Esempio n. 1
0
  private X509CRL checkAndExtractCRL(TrustedAuthority ta, X509Certificate signer)
      throws IllegalTrustedAuthorityFault {
    X509CRL crl = null;
    if (ta.getCRL() != null) {

      if (ta.getCRL().getCrlEncodedString() != null) {
        try {
          crl = CertUtil.loadCRL(ta.getCRL().getCrlEncodedString());
        } catch (Exception ex) {
          IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
          fault.setFaultString("Invalid CRL provided!!!");
          throw fault;
        }
        try {
          crl.verify(signer.getPublicKey());
        } catch (Exception e) {
          IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
          fault.setFaultString("The CRL provided is not signed by the Trusted Authority!!!");
          throw fault;
        }
      }
    }

    return crl;
  }
Esempio n. 2
0
  private synchronized void insertTrustedAuthority(
      TrustedAuthority ta, X509Certificate cert, X509CRL crl) throws GTSInternalFault {
    StringBuffer insert = new StringBuffer();
    buildDatabase();
    Connection c = null;
    try {

      Calendar cal = new GregorianCalendar();
      ta.setLastUpdated(cal.getTimeInMillis());
      insert.append(
          "INSERT INTO "
              + TrustedAuthorityTable.TABLE_NAME
              + " SET "
              + TrustedAuthorityTable.NAME
              + "= ?"
              + ","
              + TrustedAuthorityTable.CERTIFICATE_DN
              + "= ?,"
              + TrustedAuthorityTable.STATUS
              + "= ?,"
              + TrustedAuthorityTable.IS_AUTHORITY
              + "= ?,"
              + TrustedAuthorityTable.AUTHORITY_GTS
              + "= ?,"
              + TrustedAuthorityTable.SOURCE_GTS
              + "= ?,"
              + TrustedAuthorityTable.EXPIRES
              + "= ?,"
              + TrustedAuthorityTable.LAST_UPDATED
              + "= ?,"
              + TrustedAuthorityTable.CERTIFICATE
              + "= ?");

      if (crl != null) {
        insert.append("," + TrustedAuthorityTable.CRL + "= ?");
      }
      c = db.getConnection();
      PreparedStatement s = c.prepareStatement(insert.toString());
      s.setString(1, ta.getName());
      s.setString(2, cert.getSubjectDN().toString());
      s.setString(3, ta.getStatus().getValue());
      s.setString(4, String.valueOf(ta.getIsAuthority().booleanValue()));
      s.setString(5, ta.getAuthorityGTS());
      s.setString(6, ta.getSourceGTS());
      s.setLong(7, ta.getExpires());
      s.setLong(8, ta.getLastUpdated());
      s.setString(9, ta.getCertificate().getCertificateEncodedString());
      if (crl != null) {
        s.setString(10, ta.getCRL().getCrlEncodedString());
      }
      s.execute();
      s.close();
      this.addTrustLevels(ta.getName(), ta.getTrustLevels());
    } catch (Exception e) {
      this.log.error(
          "Unexpected database error incurred in adding the Trusted Authority, "
              + ta.getName()
              + ", the following statement generated the error: \n"
              + insert.toString()
              + "\n",
          e);
      try {
        this.removeTrustedAuthority(ta.getName());
      } catch (Exception ex) {
        this.log.error(e.getMessage(), e);
      }
      GTSInternalFault fault = new GTSInternalFault();
      fault.setFaultString(
          "Unexpected error adding the Trusted Authority, " + ta.getName() + "!!!");
      throw fault;
    } finally {
      db.releaseConnection(c);
    }
  }
Esempio n. 3
0
  public synchronized void updateTrustedAuthority(TrustedAuthority ta, boolean internal)
      throws GTSInternalFault, IllegalTrustedAuthorityFault, InvalidTrustedAuthorityFault {

    TrustedAuthority curr = this.getTrustedAuthority(ta.getName());
    StringBuffer sql = new StringBuffer();
    boolean needsUpdate = false;
    UpdateStatement update = new UpdateStatement(TrustedAuthorityTable.TABLE_NAME);
    if (internal) {
      if (!curr.getAuthorityGTS().equals(gtsURI)) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority cannot be updated, the GTS ("
                + gtsURI
                + ") is not its authority!!!");
        throw fault;
      }

      if ((clean(ta.getAuthorityGTS()) != null)
          && (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS()))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The authority trust service for a Trusted Authority cannot be changed");
        throw fault;
      }

      if (ta.getCertificate() != null) {
        if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
            && (!ta.getCertificate().equals(curr.getCertificate()))) {
          IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
          fault.setFaultString("The certificate for a Trusted Authority cannot be changed");
          throw fault;
        }
      }

      if ((clean(ta.getSourceGTS()) != null) && (!ta.getSourceGTS().equals(curr.getSourceGTS()))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString("The source trust service for a Trusted Authority cannot be changed");
        throw fault;
      }

