summaryrefslogtreecommitdiff
path: root/spss/server/serverlib/src/main
diff options
context:
space:
mode:
authorKlaus Stranacher <kstranacher@iaik.tugraz.at>2013-08-14 16:36:40 +0200
committerKlaus Stranacher <kstranacher@iaik.tugraz.at>2013-08-14 16:36:40 +0200
commita52d3300d20837b12b45a0d4fb2b0ee520f6e641 (patch)
treef2f3259231718a3871ca27b8ee61c857377378ac /spss/server/serverlib/src/main
parent8591e43ef7f8e1eb0be50a0726d507904b26b9f5 (diff)
downloadmoa-id-spss-a52d3300d20837b12b45a0d4fb2b0ee520f6e641.tar.gz
moa-id-spss-a52d3300d20837b12b45a0d4fb2b0ee520f6e641.tar.bz2
moa-id-spss-a52d3300d20837b12b45a0d4fb2b0ee520f6e641.zip
TSL integration updates:
- Setting of hashcache parameter in MOA - Update MOA-SP Response (Source attribute in QualifiedCertificate and SecureSignatureCreationDevice element) - Hidden truststores (for TSL enabled truststore: given certificates are copied to hidden truststore, where TSL certificates are copied) - Update of QC and SSCD detection - Update MOA-SPSS config: EU TSL URL can be set via configuration
Diffstat (limited to 'spss/server/serverlib/src/main')
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java8
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java11
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java7
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java6
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java31
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java23
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java6
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java5
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java4
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java91
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java6
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java29
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java8
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java116
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java27
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java30
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java65
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java27
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java26
-rw-r--r--spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties1
20 files changed, 414 insertions, 113 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index 26cce1a82..80f996b36 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -1090,6 +1090,8 @@ public abstract class SPSSFactory {
* @param signerCertificate The signer certificate in binary form.
* @param qualifiedCertificate <code>true</code>, if the signer certificate is
* a qualified certificate, otherwise <code>false</code>.
+ * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL,
+ * otherwise <code>false</code>.
* @param publicAuthority <code>true</code>, if the signer certificate is a
* public authority certificate, otherwise <code>false</code>.
* @param publicAuthorityID The identification of the public authority
@@ -1097,6 +1099,8 @@ public abstract class SPSSFactory {
* <code>null</code>.
* @param sscd <code>true</code>, if the TSL check verifies the
* signature based on a SSDC, otherwise <code>false</code>.
+ * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL,
+ * otherwise <code>false</code>.
* @return The <code>SignerInfo</code> containing the above data.
*
* @pre signerCertSubjectName != null
@@ -1106,9 +1110,11 @@ public abstract class SPSSFactory {
public abstract SignerInfo createSignerInfo(
X509Certificate signerCertificate,
boolean qualifiedCertificate,
+ boolean qcSourceTSL,
boolean publicAuthority,
String publicAuthorityID,
- boolean sscd);
+ boolean sscd,
+ boolean sscdSourceTSL);
/**
* Create a new <code>X509IssuerSerial</code> object.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
index 7a1942214..337f775bf 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/SignerInfo.java
@@ -59,6 +59,17 @@ public interface SignerInfo {
public boolean isSSCD();
/**
+ * Returns the source of the SSCD check (TSL or Certificate) *
+ */
+ public String getSSCDSource();
+
+ /**
+ * Returns the source of the QC check (TSL or Certificate) *
+ */
+ public String getQCSource();
+
+
+ /**
* Checks, whether the certificate contained in this object is a
* public authority certificate.
