration data. */ public static synchronized ConfigurationProvider getInstance() - throws ConfigurationException { + throws ConfigurationException { if (instance == null) { reload(); @@ -298,21 +293,21 @@ public class ConfigurationProvider /** * Reload the configuration data and set it if successful. - * + * * @return MOAConfigurationProvider The loaded configuration data. * @throws ConfigurationException Failure to load the configuration data. */ public static synchronized ConfigurationProvider reload() - throws ConfigurationException { + throws ConfigurationException { String fileName = System.getProperty(CONFIG_PROPERTY_NAME); if (fileName == null) { // find out where we are running and use the configuration provided // under WEB-INF/conf/moa-spss/MOA-SPSSConfiguration - URL url = ConfigurationProvider.class.getResource("/"); + final URL url = ConfigurationProvider.class.getResource("/"); fileName = - new File(url.getPath()).getParent() - + "/conf/moa-spss/MOA-SPSSConfiguration.xml"; + new File(url.getPath()).getParent() + + "/conf/moa-spss/MOA-SPSSConfiguration.xml"; info("config.05", new Object[] { CONFIG_PROPERTY_NAME }); } @@ -322,7 +317,7 @@ public class ConfigurationProvider /** * Constructor for ConfigurationProvider. - * + * * @param fileName The name of the configuration file. * @throws ConfigurationException An error occurred loading the configuration. */ @@ -331,12 +326,11 @@ public class ConfigurationProvider } /** - * Load the configuration data from XML file with the given name and build - * the internal data structures representing the MOA configuration. - * + * Load the configuration data from XML file with the given name and build the + * internal data structures representing the MOA configuration. + * * @param fileName The name of the XML file to load. - * @throws ConfigurationException The MOA configuration could not be - * read/built. + * @throws ConfigurationException The MOA configuration could not be read/built. */ private void load(String fileName) throws ConfigurationException { FileInputStream stream = null; @@ -345,16 +339,15 @@ public class ConfigurationProvider Element configElem; ConfigurationPartsBuilder builder; List allKeyModules; - // load the main config file try { configFile = new File(fileName); configRoot = new File(configFile.getParent()); - info("config.21", new Object[] { configFile.getAbsoluteFile()}); + info("config.21", new Object[] { configFile.getAbsoluteFile() }); stream = new FileInputStream(fileName); configElem = DOMUtils.parseXmlValidating(new FileInputStream(fileName)); - } catch (Throwable t) { + } catch (final Throwable t) { throw new ConfigurationException("config.10", null, t); } @@ -362,30 +355,29 @@ public class ConfigurationProvider try { builder = new ConfigurationPartsBuilder(configElem, configRoot); - //build TSL configuration + // build TSL configuration tslconfiguration_ = builder.getTSLConfiguration(); - - //build TrustProfile configuration - trustProfiles = builder.buildTrustProfiles(); - - //check TSL configuration + + // build TrustProfile configuration + trustProfiles = builder.buildTrustProfiles(); + + // check TSL configuration checkTSLConfiguration(); - - + digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName(); canonicalizationAlgorithmName = - builder.getCanonicalizationAlgorithmName(); + builder.getCanonicalizationAlgorithmName(); hardwareCryptoModules = builder.buildHardwareCryptoModules(); hardwareKeyModules = - builder.buildHardwareKeyModules(Collections.EMPTY_LIST); + builder.buildHardwareKeyModules(Collections.EMPTY_LIST); softwareKeyModules = - builder.buildSoftwareKeyModules(hardwareKeyModules); + builder.buildSoftwareKeyModules(hardwareKeyModules); allKeyModules = new ArrayList(hardwareKeyModules); allKeyModules.addAll(softwareKeyModules); keyGroups = builder.buildKeyGroups(allKeyModules); keyGroupMappings = - builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); - + builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); + connectionTimeout = builder.getConnectionTimeout(); readTimeout = builder.getReadTimeout(); pdfAsConfiguration = builder.getPDFASConfiguration(); @@ -396,9 +388,9 @@ public class ConfigurationProvider useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess(); autoAddCertificates_ = builder.getAutoAddCertificates(); autoAddEECertificates_ = builder.getAutoEEAddCertificates(); - //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); - - + // trustProfiles = + // builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + distributionPoints = builder.buildDistributionPoints(); enableRevocationChecking_ = builder.getEnableRevocationChecking(); maxRevocationAge_ = builder.getMaxRevocationAge(); @@ -407,12 +399,10 @@ public class ConfigurationProvider cRLArchiveDuration = builder.getRevocationArchiveDuration(); revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL(); revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass(); - - - //TODO!!!! + + // TODO!!!! certStoreLocation_ = builder.getCertStoreLocation(); - - + createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles(); createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles(); verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles(); @@ -421,41 +411,37 @@ public class ConfigurationProvider permitFileURIs = builder.getPermitFileURIs(); crlRetentionIntervals = builder.getCrlRetentionIntervals(); - allowExternalUris_= builder.allowExternalUris(); - - if (allowExternalUris_) { - blackListedUris_ = builder.buildPermitExternalUris(); - whiteListedUris_ = null; - } - else { - info("config.35", null); - blackListedUris_ = null; - whiteListedUris_ = builder.buildForbidExternalUris(); + allowExternalUris_ = builder.allowExternalUris(); + + if (allowExternalUris_) { + blackListedUris_ = builder.buildPermitExternalUris(); + whiteListedUris_ = null; + } else { + info("config.35", null); + blackListedUris_ = null; + whiteListedUris_ = builder.buildForbidExternalUris(); } - - - + // Set set = crlRetentionIntervals.entrySet(); // Iterator i = set.iterator(); // while(i.hasNext()){ // Map.Entry me = (Map.Entry)i.next(); // System.out.println("Key: " + me.getKey() + " - Value: " + me.getValue() ); // } - - - } catch (Throwable t) { + + } catch (final Throwable t) { throw new ConfigurationException("config.11", null, t); } finally { try { if (stream != null) { stream.close(); } - } catch (IOException e) { + } catch (final IOException e) { // don't complain about this } } } - + // private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException { // boolean bTSLEnabledTPExist = false; // Iterator it = trustProfiles.entrySet().iterator(); @@ -465,78 +451,75 @@ public class ConfigurationProvider // if (tp.isTSLEnabled()) // bTSLEnabledTPExist = bTSLEnabledTPExist || true; // } -// +// // return bTSLEnabledTPExist; -// +// // } - - private void checkTSLConfiguration() throws ConfigurationException { - boolean bTSLEnabledTPExist = false; - Iterator it = trustProfiles.entrySet().iterator(); - while (it.hasNext()) { - Map.Entry pairs = (Map.Entry)it.next(); - TrustProfile tp = (TrustProfile) pairs.getValue(); - if (tp.isTSLEnabled()) - bTSLEnabledTPExist = bTSLEnabledTPExist || true; - } - - if (!bTSLEnabledTPExist) { - // if no trustprofile has TSL support enabled, delete TSL configuration - tslconfiguration_ = null; - return; - } - - if (bTSLEnabledTPExist && (tslconfiguration_ == null)) { - error("config.40", null); - throw new ConfigurationException("config.40", null); - } - - File workingDir = new File(tslconfiguration_.getWorkingDirectory()); - File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu"); - if (!eu_trust.exists()) { - error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); - throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); - } - else { - File[] eutrustFiles = eu_trust.listFiles(); - if (eutrustFiles == null) { - error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); - throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); - } - else { - if (eutrustFiles.length == 0) { - error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); - throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); - } - } - - } - - File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache"); - if (!hashcache.exists()) { - hashcache.mkdir(); + + private void checkTSLConfiguration() throws ConfigurationException { + boolean bTSLEnabledTPExist = false; + final Iterator it = trustProfiles.entrySet().iterator(); + while (it.hasNext()) { + final Map.Entry pairs = (Map.Entry) it.next(); + final TrustProfile tp = (TrustProfile) pairs.getValue(); + if (tp.isTSLEnabled()) { + bTSLEnabledTPExist = bTSLEnabledTPExist || true; } - if (!hashcache.isDirectory()) { - error("config.38", new Object[] { hashcache.getAbsolutePath() }); - return; + } + + if (!bTSLEnabledTPExist) { + // if no trustprofile has TSL support enabled, delete TSL configuration + tslconfiguration_ = null; + return; + } + + if (bTSLEnabledTPExist && tslconfiguration_ == null) { + error("config.40", null); + throw new ConfigurationException("config.40", null); + } + + final File workingDir = new File(tslconfiguration_.getWorkingDirectory()); + final File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu"); + if (!eu_trust.exists()) { + error("config.51", new Object[] { "Verzeichnis \"trust/eu\" existiert nicht" }); + throw new