use of org.xipki.ocsp.server.impl.jaxb.OCSPServer in project xipki by xipki.
the class OcspServerImpl method init0.
private void init0() throws InvalidConfException, DataAccessException, PasswordResolverException {
if (confFile == null) {
throw new IllegalStateException("confFile is not set");
}
if (datasourceFactory == null) {
throw new IllegalStateException("datasourceFactory is not set");
}
if (securityFactory == null) {
throw new IllegalStateException("securityFactory is not set");
}
OCSPServer conf = parseConf(confFile);
// -- check the duplication names
Set<String> set = new HashSet<>();
// Duplication name check: responder
for (ResponderType m : conf.getResponders().getResponder()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of responder named '" + name + "'");
}
if (StringUtil.isBlank(name)) {
throw new InvalidConfException("responder name must not be empty");
}
for (int i = 0; i < name.length(); i++) {
char ch = name.charAt(i);
if (!((ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || ch == '-') || ch == '_' || ch == '.') {
throw new InvalidConfException("invalid OCSP responder name '" + name + "'");
}
}
// end for
set.add(name);
}
// end for
// Duplication name check: signer
set.clear();
for (SignerType m : conf.getSigners().getSigner()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of signer option named '" + name + "'");
}
set.add(name);
}
// Duplication name check: requests
set.clear();
for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of request option named '" + name + "'");
}
set.add(name);
}
// Duplication name check: response
set.clear();
for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of response option named '" + name + "'");
}
set.add(name);
}
// Duplication name check: store
set.clear();
for (StoreType m : conf.getStores().getStore()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of store named '" + name + "'");
}
}
// Duplication name check: datasource
set.clear();
if (conf.getDatasources() != null) {
for (DatasourceType m : conf.getDatasources().getDatasource()) {
String name = m.getName();
if (set.contains(name)) {
throw new InvalidConfException("duplicated definition of datasource named '" + name + "'");
}
set.add(name);
}
}
this.master = conf.isMaster();
// Response Cache
ResponseCacheType cacheType = conf.getResponseCache();
if (cacheType != null) {
DatasourceType cacheSourceConf = cacheType.getDatasource();
DataSourceWrapper datasource;
InputStream dsStream = null;
try {
dsStream = getInputStream(cacheSourceConf.getConf());
datasource = datasourceFactory.createDataSource(cacheSourceConf.getName(), dsStream, securityFactory.getPasswordResolver());
} catch (IOException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
} finally {
close(dsStream);
}
responseCacher = new ResponseCacher(datasource, master, cacheType.getValidity());
responseCacher.init();
}
// signers
for (SignerType m : conf.getSigners().getSigner()) {
ResponderSigner signer = initSigner(m);
signers.put(m.getName(), signer);
}
// requests
for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
RequestOption option = new RequestOption(m);
requestOptions.put(m.getName(), option);
}
// responses
for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
ResponseOption option = new ResponseOption(m);
responseOptions.put(m.getName(), option);
}
// datasources
Map<String, DataSourceWrapper> datasources = new HashMap<>();
if (conf.getDatasources() != null) {
for (DatasourceType m : conf.getDatasources().getDatasource()) {
String name = m.getName();
DataSourceWrapper datasource;
InputStream dsStream = null;
try {
dsStream = getInputStream(m.getConf());
datasource = datasourceFactory.createDataSource(name, dsStream, securityFactory.getPasswordResolver());
} catch (IOException ex) {
throw new InvalidConfException(ex.getMessage(), ex);
} finally {
close(dsStream);
}
datasources.put(name, datasource);
}
// end for
}
// end if
// responders
Map<String, ResponderOption> responderOptions = new HashMap<>();
for (ResponderType m : conf.getResponders().getResponder()) {
ResponderOption option = new ResponderOption(m);
String optName = option.getSignerName();
if (!signers.containsKey(optName)) {
throw new InvalidConfException("no signer named '" + optName + "' is defined");
}
String reqOptName = option.getRequestOptionName();
if (!requestOptions.containsKey(reqOptName)) {
throw new InvalidConfException("no requestOption named '" + reqOptName + "' is defined");
}
String respOptName = option.getResponseOptionName();
if (!responseOptions.containsKey(respOptName)) {
throw new InvalidConfException("no responseOption named '" + respOptName + "' is defined");
}
// required HashAlgorithms for certificate
List<StoreType> storeDefs = conf.getStores().getStore();
Set<String> storeNames = new HashSet<>(storeDefs.size());
for (StoreType storeDef : storeDefs) {
storeNames.add(storeDef.getName());
}
responderOptions.put(m.getName(), option);
}
// stores
for (StoreType m : conf.getStores().getStore()) {
OcspStore store = newStore(m, datasources);
stores.put(m.getName(), store);
}
// responders
for (String name : responderOptions.keySet()) {
ResponderOption option = responderOptions.get(name);
List<OcspStore> statusStores = new ArrayList<>(option.getStoreNames().size());
for (String storeName : option.getStoreNames()) {
statusStores.add(stores.get(storeName));
}
ResponseOption responseOption = responseOptions.get(option.getResponseOptionName());
ResponderSigner signer = signers.get(option.getSignerName());
if (signer.isMacSigner()) {
if (responseOption.isResponderIdByName()) {
throw new InvalidConfException("could not use ResponderIdByName for signer " + option.getSignerName());
}
if (EmbedCertsMode.NONE != responseOption.getEmbedCertsMode()) {
throw new InvalidConfException("could not embed certifcate in response for signer " + option.getSignerName());
}
}
ResponderImpl responder = new ResponderImpl(option, requestOptions.get(option.getRequestOptionName()), responseOption, signer, statusStores);
responders.put(name, responder);
}
// end for
// servlet paths
List<SizeComparableString> tmpList = new LinkedList<>();
for (String name : responderOptions.keySet()) {
ResponderImpl responder = responders.get(name);
ResponderOption option = responderOptions.get(name);
List<String> strs = option.getServletPaths();
for (String path : strs) {
tmpList.add(new SizeComparableString(path));
path2responderMap.put(path, responder);
}
}
// Sort the servlet paths according to the length of path. The first one is the
// longest, and the last one is the shortest.
Collections.sort(tmpList);
List<String> list2 = new ArrayList<>(tmpList.size());
for (SizeComparableString m : tmpList) {
list2.add(m.str);
}
this.servletPaths = list2;
}
use of org.xipki.ocsp.server.impl.jaxb.OCSPServer in project xipki by xipki.
the class OcspServerImpl method parseConf.
private static OCSPServer parseConf(String confFilename) throws InvalidConfException {
try {
JAXBContext jaxbContext = JAXBContext.newInstance(ObjectFactory.class);
Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
SchemaFactory schemaFact = SchemaFactory.newInstance(javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema schema = schemaFact.newSchema(OcspServerImpl.class.getResource("/xsd/ocsp-conf.xsd"));
unmarshaller.setSchema(schema);
return (OCSPServer) unmarshaller.unmarshal(new File(IoUtil.expandFilepath(confFilename)));
} catch (SAXException ex) {
throw new InvalidConfException("parse profile failed, message: " + ex.getMessage(), ex);
} catch (JAXBException ex) {
throw new InvalidConfException("parse profile failed, message: " + XmlUtil.getMessage(ex), ex);
}
}
Aggregations