*
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
index fd7d38217..29529322c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/TSLConfiguration.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.spss.api.common;
+import iaik.ixsil.util.URI;
+
import java.util.Date;
@@ -70,5 +72,10 @@ public interface TSLConfiguration {
*/
public String getWorkingDirectory();
+ /**
+ *
+ * @return
+ */
+ public URI getWorkingDirectoryAsURI();
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
index 7c1208e8f..74f65cb70 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java
@@ -622,15 +622,19 @@ public class SPSSFactoryImpl extends SPSSFactory {
public SignerInfo createSignerInfo(
X509Certificate signerCertificate,
boolean qualifiedCertificate,
+ boolean qcSourceTSL,
boolean publicAuthority,
String publicAuthorityID,
- boolean sscd) {
+ boolean sscd,
+ boolean sscdSourceTSL) {
SignerInfoImpl signerInfo = new SignerInfoImpl();
signerInfo.setSignerCertificate(signerCertificate);
signerInfo.setQualifiedCertificate(qualifiedCertificate);
+ signerInfo.setQCSourceTSL(qcSourceTSL);
signerInfo.setPublicAuthority(publicAuthority);
signerInfo.setPublicAuhtorityID(publicAuthorityID);
signerInfo.setSSCD(sscd);
+ signerInfo.setSSCDSourceTSL(sscdSourceTSL);
return signerInfo;
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
index 56a9004fc..5d26397c5 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -49,6 +49,13 @@ public class SignerInfoImpl implements SignerInfo {
/** Determines, whether the signature is based on an SSCD */
private boolean sscd;
+
+ /** Determines, if the SSCD check bases upon on TSL */
+ private boolean sscdSourceTSL;
+
+ /** Determines, if the QC check bases upon on TSL */
+ private boolean qcSourceTSL;
+
/**
* Sets the signer certificate.
*
@@ -87,7 +94,29 @@ public class SignerInfoImpl implements SignerInfo {
}
public boolean isSSCD() {
return sscd;
- }
+ }
+
+ public void setSSCDSourceTSL(boolean sscdSourceTSL) {
+ this.sscdSourceTSL = sscdSourceTSL;
+ }
+
+ public String getSSCDSource() {
+ if (sscdSourceTSL)
+ return "TSL";
+ else
+ return "Certificate";
+ }
+
+ public void setQCSourceTSL(boolean qcSourceTSL) {
+ this.qcSourceTSL = qcSourceTSL;
+ }
+
+ public String getQCSource() {
+ if (qcSourceTSL)
+ return "TSL";
+ else
+ return "Certificate";
+ }
/**
* Sets, whether the certificate contained in this object is an
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
index 15d66614e..87314e1f7 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TSLConfigurationImpl.java
@@ -24,6 +24,8 @@
package at.gv.egovernment.moa.spss.api.impl;
+import iaik.ixsil.util.URI;
+
import java.util.Date;
import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
@@ -38,7 +40,7 @@ public class TSLConfigurationImpl implements TSLConfiguration {
/** The EU TSL URL. */
-// private String euTSLUrl;
+ private String euTSLUrl;
/** update period in milliseconds */
private long updateSchedulePeriod;
@@ -48,9 +50,12 @@ public class TSLConfigurationImpl implements TSLConfiguration {
/** Working directory */
private String workingDirectory;
+
+ /** Working directory */
+ private URI workingDirectoryAsURI;
public String getEuTSLUrl() {
- return this.DEFAULT_EU_TSL_URL;
+ return this.euTSLUrl;
}
public long getUpdateSchedulePeriod() {
@@ -64,10 +69,14 @@ public class TSLConfigurationImpl implements TSLConfiguration {
public String getWorkingDirectory() {
return this.workingDirectory;
}
+
+ public URI getWorkingDirectoryAsURI() {
+ return this.workingDirectoryAsURI;
+ }
-// public void setEuTSLUrl(String euTSLUrl) {
-// this.euTSLUrl = euTSLUrl;
-// }
+ public void setEuTSLUrl(String euTSLUrl) {
+ this.euTSLUrl = euTSLUrl;
+ }
public void setUpdateSchedulePeriod(long updateSchedulePeriod) {
this.updateSchedulePeriod = updateSchedulePeriod;
@@ -80,6 +89,10 @@ public class TSLConfigurationImpl implements TSLConfiguration {
public void setWorkingDirectory(String workingDirectory) {
