From 6a5af89a724a847bc60e7cbf6bb6362db97568ae Mon Sep 17 00:00:00 2001 From: kstranacher Date: Mon, 14 May 2012 06:54:06 +0000 Subject: Preparations for TSL integration in MOA-SP bpk of mandator added to assertion git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1274 d688527b-c9ab-4aba-bd8d-4036d912da1d --- spss/handbook/handbook/config/config.html | 2 +- .../server/config/ConfigurationPartsBuilder.java | 18 ++++++- .../spss/server/config/ConfigurationProvider.java | 8 +++ .../moa/spss/server/config/TrustProfile.java | 26 ++++++++- .../spss/server/iaik/config/IaikConfigurator.java | 5 +- .../moa/spss/server/init/SystemInitializer.java | 61 +++++++++++++++++++--- 6 files changed, 107 insertions(+), 13 deletions(-) (limited to 'spss') diff --git a/spss/handbook/handbook/config/config.html b/spss/handbook/handbook/config/config.html index 5d4f2c114..3863f6c5b 100644 --- a/spss/handbook/handbook/config/config.html +++ b/spss/handbook/handbook/config/config.html @@ -136,7 +136,7 @@

1.2 Zentrale Konfigurationsdatei

-

Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema MOA-SPSS-config-1.5.1.xsd entsprechen. Abschnitt 2 erläutert die Konfigurationsmöglichkeiten im Einzelnen.

+

Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema MOA-SPSS-config-1.5.2.xsd entsprechen. Abschnitt 2 erläutert die Konfigurationsmöglichkeiten im Einzelnen.

