diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config')
14 files changed, 1689 insertions, 1758 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java index b2389a4..bf11240 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java @@ -23,10 +23,6 @@ package at.gv.egovernment.moa.spss.server.config; -import iaik.asn1.structures.Name; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.utils.RFC2253NameParserException; - import java.util.HashMap; import java.util.Map; import java.util.StringTokenizer; @@ -34,144 +30,151 @@ import java.util.StringTokenizer; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; +import iaik.asn1.structures.Name; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.utils.RFC2253NameParserException; /** * A class representing a CRL distribution point. - * + * * @author Sven Aigner * @author Patrick Peck * @version $Id$ */ -public class CRLDistributionPoint extends DistributionPoint implements iaik.pki.revocation.CRLDistributionPoint { - - private static Map RC_MAPPING = new HashMap(); - - static { - - // create the mapping between reason code strings and their integer - // values - RC_MAPPING.put("unused", new Integer(iaik.asn1.structures.DistributionPoint.unused)); - RC_MAPPING.put("keyCompromise", new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise)); - RC_MAPPING.put("cACompromise", new Integer(iaik.asn1.structures.DistributionPoint.cACompromise)); - RC_MAPPING.put("affiliationChanged", new Integer(iaik.asn1.structures.DistributionPoint.affiliationChanged)); - RC_MAPPING.put("superseded", new Integer(iaik.asn1.structures.DistributionPoint.superseded)); - RC_MAPPING.put("cessationOfOperation", - new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation)); - RC_MAPPING.put("certificateHold", new Integer(iaik.asn1.structures.DistributionPoint.certificateHold)); - RC_MAPPING.put("privilegeWithdrawn", new Integer(iaik.asn1.structures.DistributionPoint.privilegeWithdrawn)); - RC_MAPPING.put("aACompromise", new Integer(iaik.asn1.structures.DistributionPoint.aACompromise)); - } - - /** - * The name of the CA issuing the CRL referred to by this DP. - */ - private String issuerName_; - - /** - * The reason codes applicable for the distribution point. - */ - private int reasonCodes; - - /** - * Create a <code>CRLDistributionPoint</code>. - * - * @param issuerName - * The name of the CA issuing the CRL referred to by this DP. - * - * @param uri - * The URI of the distribution point. - * - * @param reasonCodeStr - * A list of reason codes (a space-separated enumeration). - */ - public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) { - super(uri); - issuerName_ = issuerName; - this.reasonCodes = extractReasonCodes(reasonCodeStr); - } - - /** - * @see DistributionPoint#getType() - */ - public String getType() { - return RevocationSourceTypes.CRL; - } - - /** - * Convert a list of reason codes provided as a <code>String</code> to a - * binary representation. - * - * @param reasonCodeStr - * A <code>String</code> containing a blank-separated, textual - * representation of reason codes. - * @return int A binary representation of reason codes. - * @see iaik.asn1.structures.DistributionPoint - */ - private int extractReasonCodes(String reasonCodeStr) { - int codes = 0; - StringTokenizer tokenizer = new StringTokenizer(reasonCodeStr); - String token; - Integer reasonCode; - - while (tokenizer.hasMoreTokens()) { - token = tokenizer.nextToken(); - reasonCode = (Integer) RC_MAPPING.get(token); - if (reasonCode != null) { - codes |= reasonCode.intValue(); - } else { - MessageProvider msg = MessageProvider.getInstance(); - Logger.warn(new LogMsg(msg.getMessage("config.07", new Object[] { token }))); - } - } - - // If reasonCodeStr is empty, set all possible reason codes - if (codes == 0) - codes = iaik.asn1.structures.DistributionPoint.unused | iaik.asn1.structures.DistributionPoint.keyCompromise - | iaik.asn1.structures.DistributionPoint.cACompromise - | iaik.asn1.structures.DistributionPoint.affiliationChanged - | iaik.asn1.structures.DistributionPoint.superseded - | iaik.asn1.structures.DistributionPoint.cessationOfOperation - | iaik.asn1.structures.DistributionPoint.certificateHold - | iaik.asn1.structures.DistributionPoint.privilegeWithdrawn - | iaik.asn1.structures.DistributionPoint.aACompromise; - - return codes; - } - - /** - * Return a binary representation of the reason codes of this distribution - * point. - * - * @return The binary representation of the reason codes. - */ - public int getReasonCodes() { - return reasonCodes; - } - - /** - * Return a <code>String</code> representation of this distribution point. - * - * @return The <code>String</code> representation of this distribution - * point. - * @see java.lang.Object#toString() - */ - public String toString() { - return "(DistributionPoint - " + ("URI<" + getUri()) + ("> REASONCODES<" + getReasonCodes() + ">)"); - } - - /** - * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName() - */ - public String getIssuerName() { - return issuerName_; - } - - @Override - public Name getIssuerDN() { - try { - return new Name(this.issuerName_); - } catch (RFC2253NameParserException e) { - throw new RuntimeException(e); - } - } +public class CRLDistributionPoint extends DistributionPoint implements + iaik.pki.revocation.CRLDistributionPoint { + + private static Map RC_MAPPING = new HashMap(); + + static { + + // create the mapping between reason code strings and their integer + // values + RC_MAPPING.put("unused", new Integer(iaik.asn1.structures.DistributionPoint.unused)); + RC_MAPPING.put("keyCompromise", new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise)); + RC_MAPPING.put("cACompromise", new Integer(iaik.asn1.structures.DistributionPoint.cACompromise)); + RC_MAPPING.put("affiliationChanged", new Integer( + iaik.asn1.structures.DistributionPoint.affiliationChanged)); + RC_MAPPING.put("superseded", new Integer(iaik.asn1.structures.DistributionPoint.superseded)); + RC_MAPPING.put("cessationOfOperation", + new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation)); + RC_MAPPING.put("certificateHold", new Integer(iaik.asn1.structures.DistributionPoint.certificateHold)); + RC_MAPPING.put("privilegeWithdrawn", new Integer( + iaik.asn1.structures.DistributionPoint.privilegeWithdrawn)); + RC_MAPPING.put("aACompromise", new Integer(iaik.asn1.structures.DistributionPoint.aACompromise)); + } + + /** + * The name of the CA issuing the CRL referred to by this DP. + */ + private final String issuerName_; + + /** + * The reason codes applicable for the distribution point. + */ + private final int reasonCodes; + + /** + * Create a <code>CRLDistributionPoint</code>. + * + * @param issuerName The name of the CA issuing the CRL referred to by this + * DP. + * + * @param uri The URI of the distribution point. + * + * @param reasonCodeStr A list of reason codes (a space-separated enumeration). + */ + public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) { + super(uri); + issuerName_ = issuerName; + this.reasonCodes = extractReasonCodes(reasonCodeStr); + } + + /** + * @see DistributionPoint#getType() + */ + @Override + public String getType() { + return RevocationSourceTypes.CRL; + } + + /** + * Convert a list of reason codes provided as a <code>String</code> to a binary + * representation. + * + * @param reasonCodeStr A <code>String</code> containing a blank-separated, + * textual representation of reason codes. + * @return int A binary representation of reason codes. + * @see iaik.asn1.structures.DistributionPoint + */ + private int extractReasonCodes(String reasonCodeStr) { + int codes = 0; + final StringTokenizer tokenizer = new StringTokenizer(reasonCodeStr); + String token; + Integer reasonCode; + + while (tokenizer.hasMoreTokens()) { + token = tokenizer.nextToken(); + reasonCode = (Integer) RC_MAPPING.get(token); + if (reasonCode != null) { + codes |= reasonCode.intValue(); + } else { + final MessageProvider msg = MessageProvider.getInstance(); + Logger.warn(new LogMsg(msg.getMessage("config.07", new Object[] { token }))); + } + } + + // If reasonCodeStr is empty, set all possible reason codes + if (codes == 0) { + codes = iaik.asn1.structures.DistributionPoint.unused + | iaik.asn1.structures.DistributionPoint.keyCompromise + | iaik.asn1.structures.DistributionPoint.cACompromise + | iaik.asn1.structures.DistributionPoint.affiliationChanged + | iaik.asn1.structures.DistributionPoint.superseded + | iaik.asn1.structures.DistributionPoint.cessationOfOperation + | iaik.asn1.structures.DistributionPoint.certificateHold + | iaik.asn1.structures.DistributionPoint.privilegeWithdrawn + | iaik.asn1.structures.DistributionPoint.aACompromise; + } + + return codes; + } + + /** + * Return a binary representation of the reason codes of this distribution + * point. + * + * @return The binary representation of the reason codes. + */ + @Override + public int getReasonCodes() { + return reasonCodes; + } + + /** + * Return a <code>String</code> representation of this distribution point. + * + * @return The <code>String</code> representation of this distribution point. + * @see java.lang.Object#toString() + */ + @Override + public String toString() { + return "(DistributionPoint - " + "URI<" + getUri() + "> REASONCODES<" + getReasonCodes() + ">)"; + } + + /** + * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName() + */ + public String getIssuerName() { + return issuerName_; + } + + @Override + public Name getIssuerDN() { + try { + return new Name(this.issuerName_); + } catch (final RFC2253NameParserException e) { + throw new RuntimeException(e); + } + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java index 6546e88..13f1de9 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationException.java @@ -21,27 +21,26 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; import at.gv.egovernment.moa.spss.MOASystemException; /** * Exception signalling an error in the configuration. - * + * * @author Patrick Peck * @version $Id$ */ public class ConfigurationException extends MOASystemException { /** - * - */ - private static final long serialVersionUID = -1934466124930228755L; + * + */ + private static final long serialVersionUID = -1934466124930228755L; -/** + /** * Create a <code>ConfigurationException</code>. - * + * * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[]) */ public ConfigurationException(String messageId, Object[] parameters) { @@ -50,12 +49,14 @@ public class ConfigurationException extends MOASystemException { /** * Create a <code>ConfigurationException</code>. - * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[], Throwable) + * + * @see at.gv.egovernment.moa.spss.MOAException#MOAException(String, Object[], + * Throwable) */ public ConfigurationException( - String messageId, - Object[] parameters, - Throwable wrapped) { + String messageId, + Object[] parameters, + Throwable wrapped) { super(messageId, parameters, wrapped); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 15e44eb..8fe31c5 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -20,22 +20,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; -import iaik.asn1.structures.Name; -//import iaik.ixsil.exceptions.URIException; -//import iaik.ixsil.util.URI; -import iaik.pki.pathvalidation.ChainingModes; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.server.modules.xml.BlackListEntry; -import iaik.server.modules.xml.ExternalReferenceChecker; -import iaik.server.modules.xml.WhiteListEntry; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; -import iaik.xml.crypto.utils.URI; -import iaik.xml.crypto.utils.URIException; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -70,14 +56,25 @@ import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.Constants; import at.gv.egovernment.moaspss.util.DOMUtils; -import at.gv.egovernment.moaspss.util.FileUtils; import at.gv.egovernment.moaspss.util.MiscUtil; import at.gv.egovernment.moaspss.util.StringUtils; import at.gv.egovernment.moaspss.util.XPathUtils; +import iaik.asn1.structures.Name; +//import iaik.ixsil.exceptions.URIException; +//import iaik.ixsil.util.URI; +import iaik.pki.pathvalidation.ChainingModes; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.server.modules.xml.BlackListEntry; +import iaik.server.modules.xml.ExternalReferenceChecker; +import iaik.server.modules.xml.WhiteListEntry; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; +import iaik.xml.crypto.utils.URI; +import iaik.xml.crypto.utils.URIException; /** * A class that builds configuration data from a DOM based representation. - * + * * @author Patrick Peck * @version $Id$ */ @@ -102,264 +99,274 @@ public class ConfigurationPartsBuilder { // private static final String ROOT = "/" + CONF + "MOAConfiguration/"; - + private static final String PDFAS_CONFIGURATION_XPATH = - ROOT + CONF + "Common/" + CONF + "PDFASConfig"; - + ROOT + CONF + "Common/" + CONF + "PDFASConfig"; + private static final String FORMRESULT_CONFIGURATION_XPATH = - ROOT + CONF + "Common/" + CONF + "AdESFormResult"; - + ROOT + CONF + "Common/" + CONF + "AdESFormResult"; + private static final String DIGEST_METHOD_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "XMLDSig/" - + CONF + "DigestMethodAlgorithm"; + ROOT + CONF + "SignatureCreation/" + + CONF + "XMLDSig/" + + CONF + "DigestMethodAlgorithm"; private static final String XADES_VERSION_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "XAdES/" - + CONF + "Version"; + ROOT + CONF + "SignatureCreation/" + + CONF + "XAdES/" + + CONF + "Version"; private static final String C14N_ALGORITHM_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "XMLDSig/" - + CONF + "CanonicalizationAlgorithm"; + ROOT + CONF + "SignatureCreation/" + + CONF + "XMLDSig/" + + CONF + "CanonicalizationAlgorithm"; private static final String HARDWARE_CRYPTO_MODULE_XPATH = - ROOT + CONF + "Common/" - + CONF + "HardwareCryptoModule"; + ROOT + CONF + "Common/" + + CONF + "HardwareCryptoModule"; private static final String PERMIT_EXTERNAL_URIS_XPATH = - ROOT + CONF + "Common/" - + CONF + "PermitExternalUris"; + ROOT + CONF + "Common/" + + CONF + "PermitExternalUris"; private static final String BLACK_LIST_URIS_XPATH = - ROOT + CONF + "Common/" - + CONF + "PermitExternalUris/" - + CONF + "BlackListUri"; + ROOT + CONF + "Common/" + + CONF + "PermitExternalUris/" + + CONF + "BlackListUri"; private static final String FORBID_EXTERNAL_URIS_XPATH = - ROOT + CONF + "Common/" - + CONF + "ForbidExternalUris"; + ROOT + CONF + "Common/" + + CONF + "ForbidExternalUris"; private static final String WHITE_LIST_URIS_XPATH = - ROOT + CONF + "Common/" - + CONF + "ForbidExternalUris/" - + CONF + "WhiteListUri"; - + ROOT + CONF + "Common/" + + CONF + "ForbidExternalUris/" + + CONF + "WhiteListUri"; + private static final String HARDWARE_KEY_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyModules/" - + CONF + "HardwareKeyModule"; + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyModules/" + + CONF + "HardwareKeyModule"; private static final String SOFTWARE_KEY_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyModules/" - + CONF + "SoftwareKeyModule"; - private static final String KEYGROUP_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyGroup"; + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyModules/" + + CONF + "SoftwareKeyModule"; + private static final String KEYGROUP_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyGroup"; private static final String KEYGROUP_MAPPING_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "KeyGroupMapping"; - private static final String ISSUER_XPATH = - DSIG + "X509IssuerName"; - private static final String SERIAL_XPATH = - DSIG + "X509SerialNumber"; + ROOT + CONF + "SignatureCreation/" + + CONF + "KeyGroupMapping"; + private static final String ISSUER_XPATH = + DSIG + "X509IssuerName"; + private static final String SERIAL_XPATH = + DSIG + "X509SerialNumber"; private static final String CERTSTORE_LOCATION_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "CertificateStore/" - + CONF + "DirectoryStore/" - + CONF + "Location"; - private static final String AUTO_ADD_CERTIFICATES_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "AutoAddCertificates"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "CertificateStore/" + + CONF + "DirectoryStore/" + + CONF + "Location"; + private static final String AUTO_ADD_CERTIFICATES_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "AutoAddCertificates"; + + private static final String AUTO_ADD_EE_CERTIFICATES_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "AutoAddEECertificates"; + private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathConstruction/" - + CONF + "UseAuthorityInformationAccess"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "UseAuthorityInformationAccess"; private static final String CHAINING_MODES_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathValidation/" - + CONF + "ChainingMode"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathValidation/" + + CONF + "ChainingMode"; private static final String CHAINING_MODES_DEFAULT_XPATH = - CHAINING_MODES_XPATH + "/" - + CONF + "DefaultMode"; + CHAINING_MODES_XPATH + "/" + + CONF + "DefaultMode"; private static final String TRUST_ANCHOR_XPATH = - CHAINING_MODES_XPATH + "/" - + CONF + "TrustAnchor"; + CHAINING_MODES_XPATH + "/" + + CONF + "TrustAnchor"; private static final String TRUST_PROFILE_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "PathValidation/" - + CONF + "TrustProfile"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathValidation/" + + CONF + "TrustProfile"; private static final String DISTRIBUTION_POINTS_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "DistributionPoint"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "DistributionPoint"; private static final String CRL_RETENTION_INTERVALS_CA_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "CrlRetentionIntervals/" - + CONF + "CA"; - private static final String ENABLE_REVOCATION_CHECKING_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "EnableChecking"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "CrlRetentionIntervals/" + + CONF + "CA"; + private static final String ENABLE_REVOCATION_CHECKING_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "EnableChecking"; private static final String MAX_REVOCATION_AGE_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "MaxRevocationAge"; - private static final String REVOCATION_SERVICEORDER_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "ServiceOrder/" - + CONF + "Service"; - private static final String ENABLE_ARCHIVING_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "EnableArchiving"; - private static final String CRL_ARCHIVE_DURATION_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "ArchiveDuration"; - private static final String ACHIVE_JDBC_URL_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "Archive/" - + CONF + "DatabaseArchive/" - + CONF + "JDBCURL"; - private static final String ACHIVE_JDBC_DRIVER_CLASS_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "RevocationChecking/" - + CONF + "Archiving/" - + CONF + "Archive/" - + CONF + "DatabaseArchive/" - + CONF + "JDBCDriverClassName"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "MaxRevocationAge"; + private static final String REVOCATION_SERVICEORDER_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "ServiceOrder/" + + CONF + "Service"; + private