this.workingDirectory = workingDirectory;
}
+
+ public void setWorkingDirectoryURI(URI workingDirectoryAsURI) {
+ this.workingDirectoryAsURI = workingDirectoryAsURI;
+ }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index a228a0db8..505303bc1 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -117,9 +117,11 @@ class ResponseBuilderUtils {
Element root,
X509Certificate cert,
boolean isQualified,
+ String qcSource,
boolean isPublicAuthority,
String publicAuthorityID,
- boolean isSSCD)
+ boolean isSSCD,
+ String sscdSource)
throws MOAApplicationException {
Element signerInfoElem = response.createElementNS(MOA_NS_URI, "SignerInfo");
@@ -182,6 +184,7 @@ class ResponseBuilderUtils {
x509DataElem.appendChild(x509IssuerSerialElem);
x509DataElem.appendChild(x509CertificateElem);
if (isQualified) {
+ qualifiedCertificateElem.setAttributeNS(MOA_NS_URI, "Source", qcSource);
x509DataElem.appendChild(qualifiedCertificateElem);
}
if (isPublicAuthority) {
@@ -192,6 +195,7 @@ class ResponseBuilderUtils {
}
}
if (isSSCD) {
+ sscdElem.setAttributeNS(MOA_NS_URI, "Source", sscdSource);
x509DataElem.appendChild(sscdElem);
}
signerInfoElem.appendChild(x509DataElem);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
index 7ad838822..238875351 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java
@@ -99,14 +99,17 @@ public class VerifyCMSSignatureResponseBuilder {
CheckResult signatureCheck = responseElement.getSignatureCheck();
CheckResult certCheck = responseElement.getCertificateCheck();
+ //TODO
ResponseBuilderUtils.addSignerInfo(
responseDoc,
responseElem,
signerInfo.getSignerCertificate(),
signerInfo.isQualifiedCertificate(),
+ signerInfo.getQCSource(),
signerInfo.isPublicAuthority(),
signerInfo.getPublicAuhtorityID(),
- signerInfo.isSSCD());
+ signerInfo.isSSCD(),
+ signerInfo.getSSCDSource());
ResponseBuilderUtils.addCodeInfoElement(
responseDoc,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
index 0d3e0c18e..8673fba1c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java
@@ -96,9 +96,11 @@ public class VerifyXMLSignatureResponseBuilder {
responseElem,
response.getSignerInfo().getSignerCertificate(),
response.getSignerInfo().isQualifiedCertificate(),
+ response.getSignerInfo().getQCSource(),
response.getSignerInfo().isPublicAuthority(),
response.getSignerInfo().getPublicAuhtorityID(),
- response.getSignerInfo().isSSCD());
+ response.getSignerInfo().isSSCD(),
+ response.getSignerInfo().getSSCDSource());
// add HashInputData elements
responseData = response.getHashInputDatas();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 2dcffa014..d2ee75116 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -67,6 +67,7 @@ import at.gv.egovernment.moa.spss.api.impl.TSLConfigurationImpl;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -1135,11 +1136,11 @@ public class ConfigurationPartsBuilder {
}
/**
- * Bulid the trust profile mapping.
+ * Build the trust profile mapping.
*
* @return The profile ID to profile mapping.
*/
- public Map buildTrustProfiles()
+ public Map buildTrustProfiles(String tslWorkingDir)
{
Map trustProfiles = new HashMap();
NodeIterator profileIter = XPathUtils.selectNodeIterator(getConfigElem(), TRUST_PROFILE_XPATH);
@@ -1213,8 +1214,62 @@ public class ConfigurationPartsBuilder {
}
signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
- TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries);
+
+ TrustProfile profile = null;
+
+ if (tslEnabled) {
+ // create new trust anchor location (=tslworking trust profile)
+ File fTslWorkingDir = new File(tslWorkingDir);
+ File tp = new File(fTslWorkingDir, "trustprofiles");
+ if (!tp.exists())
+ tp.mkdir();
+ if (!tp.isDirectory()) {
+ error("config.50", new Object[] { tp.getPath() });
+ // TODO?
+ }
+
+ File tpid = new File(tp, id);
+ if (!tpid.exists())
+ tpid.mkdir();
+ if (!tpid.isDirectory()) {
+ error("config.50", new Object[] { tpid.getPath() });
+ // TODO?