1.2.1 Aktualisierung auf das Format von MOA SP/SS 1.3

Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues, übersichtlicheres Format für die diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 2a2427bbb..7381c4733 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -195,6 +195,12 @@ public class ConfigurationPartsBuilder { + CONF + "RevocationChecking/" + CONF + "Archiving/" + CONF + "EnableArchiving"; + private static final String ENABLE_EUTSL_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathValidation/" + + CONF + "TrustProfile/" + + CONF + "EUTSL"; private static final String CRL_ARCHIVE_DURATION_XPATH = ROOT + CONF + "SignatureVerification/" + CONF + "CertificateValidation/" @@ -1036,7 +1042,11 @@ public class ConfigurationPartsBuilder { { String id = getElementValue(profileElem, CONF + "Id", null); String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); - String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); + String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); + String sTSLenabled = getElementValue(getConfigElem(), ENABLE_EUTSL_XPATH, null); + //System.out.println("sTSLenabled: " + sTSLenabled); + boolean tslEnabled = Boolean.valueOf(sTSLenabled).booleanValue(); + String countries = getElementValue(profileElem, CONF + "EUTSL" + "/" + CONF + "CountrySelection", null); URI trustAnchorsLocURI = null; try @@ -1093,8 +1103,12 @@ public class ConfigurationPartsBuilder { } } +// System.out.println("ID: " + id); +// System.out.println("Enable EUTSL: " + tslEnabled); +// System.out.println("Countries: " + countries); + signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr); + TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslEnabled, countries); trustProfiles.put(id, profile); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index cae1497d6..84b8561ac 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -654,6 +654,14 @@ public class ConfigurationProvider public TrustProfile getTrustProfile(String id) { return (TrustProfile) trustProfiles.get(id); } + + /** + * Returns a map of TrustProfiles + * @return + */ + public Map getTrustProfiles() { + return trustProfiles; + } /** * Log a warning. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index 608fe6e2a..dac91be87 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -37,6 +37,10 @@ public class TrustProfile { private String uri; /** The URI giving the location of the allowed signer certificates. */ private String signerCertsUri; + /** Defines if Trustprofile makes use of EU TSL*/ + private boolean tslEnabled; + /** The countries given */ + private String countries; /** * Create a TrustProfile. @@ -46,10 +50,12 @@ public class TrustProfile { * @param signerCertsUri The URI of the location of the allowed signer * certificates of the TrustProfile to create. */ - public TrustProfile(String id, String uri, String signerCertsUri) { + public TrustProfile(String id, String uri, String signerCertsUri, boolean tslEnabled, String countries) { this.id = id; this.uri = uri; this.signerCertsUri = signerCertsUri; + this.tslEnabled = tslEnabled; + this.countries = countries; } /** @@ -79,6 +85,22 @@ public class TrustProfile { public String getSignerCertsUri() { return signerCertsUri; } - + /** + * Returns if Trustprofile is TSL enabled + * @return + */ + public boolean isTSLEnabled() { + return tslEnabled; + } + /** + * Returns the given countries + * @return Given countries + */ + public String getCountries() { + if (!tslEnabled) + return null; + else + return countries; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index d69652b18..c6de3abae 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -64,10 +64,11 @@ public class IaikConfigurator { * * * @param moaConfig The underlying MOA configuration. + * @return Returns the config data of the underlying MOA subsystem * @throws ConfigurationException An error occurred configuring the IAIK * MOA subsystem. */ - public void configure(ConfigurationProvider moaConfig) + public ConfigurationData configure(ConfigurationProvider moaConfig) throws ConfigurationException { ConfigurationData configData = new ConfigurationDataImpl(moaConfig); @@ -85,6 +86,8 @@ public class IaikConfigurator { } checkKeyGroupConfig(moaConfig); TrustStoreFactory.reset(); + + return configData; } catch (iaik.server.ConfigurationException e) { throw new ConfigurationException("config.08", null, e); } catch (Throwable t) { diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 61dd423b3..71cf4f25b 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -24,23 +24,32 @@ package at.gv.egovernment.moa.spss.server.init; -import java.io.IOException; - import iaik.ixsil.init.IXSILInit; +import iaik.logging.TransactionId; +import iaik.pki.store.certstore.CertStoreException; +import iaik.pki.store.certstore.CertStoreParameters; +import iaik.pki.store.truststore.TrustStoreException; +import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.utils.StoreUpdater; +import iaik.server.ConfigurationData; +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.util.Iterator; +import java.util.Map; import at.gv.egovernment.moa.logging.LogMsg; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.logging.LoggingContext; import at.gv.egovernment.moa.logging.LoggingContextManager; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; - import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.service.RevocationArchiveCleaner; import at.gv.egovernment.moa.spss.util.MessageProvider; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; /** * MOA SP/SS web service initialization. @@ -105,11 +114,49 @@ public class SystemInitializer { // initialize configuration try { ConfigurationProvider config = ConfigurationProvider.getInstance(); - new IaikConfigurator().configure(config); + ConfigurationData configData = new IaikConfigurator().configure(config); + + Map mapTrustProfiles = config.getTrustProfiles(); + +// Iterator it = mapTrustProfiles.entrySet().iterator(); +// while (it.hasNext()) { +// Map.Entry pairs = (Map.Entry)it.next(); +// System.out.println(pairs.getKey() + " = " + pairs.getValue()); +// } + + //@TSL get parameters for StoreUpdater + CertStoreParameters[] certStoreParameters = configData.getPKIConfiguration().getCertStoreConfiguration().getParameters(); + TrustStoreProfile[] trustStoreProfiles = null; + TransactionId tid = null; + + + + + + //@TSL Init TSL Module +// X509Certificate[] removeCertificates = null; +// X509Certificate[] addCertificates = null; +// +// // +// iaik.pki.store.utils.StoreUpdater storeUpdater = new StoreUpdater(certStoreParameters, trustStoreProfiles, tid); +// storeUpdater.removeCertificatesFromTrustStores(removeCertificates, tid); +// +// storeUpdater.addCertificatesToTrustStores(addCertificates, tid); +// + Logger.info(new LogMsg(msg.getMessage("init.01", null))); } catch (MOAException e) { Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e); - } + } +// catch (CertStoreException e) { +// //@TSL +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (TrustStoreException e) { +// //@TSL +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } // set IXSIL debug output IXSILInit.setPrintDebugLog( -- cgit v1.2.3