From 8574f931c169248c67c3a5946351f9072628af46 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 2 Jan 2017 16:35:43 +0100 Subject: first untested beta version with new TSL lib --- .../server/config/ConfigurationPartsBuilder.java | 319 ++++++++------------- 1 file changed, 113 insertions(+), 206 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 6c826ad..1b47013 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -42,6 +42,7 @@ import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; import java.net.MalformedURLException; +import java.net.URISyntaxException; import java.security.Principal; import java.util.ArrayList; import java.util.Arrays; @@ -70,6 +71,7 @@ import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.Constants; import at.gv.egovernment.moaspss.util.DOMUtils; import at.gv.egovernment.moaspss.util.FileUtils; +import at.gv.egovernment.moaspss.util.MiscUtil; import at.gv.egovernment.moaspss.util.StringUtils; import at.gv.egovernment.moaspss.util.XPathUtils; @@ -1220,238 +1222,105 @@ public class ConfigurationPartsBuilder { * * @return The profile ID to profile mapping. */ - public Map buildTrustProfiles(String tslWorkingDir) + + public Map buildTrustProfiles() { Map trustProfiles = new HashMap(); NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); Element profileElem; - while ((profileElem = (Element) profileIter.nextNode()) != null) - { - String id = getElementValue(profileElem, CONF + "Id", null); - String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); - String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); - boolean tslEnabled = false; - if (eutslElem != null) //EUTSL element found --> TSL enabled - tslEnabled = true; - - String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", null); - - URI trustAnchorsLocURI = null; - try - { - trustAnchorsLocURI = new URI(trustAnchorsLocStr); - if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file - trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); - } - } - catch (URIException e) { - warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); - continue; - } - catch (MalformedURLException e) - { - warn("config.15", new Object[] {id}, e); - continue; - } - - File profileDir = new File(trustAnchorsLocURI.getPath()); - if (!profileDir.exists() || !profileDir.isDirectory()) { - warn("config.27", new Object[] { "uri", id }); - continue; - } - - - - if (trustProfiles.containsKey(id)) { - warn("config.04", new Object[] { "TrustProfile", id }); - continue; - } - - URI signerCertsLocURI = null; - if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) - { + while ((profileElem = (Element) profileIter.nextNode()) != null) { + //load basic TrustProfile information + + //check TrustProfileId + String id = getElementValue(profileElem, CONF + "Id", null); + if (MiscUtil.isEmpty(id)) { + warn("config.52", new Object[]{"Id des TrustProfiles ist leer."}); + continue; + + } + //cast profileId to lowercase (changed in 3.0.1) + id = id.trim().toLowerCase(); + if (trustProfiles.containsKey(id)) { + warn("config.04", new Object[] { "TrustProfile", id }); + continue; + } + + //check location of TrustAnchor directory + String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); + URI trustAnchorsLocURI = null; try { - signerCertsLocURI = new URI(signerCertsLocStr); - if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); - - File signerCertsDir = new File(signerCertsLocURI.getPath()); - if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { - warn("config.27", new Object[] { "signerCertsUri", id }); - continue; + trustAnchorsLocURI = new URI(trustAnchorsLocStr); + if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file + trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); } } catch (URIException e) { - warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); + warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); continue; } - catch (MalformedURLException e) { + catch (MalformedURLException e) + { warn("config.15", new Object[] {id}, e); continue; } - } - - signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - - TrustProfile profile = null; - - if (tslEnabled) { - // create new trust anchor location (=tslworking trust profile) - File fTslWorkingDir = new File(tslWorkingDir); - File tp = new File(fTslWorkingDir, "trustprofiles"); - if (!tp.exists()) - tp.mkdir(); - if (!tp.isDirectory()) { - error("config.50", new Object[] { tp.getPath() }); - } - - File tpid = new File(tp, id); - if (!tpid.exists()) - tpid.mkdir(); - if (!tpid.isDirectory()) { - error("config.50", new Object[] { tpid.getPath() }); - } - - - // create profile - profile = new TrustProfile(id, tpid.getAbsolutePath(), signerCertsLocStr, tslEnabled, countries); - - // set original uri (save original trust anchor location) - profile.setUriOrig(trustAnchorsLocURI.getPath()); - - // delete files in tslworking trust profile - File[] files = tpid.listFiles(); - for (File file : files) - file.delete(); - - // copy files from trustAnchorsLocURI into tslworking trust profile kopieren - File src = new File(trustAnchorsLocURI.getPath()); - files = src.listFiles(); - for (File file : files) { - FileUtils.copyFile(file, new File(tpid, file.getName())); - } - - - } else { - - profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries); - - } - - trustProfiles.put(id, profile); - - } - - return trustProfiles; - } - - /** - * Build the trust profile mapping. - * - * @return The profile ID to profile mapping. - */ - public Map buildTrustProfiles() - { - Map trustProfiles = new HashMap(); - NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); - Element profileElem; - - while ((profileElem = (Element) profileIter.nextNode()) != null) - { - String id = getElementValue(profileElem, CONF + "Id", null); - String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); - String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - - URI trustAnchorsLocURI = null; - try - { - trustAnchorsLocURI = new URI(trustAnchorsLocStr); - if (!trustAnchorsLocURI.isAbsolute()) { // make it absolute to the config file - trustAnchorsLocURI = new URI(configRoot_.toURL() + trustAnchorsLocStr); + File profileDir = new File(trustAnchorsLocURI.getPath()); + if (!profileDir.exists() || !profileDir.isDirectory()) { + warn("config.27", new Object[] { "uri", id }); + continue; } - } - catch (URIException e) { - warn("config.14", new Object[] { "uri", id, trustAnchorsLocStr }, e); - continue; - } - catch (MalformedURLException e) - { - warn("config.15", new Object[] {id}, e); - continue; - } - File profileDir = new File(trustAnchorsLocURI.getPath()); - if (!profileDir.exists() || !profileDir.isDirectory()) { - warn("config.27", new Object[] { "uri", id }); - continue; - } - - - - if (trustProfiles.containsKey(id)) { - warn("config.04", new Object[] { "TrustProfile", id }); - continue; - } - - URI signerCertsLocURI = null; - if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) - { - try + //check signerCertsLocation URL + String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); + URI signerCertsLocURI = null; + if (signerCertsLocStr != null && !"".equals(signerCertsLocStr)) { - signerCertsLocURI = new URI(signerCertsLocStr); - if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); - - File signerCertsDir = new File(signerCertsLocURI.getPath()); - if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { - warn("config.27", new Object[] { "signerCertsUri", id }); + try + { + signerCertsLocURI = new URI(signerCertsLocStr); + if (!signerCertsLocURI.isAbsolute()) signerCertsLocURI = new URI(configRoot_.toURL() + signerCertsLocStr); + + File signerCertsDir = new File(signerCertsLocURI.getPath()); + if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { + warn("config.27", new Object[] { "signerCertsUri", id }); + continue; + } + } + catch (URIException e) { + warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); continue; } - } - catch (URIException e) { - warn("config.14", new Object[] { "signerCertsUri", id, trustAnchorsLocStr }, e); - continue; - } - catch (MalformedURLException e) { - warn("config.15", new Object[] {id}, e); - continue; - } - } - - signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - - TrustProfile profile = null; - - profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, false, null); + catch (MalformedURLException e) { + warn("config.15", new Object[] {id}, e); + continue; + } + } + signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; + + + //check if TSL support is enabled + Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); + boolean tslEnabled = false; + if (eutslElem != null) //EUTSL element found --> TSL enabled + tslEnabled = true; + + //load TSL configuration + String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", null); + String allowedTspStatus = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "AllowedTSPStatus", null); + String allowedTspServiceTypes = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "AllowedTSPServiceTypes", null); - trustProfiles.put(id, profile); + + //create profile configuration + TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, + tslEnabled, countries, allowedTspStatus, allowedTspServiceTypes); + trustProfiles.put(id, profile); } return trustProfiles; } - - /** - * checks if a trustprofile with TSL support is enabled - * - * @return true if TSL support is enabled in at least one trustprofile, else false - */ - public boolean checkTrustProfilesTSLenabled() - { - NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH); - Element profileElem; - - boolean tslSupportEnabled = false; - while ((profileElem = (Element) profileIter.nextNode()) != null) { - Element eutslElem = (Element) XPathUtils.selectSingleNode(profileElem, CONF + "EUTSL"); - if (eutslElem != null) //EUTSL element found --> TSL enabled - tslSupportEnabled = true; - } - - return tslSupportEnabled; - } - + /** * Returns the location of the certificate store. * @@ -1805,6 +1674,44 @@ public class ConfigurationPartsBuilder { debug("config.39", new Object[] { "WorkingDirectory", workingDirectoryStr }); } + String qcQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "Evaluation/" + CONF + "QCQualifier", null); + if (MiscUtil.isEmpty(qcQualifier)) + info("config.39", new Object[] { "Evaluation/QCQualifier", " EMPTY" }); + + else { + String[] qcQualList = qcQualifier.split(","); + for (String el : qcQualList) { + try { + tslconfiguration.addQualifierForQC(new java.net.URI(el.trim())); + //info("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }); + + } catch (URISyntaxException e) { + warn("config.39", new Object[] { "Evaluation/QCQualifier", el.trim() }, e); + + } + + } + } + + String sscdQualifier = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "Evaluation/" + CONF + "SSCDQualifier", null); + if (MiscUtil.isEmpty(qcQualifier)) + info("config.39", new Object[] { "Evaluation/SSCDQualifier", " EMPTY" }); + + else { + String[] sscdQualList = sscdQualifier.split(","); + for (String el : sscdQualList) { + try { + tslconfiguration.addQualifierForSSCD(new java.net.URI(el.trim())); + //info("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }); + + } catch (URISyntaxException e) { + warn("config.39", new Object[] { "Evaluation/SSCDQualifier", el.trim() }, e); + + } + + } + } + // convert update schedule starting time to Date object Calendar Cal = DatatypeConverter.parseDateTime(updateScheduleStartTime); Date updateScheduleStartTimeDate = Cal.getTime(); -- cgit v1.2.3