示例#1
0
  private X509CRL checkAndExtractCRL(TrustedAuthority ta, X509Certificate signer)
      throws IllegalTrustedAuthorityFault {
    X509CRL crl = null;
    if (ta.getCRL() != null) {

      if (ta.getCRL().getCrlEncodedString() != null) {
        try {
          crl = CertUtil.loadCRL(ta.getCRL().getCrlEncodedString());
        } catch (Exception ex) {
          IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
          fault.setFaultString("Invalid CRL provided!!!");
          throw fault;
        }
        try {
          crl.verify(signer.getPublicKey());
        } catch (Exception e) {
          IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
          fault.setFaultString("The CRL provided is not signed by the Trusted Authority!!!");
          throw fault;
        }
      }
    }

    return crl;
  }
示例#2
0
  public synchronized void addTrustLevels(String name, TrustLevels tl)
      throws GTSInternalFault, InvalidTrustedAuthorityFault, IllegalTrustedAuthorityFault {
    if (tl != null) {
      String[] levels = tl.getTrustLevel();
      if ((levels != null) && (levels.length > 0)) {
        for (int i = 0; i < levels.length; i++) {
          if (!lookup.doesTrustLevelExist(levels[i])) {
            IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
            fault.setFaultString(
                "The trust levels for the Trusted Authority "
                    + name
                    + " could not be updated, the trust level "
                    + levels[i]
                    + " does not exist.");
            throw fault;
          }
        }
      }
      removeTrustedAuthoritysTrustLevels(name);
      if ((levels != null) && (levels.length > 0)) {

        Connection c = null;
        try {
          c = db.getConnection();
          for (int i = 0; i < levels.length; i++) {
            PreparedStatement s =
                c.prepareStatement(
                    "INSERT INTO "
                        + TrustedAuthorityTrustLevelsTable.TABLE_NAME
                        + " SET "
                        + TrustedAuthorityTrustLevelsTable.NAME
                        + "= ?, "
                        + TrustedAuthorityTrustLevelsTable.TRUST_LEVEL
                        + "= ?");
            s.setString(1, name);
            s.setString(2, levels[i]);
            s.execute();
            s.close();
          }
        } catch (Exception e) {
          this.log.error(
              "Unexpected database error incurred in adding the trust levels for the Trusted Authority, "
                  + name
                  + ": "
                  + e.getMessage(),
              e);
          try {
            this.removeTrustedAuthoritysTrustLevels(name);
          } catch (Exception ex) {
            this.log.error(ex.getMessage(), ex);
          }
          GTSInternalFault fault = new GTSInternalFault();
          fault.setFaultString("Unexpected error removing the TrustedAuthority " + name);
          throw fault;
        } finally {
          db.releaseConnection(c);
        }
      }
    }
  }
示例#3
0
  private X509Certificate checkAndExtractCertificate(TrustedAuthority ta)
      throws IllegalTrustedAuthorityFault {
    if (ta.getCertificate() == null) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("No certificate specified!!!");
      throw fault;
    }

    if (ta.getCertificate().getCertificateEncodedString() == null) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("No certificate specified!!!");
      throw fault;
    }

    try {
      return CertUtil.loadCertificate(ta.getCertificate().getCertificateEncodedString());
    } catch (Exception ex) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("Invalid certificate Provided!!!");
      throw fault;
    }
  }
示例#4
0
  public synchronized TrustedAuthority addTrustedAuthority(TrustedAuthority ta, boolean internal)
      throws GTSInternalFault, IllegalTrustedAuthorityFault {
    this.buildDatabase();
    X509Certificate cert = checkAndExtractCertificate(ta);
    if ((ta.getName() != null) && (!ta.getName().equals(cert.getSubjectDN().toString()))) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString(
          "The Trusted Authority Name must match the subject of the Trusted Authority's certificate");
      throw fault;
    } else {
      ta.setName(cert.getSubjectDN().toString());
    }

    if (this.doesTrustedAuthorityExist(ta.getName())) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("The Trusted Authority " + ta.getName() + " already exists.");
      throw fault;
    }

