diff options
Diffstat (limited to 'spss/server/serverlib/src')
9 files changed, 240 insertions, 130 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 1971096a8..7ad838822 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -99,7 +99,6 @@ public class VerifyCMSSignatureResponseBuilder { CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); - // TODO CMS TSL check ResponseBuilderUtils.addSignerInfo( responseDoc, responseElem, @@ -107,7 +106,7 @@ public class VerifyCMSSignatureResponseBuilder { signerInfo.isQualifiedCertificate(), signerInfo.isPublicAuthority(), signerInfo.getPublicAuhtorityID(), - false); + signerInfo.isSSCD()); ResponseBuilderUtils.addCodeInfoElement( responseDoc, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index c9b76dd7e..d9e20fda9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -135,7 +135,7 @@ public class SystemInitializer { //start TSL Update TSLUpdaterTimerTask.tslconnector_ = tslconnector; - TSLUpdaterTimerTask.update(); + //TSLUpdaterTimerTask.update(); //initialize TSL Update Task initTSLUpdateTask(tslconfig); @@ -147,20 +147,20 @@ public class SystemInitializer { catch (TSLEngineDiedException e) { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); } - catch (TSLSearchException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } - catch (CertStoreException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (TrustStoreException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (CertificateException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (FileNotFoundException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } catch (IOException e) { - Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } +// catch (TSLSearchException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } +// catch (CertStoreException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (TrustStoreException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (CertificateException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (FileNotFoundException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } catch (IOException e) { +// Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); +// } // set IXSIL debug output IXSILInit.setPrintDebugLog( diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index ba2513d2f..2c4bbd4eb 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -30,6 +30,9 @@ import iaik.server.modules.cmsverify.CMSSignatureVerificationModule; import iaik.server.modules.cmsverify.CMSSignatureVerificationModuleFactory; import iaik.server.modules.cmsverify.CMSSignatureVerificationProfile; import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.x509.X509Certificate; +import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; +import iaik.xml.crypto.tsl.ex.TSLSearchException; import java.io.IOException; import java.io.InputStream; @@ -37,6 +40,8 @@ import java.util.Date; import java.util.Iterator; import java.util.List; +import at.gv.egovernment.moa.logging.LogMsg; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.logging.LoggingContext; import at.gv.egovernment.moa.logging.LoggingContextManager; import at.gv.egovernment.moa.spss.MOAApplicationException; @@ -52,6 +57,8 @@ import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.tsl.timer.TSLUpdaterTimerTask; +import at.gv.egovernment.moa.spss.util.MessageProvider; /** * A class providing an interface to the @@ -183,7 +190,12 @@ public class CMSSignatureVerificationInvoker { for (resultIter = results.iterator(); resultIter.hasNext();) { result = (CMSSignatureVerificationResult) resultIter.next(); - responseBuilder.addResult(result, trustProfile); + + // check QC and SSCD via TSL (if enabled) + boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain()); + boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());; + + responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL); } } else { int i; @@ -194,7 +206,12 @@ public class CMSSignatureVerificationInvoker { try { result = (CMSSignatureVerificationResult) results.get(signatories[i] - 1); - responseBuilder.addResult(result, trustProfile); + // check QC and SSCD via TSL (if enabled) + boolean checkQCFromTSL = checkQC(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain()); + boolean checkSSCDFromTSL = checkSSCD(trustProfile.isTSLEnabled(), result.getCertificateValidationResult().getCertificateChain());; + + + responseBuilder.addResult(result, trustProfile, checkQCFromTSL, checkSSCDFromTSL); } catch (IndexOutOfBoundsException e) { throw new MOAApplicationException( "2249", @@ -206,6 +223,65 @@ public class CMSSignatureVerificationInvoker { return responseBuilder.getResponse(); } + private boolean checkQC(boolean tslEnabledTrustProfile, List chainlist) { + boolean checkQCFromTSL = false; + try { + if (tslEnabledTrustProfile) { + if (chainlist != null) { + X509Certificate[] chain = new X509Certificate[chainlist.size()]; + + Iterator it = chainlist.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); + //checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); + } + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } catch (TSLSearchException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } + + return checkQCFromTSL; + } + + private boolean checkSSCD(boolean tslEnabledTrustProfile, List chainlist) { + boolean checkSSCDFromTSL = false; + try { + if (tslEnabledTrustProfile) { + if (chainlist != null) { + X509Certificate[] chain = new X509Certificate[chainlist.size()]; + + Iterator it = chainlist.iterator(); + int i = 0; + while(it.hasNext()) { + chain[i] = (X509Certificate)it.next(); + i++; + } + + checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); + } + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } catch (TSLSearchException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); + } + + return checkSSCDFromTSL; + } + /** * Get the signed content contained either in the request itself or given as a * reference to external data. