private X509CRL checkAndExtractCRL(TrustedAuthority ta, X509Certificate signer)
throws IllegalTrustedAuthorityFault {
X509CRL crl = null;
if (ta.getCRL() != null) {
if (ta.getCRL().getCrlEncodedString() != null) {
try {
crl = CertUtil.loadCRL(ta.getCRL().getCrlEncodedString());
} catch (Exception ex) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("Invalid CRL provided!!!");
throw fault;
}
try {
crl.verify(signer.getPublicKey());
} catch (Exception e) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("The CRL provided is not signed by the Trusted Authority!!!");
throw fault;
}
}
}
return crl;
}
public synchronized void addTrustLevels(String name, TrustLevels tl)
throws GTSInternalFault, InvalidTrustedAuthorityFault, IllegalTrustedAuthorityFault {
if (tl != null) {
String[] levels = tl.getTrustLevel();
if ((levels != null) && (levels.length > 0)) {
for (int i = 0; i < levels.length; i++) {
if (!lookup.doesTrustLevelExist(levels[i])) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The trust levels for the Trusted Authority "
+ name
+ " could not be updated, the trust level "
+ levels[i]
+ " does not exist.");
throw fault;
}
}
}
removeTrustedAuthoritysTrustLevels(name);
if ((levels != null) && (levels.length > 0)) {
Connection c = null;
try {
c = db.getConnection();
for (int i = 0; i < levels.length; i++) {
PreparedStatement s =
c.prepareStatement(
"INSERT INTO "
+ TrustedAuthorityTrustLevelsTable.TABLE_NAME
+ " SET "
+ TrustedAuthorityTrustLevelsTable.NAME
+ "= ?, "
+ TrustedAuthorityTrustLevelsTable.TRUST_LEVEL
+ "= ?");
s.setString(1, name);
s.setString(2, levels[i]);
s.execute();
s.close();
}
} catch (Exception e) {
this.log.error(
"Unexpected database error incurred in adding the trust levels for the Trusted Authority, "
+ name
+ ": "
+ e.getMessage(),
e);
try {
this.removeTrustedAuthoritysTrustLevels(name);
} catch (Exception ex) {
this.log.error(ex.getMessage(), ex);
}
GTSInternalFault fault = new GTSInternalFault();
fault.setFaultString("Unexpected error removing the TrustedAuthority " + name);
throw fault;
} finally {
db.releaseConnection(c);
}
}
}
}
private X509Certificate checkAndExtractCertificate(TrustedAuthority ta)
throws IllegalTrustedAuthorityFault {
if (ta.getCertificate() == null) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("No certificate specified!!!");
throw fault;
}
if (ta.getCertificate().getCertificateEncodedString() == null) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("No certificate specified!!!");
throw fault;
}
try {
return CertUtil.loadCertificate(ta.getCertificate().getCertificateEncodedString());
} catch (Exception ex) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("Invalid certificate Provided!!!");
throw fault;
}
}
public synchronized TrustedAuthority addTrustedAuthority(TrustedAuthority ta, boolean internal)
throws GTSInternalFault, IllegalTrustedAuthorityFault {
this.buildDatabase();
X509Certificate cert = checkAndExtractCertificate(ta);
if ((ta.getName() != null) && (!ta.getName().equals(cert.getSubjectDN().toString()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority Name must match the subject of the Trusted Authority's certificate");
throw fault;
} else {
ta.setName(cert.getSubjectDN().toString());
}
if (this.doesTrustedAuthorityExist(ta.getName())) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("The Trusted Authority " + ta.getName() + " already exists.");
throw fault;
}
X509CRL crl = checkAndExtractCRL(ta, cert);
if (ta.getTrustLevels() != null) {
if (ta.getTrustLevels().getTrustLevel() != null) {
for (int i = 0; i < ta.getTrustLevels().getTrustLevel().length; i++) {
if (!lookup.doesTrustLevelExist(ta.getTrustLevels().getTrustLevel()[i])) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority "
+ ta.getName()
+ " could not be added, the trust level "
+ ta.getTrustLevels().getTrustLevel()[i]
+ " does not exist.");
throw fault;
}
}
}
}
if (ta.getStatus() == null) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("No status specified for the Trusted Authority!!!");
throw fault;
}
if (internal) {
ta.setIsAuthority(Boolean.TRUE);
ta.setAuthorityGTS(gtsURI);
ta.setSourceGTS(gtsURI);
ta.setExpires(0);
} else {
if ((ta.getIsAuthority() == null)) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority "
+ ta.getName()
+ " cannot be added because it does not specify whether or not this GTS is the authority of it.");
throw fault;
}
if (ta.getAuthorityGTS() == null) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority "
+ ta.getName()
+ " cannot be added because it does not specify an authority trust service.");
throw fault;
}
if (ta.getSourceGTS() == null) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority "
+ ta.getName()
+ " cannot be added because it does not specify an source trust service.");
throw fault;
}
if ((!ta.getIsAuthority().booleanValue()) && (ta.getExpires() <= 0)) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority "
+ ta.getName()
+ " cannot be added because it does not specify an expiration.");
