diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util')
11 files changed, 1012 insertions, 953 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java index 4903391..23570cc 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java @@ -11,185 +11,238 @@ import at.gv.egovernment.moaspss.logging.Logger; import iaik.esi.sva.validation.ValidationReport; import iaik.server.ConfigurationException; import iaik.server.modules.AdESVerificationResult; -import iaik.server.modules.ResultCode; -import iaik.server.modules.ResultCodeInvalid; -import iaik.server.modules.ResultCodeValid; import iaik.server.modules.SignatureVerificationProfile; import iaik.server.modules.SignatureVerificationResult; +import iaik.server.modules.resultcodes.ResultCode; +import iaik.server.modules.resultcodes.ResultCodeError; +import iaik.server.modules.resultcodes.ResultCodeInvalid; +import iaik.server.modules.resultcodes.ResultCodeSkipped; +import iaik.server.modules.resultcodes.ResultCodeValid; public class AdESResultUtils { - public static Integer getResultCode(Integer adesCode) { - return adesCode; - } - - public static ExtendedCertificateCheckResult getExtendedResult(iaik.server.modules.ResultCode resultCode) { - ExtendedCertificateCheckResult check = null; - - int majorCode = -1; - String majorInfo = ""; - int minorCode = -1; - String minorInfo = ""; - - Logger.debug("Generating extendend validation result: " + resultCode.toString()); - - if (resultCode instanceof ResultCodeValid) { - majorCode = SignatureVerificationResult.VALID; - majorInfo = "VALID"; - } else if (resultCode instanceof ResultCodeInvalid) { - majorCode = SignatureVerificationResult.INVALID; - majorInfo = "INVALID"; - } else { - majorCode = SignatureVerificationResult.INDETERMINATE; - majorInfo = "INDETERMINATE"; - } - - if (resultCode.getCode() != null) { - minorCode = resultCode.getCode(); - if (resultCode.getCode().equals(ResultCode.CODE_CHAIN_CONSTRAINTS_FAILURE)) { - minorInfo = "CHAIN_CONSTRAINTS_FAILURE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_CRYPTO_CONSTRAINTS_FAILURE)) { - minorInfo = "CRYPTO_CONSTRAINTS_FAILURE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_CRYPTO_CONSTRAINTS_FAILURE_NO_POE)) { - minorInfo = "CRYPTO_CONSTRAINTS_FAILURE_NO_POE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_EXPIRED)) { - minorInfo = "EXPIRED"; - } else if (resultCode.getCode().equals(ResultCode.CODE_FORMAT_FAILURE)) { - minorInfo = "FORMAT_FAILURE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_GENERIC)) { - minorInfo = "GENERIC"; - } else if (resultCode.getCode().equals(ResultCode.CODE_HASH_FAILURE)) { - minorInfo = "HASH_FAILURE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_NO_CERTIFICATE_CHAIN_FOUND)) { - minorInfo = "NO_CERTIFICATE_CHAIN_FOUND"; - } else if (resultCode.getCode().equals(ResultCode.CODE_NO_POE)) { - minorInfo = "NO_POE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_NO_POLICY)) { - minorInfo = "NO_POLICY"; - } else if (resultCode.getCode().equals(ResultCode.CODE_NOT_YET_VALID)) { - minorInfo = "NOT_YET_VALID"; - } else if (resultCode.getCode().equals(ResultCode.CODE_OUT_OF_BOUNDS_NO_POE)) { - minorInfo = "OUT_OF_BOUNDS_NO_POE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_POLICY_PROCESSING_ERROR)) { - minorInfo = "POLICY_PROCESSING_ERROR"; - } else if (resultCode.getCode().equals(ResultCode.CODE_REVOKED)) { - minorInfo = "REVOKED"; - } else if (resultCode.getCode().equals(ResultCode.CODE_REVOKED_CA_NO_POE)) { - minorInfo = "REVOKED_CA_NO_POE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_REVOKED_NO_POE)) { - minorInfo = "REVOKED_NO_POE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_SIG_CONSTRAINTS_FAILURE)) { - minorInfo = "SIG_CONSTRAINTS_FAILURE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_SIG_CRYPTO_FAILURE)) { - minorInfo = "SIG_CRYPTO_FAILURE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_SIGNED_DATA_NOT_FOUND)) { - minorInfo = "SIGNED_DATA_NOT_FOUND"; - } else if (resultCode.getCode().equals(ResultCode.CODE_TIMESTAMP_ORDER_FAILURE)) { - minorInfo = "TIMESTAMP_ORDER_FAILURE"; - } else if (resultCode.getCode().equals(ResultCode.CODE_TRY_LATER)) { - minorInfo = "TRY_LATER"; - } else if (resultCode.getCode().equals(ResultCode.CODE_UNKNOWN_COMMITMENT_TYPE)) { - minorInfo = "UNKNOWN_COMMITMENT_TYPE"; - } else if (resultCode.getCode().equals(ResultCode.SUCCESS)) { - minorInfo = "SUCCESS"; - } - } - - check = new ExtendedCertificateCheckResultImpl(majorCode, majorInfo, minorCode, - minorInfo); - - return check; - - } - - public static List getAdESResult(iaik.server.modules.AdESFormVerificationResult adesFormVerification) { - if (adesFormVerification == null) { - // no form information - return null; - } - - List adesList = new ArrayList(); - - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), - SignatureVerificationProfile.LEVEL_LTA, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), - SignatureVerificationProfile.LEVEL_LT, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), - SignatureVerificationProfile.LEVEL_T, adesList); - checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), - SignatureVerificationProfile.LEVEL_B, adesList); - - return adesList; - } - - public static void buildResult(ValidationReport report, List adesList) { - - if (report == null) { - return; - } - - AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); - adESFormResultsImpl.setCode(report.getStatus().ordinal()); - adESFormResultsImpl.setInfo(report.getLongText()); - adESFormResultsImpl.setName(report.getValidationName()); - - adesList.add(adESFormResultsImpl); - - if (report.getSubValidationReports() != null && !report.getSubValidationReports().isEmpty()) { - Iterator<ValidationReport> reportIt = report.getSubValidationReports().iterator(); - while (reportIt.hasNext()) { - buildResult(reportIt.next(), adesList); - } - } - - } - - public static void checkSubResult(AdESVerificationResult subResult, String level, List adesList) { - if (subResult != null) { - Logger.info("Checking Level: " + level); - try { - - AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); - adESFormResultsImpl.setCode(subResult.getResultCode()); - Logger.info("RESULT: " + String.valueOf(subResult.getResultCode())); - adESFormResultsImpl.setInfo(subResult.getInfo()); - adESFormResultsImpl.setName(level); - - adesList.add(adESFormResultsImpl); - } catch (NullPointerException e) { - Logger.warn("Catching NullPointer Exception, of invalid Form Results", e); - } - } else { - Logger.info("Subresult Level: " + level + " not available"); - } - } - - public static void checkSubResult(SignatureVerificationResult subResult, String level, List adesList) - throws ConfigurationException { - if (subResult != null) { - Logger.info("Checking Level: " + level); - try { - - AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); - ResultCode resultCode = subResult.getResultCode(); - if (resultCode instanceof ResultCodeValid) { - adESFormResultsImpl.setCode(SignatureVerificationResult.VALID);// .getResultCode().getCode())); - } else if (resultCode instanceof ResultCodeInvalid) { - adESFormResultsImpl.setCode(SignatureVerificationResult.INVALID); - } else { - adESFormResultsImpl.setCode(SignatureVerificationResult.INDETERMINATE); - } - Logger.info("RESULT: " + resultCode.toString()); - adESFormResultsImpl.setInfo(subResult.getInfo()); - adESFormResultsImpl.setName(level); - - adesList.add(adESFormResultsImpl); - } catch (NullPointerException e) { - Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e); - } - } else { - Logger.info("Subresult Level: " + level + " not available"); - } - } + private static final int MAJORRESULTCODESKIPPED = new Integer(3); + private static final int MAJORRESULTCODEERROR = new Integer(4); + + public static Integer getResultCode(Integer adesCode) { + return adesCode; + } + + public static ExtendedCertificateCheckResult getExtendedResult( + iaik.server.modules.resultcodes.ResultCode resultCode) { + ExtendedCertificateCheckResult check = null; + + int majorCode = -1; + String majorInfo = ""; + int minorCode = -1; + String minorInfo = ""; + + Logger.debug("Generating extendend validation result: " + resultCode.toString()); + + if (resultCode instanceof ResultCodeValid) { + majorCode = SignatureVerificationResult.VALID; + majorInfo = "VALID"; + + } else if (resultCode instanceof ResultCodeInvalid) { + majorCode = SignatureVerificationResult.INVALID; + majorInfo = "INVALID"; + + } else if (resultCode instanceof ResultCodeSkipped) { + majorCode = MAJORRESULTCODESKIPPED; + majorInfo = "SKIPPED"; + + } else if (resultCode instanceof ResultCodeError) { + majorCode = MAJORRESULTCODEERROR; + majorInfo = "ERROR"; + + } else { + majorCode = SignatureVerificationResult.INDETERMINATE; + majorInfo = "INDETERMINATE"; + } + + if (resultCode.getCode() != null) { + minorCode = resultCode.getCode(); + if (resultCode.getCode().equals(ResultCode.CODE_CHAIN_CONSTRAINTS_FAILURE)) { + minorInfo = "CHAIN_CONSTRAINTS_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_CRYPTO_CONSTRAINTS_FAILURE)) { + minorInfo = "CRYPTO_CONSTRAINTS_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_CRYPTO_CONSTRAINTS_FAILURE_NO_POE)) { + minorInfo = "CRYPTO_CONSTRAINTS_FAILURE_NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_EXPIRED)) { + minorInfo = "EXPIRED"; + } else if (resultCode.getCode().equals(ResultCode.CODE_FORMAT_FAILURE)) { + minorInfo = "FORMAT_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_GENERIC)) { + minorInfo = "GENERIC"; + } else if (resultCode.getCode().equals(ResultCode.CODE_HASH_FAILURE)) { + minorInfo = "HASH_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_NO_CERTIFICATE_CHAIN_FOUND)) { + minorInfo = "NO_CERTIFICATE_CHAIN_FOUND"; + } else if (resultCode.getCode().equals(ResultCode.CODE_NO_POE)) { + minorInfo = "NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_NO_POLICY)) { + minorInfo = "NO_POLICY"; + } else if (resultCode.getCode().equals(ResultCode.CODE_NOT_YET_VALID)) { + minorInfo = "NOT_YET_VALID"; + } else if (resultCode.getCode().equals(ResultCode.CODE_OUT_OF_BOUNDS_NO_POE)) { + minorInfo = "OUT_OF_BOUNDS_NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_POLICY_PROCESSING_ERROR)) { + minorInfo = "POLICY_PROCESSING_ERROR"; + } else if (resultCode.getCode().equals(ResultCode.CODE_REVOKED)) { + minorInfo = "REVOKED"; + } else if (resultCode.getCode().equals(ResultCode.CODE_REVOKED_CA_NO_POE)) { + minorInfo = "REVOKED_CA_NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_REVOKED_NO_POE)) { + minorInfo = "REVOKED_NO_POE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_SIG_CONSTRAINTS_FAILURE)) { + minorInfo = "SIG_CONSTRAINTS_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_SIG_CRYPTO_FAILURE)) { + minorInfo = "SIG_CRYPTO_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_SIGNED_DATA_NOT_FOUND)) { + minorInfo = "SIGNED_DATA_NOT_FOUND"; + } else if (resultCode.getCode().equals(ResultCode.CODE_TIMESTAMP_ORDER_FAILURE)) { + minorInfo = "TIMESTAMP_ORDER_FAILURE"; + } else if (resultCode.getCode().equals(ResultCode.CODE_TRY_LATER)) { + minorInfo = "TRY_LATER"; + } else if (resultCode.getCode().equals(ResultCode.CODE_UNKNOWN_COMMITMENT_TYPE)) { + minorInfo = "UNKNOWN_COMMITMENT_TYPE"; + } else if (resultCode.getCode().equals(ResultCode.SUCCESS)) { + minorInfo = "SUCCESS"; + } else if (resultCode.getCode().equals(ResultCode.ERROR)) { + minorInfo = "ERROR"; + } else if (resultCode.getCode().equals(ResultCode.UNKNOWN_SUBFILTER)) { + minorInfo = "UNKNOWN_SUBFILTER"; + + // pdf-as 3.x detection is removed from MOA-SP since 3.1.2 + } else if (resultCode.getCode().equals(ResultCode.PDF_AS_SIGNATURE)) { + // minorInfo = "PDF_AS_SIGNATURE"; + minorInfo = "UNKNOWN_SUBFILTER"; + minorCode = ResultCode.UNKNOWN_SUBFILTER; + } + + } + + check = new ExtendedCertificateCheckResultImpl(majorCode, majorInfo, minorCode, + minorInfo); + + return check; + + } + + public static List getAdESResult(iaik.server.modules.AdESFormVerificationResult adesFormVerification) { + if (adesFormVerification == null) { + // no form information + return null; + } + + final List adesList = new ArrayList(); + + // add only the completed form result to response + final String completedForm = adesFormVerification.getCompleteForm(); + Logger.info("Find complete Form: " + completedForm); + + /* + * This code only returns the result of the completed form + */ +// if (MiscUtil.isNotEmpty(completedForm)) { +// Logger.info("Form-validation found completed form: " + completedForm); +// AdESVerificationResult subResult = adesFormVerification.getSubResult(completedForm); +// checkSubResult(subResult, completedForm, adesList); +// if (Logger.isDebugEnabled()) +// Logger.debug("Detailed Result: \n" + subResult.getInfo()); +// +// } else +// Logger.info("Form-valdition found NO completed form."); +// +// if (Logger.isDebugEnabled()) +// Logger.debug("Full form-validation result: \n" + adesFormVerification.getInfo()); + + /* + * This code returns the result for all forms + */ + // add results for all form types to response + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LTA), + SignatureVerificationProfile.LEVEL_LTA, adesList); + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_LT), + SignatureVerificationProfile.LEVEL_LT, adesList); + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_T), + SignatureVerificationProfile.LEVEL_T, adesList); + checkSubResult(adesFormVerification.getSubResult(SignatureVerificationProfile.LEVEL_B), + SignatureVerificationProfile.LEVEL_B, adesList); + + return adesList; + } + + public static void buildResult(ValidationReport report, List adesList) { + + if (report == null) { + return; + } + + final AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); + adESFormResultsImpl.setCode(report.getStatus().ordinal()); + adESFormResultsImpl.setInfo(report.getLongText()); + adESFormResultsImpl.setName(report.getValidationName()); + + adesList.add(adESFormResultsImpl); + + if (report.getSubValidationReports() != null && !report.getSubValidationReports().isEmpty()) { + final Iterator<ValidationReport> reportIt = report.getSubValidationReports().iterator(); + while (reportIt.hasNext()) { + buildResult(reportIt.next(), adesList); + } + } + + } + + public static void checkSubResult(AdESVerificationResult subResult, String level, List adesList) { + if (subResult != null) { + Logger.debug("Checking Level: " + level); + try { + + final AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); + adESFormResultsImpl.setCode(subResult.getResultCode()); + Logger.debug("RESULT: " + String.valueOf(subResult.getResultCode())); + adESFormResultsImpl.setInfo(subResult.getInfo()); + adESFormResultsImpl.setName(level); + + adesList.add(adESFormResultsImpl); + } catch (final NullPointerException e) { + Logger.warn("Catching NullPointer Exception, of invalid Form Results", e); + + } + } else { + Logger.info("Subresult Level: " + level + " not available"); + + } + } + + public static void checkSubResult(SignatureVerificationResult subResult, String level, List adesList) + throws ConfigurationException { + if (subResult != null) { + Logger.debug("Checking Level: " + level); + try { + + final AdESFormResultsImpl adESFormResultsImpl = new AdESFormResultsImpl(); + final iaik.server.modules.resultcodes.ResultCode resultCode = subResult.getResultCode(); + if (resultCode instanceof ResultCodeValid) { + adESFormResultsImpl.setCode(SignatureVerificationResult.VALID);// .getResultCode().getCode())); + } else if (resultCode instanceof ResultCodeInvalid) { + adESFormResultsImpl.setCode(SignatureVerificationResult.INVALID); + } else { + adESFormResultsImpl.setCode(SignatureVerificationResult.INDETERMINATE); + } + Logger.debug("RESULT: " + resultCode.toString()); + adESFormResultsImpl.setInfo(subResult.getInfo()); + adESFormResultsImpl.setName(level); + + adesList.add(adESFormResultsImpl); + } catch (final NullPointerException e) { + Logger.warn("Catching NullPointer Exception, of invalid? Form Results", e); + } + } else { + Logger.info("Subresult Level: " + level + " not available"); + } + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java index 0956617..59db5db 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertStoreConverter.java @@ -14,96 +14,96 @@ import iaik.pki.store.certstore.utils.DirectoryCertStoreConverter; public class CertStoreConverter { - private static final Logger logger = LoggerFactory.getLogger(CertStoreConverter.class); - - public static boolean convert(String certStoreRoot, TransactionId transId) { - String certStoreSubjectDN = certStoreRoot + File.separator + "subjectdn"; - - logger.error("checking for new cert store format {} -> {}", certStoreRoot, certStoreSubjectDN); - - File certStoreDirectory = new File(certStoreRoot); - if (certStoreDirectory.isDirectory() && certStoreDirectory.exists()) { - - File file = new File(certStoreSubjectDN); - - if (file.isDirectory() && file.exists()) { - // Is new Format! - logger.error("Cert store is allready new format!"); - return false; - } else { - try { - logger.error( - "###########################################################################################"); - logger.error( - "###########################################################################################"); - logger.error("The certificate store @ {} will now be converted into the new format!", - certStoreDirectory.getAbsolutePath()); - - String backup = certStoreRoot; - - if (certStoreRoot.endsWith(File.separator)) { - backup = certStoreRoot.substring(0, certStoreRoot.length() - File.separator.length()); - } - - String timestamp = String.valueOf(System.currentTimeMillis()); - backup = backup + "_" + timestamp; - - logger.error("Creating a backup of the certstore @ {}", backup); - - File backupDirectory = new File(backup); - try { - FileUtils.copyDirectory(certStoreDirectory, backupDirectory); - } catch (IOException e) { - logger.error("Failed to create certstore backup!", e); - throw new RuntimeException("Failed to create certstore backup!", e); - } - - logger.error("deleting original certstore @ {}", certStoreRoot); - - try { - FileUtils.deleteDirectory(certStoreDirectory); - } catch (IOException e1) { - logger.error("Failed to delete old certstore!", e1); - throw new RuntimeException("Failed to delete old certstore!", e1); - } - certStoreDirectory.mkdir(); - - DirectoryCertStoreConverter directoryCertStoreConverter = new DirectoryCertStoreConverter(); - - try { - logger.error("running conversion of certstore @ {}", certStoreRoot); - directoryCertStoreConverter.convert(backupDirectory.getAbsolutePath(), - certStoreDirectory.getAbsolutePath(), true, false, - new IaikLog("DirectoryCertStoreConverter"), transId); - } catch (DirectoryStoreException e) { - logger.error("Failed to run conversion of old certstore!", e); - - try { - FileUtils.copyDirectory(backupDirectory, certStoreDirectory); - } catch (IOException e1) { - logger.error("!!!!Failed to restore original certstore!!!! CHECK LOGS", e1); - throw new RuntimeException("!!!!Failed to restore original certstore!!!! CHECK LOGS", e); - - } - throw new RuntimeException("Failed to run conversion of old certstore!", e); - } - - logger.error("Conversion of certstore succseeded"); - logger.error("Certstore in new format is located @ {}", certStoreDirectory.getAbsolutePath()); - logger.error("Backup of Certstore in old format is located @ {}", - certStoreDirectory.getAbsolutePath()); - } finally { - logger.error( - "###########################################################################################"); - logger.error( - "###########################################################################################"); - } - return true; - } - } else { - logger.error("Certstore does not exist yet"); - } - return false; - } - + private static final Logger logger = LoggerFactory.getLogger(CertStoreConverter.class); + + public static boolean convert(String certStoreRoot, TransactionId transId) { + final String certStoreSubjectDN = certStoreRoot + File.separator + "subjectdn"; + + logger.info("checking for new cert store format {} -> {}", certStoreRoot, certStoreSubjectDN); + + final File certStoreDirectory = new File(certStoreRoot); + if (certStoreDirectory.isDirectory() && certStoreDirectory.exists()) { + + final File file = new File(certStoreSubjectDN); + + if (file.isDirectory() && file.exists()) { + // Is new Format! + logger.debug("Cert store is allready new format!"); + return false; + } else { + try { + logger.info( + "###########################################################################################"); + logger.info( + "###########################################################################################"); + logger.info("The certificate store @ {} will now be converted into the new format!", + certStoreDirectory.getAbsolutePath()); + + String backup = certStoreRoot; + + if (certStoreRoot.endsWith(File.separator)) { + backup = certStoreRoot.substring(0, certStoreRoot.length() - File.separator.length()); + } + + final String timestamp = String.valueOf(System.currentTimeMillis()); + backup = backup + "_" + timestamp; + + logger.info("Creating a backup of the certstore @ {}", backup); + + final File backupDirectory = new File(backup); + try { + FileUtils.copyDirectory(certStoreDirectory, backupDirectory); + } catch (final IOException e) { + logger.error("Failed to create certstore backup!", e); + throw new RuntimeException("Failed to create certstore backup!", e); + } + + logger.info("deleting original certstore @ {}", certStoreRoot); + + try { + FileUtils.deleteDirectory(certStoreDirectory); + } catch (final IOException e1) { + logger.error("Failed to delete old certstore!", e1); + throw new RuntimeException("Failed to delete old certstore!", e1); + } + certStoreDirectory.mkdir(); + + final DirectoryCertStoreConverter directoryCertStoreConverter = new DirectoryCertStoreConverter(); + + try { + logger.info("running conversion of certstore @ {}", certStoreRoot); + directoryCertStoreConverter.convert(backupDirectory.getAbsolutePath(), + certStoreDirectory.getAbsolutePath(), true, false, + new IaikLog("DirectoryCertStoreConverter"), transId); + } catch (final DirectoryStoreException e) { + logger.error("Failed to run conversion of old certstore!", e); + + try { + FileUtils.copyDirectory(backupDirectory, certStoreDirectory); + } catch (final IOException e1) { + logger.error("!!!!Failed to restore original certstore!!!! CHECK LOGS", e1); + throw new RuntimeException("!!!!Failed to restore original certstore!!!! CHECK LOGS", e); + + } + throw new RuntimeException("Failed to run conversion of old certstore!", e); + } + + logger.info("Conversion of certstore succseeded"); + logger.info("Certstore in new format is located @ {}", certStoreDirectory.getAbsolutePath()); + logger.info("Backup of Certstore in old format is located @ {}", + certStoreDirectory.getAbsolutePath()); + } finally { + logger.info( + "###########################################################################################"); + logger.info( + "###########################################################################################"); + } + return true; + } + } else { + logger.error("Certstore does not exist yet"); + } + return false; + } + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index ce78580..b7580ac 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -1,18 +1,5 @@ package at.gv.egovernment.moa.spss.util; -import iaik.asn1.ObjectID; -import iaik.asn1.structures.Name; -import iaik.asn1.structures.PolicyInformation; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; -import iaik.x509.extensions.CertificatePolicies; -import iaik.x509.extensions.qualified.QCStatements; -import iaik.x509.extensions.qualified.structures.QCStatement; -import iaik.x509.extensions.qualified.structures.etsi.QcEuCompliance; -import iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD; - import java.net.URI; import java.security.Principal; import java.util.Arrays; @@ -22,370 +9,387 @@ import