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index fcd5ae0e7..3b82c6caf 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -71,9 +71,13 @@ public class VerifyCMSSignatureResponseBuilder { * * @param result The result to add. * @param trustprofile The actual trustprofile + * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the + * certificate as qualified, otherwise <code>false</code>. + * @param checkSSCDFromTSL <code>true</code>, if the TSL check verifies the + * signature based on a SSDC, otherwise <code>false</code>. * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile) + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQCFromTSL, boolean checkSSCDFromTSL) throws MOAException { CertificateValidationResult certResult = @@ -86,16 +90,28 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; - - // TODO Check TSL check + + + boolean qualifiedCertificate = false; + + // verify qualified certificate checks (certificate or TSL) + if (trustProfile.isTSLEnabled()) { + // take TSL result + qualifiedCertificate = checkQCFromTSL; + } + else { + // take result from certificate + qualifiedCertificate = certResult.isQualifiedCertificate(); + } + // add SignerInfo element signerInfo = factory.createSignerInfo( (X509Certificate) certResult.getCertificateChain().get(0), - certResult.isQualifiedCertificate(), + qualifiedCertificate, certResult.isPublicAuthorityCertificate(), certResult.getPublicAuthorityID(), - false); + checkSSCDFromTSL); // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); @@ -103,6 +119,7 @@ public class VerifyCMSSignatureResponseBuilder { // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); + // build the response element diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index 290841c66..8a5b6f5b7 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -229,6 +229,14 @@ public class XMLSignatureVerificationInvoker { profile, signingTime, new TransactionId(context.getTransactionID())); + } catch (IAIKException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } catch (IAIKRuntimeException e) { + MOAException moaException = IaikExceptionMapper.getInstance().map(e); + throw moaException; + } + try { if (tp.isTSLEnabled()) { List list = result.getCertificateValidationResult().getCertificateChain(); if (list != null) { @@ -245,21 +253,14 @@ public class XMLSignatureVerificationInvoker { checkQCFromTSL = TSLUpdaterTimerTask.tslconnector_.checkQC(chain); checkSSCDFromTSL = TSLUpdaterTimerTask.tslconnector_.checkSSCD(chain); } - - } - - } catch (IAIKException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (IAIKRuntimeException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; - } catch (TSLEngineDiedException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; + } + } + catch (TSLEngineDiedException e) { + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); } catch (TSLSearchException e) { - MOAException moaException = IaikExceptionMapper.getInstance().map(e); - throw moaException; + MessageProvider msg = MessageProvider.getInstance(); + Logger.error(new LogMsg(msg.getMessage("tsl.01", null)), e); } // swap back in the request as root document diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java index 7e8dcf0c4..defaedd86 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java @@ -41,8 +41,10 @@ public class Configurator { throw new TSLEngineDiedException(e);
}
- //@TODO Check "/"
- Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath + "/";
+ if (!TSLWorkingDirectoryPath.endsWith("/"))
+ TSLWorkingDirectoryPath += "/";
+
+ Configurator._TSLWorkingDirectoryPath = TSLWorkingDirectoryPath;
initialDefaultConfig();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index b88255115..2e4af2817 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -92,17 +92,12 @@ public class TSLConnector implements TSLConnectorInterface { //TODO: clean hascash and TLS Download folder
String hashcachedir = System.getProperty("iaik.xml.crypto.tsl.BinaryHashCache.DIR");
- System.out.println("hashcachedir: " + hashcachedir);
-
if (hashcachedir==null)
hashcachedir = DEFAULT_HASHCACHE_DIR;
String tsldownloaddir = Configurator.get_TSLWorkingDirectoryPath() + "TslDownload";
- System.out.println("hashcachedir: " + hashcachedir);
-
File hashcachefile = new File(hashcachedir);
- System.out.println("Hashcache: " + hashcachefile.getAbsolutePath());
File[] filelist = hashcachefile.listFiles();
@@ -247,8 +242,8 @@ public class TSLConnector implements TSLConnectorInterface { Countries expectedTerritory = entry.getValue().getSchemeTerritory();
try {
- if (expectedTerritory.equals("RO"))
- System.out.println("Stop");
+// if (expectedTerritory.equals("RO"))
+// System.out.println("Stop");
Number otpId = entry.getKey();
LocationAndCertHash lac = entry.getValue();
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index 6798a5db1..c365a1121 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -1,21 +1,40 @@ package at.gv.egovernment.moa.spss.tsl.timer;
import iaik.pki.store.certstore.CertStoreException;
+import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.truststore.TrustStoreException;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.utils.StoreUpdater;
+import iaik.server.ConfigurationData;
+import iaik.x509.X509Certificate;
import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
import iaik.xml.crypto.tsl.ex.TSLSearchException;
+import java.io.File;
+import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map;
import java.util.TimerTask;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.MOAApplicationException;
+import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
import at.gv.egovernment.moa.spss.util.MessageProvider;
+import at.gv.egovernment.moa.util.StringUtils;
+
public class TSLUpdaterTimerTask extends TimerTask {
@@ -31,7 +50,7 @@ public class TSLUpdaterTimerTask extends TimerTask { Logger.error(new LogMsg(msg.getMessage("tsl.00", null)), e);
// TODO wenn update nicht erfolgreich, dann soll TSL-Trustprofil nicht zur
- // Verfügung stehen.
