From 0872d2d8a64fd701776b272f49222428d8def07f Mon Sep 17 00:00:00 2001
From: Andreas Fitzek <andreas.fitzek@iaik.tugraz.at>
Date: Tue, 3 Nov 2015 14:38:34 +0100
Subject: initial commit

---
 .../moa/spss/tsl/timer/TSLUpdaterTimerTask.java    | 212 +++++++++++++++++++++
 1 file changed, 212 insertions(+)
 create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java

(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
new file mode 100644
index 0000000..e06abe4
--- /dev/null
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -0,0 +1,212 @@
+package at.gv.egovernment.moa.spss.tsl.timer;
+
+import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.truststore.TrustStoreException;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.utils.StoreUpdater;
+import iaik.server.ConfigurationData;
+import iaik.x509.X509Certificate;
+import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
+import iaik.xml.crypto.tsl.ex.TSLSearchException;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.TimerTask;
+
+import at.gv.egovernment.moa.logging.LogMsg;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
+import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.StringUtils;
+
+
+public class TSLUpdaterTimerTask extends TimerTask {
+	
+	public static TSLConnector tslconnector_;
+	
+	public static ConfigurationData configData_ = null;
+
+	@Override
+	public void run() {
+		
+		try {
+			Logger.info("Start TSL Update");
+			update();
+			Logger.info("Finished TSL Update");
+		} catch (TSLEngineDiedException e) {
+			MessageProvider msg = MessageProvider.getInstance();
+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
+		} catch (TSLSearchException e) {
+			MessageProvider msg = MessageProvider.getInstance();
+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
+		} catch (ConfigurationException e) {
+			MessageProvider msg = MessageProvider.getInstance();
+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
+		} catch (MOAApplicationException e) {
+			MessageProvider msg = MessageProvider.getInstance();
+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
+		} catch (CertStoreException e) {
+			MessageProvider msg = MessageProvider.getInstance();
+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
+		} catch (TrustStoreException e) {
+			MessageProvider msg = MessageProvider.getInstance();
+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
+		}  catch (FileNotFoundException e) {
+			MessageProvider msg = MessageProvider.getInstance();
+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
+		} catch (IOException e) {
+			MessageProvider msg = MessageProvider.getInstance();
+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
+		} catch (CertificateException e) {
+			MessageProvider msg = MessageProvider.getInstance();
+			Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
+		}
+
+	}
+	
+	public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, IOException {
+		MessageProvider msg = MessageProvider.getInstance();
+		
+		//TrustProfile tp = null;
+		TrustStoreProfile tsp = null;
+		StoreUpdater storeUpdater = null;
+		TransactionId tid = null;
+		
+			//get TSl configuration
+			ConfigurationProvider config = ConfigurationProvider.getInstance();
+			if (configData_ == null)
+				configData_ = new IaikConfigurator().configure(config);
+			
+			TSLConfiguration tslconfig = config.getTSLConfiguration();
+			if (tslconfig != null) {
+				
+				tslconnector_.updateTSLs(new Date(), new String[]{"accredited","undersupervision"});
+				
+				Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+				
+				// get certstore parameters
+				CertStoreParameters[] certStoreParameters = configData_.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+					
+				// iterate over all truststores
+				Map mapTrustProfiles = config.getTrustProfiles();
+				Iterator it = mapTrustProfiles.entrySet().iterator();
+				while (it.hasNext()) {
+					Map.Entry pairs = (Map.Entry)it.next();
+					TrustProfile tp = (TrustProfile) pairs.getValue();
+					if (tp.isTSLEnabled()) {
+						tsp = new TrustStoreProfileImpl(config, tp.getId());
+						TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
+						trustStoreProfiles[0] = tsp;
+						
+						Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
+			         
+						tid = new TransactionId("TSLConfigurator-" + tp.getId());
+						ArrayList tsl_certs = null;
+						if (StringUtils.isEmpty(tp.getCountries())) {
+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+	
+							// get certificates from TSL from all countries
+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
+						}
+						else {
+							Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+							// get selected countries as array
+							String countries = tp.getCountries();
+							String[] array = countries.split(",");
+							for (int i = 0; i < array.length; i++)
+								array[i] = array[i].trim();
+			                	  
+							// get certificates from TSL from given countries
+							tsl_certs = tslconnector_.getQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
+						}
+						
+						// create store updater for each TSL enabled truststore 
+						Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
+						storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+						
+						// delete files in trustprofile
+						
+						File ftp = new File(tp.getUri());
+						File[] files = ftp.listFiles();
+						X509Certificate[] removeCertificates = new X509Certificate[files.length];
+						int i = 0;
+						for (File file : files) {
+							FileInputStream fis = new FileInputStream(file);
+							removeCertificates[i] = new X509Certificate(fis);
+							i++;
+							fis.close();
+								//file.delete();
+						}
+						
+						// remove all certificates
+						storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+						storeUpdater.removeCertificatesFromCertStores(removeCertificates, tid);
+						
+						
+						// copy files from original trustAnchorsLocURI into tslworking trust profile
+				    	File src = new File(tp.getUriOrig());
+				    	files = src.listFiles();
+				    	X509Certificate[] addCertificates = new X509Certificate[files.length];
+				    	i = 0;
+				        for (File file : files) {
+				        	FileInputStream fis = new FileInputStream(file);
+				        	addCertificates[i] = new X509Certificate(fis);
+				        	//FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));
+				        	i++;
+				        	fis.close();
+				        }
+						
+				        // convert ArrayList<File> to X509Certificate[]						
+				        if (tsl_certs == null) {
+				        	Logger.warn("No certificates from TSL imported.");
+				        	//throw new TSLSearchException("No certificates from TSL imported.");
+				        }
+				        else {
+				        
+				        	X509Certificate[] addCertificatesTSL = new X509Certificate[tsl_certs.size()];
+				        	Iterator itcert = tsl_certs.iterator();
+				        	i = 0;
+				        	File f = null;
+				        	while(itcert.hasNext()) {
+				        		f = (File)itcert.next();
+				        		FileInputStream fis = new FileInputStream(f);
+				        		X509Certificate cert = new X509Certificate(fis);
+				        		addCertificatesTSL[i] = cert;
+								
+				        		i++;
+				        		fis.close();
+				        	}
+						  
+				        	Logger.debug(new LogMsg("Add " + addCertificatesTSL.length + " certificates."));
+				        	storeUpdater.addCertificatesToTrustStores(addCertificatesTSL, tid);
+				        	storeUpdater.addCertificatesToCertStores(addCertificatesTSL, tid);
+						
+				        	Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+				        	storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+				        	storeUpdater.addCertificatesToCertStores(addCertificates, tid);
+				        }			            
+					}
+				}
+			}
+		
+
+		
+	}
+
+}
-- 
cgit v1.2.3