java.util.List; import at.gv.egovernment.moa.sig.tsl.TslConstants; import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult; import at.gv.egovernment.moa.sig.tsl.exception.TslException; -import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.spss.api.common.TslInfos; import at.gv.egovernment.moa.spss.api.impl.TslInfosImpl; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; +import iaik.asn1.ObjectID; +import iaik.asn1.structures.Name; +import iaik.asn1.structures.PolicyInformation; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; +import iaik.x509.extensions.CertificatePolicies; +import iaik.x509.extensions.qualified.QCStatements; +import iaik.x509.extensions.qualified.structures.QCStatement; +import iaik.x509.extensions.qualified.structures.etsi.QcEuCompliance; +import iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD; public class CertificateUtils { - - - /** - * Verifies if the given certificate contains QCP+ statement - * @param cert X509Certificate - * @return true if the given certificate contains QCP+ statement, else false - */ - private static boolean checkQCPPlus(X509Certificate cert) { - Logger.debug("Checking QCP+ extension"); - String OID_QCPPlus = "0.4.0.1456.1.1"; - try { - CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid); - if (certPol == null) { - Logger.debug("No CertificatePolicies extension found"); - return false; - } - - PolicyInformation[] polInfo = certPol.getPolicyInformation(); - if (polInfo == null) { - Logger.debug("No policy information found"); - return false; - } - - for (int i = 0; i < polInfo.length; i++) { - ObjectID oid = polInfo[i].getPolicyIdentifier(); - String oidStr = oid.getID(); - if (oidStr.compareToIgnoreCase(OID_QCPPlus) == 0) { - Logger.debug("QCP+ extension found"); - return true; - } - } - - Logger.debug("No QCP+ extension found"); - - return false; - } catch (X509ExtensionInitException e) { - Logger.debug("No QCP+ extension found"); - - return false; - } - - } - - /** - * Verifies if the given certificate contains QCP statement - * @param cert X509Certificate - * @return true if the given certificate contains QCP statement, else false - */ - private static boolean checkQCP(X509Certificate cert) { - Logger.debug("Checking QCP extension"); - String OID_QCP = "0.4.0.1456.1.2"; - try { - CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid); - if (certPol == null) { - Logger.debug("No CertificatePolicies extension found"); - return false; - } - - PolicyInformation[] polInfo = certPol.getPolicyInformation(); - if (polInfo == null) { - Logger.debug("No policy information found"); - return false; - } - - for (int i = 0; i < polInfo.length; i++) { - ObjectID oid = polInfo[i].getPolicyIdentifier(); - String oidStr = oid.getID(); - if (oidStr.compareToIgnoreCase(OID_QCP) == 0) { - Logger.debug("QCP extension found"); - return true; - } - - } - - Logger.debug("No QCP extension found"); - return false; - - } catch (X509ExtensionInitException e) { - Logger.debug("No QCP extension found"); - return false; - } - - } - - /** - * Verifies if the given certificate contains QcEuCompliance statement - * @param cert X509Certificate - * @return true if the given certificate contains QcEuCompliance statement, else false - */ - private static boolean checkQcEuCompliance(X509Certificate cert) { - Logger.debug("Checking QcEUCompliance extension"); - try { - QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid); - - if (qcStatements == null) { - Logger.debug("No QcStatements extension found"); - return false; - } - - QCStatement qcEuCompliance = qcStatements.getQCStatements(QcEuCompliance.statementID); - - if (qcEuCompliance != null) { - Logger.debug("QcEuCompliance extension found"); - return true; - } - - Logger.debug("No QcEuCompliance extension found"); - return false; - - } catch (X509ExtensionInitException e) { - Logger.debug("No QcEuCompliance extension found"); - return false; - } - - } - - /** - * Verifies if the given certificate contains QcEuSSCD statement - * @param cert X509Certificate - * @return true if the given certificate contains QcEuSSCD statement, else false - */ - private static boolean checkQcEuSSCD(X509Certificate cert) { - Logger.debug("Checking QcEuSSCD extension"); - try { - QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid); - if (qcStatements == null) { - Logger.debug("No QcStatements extension found"); - return false; - } - - QCStatement qcEuSSCD = qcStatements.getQCStatements(QcEuSSCD.statementID); - - if (qcEuSSCD != null) { - Logger.debug("QcEuSSCD extension found"); - return true; - } - - Logger.debug("No QcEuSSCD extension found"); - return false; - - } catch (X509ExtensionInitException e) { - Logger.debug("No QcEuSSCD extension found"); - return false; - } - - } - - public static QCSSCDResult checkQCSSCD(X509Certificate[] chain, Date signingTime, boolean isTSLenabledTrustprofile, ConfigurationProvider config) { - - try { - if (isTSLenabledTrustprofile) { - if (signingTime == null) { - signingTime = new Date(); - Logger.debug("TSL check without signingTime --> use current time for evaluation"); - - } - - ITslEndEntityResult tslCheckResult = - TSLServiceFactory.getTSLServiceClient().evaluate( - Arrays.asList(chain), - signingTime, - TslConstants.CHAIN_MODEL); - - if (tslCheckResult != null) { - URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier(); - List<URI> tslCertificateQualifier = tslCheckResult.getEvaluatedQualifier(); - - // QC evaluation flags - boolean qc = false; - boolean qcSourceTSL = false; - boolean qcDisallowedFromTSL = false; - - // SSCD/QSCD evaluation flags - boolean sscd = false; - boolean sscdSourceTSL = false; - - - //check QC - List<URI> allowedQCQualifier = config.getTSLConfiguration().getQualifierForQC(); - for (URI el : allowedQCQualifier) { - if (el.equals(tslServiceTypeIdentifier)) { - qcSourceTSL = true; - qc = true; - - } - - } - - //check SSCD/QSCD qualifiers and mark result acording this check - List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD(); - if (tslCertificateQualifier != null && allowedSSCDQualifier != null) { - for (URI allowedSSCD : allowedSSCDQualifier) { - for (URI certSSCD : tslCertificateQualifier) { - if (allowedSSCD.equals(certSSCD)) { - sscdSourceTSL = true; - sscd = true; - - } - } - } - } - - //check additional flags in TSP qualifiers for this certificate - if (tslCertificateQualifier != null) { - for (URI qEl : tslCertificateQualifier) { - //check if SSCD/QSCD status must be used from cert - if (qEl.equals( - TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( - TslConstants.SSCD_QUALIFIER_SHORT.QCQSCDStatusAsInCert)) - || qEl.equals(TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( - TslConstants.SSCD_QUALIFIER_SHORT.QCSSCDStatusAsInCert))) { - - sscdSourceTSL = false; - sscd = false; - - //check if extentsion includes a NotQualified flag - } else if (qEl.equals( - TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( - TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) { - qc = false; - qcSourceTSL = false; - qcDisallowedFromTSL = true; - Logger.info("TSL mark this certificate explicitly as 'NotQualified'!"); - - } - } - } - - /* - * This block is removes with MOA-SP 3.1 because if TSL support is enabled for the requested TrustProfile - * QC evaluation is ONLY allowed from TSL information!!! Because with eIDAS regulation and July 01. 