private synchronized void insertTrustedAuthority( TrustedAuthority ta, X509Certificate cert, X509CRL crl) throws GTSInternalFault { StringBuffer insert = new StringBuffer(); buildDatabase(); Connection c = null; try { Calendar cal = new GregorianCalendar(); ta.setLastUpdated(cal.getTimeInMillis()); insert.append( "INSERT INTO " + TrustedAuthorityTable.TABLE_NAME + " SET " + TrustedAuthorityTable.NAME + "= ?" + "," + TrustedAuthorityTable.CERTIFICATE_DN + "= ?," + TrustedAuthorityTable.STATUS + "= ?," + TrustedAuthorityTable.IS_AUTHORITY + "= ?," + TrustedAuthorityTable.AUTHORITY_GTS + "= ?," + TrustedAuthorityTable.SOURCE_GTS + "= ?," + TrustedAuthorityTable.EXPIRES + "= ?," + TrustedAuthorityTable.LAST_UPDATED + "= ?," + TrustedAuthorityTable.CERTIFICATE + "= ?"); if (crl != null) { insert.append("," + TrustedAuthorityTable.CRL + "= ?"); } c = db.getConnection(); PreparedStatement s = c.prepareStatement(insert.toString()); s.setString(1, ta.getName()); s.setString(2, cert.getSubjectDN().toString()); s.setString(3, ta.getStatus().getValue()); s.setString(4, String.valueOf(ta.getIsAuthority().booleanValue())); s.setString(5, ta.getAuthorityGTS()); s.setString(6, ta.getSourceGTS()); s.setLong(7, ta.getExpires()); s.setLong(8, ta.getLastUpdated()); s.setString(9, ta.getCertificate().getCertificateEncodedString()); if (crl != null) { s.setString(10, ta.getCRL().getCrlEncodedString()); } s.execute(); s.close(); this.addTrustLevels(ta.getName(), ta.getTrustLevels()); } catch (Exception e) { this.log.error( "Unexpected database error incurred in adding the Trusted Authority, " + ta.getName() + ", the following statement generated the error: \n" + insert.toString() + "\n", e); try { this.removeTrustedAuthority(ta.getName()); } catch (Exception ex) { this.log.error(e.getMessage(), e); } GTSInternalFault fault = new GTSInternalFault(); fault.setFaultString( "Unexpected error adding the Trusted Authority, " + ta.getName() + "!!!"); throw fault; } finally { db.releaseConnection(c); } }
public synchronized TrustedAuthority addTrustedAuthority(TrustedAuthority ta, boolean internal) throws GTSInternalFault, IllegalTrustedAuthorityFault { this.buildDatabase(); X509Certificate cert = checkAndExtractCertificate(ta); if ((ta.getName() != null) && (!ta.getName().equals(cert.getSubjectDN().toString()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority Name must match the subject of the Trusted Authority's certificate"); throw fault; } else { ta.setName(cert.getSubjectDN().toString()); } if (this.doesTrustedAuthorityExist(ta.getName())) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The Trusted Authority " + ta.getName() + " already exists."); throw fault; } X509CRL crl = checkAndExtractCRL(ta, cert); if (ta.getTrustLevels() != null) { if (ta.getTrustLevels().getTrustLevel() != null) { for (int i = 0; i < ta.getTrustLevels().getTrustLevel().length; i++) { if (!lookup.doesTrustLevelExist(ta.getTrustLevels().getTrustLevel()[i])) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " could not be added, the trust level " + ta.getTrustLevels().getTrustLevel()[i] + " does not exist."); throw fault; } } } } if (ta.getStatus() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("No status specified for the Trusted Authority!!!"); throw fault; } if (internal) { ta.setIsAuthority(Boolean.TRUE); ta.setAuthorityGTS(gtsURI); ta.setSourceGTS(gtsURI); ta.setExpires(0); } else { if ((ta.getIsAuthority() == null)) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify whether or not this GTS is the authority of it."); throw fault; } if (ta.getAuthorityGTS() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify an authority trust service."); throw fault; } if (ta.getSourceGTS() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify an source trust service."); throw fault; } if ((!ta.getIsAuthority().booleanValue()) && (ta.getExpires() <= 0)) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify an expiration."); throw fault; } if ((ta.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added, a conflict was detected, this gts (" + gtsURI + ") was specified as its authority, however the URI of another GTS ( " + ta.getAuthorityGTS() + ") was specified."); throw fault; } } insertTrustedAuthority(ta, cert, crl); return ta; }
