Пример #1
0
  private X509CRL checkAndExtractCRL(TrustedAuthority ta, X509Certificate signer)
      throws IllegalTrustedAuthorityFault {
    X509CRL crl = null;
    if (ta.getCRL() != null) {

      if (ta.getCRL().getCrlEncodedString() != null) {
        try {
          crl = CertUtil.loadCRL(ta.getCRL().getCrlEncodedString());
        } catch (Exception ex) {
          IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
          fault.setFaultString("Invalid CRL provided!!!");
          throw fault;
        }
        try {
          crl.verify(signer.getPublicKey());
        } catch (Exception e) {
          IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
          fault.setFaultString("The CRL provided is not signed by the Trusted Authority!!!");
          throw fault;
        }
      }
    }

    return crl;
  }
Пример #2
0
  private X509Certificate checkAndExtractCertificate(TrustedAuthority ta)
      throws IllegalTrustedAuthorityFault {
    if (ta.getCertificate() == null) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("No certificate specified!!!");
      throw fault;
    }

    if (ta.getCertificate().getCertificateEncodedString() == null) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("No certificate specified!!!");
      throw fault;
    }

    try {
      return CertUtil.loadCertificate(ta.getCertificate().getCertificateEncodedString());
    } catch (Exception ex) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("Invalid certificate Provided!!!");
      throw fault;
    }
  }
Пример #3
0
  public synchronized TrustedAuthority addTrustedAuthority(TrustedAuthority ta, boolean internal)
      throws GTSInternalFault, IllegalTrustedAuthorityFault {
    this.buildDatabase();
    X509Certificate cert = checkAndExtractCertificate(ta);
    if ((ta.getName() != null) && (!ta.getName().equals(cert.getSubjectDN().toString()))) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString(
          "The Trusted Authority Name must match the subject of the Trusted Authority's certificate");
      throw fault;
    } else {
      ta.setName(cert.getSubjectDN().toString());
    }

    if (this.doesTrustedAuthorityExist(ta.getName())) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("The Trusted Authority " + ta.getName() + " already exists.");
      throw fault;
    }

    X509CRL crl = checkAndExtractCRL(ta, cert);

    if (ta.getTrustLevels() != null) {
      if (ta.getTrustLevels().getTrustLevel() != null) {
        for (int i = 0; i < ta.getTrustLevels().getTrustLevel().length; i++) {
          if (!lookup.doesTrustLevelExist(ta.getTrustLevels().getTrustLevel()[i])) {
            IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
            fault.setFaultString(
                "The Trusted Authority "
                    + ta.getName()
                    + " could not be added, the trust level "
                    + ta.getTrustLevels().getTrustLevel()[i]
                    + " does not exist.");
            throw fault;
          }
        }
      }
    }
    if (ta.getStatus() == null) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("No status specified for the Trusted Authority!!!");
      throw fault;
    }
    if (internal) {
      ta.setIsAuthority(Boolean.TRUE);
      ta.setAuthorityGTS(gtsURI);
      ta.setSourceGTS(gtsURI);
      ta.setExpires(0);
    } else {
      if ((ta.getIsAuthority() == null)) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added because it does not specify whether or not this GTS is the authority of it.");
        throw fault;
      }

      if (ta.getAuthorityGTS() == null) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added because it does not specify an authority trust service.");
        throw fault;
      }

      if (ta.getSourceGTS() == null) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added because it does not specify an source trust service.");
        throw fault;
      }

      if ((!ta.getIsAuthority().booleanValue()) && (ta.getExpires() <= 0)) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added because it does not specify an expiration.");
        throw fault;
      }

      if ((ta.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added, a conflict was detected, this gts ("
                + gtsURI
                + ") was specified as its authority, however the URI of another GTS ( "
                + ta.getAuthorityGTS()
                + ") was specified.");
        throw fault;
      }
    }
    insertTrustedAuthority(ta, cert, crl);
    return ta;
  }
Пример #4
0
  public synchronized TrustedAuthority[] findTrustAuthorities(TrustedAuthorityFilter filter)
      throws GTSInternalFault {

    this.buildDatabase();
    Connection c = null;
    List authorities = new ArrayList();
    TrustedAuthoritySelectStatement select = new TrustedAuthoritySelectStatement();
    select.addSelectField("*");
    try {
      if (filter != null) {

        if (filter.getName() != null) {
          select.addWhereField(TrustedAuthorityTable.NAME, "=", filter.getName());
        }

        if (filter.getCertificateDN() != null) {
          select.addWhereField(
              TrustedAuthorityTable.CERTIFICATE_DN, "=", filter.getCertificateDN());
        }

        if (filter.getStatus() != null) {
          select.addWhereField(TrustedAuthorityTable.STATUS, "=", filter.getStatus().getValue());
        }