+ }
+
+
+ //System.out.println("tps: " + tpid.getAbsolutePath());
+
+ // create profile
+ profile = new TrustProfile(id, tpid.getAbsolutePath(), signerCertsLocStr, tslEnabled, countries);
+
+ // set original uri (save original trust anchor location)
+ profile.setUriOrig(trustAnchorsLocURI.getPath());
+
+ // delete files in tslworking trust profile
+ File[] files = tpid.listFiles();
+ for (File file : files)
+ file.delete();
+
+ // copy files from trustAnchorsLocURI into tslworking trust profile kopieren
+ File src = new File(trustAnchorsLocURI.getPath());
+ files = src.listFiles();
+ for (File file : files) {
+ FileUtils.copyFile(file, new File(tpid, file.getName()));
+ }
+
+// System.out.println("ID: " + id);
+// System.out.println("Str: " + trustAnchorsLocStr);
+// System.out.println("URI: " + trustAnchorsLocURI.toString());
+// System.out.println("tslWorkingDir: " + tslWorkingDir);
+
+ } else {
+
+ profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries);
+
+ }
+
trustProfiles.put(id, profile);
+
}
return trustProfiles;
@@ -1531,11 +1586,11 @@ public class ConfigurationPartsBuilder {
TSLConfigurationImpl tslconfiguration = new TSLConfigurationImpl();
-// String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
-// if (StringUtils.isEmpty(euTSLUrl)) {
-// warn("config.39", new Object[] { "EUTSL", euTSLUrl });
-// return null;
-// }
+ String euTSLUrl = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "EUTSLUrl", null);
+ if (StringUtils.isEmpty(euTSLUrl)) {
+ euTSLUrl = TSLConfiguration.DEFAULT_EU_TSL_URL;
+ warn("config.39", new Object[] { "EUTSL", euTSLUrl });
+ }
String updateSchedulePeriod = getElementValue(getConfigElem(), TSL_CONFIGURATION_XPATH + CONF + "UpdateSchedule/" + CONF + "Period" , null);
@@ -1591,17 +1646,31 @@ public class ConfigurationPartsBuilder {
return null;
}
+ File hashcache = new File(tslWorkingDir, "hashcache");
+ if (!hashcache.exists()) {
+ hashcache.mkdir();
+ }
+ if (!hashcache.isDirectory()) {
+ error("config.38", new Object[] { hashcache.getAbsolutePath() });
+ return null;
+ }
+
+ System.setProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR", hashcache.getAbsolutePath());
+// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+// System.out.println("Hashcache: " + hashcachedir);
+
+ debug("TSL Konfiguration - EUTSLUrl: " + euTSLUrl);
debug("TSL Konfiguration - UpdateSchedule/Period: " + updateSchedulePeriod);
debug("TSL Konfiguration - UpdateSchedule/StartTime: " + updateScheduleStartTime);
debug("TSL Konfiguration - TSLWorkingDirectory: " + tslWorkingDir.getAbsolutePath());
+ debug("TSL Konfiguration - Hashcache: " + hashcache.getAbsolutePath());
// set TSL configuration
- //tslconfiguration.setEuTSLUrl(euTSLUrl);
+ tslconfiguration.setEuTSLUrl(euTSLUrl);
tslconfiguration.setUpdateSchedulePeriod(Long.valueOf(updateSchedulePeriod).longValue());
tslconfiguration.setUpdateScheduleStartTime(updateScheduleStartTimeDate);
tslconfiguration.setWorkingDirectory(tslWorkingDir.getAbsolutePath());
-
-
+ tslconfiguration.setWorkingDirectoryURI(workingDirectoryURI);
return tslconfiguration;
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 08478b717..2cad35763 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -361,12 +361,14 @@ public class ConfigurationProvider
keyGroupMappings =
builder.buildKeyGroupMappings(keyGroups, ANONYMOUS_ISSUER_SERIAL);
+ tslconfiguration_ = builder.getTSLConfiguration();
+
xadesVersion = builder.getXAdESVersion();
defaultChainingMode = builder.getDefaultChainingMode();
chainingModes = builder.buildChainingModes();
useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
autoAddCertificates_ = builder.getAutoAddCertificates();
- trustProfiles = builder.buildTrustProfiles();
+ trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
distributionPoints = builder.buildDistributionPoints();
enableRevocationChecking_ = builder.getEnableRevocationChecking();
maxRevocationAge_ = builder.getMaxRevocationAge();
@@ -376,7 +378,7 @@ public class ConfigurationProvider
revocationArchiveJDBCURL_ = builder.getRevocationArchiveJDBCURL();
revocationArchiveJDBCDriverClass_ = builder.getRevocationArchiveJDBCDriverClass();
- tslconfiguration_ = builder.getTSLConfiguration();
+
//check TSL configuration
checkTSLConfiguration();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index 1b5f4473d..21063c77f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -41,6 +41,8 @@ public class TrustProfile {
private String signerCertsUri;
/** Defines if Trustprofile makes use of EU TSL*/
private boolean tslEnabled;
+ /** The original URI (out of the configuration) giving the location of the trust profile (used when TSL is enabled) */
+ private String uriOrig;
/** The countries given */
private String countries;
/** */
@@ -80,6 +82,15 @@ public class TrustProfile {
public String getUri() {
return uri;
}
+
+ /**
+ * Return the original URI of this <code>TrustProfile</code>.
