private X509CRL checkAndExtractCRL(TrustedAuthority ta, X509Certificate signer) throws IllegalTrustedAuthorityFault { X509CRL crl = null; if (ta.getCRL() != null) { if (ta.getCRL().getCrlEncodedString() != null) { try { crl = CertUtil.loadCRL(ta.getCRL().getCrlEncodedString()); } catch (Exception ex) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("Invalid CRL provided!!!"); throw fault; } try { crl.verify(signer.getPublicKey()); } catch (Exception e) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The CRL provided is not signed by the Trusted Authority!!!"); throw fault; } } } return crl; }
private X509Certificate checkAndExtractCertificate(TrustedAuthority ta) throws IllegalTrustedAuthorityFault { if (ta.getCertificate() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("No certificate specified!!!"); throw fault; } if (ta.getCertificate().getCertificateEncodedString() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("No certificate specified!!!"); throw fault; } try { return CertUtil.loadCertificate(ta.getCertificate().getCertificateEncodedString()); } catch (Exception ex) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("Invalid certificate Provided!!!"); throw fault; } }
public synchronized TrustedAuthority addTrustedAuthority(TrustedAuthority ta, boolean internal) throws GTSInternalFault, IllegalTrustedAuthorityFault { this.buildDatabase(); X509Certificate cert = checkAndExtractCertificate(ta); if ((ta.getName() != null) && (!ta.getName().equals(cert.getSubjectDN().toString()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority Name must match the subject of the Trusted Authority's certificate"); throw fault; } else { ta.setName(cert.getSubjectDN().toString()); } if (this.doesTrustedAuthorityExist(ta.getName())) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The Trusted Authority " + ta.getName() + " already exists."); throw fault; } X509CRL crl = checkAndExtractCRL(ta, cert); if (ta.getTrustLevels() != null) { if (ta.getTrustLevels().getTrustLevel() != null) { for (int i = 0; i < ta.getTrustLevels().getTrustLevel().length; i++) { if (!lookup.doesTrustLevelExist(ta.getTrustLevels().getTrustLevel()[i])) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " could not be added, the trust level " + ta.getTrustLevels().getTrustLevel()[i] + " does not exist."); throw fault; } } } } if (ta.getStatus() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("No status specified for the Trusted Authority!!!"); throw fault; } if (internal) { ta.setIsAuthority(Boolean.TRUE); ta.setAuthorityGTS(gtsURI); ta.setSourceGTS(gtsURI); ta.setExpires(0); } else { if ((ta.getIsAuthority() == null)) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify whether or not this GTS is the authority of it."); throw fault; } if (ta.getAuthorityGTS() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify an authority trust service."); throw fault; } if (ta.getSourceGTS() == null) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify an source trust service."); throw fault; } if ((!ta.getIsAuthority().booleanValue()) && (ta.getExpires() <= 0)) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added because it does not specify an expiration."); throw fault; } if ((ta.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be added, a conflict was detected, this gts (" + gtsURI + ") was specified as its authority, however the URI of another GTS ( " + ta.getAuthorityGTS() + ") was specified."); throw fault; } } insertTrustedAuthority(ta, cert, crl); return ta; }
