private X509CRL checkAndExtractCRL(TrustedAuthority ta, X509Certificate signer) throws IllegalTrustedAuthorityFault { X509CRL crl = null; if (ta.getCRL() != null) { if (ta.getCRL().getCrlEncodedString() != null) { try { crl = CertUtil.loadCRL(ta.getCRL().getCrlEncodedString()); } catch (Exception ex) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("Invalid CRL provided!!!"); throw fault; } try { crl.verify(signer.getPublicKey()); } catch (Exception e) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The CRL provided is not signed by the Trusted Authority!!!"); throw fault; } } } return crl; }
public synchronized void addTrustLevels(String name, TrustLevels tl) throws GTSInternalFault, InvalidTrustedAuthorityFault, IllegalTrustedAuthorityFault { if (tl != null) { String[] levels = tl.getTrustLevel(); if ((levels != null) && (levels.length > 0)) { for (int i = 0; i < levels.length; i++) { if (!lookup.doesTrustLevelExist(levels[i])) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The trust levels for the Trusted Authority " + name + " could not be updated, the trust level " + levels[i] + " does not exist."); throw fault; } } } removeTrustedAuthoritysTrustLevels(name); if ((levels != null) && (levels.length > 0)) { Connection c = null; try { c = db.getConnection(); for (int i = 0; i < levels.length; i++) { PreparedStatement s = c.prepareStatement( "INSERT INTO " + TrustedAuthorityTrustLevelsTable.TABLE_NAME + " SET " + TrustedAuthorityTrustLevelsTable.NAME + "= ?, " + TrustedAuthorityTrustLevelsTable.TRUST_LEVEL + "= ?"); s.setString(1, name); s.setString(2, levels[i]); s.execute(); s.close(); } } catch (Exception e) { this.log.error( "Unexpected database error incurred in adding the trust levels for the Trusted Authority, " + name + ": " + e.getMessage(), e); try { this.removeTrustedAuthoritysTrustLevels(name); } catch (Exception ex) { this.log.error(ex.getMessage(), ex); } GTSInternalFault fault = new GTSInternalFault(); fault.setFaultString("Unexpected error removing the TrustedAuthority " + name); throw fault; } finally { db.releaseConnection(c); } } } }
private X509Certificate checkAndExtractCertificate(TrustedAuthority ta) throws IllegalTrustedAuthorityFault { if (ta.getCertificate() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("No certificate specified!!!"); throw fault; } if (ta.getCertificate().getCertificateEncodedString() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("No certificate specified!!!"); throw fault; } try { return CertUtil.loadCertificate(ta.getCertificate().getCertificateEncodedString()); } catch (Exception ex) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("Invalid certificate Provided!!!"); throw fault; } }
public synchronized TrustedAuthority addTrustedAuthority(TrustedAuthority ta, boolean internal) throws GTSInternalFault, IllegalTrustedAuthorityFault { this.buildDatabase(); X509Certificate cert = checkAndExtractCertificate(ta); if ((ta.getName() != null) && (!ta.getName().equals(cert.getSubjectDN().toString()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority Name must match the subject of the Trusted Authority's certificate"); throw fault; } else { ta.setName(cert.getSubjectDN().toString()); } if (this.doesTrustedAuthorityExist(ta.getName())) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The Trusted Authority " + ta.getName() + " already exists."); throw fault; } X509CRL crl = checkAndExtractCRL(ta, cert); if (ta.getTrustLevels() != null) { if (ta.getTrustLevels().getTrustLevel() != null) { for (int i = 0; i < ta.getTrustLevels().getTrustLevel().length; i++) { if (!lookup.doesTrustLevelExist(ta.getTrustLevels().getTrustLevel()[i])) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " could not be added, the trust level " + ta.getTrustLevels().getTrustLevel()[i] + " does not exist."); throw fault; } } } } if (ta.getStatus() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("No status specified for the Trusted Authority!!!"); throw fault; } if (internal) { ta.setIsAuthority(Boolean.TRUE); ta.setAuthorityGTS(gtsURI); ta.setSourceGTS(gtsURI); ta.setExpires(0); } else { if ((ta.getIsAuthority() == null)) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify whether or not this GTS is the authority of it."); throw fault; } if (ta.getAuthorityGTS() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify an authority trust service."); throw fault; } if (ta.getSourceGTS() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify an source trust service."); throw fault; } if ((!ta.getIsAuthority().booleanValue()) && (ta.getExpires() <= 0)) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify an expiration."); throw fault; } if ((ta.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added, a conflict was detected, this gts (" + gtsURI + ") was specified as its authority, however the URI of another GTS ( " + ta.getAuthorityGTS() + ") was specified."); throw fault; } } insertTrustedAuthority(ta, cert, crl); return ta; }