        if (filter.getIsAuthority() != null) {
          select.addWhereField(
              TrustedAuthorityTable.IS_AUTHORITY, "=", String.valueOf(filter.getIsAuthority()));
        }

        if (filter.getAuthorityGTS() != null) {
          select.addWhereField(TrustedAuthorityTable.AUTHORITY_GTS, "=", filter.getAuthorityGTS());
        }

        if (filter.getSourceGTS() != null) {
          select.addWhereField(TrustedAuthorityTable.SOURCE_GTS, "=", filter.getSourceGTS());
        }

        if (filter.getLifetime() != null) {
          if (filter.getLifetime().equals(Lifetime.Valid)) {
            Calendar cal = new GregorianCalendar();
            long time = cal.getTimeInMillis();
            select.addClause(
                "("
                    + TrustedAuthorityTable.EXPIRES
                    + "=0 OR "
                    + TrustedAuthorityTable.EXPIRES
                    + ">"
                    + time
                    + ")");
          } else if (filter.getLifetime().equals(Lifetime.Expired)) {
            Calendar cal = new GregorianCalendar();
            long time = cal.getTimeInMillis();
            select.addClause(
                "("
                    + TrustedAuthorityTable.EXPIRES
                    + "<>0 AND "
                    + TrustedAuthorityTable.EXPIRES
                    + "<"
                    + time
                    + ")");
          }
        }
      }

      c = db.getConnection();
      PreparedStatement s = select.prepareStatement(c);
      ResultSet rs = s.executeQuery();

      while (rs.next()) {
        String name = rs.getString(TrustedAuthorityTable.NAME);
        TrustLevels levels = filter.getTrustLevels();
        boolean okToAdd = true;
        if (levels != null) {
          String[] tl = levels.getTrustLevel();
          if (tl != null) {
            for (int i = 0; i < tl.length; i++) {
              if (!this.hasTrustLevels(name, tl[i])) {
                okToAdd = false;
                break;
              }
            }
          }
        }
        if (okToAdd) {
          TrustedAuthority ta = new TrustedAuthority();
          ta.setName(name);
          ta.setTrustLevels(getTrustLevels(name));
          ta.setStatus(Status.fromValue(rs.getString(TrustedAuthorityTable.STATUS)));
          ta.setIsAuthority(Boolean.valueOf(rs.getBoolean(TrustedAuthorityTable.IS_AUTHORITY)));
          ta.setAuthorityGTS(rs.getString(TrustedAuthorityTable.AUTHORITY_GTS));
          ta.setSourceGTS(rs.getString(TrustedAuthorityTable.SOURCE_GTS));
          ta.setExpires(rs.getLong(TrustedAuthorityTable.EXPIRES));
          ta.setLastUpdated(rs.getLong(TrustedAuthorityTable.LAST_UPDATED));
          ta.setCertificate(
              new gov.nih.nci.cagrid.gts.bean.X509Certificate(
                  rs.getString(TrustedAuthorityTable.CERTIFICATE)));
          String crl = rs.getString(TrustedAuthorityTable.CRL);
          if ((crl != null) && (crl.trim().length() > 0)) {
            ta.setCRL(new gov.nih.nci.cagrid.gts.bean.X509CRL(crl));
          }
          authorities.add(ta);
        }
      }
      rs.close();
      s.close();

      TrustedAuthority[] list = new TrustedAuthority[authorities.size()];
      for (int i = 0; i < authorities.size(); i++) {
        list[i] = (TrustedAuthority) authorities.get(i);
      }
      return list;

    } catch (Exception e) {
      this.log.error(
          "Unexpected database error incurred in finding trusted authorities: " + e.getMessage(),
          e);
      GTSInternalFault fault = new GTSInternalFault();
      fault.setFaultString("Unexpected error occurred in finding Trusted Authorities");
      throw fault;
    } finally {
      db.releaseConnection(c);
    }
  }
Пример #5
0
  private synchronized void insertTrustedAuthority(
      TrustedAuthority ta, X509Certificate cert, X509CRL crl) throws GTSInternalFault {
    StringBuffer insert = new StringBuffer();
    buildDatabase();
    Connection c = null;
    try {