static final String ENABLE_ARCHIVING_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "EnableArchiving"; + private static final String CRL_ARCHIVE_DURATION_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "ArchiveDuration"; + private static final String ACHIVE_JDBC_URL_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "Archive/" + + CONF + "DatabaseArchive/" + + CONF + "JDBCURL"; + private static final String ACHIVE_JDBC_DRIVER_CLASS_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "RevocationChecking/" + + CONF + "Archiving/" + + CONF + "Archive/" + + CONF + "DatabaseArchive/" + + CONF + "JDBCDriverClassName"; private static final String CREATE_TRANSFORMS_INFO_PROFILE_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "CreateTransformsInfoProfile"; + ROOT + CONF + "SignatureCreation/" + + CONF + "CreateTransformsInfoProfile"; private static final String CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH = - ROOT + CONF + "SignatureCreation/" - + CONF + "CreateSignatureEnvironmentProfile"; + ROOT + CONF + "SignatureCreation/" + + CONF + "CreateSignatureEnvironmentProfile"; private static final String VERIFY_TRANSFORMS_INFO_PROFILE_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "VerifyTransformsInfoProfile"; + ROOT + CONF + "SignatureVerification/" + + CONF + "VerifyTransformsInfoProfile"; private static final String SUPPLEMENT_PROFILE_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "SupplementProfile"; + ROOT + CONF + "SignatureVerification/" + + CONF + "SupplementProfile"; private static final String PERMIT_FILE_URIS_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "PermitFileURIs"; - + ROOT + CONF + "SignatureVerification/" + + CONF + "PermitFileURIs"; + private static final String CONNECTION_TIMEOUT_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "ConnectionTimeout"; - + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "ConnectionTimeout"; + private static final String READ_TIMEOUT_XPATH_ = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "ReadTimeout"; - - private static final String TSL_CONFIGURATION_XPATH = - ROOT + CONF + "SignatureVerification/" - + CONF + "CertificateValidation/" - + CONF + "TSLConfiguration/"; + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "ReadTimeout"; + + private static final String TSL_CONFIGURATION_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "TSLConfiguration/"; // - // default values for configuration parameters + // default values for configuration parameters // /** The accepted canonicalization algorithm URIs, as an array */ private static final String[] ACCEPTED_C14N_ALGORITHMS_ARRAY = - { - Constants.C14N_URI, - Constants.C14N_WITH_COMMENTS_URI, - Constants.EXC_C14N_URI, - Constants.EXC_C14N_WITH_COMMENTS_URI }; + { + Constants.C14N_URI, + Constants.C14N_WITH_COMMENTS_URI, + Constants.EXC_C14N_URI, + Constants.EXC_C14N_WITH_COMMENTS_URI }; /** The accepted canonicalization algorithm URIs, as a Set */ private static final Set ACCEPTED_C14N_ALGORITHMS = - new HashSet(Arrays.asList(ACCEPTED_C14N_ALGORITHMS_ARRAY)); + new HashSet(Arrays.asList(ACCEPTED_C14N_ALGORITHMS_ARRAY)); /** Default canonicalization algorithm, if none/illegal has been configured */ private static final String C14N_ALGORITHM_DEFAULT = Constants.C14N_URI; /** The accepted digest method algorithm URIs, as an array */ private static final String[] ACCEPTED_DIGEST_ALGORITHMS_ARRAY = - { Constants.SHA1_URI, - Constants.SHA256_URI, - Constants.SHA384_URI, - Constants.SHA512_URI}; + { Constants.SHA1_URI, + Constants.SHA256_URI, + Constants.SHA384_URI, + Constants.SHA512_URI }; /** The accepted digest method algorithm URIs, as a Set */ private static final Set ACCEPTED_DIGEST_ALGORITHMS = - new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY)); - - - /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.1.1) */ + new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY)); + + /** + * Default digest algorithm URI, if none/illegal has been configured (for XAdES + * 1.1.1) + */ private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 = Constants.SHA1_URI; - - /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.4.2) */ + + /** + * Default digest algorithm URI, if none/illegal has been configured (for XAdES + * 1.4.2) + */ private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 = Constants.SHA256_URI; - + /** The root element of the MOA configuration */ - private Element configElem; - + private final Element configElem; + /** * The directory containing the underlying configuration file. */ - private File configRoot_; + private final File configRoot_; /** Whether any warnings were encountered building the configuration. */ - private List warnings = new ArrayList(); + private final List warnings = new ArrayList(); /** * Create a new <code>ConfigurationPartsBuilder</code>. - * + * * @param configElem The root element of the MOA configuration. - * + * * @param configRoot The directory containing the underlying configuration file. */ - public ConfigurationPartsBuilder(Element configElem, File configRoot) - { + public ConfigurationPartsBuilder(Element configElem, File configRoot) { this.configElem = configElem; configRoot_ = configRoot; } /** - * Returns the root element of the MOA configuration. - * + * Returns the root element of the MOA configuration. + * * @return The root element of the MOA configuration. */ public Element getConfigElem() { return configElem; } - - /** + + /** * Returns the directory containing the underlying configuration file. - * + * * @return the directory containing the underlying configuration file. */ - public File getConfigRoot() - { + public File getConfigRoot() { return configRoot_; } /** * Returns the warnings encountered during building the configuration. - * - * @return A <code>List</code> of <code>String</code>s, containing the - * warning messages. + * + * @return A <code>List</code> of <code>String</code>s, containing the warning + * messages. */ public List getWarnings() { return warnings; @@ -367,129 +374,115 @@ public class ConfigurationPartsBuilder { /** * Returns the digest method algorithm name. - * + * * @return The digest method algorithm name from the configuration. */ - public String getDigestMethodAlgorithmName() - { + public String getDigestMethodAlgorithmName() { String digestMethod = getElementValue(getConfigElem(), DIGEST_METHOD_XPATH, null); - - if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) - { - String xadesVersion = this.getXAdESVersion(); - if (xadesVersion == null) { - info( - "config.23", - new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 }); - digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1; - } - else { - info( - "config.23", - new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 }); - digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2; - } - - + + if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) { + final String xadesVersion = this.getXAdESVersion(); + if (xadesVersion == null) { + info( + "config.23", + new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 }); + digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1; + } else { + info( + "config.23", + new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 }); + digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2; + } + } return digestMethod; } - + /** * Returns the digest method algorithm name. - * + * * @return The digest method algorithm name from the configuration. */ - public String getXAdESVersion() - { - String xadesVersion = getElementValue(getConfigElem(), XADES_VERSION_XPATH, null); - + public String getXAdESVersion() { + final String xadesVersion = getElementValue(getConfigElem(), XADES_VERSION_XPATH, null); + return xadesVersion; } - + /** * Returns the digest method algorithm name. - * + * * @return The digest method algorithm name from the configuration. */ - public String getPDFASConfiguration() - { - String pdfasConfiguration = getElementValue(getConfigElem(), PDFAS_CONFIGURATION_XPATH, null); - + public String getPDFASConfiguration() { + final String pdfasConfiguration = getElementValue(getConfigElem(), PDFAS_CONFIGURATION_XPATH, null); + return pdfasConfiguration; } - + /** * Get the connection timeout to set-up a network connection * * @return timeout in milliseconds [ms] */ - public int getConnectionTimeout() - { - String connectionTimeout = getElementValue(getConfigElem(), CONNECTION_TIMEOUT_XPATH_, "30"); + public int getConnectionTimeout() { + final String connectionTimeout = getElementValue(getConfigElem(), CONNECTION_TIMEOUT_XPATH_, "30"); int defaultConnectionTimeout = 30; - - if(connectionTimeout != null) { - try { - defaultConnectionTimeout = Integer.parseInt(connectionTimeout); - } catch(NumberFormatException e) { - Logger.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); - } + + if (connectionTimeout != null) { + try { + defaultConnectionTimeout = Integer.parseInt(connectionTimeout); + } catch (final NumberFormatException e) { + Logger.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + + " should be a number defaulting to 30"); + } } - - if(defaultConnectionTimeout < 0) { - defaultConnectionTimeout = 30; + + if (defaultConnectionTimeout < 0) { + defaultConnectionTimeout = 30; } - + return defaultConnectionTimeout * 1000; } - /** - * Get the timeout to receive data from a network connection that is already open - * - * @return timeout in milliseconds [ms] - */ - public int getReadTimeout() - { - String connectionTimeout = getElementValue(getConfigElem(), READ_TIMEOUT_XPATH_, "30"); + public int getReadTimeout() { + final String connectionTimeout = getElementValue(getConfigElem(), READ_TIMEOUT_XPATH_, "30"); + int defaultConnectionTimeout = 30; - - if(connectionTimeout != null) { - try { - defaultConnectionTimeout = Integer.parseInt(connectionTimeout); - } catch(NumberFormatException e) { - Logger.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); - } + + if (connectionTimeout != null) { + try { + defaultConnectionTimeout = Integer.parseInt(connectionTimeout); + } catch (final NumberFormatException e) { + Logger.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); + } } - - if(defaultConnectionTimeout < 0) { - defaultConnectionTimeout = 30; + + if (defaultConnectionTimeout < 0) { + defaultConnectionTimeout = 30; } - + return defaultConnectionTimeout * 1000; } - - public boolean getAdesFormResult() - { - String enableArchiving = getElementValue(getConfigElem(), FORMRESULT_CONFIGURATION_XPATH, null); - return Boolean.valueOf(enableArchiving).booleanValue(); + + public boolean getAdesFormResult() { + final String enableArchiving = getElementValue(getConfigElem(), FORMRESULT_CONFIGURATION_XPATH, null); + return Boolean.valueOf(enableArchiving).booleanValue(); } - + /** * Returns the canonicalization algorithm name. - * + * * @return The canonicalization algorithm name from the configuration. */ - public String getCanonicalizationAlgorithmName() - { + public String getCanonicalizationAlgorithmName() { String c14nAlgorithm = getElementValue(getConfigElem(), C14N_ALGORITHM_XPATH, null); - if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) - { + if (c14nAlgorithm == null || !ACCEPTED_C14N_ALGORITHMS.contains(c14nAlgorithm)) { info( - "config.23", - new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT }); + "config.23", + new Object[] { "CanonicalizationAlgorithm", C14N_ALGORITHM_DEFAULT }); c14nAlgorithm = C14N_ALGORITHM_DEFAULT; } @@ -498,189 +491,172 @@ public class ConfigurationPartsBuilder { /** * Build the configured hardware crypto modules. - * + * * @return The hardware crypto modules from the configuration. */ - public List buildHardwareCryptoModules() - { - List modules = new ArrayList(); - NodeIterator modIter = XPathUtils.selectNodeIterator( - getConfigElem(), - HARDWARE_CRYPTO_MODULE_XPATH); + public List buildHardwareCryptoModules() { + final List modules = new ArrayList(); + final NodeIterator modIter = XPathUtils.selectNodeIterator( + getConfigElem(), + HARDWARE_CRYPTO_MODULE_XPATH); Element modElem; while ((modElem = (Element) modIter.nextNode()) != null) { - String name = getElementValue(modElem, CONF + "Name", null); - String slotId = getElementValue(modElem, CONF + "SlotId", null); - String userPIN = getElementValue(modElem, CONF + "UserPIN", null); - HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN); + final String name = getElementValue(modElem, CONF + "Name", null); + final String slotId = getElementValue(modElem, CONF + "SlotId", null); + final String userPIN = getElementValue(modElem, CONF + "UserPIN", null); + final HardwareCryptoModule module = new HardwareCryptoModule(name, slotId, userPIN); modules.add(module); } return modules; } - + /** - * + * * @return */ public boolean allowExternalUris() { - Element permitExtUris = (Element)XPathUtils.selectSingleNode(getConfigElem(), PERMIT_EXTERNAL_URIS_XPATH); - - // if PermitExternalUris element does not exist - don't allow external uris - if (permitExtUris == null) { - // set permitExtUris for iaik-moa - ExternalReferenceChecker.setPermitExternalURLs(false); - return false; - } - else { - // set permitExtUris for iaik-moa - ExternalReferenceChecker.setPermitExternalURLs(true); - return true; - } + final Element permitExtUris = (Element) XPathUtils.selectSingleNode(getConfigElem(), + PERMIT_EXTERNAL_URIS_XPATH); + + // if PermitExternalUris element does not exist - don't allow external uris + if (permitExtUris == null) { + // set permitExtUris for iaik-moa + ExternalReferenceChecker.setPermitExternalURLs(false); + return false; + } else { + // set permitExtUris for iaik-moa + ExternalReferenceChecker.setPermitExternalURLs(true); + return true; + } } - - + /** - * + * * @return */ public List buildPermitExternalUris() { - - info("config.33", null); - - List blacklist = new ArrayList(); - List blackListIaikMoa = new ArrayList(); - - NodeIterator permitExtIter = XPathUtils.selectNodeIterator( - getConfigElem(), - BLACK_LIST_URIS_XPATH); - - Element permitExtElem = null; - while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) { - String host = getElementValue(permitExtElem, CONF + "IP", null); - String port = getElementValue(permitExtElem, CONF + "Port", null); - - BlackListEntry entry =null; - if (port == null) { - entry = new BlackListEntry(host, -1); - info("config.34", new Object[]{host}); - } - else { - entry = new BlackListEntry(host, new Integer(port).intValue()); - info("config.34", new Object[]{host + ":" + port}); - } - - // add entry to iaik-moa blacklist - blackListIaikMoa.add(entry); - - - String array[] = new String[2]; - array[0] = host; - array[1] = port; - blacklist.add(array); - - } - - - // set blacklist for iaik-moa - ExternalReferenceChecker.setBlacklist(blackListIaikMoa); - - - if(blacklist.isEmpty()) // no blacklisted uris given - info("config.36", null); - - - return blacklist; + + info("config.33", null); + + final List blacklist = new ArrayList(); + final List blackListIaikMoa = new ArrayList(); + + final NodeIterator permitExtIter = XPathUtils.selectNodeIterator( + getConfigElem(), + BLACK_LIST_URIS_XPATH); + + Element permitExtElem = null; + while ((permitExtElem = (Element) permitExtIter.nextNode()) != null) { + final String host = getElementValue(permitExtElem, CONF + "IP", null); + final String port = getElementValue(permitExtElem, CONF + "Port", null); + + BlackListEntry entry = null; + if (port == null) { + entry = new BlackListEntry(host, -1); + info("config.34", new Object[] { host }); + } else { + entry = new BlackListEntry(host, new Integer(port).intValue()); + info("config.34", new Object[] { host + ":" + port }); + } + + // add entry to iaik-moa blacklist + blackListIaikMoa.add(entry); + + final String array[] = new String[2]; + array[0] = host; + array[1] = port; + blacklist.add(array); + + } + + // set blacklist for iaik-moa + ExternalReferenceChecker.setBlacklist(blackListIaikMoa); + + if (blacklist.isEmpty()) { + info("config.36", null); + } + + return blacklist; } - + /** - * + * * @return */ public List buildForbidExternalUris() { - - //info("config.47", null); - - List whitelist = new ArrayList(); - List whiteListIaikMoa = new ArrayList(); - - NodeIterator forbidExtIter = XPathUtils.selectNodeIterator( - getConfigElem(), - WHITE_LIST_URIS_XPATH); - - Element permitExtElem = null; - while ((permitExtElem = (Element) forbidExtIter.nextNode()) != null) { - String host = getElementValue(permitExtElem, CONF + "IP", null); - String port = getElementValue(permitExtElem, CONF + "Port", null); - - // WhiteListeEntry - WhiteListEntry entry =null; - if (port == null) { - entry = new WhiteListEntry(host, -1); - info("config.49", new Object[]{host}); + + // info("config.47", null); + + final List whitelist = new ArrayList(); + final List whiteListIaikMoa = new ArrayList(); + + final NodeIterator forbidExtIter = XPathUtils.selectNodeIterator( + getConfigElem(), + WHITE_LIST_URIS_XPATH); + + Element permitExtElem = null; + while ((permitExtElem = (Element) forbidExtIter.nextNode()) != null) { + final String host = getElementValue(permitExtElem, CONF + "IP", null); + final String port = getElementValue(permitExtElem, CONF + "Port", null); + + // WhiteListeEntry + WhiteListEntry entry = null; + if (port == null) { + entry = new WhiteListEntry(host, -1); + info("config.49", new Object[] { host }); + } else { + entry = new WhiteListEntry(host, new Integer(port).intValue()); + info("config.49", new Object[] { host + ":" + port }); } - else { - entry = new WhiteListEntry(host, new Integer(port).intValue()); - info("config.49", new Object[]{host + ":" + port}); - } - - // add entry to iaik-moa whitelist - whiteListIaikMoa.add(entry); - - - String array[] = new String[2]; - array[0] = host; - array[1] = port; - whitelist.add(array); - - } - - - // set whitelist for iaik-moa - ExternalReferenceChecker.setWhitelist(whiteListIaikMoa); - - - if(whitelist.isEmpty()) // no whitelisted uris given - info("config.48", null); - - - return whitelist; + + // add entry to iaik-moa whitelist + whiteListIaikMoa.add(entry); + + final String array[] = new String[2]; + array[0] = host; + array[1] = port; + whitelist.add(array); + + } + + // set whitelist for iaik-moa + ExternalReferenceChecker.setWhitelist(whiteListIaikMoa); + + if (whitelist.isEmpty()) { + info("config.48", null); + } + + return whitelist; } - - /** - * Build the configured hardware keys. - * - * @param keyModules The keyModules that the configuration already knows about. To - * prevent multiple key modules with the same ID. + * Build the configured hardware keys. + * + * @param keyModules The keyModules that the configuration already knows about. + * To prevent multiple key modules with the same ID. * @return The hardware keys contained in the configuration. */ - public List buildHardwareKeyModules(List keyModules) - { - Set existingIds = toIdSet(keyModules); - List hardwareKeys = new ArrayList(); - NodeIterator hkIter = - XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH); + public List buildHardwareKeyModules(List keyModules) { + final Set existingIds = toIdSet(keyModules); + final List hardwareKeys = new ArrayList(); + final NodeIterator hkIter = + XPathUtils.selectNodeIterator(getConfigElem(), HARDWARE_KEY_XPATH); Element keyElem; - while ((keyElem = (Element) hkIter.nextNode()) != null) - { - String id = getElementValue(keyElem, CONF + "Id", null); - String name = getElementValue(keyElem, CONF + "Name", null); - String slotId = getElementValue(keyElem, CONF + "SlotId", null); - String userPIN = getElementValue(keyElem, CONF + "UserPIN", null); + while ((keyElem = (Element) hkIter.nextNode()) != null) { + final String id = getElementValue(keyElem, CONF + "Id", null); + final String name = getElementValue(keyElem, CONF + "Name", null); + final String slotId = getElementValue(keyElem, CONF + "SlotId", null); + final String userPIN = getElementValue(keyElem, CONF + "UserPIN", null); - if (existingIds.contains(id)) - { + if (existingIds.contains(id)) { warn( - "config.04", - new Object[] { "Hardware- oder SoftwareKeyModule", id }); - } - else - { - KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN); + "config.04", + new Object[] { "Hardware- oder SoftwareKeyModule", id }); + } else { + final KeyModule key = new HardwareKeyModule(id, name, slotId, userPIN); hardwareKeys.add(key); existingIds.add(id); } @@ -692,34 +668,29 @@ public class ConfigurationPartsBuilder { /** * Build the configured software keys. - * - * @param keyModules The keyModules that the configuration already knows about. To - * prevent multiple key modules with the same ID. + * + * @param keyModules The keyModules that the configuration already knows about. + * To prevent multiple key modules with the same ID. * * @return The software keys contained in the configuration. */ - public List buildSoftwareKeyModules(List keyModules) - { - Set existingIds = toIdSet(keyModules); - List softwareKeys = new ArrayList(); - NodeIterator skIter = - XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH); + public List buildSoftwareKeyModules(List keyModules) { + final Set existingIds = toIdSet(keyModules); + final List softwareKeys = new ArrayList(); + final NodeIterator skIter = + XPathUtils.selectNodeIterator(getConfigElem(), SOFTWARE_KEY_XPATH); Element keyElem; - while ((keyElem = (Element) skIter.nextNode()) != null) - { - String id = getElementValue(keyElem, CONF + "Id", null); - String fileName = getElementValue(keyElem, CONF + "FileName", null); - String passWord = getElementValue(keyElem, CONF + "Password", null); + while ((keyElem = (Element) skIter.nextNode()) != null) { + final String id = getElementValue(keyElem, CONF + "Id", null); + final String fileName = getElementValue(keyElem, CONF + "FileName", null); + final String passWord = getElementValue(keyElem, CONF + "Password", null); - if (existingIds.contains(id)) - { + if (existingIds.contains(id)) { warn( - "config.04", - new Object[] { "Hardware- oder SoftwareKeyModule", id }); - } - else - { + "config.04", + new Object[] { "Hardware- oder SoftwareKeyModule", id }); + } else { File keyFile; KeyModule key; @@ -731,7 +702,7 @@ public class ConfigurationPartsBuilder { // check for existence if (!keyFile.exists() || keyFile.isDirectory()) { - warn("config.25", new Object[] { id, keyFile.getAbsolutePath()}); + warn("config.25", new Object[] { id, keyFile.getAbsolutePath() }); } else { // create a new key module key = new SoftwareKeyModule(id, keyFile.getAbsolutePath(), passWord); @@ -746,39 +717,36 @@ public class ConfigurationPartsBuilder { /** * Build the key group configuration. - * - * @param keyModules The <code>KeyModule</code>s that the configuration - * knows about. Used to check for errors in the configuration. + * + * @param keyModules The <code>KeyModule</code>s that the configuration knows + * about. Used to check for errors in the configuration. * @return The mapping between key group IDs and key groups. */ - public Map buildKeyGroups(List keyModules) - { - Set keyModuleIds = toIdSet(keyModules); - Map keyGroups = new HashMap(); + public Map buildKeyGroups(List keyModules) { + final Set keyModuleIds = toIdSet(keyModules); + final Map keyGroups = new HashMap(); NodeIterator kgIter; Element keyGroupElem; // select all KeyGroup elements and build the KeyGroup objects from them kgIter = XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_XPATH); - while ((keyGroupElem = (Element) kgIter.nextNode()) != null) - { + while ((keyGroupElem = (Element) kgIter.nextNode()) != null) { String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null); - //switch all keyGroupIds to lower case, only - if (MiscUtil.isNotEmpty(keyGroupId)) - keyGroupId = keyGroupId.trim().toLowerCase(); - - String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null); - Set keyGroupEntries = - buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); - KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm); + // switch all keyGroupIds to lower case, only + if (MiscUtil.isNotEmpty(keyGroupId)) { + keyGroupId = keyGroupId.trim().toLowerCase(); + } - if (keyGroups.containsKey(keyGroupId)) - { + final String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + + "DigestMethodAlgorithm", null); + final Set keyGroupEntries = + buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); + final KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm); + + if (keyGroups.containsKey(keyGroupId)) { warn("config.04", new Object[] { "KeyGroup", keyGroupId }); - } - else - { + } else { keyGroups.put(keyGroup.getId(), keyGroup); } } @@ -788,17 +756,16 @@ public class ConfigurationPartsBuilder { /** * Return the set of IDs contained in the given <code>KeyModule</code>s. - * - * @param keyModules The <code>KeyModule</code>s from which to extract the - * IDs. + * + * @param keyModules The <code>KeyModule</code>s from which to extract the IDs. * @return The IDs from the given <code>KeyModule</code>s. */ private Set toIdSet(List keyModules) { - Set ids = new HashSet(); + final Set ids = new HashSet(); Iterator iter; for (iter = keyModules.iterator(); iter.hasNext();) { - KeyModule keyModule = (KeyModule) iter.next(); + final KeyModule keyModule = (KeyModule) iter.next(); ids.add(keyModule.getId()); } @@ -807,35 +774,36 @@ public class ConfigurationPartsBuilder { /** * Build the key entries belonging to a key group. - * - * @param keyGroupId The ID of the key group we are building here. Passed - * for logging purposes. + * + * @param keyGroupId The ID of the key group we are building here. Passed for + * logging purposes. * @param keyModuleIds The IDs of the <code>HardwareKeyModule</code>s and - * <code>SoftwareKeyModule</code>s that exist in the configuration. + * <code>SoftwareKeyModule</code>s that exist in the + * configuration. * @param keyGroupElem The <code>KeyGroup</code> DOM element to parse. * @return A <code>Set</code> of <code>KeyGroupEntry</code> objects. */ private Set buildKeyGroupEntries( - String keyGroupId, - Set keyModuleIds, - Element keyGroupElem) { + String keyGroupId, + Set keyModuleIds, + Element keyGroupElem) { - Set entries = new HashSet(); + final Set entries = new HashSet(); NodeIterator keyEntryIter; Element keyEntryElem; // select all Key elements and put them into the Map keyEntryIter = XPathUtils.selectNodeIterator(keyGroupElem, CONF + "Key"); - while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) - { - String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", ""); - Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + "KeyCertIssuerSerial"); - IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem); + while ((keyEntryElem = (Element) keyEntryIter.nextNode()) != null) { + final String keyModuleId = getElementValue(keyEntryElem, CONF + "KeyModuleId", ""); + final Element keyCertElem = (Element) XPathUtils.selectSingleNode(keyEntryElem, CONF + + "KeyCertIssuerSerial"); + final IssuerAndSerial issuerSerial = buildIssuerAndSerial(keyCertElem); if (!keyModuleIds.contains(keyModuleId)) { warn("config.26", new Object[] { keyGroupId, keyModuleId }); } else if (issuerSerial != null) { - KeyGroupEntry entry = new KeyGroupEntry(keyModuleId, issuerSerial); + final KeyGroupEntry entry = new KeyGroupEntry(keyModuleId, issuerSerial); entries.add(entry); } } @@ -844,34 +812,31 @@ public class ConfigurationPartsBuilder { /** * Build the key group mapping. - * + * * @param keyGroups The available key groups. * @param anonymous The <code>IssuerAndSerial</code> to be used for key group - * mappings not protected by a certificate. + * mappings not protected by a certificate. * @return The key group mapping. */ public Map buildKeyGroupMappings(Map keyGroups, IssuerAndSerial anonymous) { - Map mappings = new HashMap(); + final Map mappings = new HashMap(); NodeIterator mappingIter; Element mappingElem; // select all KeyGroupMapping elements mappingIter = - XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH); + XPathUtils.selectNodeIterator(getConfigElem(), KEYGROUP_MAPPING_XPATH); // build the mapping for each KeyGroupMapping element - while ((mappingElem = (Element) mappingIter.nextNode()) != null) - { - Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + "CustomerId"); + while ((mappingElem = (Element) mappingIter.nextNode()) != null) { + final Element issuerSerialElem = (Element) XPathUtils.selectSingleNode(mappingElem, CONF + + "CustomerId"); // build the IssuerAndSerial who has access to the key groups IssuerAndSerial issuerAndSerial; - if (issuerSerialElem != null) - { + if (issuerSerialElem != null) { issuerAndSerial = buildIssuerAndSerial(issuerSerialElem); - } - else - { + } else { // IssuerSerial element: the keygroup is generally available issuerAndSerial = anonymous; } @@ -882,8 +847,7 @@ public class ConfigurationPartsBuilder { NodeIterator keyGroupIter; Element keyGroupElem; - if (groups == null) - { + if (groups == null) { // no mapping exist -> build one groups = new HashMap(); mappings.put(issuerAndSerial, groups); @@ -891,16 +855,13 @@ public class ConfigurationPartsBuilder { // select the available key groups and add them to the mapping keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId"); - while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) - { - String keyGroupId = getElementValue(keyGroupElem, ".", null); - KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); - - if (keyGroup != null) - { + while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) { + final String keyGroupId = getElementValue(keyGroupElem, ".", null); + final KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); + + if (keyGroup != null) { groups.put(keyGroupId, keyGroup); - } else - { + } else { warn("config.00", new Object[] { keyGroupId }); } } @@ -912,15 +873,14 @@ public class ConfigurationPartsBuilder { /** * Returns the default chaining mode from the configuration. - * + * * @return The default chaining mode. */ - public String getDefaultChainingMode() - { - String defaultChaining = getElementValue( - getConfigElem(), - CHAINING_MODES_DEFAULT_XPATH, - CM_PKIX); + public String getDefaultChainingMode() { + final String defaultChaining = getElementValue( + getConfigElem(), + CHAINING_MODES_DEFAULT_XPATH, + CM_PKIX); return translateChainingMode(defaultChaining); @@ -928,23 +888,20 @@ public class ConfigurationPartsBuilder { /** * Build the chaining modes for all configured trust anchors. - * + * * @return The mapping from trust anchors to chaining modes. */ - public Map buildChainingModes() - { - Map chainingModes = new HashMap(); - NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); + public Map buildChainingModes() { + final Map chainingModes = new HashMap(); + final NodeIterator trustIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_ANCHOR_XPATH); Element trustAnchorElem; - while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) - { - IssuerAndSerial issuerAndSerial = buildIssuerAndSerial( - (Element)XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification")); - String mode = getElementValue(trustAnchorElem, CONF + "Mode", null); + while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) { + final IssuerAndSerial issuerAndSerial = buildIssuerAndSerial( + (Element) XPathUtils.selectSingleNode(trustAnchorElem, CONF + "Identification")); + final String mode = getElementValue(trustAnchorElem, CONF + "Mode", null); - if (issuerAndSerial != null) - { + if (issuerAndSerial != null) { chainingModes.put(issuerAndSerial, translateChainingMode(mode)); } } @@ -954,26 +911,26 @@ public class ConfigurationPartsBuilder { /** * Build an <code>IssuerAndSerial</code> from the DOM representation. - * + * * @param root The root element (being of type <code>dsig: * X509IssuerSerialType</code>. * @return The issuer and serial number contained in the <code>root</code> - * element or <code>null</code> if could not be built for any reason. + * element or <code>null</code> if could not be built for any reason. */ private IssuerAndSerial buildIssuerAndSerial(Element root) { - String issuer = getElementValue(root, ISSUER_XPATH, null); - String serial = getElementValue(root, SERIAL_XPATH, null); + final String issuer = getElementValue(root, ISSUER_XPATH, null); + final String serial = getElementValue(root, SERIAL_XPATH, null); if (issuer != null && serial != null) { try { - RFC2253NameParser nameParser = new RFC2253NameParser(issuer); - Principal issuerDN = nameParser.parse(); + final RFC2253NameParser nameParser = new RFC2253NameParser(issuer); + final Principal issuerDN = nameParser.parse(); return new IssuerAndSerial(issuerDN, new BigInteger(serial)); - } catch (RFC2253NameParserException e) { + } catch (final RFC2253NameParserException e) { warn("config.16", new Object[] { issuer, serial }, e); return null; - } catch (NumberFormatException e) { + } catch (final NumberFormatException e) { warn("config.16", new Object[] { issuer, serial }, e); return null; } @@ -984,10 +941,10 @@ public class ConfigurationPartsBuilder { /** * Translate the chaining mode from the configuration file to one used in the * IAIK MOA API. - * + * * @param chainingMode The chaining mode from the configuration. * @return The chaining mode as provided by the <code>ChainingModes</code> - * interface. + * interface. * @see iaik.pki.pathvalidation.ChainingModes */ private String translateChainingMode(String chainingMode) { @@ -1002,55 +959,50 @@ public class ConfigurationPartsBuilder { /** * Build the distribution points mapping. - * + * * @return The mapping from certificate authorities to distribution points. */ - public Map buildDistributionPoints() - { - Map dPs = new HashMap(); + public Map buildDistributionPoints() { + final Map dPs = new HashMap(); NodeIterator dPIter; Element dPElem; - // select all DistributionPoint elements + // select all DistributionPoint elements dPIter = XPathUtils.selectNodeIterator(getConfigElem(), DISTRIBUTION_POINTS_XPATH); - // build the mapping of CA name to distribution points + // build the mapping of CA name to distribution points while ((dPElem = (Element) dPIter.nextNode()) != null) { - String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", ""); - RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText); - NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP"); - NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP"); + final String caIssuerDNText = getElementValue(dPElem, CONF + "CAIssuerDN", ""); + final RFC2253NameParser nameParser = new RFC2253NameParser(caIssuerDNText); + final NodeIterator cRLDPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "CRLDP"); + final NodeIterator oCSPDPPIter = XPathUtils.selectNodeIterator(dPElem, CONF + "OCSPDP"); - try - { - String caIssuerDN = nameParser.parse().getName(); + try { + final String caIssuerDN = nameParser.parse().getName(); - // check, if a mapping exists or make a new mapping + // check, if a mapping exists or make a new mapping Set dPsForCA = (Set) dPs.get(caIssuerDN); - if (dPsForCA == null) - { + if (dPsForCA == null) { dPsForCA = new HashSet(); dPs.put(caIssuerDN, dPsForCA); } // add the CRL distribution points of this CA to the set Element cRLDPElem; - while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null) - { - CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, caIssuerDN); + while ((cRLDPElem = (Element) cRLDPIter.nextNode()) != null) { + final CRLDistributionPoint cRLDP = (CRLDistributionPoint) buildDistributionPoint(cRLDPElem, + caIssuerDN); dPsForCA.add(cRLDP); } // add the OCSP distribution points of this CA to the set Element oCSPPElem; - while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null) - { - OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(oCSPPElem, null); + while ((oCSPPElem = (Element) oCSPDPPIter.nextNode()) != null) { + final OCSPDistributionPoint oCSPDP = (OCSPDistributionPoint) buildDistributionPoint(oCSPPElem, + null); dPsForCA.add(oCSPDP); } -} - catch (RFC2253NameParserException e) - { + } catch (final RFC2253NameParserException e) { warn("config.13", new Object[] { caIssuerDNText }, e); } @@ -1061,143 +1013,126 @@ public class ConfigurationPartsBuilder { /** * Build a distribution point from the DOM representation. - * - * @param dpElem The root element of the distribution point. - * - * @param issuerName The name of the CA issuing the CRL referred to by this DP, or <code>null</code> - * if this DP refers to an OCSP responder. - * + * + * @param dpElem The root element of the distribution point. + * + * @param issuerName The name of the CA issuing the CRL referred to by this DP, + * or <code>null</code> if this DP refers to an OCSP + * responder. + * * @return The distribution point. */ - private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName) - { - String uri = getElementValue(dpElem, CONF + "Location", null); - - if ("CRLDP".equals(dpElem.getLocalName())) - { - NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode"); + private DistributionPoint buildDistributionPoint(Element dpElem, String issuerName) { + final String uri = getElementValue(dpElem, CONF + "Location", null); + + if ("CRLDP".equals(dpElem.getLocalName())) { + final NodeIterator reasonCodesIter = XPathUtils.selectNodeIterator(dpElem, CONF + "ReasonCode"); Element reasonCodeElem; - StringBuffer reasonCodesSB = new StringBuffer(); - while ((reasonCodeElem = (Element)reasonCodesIter.nextNode()) != null) - { - if (reasonCodesSB.length() > 0) reasonCodesSB.append(" "); + final StringBuffer reasonCodesSB = new StringBuffer(); + while ((reasonCodeElem = (Element) reasonCodesIter.nextNode()) != null) { + if (reasonCodesSB.length() > 0) { + reasonCodesSB.append(" "); + } reasonCodesSB.append(getElementValue(reasonCodeElem, ".", "").trim()); } return new CRLDistributionPoint(issuerName, uri, reasonCodesSB.toString()); - } - else - { + } else { return new OCSPDistributionPoint(uri); } } /** * Return the CRL archive duration. - * - * @return The value of the CRL archive duration setting from the configuration, or <code>0</code> if - * no value is set in the configuration. + * + * @return The value of the CRL archive duration setting from the configuration, + * or <code>0</code> if no value is set in the configuration. */ - public int getRevocationArchiveDuration() - { - String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null); - try - { + public int getRevocationArchiveDuration() { + final String archiveDuration = getElementValue(getConfigElem(), CRL_ARCHIVE_DURATION_XPATH, null); + try { return Integer.parseInt(archiveDuration); - } - catch (NumberFormatException e) - { + } catch (final NumberFormatException e) { warn("config.01", null); return 365; } } /** - * Build the <code>CreateTransformsInfoProfile</code>s. - * + * Build the <code>CreateTransformsInfoProfile</code>s. + * * @return The mapping from profile ID to profile. */ - public Map buildCreateTransformsInfoProfiles() - { + public Map