+ // Verfügung stehen?
} catch (TSLSearchException e) {
MessageProvider msg = MessageProvider.getInstance();
@@ -62,86 +81,86 @@ public class TSLUpdaterTimerTask extends TimerTask { }
public static void update() throws TSLEngineDiedException, TSLSearchException, ConfigurationException, MOAApplicationException, CertStoreException, TrustStoreException, CertificateException, FileNotFoundException, IOException {
-// MessageProvider msg = MessageProvider.getInstance();
-//
-// //get TSl configuration
-// ConfigurationProvider config = ConfigurationProvider.getInstance();
-// ConfigurationData configData = new IaikConfigurator().configure(config);
-// TSLConfiguration tslconfig = config.getTSLConfiguration();
-// if (tslconfig != null) {
-//
-// Logger.info(new LogMsg(msg.getMessage("config.42", null)));
-//
-// // get certstore parameters
-// CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
-//
-// // iterate over all truststores
-// Map mapTrustProfiles = config.getTrustProfiles();
-// Iterator it = mapTrustProfiles.entrySet().iterator();
-// while (it.hasNext()) {
-// Map.Entry pairs = (Map.Entry)it.next();
-// TrustProfile tp = (TrustProfile) pairs.getValue();
-// if (tp.isTSLEnabled()) {
-// TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
-// TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
-// trustStoreProfiles[0] = tsp;
-//
-// Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
-//
-// TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
-// ArrayList tsl_certs = null;
-// if (StringUtils.isEmpty(tp.getCountries())) {
-// Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-//
-// // get certificates from TSL from all countries
-// tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
-// }
-// else {
-// Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-// // get selected countries as array
-// String countries = tp.getCountries();
-// String[] array = countries.split(",");
-// for (int i = 0; i < array.length; i++)
-// array[i] = array[i].trim();
-//
-// // get certificates from TSL from given countries
-// tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
-// }
-//
-// // create store updater for each TSL enabled truststore
-// Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
-// StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
-//
-// // convert ArrayList<File> to X509Certificate[]
-// X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
-// Iterator itcert = tsl_certs.iterator();
-// int i = 0;
-// while(itcert.hasNext()) {
-// File f = (File)itcert.next();
-// X509Certificate cert = new X509Certificate(new FileInputStream(f));
-// addCertificates[i] = cert;
-//
-// i++;
-// }
-//
-// // get certificates to be removed
-// X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
-//
-//
-// //Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
-// Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
-// storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
-//
-//
-// Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
-// storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
-//
-// // set the certifcates to be removed for the next TSL update
-// tp.setCertificatesToBeRemoved(addCertificates);
-//
-// }
-// }
-// }
+ MessageProvider msg = MessageProvider.getInstance();
+
+ //get TSl configuration
+ ConfigurationProvider config = ConfigurationProvider.getInstance();
+ ConfigurationData configData = new IaikConfigurator().configure(config);
+ TSLConfiguration tslconfig = config.getTSLConfiguration();
+ if (tslconfig != null) {
+
+ Logger.info(new LogMsg(msg.getMessage("config.42", null)));
+
+ // get certstore parameters
+ CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters();
+
+ // iterate over all truststores
+ Map mapTrustProfiles = config.getTrustProfiles();
+ Iterator it = mapTrustProfiles.entrySet().iterator();
+ while (it.hasNext()) {
+ Map.Entry pairs = (Map.Entry)it.next();