+ *
+ * @return The original URI of <code>TrustProfile</code>.
+ */
+ public String getUriOrig() {
+ return uriOrig;
+ }
/**
* Return the URI giving the location of the allowed signer certificates
@@ -108,20 +119,14 @@ public class TrustProfile {
return countries;
}
+
/**
- * Return the old certificates (from previous TSL update) to be removed from the truststore before performing a new TSL update
- * @return The old certificates (from previous TSL update) to be removed from the truststore before performing a new TSL update
+ * Sets the original URI of this <code>TrustProfile</code>.
+ *
+ * @return The original URI of <code>TrustProfile</code>.
*/
- public X509Certificate[] getCertficatesToBeRemoved() {
- return certificatesToBeRemoved;
+ public void setUriOrig(String uriOrig) {
+ this.uriOrig = uriOrig;
}
- /**
- * Sets the old certificates (from previous TSL update) to be removed from the truststore before performing a new TSL update
- * @param certificates The old certificates (from previous TSL update) to be removed from the truststore before performing a new TSL update
- */
- public void setCertificatesToBeRemoved(X509Certificate[] certificates) {
- this.certificatesToBeRemoved = new X509Certificate[certificates.length];
- this.certificatesToBeRemoved = certificates;
- }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index c9b76dd7e..3640dc23f 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -31,15 +31,12 @@ import iaik.server.ConfigurationData;
import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
import iaik.xml.crypto.tsl.ex.TSLSearchException;
-import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateException;
-import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
-import java.util.Iterator;
import java.util.Timer;
import at.gv.egovernment.moa.logging.LogMsg;
@@ -125,6 +122,7 @@ public class SystemInitializer {
//initialize TSL module
TSLConfiguration tslconfig = config.getTSLConfiguration();
+
TSLConnector tslconnector = new TSLConnector();
if (tslconfig != null) {
//Logger.info(new LogMsg(msg.getMessage("init.01", null)));
@@ -133,10 +131,14 @@ public class SystemInitializer {
}
+// System.out.println("Hashcache 1: " + BinaryHashCache.DIR);
+
//start TSL Update
TSLUpdaterTimerTask.tslconnector_ = tslconnector;
TSLUpdaterTimerTask.update();
+// System.out.println("Hashcache 2: " + BinaryHashCache.DIR);
+
//initialize TSL Update Task
initTSLUpdateTask(tslconfig);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 00f96f205..6aa34573e 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -58,6 +58,7 @@ import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
import at.gv.egovernment.moa.spss.util.MessageProvider;
/**
@@ -191,12 +192,61 @@ public class CMSSignatureVerificationInvoker {
for (resultIter = results.iterator(); resultIter.hasNext();) {
result = (CMSSignatureVerificationResult) resultIter.next();
+ boolean sscdSourceTSL = false;
+ boolean qcSourceTSL = false;
+ boolean checkQC = false;
+ boolean checkSSCD = false;
+
+ List chain = result.getCertificateValidationResult().getCertificateChain();
// check QC and SSCD via TSL (if enabled)
- boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());
- boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());;
+ boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
+ boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
+
+ if (!checkSSCDFromTSL) {
+
+ boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
+ boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
+
+ if (checkQCPPlus)
+ checkSSCD = true;
+ if (checkQcEuSSCD)
+ checkSSCD = true;
+
+ sscdSourceTSL = false;
+
+ System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
+ System.out.println("checkQCPPlus: " + checkQCPPlus);
+ System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
+ }
+ else {
+ checkSSCD = true;
+ sscdSourceTSL = true;
+ }
+
+ if (!checkQCFromTSL) {
+
+ boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
+ boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
+
+ if (checkQCP)
+ checkQC = true;
+ if (checkQcEuCompliance)
+ checkQC = true;
+
+ qcSourceTSL = false;
+
+ System.out.println("checkQCFromTSL: " + checkQCFromTSL);
+ System.out.println("checkQCP: " + checkQCP);
+ System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
+ }
+ else {
+ checkQC = true;
+ qcSourceTSL = true;
+ }
+
- responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL);
+ responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