public synchronized TrustedAuthority[] findTrustAuthorities(TrustedAuthorityFilter filter) throws GTSInternalFault { this.buildDatabase(); Connection c = null; List authorities = new ArrayList(); TrustedAuthoritySelectStatement select = new TrustedAuthoritySelectStatement(); select.addSelectField("*"); try { if (filter != null) { if (filter.getName() != null) { select.addWhereField(TrustedAuthorityTable.NAME, "=", filter.getName()); } if (filter.getCertificateDN() != null) { select.addWhereField( TrustedAuthorityTable.CERTIFICATE_DN, "=", filter.getCertificateDN()); } if (filter.getStatus() != null) { select.addWhereField(TrustedAuthorityTable.STATUS, "=", filter.getStatus().getValue()); } if (filter.getIsAuthority() != null) { select.addWhereField( TrustedAuthorityTable.IS_AUTHORITY, "=", String.valueOf(filter.getIsAuthority())); } if (filter.getAuthorityGTS() != null) { select.addWhereField(TrustedAuthorityTable.AUTHORITY_GTS, "=", filter.getAuthorityGTS()); } if (filter.getSourceGTS() != null) { select.addWhereField(TrustedAuthorityTable.SOURCE_GTS, "=", filter.getSourceGTS()); } if (filter.getLifetime() != null) { if (filter.getLifetime().equals(Lifetime.Valid)) { Calendar cal = new GregorianCalendar(); long time = cal.getTimeInMillis(); select.addClause( "(" + TrustedAuthorityTable.EXPIRES + "=0 OR " + TrustedAuthorityTable.EXPIRES + ">" + time + ")"); } else if (filter.getLifetime().equals(Lifetime.Expired)) { Calendar cal = new GregorianCalendar(); long time = cal.getTimeInMillis(); select.addClause( "(" + TrustedAuthorityTable.EXPIRES + "<>0 AND " + TrustedAuthorityTable.EXPIRES + "<" + time + ")"); } } } c = db.getConnection(); PreparedStatement s = select.prepareStatement(c); ResultSet rs = s.executeQuery(); while (rs.next()) { String name = rs.getString(TrustedAuthorityTable.NAME); TrustLevels levels = filter.getTrustLevels(); boolean okToAdd = true; if (levels != null) { String[] tl = levels.getTrustLevel(); if (tl != null) { for (int i = 0; i < tl.length; i++) { if (!this.hasTrustLevels(name, tl[i])) { okToAdd = false; break; } } } } if (okToAdd) { TrustedAuthority ta = new TrustedAuthority(); ta.setName(name); ta.setTrustLevels(getTrustLevels(name)); ta.setStatus(Status.fromValue(rs.getString(TrustedAuthorityTable.STATUS))); ta.setIsAuthority(Boolean.valueOf(rs.getBoolean(TrustedAuthorityTable.IS_AUTHORITY))); ta.setAuthorityGTS(rs.getString(TrustedAuthorityTable.AUTHORITY_GTS)); ta.setSourceGTS(rs.getString(TrustedAuthorityTable.SOURCE_GTS)); ta.setExpires(rs.getLong(TrustedAuthorityTable.EXPIRES)); ta.setLastUpdated(rs.getLong(TrustedAuthorityTable.LAST_UPDATED)); ta.setCertificate( new gov.nih.nci.cagrid.gts.bean.X509Certificate( rs.getString(TrustedAuthorityTable.CERTIFICATE))); String crl = rs.getString(TrustedAuthorityTable.CRL); if ((crl != null) && (crl.trim().length() > 0)) { ta.setCRL(new gov.nih.nci.cagrid.gts.bean.X509CRL(crl)); } authorities.add(ta); } } rs.close(); s.close(); TrustedAuthority[] list = new TrustedAuthority[authorities.size()]; for (int i = 0; i < authorities.size(); i++) { list[i] = (TrustedAuthority) authorities.get(i); } return list; } catch (Exception e) { this.log.error( "Unexpected database error incurred in finding trusted authorities: " + e.getMessage(), e); GTSInternalFault fault = new GTSInternalFault(); fault.setFaultString("Unexpected error occurred in finding Trusted Authorities"); throw fault; } finally { db.releaseConnection(c); } }
private synchronized void insertTrustedAuthority( TrustedAuthority ta, X509Certificate cert, X509CRL crl) throws GTSInternalFault { StringBuffer insert = new StringBuffer(); buildDatabase(); Connection c = null; try { Calendar cal = new GregorianCalendar(); ta.setLastUpdated(cal.getTimeInMillis()); insert.append( "INSERT INTO " + TrustedAuthorityTable.TABLE_NAME + " SET " + TrustedAuthorityTable.NAME + "= ?" + "," + TrustedAuthorityTable.CERTIFICATE_DN + "= ?," + TrustedAuthorityTable.STATUS + "= ?," + TrustedAuthorityTable.IS_AUTHORITY + "= ?," + TrustedAuthorityTable.AUTHORITY_GTS + "= ?," + TrustedAuthorityTable.SOURCE_GTS + "= ?," + TrustedAuthorityTable.EXPIRES + "= ?," + TrustedAuthorityTable.LAST_UPDATED + "= ?," + TrustedAuthorityTable.CERTIFICATE + "= ?"); if (crl != null) { insert.append("," + TrustedAuthorityTable.CRL + "= ?"); } c = db.getConnection(); PreparedStatement s = c.prepareStatement(insert.toString()); s.setString(1, ta.getName()); s.setString(2, cert.getSubjectDN().toString()); s.setString(3, ta.getStatus().getValue()); s.setString(4, String.valueOf(ta.getIsAuthority().booleanValue())); s.setString(5, ta.getAuthorityGTS()); s.setString(6, ta.getSourceGTS()); s.setLong(7, ta.getExpires()); s.setLong(8, ta.getLastUpdated()); s.setString(9, ta.getCertificate().getCertificateEncodedString()); if (crl != null) { s.setString(10, ta.getCRL().getCrlEncodedString()); } s.execute(); s.close(); this.addTrustLevels(ta.getName(), ta.getTrustLevels()); } catch (Exception e) { this.log.error( "Unexpected database error incurred in adding the Trusted Authority, " + ta.getName() + ", the following statement generated the error: \n" + insert.toString() + "\n", e); try { this.removeTrustedAuthority(ta.getName()); } catch (Exception ex) { this.log.error(e.getMessage(), e); } GTSInternalFault fault = new GTSInternalFault(); fault.setFaultString( "Unexpected error adding the Trusted Authority, " + ta.getName() + "!!!"); throw fault; } finally { db.releaseConnection(c); } }
public synchronized TrustedAuthority getTrustedAuthority(String name) throws GTSInternalFault, InvalidTrustedAuthorityFault { Connection c = null; try { c = db.getConnection(); PreparedStatement s = c.prepareStatement( "select * from " + TrustedAuthorityTable.TABLE_NAME + " where " + TrustedAuthorityTable.NAME + "= ?"); s.setString(1, name); ResultSet rs = s.executeQuery(); if (rs.next()) { TrustedAuthority ta = new TrustedAuthority(); ta.setName(rs.getString(TrustedAuthorityTable.NAME)); ta.setTrustLevels(getTrustLevels(name)); ta.setStatus(Status.fromValue(rs.getString(TrustedAuthorityTable.STATUS))); ta.setIsAuthority(Boolean.valueOf(rs.getBoolean(TrustedAuthorityTable.IS_AUTHORITY))); ta.setAuthorityGTS(rs.getString(TrustedAuthorityTable.AUTHORITY_GTS)); ta.setSourceGTS(rs.getString(TrustedAuthorityTable.SOURCE_GTS)); ta.setExpires(rs.getLong(TrustedAuthorityTable.EXPIRES)); ta.setLastUpdated(rs.getLong(TrustedAuthorityTable.LAST_UPDATED)); ta.setCertificate( new gov.nih.nci.cagrid.gts.bean.X509Certificate( rs.getString(TrustedAuthorityTable.CERTIFICATE))); String crl = rs.getString(TrustedAuthorityTable.CRL); if ((crl != null) && (crl.trim().length() > 0)) { ta.setCRL(new gov.nih.nci.cagrid.gts.bean.X509CRL(crl)); } return ta; } rs.close(); s.close(); } catch (Exception e) { this.log.error( "Unexpected database error incurred in obtaining the Trusted Authority, " + name + ":\n", e); GTSInternalFault fault = new GTSInternalFault(); fault.setFaultString("Unexpected error obtaining the TrustedAuthority " + name); throw fault; } finally { db.releaseConnection(c); } InvalidTrustedAuthorityFault fault = new InvalidTrustedAuthorityFault(); fault.setFaultString("The TrustedAuthority " + name + " does not exist."); throw fault; }
public synchronized void updateTrustedAuthority(TrustedAuthority ta, boolean internal) throws GTSInternalFault, IllegalTrustedAuthorityFault, InvalidTrustedAuthorityFault { TrustedAuthority curr = this.getTrustedAuthority(ta.getName()); StringBuffer sql = new StringBuffer(); boolean needsUpdate = false; UpdateStatement update = new UpdateStatement(TrustedAuthorityTable.TABLE_NAME); if (internal) { if (!curr.getAuthorityGTS().equals(gtsURI)) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority cannot be updated, the GTS (" + gtsURI + ") is not its authority!!!"); throw fault; } if ((clean(ta.getAuthorityGTS()) != null) && (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The authority trust service for a Trusted Authority cannot be changed"); throw fault; } if (ta.getCertificate() != null) { if ((clean(ta.getCertificate().getCertificateEncodedString()) != null) && (!ta.getCertificate().equals(curr.getCertificate()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The certificate for a Trusted Authority cannot be changed"); throw fault; } } if ((clean(ta.getSourceGTS()) != null) && (!ta.getSourceGTS().equals(curr.getSourceGTS()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The source trust service for a Trusted Authority cannot be changed"); throw fault; } } else { if ((curr.