buildCreateTransformsInfoProfiles() { return loadProfiles(CREATE_TRANSFORMS_INFO_PROFILE_XPATH, "CreateTransformsInfoProfile"); } /** * Build the <code>CreateSignatureEnvironmentProfile</code>s. - * + * * @return The mapping from profile ID to profile. */ - public Map buildCreateSignatureEnvironmentProfiles() - { + public Map buildCreateSignatureEnvironmentProfiles() { return loadProfiles(CREATE_SIGNATURE_ENVIRONMENT_PROFILE_XPATH, "CreateSignatureEnvironmentProfile"); } /** * Build the <code>VerifyTransformsInfoProfile</code>s. - * + * * @return The mapping from profile ID to profile. */ - public Map buildVerifyTransformsInfoProfiles() - { + public Map buildVerifyTransformsInfoProfiles() { return loadProfiles(VERIFY_TRANSFORMS_INFO_PROFILE_XPATH, "VerifyTransformsInfoProfile"); } /** * Build the <code>SupplementProfile</code>s. - * + * * @return The mapping from profile ID to profile. */ - public Map buildSupplementProfiles() - { + public Map buildSupplementProfiles() { return loadProfiles(SUPPLEMENT_PROFILE_XPATH, "SupplementProfile"); } /** * Load a profile mapping. - * - * @param xpath The XPath to select the profiles from the configuration. - * + * + * @param xpath The XPath to select the profiles from the configuration. + * * @param profileRoot The name of the profile root element. - * + * * @return Map The profile ID to profile mapping. */ - private Map loadProfiles(String xpath, String profileRoot) - { - Map profiles = new HashMap(); - NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath); + private Map loadProfiles(String xpath, String profileRoot) { + final Map profiles = new HashMap(); + final NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), xpath); Element profileElem; - while ((profileElem = (Element) profileIter.nextNode()) != null) - { - String id = getElementValue(profileElem, CONF + "Id", null); - String fileName = getElementValue(profileElem, CONF + "Location", null); + while ((profileElem = (Element) profileIter.nextNode()) != null) { + final String id = getElementValue(profileElem, CONF + "Id", null); + final String fileName = getElementValue(profileElem, CONF + "Location", null); - if (profiles.containsKey(id)) - { + if (profiles.containsKey(id)) { warn("config.04", new Object[] { profileRoot, id }); - } - else - { - try - { + } else { + try { File profileFile = new File(fileName); // make profileFile absolute - if (!profileFile.isAbsolute()) profileFile = new File(configRoot_, fileName); + if (!profileFile.isAbsolute()) { + profileFile = new File(configRoot_, fileName); + } // load the profile - info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile()}); - Element profile = loadProfile(profileFile); + info("config.22", new Object[] { profileRoot, id, profileFile.getAbsoluteFile() }); + final Element profile = loadProfile(profileFile); - if (Constants.MOA_NS_URI.equals(profile.getNamespaceURI()) && - profile.getLocalName().equals(profileRoot)) - { + if (Constants.MOA_NS_URI.equals(profile.getNamespaceURI()) && + profile.getLocalName().equals(profileRoot)) { profiles.put(id, profile); - } - else - { + } else { warn("config.02", new Object[] { profileRoot, id, fileName }); } - } catch (ConfigurationException e) { + } catch (final ConfigurationException e) { warn("config.03", new Object[] { profileRoot, id }); } } @@ -1208,8 +1143,9 @@ public class ConfigurationPartsBuilder { /** * Load a profile from a file. - * - * @param root The absolute directory path of the main configuration file. + * + * @param root The absolute directory path of the main configuration + * file. * @param profileFile The file containing the profile. * @return The profile in its DOM representation. * @throws ConfigurationException An error occurred loading the profile. @@ -1220,7 +1156,7 @@ public class ConfigurationPartsBuilder { try { profile = parseXml(new FileInputStream(profileFile)); - } catch (Exception e) { + } catch (final Exception e) { throw new ConfigurationException("config.12", null, e); } @@ -1229,146 +1165,136 @@ public class ConfigurationPartsBuilder { /** * Build the trust profile mapping. - * + * * @return The profile ID to profile mapping. */ - - public Map buildTrustProfiles() - { - Map trustProfiles = new HashMap(); - NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); + + public Map buildTrustProfiles() { + final Map trustProfiles = new HashMap(); + final NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); Element profileElem; - while ((profileElem = (Element) profileIter.nextNode()) != null) { - //load basic TrustProfile information - - //check TrustProfileId - String id = getElementValue(profileElem, CONF + "Id", null); - if (MiscUtil.isEmpty(id)) { - warn("config.52", new Object[]{"Id des TrustProfiles ist leer."}); - continue; - - } - //cast profileId to lowercase (changed in 3.0.1) - id = id.trim().toLowerCase(); - if (trustProfiles.containsKey(id)) { - warn("config.04", new Object[] { "TrustProfile", id }); + while ((profileElem = (Element) profileIter.nextNode()) != null) { + // load basic TrustProfile information + + // check TrustProfileId + String id = getElementValue(profileElem, CONF + "Id", null); + if (MiscUtil.isEmpty(id)) { + warn("config.52", new Object[] { "Id des TrustProfiles ist leer." }); + continue; + + } + // cast profileId to lowercase (changed in 3.0.1) + id = id.trim().toLowerCase(); + if (trustProfiles.containsKey(id)) { + warn("config.04", new Object[] { "TrustProfile", id }); + continue; + } + + // check location of TrustAnchor directory + final String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); + URI trustAnchorsLocURI = null; + try { + trustAnchorsLocURI = new URI(trustAnchorsLocStr); + if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file + trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); + } + } catch (final URIException e) { + warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); + continue; + } catch (final MalformedURLException e) { + warn("config.15", new Object[] { id }, e); + continue; + } + final File profileDir = new File(trustAnchorsLocURI.getPath()); + if (!profileDir.exists() || !profileDir.isDirectory()) { + warn("config.27", new Object[] { "uri", id }); + continue; + } + + // check signerCertsLocation URL + String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); + URI signerCertsLocURI = null; + if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) { + try { + signerCertsLocURI = new URI(signerCertsLocStr); + if (!signerCertsLocURI.isAbsolute()) { + signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); + } + + final File signerCertsDir = new File(signerCertsLocURI.getPath()); + if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { + warn("config.27", new Object[] { "signerCertsUri", id }); continue; - } - - //check location of TrustAnchor directory - String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); - URI trustAnchorsLocURI = null; - try - { - trustAnchorsLocURI = new URI(trustAnchorsLocStr); - if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file - trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); } - } - catch (URIException e) { - warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); - continue; - } - catch (MalformedURLException e) - { - warn("config.15", new Object[] {id}, e); + } catch (final URIException e) { + warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); continue; - } - File profileDir = new File(trustAnchorsLocURI.getPath()); - if (!profileDir.exists() || !profileDir.isDirectory()) { - warn("config.27", new Object[] { "uri", id }); + } catch (final MalformedURLException e) { + warn("config.15", new Object[] { id }, e); continue; } + } + signerCertsLocStr = signerCertsLocURI != null ? signerCertsLocURI.toString() : null; + + // check if TSL support is enabled + final Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); + boolean tslEnabled = false; + if (eutslElem != null) { + tslEnabled = true; + } + + // load TSL configuration + final String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", + null); + final String allowedTspStatus = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + + "AllowedTSPStatus", null); + final String allowedTspServiceTypes = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + + "AllowedTSPServiceTypes", null); + + // create profile configuration + final TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, + tslEnabled, countries, allowedTspStatus, allowedTspServiceTypes); + trustProfiles.put(id, profile); - //check signerCertsLocation URL - String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - URI signerCertsLocURI = null; - if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) - { - try - { - signerCertsLocURI = new URI(signerCertsLocStr); - if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); - - File signerCertsDir = new File(signerCertsLocURI.getPath()); - if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { - warn("config.27", new Object[] { "signerCertsUri", id }); - continue; - } - } - catch (URIException e) { - warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); - continue; - } - catch (MalformedURLException e) { - warn("config.15", new Object[] {id}, e); - continue; - } - } - signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - - - //check if TSL support is enabled - Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); - boolean tslEnabled = false; - if (eutslElem != null) //EUTSL element found --> TSL enabled - tslEnabled = true; - - //load TSL configuration - String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", null); - String allowedTspStatus = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "AllowedTSPStatus", null); - String allowedTspServiceTypes = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "AllowedTSPServiceTypes", null); - - - //create profile configuration - TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, - tslEnabled, countries, allowedTspStatus, allowedTspServiceTypes); - trustProfiles.put(id, profile); - } return trustProfiles; } - + /** * Returns the location of the certificate store. - * + * * @return the location of the certificate store. */ - public String getCertStoreLocation() - { - String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null); + public String getCertStoreLocation() { + final String certStoreLocStr = getElementValue(getConfigElem(), CERTSTORE_LOCATION_XPATH, null); File certStoreLocFile; - - // No value specified in configuration file: Set it to a reasonable (absolute) default - if (certStoreLocStr == null) - return new File(configRoot_, "certstore").getAbsolutePath(); - + + // No value specified in configuration file: Set it to a reasonable (absolute) + // default + if (certStoreLocStr == null) { + return new File(configRoot_, "certstore").getAbsolutePath(); + } + // Make cert store location an absolute value certStoreLocFile = new File(certStoreLocStr); - if (!certStoreLocFile.isAbsolute()) - { + if (!certStoreLocFile.isAbsolute()) { certStoreLocFile = new File(configRoot_, certStoreLocStr); } - + // Check if cert store location exists, eventually try to create it - if (!certStoreLocFile.isDirectory()) - { + if (!certStoreLocFile.isDirectory()) { boolean created = false; - try - { + try { created = certStoreLocFile.mkdirs(); - } - finally - { - if (!created) - { + } finally { + if (!created) { warn("config.32", new Object[] { certStoreLocFile.getAbsolutePath() }); } } } - + return certStoreLocFile.getAbsolutePath(); } @@ -1378,428 +1304,429 @@ public class ConfigurationPartsBuilder { /** * Parse a configuration XML file. - * + * * @param inputStream The stream from which to read the XML data. * @return The DOM representation of the XML data. * @throws ParserConfigurationException XML parser not configured properly. - * @throws SAXException An error parsing the XML file. - * @throws IOException An error reading the stream. + * @throws SAXException An error parsing the XML file. + * @throws IOException An error reading the stream. */ private static Element parseXml(InputStream inputStream) - throws ParserConfigurationException, SAXException, IOException { + throws ParserConfigurationException, SAXException, IOException { return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) - .getDocumentElement(); + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) + .getDocumentElement(); } /** * Return the value of an element located by an XPath. - * - * @param root The root element from which to evaluate the <code>xpath</code>. + * + * @param root The root element from which to evaluate the <code>xpath</code>. * @param xpath The XPath pointing to the element. - * @param def The default value, if no element can be found with the given - * <code>xpath</code>. + * @param def The default value, if no element can be found with the given + * <code>xpath</code>. * @return The element value or <code>def</code>, if the element cannot be - * found. + * found. */ private String getElementValue(Element root, String xpath, String def) { - Element elem = (Element) XPathUtils.selectSingleNode(root, xpath); + final Element elem = (Element) XPathUtils.selectSingleNode(root, xpath); return elem != null ? DOMUtils.getText(elem) : def; } /** * Return the value of an attribute located by an XPath. - * - * @param root The root element from which to evaluate the <code>xpath</code>. + * + * @param root The root element from which to evaluate the <code>xpath</code>. * @param xpath The XPath pointing to the attribute. - * @param def The default value, if no attribute can be found with the given - * <code>xpath</code>. + * @param def The default value, if no attribute can be found with the given + * <code>xpath</code>. * @return The element value or <code>def</code>, if the attribute cannot be - * found. + * found. */ private String getAttributeValue(Element root, String xpath, String def) { - Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath); + final Attr attr = (Attr) XPathUtils.selectSingleNode(root, xpath); return attr != null ? attr.getValue() : def; } /** * Log an info message. - * - * @param messageId The message ID. + * + * @param messageId The message ID. * @param parameters Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private static void info(String messageId, Object[] parameters) { - MessageProvider msg = MessageProvider.getInstance(); + final MessageProvider msg = MessageProvider.getInstance(); Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); } /** * Log a warning. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void warn(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.warn(new LogMsg(txt)); warnings.add(txt); } - + /** * Log a warning. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void debug(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.debug(new LogMsg(txt)); - + } - /** * Log a debug message. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void debug(String message) { Logger.debug(new LogMsg(message)); } - + /** * Log a warning. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. - * @param t An exception being the cause of the warning. + * @param args Additional parameters for the message. + * @param t An exception being the cause of the warning. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void warn(String messageId, Object[] args, Throwable t) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); - Logger.warn(new LogMsg(txt), t); + Logger.warn(new LogMsg(txt), t); warnings.add(txt); } /** * Log an error. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void error(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.error(new LogMsg(txt)); warnings.add(txt); } - + /** * Log an error. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. - * @param t An exception being the cause of the warning. + * @param args Additional parameters for the message. + * @param t An exception being the cause of the warning. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void error(String messageId, Object[] args, Throwable t) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); - Logger.error(new LogMsg(txt), t); + Logger.error(new LogMsg(txt), t); warnings.add(txt); } - + /** * Returns whether revocation information should be archived. - * + * * @return whether revocation information should be archived. */ - public boolean getEnableRevocationArchiving() - { - String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null); + public boolean getEnableRevocationArchiving() { + final String enableArchiving = getElementValue(getConfigElem(), ENABLE_ARCHIVING_XPATH, null); return Boolean.valueOf(enableArchiving).booleanValue(); } /** * Returns the JDBC URL for the revocation archive database. - * - * @return the JDBC URL for the revocation archive database, or <code>null</code, if the corresponding - * parameter is not set in the configuration. + * + * @return the JDBC URL for the revocation archive database, or + * <code>null</code, if the corresponding parameter is not set in the + * configuration. */ - public String getRevocationArchiveJDBCURL() - { - String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null); + public String getRevocationArchiveJDBCURL() { + final String jDBCURL = getElementValue(getConfigElem(), ACHIVE_JDBC_URL_, null); return jDBCURL; } /** * Returns the JDBC driver class name for the revocation archive database. - * - * @return the JDBC driver class name for the revocation archive database, or <code>null</code, - * if the corresponding parameter is not set in the configuration. + * + * @return the JDBC driver class name for the revocation archive database, or + * <code>null</code, if the corresponding parameter is not set in the + * configuration. */ - public String getRevocationArchiveJDBCDriverClass() - { - String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null); + public String getRevocationArchiveJDBCDriverClass() { + final String jDBCDriverClass = getElementValue(getConfigElem(), ACHIVE_JDBC_DRIVER_CLASS_, null); return jDBCDriverClass; } /** * Returns whether revocation information should be archived. */ - public boolean getEnableRevocationChecking() - { - String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null); + public boolean getEnableRevocationChecking() { + final String enableChecking = getElementValue(getConfigElem(), ENABLE_REVOCATION_CHECKING_XPATH_, null); return Boolean.valueOf(enableChecking).booleanValue(); } /** - * Returns the maximum age of a revocation information for considering it - * still as valid. - * - * @return the maximum age of a revocation information for considering it - * still as valid. + * Returns the maximum age of a revocation information for considering it still + * as valid. + * + * @return the maximum age of a revocation information for considering it still + * as valid. */ - public long getMaxRevocationAge() - { - String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null); - if (maxRevocationAge == null) return 0; + public long getMaxRevocationAge() { + final String maxRevocationAge = getElementValue(getConfigElem(), MAX_REVOCATION_AGE_XPATH_, null); + if (maxRevocationAge == null) { + return 0; + } return Long.valueOf(maxRevocationAge).longValue(); } /** * Returns the service order for revocation checking. - * + * * @return the service order for revocation checking. Valid array entries are - * {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. - * An empty array will be returned if no service