}
} else {
int i;
@@ -207,12 +257,64 @@ public class CMSSignatureVerificationInvoker {
try {
result =
(CMSSignatureVerificationResult) results.get(signatories[i] - 1);
+ boolean sscdSourceTSL = false;
+ boolean qcSourceTSL = false;
+
+ boolean checkQC = false;
+ boolean checkSSCD = false;
+
+ List chain = result.getCertificateValidationResult().getCertificateChain();
// check QC and SSCD via TSL (if enabled)
- boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());
- boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());;
+ boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), chain);
+ boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), chain);
+
+ if (!checkSSCDFromTSL) {
+
+ boolean checkQCPPlus = CertificateUtils.checkQCPPlus((X509Certificate)chain.get(0));
+ boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD((X509Certificate)chain.get(0));
+
+ if (checkQCPPlus)
+ checkSSCD = true;
+ if (checkQcEuSSCD)
+ checkSSCD = true;
+
+ sscdSourceTSL = false;
+
+ System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
+ System.out.println("checkQCPPlus: " + checkQCPPlus);
+ System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
+ }
+ else {
+ checkSSCD = true;
+ sscdSourceTSL = true;
+ }
+
+ if (!checkQCFromTSL) {
+
+ boolean checkQCP = CertificateUtils.checkQCP((X509Certificate)chain.get(0));
+ boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance((X509Certificate)chain.get(0));
+
+ if (checkQCP)
+ checkQC = true;
+ if (checkQcEuCompliance)
+ checkQC = true;
+
+ qcSourceTSL = false;
+
+ System.out.println("checkQCFromTSL: " + checkQCFromTSL);
+ System.out.println("checkQCP: " + checkQCP);
+ System.out.println("checkQcEuCompliance: " + checkQcEuCompliance);
-
- responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL);
+ }
+ else {
+ checkQC = true;
+ qcSourceTSL = true;
+ }
+
+
+
+
+ responseBuilder.addResult(result, trustProfile, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL);
} catch (IndexOutOfBoundsException e) {
throw new MOAApplicationException(
"2249",
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 605716d5b..f44cce62a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -73,13 +73,14 @@ public class VerifyCMSSignatureResponseBuilder {
* @param trustprofile The actual trustprofile
* @param checkQCFromTSL <code>true</code>, if the TSL check verifies the
* certificate as qualified, otherwise <code>false</code>.
- * @param checkSSCDFromTSL <code>true</code>, if the TSL check verifies the
+ * @param checkSSCD <code>true</code>, if the TSL check verifies the
* signature based on a SSDC, otherwise <code>false</code>.
+ * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL,
+ * otherwise <code>false</code>.
* @throws MOAException
*/
- public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL)
+ public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, boolean qcSourceTSL, boolean checkSSCD, boolean sscdSourceTSL)
throws MOAException {
-
CertificateValidationResult certResult =
result.getCertificateValidationResult();
@@ -92,27 +93,18 @@ public class VerifyCMSSignatureResponseBuilder {
CheckResult signatureCheck;
CheckResult certificateCheck;
- boolean qualifiedCertificate = false;
-
- // verify qualified certificate checks (certificate or TSL)
- if (trustProfile.isTSLEnabled()) {
- // take TSL result
- qualifiedCertificate = checkQCFromTSL;
- }
- else {
- // take result from certificate
- qualifiedCertificate = certResult.isQualifiedCertificate();
- }
+ boolean qualifiedCertificate = checkQC;
// add SignerInfo element
signerInfo =
factory.createSignerInfo(
(X509Certificate) certResult.getCertificateChain().get(0),
qualifiedCertificate,
+ qcSourceTSL,
certResult.isPublicAuthorityCertificate(),
certResult.getPublicAuthorityID(),
- checkSSCDFromTSL);
-
+ checkSSCD,
+ sscdSourceTSL);
// add SignatureCheck element
signatureCheck = factory.createCheckResult(signatureCheckCode, null);
@@ -120,9 +112,6 @@ public class VerifyCMSSignatureResponseBuilder {
// add CertificateCheck element
certificateCheck = factory.createCheckResult(certificateCheckCode, null);
-
-
-
// build the response element
responseElement =
factory.createVerifyCMSSignatureResponseElement(
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 755ca82b6..4fdb1eeb7 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -125,10 +125,12 @@ public class VerifyXMLSignatureResponseBuilder {
* @param transformsSignatureManifestCheck The overall result for the signature
* manifest check.
