diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki')
4 files changed, 536 insertions, 0 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java new file mode 100644 index 0000000..491986b --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -0,0 +1,158 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.spss.server.iaik.pki; + +import iaik.pki.PKIProfile; +import iaik.pki.pathvalidation.ValidationProfile; +import iaik.pki.revocation.RevocationProfile; +import iaik.pki.store.truststore.TrustStoreProfile; +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl; +import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl; + +/** + * Implementation of the <code>PKIProfile</code> interface containing + * information needed for certificate path validation. It uses configuration + * data from the MOA configuration. + * + * @author Patrick Peck + * @version $Id$ + */ +public class PKIProfileImpl implements PKIProfile { + + /** Profile information for revocation checking. */ + private RevocationProfile revocationProfile; + /** Profile information about the trust profile to use. */ + private TrustStoreProfile trustStoreProfile; + /** Profile information about the certificate validation. */ + private ValidationProfile validationProfile; + /** + * The <code>ConfigurationProvider</code> to read the MOA configuration data + * from. + */ + private ConfigurationProvider config; + + /** + * Create a new <code>PKIProfileImpl</code>. + * + * @param config + * The MOA configuration providing configuration data about + * certificate path validation. + * @param trustProfileID + * The trust profile ID denoting the location of the trust store. + * @throws MOAApplicationException + * An error occurred building the profile. + */ + public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException { + + this.config = config; + setRevocationProfile(new RevocationProfileImpl(config)); + setTrustStoreProfile(new TrustStoreProfileImpl(config, trustProfileID)); + setValidationProfile(new ValidationProfileImpl(config)); + } + + /** + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ + /*public boolean autoAddCertificates() { + return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates(); + }*/ + + /** + * @see iaik.pki.PKIProfile#getRevocationProfile() + */ + public RevocationProfile getRevocationProfile() { + return revocationProfile; + } + + /** + * Sets the <code>RevocationProfile</code>. + * + * @param revocationProfile + * The <code>RevocationProfile</code> used for revocation + * checking. + */ + protected void setRevocationProfile(RevocationProfile revocationProfile) { + this.revocationProfile = revocationProfile; + } + + /** + * @see iaik.pki.PKIProfile#getTrustStoreProfile() + */ + public TrustStoreProfile getTrustStoreProfile() { + return trustStoreProfile; + } + + /** + * Sets the <code>TrustStoreProfile</code>. + * + * @param trustStoreProfile + * The <code>TrustStoreProfile</code>. + */ + protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) { + this.trustStoreProfile = trustStoreProfile; + } + + /** + * @see iaik.pki.PKIProfile#getValidationProfile() + */ + public ValidationProfile getValidationProfile() { + return validationProfile; + } + + /** + * Sets the <code>ValidationProfile</code>. + * + * @param validationProfile + * The <code>ValidationProfile</code> to set. + */ + protected void setValidationProfile(ValidationProfile validationProfile) { + this.validationProfile = validationProfile; + } + + /** + * @see iaik.pki.PKIProfile#useAuthorityInfoAccess() + */ + public boolean useAuthorityInfoAccess() { + return config.getUseAuthorityInfoAccess(); + } + + /** + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ + @Override + public int autoAddCertificates() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return 0; + } + + @Override + public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { + // TODO AFITZEK TODO IMPLEMENT THIS METHOD + return null; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java new file mode 100644 index 0000000..7e62d60 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/pathvalidation/ValidationProfileImpl.java @@ -0,0 +1,131 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation; + +import iaik.pki.pathvalidation.ValidationProfile; + +import java.util.Collections; +import java.util.Set; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * An implementation of the <code>ValidationProfile</code> interface providing + * information about certificat path validation. + * + * @author Patrick Peck + * @version $Id$ + */ +public class ValidationProfileImpl implements ValidationProfile { + + /** The <code>ConfigurationProvider</code> to read the configuration data + * from. */ + private ConfigurationProvider config; + private boolean initialAnyPolicyInhibit; + private boolean initialExplicitPolicy; + private boolean initialPolicyMappingInhibit; + private Set initialPolicySet; + private boolean nameConstraintsProcessing; + private boolean policyProcessing; + + /** + * Create a new <code>ValidationProfileImpl</code> object. + * + * This objects's fields are preset to the following values: + * + * <ul> + * <li><code>initialAnyPolicyInhibit = true</code></li> + * <li><code>initialExplicitPoliy = true</code></li> + * <li><code>initialPolicyMappingInhibit = true</code></li> + * <li><code>initialPolicySet = empty</code></li> + * <li><code>policyProcessing = false</code></li> + * <li><code>nameConstraintsProcessing = false</code></li> + * <li><code>revocationChecking = false</code></li> + * </ul> + * + * @param config MOA configuration data for additional configuration + * information (currently unused). + */ + public ValidationProfileImpl(ConfigurationProvider config) { + this.config = config; + initialAnyPolicyInhibit = true; + initialExplicitPolicy = true; + initialPolicyMappingInhibit = true; + initialPolicySet = Collections.EMPTY_SET; + policyProcessing = false; + nameConstraintsProcessing = false; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit() + */ + public boolean getInitialAnyPolicyInhibit() { + return initialAnyPolicyInhibit; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy() + */ + public boolean getInitialExplicitPolicy() { + return initialExplicitPolicy; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit() + */ + public boolean getInitialPolicyMappingInhibit() { + return initialPolicyMappingInhibit; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet() + */ + public Set getInitialPolicySet() { + return initialPolicySet; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing() + */ + public boolean getPolicyProcessing() { + return policyProcessing; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing() + */ + public boolean getNameConstraintsProcessing() { + return nameConstraintsProcessing; + } + + /** + * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking() + */ + public boolean getRevocationChecking() + { + return config.getEnableRevocationChecking(); + } + +}
\ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java new file mode 100644 index 0000000..14627b2 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/revocation/RevocationProfileImpl.java @@ -0,0 +1,88 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.pki.revocation; + +import java.security.cert.X509Certificate; + +import iaik.pki.revocation.RevocationProfile; +import iaik.pki.revocation.RevocationSourceTypes; + +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; + +/** + * An implementation of the <code>RevocationProfile</code> interface providing + * information about revocation status checking, based on MOA configuration + * data. + * + * @author Patrick Peck + * @version $Id$ + */ +public class RevocationProfileImpl implements RevocationProfile { + /** The default service order. */ + private static final String[] DEFAULT_SERVICE_ORDER = + { RevocationSourceTypes.CRL, RevocationSourceTypes.OCSP }; + /** The <code>ConfigurationProvider</code> to read the MOA configuration data + * from. */ + private ConfigurationProvider config; + /** The OCSP request hash algorithm. Currently only "SHA" is supported. */ + private static final String oCSPRequestHashAlgorithm = "SHA"; + + /** + * Create a new <code>RevocationProfileImpl</code>. + * + * @param config The MOA configuration data. + */ + public RevocationProfileImpl(ConfigurationProvider config) { + this.config = config; + // currently only "SHA" is supported +// this.oCSPRequestHashAlgorithm = ""; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(String) + */ + public long getMaxRevocationAge(String distributionPointUri) + { + return config.getMaxRevocationAge(); + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm() + */ + public String getOCSPRequestHashAlgorithm() { + return oCSPRequestHashAlgorithm; + } + + /** + * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate) + */ + public String[] getPreferredServiceOrder(X509Certificate cert) + { + String[] serviceOrder = config.getServiceOrder(); + if (serviceOrder == null || serviceOrder.length == 0) return DEFAULT_SERVICE_ORDER; + return serviceOrder; + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java new file mode 100644 index 0000000..50f237a --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java @@ -0,0 +1,159 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-SPSS has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; +import iaik.pki.store.observer.NotificationData; +import iaik.pki.store.observer.Observer; + +import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; + +/** + * An implementation of the <code>TrustStoreProfile</code> interface, using data + * from the MOA configuration. + * + * @see iaik.pki.store.truststore.TrustStoreProfile + * @author Patrick Peck + * @version $Id$ + */ +public class TrustStoreProfileImpl implements TrustStoreProfile { + + /** The observers of this profile. */ + private List observers = new ArrayList(); + + /** + * The trust profile identifier. + */ + private String id_; + + /** The type of the trust profile. */ + private String type; + /** The URI of the trust profile.*/ + private String URI; + + /** + * Create a new <code>TrustStoreProfileImpl</code>. + * + * @param config The MOA configuration data, from which trust store + * configuration data is read. + * @param trustProfileId The trust profile id on which this + * <code>TrustStoreProfile</code> is based. + * @throws MOAApplicationException The <code>trustProfileId</code> could not + * be found in the MOA configuration. + */ + public TrustStoreProfileImpl( + ConfigurationProvider config, + String trustProfileId) + throws MOAApplicationException { + + TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId); + if (tp != null) + { + id_ = trustProfileId; + setURI(tp.getUri()); + setType(TrustStoreTypes.DIRECTORY); + } + else + { + throw new MOAApplicationException("2203", new Object[] { trustProfileId }); + } + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getType() + */ + public String getType() { + return type; + } + + /** + * Sets the the trust store type. + * + * @param type The trust store type to set. + */ + protected void setType(String type) { + this.type = type; + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getURI() + */ + public String getURI() { + return URI; + } + + /** + * Sets the trust store URI. + * + * @param URI The trust store URI to set. + */ + protected void setURI(String URI) { + this.URI = URI; + } + + // + // Methods of iaik.pki.store.observer.Observable interface + // + + /** + * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer) + */ + public void addObserver(Observer observer) { + observers.add(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer) + */ + public boolean removeObserver(Observer observer) { + return observers.remove(observer); + } + + /** + * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData) + */ + public void notify(NotificationData notificationData) { + for (Iterator iter = observers.iterator(); iter.hasNext();) { + Observer observer = (Observer) iter.next(); + observer.notify(notificationData); + } + } + + /** + * @see iaik.pki.store.truststore.TrustStoreProfile#getId() + */ + public String getId() + { + return id_; + } + +} |