diff options
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java')
-rw-r--r-- | spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java | 286 |
1 files changed, 0 insertions, 286 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java deleted file mode 100644 index 544ea916c..000000000 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ /dev/null @@ -1,286 +0,0 @@ -package at.gv.egovernment.moa.spss.util; - -import iaik.asn1.ObjectID; -import iaik.asn1.structures.Name; -import iaik.asn1.structures.PolicyInformation; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; -import iaik.x509.extensions.CertificatePolicies; -import iaik.x509.extensions.qualified.QCStatements; -import iaik.x509.extensions.qualified.structures.QCStatement; -import iaik.x509.extensions.qualified.structures.etsi.QcEuCompliance; -import iaik.x509.extensions.qualified.structures.etsi.QcEuSSCD; -import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; -import iaik.xml.crypto.tsl.ex.TSLSearchException; - -import java.security.Principal; - -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; - -public class CertificateUtils { - - - /** - * Verifies if the given certificate contains QCP+ statement - * @param cert X509Certificate - * @return true if the given certificate contains QCP+ statement, else false - */ - private static boolean checkQCPPlus(X509Certificate cert) { - Logger.debug("Checking QCP+ extension"); - String OID_QCPPlus = "0.4.0.1456.1.1"; - try { - CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid); - if (certPol == null) { - Logger.debug("No CertificatePolicies extension found"); - return false; - } - - PolicyInformation[] polInfo = certPol.getPolicyInformation(); - if (polInfo == null) { - Logger.debug("No policy information found"); - return false; - } - - for (int i = 0; i < polInfo.length; i++) { - ObjectID oid = polInfo[i].getPolicyIdentifier(); - String oidStr = oid.getID(); - if (oidStr.compareToIgnoreCase(OID_QCPPlus) == 0) { - Logger.debug("QCP+ extension found"); - return true; - } - } - - Logger.debug("No QCP+ extension found"); - - return false; - } catch (X509ExtensionInitException e) { - Logger.debug("No QCP+ extension found"); - - return false; - } - - } - - /** - * Verifies if the given certificate contains QCP statement - * @param cert X509Certificate - * @return true if the given certificate contains QCP statement, else false - */ - private static boolean checkQCP(X509Certificate cert) { - Logger.debug("Checking QCP extension"); - String OID_QCP = "0.4.0.1456.1.2"; - try { - CertificatePolicies certPol = (CertificatePolicies) cert.getExtension(CertificatePolicies.oid); - if (certPol == null) { - Logger.debug("No CertificatePolicies extension found"); - return false; - } - - PolicyInformation[] polInfo = certPol.getPolicyInformation(); - if (polInfo == null) { - Logger.debug("No policy information found"); - return false; - } - - for (int i = 0; i < polInfo.length; i++) { - ObjectID oid = polInfo[i].getPolicyIdentifier(); - String oidStr = oid.getID(); - if (oidStr.compareToIgnoreCase(OID_QCP) == 0) { - Logger.debug("QCP extension found"); - return true; - } - - } - - Logger.debug("No QCP extension found"); - return false; - - } catch (X509ExtensionInitException e) { - Logger.debug("No QCP extension found"); - return false; - } - - } - - /** - * Verifies if the given certificate contains QcEuCompliance statement - * @param cert X509Certificate - * @return true if the given certificate contains QcEuCompliance statement, else false - */ - private static boolean checkQcEuCompliance(X509Certificate cert) { - Logger.debug("Checking QcEUCompliance extension"); - try { - QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid); - - if (qcStatements == null) { - Logger.debug("No QcStatements extension found"); - return false; - } - - QCStatement qcEuCompliance = qcStatements.getQCStatements(QcEuCompliance.statementID); - - if (qcEuCompliance != null) { - Logger.debug("QcEuCompliance extension found"); - return true; - } - - Logger.debug("No QcEuCompliance extension found"); - return false; - - } catch (X509ExtensionInitException e) { - Logger.debug("No QcEuCompliance extension found"); - return false; - } - - } - - /** - * Verifies if the given certificate contains QcEuSSCD statement - * @param cert X509Certificate - * @return true if the given certificate contains QcEuSSCD statement, else false - */ - private static boolean checkQcEuSSCD(X509Certificate cert) { - Logger.debug("Checking QcEuSSCD extension"); - try { - QCStatements qcStatements = (QCStatements) cert.getExtension(QCStatements.oid); - if (qcStatements == null) { - Logger.debug("No QcStatements extension found"); - return false; - } - - QCStatement qcEuSSCD = qcStatements.getQCStatements(QcEuSSCD.statementID); - - if (qcEuSSCD != null) { - Logger.debug("QcEuSSCD extension found"); - return true; - } - - Logger.debug("No QcEuSSCD extension found"); - return false; - - } catch (X509ExtensionInitException e) { - Logger.debug("No QcEuSSCD extension found"); - return false; - } - - } - - public static QCSSCDResult checkQCSSCD(X509Certificate[] chain, boolean isTSLenabledTrustprofile) { - - boolean qc = false; - boolean qcSourceTSL = false; - boolean sscd = false; - boolean sscdSourceTSL = false; - - try { - - if (isTSLenabledTrustprofile) { - // perform QC check via TSL - boolean checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); - if (!checkQCFromTSL) { - // if QC check via TSL returns false - // try certificate extensions QCP and QcEuCompliance - Logger.debug("QC check via TSL returned false - checking certificate extensions"); - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - - if (checkQCP || checkQcEuCompliance) { - Logger.debug("Certificate is QC (Source: Certificate)"); - qc = true; - } - - qcSourceTSL = false; - } - else { - // use TSL result - Logger.debug("Certificate is QC (Source: TSL)"); - qc = true; - qcSourceTSL = true; - } - - // perform SSCD check via TSL - boolean checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); - if (!checkSSCDFromTSL) { - // if SSCD check via TSL returns false - // try certificate extensions QCP+ and QcEuSSCD - Logger.debug("SSCD check via TSL returned false - checking certificate extensions"); - boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]); - boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]); - - if (checkQCPPlus || checkQcEuSSCD) { - Logger.debug("Certificate is SSCD (Source: Certificate)"); - sscd = true; - } - - sscdSourceTSL = false; - } - else { - // use TSL result - Logger.debug("Certificate is SSCD (Source: TSL)"); - sscd = true; - sscdSourceTSL = true; - } - - } - else { - // Trustprofile is not TSL enabled - use certificate extensions only - - // perform QC check - // try certificate extensions QCP and QcEuCompliance - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - - if (checkQCP || checkQcEuCompliance) - qc = true; - - qcSourceTSL = false; - - // perform SSCD check - // try certificate extensions QCP+ and QcEuSSCD - boolean checkQCPPlus = CertificateUtils.checkQCPPlus(chain[0]); - boolean checkQcEuSSCD = CertificateUtils.checkQcEuSSCD(chain[0]); - - if (checkQCPPlus || checkQcEuSSCD) - sscd = true; - - sscdSourceTSL = false; - } - } - catch (TSLEngineDiedException e) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); - } catch (TSLSearchException e) { - MessageProvider msg = MessageProvider.getInstance(); - Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); - } - - QCSSCDResult result = new QCSSCDResult(qc, qcSourceTSL, sscd, sscdSourceTSL); - - return result; - } - - /** - * Gets the country from the certificate issuer - * @param cert X509 certificate - * @return Country code from the certificate issuer - */ - public static String getIssuerCountry(X509Certificate cert) { - String country = null; - Principal issuerdn = cert.getIssuerX500Principal(); - RFC2253NameParser nameParser = new RFC2253NameParser(issuerdn.getName()); - - try { - Name name = nameParser.parse(); - country = name.getRDN(ObjectID.country); - } catch (RFC2253NameParserException e) { - Logger.warn("Could not get country code from issuer."); - } - - - return country; - } -} |