    } else {

      if ((curr.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be updated, a conflict was detected, this gts ("
                + gtsURI
                + ") was specified as its authority, however the URI of another GTS ( "
                + ta.getAuthorityGTS()
                + ") was specified.");
        throw fault;
      }

      if (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS())) {
        update.addField(TrustedAuthorityTable.AUTHORITY_GTS, ta.getAuthorityGTS());
        needsUpdate = true;
      }

      if (ta.getCertificate() != null) {
        if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
            && (!ta.getCertificate().equals(curr.getCertificate()))) {
          X509Certificate cert = checkAndExtractCertificate(ta);
          if ((!ta.getName().equals(cert.getSubjectDN().toString()))) {
            IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
            fault.setFaultString(
                "The Trusted Authority Name must match the subject of the Trusted Authority's certificate");
            throw fault;
          }

          update.addField(
              TrustedAuthorityTable.CERTIFICATE, ta.getCertificate().getCertificateEncodedString());
          needsUpdate = true;
        }
      }

      if (!ta.getSourceGTS().equals(curr.getSourceGTS())) {
        update.addField(TrustedAuthorityTable.SOURCE_GTS, ta.getSourceGTS());
        needsUpdate = true;
      }

      if (ta.getExpires() != curr.getExpires()) {
        update.addField(TrustedAuthorityTable.EXPIRES, Long.valueOf(ta.getExpires()));
        needsUpdate = true;
      }
    }

    if ((ta.getIsAuthority() != null) && (!ta.getIsAuthority().equals(curr.getIsAuthority()))) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("The authority trust service for a Trusted Authority cannot be changed");
      throw fault;
    }

    if (ta.getCRL() != null) {
      if ((clean(ta.getCRL().getCrlEncodedString()) != null)
          && (!ta.getCRL().equals(curr.getCRL()))) {
        TrustedAuthority temp = curr;
        if (ta.getCertificate() != null) {
          temp = ta;
        }
        X509Certificate cert = checkAndExtractCertificate(temp);
        checkAndExtractCRL(ta, cert);
        update.addField(TrustedAuthorityTable.CRL, ta.getCRL().getCrlEncodedString());
        needsUpdate = true;
      }
    } else {
      if (!internal) {
        if (curr.getCRL() != null) {
          update.addField(TrustedAuthorityTable.CRL, "");
          needsUpdate = true;
        }
      }
    }

    if ((ta.getStatus() != null) && (!ta.getStatus().equals(curr.getStatus()))) {
      update.addField(TrustedAuthorityTable.STATUS, ta.getStatus().getValue());
      needsUpdate = true;
    }
    boolean updateTrustLevels = false;

    if ((ta.getTrustLevels() != null)
        && (!this.areTrustLevelEquals(
            ta.getTrustLevels().getTrustLevel(), curr.getTrustLevels().getTrustLevel()))) {
      needsUpdate = true;
      updateTrustLevels = true;
    }

    if (!ta.equals(curr)) {
      if (needsUpdate) {
        Connection c = null;
        try {
          Calendar cal = new GregorianCalendar();
          ta.setLastUpdated(cal.getTimeInMillis());
          update.addField(TrustedAuthorityTable.LAST_UPDATED, Long.valueOf(ta.getLastUpdated()));
          update.addWhereField(TrustedAuthorityTable.NAME, "=", ta.getName());
          c = db.getConnection();
          PreparedStatement s = update.prepareUpdateStatement(c);
          s.execute();
          s.close();
        } catch (Exception e) {
          this.log.error(
              "Unexpected database error incurred in updating "
                  + ta.getName()
                  + ", the following statement generated the error: \n"
                  + sql.toString()
                  + "\n",
              e);
          GTSInternalFault fault = new GTSInternalFault();
          fault.setFaultString("Unexpected error occurred in updating " + ta.getName() + ".");
          throw fault;
        } finally {
          if (c != null) {
            db.releaseConnection(c);
          }
        }
        if (updateTrustLevels) {
          this.addTrustLevels(ta.getName(), ta.getTrustLevels());
        }
      }
    }
  }