ConfigurationException("config.51", new Object[] { + "Verzeichnis \"trust/eu\" existiert nicht" }); + } else { + final File[] eutrustFiles = eu_trust.listFiles(); + if (eutrustFiles == null) { + error("config.51", new Object[] { "Verzeichnis \"trust/eu\" ist leer" }); + throw new ConfigurationException("config.51", new Object[] { "Verzeichnis \"trust/eu\" ist leer" }); + } else { + if (eutrustFiles.length == 0) { + error("config.51", new Object[] { "Verzeichnis \"trust/eu\" ist leer" }); + throw new ConfigurationException("config.51", new Object[] { "Verzeichnis \"trust/eu\" ist leer" }); + } } + } + + final File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache"); + if (!hashcache.exists()) { + hashcache.mkdir(); + } + if (!hashcache.isDirectory()) { + error("config.38", new Object[] { hashcache.getAbsolutePath() }); + return; + } + // System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath()); // String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR"); // System.out.println("Hashcache: " + hashcachedir); + Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath()); - Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath()); - - } - /** * Returns the warnings encountered during building the configuration. - * - * @return A <code>List</code> of <code>String</code>s, containing the - * warning messages. + * + * @return A <code>List</code> of <code>String</code>s, containing the warning + * messages. */ public List getWarnings() { return warnings; @@ -544,57 +527,58 @@ public class ConfigurationProvider /** * Return the name of the digest algorithm used during signature creation. - * - * @return The digest method algorithm name, or an empty <code>String</code>, - * if none has been configured. + * + * @return The digest method algorithm name, or an empty <code>String</code>, if + * none has been configured. */ public String getDigestMethodAlgorithmName() { return digestMethodAlgorithmName; } - + /** * Return the XAdES version used for signature creation. - * - * @return The XAdES version used for signature creation, or an empty <code>String</code>, - * if none has been configured. + * + * @return The XAdES version used for signature creation, or an empty + * <code>String</code>, if none has been configured. */ public String getXAdESVersion() { return xadesVersion; } - + public String getPDFASConfiguration() { - return pdfAsConfiguration; + return pdfAsConfiguration; } - + public int getConnectionTimeout() { - return this.connectionTimeout; + return this.connectionTimeout; } - + public int getReadTimeout() { - return this.readTimeout; + return this.readTimeout; } - + public boolean getAdesFormResults() { - return this.adesFormResults; + return this.adesFormResults; } - + public boolean getAllowExternalUris() { - return this.allowExternalUris_; + return this.allowExternalUris_; } - + public List getBlackListedUris() { - return this.blackListedUris_; + return this.blackListedUris_; } + public List getWhiteListedUris() { - return this.whiteListedUris_; + return this.whiteListedUris_; } - + /** * Return the name of the canonicalization algorithm used during signature * creation. - * - * @return The canonicalization algorithm name, or an empty - * <code>String</code> if none has been configured. + * + * @return The canonicalization algorithm name, or an empty <code>String</code> + * if none has been configured. */ public String getCanonicalizationAlgorithmName() { return canonicalizationAlgorithmName; @@ -602,9 +586,9 @@ public class ConfigurationProvider /** * Return the configured hardware crypto modules. - * + * * @return A <code>List</code> of <code>HardwareCryptoModule</code> objects - * containing the hardware crypto module configurations. + * containing the hardware crypto module configurations. */ public List getHardwareCryptoModules() { return hardwareCryptoModules; @@ -612,9 +596,9 @@ public class ConfigurationProvider /** * Return the hardware key modules configuration. - * + * * @return A <code>List</code> of <code>HardwareKeyModule</code> objects - * containing the configuration of the hardware key modules. + * containing the configuration of the hardware key modules. */ public List getHardwareKeyModules() { return hardwareKeyModules; @@ -622,9 +606,9 @@ public class ConfigurationProvider /** * Return the software key module configuration. - * + * * @return A <code>List</code> of <code>SoftwareKeyModule</code> objects - * containing the configuration of the software key modules. + * containing the configuration of the software key modules. */ public List getSoftwareKeyModules() { return softwareKeyModules; @@ -632,38 +616,38 @@ public class ConfigurationProvider /** * Return the key group