private X509CRL checkAndExtractCRL(TrustedAuthority ta, X509Certificate signer)
throws IllegalTrustedAuthorityFault {
X509CRL crl = null;
if (ta.getCRL() != null) {
if (ta.getCRL().getCrlEncodedString() != null) {
try {
crl = CertUtil.loadCRL(ta.getCRL().getCrlEncodedString());
} catch (Exception ex) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("Invalid CRL provided!!!");
throw fault;
}
try {
crl.verify(signer.getPublicKey());
} catch (Exception e) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("The CRL provided is not signed by the Trusted Authority!!!");
throw fault;
}
}
}
return crl;
}
private synchronized void insertTrustedAuthority(
TrustedAuthority ta, X509Certificate cert, X509CRL crl) throws GTSInternalFault {
StringBuffer insert = new StringBuffer();
buildDatabase();
Connection c = null;
try {
Calendar cal = new GregorianCalendar();
ta.setLastUpdated(cal.getTimeInMillis());
insert.append(
"INSERT INTO "
+ TrustedAuthorityTable.TABLE_NAME
+ " SET "
+ TrustedAuthorityTable.NAME
+ "= ?"
+ ","
+ TrustedAuthorityTable.CERTIFICATE_DN
+ "= ?,"
+ TrustedAuthorityTable.STATUS
+ "= ?,"
+ TrustedAuthorityTable.IS_AUTHORITY
+ "= ?,"
+ TrustedAuthorityTable.AUTHORITY_GTS
+ "= ?,"
+ TrustedAuthorityTable.SOURCE_GTS
+ "= ?,"
+ TrustedAuthorityTable.EXPIRES
+ "= ?,"
+ TrustedAuthorityTable.LAST_UPDATED
+ "= ?,"
+ TrustedAuthorityTable.CERTIFICATE
+ "= ?");
if (crl != null) {
insert.append("," + TrustedAuthorityTable.CRL + "= ?");
}
c = db.getConnection();
PreparedStatement s = c.prepareStatement(insert.toString());
s.setString(1, ta.getName());
s.setString(2, cert.getSubjectDN().toString());
s.setString(3, ta.getStatus().getValue());
s.setString(4, String.valueOf(ta.getIsAuthority().booleanValue()));
s.setString(5, ta.getAuthorityGTS());
s.setString(6, ta.getSourceGTS());
s.setLong(7, ta.getExpires());
s.setLong(8, ta.getLastUpdated());
s.setString(9, ta.getCertificate().getCertificateEncodedString());
if (crl != null) {
s.setString(10, ta.getCRL().getCrlEncodedString());
}
s.execute();
s.close();
this.addTrustLevels(ta.getName(), ta.getTrustLevels());
} catch (Exception e) {
this.log.error(
"Unexpected database error incurred in adding the Trusted Authority, "
+ ta.getName()
+ ", the following statement generated the error: \n"
+ insert.toString()
+ "\n",
e);
try {
this.removeTrustedAuthority(ta.getName());
} catch (Exception ex) {
this.log.error(e.getMessage(), e);
}
GTSInternalFault fault = new GTSInternalFault();
fault.setFaultString(
"Unexpected error adding the Trusted Authority, " + ta.getName() + "!!!");
throw fault;
} finally {
db.releaseConnection(c);
}
}
public synchronized void updateTrustedAuthority(TrustedAuthority ta, boolean internal)
throws GTSInternalFault, IllegalTrustedAuthorityFault, InvalidTrustedAuthorityFault {
TrustedAuthority curr = this.getTrustedAuthority(ta.getName());
StringBuffer sql = new StringBuffer();
boolean needsUpdate = false;
UpdateStatement update = new UpdateStatement(TrustedAuthorityTable.TABLE_NAME);
if (internal) {
if (!curr.getAuthorityGTS().equals(gtsURI)) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority cannot be updated, the GTS ("
+ gtsURI
+ ") is not its authority!!!");
throw fault;
}
if ((clean(ta.getAuthorityGTS()) != null)
&& (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The authority trust service for a Trusted Authority cannot be changed");
throw fault;
}
if (ta.getCertificate() != null) {
if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
&& (!ta.getCertificate().equals(curr.getCertificate()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("The certificate for a Trusted Authority cannot be changed");