    X509CRL crl = checkAndExtractCRL(ta, cert);

    if (ta.getTrustLevels() != null) {
      if (ta.getTrustLevels().getTrustLevel() != null) {
        for (int i = 0; i < ta.getTrustLevels().getTrustLevel().length; i++) {
          if (!lookup.doesTrustLevelExist(ta.getTrustLevels().getTrustLevel()[i])) {
            IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
            fault.setFaultString(
                "The Trusted Authority "
                    + ta.getName()
                    + " could not be added, the trust level "
                    + ta.getTrustLevels().getTrustLevel()[i]
                    + " does not exist.");
            throw fault;
          }
        }
      }
    }
    if (ta.getStatus() == null) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("No status specified for the Trusted Authority!!!");
      throw fault;
    }
    if (internal) {
      ta.setIsAuthority(Boolean.TRUE);
      ta.setAuthorityGTS(gtsURI);
      ta.setSourceGTS(gtsURI);
      ta.setExpires(0);
    } else {
      if ((ta.getIsAuthority() == null)) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added because it does not specify whether or not this GTS is the authority of it.");
        throw fault;
      }

      if (ta.getAuthorityGTS() == null) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added because it does not specify an authority trust service.");
        throw fault;
      }

      if (ta.getSourceGTS() == null) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added because it does not specify an source trust service.");
        throw fault;
      }

      if ((!ta.getIsAuthority().booleanValue()) && (ta.getExpires() <= 0)) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added because it does not specify an expiration.");
        throw fault;
      }

      if ((ta.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be added, a conflict was detected, this gts ("
                + gtsURI
                + ") was specified as its authority, however the URI of another GTS ( "
                + ta.getAuthorityGTS()
                + ") was specified.");
        throw fault;
      }
    }
    insertTrustedAuthority(ta, cert, crl);
    return ta;
  }
示例#5
0
  public synchronized void updateTrustedAuthority(TrustedAuthority ta, boolean internal)
      throws GTSInternalFault, IllegalTrustedAuthorityFault, InvalidTrustedAuthorityFault {

    TrustedAuthority curr = this.getTrustedAuthority(ta.getName());
    StringBuffer sql = new StringBuffer();
    boolean needsUpdate = false;
    UpdateStatement update = new UpdateStatement(TrustedAuthorityTable.TABLE_NAME);
    if (internal) {
      if (!curr.getAuthorityGTS().equals(gtsURI)) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority cannot be updated, the GTS ("
                + gtsURI
                + ") is not its authority!!!");
        throw fault;
      }

      if ((clean(ta.getAuthorityGTS()) != null)
          && (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS()))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The authority trust service for a Trusted Authority cannot be changed");
        throw fault;
      }

      if (ta.getCertificate() != null) {
        if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
            && (!ta.getCertificate().equals(curr.getCertificate()))) {
          IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
          fault.setFaultString("The certificate for a Trusted Authority cannot be changed");
          throw fault;
        }
      }

      if ((clean(ta.getSourceGTS()) != null) && (!ta.getSourceGTS().equals(curr.getSourceGTS()))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString("The source trust service for a Trusted Authority cannot be changed");
        throw fault;
      }

    } else {

      if ((curr.getIsAuthority().booleanValue()) && (!ta.getAuthorityGTS().equals(gtsURI))) {
        IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
        fault.setFaultString(
            "The Trusted Authority "
                + ta.getName()
                + " cannot be updated, a conflict was detected, this gts ("
                + gtsURI
                + ") was specified as its authority, however the URI of another GTS ( "
                + ta.getAuthorityGTS()
                + ") was specified.");
        throw fault;
      }

      if (!ta.getAuthorityGTS().equals(curr.getAuthorityGTS())) {
        update.addField(TrustedAuthorityTable.AUTHORITY_GTS, ta.getAuthorityGTS());
        needsUpdate = true;
      }