mapping. - * - * @return A mapping from key group ID (a <code>String</code>) to - * <code>KeyGroup</code> mapping. + * + * @return A mapping from key group ID (a <code>String</code>) to + * <code>KeyGroup</code> mapping. */ public Map getKeyGroups() { return keyGroups; } - + public KeyGroup getKeyGroup(String keyGroupId) { - if (MiscUtil.isNotEmpty(keyGroupId)) - return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); - - else - return null; + if (MiscUtil.isNotEmpty(keyGroupId)) { + return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); + } else { + return null; + } } /** * Return the set of <code>KeyGroupEntry</code>s of a given key group, which a * client (identified by an issuer/serial pair) may access. - * - * @param issuer The issuer of the client certificate. - * @param serial The serial number of the client certificate. + * + * @param issuer The issuer of the client certificate. + * @param serial The serial number of the client certificate. * @param keyGroupId The ID of the key group. * @return A <code>Set</code> of all the <code>KeyGroupEntry</code>s in the - * given key group, if the user may access them. Returns <code>null</code>, if - * the user may not access the given key group or if the key group does not - * exist. + * given key group, if the user may access them. Returns + * <code>null</code>, if the user may not access the given key group or + * if the key group does not exist. */ public Set getKeyGroupEntries( - Principal issuer, - BigInteger serial, - String keyGroupId) { + Principal issuer, + BigInteger serial, + String keyGroupId) { IssuerAndSerial issuerAndSerial; Map mapping; @@ -676,118 +660,115 @@ public class ConfigurationProvider // System.out.println("Issuer: " + issuer); // System.out.println("serial: " + serial); -// +// // Iterator entries = keyGroupMappings.entrySet().iterator(); // while (entries.hasNext()) { // Entry thisEntry = (Entry) entries.next(); // System.out.println("Entry: " + thisEntry.getKey()); // System.out.println("Value: " + thisEntry.getValue()); // } - + mapping = (Map) keyGroupMappings.get(issuerAndSerial); if (mapping != null) { - KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); + final KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); if (keyGroup != null) { return keyGroup.getKeyGroupEntries(); } } - + // If no key group is available for a client identified by a certificate, // try to find a key group in the anonymous key group mapping - if (issuer != null || serial != null) - { + if (issuer != null || serial != null) { mapping = (Map) keyGroupMappings.get(ANONYMOUS_ISSUER_SERIAL); - if (mapping != null) - { - KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); - if (keyGroup != null) return keyGroup.getKeyGroupEntries(); + if (mapping != null) { + final KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); + if (keyGroup != null) { + return keyGroup.getKeyGroupEntries(); + } } } - + return null; } /** * Return the chaining mode for a given trust anchor. - * + * * @param trustAnchor The trust anchor for which the chaining mode should be - * returned. - * @return The chaining mode for the given trust anchor. If the trust anchor - * has not been configured separately, the system default will be returned. + * returned. + * @return The chaining mode for the given trust anchor. If the trust anchor has + * not been configured separately, the system default will be returned. */ public String getChainingMode(X509Certificate trustAnchor) { - Principal issuer = trustAnchor.getIssuerDN(); - BigInteger serial = trustAnchor.getSerialNumber(); - IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); + final Principal issuer = trustAnchor.getIssuerDN(); + final BigInteger serial = trustAnchor.getSerialNumber(); + final IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); - String mode = (String) chainingModes.get(issuerAndSerial); + final String mode = (String) chainingModes.get(issuerAndSerial); return mode != null ? mode : defaultChainingMode; } /** * Return the distribution points for a given CA. - * + * * @param cert The certificate for which the distribution points should be * looked up. The issuer information is used to perform the lookup. - * - * @return A <code>Set</code> of <code>DistributionPoint</code> objects. The - * set will be empty, if no distribution points have been configured - * for this certificate. + * + * @return A <code>Set</code> of <code>DistributionPoint</code> objects. The set + * will be empty, if no distribution points have been configured for + * this certificate. */ - public Set getDistributionPoints(X509Certificate cert) - { + public Set getDistributionPoints(X509Certificate cert) { try { - RFC2253NameParser