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority " + ta.getName() + " cannot be updated, a conflict was detected, this gts (" + gtsURI + ") was specified as its authority, however the URI of another GTS ( " + ta.getAuthorityGTS() + ") was specified."); throw fault; } if (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS())) { update.addField(TrustedAuthorityTable.AUTHORITY_GTS, ta.getAuthorityGTS()); needsUpdate = true; } if (ta.getCertificate() != null) { if ((clean(ta.getCertificate().getCertificateEncodedString()) != null) && (!ta.getCertificate().equals(curr.getCertificate()))) { X509Certificate cert = checkAndExtractCertificate(ta); if ((!ta.getName().equals(cert.getSubjectDN().toString()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString( "The Trusted Authority Name must match the subject of the Trusted Authority's certificate"); throw fault; } update.addField( TrustedAuthorityTable.CERTIFICATE, ta.getCertificate().getCertificateEncodedString()); needsUpdate = true; } } if (!ta.getSourceGTS().equals(curr.getSourceGTS())) { update.addField(TrustedAuthorityTable.SOURCE_GTS, ta.getSourceGTS()); needsUpdate = true; } if (ta.getExpires() != curr.getExpires()) { update.addField(TrustedAuthorityTable.EXPIRES, Long.valueOf(ta.getExpires())); needsUpdate = true; } } if ((ta.getIsAuthority() != null) && (!ta.getIsAuthority().equals(curr.getIsAuthority()))) { IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault(); fault.setFaultString("The authority trust service for a Trusted Authority cannot be changed"); throw fault; } if (ta.getCRL() != null) { if ((clean(ta.getCRL().getCrlEncodedString()) != null) && (!ta.getCRL().equals(curr.getCRL()))) { TrustedAuthority temp = curr; if (ta.getCertificate() != null) { temp = ta; } X509Certificate cert = checkAndExtractCertificate(temp); checkAndExtractCRL(ta, cert); update.addField(TrustedAuthorityTable.CRL, ta.getCRL().getCrlEncodedString()); needsUpdate = true; } } else { if (!internal) { if (curr.getCRL() != null) { update.addField(TrustedAuthorityTable.CRL, ""); needsUpdate = true; } } } if ((ta.getStatus() != null) && (!ta.getStatus().equals(curr.getStatus()))) { update.addField(TrustedAuthorityTable.STATUS, ta.getStatus().getValue()); needsUpdate = true; } boolean updateTrustLevels = false; if ((ta.getTrustLevels() != null) && (!this.areTrustLevelEquals( ta.getTrustLevels().getTrustLevel(), curr.getTrustLevels().getTrustLevel()))) { needsUpdate = true; updateTrustLevels = true; } if (!ta.equals(curr)) { if (needsUpdate) { Connection c = null; try { Calendar cal = new GregorianCalendar(); ta.setLastUpdated(cal.getTimeInMillis()); update.addField(TrustedAuthorityTable.LAST_UPDATED, Long.valueOf(ta.getLastUpdated())); update.addWhereField(TrustedAuthorityTable.NAME, "=", ta.getName()); c = db.getConnection(); PreparedStatement s = update.prepareUpdateStatement(c); s.execute(); s.close(); } catch (Exception e) { this.log.error( "Unexpected database error incurred in updating " + ta.getName() + ", the following statement generated the error: \n" + sql.toString() + "\n", e); GTSInternalFault fault = new GTSInternalFault(); fault.setFaultString("Unexpected error occurred in updating " + ta.getName() + "."); throw fault; } finally { if (c != null) { db.releaseConnection(c); } } if (updateTrustLevels) { this.addTrustLevels(ta.getName(), ta.getTrustLevels()); } } } }