2016 - * the Trust-Status List is constitutive. - */ -// //evaluate QC statement according previous selected information -// if (qcSourceTSL) + + /** + * Verifies if the given certificate contains QCP+ statement + * + * @param cert X509Certificate + * @return true if the given certificate contains QCP+ statement, else false + */ + private static boolean checkQCPPlus(X509Certificate cert) { + Logger.debug("Checking QCP+ extension"); + final String OID_QCPPlus = "0.4.0.1456.1.1"; + try { + final CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid); + if (certPol == null) { + Logger.debug("No CertificatePolicies extension found"); + return false; + } + + final PolicyInformation[] polInfo = certPol.getPolicyInformation(); + if (polInfo == null) { + Logger.debug("No policy information found"); + return false; + } + + for (final PolicyInformation element : polInfo) { + final ObjectID oid = element.getPolicyIdentifier(); + final String oidStr = oid.getID(); + if (oidStr.compareToIgnoreCase(OID_QCPPlus) == 0) { + Logger.debug("QCP+ extension found"); + return true; + } + } + + Logger.debug("No QCP+ extension found"); + + return false; + } catch (final X509ExtensionInitException e) { + Logger.debug("No QCP+ extension found"); + + return false; + } + + } + + /** + * Verifies if the given certificate contains QCP statement + * + * @param cert X509Certificate + * @return true if the given certificate contains QCP statement, else false + */ + private static boolean checkQCP(X509Certificate cert) { + Logger.debug("Checking QCP extension"); + final String OID_QCP = "0.4.0.1456.1.2"; + try { + final CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid); + if (certPol == null) { + Logger.debug("No CertificatePolicies extension found"); + return false; + } + + final PolicyInformation[] polInfo = certPol.getPolicyInformation(); + if (polInfo == null) { + Logger.debug("No policy information found"); + return false; + } + + for (final PolicyInformation element : polInfo) { + final ObjectID oid = element.getPolicyIdentifier(); + final String oidStr = oid.getID(); + if (oidStr.compareToIgnoreCase(OID_QCP) == 0) { + Logger.debug("QCP extension found"); + return true; + } + + } + + Logger.debug("No QCP extension found"); + return false; + + } catch (final X509ExtensionInitException e) { + Logger.debug("No QCP extension found"); + return false; + } + + } + + /** + * Verifies if the given certificate contains QcEuCompliance statement + * + * @param cert X509Certificate + * @return true if the given certificate contains QcEuCompliance statement, else + * false + */ + private static boolean checkQcEuCompliance(X509Certificate cert) { + Logger.debug("Checking QcEUCompliance extension"); + try { + final QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid); + + if (qcStatements == null) { + Logger.debug("No QcStatements extension found"); + return false; + } + + final QCStatement qcEuCompliance = qcStatements.getQCStatements(QcEuCompliance.statementID); + + if (qcEuCompliance != null) { + Logger.debug("QcEuCompliance extension found"); + return true; + } + + Logger.debug("No QcEuCompliance extension found"); + return false; + + } catch (final X509ExtensionInitException e) { + Logger.debug("No QcEuCompliance extension found"); + return false; + } + + } + + /** + * Verifies if the given certificate contains QcEuSSCD statement + * + * @param cert X509Certificate + * @return true if the given certificate contains QcEuSSCD statement, else false + */ + private static boolean checkQcEuSSCD(X509Certificate cert) { + Logger.debug("Checking QcEuSSCD extension"); + try { + final QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid); + if (qcStatements == null) { + Logger.debug("No QcStatements extension found"); + return false; + } + + final QCStatement qcEuSSCD = qcStatements.getQCStatements(QcEuSSCD.statementID); + + if (qcEuSSCD != null) { + Logger.debug("QcEuSSCD extension found"); + return true; + } + + Logger.debug("No QcEuSSCD extension found"); + return false; + + } catch (final X509ExtensionInitException e) { + Logger.debug("No QcEuSSCD extension found"); + return false; + } + + } + + public static QCSSCDResult checkQCSSCD(X509Certificate[] chain, Date signingTime, + boolean isTSLenabledTrustprofile, ConfigurationProvider config) { + + try { + if (isTSLenabledTrustprofile) { + if (signingTime == null) { + signingTime = new Date(); + Logger.debug("TSL check without signingTime --> use current time for evaluation"); + + } + + final ITslEndEntityResult tslCheckResult = + TSLServiceFactory.getTSLServiceClient().evaluate( + Arrays.asList(chain), + signingTime, + TslConstants.PKIX_MODEL); + + if (tslCheckResult != null) { + final URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier(); + final List<URI> tslCertificateQualifier = tslCheckResult.getEvaluatedQualifier(); + + // QC evaluation flags + boolean qc = false; + boolean qcSourceTSL = false; + boolean qcDisallowedFromTSL = false; + + // SSCD/QSCD evaluation flags + boolean sscd = false; + boolean sscdSourceTSL = false; + + // check QC + final List<URI> allowedQCQualifier = config.getTSLConfiguration().getQualifierForQC(); + for (final URI el : allowedQCQualifier) { + if (el.equals(tslServiceTypeIdentifier)) { + qcSourceTSL = true; + qc = true; + + } + + } + + // check SSCD/QSCD qualifiers and mark result acording this check + final List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD(); + if (tslCertificateQualifier != null && allowedSSCDQualifier != null) { + for (final URI allowedSSCD : allowedSSCDQualifier) { + for (final URI certSSCD : tslCertificateQualifier) { + if (allowedSSCD.equals(certSSCD)) { + sscdSourceTSL = true; + sscd = true; + + } + } + } + } + + // check additional flags in TSP qualifiers for this certificate + if (tslCertificateQualifier != null) { + for (final URI qEl : tslCertificateQualifier) { + // check if SSCD/QSCD status must be used from cert + if (qEl.equals( + TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.QCQSCDStatusAsInCert)) + || qEl.equals(TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.QCSSCDStatusAsInCert))) { + + sscdSourceTSL = false; + sscd = false; + + // check if extentsion includes a NotQualified flag + } else if (qEl.equals( + TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) { + qc = false; + qcSourceTSL = false; + qcDisallowedFromTSL = true; + Logger.info("TSL mark this certificate explicitly as 'NotQualified'!"); + + } + } + } + + /* + * This block is removes with MOA-SP 3.1 because if TSL support is enabled for + * the requested TrustProfile QC evaluation is ONLY allowed from TSL + * information!!! Because with eIDAS regulation and July 01. 2016 the + * Trust-Status List is constitutive. + */ +// //evaluate QC statement according previous selected information +// if (qcSourceTSL) // Logger.debug("Certificate is QC (Source: TSL)"); -// +// // else { -// -// +// +// // // if TSL return no service-type identifier us information from certificate -// if (tslServiceTypeIdentifier == null || +// if (tslServiceTypeIdentifier == null || // MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { // // try certificate extensions QCP and QcEuCompliance // Logger.debug("QC check via TSL returned false - checking certificate extensions"); // boolean checkQCP = CertificateUtils.checkQCP(chain[0]); // boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); -// +// // if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { // Logger.debug("Certificate is QC (Source: Certificate)"); // qc = true; -// +// // } -// } +// } // } - - - //evaluate SSCD/QSCD results according previous selected information - if (sscdSourceTSL) - Logger.debug("Certificate is SSCD (Source: TSL)"); - - else { - // if SSCD check via TSL returns false - // try certificate extensions QCP+ and QcEuSSCD - Logger.debug("SSCD check via TSL returned false - checking certificate extensions"); - boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]); - boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]); - - if (checkQCPPlus || checkQcEuSSCD) { - Logger.debug("Certificate is SSCD (Source: Certificate)"); - sscd = true; - } - } - - //build basic result - QCSSCDResult result = new QCSSCDResult(qc, qcSourceTSL, sscd, sscdSourceTSL); - - //add additinal information - TslInfos extTslInfos = new TslInfosImpl( - tslCheckResult.getTerritory(), - tslCheckResult.getTspStatus(), - tslServiceTypeIdentifier.toString(), - tslCertificateQualifier, - tslCheckResult.getAdditionalServiceInformation()); - result.setTslInfos(extTslInfos); - - return result; - - } else { - Logger.debug("Qualifier check via TSL return