throw fault;
}
if ((ta.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority "
+ ta.getName()
+ " cannot be added, a conflict was detected, this gts ("
+ gtsURI
+ ") was specified as its authority, however the URI of another GTS ( "
+ ta.getAuthorityGTS()
+ ") was specified.");
throw fault;
}
}
insertTrustedAuthority(ta, cert, crl);
return ta;
}
public synchronized void updateTrustedAuthority(TrustedAuthority ta, boolean internal)
throws GTSInternalFault, IllegalTrustedAuthorityFault, InvalidTrustedAuthorityFault {
TrustedAuthority curr = this.getTrustedAuthority(ta.getName());
StringBuffer sql = new StringBuffer();
boolean needsUpdate = false;
UpdateStatement update = new UpdateStatement(TrustedAuthorityTable.TABLE_NAME);
if (internal) {
if (!curr.getAuthorityGTS().equals(gtsURI)) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority cannot be updated, the GTS ("
+ gtsURI
+ ") is not its authority!!!");
throw fault;
}
if ((clean(ta.getAuthorityGTS()) != null)
&& (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The authority trust service for a Trusted Authority cannot be changed");
throw fault;
}
if (ta.getCertificate() != null) {
if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
&& (!ta.getCertificate().equals(curr.getCertificate()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("The certificate for a Trusted Authority cannot be changed");
throw fault;
}
}
if ((clean(ta.getSourceGTS()) != null) && (!ta.getSourceGTS().equals(curr.getSourceGTS()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("The source trust service for a Trusted Authority cannot be changed");
throw fault;
}
} else {
if ((curr.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority "
+ ta.getName()
+ " cannot be updated, a conflict was detected, this gts ("
+ gtsURI
+ ") was specified as its authority, however the URI of another GTS ( "
+ ta.getAuthorityGTS()
+ ") was specified.");
throw fault;
}
if (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS())) {
update.addField(TrustedAuthorityTable.AUTHORITY_GTS, ta.getAuthorityGTS());
needsUpdate = true;
}
if (ta.getCertificate() != null) {
if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
&& (!ta.getCertificate().equals(curr.getCertificate()))) {
X509Certificate cert = checkAndExtractCertificate(ta);
if ((!ta.getName().equals(cert.getSubjectDN().toString()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority Name must match the subject of the Trusted Authority's certificate");
throw fault;
}
update.addField(
TrustedAuthorityTable.CERTIFICATE, ta.getCertificate().getCertificateEncodedString());
needsUpdate = true;
}
}
if (!ta.getSourceGTS().equals(curr.getSourceGTS())) {
update.addField(TrustedAuthorityTable.SOURCE_GTS, ta.getSourceGTS());
needsUpdate = true;
}
if (ta.getExpires() != curr.getExpires()) {
update.addField(TrustedAuthorityTable.EXPIRES, Long.valueOf(ta.getExpires()));
needsUpdate = true;
}
}
if ((ta.getIsAuthority() != null) && (!ta.getIsAuthority().equals(curr.getIsAuthority()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("The authority trust service for a Trusted Authority cannot be changed");
throw fault;
}
if (ta.getCRL() != null) {
if ((clean(ta.getCRL().getCrlEncodedString()) != null)
&& (!ta.getCRL().equals(curr.getCRL()))) {
TrustedAuthority temp = curr;
if (ta.getCertificate() != null) {
temp = ta;
}
X509Certificate cert = checkAndExtractCertificate(temp);
checkAndExtractCRL(ta, cert);
update.addField(TrustedAuthorityTable.CRL, ta.getCRL().getCrlEncodedString());
needsUpdate = true;
}
} else {
if (!internal) {
if (curr.getCRL() != null) {
update.addField(TrustedAuthorityTable.CRL, "");
needsUpdate = true;
}
}
}
if ((ta.getStatus() != null) && (!ta.getStatus().equals(curr.getStatus()))) {
update.addField(TrustedAuthorityTable.STATUS, ta.getStatus().getValue());
needsUpdate = true;
}
boolean updateTrustLevels = false;
if ((ta.getTrustLevels() != null)
&& (!this.areTrustLevelEquals(
ta.getTrustLevels().getTrustLevel(), curr.getTrustLevels().getTrustLevel()))) {
needsUpdate = true;
updateTrustLevels = true;
}
if (!ta.equals(curr)) {
if (needsUpdate) {
Connection c = null;
try {
Calendar cal = new GregorianCalendar();
ta.setLastUpdated(cal.getTimeInMillis());
update.addField(TrustedAuthorityTable.LAST_UPDATED, Long.valueOf(ta.getLastUpdated()));
update.addWhereField(TrustedAuthorityTable.NAME, "=", ta.getName());
c = db.getConnection();
PreparedStatement s = update.prepareUpdateStatement(c);
s.execute();
s.close();
} catch (Exception e) {
this.log.error(
"Unexpected database error incurred in updating "
+ ta.getName()
+ ", the following statement generated the error: \n"
+ sql.toString()
+ "\n",
e);
GTSInternalFault fault = new GTSInternalFault();
fault.setFaultString("Unexpected error occurred in updating " + ta.getName() + ".");
throw fault;
} finally {
if (c != null) {
db.releaseConnection(c);
}
}
if (updateTrustLevels) {
this.addTrustLevels(ta.getName(), ta.getTrustLevels());
}
}
}
}