      if (ta.getCertificate() != null) {
        if ((clean(ta.getCertificate().getCertificateEncodedString()) != null)
            && (!ta.getCertificate().equals(curr.getCertificate()))) {
          X509Certificate cert = checkAndExtractCertificate(ta);
          if ((!ta.getName().equals(cert.getSubjectDN().toString()))) {
            IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
            fault.setFaultString(
                "The Trusted Authority Name must match the subject of the Trusted Authority's certificate");
            throw fault;
          }

          update.addField(
              TrustedAuthorityTable.CERTIFICATE, ta.getCertificate().getCertificateEncodedString());
          needsUpdate = true;
        }
      }

      if (!ta.getSourceGTS().equals(curr.getSourceGTS())) {
        update.addField(TrustedAuthorityTable.SOURCE_GTS, ta.getSourceGTS());
        needsUpdate = true;
      }

      if (ta.getExpires() != curr.getExpires()) {
        update.addField(TrustedAuthorityTable.EXPIRES, Long.valueOf(ta.getExpires()));
        needsUpdate = true;
      }
    }

    if ((ta.getIsAuthority() != null) && (!ta.getIsAuthority().equals(curr.getIsAuthority()))) {
      IllegalTrustedAuthorityFault fault = new IllegalTrustedAuthorityFault();
      fault.setFaultString("The authority trust service for a Trusted Authority cannot be changed");
      throw fault;
    }

    if (ta.getCRL() != null) {
      if ((clean(ta.getCRL().getCrlEncodedString()) != null)
          && (!ta.getCRL().equals(curr.getCRL()))) {
        TrustedAuthority temp = curr;
        if (ta.getCertificate() != null) {
          temp = ta;
        }
        X509Certificate cert = checkAndExtractCertificate(temp);
        checkAndExtractCRL(ta, cert);
        update.addField(TrustedAuthorityTable.CRL, ta.getCRL().getCrlEncodedString());
        needsUpdate = true;
      }
    } else {
      if (!internal) {
        if (curr.getCRL() != null) {
          update.addField(TrustedAuthorityTable.CRL, "");
          needsUpdate = true;
        }
      }
    }

    if ((ta.getStatus() != null) && (!ta.getStatus().equals(curr.getStatus()))) {
      update.addField(TrustedAuthorityTable.STATUS, ta.getStatus().getValue());
      needsUpdate = true;
    }
    boolean updateTrustLevels = false;

    if ((ta.getTrustLevels() != null)
        && (!this.areTrustLevelEquals(
            ta.getTrustLevels().getTrustLevel(), curr.getTrustLevels().getTrustLevel()))) {
      needsUpdate = true;
      updateTrustLevels = true;
    }

    if (!ta.equals(curr)) {
      if (needsUpdate) {
        Connection c = null;
        try {
          Calendar cal = new GregorianCalendar();
          ta.setLastUpdated(cal.getTimeInMillis());
          update.addField(TrustedAuthorityTable.LAST_UPDATED, Long.valueOf(ta.getLastUpdated()));
          update.addWhereField(TrustedAuthorityTable.NAME, "=", ta.getName());
          c = db.getConnection();
          PreparedStatement s = update.prepareUpdateStatement(c);
          s.execute();
          s.close();
        } catch (Exception e) {
          this.log.error(
              "Unexpected database error incurred in updating "
                  + ta.getName()
                  + ", the following statement generated the error: \n"
                  + sql.toString()
                  + "\n",
              e);
          GTSInternalFault fault = new GTSInternalFault();
          fault.setFaultString("Unexpected error occurred in updating " + ta.getName() + ".");
          throw fault;
        } finally {
          if (c != null) {
            db.releaseConnection(c);
          }
        }
        if (updateTrustLevels) {
          this.addTrustLevels(ta.getName(), ta.getTrustLevels());
        }
      }
    }
  }