* @param certificateCheck The overall result for the certificate check.
- * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the
- * certificate as qualified, otherwise <code>false</code>.
- * @param checkSSCDFromTSL <code>true</code>, if the TSL check verifies the
- * signature based on a SSDC, otherwise <code>false</code>.
+ * @param checkQC <code>true</code>, if the certificate is QC, otherwise <code>false</code>.
+ * @param qcSourceTSL <code>true</code>, if the QC information comes from the TSL,
+ * otherwise <code>false</code>.
+ * @param checkSSCD <code>true</code>, if the signature is created by an SSCD, otherwise <code>false</code>.
+ * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from the TSL,
+ * otherwise <code>false</code>.
* @throws MOAApplicationException An error occurred adding the result.
*/
public void setResult(
@@ -136,8 +138,10 @@ public class VerifyXMLSignatureResponseBuilder {
XMLSignatureVerificationProfile profile,
ReferencesCheckResult transformsSignatureManifestCheck,
CheckResult certificateCheck,
- boolean checkQCFromTSL,
- boolean checkSSCDFromTSL,
+ boolean checkQC,
+ boolean qcSourceTSL,
+ boolean checkSSCD,
+ boolean sscdSourceTSL,
boolean isTSLEnabledTrustprofile)
throws MOAApplicationException {
@@ -152,24 +156,18 @@ public class VerifyXMLSignatureResponseBuilder {
boolean qualifiedCertificate = false;
- // verify qualified certificate checks (certificate or TSL)
- if (isTSLEnabledTrustprofile) {
- // take TSL result
- qualifiedCertificate = checkQCFromTSL;
- }
- else {
- // take result from certificate
- qualifiedCertificate = certResult.isQualifiedCertificate();
- }
+ qualifiedCertificate = checkQC;
// create the SignerInfo;
signerInfo =
factory.createSignerInfo(
(X509Certificate) certResult.getCertificateChain().get(0),
qualifiedCertificate,
+ qcSourceTSL,
certResult.isPublicAuthorityCertificate(),
certResult.getPublicAuthorityID(),
- checkSSCDFromTSL);
+ checkSSCD,
+ sscdSourceTSL);
// Create HashInputData Content objects
referenceDataList = result.getReferenceDataList();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index f3ac72520..c3cc8bfe8 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -24,7 +24,10 @@
package at.gv.egovernment.moa.spss.server.invoke;
+import at.gv.egovernment.moa.spss.util.CertificateUtils;
+
import iaik.ixsil.exceptions.URIException;
+
import iaik.ixsil.util.URI;
import iaik.server.modules.IAIKException;
import iaik.server.modules.IAIKRuntimeException;
@@ -208,8 +211,11 @@ public class XMLSignatureVerificationInvoker {
requestElement);
}
- boolean checkQCFromTSL = false;
- boolean checkSSCDFromTSL = false;
+ boolean sscdSourceTSL = false;
+ boolean qcSourceTSL = false;
+
+ boolean checkQC = false;
+ boolean checkSSCD = false;
String tpID = profile.getCertificateValidationProfile().getTrustStoreProfile().getId();
ConfigurationProvider config = ConfigurationProvider.getInstance();
@@ -242,7 +248,6 @@ public class XMLSignatureVerificationInvoker {
if (list != null) {
X509Certificate[] chain = new X509Certificate[list.size()];
-
Iterator it = list.iterator();
int i = 0;
while(it.hasNext()) {
@@ -250,8 +255,49 @@ public class XMLSignatureVerificationInvoker {
i++;
}
- checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
- checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+ boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain);
+ boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain);
+
+ if (!checkSSCDFromTSL) {
+
+ boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]);
+ boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]);
+
+ if (checkQCPPlus)
+ checkSSCD = true;
+ if (checkQcEuSSCD)
+ checkSSCD = true;
+
+ sscdSourceTSL = false;
+ }
+ else {
+ checkSSCD = true;
+ sscdSourceTSL = true;
+ }
+
+ if (!checkQCFromTSL) {
+
+ boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+ boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+
+ if (checkQCP)
+ checkQC = true;
+ if (checkQcEuCompliance)
+ checkQC = true;
+
+ qcSourceTSL = false;
+ }
+ else {
+ checkQC = true;
+ qcSourceTSL = true;
+ }
+
+// System.out.println("chain[0]: " + chain[0]);
+//
+// System.out.println("checkQCFromTSL: " + checkQCFromTSL);
+// System.out.println("checkSSCDFromTSL: " + checkSSCDFromTSL);
+// System.out.println("checkQCPPlus: " + checkQCPPlus);