+ TrustProfile tp = (TrustProfile) pairs.getValue();
+ if (tp.isTSLEnabled()) {
+ TrustStoreProfile tsp = new TrustStoreProfileImpl(config, tp.getId());
+ TrustStoreProfile[] trustStoreProfiles = new TrustStoreProfile[1];
+ trustStoreProfiles[0] = tsp;
+
+ Logger.debug(new LogMsg(msg.getMessage("config.43", new String[]{tp.getId()})));
+
+ TransactionId tid = new TransactionId("TSLConfigurator-" + tp.getId());
+ ArrayList tsl_certs = null;
+ if (StringUtils.isEmpty(tp.getCountries())) {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+
+ // get certificates from TSL from all countries
+ tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), new String[]{"accredited","undersupervision"});
+ }
+ else {
+ Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+ // get selected countries as array
+ String countries = tp.getCountries();
+ String[] array = countries.split(",");
+ for (int i = 0; i < array.length; i++)
+ array[i] = array[i].trim();
+
+ // get certificates from TSL from given countries
+ tsl_certs = tslconnector_.updateAndGetQualifiedCACertificates(new Date(), array, new String[]{"accredited","undersupervision"});
+ }
+
+ // create store updater for each TSL enabled truststore
+ Logger.debug(new LogMsg(msg.getMessage("config.45", null)));
+ StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid);
+
+ // convert ArrayList<File> to X509Certificate[]
+ X509Certificate[] addCertificates = new X509Certificate[tsl_certs.size()];
+ Iterator itcert = tsl_certs.iterator();
+ int i = 0;
+ while(itcert.hasNext()) {
+ File f = (File)itcert.next();
+ X509Certificate cert = new X509Certificate(new FileInputStream(f));
+ addCertificates[i] = cert;
+
+ i++;
+ }
+
+ // get certificates to be removed
+ X509Certificate[] removeCertificates = tp.getCertficatesToBeRemoved();
+
+
+ //Logger.debug(new LogMsg(msg.getMessage("config.44", null)));
+ Logger.debug(new LogMsg("Remove " + removeCertificates.length + " certificates."));
+ storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid);
+
+
+ Logger.debug(new LogMsg("Add " + addCertificates.length + " certificates."));
+ storeUpdater.addCertificatesToTrustStores(addCertificates, tid);
+
+ // set the certifcates to be removed for the next TSL update
+ tp.setCertificatesToBeRemoved(addCertificates);
+
+ }
+ }
+ }
diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index 60786dc8a..645ff9f6d 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -145,7 +145,7 @@ config.34=Blacklisted URI: {0}. config.35=External URIs not allowed.
config.36=No blacklisted URIs given.
config.37=Fehler beim Erstellen der TSL Konfiguration: Name des TSL Arbeits-Verzeichnisses konnte nicht in eine URL umgewandet werden (Wert="{0}")
-config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis zeigt nicht auf ein existierendes Objekt, das kein Verzeichnis ist (Wert="{0}")
+config.38=Fehler beim Erstellen der TSL Konfiguration: Das TSL Arbeits-Verzeichnis ist kein Verzeichnis (Wert="{0}")
config.39=TSL Konfguration: Kein Attribut "{0}" angegeben oder Attribut konnte nicht ausgewertet werden. Verwenden Default-Wert ("{1}")
config.40=Fehler beim Erstellen der TSL Konfiguration: Es wurde mindestens ein TrustProfile mit aktivierter TSL-Unterstützung konfiguriert. Die allgemeine TSL-Konfiguration ist jedoch fehlerhaft.
config.41=Initialisiere TSL Bibliothek
@@ -169,4 +169,5 @@ invoker.01=Keine passende Transformationskette gefunden (Index={0}) invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0})
invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1})
-tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.
\ No newline at end of file +tsl.00=Aktulisierung der TSL konnte nicht durchgeführt werden. TrustProfile mit aktiviertem TSL-Support stehen nicht zur Verfügung.
+tsl.01=Fehler bei der QC (qualifiziertes Zertifikat) bzw. SSCD (sichere Signaturerstellungseinheit) Überprüfung via TSL.
\ No newline at end of file |