Preparations for TSL integration in MOA-SP

bpk of mandator added to assertion

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1274 d688527b-c9ab-4aba-bd8d-4036d912da1d

6 files changed, 107 insertions, 13 deletions

diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html
index 5d4f2c114..3863f6c5b 100644
--- a/spss/handbook/handbook/config/config.html
+++ b/spss/handbook/handbook/config/config.html
@@ -136,7 +136,7 @@
     </tr>
   </table>
   <h2><a name="übersicht_zentraledatei" id="übersicht_zentraledatei"></a>1.2 Zentrale Konfigurationsdatei</h2>
-  <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.5.1.xsd">MOA-SPSS-config-1.5.1.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
+  <p>Die Konfiguration von MOA SP/SS erfolgt zentral &uuml;ber eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-1.5.2.xsd">MOA-SPSS-config-1.5.2.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erl&auml;utert die Konfigurationsm&ouml;glichkeiten im Einzelnen.</p>
   <h3><a name="&uuml;bersicht_zentraledatei_aktualisierung" id="&uuml;bersicht_zentraledatei_aktualisierung"></a>1.2.1
     Aktualisierung auf das Format von MOA SP/SS 1.3</h3>
   <p>Mit dem Wechsel auf  Version 1.3 verwendet MOA SP/SS ein neues, &uuml;bersichtlicheres Format f&uuml;r die
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 2a2427bbb..7381c4733 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -195,6 +195,12 @@ public class ConfigurationPartsBuilder {
     + CONF + "RevocationChecking/"
     + CONF + "Archiving/"
     + CONF + "EnableArchiving";
+  private static final String ENABLE_EUTSL_XPATH = 
+	    ROOT + CONF + "SignatureVerification/" 
+	    + CONF + "CertificateValidation/"
+	    + CONF + "PathValidation/"
+	    + CONF + "TrustProfile/"
+	    + CONF + "EUTSL";
   private static final String CRL_ARCHIVE_DURATION_XPATH = 
     ROOT + CONF + "SignatureVerification/" 
     + CONF + "CertificateValidation/"
@@ -1036,7 +1042,11 @@ public class ConfigurationPartsBuilder {
     {
       String id = getElementValue(profileElem, CONF + "Id", null);
       String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null);
-      String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);
+      String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null);      
+      String sTSLenabled = getElementValue(getConfigElem(), ENABLE_EUTSL_XPATH, null);
+      //System.out.println("sTSLenabled: " + sTSLenabled);
+      boolean tslEnabled = Boolean.valueOf(sTSLenabled).booleanValue();      
+      String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", null);
       
       URI trustAnchorsLocURI = null;
       try
@@ -1093,8 +1103,12 @@ public class ConfigurationPartsBuilder {
         }
       }
       
+//      System.out.println("ID: " + id);
+//      System.out.println("Enable EUTSL: " + tslEnabled);
+//      System.out.println("Countries: " + countries);
+      
       signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null;
-      TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr);
+      TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries);
       trustProfiles.put(id, profile);
     }
 
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index cae1497d6..84b8561ac 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -654,6 +654,14 @@ public class ConfigurationProvider
   public TrustProfile getTrustProfile(String id) {
     return (TrustProfile) trustProfiles.get(id);
   }
+  
+  /**
+   * Returns a map of <code>TrustProfiles</code>
+   * @return
+   */
+  public Map getTrustProfiles() {
+	  return trustProfiles;
+  }
 
   /**
    * Log a warning.
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index 608fe6e2a..dac91be87 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -37,6 +37,10 @@ public class TrustProfile {
   private String uri;
   /** The URI giving the location of the allowed signer certificates. */
   private String signerCertsUri;
+  /** Defines if Trustprofile makes use of EU TSL*/
+  private boolean tslEnabled;
+  /** The countries given */  
+  private String countries;
   
   /**
    * Create a <code>TrustProfile</code>.
@@ -46,10 +50,12 @@ public class TrustProfile {
    * @param signerCertsUri The URI of the location of the allowed signer
    *        certificates of the <code>TrustProfile</code> to create.
    */
-  public TrustProfile(String id, String uri, String signerCertsUri) {
+  public TrustProfile(String id, String uri, String signerCertsUri, boolean tslEnabled, String countries) {
     this.id = id;
     this.uri = uri;
     this.signerCertsUri = signerCertsUri;
+    this.tslEnabled = tslEnabled;
+    this.countries = countries;
   }
 