nameParser = - new RFC2253NameParser(cert.getIssuerDN().toString()); - String caIssuerDN = nameParser.parse().getName(); - Set dps = (Set) distributionPoints.get(caIssuerDN); + final RFC2253NameParser nameParser = + new RFC2253NameParser(cert.getIssuerDN().toString()); + final String caIssuerDN = nameParser.parse().getName(); + final Set dps = (Set) distributionPoints.get(caIssuerDN); if (dps == null) { return Collections.EMPTY_SET; } return dps; - } catch (RFC2253NameParserException e) { + } catch (final RFC2253NameParserException e) { return Collections.EMPTY_SET; } } /** * Return the CRL archive duration. - * + * * @return The duration of how long to keep CRL archive entries (measured in - * days). + * days). */ public int getCRLArchiveDuration() { return cRLArchiveDuration; } - + /** * Returns whether revocation information should be archived. - * + * * @return whether revocation information should be archived. */ - public boolean getEnableRevocationArchiving() - { + public boolean getEnableRevocationArchiving() { return enableRevocationArchiving_; } - + /** * Returns the location of the certificate store. - * + * * @return the location of the certificate store. */ - public String getCertStoreLocation() - { + public String getCertStoreLocation() { return certStoreLocation_; } /** * Return a <code>CreateTransformsInfoProfile</code> with the given ID. - * + * * @param id The <code>CreateTransformsInfoProfile</code> ID. - * @return The <code>CreateTransformsInfoProfile</code> with the given - * ID or <code>null</code>, if none exists. + * @return The <code>CreateTransformsInfoProfile</code> with the given ID or + * <code>null</code>, if none exists. */ public Element getCreateTransformsInfoProfile(String id) { return (Element) createTransformsInfoProfiles.get(id); @@ -795,10 +776,10 @@ public class ConfigurationProvider /** * Return a <code>CreateSignatureEnvironmentProfile</code> with the given ID. - * + * * @param id The <code>CreateSignatureEnvironmentProfile</code> ID. - * @return The <code>CreateSignatureEnvironmentProfile</code> with the given - * ID or <code>null</code>, if none exists. + * @return The <code>CreateSignatureEnvironmentProfile</code> with the given ID + * or <code>null</code>, if none exists. */ public Element getCreateSignatureEnvironmentProfile(String id) { return (Element) createSignatureEnvironmentProfiles.get(id); @@ -806,10 +787,10 @@ public class ConfigurationProvider /** * Return a <code>VerifyTransformsInfoProfile</code> with the given ID. - * + * * @param id The <code>VerifyTransformsInfoProfile</code> ID. * @return The <code>VerifyTransformsInfoProfile</code> with the given ID or - * <code>null</code>, if none exists. + * <code>null</code>, if none exists. */ public Element getVerifyTransformsInfoProfile(String id) { return (Element) verifyTransformsInfoProfiles.get(id); @@ -817,10 +798,10 @@ public class ConfigurationProvider /** * Return a <code>SupplementProfile</code> with the given ID. - * + * * @param id The <code>SupplementProfile</code> ID. * @return The <code>SupplementProfile</code> with the given ID or - * <code>null</code>, if none exists. + * <code>null</code>, if none exists. */ public Element getSupplementProfile(String id) { return (Element) supplementProfiles.get(id); @@ -828,63 +809,64 @@ public class ConfigurationProvider /** * Return a <code>TrustProfile</code> with the given ID. - * + * * @param id The <code>TrustProfile</code> ID. - * @return The <code>TrustProfile</code> with the given ID or - * <code>null</code>, if none exists. + * @return The <code>TrustProfile</code> with the given ID or <code>null</code>, + * if none exists. */ public TrustProfile getTrustProfile(String id) { - if (MiscUtil.isNotEmpty(id)) { - id = id.trim().toLowerCase(); - return (TrustProfile) trustProfiles.get(id); - - } - - return null; + if (MiscUtil.isNotEmpty(id)) { + id = id.trim().toLowerCase(); + return (TrustProfile) trustProfiles.get(id); + + } + + return null; } - + /** * Returns a map of <code>TrustProfiles</code> + * * @return */ public Map getTrustProfiles() { - return trustProfiles; + return trustProfiles; } /** * Log a warning. - * - * @param messageId The message ID. + * + * @param messageId The message ID. * @param parameters Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private static void info(String messageId, Object[] parameters) { - MessageProvider msg = MessageProvider.getInstance(); + final MessageProvider msg = MessageProvider.getInstance(); Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); } - + /** * Log a debug message. - * - * @param messageId The message ID. + * + * @param messageId The message ID. * @param parameters Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private static void debug(String message) { Logger.debug(message); } - - /** + + /** * Log a warning. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void warn(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.warn(new LogMsg(txt)); warnings.add(txt); @@ -892,133 +874,126 @@ public class ConfigurationProvider /** * Log an error. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void error(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.warn(new LogMsg(txt)); // warnings.add(txt); } - + /** * Returns the JDBC URL for the revocation archive database. - * + * * @return the JDBC URL for the revocation archive database. */ - public String getRevocationArchiveJDBCURL() - { + public String getRevocationArchiveJDBCURL() { return revocationArchiveJDBCURL_; } /** * Returns the JDBC driver class name for the revocation archive database. - * + * * @return the JDBC driver class name for the revocation archive database. */ - public String getRevocationArchiveJDBCDriverClass() - { + public String getRevocationArchiveJDBCDriverClass() { return revocationArchiveJDBCDriverClass_; } /** * Returns whether revocation checking should be done. - * + * * @return whether revocation checking should be done. */ - public boolean getEnableRevocationChecking() - { + public boolean getEnableRevocationChecking() { return enableRevocationChecking_; } /** - * Returns the maximum age of a revocation information for considering it - * still as valid. - * - * @return the maximum age of a revocation information for considering it - * still as valid. + * Returns the maximum age of a revocation information for considering it still + * as valid. + * + * @return the maximum age of a revocation information for considering it still + * as valid. */ - public long getMaxRevocationAge() - { + public long getMaxRevocationAge() { return maxRevocationAge_; } /** * Returns the service order for revocation checking. - * + * * @return the service order for revocation checking. Valid array entries are - * {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. + * {@link RevocationSourceTypes#OCSP} and + * {@link RevocationSourceTypes#CRL}. */ - public String[] getServiceOrder() - { + public String[] getServiceOrder() { return serviceOrder_; } /** - * Returns whether certificates found during certificate path construction + * Returns whether certificates found during certificate path construction * should be added to the certificate store. - * - * @return whether certificates found during certificate path construction + * + * @return whether certificates found during certificate path construction * should be added to the certificate store. */ - public boolean getAutoAddCertificates() - { + public boolean getAutoAddCertificates() { return autoAddCertificates_; } /** - * Returns whether EE certificates found during certificate path construction + * Returns whether EE certificates found during certificate path construction * should be added to the certificate store. - * - * @return whether certificates found during certificate path construction + * + * @return whether certificates found during certificate path construction * should be added to the certificate store. */ - public boolean getAutoAddEECertificates() - { + public boolean getAutoAddEECertificates() { return autoAddEECertificates_; } - + /** - * Returns whether the certificate extension Authority Info Access should - * be used during certificate path construction. - * - * @return whether the certificate extension Authority Info Access should - * be used during certificate path construction. + * Returns whether the certificate extension Authority Info Access should be + * used during certificate path construction. + * + * @return whether the certificate extension Authority Info Access should be + * used during certificate path construction. */ - public boolean getUseAuthorityInfoAccess() - { + public boolean getUseAuthorityInfoAccess() { return useAuthorityInfoAccess_; } - + /** * Returns whether the file URIs are permitted or not + * * @return whether the file URIs are permitted or not */ - public boolean getPermitFileURIs() - { - return permitFileURIs; + public boolean getPermitFileURIs() { + return permitFileURIs; } - + /** * Returns the map of retention intervals + * * @return The map of retention intervals */ public Map getCrlRetentionIntervals() { - return crlRetentionIntervals; + return crlRetentionIntervals; } - + /** * Returns the global TSL configuration + * * @return The global TSL configuration */ public TSLConfiguration getTSLConfiguration() { - return tslconfiguration_; + return tslconfiguration_; } - - }
\ No newline at end of file |