diff options
author | Klaus Stranacher <kstranacher@iaik.tugraz.at> | 2013-08-14 16:36:40 +0200 |
---|---|---|
committer | Klaus Stranacher <kstranacher@iaik.tugraz.at> | 2013-08-14 16:36:40 +0200 |
commit | a52d3300d20837b12b45a0d4fb2b0ee520f6e641 (patch) | |
tree | f2f3259231718a3871ca27b8ee61c857377378ac /spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api | |
parent | 8591e43ef7f8e1eb0be50a0726d507904b26b9f5 (diff) | |
download | moa-id-spss-a52d3300d20837b12b45a0d4fb2b0ee520f6e641.tar.gz moa-id-spss-a52d3300d20837b12b45a0d4fb2b0ee520f6e641.tar.bz2 moa-id-spss-a52d3300d20837b12b45a0d4fb2b0ee520f6e641.zip |
TSL integration updates:
- Setting of hashcache parameter in MOA
- Update MOA-SP Response (Source attribute in QualifiedCertificate and SecureSignatureCreationDevice element)
- Hidden truststores (for TSL enabled truststore: given certificates are copied to hidden truststore, where TSL certificates are copied)
- Update of QC and SSCD detection
- Update MOA-SPSS config: EU TSL URL can be set via configuration
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api')
9 files changed, 90 insertions, 11 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index 26cce1a82..80f996b36 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -1090,6 +1090,8 @@ public abstract class SPSSFactory { * @param signerCertificate The signer certificate in binary form. * @param qualifiedCertificate <code>true</code>, if the signer certificate is * a qualified certificate, otherwise <code>false</code>. + * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL, + * otherwise <code>false</code>. * @param publicAuthority <code>true</code>, if the signer certificate is a * public authority certificate, otherwise <code>false</code>. * @param publicAuthorityID The identification of the public authority @@ -1097,6 +1099,8 @@ public abstract class SPSSFactory { * <code>null</code>. * @param sscd <code>true</code>, if the TSL check verifies the * signature based on a SSDC, otherwise <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL, + * otherwise <code>false</code>. * @return The <code>SignerInfo</code> containing the above data. * * @pre signerCertSubjectName != null @@ -1106,9 +1110,11 @@ public abstract class SPSSFactory { public abstract SignerInfo createSignerInfo( X509Certificate signerCertificate, boolean qualifiedCertificate, + boolean qcSourceTSL, boolean publicAuthority, String publicAuthorityID, - boolean sscd); + boolean sscd, + boolean sscdSourceTSL); /** * Create a new <code>X509IssuerSerial</code> object. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java index 7a1942214..337f775bf 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java @@ -59,6 +59,17 @@ public interface SignerInfo { public boolean isSSCD(); /** + * Returns the source of the SSCD check (TSL or Certificate) * + */ + public String getSSCDSource(); + + /** + * Returns the source of the QC check (TSL or Certificate) * + */ + public String getQCSource(); + + + /** * Checks, whether the certificate contained in this object is a * public authority certificate. * diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java index fd7d38217..29529322c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.spss.api.common;
+import iaik.ixsil.util.URI;
+
import java.util.Date;
@@ -70,5 +72,10 @@ public interface TSLConfiguration { */
public String getWorkingDirectory();
+ /**
+ *
+ * @return
+ */
+ public URI getWorkingDirectoryAsURI();
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index 7c1208e8f..74f65cb70 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -622,15 +622,19 @@ public class SPSSFactoryImpl extends SPSSFactory { public SignerInfo createSignerInfo( X509Certificate signerCertificate, boolean qualifiedCertificate, + boolean qcSourceTSL, boolean publicAuthority, String publicAuthorityID, - boolean sscd) { + boolean sscd, + boolean sscdSourceTSL) { SignerInfoImpl signerInfo = new SignerInfoImpl(); signerInfo.setSignerCertificate(signerCertificate); signerInfo.setQualifiedCertificate(qualifiedCertificate); + signerInfo.setQCSourceTSL(qcSourceTSL); signerInfo.setPublicAuthority(publicAuthority); signerInfo.setPublicAuhtorityID(publicAuthorityID); signerInfo.setSSCD(sscd); + signerInfo.setSSCDSourceTSL(sscdSourceTSL); return signerInfo; } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java index 56a9004fc..5d26397c5 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java @@ -49,6 +49,13 @@ public class SignerInfoImpl implements SignerInfo { /** Determines, whether the signature is based on an SSCD */ private boolean sscd; + + /** Determines, if the SSCD check bases upon on TSL */ + private boolean