throw fault;
}
}
if ((clean(ta.getSourceGTS()) != null) && (!ta.getSourceGTS().equals(curr.getSourceGTS()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("The source trust service for a Trusted Authority cannot be changed");
throw fault;
}
} else {
if ((curr.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority "
+ ta.getName()
+ " cannot be updated, a conflict was detected, this gts ("
+ gtsURI
+ ") was specified as its authority, however the URI of another GTS ( "
+ ta.getAuthorityGTS()
+ ") was specified.");
throw fault;
}
if (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS())) {
update.addField(TrustedAuthorityTable.AUTHORITY_GTS, ta.getAuthorityGTS());
needsUpdate = true;
}
if (ta.getCertificate() != null) {
if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
&& (!ta.getCertificate().equals(curr.getCertificate()))) {
X509Certificate cert = checkAndExtractCertificate(ta);
if ((!ta.getName().equals(cert.getSubjectDN().toString()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString(
"The Trusted Authority Name must match the subject of the Trusted Authority's certificate");
throw fault;
}
update.addField(
TrustedAuthorityTable.CERTIFICATE, ta.getCertificate().getCertificateEncodedString());
needsUpdate = true;
}
}
if (!ta.getSourceGTS().equals(curr.getSourceGTS())) {
update.addField(TrustedAuthorityTable.SOURCE_GTS, ta.getSourceGTS());
needsUpdate = true;
}
if (ta.getExpires() != curr.getExpires()) {
update.addField(TrustedAuthorityTable.EXPIRES, Long.valueOf(ta.getExpires()));
needsUpdate = true;
}
}
if ((ta.getIsAuthority() != null) && (!ta.getIsAuthority().equals(curr.getIsAuthority()))) {
IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
fault.setFaultString("The authority trust service for a Trusted Authority cannot be changed");
throw fault;
}
if (ta.getCRL() != null) {
if ((clean(ta.getCRL().getCrlEncodedString()) != null)
&& (!ta.getCRL().equals(curr.getCRL()))) {
TrustedAuthority temp = curr;
if (ta.getCertificate() != null) {
temp = ta;
}
X509Certificate cert = checkAndExtractCertificate(temp);
checkAndExtractCRL(ta, cert);
update.addField(TrustedAuthorityTable.CRL, ta.getCRL().getCrlEncodedString());
needsUpdate = true;
}
} else {
if (!internal) {
if (curr.getCRL() != null) {
update.addField(TrustedAuthorityTable.CRL, "");
needsUpdate = true;
}
}
}
if ((ta.getStatus() != null) && (!ta.getStatus().equals(curr.getStatus()))) {
update.addField(TrustedAuthorityTable.STATUS, ta.getStatus().getValue());
needsUpdate = true;
}
boolean updateTrustLevels = false;
if ((ta.getTrustLevels() != null)
&& (!this.areTrustLevelEquals(
ta.getTrustLevels().getTrustLevel(), curr.getTrustLevels().getTrustLevel()))) {
needsUpdate = true;
updateTrustLevels = true;
}
if (!ta.equals(curr)) {
if (needsUpdate) {
Connection c = null;
try {
Calendar cal = new GregorianCalendar();
ta.setLastUpdated(cal.getTimeInMillis());
update.addField(TrustedAuthorityTable.LAST_UPDATED, Long.valueOf(ta.getLastUpdated()));
update.addWhereField(TrustedAuthorityTable.NAME, "=", ta.getName());
c = db.getConnection();
PreparedStatement s = update.prepareUpdateStatement(c);
s.execute();
s.close();
} catch (Exception e) {
this.log.error(
"Unexpected database error incurred in updating "
+ ta.getName()
+ ", the following statement generated the error: \n"
+ sql.toString()
+ "\n",
e);
GTSInternalFault fault = new GTSInternalFault();
fault.setFaultString("Unexpected error occurred in updating " + ta.getName() + ".");
throw fault;
} finally {
if (c != null) {
db.releaseConnection(c);
}
}
if (updateTrustLevels) {
this.addTrustLevels(ta.getName(), ta.getTrustLevels());
}
}
}
}