   /**
@@ -79,6 +85,22 @@ public class TrustProfile {
   public String getSignerCertsUri() {
     return signerCertsUri;
   }
-  
+  /**
+   * Returns if Trustprofile is TSL enabled
+   * @return
+   */
+  public boolean isTSLEnabled() {
+	  return tslEnabled;
+  }
+  /**
+   * Returns the given countries
+   * @return Given countries
+   */
+  public String getCountries() {
+	  if (!tslEnabled)
+		  return null;
+	  else
+		  return countries;
+  }
   
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
index d69652b18..c6de3abae 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java
@@ -64,10 +64,11 @@ public class IaikConfigurator {
    * 
    * 
    * @param moaConfig The underlying MOA configuration.
+   * @return Returns the config data of the underlying MOA subsystem
    * @throws ConfigurationException An error occurred configuring the IAIK
    * MOA subsystem.
    */
-  public void configure(ConfigurationProvider moaConfig)
+  public ConfigurationData configure(ConfigurationProvider moaConfig)
     throws ConfigurationException {
     ConfigurationData configData = new ConfigurationDataImpl(moaConfig);
     
@@ -85,6 +86,8 @@ public class IaikConfigurator {
       }
       checkKeyGroupConfig(moaConfig);
       TrustStoreFactory.reset();
+      
+      return configData;
     } catch (iaik.server.ConfigurationException e) {
       throw new ConfigurationException("config.08", null, e);
     } catch (Throwable t) {
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 61dd423b3..71cf4f25b 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -24,23 +24,32 @@
 
 package at.gv.egovernment.moa.spss.server.init;
 
-import java.io.IOException;
-
 import iaik.ixsil.init.IXSILInit;
+import iaik.logging.TransactionId;
+import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.truststore.TrustStoreException;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.utils.StoreUpdater;
+import iaik.server.ConfigurationData;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Map;
 
 import at.gv.egovernment.moa.logging.LogMsg;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.logging.LoggingContext;
 import at.gv.egovernment.moa.logging.LoggingContextManager;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-
 import at.gv.egovernment.moa.spss.MOAException;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
 import at.gv.egovernment.moa.spss.server.logging.IaikLog;
 import at.gv.egovernment.moa.spss.server.service.RevocationArchiveCleaner;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
 
 /**
  * MOA SP/SS web service initialization.
@@ -105,11 +114,49 @@ public class SystemInitializer {
     // initialize configuration
     try {
       ConfigurationProvider config = ConfigurationProvider.getInstance();
-      new IaikConfigurator().configure(config);
+      ConfigurationData configData = new IaikConfigurator().configure(config);
+      
+      Map mapTrustProfiles = config.getTrustProfiles();
+      
+//      Iterator it = mapTrustProfiles.entrySet().iterator();
+//      while (it.hasNext()) {
+//          Map.Entry pairs = (Map.Entry)it.next();
+//          System.out.println(pairs.getKey() + " = " + pairs.getValue());
+//      }
+      
+      //@TSL get parameters for StoreUpdater
+      CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+      TrustStoreProfile[] trustStoreProfiles = null;
+      TransactionId tid = null;
+      
+      
+            
+      
+
+      //@TSL Init TSL Module
+//      X509Certificate[] removeCertificates = null;
+//      X509Certificate[] addCertificates = null;
+//      
+//      //
+//      iaik.pki.store.utils.StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+//      storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+//      
+//      storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+//      
+      
       Logger.info(new LogMsg(msg.getMessage("init.01", null)));
     } catch (MOAException e) {
       Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
-    }
+    } 
+//      catch (CertStoreException e) {
+//    	//@TSL
+//    	// TODO Auto-generated catch block
+//		e.printStackTrace();
+//	} catch (TrustStoreException e) {
+//		//@TSL
+//		// TODO Auto-generated catch block
+//		e.printStackTrace();
+//	}
 
     // set IXSIL debug output
     IXSILInit.setPrintDebugLog(