order is specified in the - * configuration. + * {@link RevocationSourceTypes#OCSP} and + * {@link RevocationSourceTypes#CRL}. An empty array will be returned if + * no service order is specified in the configuration. */ - public String[] getServiceOrder() - { - ArrayList list = new ArrayList(); - NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), REVOCATION_SERVICEORDER_XPATH_); + public String[] getServiceOrder() { + final ArrayList list = new ArrayList(); + final NodeIterator serviceIter = XPathUtils.selectNodeIterator(getConfigElem(), + REVOCATION_SERVICEORDER_XPATH_); Element currentServiceNode; - while ((currentServiceNode = (Element)serviceIter.nextNode()) != null) - { + while ((currentServiceNode = (Element) serviceIter.nextNode()) != null) { list.add(getElementValue(currentServiceNode, ".", null)); } - Object[] serviceOrder = list.toArray(); - String[] returnValue = new String[serviceOrder.length]; - for (int i = 0; i < serviceOrder.length; i++) - { - if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.CRL)) { + final Object[] serviceOrder = list.toArray(); + final String[] returnValue = new String[serviceOrder.length]; + for (int i = 0; i < serviceOrder.length; i++) { + if (((String) serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.CRL)) { returnValue[i] = RevocationSourceTypes.CRL; - } else if (((String)serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.OCSP)) { + } else if (((String) serviceOrder[i]).equalsIgnoreCase(RevocationSourceTypes.OCSP)) { returnValue[i] = RevocationSourceTypes.OCSP; } - + } return returnValue; } /** - * Returns whether the certificate extension Authority Info Access should - * be used during certificate path construction. - * - * @return whether the certificate extension Authority Info Access should - * be used during certificate path construction. + * Returns whether the certificate extension Authority Info Access should be + * used during certificate path construction. + * + * @return whether the certificate extension Authority Info Access should be + * used during certificate path construction. */ - public boolean getUseAuthorityInfoAccess() - { - String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null); + public boolean getUseAuthorityInfoAccess() { + final String useAIA = getElementValue(getConfigElem(), USE_AUTHORITY_INFO_ACCESS_XPATH_, null); return Boolean.valueOf(useAIA).booleanValue(); } /** - * Returns whether certificates found during certificate path construction + * Returns whether certificates found during certificate path construction * should be added to the certificate store. - * - * @return whether certificates found during certificate path construction + * + * @return whether certificates found during certificate path construction * should be added to the certificate store. */ - public boolean getAutoAddCertificates() - { - String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); + public boolean getAutoAddCertificates() { + final String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); return Boolean.valueOf(autoAdd).booleanValue(); } - + + public boolean getAutoEEAddCertificates() { + final String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_EE_CERTIFICATES_XPATH_, null); + if (autoAdd != null) { + return Boolean.valueOf(autoAdd).booleanValue(); + } else { + return false; + } + + } + /** - * Returns whether file URIs are permitted + * Returns whether file URIs are permitted + * * @return whether file URIs are permitted */ - public boolean getPermitFileURIs() - { - String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false"); + public boolean getPermitFileURIs() { + final String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false"); return Boolean.valueOf(permitFileURIs).booleanValue(); } - + /** * Returns the TSL configuration from the config file + * * @return */ public TSLConfiguration getTSLConfiguration() { - TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl(); - - - String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null); - if (StringUtils.isEmpty(euTSLUrl)) { - euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL; - debug("config.39", new Object[] { "EUTSL", euTSLUrl }); - } - - String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null); - - if (StringUtils.isEmpty(updateSchedulePeriod)) { - updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD; - debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod }); - } - - String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "StartTime", null); - if (StringUtils.isEmpty(updateScheduleStartTime)) { - updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME; - debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime }); - - } - - String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "WorkingDirectory", null); - if (StringUtils.isEmpty(workingDirectoryStr)) { - workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; - debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); - } - - String qcQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "Evaluation/" + CONF + "QCQualifier", null); - if (MiscUtil.isEmpty(qcQualifier)) - info("config.39", new Object[] { "Evaluation/QCQualifier", " EMPTY" }); - - else { - String[] qcQualList = qcQualifier.split(","); - for (String el : qcQualList) { - try { - tslconfiguration.addQualifierForQC(new java.net.URI(el.trim())); - //info("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }); - - } catch (URISyntaxException e) { - warn("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }, e); - - } - - } - } - - String sscdQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "Evaluation/" + CONF + "SSCDQualifier", null); - if (MiscUtil.isEmpty(qcQualifier)) - info("config.39", new Object[] { "Evaluation/SSCDQualifier", " EMPTY" }); - - else { - String[] sscdQualList = sscdQualifier.split(","); - for (String el : sscdQualList) { - try { - tslconfiguration.addQualifierForSSCD(new java.net.URI(el.trim())); - //info("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }); - - } catch (URISyntaxException e) { - warn("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }, e); - - } - - } - } - - // convert update schedule starting time to Date object - Calendar Cal = DatatypeConverter.parseDateTime(updateScheduleStartTime); - Date updateScheduleStartTimeDate = Cal.getTime(); - - // convert working directory - URI workingDirectoryURI = null; - try - { - workingDirectoryURI = new URI(workingDirectoryStr); - if (!workingDirectoryURI.isAbsolute()) { // make it absolute to the config file - workingDirectoryURI = new URI(configRoot_.toURL() + workingDirectoryStr); + final TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl(); + + String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null); + if (StringUtils.isEmpty(euTSLUrl)) { + euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL; + debug("config.39", new Object[] { "EUTSL", euTSLUrl }); + } + + String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + + "UpdateSchedule/" + CONF + "Period", null); + + if (StringUtils.isEmpty(updateSchedulePeriod)) { + updateSchedulePeriod = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_PERIOD; + debug("config.39", new Object[] { "UpdateSchedule/Period", updateSchedulePeriod }); + } + + String updateScheduleStartTime = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + + "UpdateSchedule/" + CONF + "StartTime", null); + if (StringUtils.isEmpty(updateScheduleStartTime)) { + updateScheduleStartTime = TSLConfiguration.DEFAULT_UPDATE_SCHEDULE_STARTTIME; + debug("config.39", new Object[] { "UpdateSchedule/StartTime", updateScheduleStartTime }); + + } + + String workingDirectoryStr = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + + "WorkingDirectory", null); + if (StringUtils.isEmpty(workingDirectoryStr)) { + workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; + debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + } + + final String qcQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "Evaluation/" + + CONF + "QCQualifier", null); + if (MiscUtil.isEmpty(qcQualifier)) { + info("config.39", new Object[] { "Evaluation/QCQualifier", " EMPTY" }); + } else { + final String[] qcQualList = qcQualifier.split(","); + for (final String el : qcQualList) { + try { + tslconfiguration.addQualifierForQC(new java.net.URI(el.trim())); + // info("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }); + + } catch (final URISyntaxException e) { + warn("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }, e); + } + } - catch (URIException e) { - warn("config.37", new Object[] { workingDirectoryStr }, e); - workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; - warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); - } - catch (MalformedURLException e) - { - warn("config.37", new Object[] { workingDirectoryStr }, e); - workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; - warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); - } + } + + final String sscdQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + + "Evaluation/" + CONF + "SSCDQualifier", null); + if (MiscUtil.isEmpty(qcQualifier)) { + info("config.39", new Object[] { "Evaluation/SSCDQualifier", " EMPTY" }); + } else { + final String[] sscdQualList = sscdQualifier.split(","); + for (final String el : sscdQualList) { + try { + tslconfiguration.addQualifierForSSCD(new java.net.URI(el.trim())); + // info("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }); + + } catch (final URISyntaxException e) { + warn("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }, e); + + } - File tslWorkingDir = new File(workingDirectoryURI.getPath()); - if (!tslWorkingDir.exists()) { - tslWorkingDir.mkdir(); } - if (!tslWorkingDir.isDirectory()) { - error("config.38", new Object[] { workingDirectoryStr }); - return null; + } + + // convert update schedule starting time to Date object + final Calendar Cal = DatatypeConverter.parseDateTime(updateScheduleStartTime); + final Date updateScheduleStartTimeDate = Cal.getTime(); + + // convert working directory + URI workingDirectoryURI = null; + try { + workingDirectoryURI = new URI(workingDirectoryStr); + if (!workingDirectoryURI.isAbsolute()) { // make it absolute to the config file + workingDirectoryURI = new URI(configRoot_.toURL() + workingDirectoryStr); } - - - debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl); - debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod); - debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime); - debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath()); - - - // set TSL configuration - tslconfiguration.setEuTSLUrl(euTSLUrl); - tslconfiguration.setUpdateSchedulePeriod(Long.valueOf(updateSchedulePeriod).longValue()); - tslconfiguration.setUpdateScheduleStartTime(updateScheduleStartTimeDate); - tslconfiguration.setWorkingDirectory(tslWorkingDir.getAbsolutePath()); - tslconfiguration.setWorkingDirectoryURI(workingDirectoryURI); - - return tslconfiguration; + } catch (final URIException e) { + warn("config.37", new Object[] { workingDirectoryStr }, e); + workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; + warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + } catch (final MalformedURLException e) { + warn("config.37", new Object[] { workingDirectoryStr }, e); + workingDirectoryStr = TSLConfiguration.DEFAULT_WORKING_DIR; + warn("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); + } + + final File tslWorkingDir = new File(workingDirectoryURI.getPath()); + if (!tslWorkingDir.exists()) { + tslWorkingDir.mkdir(); + } + if (!tslWorkingDir.isDirectory()) { + error("config.38", new Object[] { workingDirectoryStr }); + return null; + } + + debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl); + debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod); + debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime); + debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath()); + + // set TSL configuration + tslconfiguration.setEuTSLUrl(euTSLUrl); + tslconfiguration.setUpdateSchedulePeriod(Long.valueOf(updateSchedulePeriod).longValue()); + tslconfiguration.setUpdateScheduleStartTime(updateScheduleStartTimeDate); + tslconfiguration.setWorkingDirectory(tslWorkingDir.getAbsolutePath()); + tslconfiguration.setWorkingDirectoryURI(workingDirectoryURI); + + return tslconfiguration; } - + /** * Returns a map of CRL retention intervals + * * @return */ public Map getCrlRetentionIntervals() { - Map map = new HashMap(); - NodeIterator modIter = XPathUtils.selectNodeIterator( - getConfigElem(), - CRL_RETENTION_INTERVALS_CA_XPATH); - - Element modElem; - while ((modElem = (Element) modIter.nextNode()) != null) { - String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null); - String i = getElementValue(modElem, CONF + "Interval", null); - Integer interval = new Integer(i); - try { - RFC2253NameParser parser = new RFC2253NameParser(x509IssuerName); - Name name = parser.parse(); - map.put(name.getRFC2253String(), interval); - } catch (RFC2253NameParserException e) { - map.put(x509IssuerName, interval); - } + final Map map = new HashMap(); + final NodeIterator modIter = XPathUtils.selectNodeIterator( + getConfigElem(), + CRL_RETENTION_INTERVALS_CA_XPATH); - } + Element modElem; + while ((modElem = (Element) modIter.nextNode()) != null) { + final String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null); + final String i = getElementValue(modElem, CONF + "Interval", null); + final Integer interval = new Integer(i); + try { + final RFC2253NameParser parser = new RFC2253NameParser(x509IssuerName); + final Name name = parser.parse(); + map.put(name.getRFC2253String(), interval); + } catch (final RFC2253NameParserException e) { + map.put(x509IssuerName, interval); + } - return map; + } + + return map; } - - + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 7ae83cb..bffa489 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -21,14 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; -import iaik.asn1.structures.Name; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -41,7 +35,6 @@ import java.util.Collections; import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import java.util.Set; import org.w3c.dom.Element; @@ -52,39 +45,45 @@ import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.DOMUtils; import at.gv.egovernment.moaspss.util.MiscUtil; +import iaik.asn1.structures.Name; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; /** * A class providing access to the MOA configuration data. - * - * <p>Configuration data is read from an XML file, whose location is given by - * the <code>moa.spss.server.configuration</code> system property.</p> - * <p>This class implements the Singleton pattern. The <code>reload()</code> - * method can be used to update the configuration data. Therefore, it is not - * guaranteed that consecutive calls to <code>getInstance()</code> will return - * the same <code>ConfigurationProvider</code> all the time. During the - * processing of a web service request, the current - * <code>TransactionContext</code> should be used to obtain the - * <code>ConfigurationProvider</code> local to that request.</p> - * + * + * <p> + * Configuration data is read from an XML file, whose location is given by the + * <code>moa.spss.server.configuration</code> system property. + * </p> + * <p> + * This class implements the Singleton pattern. The <code>reload()</code> method + * can be used to update the configuration data. Therefore, it is not guaranteed + * that consecutive calls to <code>getInstance()</code> will return the same + * <code>ConfigurationProvider</code> all the time. During the processing of a + * web service request, the current <code>TransactionContext</code> should be + * used to obtain the <code>ConfigurationProvider</code> local to that request. + * </p> + * * @author Patrick Peck * @author Sven Aigner * @version $Id$ */ -public class ConfigurationProvider -{ - /** - * The name of the system property which contains the file name of the +public class ConfigurationProvider { + /** + * The name of the system property which contains the file name of the * configuration file. */ public static final String CONFIG_PROPERTY_NAME = - "moa.spss.server.configuration"; + "moa.spss.server.configuration"; - /** + /** * A fake <code>IssuerAndSerial</code> object for storing KeyGroup information * accessible by all clients. */ private static final IssuerAndSerial ANONYMOUS_ISSUER_SERIAL = - new IssuerAndSerial(new Name(), new BigInteger("0")); + new IssuerAndSerial(new Name(), new BigInteger("0")); /** Singleton instance. <code>null</code>, if none has been created. */ private static ConfigurationProvider instance; @@ -101,23 +100,23 @@ public class ConfigurationProvider /** The default canonicalization algorithm name */ private String canonicalizationAlgorithmName; - + /** The XAdES version used for signature creation */ private String xadesVersion; - + /** PDF AS Configuration */ private String pdfAsConfiguration; - + private int connectionTimeout; private int readTimeout; - - /** - * A <code>List</code> of <code>HardwareCryptoModule</code> objects for + + /** + * A <code>List</code> of <code>HardwareCryptoModule</code> objects for * configuring hardware modules. */ private List hardwareCryptoModules; - /** + /** * A <code>List</code> of <code>HardwareKey</code> objects containing the * configuration data for hardware keys. */ @@ -144,29 +143,29 @@ public class ConfigurationProvider /** The default chaining mode. */ private String defaultChainingMode; - /** + /** * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to * chaining mode (a <code>String</code>) mapping. */ private Map chainingModes; /** - * A <code>Map</code> which contains the CAIssuerDN (a <code>String</code>) - * to distribution points (a <code>Set</code> of - * <code>DistributionPoint</code>s) mapping. + * A <code>Map</code> which contains the CAIssuerDN (a <code>String</code>) to + * distribution points (a <code>Set</code> of <code>DistributionPoint</code>s) + * mapping. */ private Map distributionPoints; - /** - * The CRL archive duration. + /** + * The CRL archive duration. */ private int cRLArchiveDuration; - + /** * Indicates whether revocation information should be archived. */ private boolean enableRevocationArchiving_; - + /** * The location of the certificate store. */ @@ -180,29 +179,29 @@ public class ConfigurationProvider private Map createSignatureEnvironmentProfiles; /** - * A <code>Map</code> which contains a mapping from - * CreateTransformsInfoProfile Ids (<code>String</code>) to - * CreateTransformsInfoProfile elements (an <code>Element</code>). + * A <code>Map</code> which contains a mapping from CreateTransformsInfoProfile + * Ids (<code>String</code>) to CreateTransformsInfoProfile elements (an + * <code>Element</code>). */ private Map createTransformsInfoProfiles; /** - * A <code>Map</code> which contains a mapping from - * VerifyTransformsInfoProfile Ids (<code>String</code>) to - * VerifyTransformsInfoProfile elements (an <code>Element</code>). + * A <code>Map</code> which contains a mapping from VerifyTransformsInfoProfile + * Ids (<code>String</code>) to VerifyTransformsInfoProfile elements (an + * <code>Element</code>). */ private Map verifyTransformsInfoProfiles; /** - * A <code>Map</code> which contains a mapping from - * SupplementProfile Ids (<code>String</code>) to SupplementProfile elements - * (an <code>Element</code>). + * A <code>Map</code> which contains a mapping from SupplementProfile Ids + * (<code>String</code>) to SupplementProfile elements (an + * <code>Element</code>). */ private Map supplementProfiles; /** - * A <code>Map</code> which contains a TrustProfile Id (a <code>String</code> - * to trust profile (a <code>TrustProfile</code>) mapping. + * A <code>Map</code> which contains a TrustProfile Id (a <code>String</code> to + * trust profile (a <code>TrustProfile</code>) mapping. */ private Map trustProfiles; @@ -222,7 +221,8 @@ public class ConfigurationProvider private boolean enableRevocationChecking_; /** - * The maximum age of a revocation information for considering it still as valid. + * The maximum age of a revocation information for considering it still as + * valid. */ private long maxRevocationAge_; @@ -232,57 +232,58 @@ public class ConfigurationProvider private String[] serviceOrder_; private boolean adesFormResults; - + /** - * Indicates whether certificates found during certificate path construction + * Indicates whether certificates found during certificate path construction * should be added to the certificate store. */ private boolean autoAddCertificates_; + private boolean autoAddEECertificates_; + /** - * Indicates whether the certificate extension Authority Info Access should - * be used during certificate path construction. + * Indicates whether the certificate extension Authority Info Access should be + * used during certificate path construction. */ private boolean useAuthorityInfoAccess_; /** - * Indicates whether file URIs are allowed or not + * Indicates whether file URIs are allowed or not */ private boolean permitFileURIs; - + /** * Indicates the CRL retention intervals */ private Map crlRetentionIntervals; - + /** * Indicates wether external URIs are allowed or not */ private boolean allowExternalUris_; - + /** * A <code>List</code> of black listed URIs (host and port) */ private List blackListedUris_; - + /** * A <code>List</code> of white listed URIs (host and port) */ private List whiteListedUris_; - + /** * A <code>TSLConfiguration</code> that represents the global TSL configuration */ private TSLConfiguration tslconfiguration_; - - + /** * Return the single instance of configuration data. - * + * * @return MOAConfigurationProvider The current configuration data. * @throws ConfigurationException Failure to load the configuration data. */ public static synchronized ConfigurationProvider getInstance() - throws ConfigurationException { + throws ConfigurationException { if (instance == null) { reload(); @@ -292,21 +293,21 @@ public class ConfigurationProvider /** * Reload the configuration data and set it if successful. - * + * * @return MOAConfigurationProvider The loaded configuration data. * @throws ConfigurationException Failure to load the configuration data. */ public static synchronized ConfigurationProvider reload() - throws ConfigurationException { + throws ConfigurationException { String fileName = System.getProperty(CONFIG_PROPERTY_NAME); if (fileName == null) { // find out where we are running and use the configuration provided // under WEB-INF/conf/moa-spss/MOA-SPSSConfiguration - URL url = ConfigurationProvider.class.getResource("/"); + final URL url = ConfigurationProvider.class.getResource("/"); fileName = - new File(url.getPath()).getParent() - + "/conf/moa-spss/MOA-SPSSConfiguration.xml"; + new File(url.getPath()).getParent() + + "/conf/moa-spss/MOA-SPSSConfiguration.xml"; info("config.05", new Object[] { CONFIG_PROPERTY_NAME }); } @@ -316,7 +317,7 @@ public class ConfigurationProvider /** * Constructor for ConfigurationProvider. - * + * * @param fileName The name of the configuration file. * @throws ConfigurationException An error occurred loading the configuration. */ @@ -325,12 +326,11 @@ public class ConfigurationProvider } /** - * Load the configuration data from XML file with the given name and build - * the internal data structures representing the MOA configuration. - * + * Load the configuration data from XML file with the given name and build the + * internal data structures representing the MOA configuration. + * * @param fileName The name of the XML file to load. - * @throws ConfigurationException The MOA configuration could not be - * read/built. + * @throws ConfigurationException The MOA configuration could not be read/built. */ private void load(String fileName) throws ConfigurationException { FileInputStream stream = null; @@ -339,16 +339,15 @@ public class ConfigurationProvider Element configElem; ConfigurationPartsBuilder builder; List allKeyModules; - // load the main config file try { configFile = new File(fileName); configRoot = new File(configFile.getParent()); - info("config.21", new Object[] { configFile.getAbsoluteFile()}); + info("config.21", new Object[] { configFile.getAbsoluteFile() }); stream = new FileInputStream(fileName); configElem = DOMUtils.parseXmlValidating(new FileInputStream(fileName)); - } catch (Throwable t) { + } catch (final Throwable t) { throw new ConfigurationException("config.10", null, t); } @@ -356,29 +355,27 @@ public class ConfigurationProvider try { builder = new ConfigurationPartsBuilder(configElem, configRoot); - //build TSL configuration + // build TSL configuration tslconfiguration_ = builder.getTSLConfiguration(); - - //build TrustProfile configuration - trustProfiles = builder.buildTrustProfiles(); - - //check TSL configuration + + // build TrustProfile configuration + trustProfiles = builder.buildTrustProfiles(); + + // check TSL configuration checkTSLConfiguration(); - - + digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName(); canonicalizationAlgorithmName = - builder.getCanonicalizationAlgorithmName(); + builder.getCanonicalizationAlgorithmName(); hardwareCryptoModules = builder.buildHardwareCryptoModules(); hardwareKeyModules = - builder.buildHardwareKeyModules(Collections.EMPTY_LIST); + builder.buildHardwareKeyModules(Collections.EMPTY_LIST); softwareKeyModules = - builder.buildSoftwareKeyModules(hardwareKeyModules); + builder.buildSoftwareKeyModules(hardwareKeyModules); allKeyModules = new ArrayList(hardwareKeyModules); allKeyModules.addAll(softwareKeyModules); keyGroups = builder.buildKeyGroups(allKeyModules); - keyGroupMappings = - builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); + builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL); this.connectionTimeout = builder.getConnectionTimeout(); Logger.debug("Set 'Connection-Timeout' to " + String.valueOf(this.connectionTimeout) + "[ms]"); @@ -393,9 +390,10 @@ public class ConfigurationProvider chainingModes = builder.buildChainingModes(); useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess(); autoAddCertificates_ = builder.getAutoAddCertificates(); - //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); - - + autoAddEECertificates_ = builder.getAutoEEAddCertificates(); + // trustProfiles = + // builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); + distributionPoints = builder.buildDistributionPoints(); enableRevocationChecking_ = builder.getEnableRevocationChecking(); maxRevocationAge_ = builder.getMaxRevocationAge(); @@ -404,12 +402,10 @@ public class ConfigurationProvider cRLArchiveDuration = builder.getRevocationArchiveDuration(); revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL(); revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass(); - - - //TODO!!!! + + // TODO!!!! certStoreLocation_ = builder.getCertStoreLocation(); - - + createTransformsInfoProfiles = builder.buildCreateTransformsInfoProfiles(); createSignatureEnvironmentProfiles = builder.buildCreateSignatureEnvironmentProfiles(); verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles(); @@ -418,41 +414,37 @@ public class ConfigurationProvider permitFileURIs = builder.getPermitFileURIs(); crlRetentionIntervals = builder.getCrlRetentionIntervals(); - allowExternalUris_= builder.allowExternalUris(); - - if (allowExternalUris_) { - blackListedUris_ = builder.buildPermitExternalUris(); - whiteListedUris_ = null; - } - else { - info("config.35", null); - blackListedUris_ = null; - whiteListedUris_ = builder.buildForbidExternalUris(); + allowExternalUris_ = builder.allowExternalUris(); + + if (allowExternalUris_) { + blackListedUris_ = builder.buildPermitExternalUris(); + whiteListedUris_ = null; + } else { + info("config.35", null); + blackListedUris_ = null; + whiteListedUris_ = builder.buildForbidExternalUris(); } - - - + // Set set = crlRetentionIntervals.entrySet(); // Iterator i = set.iterator(); // while(i.hasNext()){ // Map.Entry me = (Map.Entry)i.next(); // System.out.println("Key: " + me.getKey() + " - Value: " + me.getValue() ); // } - - - } catch (Throwable t) { + + } catch (final Throwable t) { throw new ConfigurationException("config.11", null, t); } finally { try { if (stream != null) { stream.close(); } - } catch (IOException e) { + } catch (final IOException e) { // don't complain about this } } } - + // private boolean checkTSLenableTrustprofilesExist()throws ConfigurationException { // boolean bTSLEnabledTPExist = false; // Iterator it = trustProfiles.entrySet().iterator(); @@ -462,78 +454,75 @@ public class ConfigurationProvider // if (tp.isTSLEnabled()) // bTSLEnabledTPExist = bTSLEnabledTPExist || true; // } -// +// // return bTSLEnabledTPExist; -// +// // } - - private void checkTSLConfiguration() throws ConfigurationException { - boolean bTSLEnabledTPExist = false; - Iterator it = trustProfiles.entrySet().iterator(); - while (it.hasNext()) { - Map.Entry pairs = (Map.Entry)it.next(); - TrustProfile tp = (TrustProfile) pairs.getValue(); - if (tp.isTSLEnabled()) - bTSLEnabledTPExist = bTSLEnabledTPExist || true; - } - - if (!bTSLEnabledTPExist) { - // if no trustprofile has TSL support enabled, delete TSL configuration - tslconfiguration_ = null; - return; - } - - if (bTSLEnabledTPExist && (tslconfiguration_ == null)) { - error("config.40", null); - throw new ConfigurationException("config.40", null); - } - - File workingDir = new File(tslconfiguration_.getWorkingDirectory()); - File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu"); - if (!eu_trust.exists()) { - error("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); - throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" existiert nicht"}); - } - else { - File[] eutrustFiles = eu_trust.listFiles(); - if (eutrustFiles == null) { - error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); - throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); - } - else { - if (eutrustFiles.length == 0) { - error("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); - throw new ConfigurationException("config.51", new Object[] {"Verzeichnis \"trust/eu\" ist leer"}); - } - } - - } - - File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache"); - if (!hashcache.exists()) { - hashcache.mkdir(); + + private void checkTSLConfiguration() throws ConfigurationException { + boolean bTSLEnabledTPExist = false; + final Iterator it = trustProfiles.entrySet().iterator(); + while (it.hasNext()) { + final Map.Entry pairs = (Map.Entry) it.next(); + final TrustProfile tp = (TrustProfile) pairs.getValue(); + if (tp.isTSLEnabled()) { + bTSLEnabledTPExist = bTSLEnabledTPExist || true; } - if (!hashcache.isDirectory()) { - error("config.38", new Object[] { hashcache.getAbsolutePath() }); - return; + } + + if (!bTSLEnabledTPExist) { + // if no trustprofile has TSL support enabled, delete TSL configuration + tslconfiguration_ = null; + return; + } + + if (bTSLEnabledTPExist && tslconfiguration_ == null) { + error("config.40", null); + throw new ConfigurationException("config.40", null); + } + + final File workingDir = new File(tslconfiguration_.getWorkingDirectory()); + final File eu_trust = new File(workingDir.getAbsolutePath() + "/trust/eu"); + if (!eu_trust.exists()) { + error("config.51", new Object[] { "Verzeichnis \"trust/eu\" existiert nicht" }); + throw new ConfigurationException("config.51", new Object[] { + "Verzeichnis \"trust/eu\" existiert nicht" }); + } else { + final File[] eutrustFiles = eu_trust.listFiles(); + if (eutrustFiles == null) { + error("config.51", new Object[] { "Verzeichnis \"trust/eu\" ist leer" }); + throw new ConfigurationException("config.51", new Object[] { "Verzeichnis \"trust/eu\" ist leer" }); + } else { + if (eutrustFiles.length == 0) { + error("config.51", new Object[] { "Verzeichnis \"trust/eu\" ist leer" }); + throw new ConfigurationException("config.51", new Object[] { "Verzeichnis \"trust/eu\" ist leer" }); + } } + } + + final File hashcache = new File(tslconfiguration_.getWorkingDirectory(), "hashcache"); + if (!hashcache.exists()) { + hashcache.mkdir(); + } + if (!hashcache.isDirectory()) { + error("config.38", new Object[] { hashcache.getAbsolutePath() }); + return; + } + // System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath()); // String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR"); // System.out.println("Hashcache: " + hashcachedir); + Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath()); - Logger.debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath()); - - } - /** * Returns the warnings encountered during building the configuration. - * - * @return A <code>List</code> of <code>String</code>s, containing the - * warning messages. + * + * @return A <code>List</code> of <code>String</code>s, containing the warning + * messages. */ public List getWarnings() { return warnings; @@ -541,57 +530,58 @@ public class ConfigurationProvider /** * Return the name of the digest algorithm used during signature creation. - * - * @return The digest method algorithm name, or an empty <code>String</code>, - * if none has been configured. + * + * @return The digest method algorithm name, or an empty <code>String</code>, if + * none has been configured. */ public String getDigestMethodAlgorithmName() { return digestMethodAlgorithmName; } - + /** * Return the XAdES version used for signature creation. - * - * @return The XAdES version used for signature creation, or an empty <code>String</code>, - * if none has been configured. + * + * @return The XAdES version used for signature creation, or an empty + * <code>String</code>, if none has been configured. */ public String getXAdESVersion() { return xadesVersion; } - + public String getPDFASConfiguration() { - return pdfAsConfiguration; + return pdfAsConfiguration; } - + public int getConnectionTimeout() { - return this.connectionTimeout; + return this.connectionTimeout; } - + public int getReadTimeout() { - return this.readTimeout; + return this.readTimeout; } - + public boolean getAdesFormResults() { - return this.adesFormResults; + return this.adesFormResults; } - + public boolean getAllowExternalUris() { - return this.allowExternalUris_; + return this.allowExternalUris_; } - + public List getBlackListedUris() { - return this.blackListedUris_; + return this.blackListedUris_; } + public List getWhiteListedUris() { - return this.whiteListedUris_; + return this.whiteListedUris_; } - + /** * Return the name of the canonicalization algorithm used during signature * creation. - * - * @return The canonicalization algorithm name, or an empty - * <code>String</code> if none has been configured. + * + * @return The canonicalization algorithm name, or an empty <code>String</code> + * if none has been configured. */ public String getCanonicalizationAlgorithmName() { return canonicalizationAlgorithmName; @@ -599,9 +589,9 @@ public class ConfigurationProvider /** * Return the configured hardware crypto modules. - * + * * @return A <code>List</code> of <code>HardwareCryptoModule</code> objects - * containing the hardware crypto module configurations. + * containing the hardware crypto module configurations. */ public List getHardwareCryptoModules() { return hardwareCryptoModules; @@ -609,9 +599,9 @@ public class ConfigurationProvider /** * Return the hardware key modules configuration. - * + * * @return A <code>List</code> of <code>HardwareKeyModule</code> objects - * containing the configuration of the hardware key modules. + * containing the configuration of the hardware key modules. */ public List getHardwareKeyModules() { return hardwareKeyModules; @@ -619,9 +609,9 @@ public class ConfigurationProvider /** * Return the software key module configuration. - * + * * @return A <code>List</code> of <code>SoftwareKeyModule</code> objects - * containing the configuration of the software key modules. + * containing the configuration of the software key modules. */ public List getSoftwareKeyModules() { return softwareKeyModules; @@ -629,38 +619,38 @@ public class ConfigurationProvider /** * Return the key group mapping. - * - * @return A mapping from key group ID (a <code>String</code>) to - * <code>KeyGroup</code> mapping. + * + * @return A mapping from key group ID (a <code>String</code>) to + * <code>KeyGroup</code> mapping. */ public Map getKeyGroups() { return keyGroups; } - + public KeyGroup getKeyGroup(String keyGroupId) { - if (MiscUtil.isNotEmpty(keyGroupId)) - return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); - - else - return null; + if (MiscUtil.isNotEmpty(keyGroupId)) { + return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); + } else { + return null; + } } /** * Return the set of <code>KeyGroupEntry</code>s of a given key group, which a * client (identified by an issuer/serial pair) may access. - * - * @param issuer The issuer of the client certificate. - * @param serial The serial number of the client certificate. + * + * @param issuer The issuer of the client certificate. + * @param serial The serial number of the client certificate. * @param keyGroupId The ID of the key group. * @return A <code>Set</code> of all the <code>KeyGroupEntry</code>s in the - * given key group, if the user may access them. Returns <code>null</code>, if - * the user may not access the given key group or if the key group does not - * exist. + * given key group, if the user may access them. Returns + * <code>null</code>, if the user may not access the given key group or + * if the key group does not exist. */ public Set getKeyGroupEntries( - Principal issuer, - BigInteger serial, - String keyGroupId) { + Principal issuer, + BigInteger serial, + String keyGroupId) { IssuerAndSerial issuerAndSerial; Map mapping; @@ -673,118 +663,115 @@ public class ConfigurationProvider // System.out.println("Issuer: " + issuer); // System.out.println("serial: " + serial); -// +// // Iterator entries = keyGroupMappings.entrySet().iterator(); // while (entries.hasNext()) { // Entry thisEntry = (Entry) entries.next(); // System.out.println("Entry: " + thisEntry.getKey()); // System.out.println("Value: " + thisEntry.getValue()); // } - + mapping = (Map) keyGroupMappings.get(issuerAndSerial); if (mapping != null) { - KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); + final KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); if (keyGroup != null) { return keyGroup.getKeyGroupEntries(); } } - + // If no key group is available for a client identified by a certificate, // try to find a key group in the anonymous key group mapping - if (issuer != null || serial != null) - { + if (issuer != null || serial != null) { mapping = (Map) keyGroupMappings.get(ANONYMOUS_ISSUER_SERIAL); - if (mapping != null) - { - KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); - if (keyGroup != null) return