      Calendar cal = new GregorianCalendar();
      ta.setLastUpdated(cal.getTimeInMillis());
      insert.append(
          "INSERT INTO "
              + TrustedAuthorityTable.TABLE_NAME
              + " SET "
              + TrustedAuthorityTable.NAME
              + "= ?"
              + ","
              + TrustedAuthorityTable.CERTIFICATE_DN
              + "= ?,"
              + TrustedAuthorityTable.STATUS
              + "= ?,"
              + TrustedAuthorityTable.IS_AUTHORITY
              + "= ?,"
              + TrustedAuthorityTable.AUTHORITY_GTS
              + "= ?,"
              + TrustedAuthorityTable.SOURCE_GTS
              + "= ?,"
              + TrustedAuthorityTable.EXPIRES
              + "= ?,"
              + TrustedAuthorityTable.LAST_UPDATED
              + "= ?,"
              + TrustedAuthorityTable.CERTIFICATE
              + "= ?");

      if (crl != null) {
        insert.append("," + TrustedAuthorityTable.CRL + "= ?");
      }
      c = db.getConnection();
      PreparedStatement s = c.prepareStatement(insert.toString());
      s.setString(1, ta.getName());
      s.setString(2, cert.getSubjectDN().toString());
      s.setString(3, ta.getStatus().getValue());
      s.setString(4, String.valueOf(ta.getIsAuthority().booleanValue()));
      s.setString(5, ta.getAuthorityGTS());
      s.setString(6, ta.getSourceGTS());
      s.setLong(7, ta.getExpires());
      s.setLong(8, ta.getLastUpdated());
      s.setString(9, ta.getCertificate().getCertificateEncodedString());
      if (crl != null) {
        s.setString(10, ta.getCRL().getCrlEncodedString());
      }
      s.execute();
      s.close();
      this.addTrustLevels(ta.getName(), ta.getTrustLevels());
    } catch (Exception e) {
      this.log.error(
          "Unexpected database error incurred in adding the Trusted Authority, "
              + ta.getName()
              + ", the following statement generated the error: \n"
              + insert.toString()
              + "\n",
          e);
      try {
        this.removeTrustedAuthority(ta.getName());
      } catch (Exception ex) {
        this.log.error(e.getMessage(), e);
      }
      GTSInternalFault fault = new GTSInternalFault();
      fault.setFaultString(
          "Unexpected error adding the Trusted Authority, " + ta.getName() + "!!!");
      throw fault;
    } finally {
      db.releaseConnection(c);
    }
  }
Пример #6
0
 public synchronized TrustedAuthority getTrustedAuthority(String name)
     throws GTSInternalFault, InvalidTrustedAuthorityFault {
   Connection c = null;
   try {
     c = db.getConnection();
     PreparedStatement s =
         c.prepareStatement(
             "select * from "
                 + TrustedAuthorityTable.TABLE_NAME
                 + " where "
                 + TrustedAuthorityTable.NAME
                 + "= ?");
     s.setString(1, name);
     ResultSet rs = s.executeQuery();
     if (rs.next()) {
       TrustedAuthority ta = new TrustedAuthority();
       ta.setName(rs.getString(TrustedAuthorityTable.NAME));
       ta.setTrustLevels(getTrustLevels(name));
       ta.setStatus(Status.fromValue(rs.getString(TrustedAuthorityTable.STATUS)));
       ta.setIsAuthority(Boolean.valueOf(rs.getBoolean(TrustedAuthorityTable.IS_AUTHORITY)));
       ta.setAuthorityGTS(rs.getString(TrustedAuthorityTable.AUTHORITY_GTS));
       ta.setSourceGTS(rs.getString(TrustedAuthorityTable.SOURCE_GTS));
       ta.setExpires(rs.getLong(TrustedAuthorityTable.EXPIRES));
       ta.setLastUpdated(rs.getLong(TrustedAuthorityTable.LAST_UPDATED));
       ta.setCertificate(
           new gov.nih.nci.cagrid.gts.bean.X509Certificate(
               rs.getString(TrustedAuthorityTable.CERTIFICATE)));
       String crl = rs.getString(TrustedAuthorityTable.CRL);
       if ((crl != null) && (crl.trim().length() > 0)) {
         ta.setCRL(new gov.nih.nci.cagrid.gts.bean.X509CRL(crl));
       }
       return ta;
     }
     rs.close();
     s.close();
   } catch (Exception e) {
     this.log.error(
         "Unexpected database error incurred in obtaining the Trusted Authority, " + name + ":\n",
         e);
     GTSInternalFault fault = new GTSInternalFault();
     fault.setFaultString("Unexpected error obtaining the TrustedAuthority " + name);
     throw fault;
   } finally {
     db.releaseConnection(c);
   }
   InvalidTrustedAuthorityFault fault = new InvalidTrustedAuthorityFault();
   fault.setFaultString("The TrustedAuthority " + name + " does not exist.");
   throw fault;
 }
Пример #7
0
  public synchronized void updateTrustedAuthority(TrustedAuthority ta, boolean internal)
      throws GTSInternalFault, IllegalTrustedAuthorityFault, InvalidTrustedAuthorityFault {