public synchronized void updateTrustedAuthority(TrustedAuthority ta, boolean internal) throws GTSInternalFault, IllegalTrustedAuthorityFault, InvalidTrustedAuthorityFault { TrustedAuthority curr = this.getTrustedAuthority(ta.getName()); StringBuffer sql = new StringBuffer(); boolean needsUpdate = false; UpdateStatement update = new UpdateStatement(TrustedAuthorityTable.TABLE_NAME); if (internal) { if (!curr.getAuthorityGTS().equals(gtsURI)) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority cannot be updated, the GTS (" + gtsURI + ") is not its authority!!!"); throw fault; } if ((clean(ta.getAuthorityGTS()) != null) && (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The authority trust service for a Trusted Authority cannot be changed"); throw fault; } if (ta.getCertificate() != null) { if ((clean(ta.getCertificate().getCertificateEncodedString()) != null) && (!ta.getCertificate().equals(curr.getCertificate()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The certificate for a Trusted Authority cannot be changed"); throw fault; } } if ((clean(ta.getSourceGTS()) != null) && (!ta.getSourceGTS().equals(curr.getSourceGTS()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The source trust service for a Trusted Authority cannot be changed"); throw fault; } } else { if ((curr.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be updated, a conflict was detected, this gts (" + gtsURI + ") was specified as its authority, however the URI of another GTS ( " + ta.getAuthorityGTS() + ") was specified."); throw fault; } if (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS())) { update.addField(TrustedAuthorityTable.AUTHORITY_GTS, ta.getAuthorityGTS()); needsUpdate = true; } if (ta.getCertificate() != null) { if ((clean(ta.getCertificate().getCertificateEncodedString()) != null) && (!ta.getCertificate().equals(curr.getCertificate()))) { X509Certificate cert = checkAndExtractCertificate(ta); if ((!ta.getName().equals(cert.getSubjectDN().toString()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority Name must match the subject of the Trusted Authority's certificate"); throw fault; } update.addField( TrustedAuthorityTable.CERTIFICATE, ta.getCertificate().getCertificateEncodedString()); needsUpdate = true; } } if (!ta.getSourceGTS().equals(curr.getSourceGTS())) { update.addField(TrustedAuthorityTable.SOURCE_GTS, ta.getSourceGTS()); needsUpdate = true; } if (ta.getExpires() != curr.getExpires()) { update.addField(TrustedAuthorityTable.EXPIRES, Long.valueOf(ta.getExpires())); needsUpdate = true; } } if ((ta.getIsAuthority() != null) && (!ta.getIsAuthority().equals(curr.getIsAuthority()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The authority trust service for a Trusted Authority cannot be changed"); throw fault; } if (ta.getCRL() != null) { if ((clean(ta.getCRL().getCrlEncodedString()) != null) && (!ta.getCRL().equals(curr.getCRL()))) { TrustedAuthority temp = curr; if (ta.getCertificate() != null) { temp = ta; } X509Certificate cert = checkAndExtractCertificate(temp); checkAndExtractCRL(ta, cert); update.addField(TrustedAuthorityTable.CRL, ta.getCRL().getCrlEncodedString()); needsUpdate = true; } } else { if (!internal) { if (curr.getCRL() != null) { update.addField(TrustedAuthorityTable.CRL, ""); needsUpdate = true; } } } if ((ta.getStatus() != null) && (!ta.getStatus().equals(curr.getStatus()))) { update.addField(TrustedAuthorityTable.STATUS, ta.getStatus().getValue()); needsUpdate = true; } boolean updateTrustLevels = false; if ((ta.getTrustLevels() != null) && (!this.areTrustLevelEquals( ta.getTrustLevels().getTrustLevel(), curr.getTrustLevels().getTrustLevel()))) { needsUpdate = true; updateTrustLevels = true; } if (!ta.equals(curr)) { if (needsUpdate) { Connection c = null; try { Calendar cal = new GregorianCalendar(); ta.setLastUpdated(cal.getTimeInMillis()); update.addField(TrustedAuthorityTable.LAST_UPDATED, Long.valueOf(ta.getLastUpdated())); update.addWhereField(TrustedAuthorityTable.NAME, "=", ta.getName()); c = db.getConnection(); PreparedStatement s = update.prepareUpdateStatement(c); s.execute(); s.close(); } catch (Exception e) { this.log.error( "Unexpected database error incurred in updating " + ta.getName() + ", the following statement generated the error: \n" + sql.toString() + "\n", e); GTSInternalFault fault = new GTSInternalFault(); fault.setFaultString("Unexpected error occurred in updating " + ta.getName() + "."); throw fault; } finally { if (c != null) { db.releaseConnection(c); } } if (updateTrustLevels) { this.addTrustLevels(ta.getName(), ta.getTrustLevels()); } } } }