public synchronized void updateTrustedAuthority(TrustedAuthority ta, boolean internal) throws GTSInternalFault, IllegalTrustedAuthorityFault, InvalidTrustedAuthorityFault { TrustedAuthority curr = this.getTrustedAuthority(ta.getName()); StringBuffer sql = new StringBuffer(); boolean needsUpdate = false; UpdateStatement update = new UpdateStatement(TrustedAuthorityTable.TABLE_NAME); if (internal) { if (!curr.getAuthorityGTS().equals(gtsURI)) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority cannot be updated, the GTS (" + gtsURI + ") is not its authority!!!"); throw fault; } if ((clean(ta.getAuthorityGTS()) != null) && (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The authority trust service for a Trusted Authority cannot be changed"); throw fault; } if (ta.getCertificate() != null) { if ((clean(ta.getCertificate().getCertificateEncodedString()) != null) && (!ta.getCertificate().equals(curr.getCertificate()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The certificate for a Trusted Authority cannot be changed"); throw fault; } } if ((clean(ta.getSourceGTS()) != null) && (!ta.getSourceGTS().equals(curr.getSourceGTS()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The source trust service for a Trusted Authority cannot be changed"); throw fault; } } else { if ((curr.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be updated, a conflict was detected, this gts (" + gtsURI + ") was specified as its authority, however the URI of another GTS ( " + ta.getAuthorityGTS() + ") was specified."); throw fault; } if (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS())) { update.addField(TrustedAuthorityTable.AUTHORITY_GTS, ta.getAuthorityGTS()); needsUpdate = true; } if (ta.getCertificate() != null) { if ((clean(ta.getCertificate().getCertificateEncodedString()) != null) && (!ta.getCertificate().equals(curr.getCertificate()))) { X509Certificate cert = checkAndExtractCertificate(ta); if ((!ta.getName().equals(cert.getSubjectDN().toString()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority Name must match the subject of the Trusted Authority's certificate"); throw fault; } update.addField( TrustedAuthorityTable.CERTIFICATE, ta.getCertificate().getCertificateEncodedString()); needsUpdate = true; } } if (!ta.getSourceGTS().equals(curr.getSourceGTS())) { update.addField(TrustedAuthorityTable.SOURCE_GTS, ta.getSourceGTS()); needsUpdate = true; } if (ta.getExpires() != curr.getExpires()) { update.addField(TrustedAuthorityTable.EXPIRES, Long.valueOf(ta.getExpires())); needsUpdate = true; } } if ((ta.getIsAuthority() != null) && (!ta.getIsAuthority().equals(curr.getIsAuthority()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The authority trust service for a Trusted Authority cannot be changed"); throw fault; } if (ta.getCRL() != null) { if ((clean(ta.getCRL().getCrlEncodedString()) != null) && (!ta.getCRL().equals(curr.getCRL()))) { TrustedAuthority temp = curr; if (ta.getCertificate() != null) { temp = ta; } X509Certificate cert = checkAndExtractCertificate(temp); checkAndExtractCRL(ta, cert); update.addField(TrustedAuthorityTable.CRL, ta.getCRL().getCrlEncodedString()); needsUpdate = true; } } else { if (!internal) { if (curr.getCRL() != null) { update.addField(TrustedAuthorityTable.CRL, ""); needsUpdate = true; } } } if ((ta.getStatus() != null) && (!ta.getStatus().equals(curr.getStatus()))) { update.addField(TrustedAuthorityTable.STATUS, ta.getStatus().getValue()); needsUpdate = true; } boolean updateTrustLevels = false; if ((ta.getTrustLevels() != null) && (!this.areTrustLevelEquals( ta.getTrustLevels().getTrustLevel(), curr.getTrustLevels().getTrustLevel()))) { needsUpdate = true; updateTrustLevels = true; } if (!ta.equals(curr)) { if (needsUpdate) { Connection c = null; try { Calendar cal = new GregorianCalendar(); ta.setLastUpdated(cal.getTimeInMillis()); update.addField(TrustedAuthorityTable.LAST_UPDATED, Long.valueOf(ta.getLastUpdated())); update.addWhereField(TrustedAuthorityTable.NAME, "=", ta.getName()); c = db.getConnection(); PreparedStatement s = update.prepareUpdateStatement(c); s.execute(); s.close(); } catch (Exception e) { this.log.error( "Unexpected database error incurred in updating " + ta.getName() + ", the following statement generated the error: \n" + sql.toString() + "\n", e); GTSInternalFault fault = new GTSInternalFault(); fault.setFaultString("Unexpected error occurred in updating " + ta.getName() + "."); throw fault; } finally { if (c != null) { db.releaseConnection(c); } } if (updateTrustLevels) { this.addTrustLevels(ta.getName(), ta.getTrustLevels()); } } } }