null - checking certificate extensions without QC evaluation"); - return parseInfosFromCertificate(chain, false); - - } - - } else - Logger.info("TSL support is not enabled - checking certificate extensions with QC evaluation "); - return parseInfosFromCertificate(chain, true); - } - catch (TslException e) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); - - return new QCSSCDResult(); - } - - } - - private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain, boolean performQCEvaluation) { - boolean qc = false; - boolean sscd = false; - - // Trustprofile is not TSL enabled - use certificate extensions only - - if (performQCEvaluation) { - // perform QC check - // try certificate extensions QCP and QcEuCompliance - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - - if (checkQCP || checkQcEuCompliance) - qc = true; - - } - - // perform SSCD check - // try certificate extensions QCP+ and QcEuSSCD - boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]); - boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]); - - if (checkQCPPlus || checkQcEuSSCD) - sscd = true; - - return new QCSSCDResult(qc, false, sscd, false); - - } - - - /** - * Gets the country from the certificate issuer - * @param cert X509 certificate - * @return Country code from the certificate issuer - */ - public static String getIssuerCountry(X509Certificate cert) { - String country = null; - Principal issuerdn = cert.getIssuerX500Principal(); - RFC2253NameParser nameParser = new RFC2253NameParser(issuerdn.getName()); - - try { - Name name = nameParser.parse(); - country = name.getRDN(ObjectID.country); - } catch (RFC2253NameParserException e) { - Logger.warn("Could not get country code from issuer."); - } - - - return country; - } + + // evaluate SSCD/QSCD results according previous selected information + if (sscdSourceTSL) { + Logger.debug("Certificate is SSCD (Source: TSL)"); + } else { + // if SSCD check via TSL returns false + // try certificate extensions QCP+ and QcEuSSCD + Logger.debug("SSCD check via TSL returned false - checking certificate extensions"); + final boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]); + final boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]); + + if (checkQCPPlus || checkQcEuSSCD) { + Logger.debug("Certificate is SSCD (Source: Certificate)"); + sscd = true; + } + } + + // build basic result + final QCSSCDResult result = new QCSSCDResult(qc, qcSourceTSL, sscd, sscdSourceTSL); + + // add additinal information + final TslInfos extTslInfos = new TslInfosImpl( + tslCheckResult.getTerritory(), + tslCheckResult.getTspStatus(), + tslServiceTypeIdentifier.toString(), + tslCertificateQualifier, + tslCheckResult.getAdditionalServiceInformation()); + result.setTslInfos(extTslInfos); + + return result; + + } else { + Logger.debug( + "Qualifier check via TSL return null - checking certificate extensions without QC evaluation"); + return parseInfosFromCertificate(chain, false); + + } + + } else { + Logger.info("TSL support is not enabled - checking certificate extensions with QC evaluation "); + } + return parseInfosFromCertificate(chain, true); + } catch (final TslException e) { + final MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + + return new QCSSCDResult(); + } + + } + + private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain, + boolean performQCEvaluation) { + boolean qc = false; + boolean sscd = false; + + // Trustprofile is not TSL enabled - use certificate extensions only + + if (performQCEvaluation) { + // perform QC check + // try certificate extensions QCP and QcEuCompliance + final boolean checkQCP = CertificateUtils.checkQCP(chain[0]); + final boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); + + if (checkQCP || checkQcEuCompliance) { + qc = true; + } + + } + + // perform SSCD check + // try certificate extensions QCP+ and QcEuSSCD + final boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]); + final boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]); + + if (checkQCPPlus || checkQcEuSSCD) { + sscd = true; + } + + return new QCSSCDResult(qc, false, sscd, false); + + } + + /** + * Gets the country from the certificate issuer + * + * @param cert X509 certificate + * @return Country code from the certificate issuer + */ + public static String getIssuerCountry(X509Certificate cert) { + String country = null; + final Principal issuerdn = cert.getIssuerX500Principal(); + final RFC2253NameParser nameParser = new RFC2253NameParser(issuerdn.getName()); + + try { + final Name name = nameParser.parse(); + country = name.getRDN(ObjectID.country); + } catch (final RFC2253NameParserException e) { + Logger.warn("Could not get country code from issuer."); + } + + return country; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java index 859e7e9..be40a9e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java @@ -12,103 +12,103 @@ import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger;
public class ExternalURIVerifier {
-
- public static void verify(String host, int port) throws MOAApplicationException {
-
-
- if (host == null)
- return;
- if (host.equalsIgnoreCase(""))
- return;
-
- try {
- ConfigurationProvider config = ConfigurationProvider.getInstance();
-
- boolean allowExternalUris = config.getAllowExternalUris();
- List blacklist = config.getBlackListedUris();
- List whitelist = config.getWhiteListedUris();
-
- InetAddress hostInetAddress = InetAddress.getByName(host);
- String ip = hostInetAddress.getHostAddress();
-
-
- if (allowExternalUris) {
- // external URIs are allowed - check blacklist
- Iterator it = blacklist.iterator();
- while (it.hasNext()) {
- String[] array = (String[])it.next();
- String bhost = array[0];
- String bport = array[1];
- if (bport == null || port == -1) {
- // check only host
- if (ip.startsWith(bhost)) {
- Logger.debug(new LogMsg("Blacklist check: " + host + " (" + ip + ") blacklisted"));
- throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});
- }
- }
- else {
- // check host and port
- int iport = new Integer(bport).intValue();
- if (ip.startsWith(bhost) && (iport == port)) {
- Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port + " blacklisted"));
- throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});
- }
-
- }
- }
- }
- else {
- // external uris are forbidden - check whitelist
- Iterator it = whitelist.iterator();
- boolean allowed = false;
- while (it.hasNext()) {
- String[] array = (String[])it.next();
- String bhost = array[0];
- String bport = array[1];
- if (bport == null || port == -1) {
- // check only host
- if (ip.startsWith(bhost)) {
- Logger.debug(new LogMsg("Whitelist check: " + host + " (" + ip + ") whitelisted"));
- allowed = true;
- //throw new MOAApplicationException("4002", new Object[]{host + "(" + ip + ")"});
- }
- }
- else {
- // check host and port
- int iport = new Integer(bport).intValue();
- if (ip.startsWith(bhost) && (iport == port)) {
- Logger.debug(new LogMsg("Whitelist check: " + host + ":" + port + " (" + ip + ":" + port + " whitelisted"));
- //throw new MOAApplicationException("4002", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});
- allowed = true;
- }
-
- }
- }
-
- if (!allowed) {
- if (port != -1) {
- Logger.debug(new LogMsg("No external URIs allowed (" + host + ")"));
- throw new MOAApplicationException("4001", new Object[]{host + "(" + ip + ")"});
- }
- else {
- Logger.debug(new LogMsg("No external URIs allowed (" + host + ":" + port + ")"));
- throw new MOAApplicationException("4001", new Object[]{host + ":" + port + " (" + ip + ":" + port + ")"});
- }
-
- }
-
- }
-
- Logger.debug(new LogMsg("URI allowed: " + ip + ":" + port));
-
- } catch (ConfigurationException e) {
- throw new MOAApplicationException("config.10", null);
- } catch (UnknownHostException e) {
- throw new MOAApplicationException("4003", new Object[]{host});
- }
-
-
-
- }
+
+ public static void verify(String host, int port) throws MOAApplicationException {
+
+ if (host == null) {
+ return;
+ }