sscdSourceTSL; + + /** Determines, if the QC check bases upon on TSL */ + private boolean qcSourceTSL; + /** * Sets the signer certificate. * @@ -87,7 +94,29 @@ public class SignerInfoImpl implements SignerInfo { } public boolean isSSCD() { return sscd; - } + } + + public void setSSCDSourceTSL(boolean sscdSourceTSL) { + this.sscdSourceTSL = sscdSourceTSL; + } + + public String getSSCDSource() { + if (sscdSourceTSL) + return "TSL"; + else + return "Certificate"; + } + + public void setQCSourceTSL(boolean qcSourceTSL) { + this.qcSourceTSL = qcSourceTSL; + } + + public String getQCSource() { + if (qcSourceTSL) + return "TSL"; + else + return "Certificate"; + } /** * Sets, whether the certificate contained in this object is an diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java index 15d66614e..87314e1f7 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.spss.api.impl;
+import iaik.ixsil.util.URI;
+
import java.util.Date;
import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
@@ -38,7 +40,7 @@ public class TSLConfigurationImpl implements TSLConfiguration { /** The EU TSL URL. */
-// private String euTSLUrl;
+ private String euTSLUrl;
/** update period in milliseconds */
private long updateSchedulePeriod;
@@ -48,9 +50,12 @@ public class TSLConfigurationImpl implements TSLConfiguration { /** Working directory */
private String workingDirectory;
+
+ /** Working directory */
+ private URI workingDirectoryAsURI;
public String getEuTSLUrl() {
- return this.DEFAULT_EU_TSL_URL;
+ return this.euTSLUrl;
}
public long getUpdateSchedulePeriod() {
@@ -64,10 +69,14 @@ public class TSLConfigurationImpl implements TSLConfiguration { public String getWorkingDirectory() {
return this.workingDirectory;
}
+
+ public URI getWorkingDirectoryAsURI() {
+ return this.workingDirectoryAsURI;
+ }
-// public void setEuTSLUrl(String euTSLUrl) {
-// this.euTSLUrl = euTSLUrl;
-// }
+ public void setEuTSLUrl(String euTSLUrl) {
+ this.euTSLUrl = euTSLUrl;
+ }
public void setUpdateSchedulePeriod(long updateSchedulePeriod) {
this.updateSchedulePeriod = updateSchedulePeriod;
@@ -80,6 +89,10 @@ public class TSLConfigurationImpl implements TSLConfiguration { public void setWorkingDirectory(String workingDirectory) {
this.workingDirectory = workingDirectory;
}
+
+ public void setWorkingDirectoryURI(URI workingDirectoryAsURI) {
+ this.workingDirectoryAsURI = workingDirectoryAsURI;
+ }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index a228a0db8..505303bc1 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -117,9 +117,11 @@ class ResponseBuilderUtils { Element root, X509Certificate cert, boolean isQualified, + String qcSource, boolean isPublicAuthority, String publicAuthorityID, - boolean isSSCD) + boolean isSSCD, + String sscdSource) throws MOAApplicationException { Element signerInfoElem = response.createElementNS(MOA_NS_URI, "SignerInfo"); @@ -182,6 +184,7 @@ class ResponseBuilderUtils { x509DataElem.appendChild(x509IssuerSerialElem); x509DataElem.appendChild(x509CertificateElem); if (isQualified) { + qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource); x509DataElem.appendChild(qualifiedCertificateElem); } if (isPublicAuthority) { @@ -192,6 +195,7 @@ class ResponseBuilderUtils { } } if (isSSCD) { + sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource); x509DataElem.appendChild(sscdElem); } signerInfoElem.appendChild(x509DataElem); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 7ad838822..238875351 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -99,14 +99,17 @@ public class VerifyCMSSignatureResponseBuilder { CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); + //TODO ResponseBuilderUtils.addSignerInfo( responseDoc, responseElem, signerInfo.getSignerCertificate(), signerInfo.isQualifiedCertificate(), + signerInfo.getQCSource(), signerInfo.isPublicAuthority(), signerInfo.getPublicAuhtorityID(), - signerInfo.isSSCD()); + signerInfo.isSSCD(), + signerInfo.getSSCDSource()); ResponseBuilderUtils.addCodeInfoElement( responseDoc, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java index 0d3e0c18e..8673fba1c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java @@ -96,9 +96,11 @@ public class VerifyXMLSignatureResponseBuilder { responseElem, response.getSignerInfo().getSignerCertificate(), response.getSignerInfo().isQualifiedCertificate(), + response.getSignerInfo().getQCSource(), response.getSignerInfo().isPublicAuthority(), response.getSignerInfo().getPublicAuhtorityID(), - response.getSignerInfo().isSSCD()); + response.getSignerInfo().isSSCD(), + response.getSignerInfo().getSSCDSource()); // add HashInputData elements responseData = response.getHashInputDatas(); |