+// System.out.println("checkQcEuSSCD: " + checkQcEuSSCD);
}
}
}
@@ -278,9 +324,14 @@ public class XMLSignatureVerificationInvoker {
// Check if signer certificate is in trust profile's allowed signer certificates pool
TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId());
CheckResult certificateCheck = validateSignerCertificate(result, trustProfile);
-
+
+// System.out.println("checkQC: " + checkQC);
+// System.out.println("qcSourceTSL: " + qcSourceTSL);
+// System.out.println("checkSSCD: " + checkSSCD);
+// System.out.println("sscdSourceTSL: " + sscdSourceTSL);
+
// build the response
- responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, checkQCFromTSL, checkSSCDFromTSL, tp.isTSLEnabled());
+ responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, checkQC, qcSourceTSL, checkSSCD, sscdSourceTSL, tp.isTSLEnabled());
return responseBuilder.getResponse();
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
index 2e4af2817..49f715cb8 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java
@@ -88,23 +88,20 @@ public class TSLConnector implements TSLConnectorInterface {
if (Configurator.is_isInitialised() == false)
new TSLEngineFatalException("The TSL Engine is not initialized!");
-
- //TODO: clean hascash and TLS Download folder
- String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
-
- if (hashcachedir==null)
- hashcachedir = DEFAULT_HASHCACHE_DIR;
-
+
String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
- File hashcachefile = new File(hashcachedir);
-
-
- File[] filelist = hashcachefile.listFiles();
- if (filelist != null) {
- for (File f : filelist)
- f.delete();
- }
+// String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
+// System.out.println("hashcachedir: " + hashcachedir);
+// if (hashcachedir==null)
+// hashcachedir = DEFAULT_HASHCACHE_DIR;
+
+// File hashcachefile = new File(hashcachedir);
+// File[] filelist = hashcachefile.listFiles();
+// if (filelist != null) {
+// for (File f : filelist)
+// f.delete();
+// }
File tsldownloadfile = new File(tsldownloaddir);
if (!tsldownloadfile.exists()) {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
index c365a1121..76be8217a 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java
@@ -33,6 +33,7 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStorePro
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
@@ -130,7 +131,14 @@ public class TSLUpdaterTimerTask extends TimerTask {
// create store updater for each TSL enabled truststore
Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+
+ // delete files in trustprofile
+ File ftp = new File(tp.getUri());
+ File[] files = ftp.listFiles();
+ for (File file : files)
+ file.delete();
+
// convert ArrayList<File> to X509Certificate[]
X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
Iterator itcert = tsl_certs.iterator();
@@ -143,20 +151,18 @@ public class TSLUpdaterTimerTask extends TimerTask {
i++;
}
- // get certificates to be removed
- X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
-
-
- //Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
- Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
- storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
-
+ // copy files from original trustAnchorsLocURI into tslworking trust profile
+ File src = new File(tp.getUriOrig());
+ files = src.listFiles();
+ for (File file : files) {
+ FileUtils.copyFile(file, new File(tp.getUri(), file.getName()));
+ }
+
Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+ storeUpdater.addCertificatesToCertStores(addCertificates, tid);
- // set the certifcates to be removed for the next TSL update
- tp.setCertificatesToBeRemoved(addCertificates);
}
}
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
index 1a6e54089..e4ee607c0 100644
--- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
+++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties
@@ -158,6 +158,7 @@ config.45=Create store updater
config.46=Start periodical TSL update task at {0} and then every {1} milliseconds
config.48=No whitelisted URIs given.
config.49=Whitelisted URI: {0}.
+config.50=Fehler beim Erstellen des TSL Vertrauensprofils: Das Verzeichnis ({0}) ist kein Verzeichnis.
handler.00=Starte neue Transaktion: TID={0}, Service={1}
handler.01=Aufruf von Adresse={0}
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 05:50:32 +0000