+ if (host.equalsIgnoreCase("")) {
+ return;
+ }
+
+ try {
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+
+ final boolean allowExternalUris = config.getAllowExternalUris();
+ final List blacklist = config.getBlackListedUris();
+ final List whitelist = config.getWhiteListedUris();
+
+ final InetAddress hostInetAddress = InetAddress.getByName(host);
+ final String ip = hostInetAddress.getHostAddress();
+
+ if (allowExternalUris) {
+ // external URIs are allowed - check blacklist
+ final Iterator it = blacklist.iterator();
+ while (it.hasNext()) {
+ final String[] array = (String[]) it.next();
+ final String bhost = array[0];
+ final String bport = array[1];
+ if (bport == null || port == -1) {
+ // check only host
+ if (ip.startsWith(bhost)) {
+ Logger.debug(new LogMsg("Blacklist check: " + host + " (" + ip + ") blacklisted"));
+ throw new MOAApplicationException("4002", new Object[] { host + "(" + ip + ")" });
+ }
+ } else {
+ // check host and port
+ final int iport = new Integer(bport).intValue();
+ if (ip.startsWith(bhost) && iport == port) {
+ Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port
+ + " blacklisted"));
+ throw new MOAApplicationException("4002", new Object[] { host + ":" + port + " (" + ip + ":"
+ + port + ")" });
+ }
+
+ }
+ }
+ } else {
+ // external uris are forbidden - check whitelist
+ final Iterator it = whitelist.iterator();
+ boolean allowed = false;
+ while (it.hasNext()) {
+ final String[] array = (String[]) it.next();
+ final String bhost = array[0];
+ final String bport = array[1];
+ if (bport == null || port == -1) {
+ // check only host
+ if (ip.startsWith(bhost)) {
+ Logger.debug(new LogMsg("Whitelist check: " + host + " (" + ip + ") whitelisted"));
+ allowed = true;
+ // throw new MOAApplicationException("4002", new Object[]{host + "(" + ip +
+ // ")"});
+ }
+ } else {
+ // check host and port
+ final int iport = new Integer(bport).intValue();
+ if (ip.startsWith(bhost) && iport == port) {
+ Logger.debug(new LogMsg("Whitelist check: " + host + ":" + port + " (" + ip + ":" + port
+ + " whitelisted"));
+ // throw new MOAApplicationException("4002", new Object[]{host + ":" + port + "
+ // (" + ip + ":" + port + ")"});
+ allowed = true;
+ }
+
+ }
+ }
+
+ if (!allowed) {
+ if (port != -1) {
+ Logger.debug(new LogMsg("No external URIs allowed (" + host + ")"));
+ throw new MOAApplicationException("4001", new Object[] { host + "(" + ip + ")" });
+ } else {
+ Logger.debug(new LogMsg("No external URIs allowed (" + host + ":" + port + ")"));
+ throw new MOAApplicationException("4001", new Object[] { host + ":" + port + " (" + ip + ":"
+ + port + ")" });
+ }
+
+ }
+
+ }
+
+ Logger.debug(new LogMsg("URI allowed: " + ip + ":" + port));
+
+ } catch (final ConfigurationException e) {
+ throw new MOAApplicationException("config.10", null);
+ } catch (final UnknownHostException e) {
+ throw new MOAApplicationException("4003", new Object[] { host });
+ }
+
+ }
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java index 3a9fe51..4f33617 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/FilteredOutputStream.java @@ -6,71 +6,73 @@ import java.io.OutputStream; import java.math.BigDecimal; public class FilteredOutputStream extends BufferedOutputStream { - private BigDecimal from = null; - private BigDecimal to = null; - private BigDecimal counter = new BigDecimal("0"); - BigDecimal one = new BigDecimal("1"); - - public FilteredOutputStream(OutputStream innerStream, - int bufferSize, BigDecimal from, - BigDecimal to) { - super(innerStream, bufferSize); - this.from = from; - this.to = to; - } + private BigDecimal from = null; + private BigDecimal to = null; + private BigDecimal counter = new BigDecimal("0"); + BigDecimal one = new BigDecimal("1"); - @Override - public synchronized void write(int b) throws IOException { - if(!inRange(counter)) { - super.write(b); - } - counter = counter.add(one); - } + public FilteredOutputStream(OutputStream innerStream, + int bufferSize, BigDecimal from, + BigDecimal to) { + super(innerStream, bufferSize); + this.from = from; + this.to = to; + } - @Override - public synchronized void write(byte[] b, int off, int len) throws IOException { - this.filteredWrite(b, off, len); - } + @Override + public synchronized void write(int b) throws IOException { + if (!inRange(counter)) { + super.write(b); + } + counter = counter.add(one); + } - @Override - public synchronized void flush() throws IOException { - super.flush(); - } + @Override + public synchronized void write(byte[] b, int off, int len) throws IOException { + this.filteredWrite(b, off, len); + } - @Override - public void write(byte[] b) throws IOException { - if(b != null) { - this.filteredWrite(b, 0, b.length); - } - } + @Override + public synchronized void flush() throws IOException { + super.flush(); + } - @Override - public void close() throws IOException { - super.close(); - } - - private synchronized void filteredWrite(byte[] b, int off, int len) throws IOException { - for(int i = 0; i < len; i++) { - if(!inRange(counter)) { - super.write(b[off+i]); - } - counter = counter.add(one); - } - } - - private boolean inRange(BigDecimal counter) { - if ( (from == null) || (to == null)) - return false; - - int compare = counter.compareTo(from); - if (compare == -1) - return false; - else { - compare = counter.compareTo(to); - if (compare == 1) - return false; - else - return true; - } - } + @Override + public void write(byte[] b) throws IOException { + if (b != null) { + this.filteredWrite(b, 0, b.length); + } + } + + @Override + public void close() throws IOException { + super.close(); + } + + private synchronized void filteredWrite(byte[] b, int off, int len) throws IOException { + for (int i = 0; i < len; i++) { + if (!inRange(counter)) { + super.write(b[off + i]); + } + counter = counter.add(one); + } + } + + private boolean inRange(BigDecimal counter) { + if (from == null || to == null) { + return false; + } + + int compare = counter.compareTo(from); + if (compare == -1) { + return false; + } else { + compare = counter.compareTo(to); + if (compare == 1) { + return false; + } else { + return true; + } + } + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java index ee6fe0a..047c2bf 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MOASPSSEntityResolver.java @@ -36,20 +36,21 @@ import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.util.Constants;
-
/**
- * An <code>EntityResolver</code> that looks up entities stored as
- * local resources.
- *
- * <p>The following DTDs are mapped to local resources:
+ * An <code>EntityResolver</code> that looks up entities stored as local
+ * resources.
+ *
+ * <p>
+ * The following DTDs are mapped to local resources:
* <ul>
* <li>The XMLSchema.dtd</li>
* <li>The datatypes.dtd</li>
* </ul>
* </p>
- * <p>For all other resources, an attempt is made to resolve them as resources,
+ * <p>
+ * For all other resources, an attempt is made to resolve them as resources,
* either absolute or relative to <code>Constants.SCHEMA_ROOT</code>.
- *
+ *
* @author Patrick Peck
* @author Sven Aigner
*/
@@ -57,65 +58,66 @@ public class MOASPSSEntityResolver implements EntityResolver { /**
* Resolve an entity.
- *
+ *
* The <code>systemId</code> parameter is used to perform the lookup of the
- * entity as a resource, either by interpreting the <code>systemId</code> as
- * an absolute resource path, or by appending the last path component of
+ * entity as a resource, either by interpreting the <code>systemId</code> as an
+ * absolute resource path, or by appending the last path component of
* <code>systemId</code> to <code>Constants.SCHEMA_ROOT</code>.
- *
+ *
* @param publicId The public ID of the resource.
* @param systemId The system ID of the resource.
* @return An <code>InputSource</code> from which the entity can be read, or
- * <code>null</code>, if the entity could not be found.
- * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String, java.lang.String)
+ * <code>null</code>, if the entity could not be found.
