Search in sources :

Example 1 with ResponseOptionType

use of org.xipki.ocsp.server.impl.jaxb.ResponseOptionType in project xipki by xipki.

the class OcspServerImpl method init0.

private void init0() throws InvalidConfException, DataAccessException, PasswordResolverException {
    if (confFile == null) {
        throw new IllegalStateException("confFile is not set");
    }
    if (datasourceFactory == null) {
        throw new IllegalStateException("datasourceFactory is not set");
    }
    if (securityFactory == null) {
        throw new IllegalStateException("securityFactory is not set");
    }
    OCSPServer conf = parseConf(confFile);
    // -- check the duplication names
    Set<String> set = new HashSet<>();
    // Duplication name check: responder
    for (ResponderType m : conf.getResponders().getResponder()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of responder named '" + name + "'");
        }
        if (StringUtil.isBlank(name)) {
            throw new InvalidConfException("responder name must not be empty");
        }
        for (int i = 0; i < name.length(); i++) {
            char ch = name.charAt(i);
            if (!((ch >= '0' && ch <= '9') || (ch >= 'A' && ch <= 'Z') || (ch >= 'a' && ch <= 'z') || ch == '-') || ch == '_' || ch == '.') {
                throw new InvalidConfException("invalid OCSP responder name '" + name + "'");
            }
        }
        // end for
        set.add(name);
    }
    // end for
    // Duplication name check: signer
    set.clear();
    for (SignerType m : conf.getSigners().getSigner()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of signer option named '" + name + "'");
        }
        set.add(name);
    }
    // Duplication name check: requests
    set.clear();
    for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of request option named '" + name + "'");
        }
        set.add(name);
    }
    // Duplication name check: response
    set.clear();
    for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of response option named '" + name + "'");
        }
        set.add(name);
    }
    // Duplication name check: store
    set.clear();
    for (StoreType m : conf.getStores().getStore()) {
        String name = m.getName();
        if (set.contains(name)) {
            throw new InvalidConfException("duplicated definition of store named '" + name + "'");
        }
    }
    // Duplication name check: datasource
    set.clear();
    if (conf.getDatasources() != null) {
        for (DatasourceType m : conf.getDatasources().getDatasource()) {
            String name = m.getName();
            if (set.contains(name)) {
                throw new InvalidConfException("duplicated definition of datasource named '" + name + "'");
            }
            set.add(name);
        }
    }
    this.master = conf.isMaster();
    // Response Cache
    ResponseCacheType cacheType = conf.getResponseCache();
    if (cacheType != null) {
        DatasourceType cacheSourceConf = cacheType.getDatasource();
        DataSourceWrapper datasource;
        InputStream dsStream = null;
        try {
            dsStream = getInputStream(cacheSourceConf.getConf());
            datasource = datasourceFactory.createDataSource(cacheSourceConf.getName(), dsStream, securityFactory.getPasswordResolver());
        } catch (IOException ex) {
            throw new InvalidConfException(ex.getMessage(), ex);
        } finally {
            close(dsStream);
        }
        responseCacher = new ResponseCacher(datasource, master, cacheType.getValidity());
        responseCacher.init();
    }
    // signers
    for (SignerType m : conf.getSigners().getSigner()) {
        ResponderSigner signer = initSigner(m);
        signers.put(m.getName(), signer);
    }
    // requests
    for (RequestOptionType m : conf.getRequestOptions().getRequestOption()) {
        RequestOption option = new RequestOption(m);
        requestOptions.put(m.getName(), option);
    }
    // responses
    for (ResponseOptionType m : conf.getResponseOptions().getResponseOption()) {
        ResponseOption option = new ResponseOption(m);
        responseOptions.put(m.getName(), option);
    }
    // datasources
    Map<String, DataSourceWrapper> datasources = new HashMap<>();
    if (conf.getDatasources() != null) {
        for (DatasourceType m : conf.getDatasources().getDatasource()) {
            String name = m.getName();
            DataSourceWrapper datasource;
            InputStream dsStream = null;
            try {
                dsStream = getInputStream(m.getConf());
                datasource = datasourceFactory.createDataSource(name, dsStream, securityFactory.getPasswordResolver());
            } catch (IOException ex) {
                throw new InvalidConfException(ex.getMessage(), ex);
            } finally {
                close(dsStream);
            }
            datasources.put(name, datasource);
        }
    // end for
    }
    // end if
    // responders
    Map<String, ResponderOption> responderOptions = new HashMap<>();
    for (ResponderType m : conf.getResponders().getResponder()) {