    TrustedAuthority curr = this.getTrustedAuthority(ta.getName());
    StringBuffer sql = new StringBuffer();
    boolean needsUpdate = false;
    UpdateStatement update = new UpdateStatement(TrustedAuthorityTable.TABLE_NAME);
    if (internal) {
      if (!curr.getAuthorityGTS().equals(gtsURI)) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority cannot be updated, the GTS ("
                + gtsURI
                + ") is not its authority!!!");
        throw fault;
      }

      if ((clean(ta.getAuthorityGTS()) != null)
          && (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS()))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The authority trust service for a Trusted Authority cannot be changed");
        throw fault;
      }

      if (ta.getCertificate() != null) {
        if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
            && (!ta.getCertificate().equals(curr.getCertificate()))) {
          IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
          fault.setFaultString("The certificate for a Trusted Authority cannot be changed");
          throw fault;
        }
      }

      if ((clean(ta.getSourceGTS()) != null) && (!ta.getSourceGTS().equals(curr.getSourceGTS()))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString("The source trust service for a Trusted Authority cannot be changed");
        throw fault;
      }

    } else {

      if ((curr.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be updated, a conflict was detected, this gts ("
                + gtsURI
                + ") was specified as its authority, however the URI of another GTS ( "
                + ta.getAuthorityGTS()
                + ") was specified.");
        throw fault;
      }

      if (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS())) {
        update.addField(TrustedAuthorityTable.AUTHORITY_GTS, ta.getAuthorityGTS());
        needsUpdate = true;
      }

      if (ta.getCertificate() != null) {
        if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
            && (!ta.getCertificate().equals(curr.getCertificate()))) {
          X509Certificate cert = checkAndExtractCertificate(ta);
          if ((!ta.getName().equals(cert.getSubjectDN().toString()))) {
            IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
            fault.setFaultString(
                "The Trusted Authority Name must match the subject of the Trusted Authority's certificate");
            throw fault;
          }

          update.addField(
              TrustedAuthorityTable.CERTIFICATE, ta.getCertificate().getCertificateEncodedString());
          needsUpdate = true;
        }
      }

      if (!ta.getSourceGTS().equals(curr.getSourceGTS())) {
        update.addField(TrustedAuthorityTable.SOURCE_GTS, ta.getSourceGTS());
        needsUpdate = true;
      }

      if (ta.getExpires() != curr.getExpires()) {
        update.addField(TrustedAuthorityTable.EXPIRES, Long.valueOf(ta.getExpires()));
        needsUpdate = true;
      }
    }

    if ((ta.getIsAuthority() != null) && (!ta.getIsAuthority().equals(curr.getIsAuthority()))) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("The authority trust service for a Trusted Authority cannot be changed");
      throw fault;
    }

    if (ta.getCRL() != null) {
      if ((clean(ta.getCRL().getCrlEncodedString()) != null)
          && (!ta.getCRL().equals(curr.getCRL()))) {
        TrustedAuthority temp = curr;
        if (ta.getCertificate() != null) {
          temp = ta;
        }
        X509Certificate cert = checkAndExtractCertificate(temp);
        checkAndExtractCRL(ta, cert);
        update.addField(TrustedAuthorityTable.CRL, ta.getCRL().getCrlEncodedString());
        needsUpdate = true;
      }
    } else {
      if (!internal) {
        if (curr.getCRL() != null) {
          update.addField(TrustedAuthorityTable.CRL, "");
          needsUpdate = true;
        }
      }
    }

    if ((ta.getStatus() != null) && (!ta.getStatus().equals(curr.getStatus()))) {
      update.addField(TrustedAuthorityTable.STATUS, ta.getStatus().getValue());
      needsUpdate = true;
    }
    boolean updateTrustLevels = false;

    if ((ta.getTrustLevels() != null)
        && (!this.areTrustLevelEquals(
            ta.getTrustLevels().getTrustLevel(), curr.getTrustLevels().getTrustLevel()))) {
      needsUpdate = true;
      updateTrustLevels = true;
    }

    if (!ta.equals(curr)) {
      if (needsUpdate) {
        Connection c = null;
        try {
          Calendar cal = new GregorianCalendar();
          ta.setLastUpdated(cal.getTimeInMillis());
          update.addField(TrustedAuthorityTable.LAST_UPDATED, Long.valueOf(ta.getLastUpdated()));
          update.addWhereField(TrustedAuthorityTable.NAME, "=", ta.getName());
          c = db.getConnection();
          PreparedStatement s = update.prepareUpdateStatement(c);
          s.execute();
          s.close();
        } catch (Exception e) {
          this.log.error(
              "Unexpected database error incurred in updating "
                  + ta.getName()
                  + ", the following statement generated the error: \n"
                  + sql.toString()
                  + "\n",
              e);
          GTSInternalFault fault = new GTSInternalFault();
          fault.setFaultString("Unexpected error occurred in updating " + ta.getName() + ".");
          throw fault;
        } finally {
          if (c != null) {
            db.releaseConnection(c);
          }
        }
        if (updateTrustLevels) {
          this.addTrustLevels(ta.getName(), ta.getTrustLevels());
        }
      }
    }
  }