+ * @see org.xml.sax.EntityResolver#resolveEntity(java.lang.String,
+ * java.lang.String)
*/
+ @Override
public InputSource resolveEntity(String publicId, String systemId) throws SAXException {
InputStream stream;
int slashPos;
-
+
if (Logger.isDebugEnabled()) {
Logger.debug(
- new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
+ new LogMsg("resolveEntity: p=" + publicId + " s=" + systemId));
}
if (publicId != null) {
// check if we can resolve some standard dtd's
if (publicId.equalsIgnoreCase("-//W3C//DTD XMLSchema 200102//EN")) {
return new InputSource(
- getClass().getResourceAsStream(
- Constants.SCHEMA_ROOT + "XMLSchema.dtd"));
+ getClass().getResourceAsStream(
+ Constants.SCHEMA_ROOT + "XMLSchema.dtd"));
} else if (publicId.equalsIgnoreCase("datatypes")) {
return new InputSource(
- getClass().getResourceAsStream(
- Constants.SCHEMA_ROOT + "datatypes.dtd"));
+ getClass().getResourceAsStream(
+ Constants.SCHEMA_ROOT + "datatypes.dtd"));
}
} else if (systemId != null) {
// get the URI path
try {
- URI uri = new URI(systemId);
+ final URI uri = new URI(systemId);
systemId = uri.getPath();
-
+
if ("".equals(systemId.trim())) {
return null;
}
-
+
// if (!"file".equals(uri.getScheme()) || "".equals(systemId.trim())) {
// return null;
// }
ExternalURIVerifier.verify(uri.getHost(), uri.getPort());
-
- } catch (MalformedURIException e) {
+
+ } catch (final MalformedURIException e) {
return null;
- }
- catch (MOAApplicationException e) {
- throw new SAXException(e);
+ } catch (final MOAApplicationException e) {
+ throw new SAXException(e);
}
-
+
// try to get the resource from the full path
stream = getClass().getResourceAsStream(systemId);
if (stream != null) {
- InputSource source = new InputSource(stream);
+ final InputSource source = new InputSource(stream);
source.setSystemId(systemId);
return source;
@@ -126,9 +128,9 @@ public class MOASPSSEntityResolver implements EntityResolver { if (slashPos >= 0 && systemId.length() > slashPos) {
systemId = systemId.substring(slashPos + 1, systemId.length());
stream =
- getClass().getResourceAsStream(Constants.SCHEMA_ROOT + systemId);
+ getClass().getResourceAsStream(Constants.SCHEMA_ROOT + systemId);
if (stream != null) {
- InputSource source = new InputSource(stream);
+ final InputSource source = new InputSource(stream);
source.setSystemId(systemId);
return source;
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java index 47b8d36..cb83b3a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/MessageProvider.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.spss.util; import java.util.Locale; @@ -30,45 +29,45 @@ import at.gv.egovernment.moaspss.util.Messages; /** * Singleton wrapper around a <code>Messages</code> object. - * + * * @author Patrick Peck * @version $Id$ */ public class MessageProvider { - - /** The resource names of the messages to load. */ + + /** The resource names of the messages to load. */ private static final String[] DEFAULT_MESSAGE_RESOURCES = - { "resources/properties/spss_messages" }; + { "resources/properties/spss_messages" }; /** The corresponding message locales. */ private static final Locale[] DEFAULT_MESSAGE_LOCALES = - new Locale[] { new Locale("de", "AT") }; + new Locale[] { new Locale("de", "AT") }; /** The single instance of this class. */ private static MessageProvider instance; - + /** The messages provided by the <code>MessageProvider</code>. */ - private Messages messages; - + private final Messages messages; + /** * Return the single instance of the <code>MessageProvider</code>. - * + * * Intialilizes the <code>MessageProvider</code> with the default message * locations: <code>/resources/properties/spss_messages</code>. - * + * * @return The single <code>MessageProvider</code>. */ public static synchronized MessageProvider getInstance() { if (instance == null) { instance = - new MessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); + new MessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); } return instance; } /** * Create a <code>MessageProvider</code>. - * + * * @param resourceNames The names of the resources containing the messages. - * @param locales The corresponding locales. + * @param locales The corresponding locales. */ protected MessageProvider(String[] resourceNames, Locale[] locales) { this.messages = new Messages(resourceNames, locales); @@ -77,13 +76,12 @@ public class MessageProvider { /** * Get the message corresponding to a given message ID. * - * @param messageId The ID of the message. + * @param messageId The ID of the message. * @param parameters The parameters to fill in into the message arguments. - * @return The formatted message. + * @return The formatted message. */ public String getMessage(String messageId, Object[] parameters) { return messages.getMessage(messageId, parameters); } - } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java index e9b1f7d..9c684b1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/NodeListToNodeSetDataAdapter.java @@ -10,17 +10,17 @@ import org.w3c.dom.NodeList; public class NodeListToNodeSetDataAdapter implements NodeSetData { - private List list = new ArrayList(); - - public NodeListToNodeSetDataAdapter(NodeList list) { - for(int i = 0; i < list.getLength(); i++) { - this.list.add(list.item(i)); - } - } - - @Override - public Iterator iterator() { - return this.list.iterator(); - } + private final List list = new ArrayList(); + + public NodeListToNodeSetDataAdapter(NodeList list) { + for (int i = 0; i < list.getLength(); i++) { + this.list.add(list.item(i)); + } + } + + @Override + public Iterator iterator() { + return this.list.iterator(); + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java index c00225d..3e8a7fd 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/QCSSCDResult.java @@ -4,50 +4,50 @@ import at.gv.egovernment.moa.spss.api.common.TslInfos; public class QCSSCDResult { - private boolean qc; - private boolean qcSourceTSL; - - private boolean sscd; - private boolean sscdSourceTSL; - - private TslInfos tslInfos; - - - - public QCSSCDResult() { - this.qc = false; - this.qcSourceTSL = false; - this.sscd = false; - this.sscdSourceTSL = false; - } - - public QCSSCDResult(boolean qc, boolean qcSourceTSL, boolean sscd, boolean sscdSourceTSL) { - this.qc = qc; - this.qcSourceTSL = qcSourceTSL; - this.sscd = sscd; - this.sscdSourceTSL = sscdSourceTSL; - } - - public boolean isQC() { - return this.qc; - } - public boolean isQCSourceTSL() { - return this.qcSourceTSL; - } - public boolean isSSCD() { - return this.sscd; - } - public boolean isSSCDSourceTSL() { - return this.sscdSourceTSL; - } - - public TslInfos getTslInfos() { - return tslInfos; - } - - public void setTslInfos(TslInfos tslInfos) { - this.tslInfos = tslInfos; - } - - + private final boolean qc; + private final boolean qcSourceTSL; + + private final boolean sscd; + private final boolean sscdSourceTSL; + + private TslInfos tslInfos; + + public QCSSCDResult() { + this.qc = false; + this.qcSourceTSL = false; + this.sscd = false; + this.sscdSourceTSL = false; + } + + public QCSSCDResult(boolean qc, boolean qcSourceTSL, boolean sscd, boolean sscdSourceTSL) { + this.qc = qc; + this.qcSourceTSL = qcSourceTSL; + this.sscd = sscd; + this.sscdSourceTSL = sscdSourceTSL; + } + + public boolean isQC() { + return this.qc; + } + + public boolean isQCSourceTSL() { + return this.qcSourceTSL; + } + + public boolean isSSCD() { + return this.sscd; + } + + public boolean isSSCDSourceTSL() { + return this.sscdSourceTSL; + } + + public TslInfos getTslInfos() { + return tslInfos; + } + + public void setTslInfos(TslInfos tslInfos) { + this.tslInfos = tslInfos; + } + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ResetableInputStreamWrapper.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ResetableInputStreamWrapper.java index 243cd5d..f0e5326 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ResetableInputStreamWrapper.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ResetableInputStreamWrapper.java @@ -6,54 +6,54 @@ import java.io.InputStream; public class ResetableInputStreamWrapper extends InputStream { - private ByteArrayInputStream bais; - - public ResetableInputStreamWrapper(ByteArrayInputStream bais) { - this.bais = bais; - } - - @Override - public int read() throws IOException { - return this.bais.read(); - } - - @Override - public int read(byte[] b) throws IOException { - return this.bais.read(b); - } - - @Override - public int read(byte[] b, int off, int len) throws IOException { - return this.bais.read(b, off, len); - } - - @Override - public long skip(long n) throws IOException { - return this.bais.skip(n); - } - - @Override - public int available() throws IOException { - return this.bais.available(); - } - - @Override - public void close() throws IOException { - this.bais.close(); - } - - @Override - public synchronized void mark(int readlimit) { - this.bais.mark(readlimit); - } - - @Override - public synchronized void reset() throws IOException { - this.bais.reset(); - } - - @Override - public boolean markSupported() { - return this.bais.markSupported(); - } + private final ByteArrayInputStream bais; + + public ResetableInputStreamWrapper(ByteArrayInputStream bais) { + this.bais = bais; + } + + @Override + public int read() throws IOException { + return this.bais.read(); + } + + @Override + public int read(byte[] b) throws IOException { + return this.bais.read(b); + } + + @Override + public int read(byte[] b, int off, int len) throws IOException { + return this.bais.read(b, off, len); + } + + @Override + public long skip(long n) throws IOException { + return this.bais.skip(n); + } + + @Override + public int available() throws IOException { + return this.bais.available(); + } + + @Override + public void close() throws IOException { + this.bais.close(); + } + + @Override + public synchronized void mark(int readlimit) { + this.bais.mark(readlimit); + } + + @Override + public synchronized void reset() throws IOException { + this.bais.reset(); + } + + @Override + public boolean markSupported() { + return this.bais.markSupported(); + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java index edcac97..12e3837 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/SecProviderUtils.java @@ -7,16 +7,16 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SecProviderUtils { - - private static final Logger logger = LoggerFactory.getLogger(SecProviderUtils.class); - - - public static void dumpSecProviders(String message) { - - logger.info("Security Providers: {}", message); - - for(Provider provider : Security.getProviders()) { - logger.info(" - {} - {}", provider.getName(), provider.getVersion()); - } - } + + private static final Logger logger = LoggerFactory.getLogger(SecProviderUtils.class); + + public static void dumpSecProviders(String message) { + if (logger.isDebugEnabled()) { + logger.info("Security Providers: {}", message); + for (final Provider provider : Security.getProviders()) { + logger.info(" - {} - {}", provider.getName(), provider.getVersion()); + + } + } + } } |