keyGroup.getKeyGroupEntries(); + if (mapping != null) { + final KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); + if (keyGroup != null) { + return keyGroup.getKeyGroupEntries(); + } } } - + return null; } /** * Return the chaining mode for a given trust anchor. - * + * * @param trustAnchor The trust anchor for which the chaining mode should be - * returned. - * @return The chaining mode for the given trust anchor. If the trust anchor - * has not been configured separately, the system default will be returned. + * returned. + * @return The chaining mode for the given trust anchor. If the trust anchor has + * not been configured separately, the system default will be returned. */ public String getChainingMode(X509Certificate trustAnchor) { - Principal issuer = trustAnchor.getIssuerDN(); - BigInteger serial = trustAnchor.getSerialNumber(); - IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); + final Principal issuer = trustAnchor.getIssuerDN(); + final BigInteger serial = trustAnchor.getSerialNumber(); + final IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); - String mode = (String) chainingModes.get(issuerAndSerial); + final String mode = (String) chainingModes.get(issuerAndSerial); return mode != null ? mode : defaultChainingMode; } /** * Return the distribution points for a given CA. - * + * * @param cert The certificate for which the distribution points should be * looked up. The issuer information is used to perform the lookup. - * - * @return A <code>Set</code> of <code>DistributionPoint</code> objects. The - * set will be empty, if no distribution points have been configured - * for this certificate. + * + * @return A <code>Set</code> of <code>DistributionPoint</code> objects. The set + * will be empty, if no distribution points have been configured for + * this certificate. */ - public Set getDistributionPoints(X509Certificate cert) - { + public Set getDistributionPoints(X509Certificate cert) { try { - RFC2253NameParser nameParser = - new RFC2253NameParser(cert.getIssuerDN().toString()); - String caIssuerDN = nameParser.parse().getName(); - Set dps = (Set) distributionPoints.get(caIssuerDN); + final RFC2253NameParser nameParser = + new RFC2253NameParser(cert.getIssuerDN().toString()); + final String caIssuerDN = nameParser.parse().getName(); + final Set dps = (Set) distributionPoints.get(caIssuerDN); if (dps == null) { return Collections.EMPTY_SET; } return dps; - } catch (RFC2253NameParserException e) { + } catch (final RFC2253NameParserException e) { return Collections.EMPTY_SET; } } /** * Return the CRL archive duration. - * + * * @return The duration of how long to keep CRL archive entries (measured in - * days). + * days). */ public int getCRLArchiveDuration() { return cRLArchiveDuration; } - + /** * Returns whether revocation information should be archived. - * + * * @return whether revocation information should be archived. */ - public boolean getEnableRevocationArchiving() - { + public boolean getEnableRevocationArchiving() { return enableRevocationArchiving_; } - + /** * Returns the location of the certificate store. - * + * * @return the location of the certificate store. */ - public String getCertStoreLocation() - { + public String getCertStoreLocation() { return certStoreLocation_; } /** * Return a <code>CreateTransformsInfoProfile</code> with the given ID. - * + * * @param id The <code>CreateTransformsInfoProfile</code> ID. - * @return The <code>CreateTransformsInfoProfile</code> with the given - * ID or <code>null</code>, if none exists. + * @return The <code>CreateTransformsInfoProfile</code> with the given ID or + * <code>null</code>, if none exists. */ public Element getCreateTransformsInfoProfile(String id) { return (Element) createTransformsInfoProfiles.get(id); @@ -792,10 +779,10 @@ public class ConfigurationProvider /** * Return a <code>CreateSignatureEnvironmentProfile</code> with the given ID. - * + * * @param id The <code>CreateSignatureEnvironmentProfile</code> ID. - * @return The <code>CreateSignatureEnvironmentProfile</code> with the given - * ID or <code>null</code>, if none exists. + * @return The <code>CreateSignatureEnvironmentProfile</code> with the given ID + * or <code>null</code>, if none exists. */ public Element getCreateSignatureEnvironmentProfile(String id) { return (Element) createSignatureEnvironmentProfiles.get(id); @@ -803,10 +790,10 @@ public class ConfigurationProvider /** * Return a <code>VerifyTransformsInfoProfile</code> with the given ID. - * + * * @param id The <code>VerifyTransformsInfoProfile</code> ID. * @return The <code>VerifyTransformsInfoProfile</code> with the given ID or - * <code>null</code>, if none exists. + * <code>null</code>, if none exists. */ public Element getVerifyTransformsInfoProfile(String id) { return (Element) verifyTransformsInfoProfiles.get(id); @@ -814,10 +801,10 @@ public class ConfigurationProvider /** * Return a <code>SupplementProfile</code> with the given ID. - * + * * @param id The <code>SupplementProfile</code> ID. * @return The <code>SupplementProfile</code> with the given ID or - * <code>null</code>, if none exists. + * <code>null</code>, if none exists. */ public Element getSupplementProfile(String id) { return (Element) supplementProfiles.get(id); @@ -825,63 +812,64 @@ public class ConfigurationProvider /** * Return a <code>TrustProfile</code> with the given ID. - * + * * @param id The <code>TrustProfile</code> ID. - * @return The <code>TrustProfile</code> with the given ID or - * <code>null</code>, if none exists. + * @return The <code>TrustProfile</code> with the given ID or <code>null</code>, + * if none exists. */ public TrustProfile getTrustProfile(String id) { - if (MiscUtil.isNotEmpty(id)) { - id = id.trim().toLowerCase(); - return (TrustProfile) trustProfiles.get(id); - - } - - return null; + if (MiscUtil.isNotEmpty(id)) { + id = id.trim().toLowerCase(); + return (TrustProfile) trustProfiles.get(id); + + } + + return null; } - + /** * Returns a map of <code>TrustProfiles</code> + * * @return */ public Map getTrustProfiles() { - return trustProfiles; + return trustProfiles; } /** * Log a warning. - * - * @param messageId The message ID. + * + * @param messageId The message ID. * @param parameters Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private static void info(String messageId, Object[] parameters) { - MessageProvider msg = MessageProvider.getInstance(); + final MessageProvider msg = MessageProvider.getInstance(); Logger.info(new LogMsg(msg.getMessage(messageId, parameters))); } - + /** * Log a debug message. - * - * @param messageId The message ID. + * + * @param messageId The message ID. * @param parameters Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private static void debug(String message) { Logger.debug(message); } - - /** + + /** * Log a warning. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void warn(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.warn(new LogMsg(txt)); warnings.add(txt); @@ -889,119 +877,126 @@ public class ConfigurationProvider /** * Log an error. - * + * * @param messageId The message ID. - * @param args Additional parameters for the message. + * @param args Additional parameters for the message. * @see at.gv.egovernment.moa.spss.server.util.MessageProvider */ private void error(String messageId, Object[] args) { - MessageProvider msg = MessageProvider.getInstance(); - String txt = msg.getMessage(messageId, args); + final MessageProvider msg = MessageProvider.getInstance(); + final String txt = msg.getMessage(messageId, args); Logger.warn(new LogMsg(txt)); // warnings.add(txt); } - + /** * Returns the JDBC URL for the revocation archive database. - * + * * @return the JDBC URL for the revocation archive database. */ - public String getRevocationArchiveJDBCURL() - { + public String getRevocationArchiveJDBCURL() { return revocationArchiveJDBCURL_; } /** * Returns the JDBC driver class name for the revocation archive database. - * + * * @return the JDBC driver class name for the revocation archive database. */ - public String getRevocationArchiveJDBCDriverClass() - { + public String getRevocationArchiveJDBCDriverClass() { return revocationArchiveJDBCDriverClass_; } /** * Returns whether revocation checking should be done. - * + * * @return whether revocation checking should be done. */ - public boolean getEnableRevocationChecking() - { + public boolean getEnableRevocationChecking() { return enableRevocationChecking_; } /** - * Returns the maximum age of a revocation information for considering it - * still as valid. - * - * @return the maximum age of a revocation information for considering it - * still as valid. + * Returns the maximum age of a revocation information for considering it still + * as valid. + * + * @return the maximum age of a revocation information for considering it still + * as valid. */ - public long getMaxRevocationAge() - { + public long getMaxRevocationAge() { return maxRevocationAge_; } /** * Returns the service order for revocation checking. - * + * * @return the service order for revocation checking. Valid array entries are - * {@link RevocationSourceTypes#OCSP} and {@link RevocationSourceTypes#CRL}. + * {@link RevocationSourceTypes#OCSP} and + * {@link RevocationSourceTypes#CRL}. */ - public String[] getServiceOrder() - { + public String[] getServiceOrder() { return serviceOrder_; } /** - * Returns whether certificates found during certificate path construction + * Returns whether certificates found during certificate path construction * should be added to the certificate store. - * - * @return whether certificates found during certificate path construction + * + * @return whether certificates found during certificate path construction * should be added to the certificate store. */ - public boolean getAutoAddCertificates() - { + public boolean getAutoAddCertificates() { return autoAddCertificates_; } /** - * Returns whether the certificate extension Authority Info Access should - * be used during certificate path construction. - * - * @return whether the certificate extension Authority Info Access should - * be used during certificate path construction. + * Returns whether EE certificates found during certificate path construction + * should be added to the certificate store. + * + * @return whether certificates found during certificate path construction + * should be added to the certificate store. + */ + public boolean getAutoAddEECertificates() { + return autoAddEECertificates_; + } + + /** + * Returns whether the certificate extension Authority Info Access should be + * used during certificate path construction. + * + * @return whether the certificate extension Authority Info Access should be + * used during certificate path construction. */ - public boolean getUseAuthorityInfoAccess() - { + public boolean getUseAuthorityInfoAccess() { return useAuthorityInfoAccess_; } - + /** * Returns whether the file URIs are permitted or not + * * @return whether the file URIs are permitted or not */ - public boolean getPermitFileURIs() - { - return permitFileURIs; + public boolean getPermitFileURIs() { + return permitFileURIs; } - + /** * Returns the map of retention intervals + * * @return The map of retention intervals */ public Map getCrlRetentionIntervals() { - return crlRetentionIntervals; + return crlRetentionIntervals; } - + /** * Returns the global TSL configuration + * * @return The global TSL configuration */ public TSLConfiguration getTSLConfiguration() { - return tslconfiguration_; + return tslconfiguration_; } - + }
\ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java index a2e5b93..bf911df 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/DistributionPoint.java @@ -21,42 +21,40 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; /** * Abstract base class for distribution points. - * + * * @author Gregor Karlinger * @version $Id$ - * */ -public abstract class DistributionPoint implements iaik.pki.revocation.DistributionPoint -{ - /** - * The distribution point URI. + */ +public abstract class DistributionPoint implements iaik.pki.revocation.DistributionPoint { + /** + * The distribution point URI. */ - private String uri_; + private final String uri_; /** * Create a <code>DistributionPoint</code> with a URI. - * + * * @param uri The URI of the distribution point. */ - public DistributionPoint(String uri) - { + public DistributionPoint(String uri) { uri_ = uri; } - + /** * @see iaik.pki.revocation.DistributionPoint#getType() */ + @Override public abstract String getType(); /** * @see iaik.pki.revocation.DistributionPoint#getUri() */ - public String getUri() - { + @Override + public String getUri() { return uri_; } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java index c0487f6..99ca1c3 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareCryptoModule.java @@ -21,40 +21,38 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; /** * Contains configuration data for a hardware crypto module. - * + * * @author Patrick Peck * @version $Id$ */ public class HardwareCryptoModule { /** The name of the module. */ - private String name; + private final String name; /** The slod ID of the module. */ - private String slotID; + private final String slotID; /** The user PIN of the module. */ - private String userPIN; - + private final String userPIN; + /** * Create a new <code>HardwareCryptoModule</code>. - * - * @param name The name of this <code>HardwareCryptoModule</code>. - * @param slotID The slot ID of this <code>HardwareCryptoModule</code>. - * @param userPIN The user PIN to access this - * <code>HardwareCryptoModule</code>. + * + * @param name The name of this <code>HardwareCryptoModule</code>. + * @param slotID The slot ID of this <code>HardwareCryptoModule</code>. + * @param userPIN The user PIN to access this <code>HardwareCryptoModule</code>. */ public HardwareCryptoModule(String name, String slotID, String userPIN) { this.name = name; this.slotID = slotID; this.userPIN = userPIN; } - + /** * Returns the name of this <code>HardwareCryptoModule</code>. - * + * * @return The name of this <code>HardwareCryptoModule</code>. */ public String getName() { @@ -63,22 +61,20 @@ public class HardwareCryptoModule { /** * Returns the slot ID of this <code>HardwareCryptoModule</code>. - * + * * @return The slot ID. */ public String getSlotID() { return slotID; } - /** * Returns the user PIN of this <code>HardwareCryptoModule</code>. - * + * * @return The user PIN used to access the module. */ public String getUserPIN() { return userPIN; } - } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java index 18fd085..5fa408c 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/HardwareKeyModule.java @@ -21,60 +21,59 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; /** * A class that contains information about a hardware key module. - * + * * @author Patrick Peck * @version $Id$ */ public class HardwareKeyModule extends KeyModule { /** The name of the module. */ - private String name; + private final String name; /** The slod ID of the module. */ - private String slotID; + private final String slotID; /** The user PIN of the module. */ - private String userPIN; - + private final String userPIN; + /** * Create a new <code>HardwareKey</code>. - * - * @param id The key module ID. - * @param name The name of the key. - * @param slotID The slot ID of the key within the hardware module. May be - * <code>null</code>. + * + * @param id The key module ID. + * @param name The name of the key. + * @param slotID The slot ID of the key within the hardware module. May be + * <code>null</code>. * @param userPIN The user PIN to access the key. */ public HardwareKeyModule(String id, String name, String slotID, String userPIN) { super(id); this.name = name; this.slotID = slotID; - this.userPIN = userPIN; + this.userPIN = userPIN; } - + /** * Return the name of this <code>HardwareKey</code>. - * + * * @return The name of this <code>HardwareKey</code>. */ public String getName() { return name; } - + /** * Return the slot ID of this <code>HardwareKey</code>. - * + * * @return The slot ID of this <code>HardwareKey</code>. */ public String getSlotID() { return slotID; } - + /** * Return the user PIN to access this <code>HardwareKey</code>. - * + * * @return The user PIN to access this <code>HardwareKey</code>. */ public String getUserPIN() { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java index 38a3ae9..03827f2 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/IssuerAndSerial.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; import java.math.BigInteger; @@ -34,25 +33,25 @@ import iaik.utils.RFC2253NameParserException; /** * A class containing the issuer and serial number of a certificate, which can * be used to uniquely identify the certificate. - * + * * The issuer is contained as an RFC2253 encoded <code>String</code>. - * + * * @author Patrick Peck * @version $Id$ */ public class IssuerAndSerial { /** The issuer distinguished name. */ - private String issuerDN; + private final String issuerDN; /** The certificate serial number. */ - private BigInteger serial; + private final BigInteger serial; /** * Create an <code>IssuerAndSerial</code> object. - * + * * The name of the issuer is converted to RFC2253. If it cannot be parsed, the - * DN contained in the <code>issuer</code> is set. - * + * DN contained in the <code>issuer</code> is set. + * * @param issuer The isser of a certificate. * @param serial The serial number of the certificate. */ @@ -60,28 +59,28 @@ public class IssuerAndSerial { String issuerDN = null; if (issuer instanceof Name) { try { - issuerDN = ((Name)issuer).getRFC2253String(); - } catch (RFC2253NameParserException e) { + issuerDN = ((Name) issuer).getRFC2253String(); + } catch (final RFC2253NameParserException e) { // do nothing } } if (issuerDN == null) { - RFC2253NameParser parser = new RFC2253NameParser(issuer.getName()); + final RFC2253NameParser parser = new RFC2253NameParser(issuer.getName()); try { - issuerDN = ((Name)parser.parse()).getRFC2253String(); - } catch (RFC2253NameParserException e) { + issuerDN = parser.parse().getRFC2253String(); + } catch (final RFC2253NameParserException e) { issuerDN = issuer.getName(); } } this.serial = serial; this.issuerDN = issuerDN; } - + /** * Create an <code>IssuerAndSerial</code> object. - * + * * @param issuerDN The issuer distinguished name. Should be an RFC2253 name. - * @param serial The serial number of the certificate. + * @param serial The serial number of the certificate. */ public IssuerAndSerial(String issuerDN, BigInteger serial) { this.issuerDN = issuerDN; @@ -90,7 +89,7 @@ public class IssuerAndSerial { /** * Return the issuer DN in RFC2253 format. - * + * * @return The issuer part of this object. */ public String getIssuerDN() { @@ -99,7 +98,7 @@ public class IssuerAndSerial { /** * Return the serial number. - * + * * @return The serial number of this object. */ public BigInteger getSerial() { @@ -108,28 +107,31 @@ public class IssuerAndSerial { /** * Compare this <code>IssuerAndSerial</code> to another object. - * + * * @param other The object to compare this <code>IssuerAndSerial</code> to. * @return <code>true</code>, if <code>other</code> is an - * <code>IssuerAndSerial</code> object and the <code>issuer</code> and - * <code>serial</code> fields are both equal. <code>false</code> otherwise. + * <code>IssuerAndSerial</code> object and the <code>issuer</code> and + * <code>serial</code> fields are both equal. <code>false</code> + * otherwise. * @see java.lang.Object#equals(java.lang.Object) */ + @Override public boolean equals(Object other) { if (other instanceof IssuerAndSerial) { - IssuerAndSerial ias = (IssuerAndSerial) other; + final IssuerAndSerial ias = (IssuerAndSerial) other; return getIssuerDN().equals(ias.getIssuerDN()) - && getSerial().equals(ias.getSerial()); + && getSerial().equals(ias.getSerial()); } return false; } /** * Return the hash code of this <code>IssuerAndSerial</code>. - * + * * @return The hash code of this <code>IssuerAndSerial</code>. * @see java.lang.Object#hashCode() */ + @Override public int hashCode() { return issuerDN.hashCode() ^ serial.hashCode(); } @@ -137,13 +139,14 @@ public class IssuerAndSerial { /** * Return a <code>String</code> representation of this * <code>IssuerAndSerial</code> object. - * + * * @return The <code>String</code> representation. * @see java.lang.Object#toString() */ + @Override public String toString() { - return ("(IssuerAndSerial - Issuer<" + getIssuerDN()) - + ("> Serial<" + serial.toString() + ">)"); + return "(IssuerAndSerial - Issuer<" + getIssuerDN() + + "> Serial<" + serial.toString() + ">)"; } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java index c2490f9..faeaf82 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; import java.util.Iterator; @@ -29,7 +28,7 @@ import java.util.Set; /** * A collection of <code>KeyGroupEntry</code>s with its own ID. - * + * * @author Sven Aigner * @author Patrick Peck * @version $Id$ @@ -37,59 +36,62 @@ import java.util.Set; public class KeyGroup { /** The keys belonging to this key group. */ - private Set keyGroupEntries; + private final Set keyGroupEntries; /** The key group ID. */ - private String id; + private final String id; /** The digest method algorithm for the key group */ - private String digestMethodAlgorithm; + private final String digestMethodAlgorithm; /** * Create a <code>KeyGroup</code>. - * - * @param id The ID of this <code>KeyGroup</code>. - * @param keyGroupEntries The keys belonging to this <code>KeyGroup</code>. + * + * @param id The ID of this <code>KeyGroup</code>. + * @param keyGroupEntries The keys belonging to this + * <code>KeyGroup</code>. * @param digestMethodAlgorithm The signature algorithm used for this key group */ public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm) { this.id = id; this.keyGroupEntries = keyGroupEntries; - this.digestMethodAlgorithm = digestMethodAlgorithm; + this.digestMethodAlgorithm = digestMethodAlgorithm; } /** * Return the <code>KeyEntry</code>s contained in this <code>KeyGroup</code>. - * + * * @return The <code>KeyEntry</code>s contained in this <code>KeyGroup</code>. */ public Set getKeyGroupEntries() { return keyGroupEntries; } - + /** * Returnd the digest method algorithm used for this key group + * * @return The digest method signature algorithm used for this key group */ public String getDigestMethodAlgorithm() { - return digestMethodAlgorithm; + return digestMethodAlgorithm; } /** * Return the ID of this <code>KeyGroup</code>. - * + * * @return The <code>KeyGroup</code> ID. */ public String getId() { return id; } - /** + /** * Return a <code>String</code> representation of this <code>KeyGroup</code>. - * + * * @return The <code>String</code> representation. * @see java.lang.Object#toString() */ + @Override public String toString() { - StringBuffer sb = new StringBuffer(); + final StringBuffer sb = new StringBuffer(); Iterator i; if (getKeyGroupEntries() != null) { @@ -99,7 +101,8 @@ public class KeyGroup { sb.append(" " + i.next()); } } - return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: " + digestMethodAlgorithm; + return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: " + + digestMethodAlgorithm; } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java index fcedfb0..d73b755 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroupEntry.java @@ -21,31 +21,30 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; import java.math.BigInteger; /** * A class containing information about an entry in a key group. - * + * * @author Patrick Peck * @version $Id$ */ public class KeyGroupEntry { /** The module ID of the key. */ - private String moduleID; + private final String moduleID; /** The issuer DN of the certificate identifying the key. */ - private String issuerDN; + private final String issuerDN; /** The serial number of the certificate identifying the key. */ - private BigInteger serialNumber; + private final BigInteger serialNumber; /** * Create a new <code>KeyGroupEntry</code>. - * - * @param moduleID The key module ID to which this entry belongs to. - * @param issuerAndSerial The issuer and serial number which uniquely - * identifies a certificate within the key module. + * + * @param moduleID The key module ID to which this entry belongs to. + * @param issuerAndSerial The issuer and serial number which uniquely identifies + * a certificate within the key module. */ public KeyGroupEntry(String moduleID, IssuerAndSerial issuerAndSerial) { this.moduleID = moduleID; @@ -55,25 +54,24 @@ public class KeyGroupEntry { /** * Create a new <code>KeyGroupEntry</code>. - * - * @param moduleID The key module ID to which this entry belongs to. - * @param issuerDN The isser DN of the certificate within the key module. + * + * @param moduleID The key module ID to which this entry belongs to. + * @param issuerDN The isser DN of the certificate within the key module. * @param serialNumber The serial number of the certificate within the key - * module. + * module. */ public KeyGroupEntry( - String moduleID, - String issuerDN, - BigInteger serialNumber) { + String moduleID, + String issuerDN, + BigInteger serialNumber) { this.moduleID = moduleID; this.issuerDN = issuerDN; this.serialNumber = serialNumber; } /** - * Return the key module ID to which this <code>KeyGroupEntry</code> belongs - * to. - * + * Return the key module ID to which this <code>KeyGroupEntry</code> belongs to. + * * @return The key module ID. */ public String getModuleID() { @@ -83,7 +81,7 @@ public class KeyGroupEntry { /** * Return the issuer DN of this <code>KeyGroupEntry</code> for identifying the * certificate within the key module. - * + * * @return The issuer DN of the certificate. */ public String getIssuerDN() { @@ -93,7 +91,7 @@ public class KeyGroupEntry { /** * Return the serial number of this <code>KeyGroupEntry</code> for identifying * the certificate within the key module. - * + * * @return The serial number of the certificate. */ public BigInteger getSerialNumber() { @@ -105,26 +103,28 @@ public class KeyGroupEntry { * * @param other The <code>KeyGroupEntry</code> to compare to. * @return <code>true</code>, if module ID, isser DN and serial number of - * <code>other</code> match the ones contained in this object, otherwise - * <code>false</code>. + * <code>other</code> match the ones contained in this object, otherwise + * <code>false</code>. * @see java.lang.Object#equals(Object) */ + @Override public boolean equals(Object other) { if (other instanceof KeyGroupEntry) { - KeyGroupEntry entry = (KeyGroupEntry) other; + final KeyGroupEntry entry = (KeyGroupEntry) other; return getModuleID().equals(entry.getModuleID()) - && getIssuerDN().equals(entry.getIssuerDN()) - && getSerialNumber().equals(entry.getSerialNumber()); + && getIssuerDN().equals(entry.getIssuerDN()) + && getSerialNumber().equals(entry.getSerialNumber()); } return false; } - + /** * @see java.lang.Object#hashCode() */ + @Override public int hashCode() { return getModuleID().hashCode() - ^ getIssuerDN().hashCode() - ^ getSerialNumber().hashCode(); + ^ getIssuerDN().hashCode() + ^ getSerialNumber().hashCode(); } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java index 45d8d7e..6a665d6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyModule.java @@ -21,23 +21,22 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; /** * A class that contains information about a key module. - * + * * @author Patrick Peck * @version $Id$ */ public class KeyModule { /** The key module ID. */ - private String id; + private final String id; /** * Create a <code>Key</code> object. - * + * * @param id The key module ID. */ public KeyModule(String id) { @@ -46,7 +45,7 @@ public class KeyModule { /** * Return the key ID. - * + * * @return The key ID. */ public String getId() { @@ -55,10 +54,11 @@ public class KeyModule { /** * Return a <code>String</code> representation of this <code>Key</code>. - * + * * @return The <code>String</code> representation. * @see java.lang.Object#toString() */ + @Override public String toString() { return "(Key - Id<" + id + ">)"; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java index 2e91c6b..97ced05 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/OCSPDistributionPoint.java @@ -21,36 +21,33 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; import iaik.pki.revocation.RevocationSourceTypes; /** * A class representing a CRL distribution point. - * + * * @author Gregor Karlinger * @version $Id$ */ -public class OCSPDistributionPoint - extends DistributionPoint - implements iaik.pki.revocation.DistributionPoint -{ +public class OCSPDistributionPoint + extends DistributionPoint + implements iaik.pki.revocation.DistributionPoint { /** * Create a <code>OCSPDistributionPoint</code> with a URI. - * + * * @param uri The URI of the ocsp distribution point. */ - public OCSPDistributionPoint(String uri) - { + public OCSPDistributionPoint(String uri) { super(uri); } /** * @see iaik.pki.revocation.DistributionPoint#getType() */ - public String getType() - { + @Override + public String getType() { return RevocationSourceTypes.OCSP; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java index 0ed83bb..3c038cf 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/SoftwareKeyModule.java @@ -21,25 +21,24 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; /** * A class containing information about a software key, stored in PKCS12 format. - * + * * @author Patrick Peck * @version $Id$ */ public class SoftwareKeyModule extends KeyModule { /** The name of the file containing the keys. */ - private String fileName; + private final String fileName; /** The password for accessing the file. */ - private String passWord; - + private final String passWord; + /** * Create a new <code>SoftwareKey</code>. - * - * @param id The key ID. + * + * @param id The key ID. * @param fileName The name of the PKCS12 keystore file containing the key. * @param passWord The password to access the keystore file. */ @@ -48,25 +47,24 @@ public class SoftwareKeyModule extends KeyModule { this.fileName = fileName; this.passWord = passWord; } - + /** * Return the name of the PKCS12 keystore file containing this * <code>SoftwareKey</code>. - * + * * @return The name of the PKCS12 keystore file. */ public String getFileName() { return fileName; } - + /** * Return the password to access the keystore file. - * + * * @return The password to access the keystore file. */ public String getPassWord() { return passWord; } - } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index 0063c7f..94155d6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.server.config; import java.net.URI; @@ -35,129 +34,139 @@ import java.util.regex.PatternSyntaxException; import at.gv.egovernment.moa.sig.tsl.TslConstants; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.MiscUtil; -import iaik.x509.X509Certificate; /** * Information about a trust profile. - * + * * @author Patrick Peck * @version $Id$ */ public class TrustProfile { /** The ID of the trust profile. */ - private String id; + private final String id; /** The URI giving the location of the trust profile. */ - private String uri; + private final String uri; /** The URI giving the location of the allowed signer certificates. */ - private String signerCertsUri; - - /** Defines if Trustprofile makes use of EU TSL*/ - private boolean tslEnabled; - /** The countries given */ - private List<String> countries = new ArrayList<String>(); - - private List<URI> allowedTspStatus = new ArrayList<URI>(); - private List<Pattern> allowedTspServiceTypes = new ArrayList<Pattern>(); - - + private final String signerCertsUri; + + /** Defines if Trustprofile makes use of EU TSL */ + private final boolean tslEnabled; + /** The countries given */ + private final List<String> countries = new ArrayList<>(); + + private final List<URI> allowedTspStatus = new ArrayList<>(); + private final List<Pattern> allowedTspServiceTypes = new ArrayList<>(); + /** * Create a <code>TrustProfile</code>. - * - * @param id The ID of the <code>TrustProfile</code> to create. - * @param uri The URI of the <code>TrustProfile</code> to create. - * @param signerCertsUri The URI of the location of the allowed signer - * certificates of the <code>TrustProfile</code> to create. - * @param allowedTspServiceTypes - * @param allowedTspStatus + * + * @param id The ID of the <code>TrustProfile</code> to + * create. + * @param uri The URI of the <code>TrustProfile</code> to + * create. + * @param signerCertsUri The URI of the location of the allowed signer + * certificates of the <code>TrustProfile</code> + * to create. + * @param allowedTspServiceTypes + * @param allowedTspStatus */ - public TrustProfile(String id, String uri, String signerCertsUri, - boolean tslEnabled, String countries, String allowedTspStatus, String allowedTspServiceTypes) { + public TrustProfile(String id, String uri, String signerCertsUri, + boolean tslEnabled, String countries, String allowedTspStatus, String allowedTspServiceTypes) { this.id = id; this.uri = uri; this.signerCertsUri = signerCertsUri; - - //TSL configuration parameters + + // TSL configuration parameters this.tslEnabled = tslEnabled; - if (tslEnabled) { - setCountries(countries); - if (!this.countries.isEmpty()) - Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries"); - else - Logger.info("TrustProfile "+ id + " allows " + "ALL" + " TSL countries"); - - setAllowedTspStatus(allowedTspStatus); - Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier"); - - setAllowedTspServiceTypes(allowedTspServiceTypes); - Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier"); - - } + if (tslEnabled) { + setCountries(countries); + if (!this.countries.isEmpty()) { + Logger.info("TrustProfile " + id + " allows " + Arrays.toString(this.countries.toArray()) + + " TSL countries"); + } else { + Logger.info("TrustProfile " + id + " allows " + "ALL" + " TSL countries"); + } + + setAllowedTspStatus(allowedTspStatus); + Logger.info("TrustProfile " + id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + + " TSP status identifier"); + + setAllowedTspServiceTypes(allowedTspServiceTypes); + Logger.info("TrustProfile " + id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + + " TSL service-type identifier"); + + } } private void setCountries(String countries) { - if (MiscUtil.isNotEmpty(countries)) { - String[] ccArray = countries.split(","); - for (String el : ccArray) - this.countries.add(el.trim()); - - } + if (MiscUtil.isNotEmpty(countries)) { + final String[] ccArray = countries.split(","); + for (final String el : ccArray) { + this.countries.add(el.trim()); + } + + } } - + private void setAllowedTspStatus(String allowedTspStatus) { - if (MiscUtil.isNotEmpty(allowedTspStatus)) { - String[] ccArray = allowedTspStatus.split(","); - for (String el : ccArray) { - try { - this.allowedTspStatus.add(new URI(el.trim())); - - } catch (URISyntaxException e) { - Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Status identifier (" + el + ")"); - - } - - } - - } else { - Logger.debug("Use default set of TSP Status identifier"); - this.allowedTspStatus.addAll( - Arrays.asList( - TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.granted), - TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.recognisedatnationallevel), - TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.accredited), - TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.undersupervision))); - - } - + if (MiscUtil.isNotEmpty(allowedTspStatus)) { + final String[] ccArray = allowedTspStatus.split(","); + for (final String el : ccArray) { + try { + this.allowedTspStatus.add(new URI(el.trim())); + + } catch (final URISyntaxException e) { + Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Status identifier (" + el + + ")"); + + } + + } + + } else { + Logger.debug("Use default set of TSP Status identifier"); + this.allowedTspStatus.addAll( + Arrays.asList( + TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.granted), + TslConstants.SERVICE_STATUS_SORT_TO_URI.get( + TslConstants.SERVICE_STATUS_SHORT.recognisedatnationallevel), + TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.accredited), + TslConstants.SERVICE_STATUS_SORT_TO_URI.get( + TslConstants.SERVICE_STATUS_SHORT.undersupervision))); + + } + } - + private void setAllowedTspServiceTypes(String allowedTspServiceTypes) { - if (MiscUtil.isNotEmpty(allowedTspServiceTypes)) { - String[] ccArray = allowedTspServiceTypes.split(","); - for (String el : ccArray) { - try { - this.allowedTspServiceTypes.add(Pattern.compile(el.trim())); - - } catch (PatternSyntaxException e) { - Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier Regex pattern(" + el + ")"); - - } - - } - - } else { - Logger.debug("Use default set of TSP Service-Type identifier"); - this.allowedTspServiceTypes.addAll( - Arrays.asList( - Pattern.compile(TslConstants.DEFAULT_REGEX_PATTERN_ALLOW_ALL))); - - } - + if (MiscUtil.isNotEmpty(allowedTspServiceTypes)) { + final String[] ccArray = allowedTspServiceTypes.split(","); + for (final String el : ccArray) { + try { + this.allowedTspServiceTypes.add(Pattern.compile(el.trim())); + + } catch (final PatternSyntaxException e) { + Logger.warn("TrustProfile: " + this.id + + " contains a non-valid TSP Service-Type identifier Regex pattern(" + el + ")"); + + } + + } + + } else { + Logger.debug("Use default set of TSP Service-Type identifier"); + this.allowedTspServiceTypes.addAll( + Arrays.asList( + Pattern.compile(TslConstants.DEFAULT_REGEX_PATTERN_ALLOW_ALL))); + + } + } - + /** * Return the ID of this <code>TrustProfile</code>. - * + * * @return The <code>TrustProfile</code> ID. */ public String getId() { @@ -166,49 +175,51 @@ public class TrustProfile { /** * Return the URI of this <code>TrustProfile</code>. - * + * * @return The URI of <code>TrustProfile</code>. */ public String getUri() { return uri; } - /** - * Return the URI giving the location of the allowed signer certificates - * of this <code>TrustProfile</code>. - * + * Return the URI giving the location of the allowed signer certificates of this + * <code>TrustProfile</code>. + * * @return The URI of <code>TrustProfile</code>. */ public String getSignerCertsUri() { return signerCertsUri; } + /** * Returns if Trustprofile is TSL enabled + * * @return */ public boolean isTSLEnabled() { - return tslEnabled; + return tslEnabled; } + /** * Returns the given countries + * * @return Given countries */ public List<String> getCountries() { - if (!tslEnabled) - return null; - else - return countries; + if (!tslEnabled) { + return null; + } else { + return countries; + } } public List<URI> getAllowedTspStatus() { - return allowedTspStatus; + return allowedTspStatus; } public List<Pattern> getAllowedTspServiceTypes() { - return allowedTspServiceTypes; + return allowedTspServiceTypes; } - - - + } |