        ResponderOption option = new ResponderOption(m);
        String optName = option.getSignerName();
        if (!signers.containsKey(optName)) {
            throw new InvalidConfException("no signer named '" + optName + "' is defined");
        }
        String reqOptName = option.getRequestOptionName();
        if (!requestOptions.containsKey(reqOptName)) {
            throw new InvalidConfException("no requestOption named '" + reqOptName + "' is defined");
        }
        String respOptName = option.getResponseOptionName();
        if (!responseOptions.containsKey(respOptName)) {
            throw new InvalidConfException("no responseOption named '" + respOptName + "' is defined");
        }
        // required HashAlgorithms for certificate
        List<StoreType> storeDefs = conf.getStores().getStore();
        Set<String> storeNames = new HashSet<>(storeDefs.size());
        for (StoreType storeDef : storeDefs) {
            storeNames.add(storeDef.getName());
        }
        responderOptions.put(m.getName(), option);
    }
    // stores
    for (StoreType m : conf.getStores().getStore()) {
        OcspStore store = newStore(m, datasources);
        stores.put(m.getName(), store);
    }
    // responders
    for (String name : responderOptions.keySet()) {
        ResponderOption option = responderOptions.get(name);
        List<OcspStore> statusStores = new ArrayList<>(option.getStoreNames().size());
        for (String storeName : option.getStoreNames()) {
            statusStores.add(stores.get(storeName));
        }
        ResponseOption responseOption = responseOptions.get(option.getResponseOptionName());
        ResponderSigner signer = signers.get(option.getSignerName());
        if (signer.isMacSigner()) {
            if (responseOption.isResponderIdByName()) {
                throw new InvalidConfException("could not use ResponderIdByName for signer " + option.getSignerName());
            }
            if (EmbedCertsMode.NONE != responseOption.getEmbedCertsMode()) {
                throw new InvalidConfException("could not embed certifcate in response for signer " + option.getSignerName());
            }
        }
        ResponderImpl responder = new ResponderImpl(option, requestOptions.get(option.getRequestOptionName()), responseOption, signer, statusStores);
        responders.put(name, responder);
    }
    // end for
    // servlet paths
    List<SizeComparableString> tmpList = new LinkedList<>();
    for (String name : responderOptions.keySet()) {
        ResponderImpl responder = responders.get(name);
        ResponderOption option = responderOptions.get(name);
        List<String> strs = option.getServletPaths();
        for (String path : strs) {
            tmpList.add(new SizeComparableString(path));
            path2responderMap.put(path, responder);
        }
    }
    // Sort the servlet paths according to the length of path. The first one is the
    // longest, and the last one is the shortest.
    Collections.sort(tmpList);
    List<String> list2 = new ArrayList<>(tmpList.size());
    for (SizeComparableString m : tmpList) {
        list2.add(m.str);
    }
    this.servletPaths = list2;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) InvalidConfException(org.xipki.common.InvalidConfException) DatasourceType(org.xipki.ocsp.server.impl.jaxb.DatasourceType) SignerType(org.xipki.ocsp.server.impl.jaxb.SignerType) StoreType(org.xipki.ocsp.server.impl.jaxb.StoreType) OcspStore(org.xipki.ocsp.api.OcspStore) HashSet(java.util.HashSet) RequestOptionType(org.xipki.ocsp.server.impl.jaxb.RequestOptionType) ResponseOptionType(org.xipki.ocsp.server.impl.jaxb.ResponseOptionType) ByteArrayInputStream(java.io.ByteArrayInputStream) ASN1InputStream(org.bouncycastle.asn1.ASN1InputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) ResponseCacheType(org.xipki.ocsp.server.impl.jaxb.ResponseCacheType) IOException(java.io.IOException) ResponderType(org.xipki.ocsp.server.impl.jaxb.ResponderType) LinkedList(java.util.LinkedList) OCSPServer(org.xipki.ocsp.server.impl.jaxb.OCSPServer) DataSourceWrapper(org.xipki.datasource.DataSourceWrapper)

Aggregations

ByteArrayInputStream (java.io.ByteArrayInputStream)1 FileInputStream (java.io.FileInputStream)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 LinkedList (java.util.LinkedList)1 ASN1InputStream (org.bouncycastle.asn1.ASN1InputStream)1 InvalidConfException (org.xipki.common.InvalidConfException)1 DataSourceWrapper (org.xipki.datasource.DataSourceWrapper)1 OcspStore (org.xipki.ocsp.api.OcspStore)1 DatasourceType (org.xipki.ocsp.server.impl.jaxb.DatasourceType)1 OCSPServer (org.xipki.ocsp.server.impl.jaxb.OCSPServer)1 RequestOptionType (org.xipki.ocsp.server.impl.jaxb.RequestOptionType)1 ResponderType (org.xipki.ocsp.server.impl.jaxb.ResponderType)1 ResponseCacheType (org.xipki.ocsp.server.impl.jaxb.ResponseCacheType)1 ResponseOptionType (org.xipki.ocsp.server.impl.jaxb.ResponseOptionType)1 SignerType (org.xipki.ocsp.server.impl.jaxb.SignerType)1 StoreType (org.xipki.ocsp.server.impl.jaxb.StoreType)1