aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2017-01-20 14:48:55 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2017-01-20 14:48:55 +0100
commitb0d77d439a8df6b09648e19b1ec93f24eadfbe7b (patch)
treeb05838605daf9e73ac437bdb778d771a4c450166
parent172cae552dfecad074cac9834d22ec07f6cb7605 (diff)
downloadmoa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.tar.gz
moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.tar.bz2
moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.zip
small changes to support TSL-lib version RC2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java8
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java17
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java16
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java15
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java1
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java81
6 files changed, 107 insertions, 31 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
index 9718ada..2a04f96 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
@@ -38,4 +38,12 @@ public interface TslInfos {
* @return
*/
public List<String> getQualifiers();
+
+ /**
+ * Gets additional service information for the analyzed certificate
+ *
+ * @return
+ */
+ public List<String> getAdditionalServiceInformation();
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
index 120b01a..fad42e6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
@@ -11,9 +11,11 @@ public class TslInfosImpl implements TslInfos {
private String tslServiceTypeIdentifier;
private String tslServiceTypeStatus;
private List<String> tslServiceQualifier = new ArrayList<String>();
+ private List<String> tslAdditionalServiceInformation = new ArrayList<String>();
private String tslCountry;
- public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, List<URI> tslCertificateQualifier) {
+ public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier,
+ List<URI> tslCertificateQualifier, List<String> additionalServiceInformation) {
this.tslCountry = country;
this.tslServiceTypeStatus = tslServiceTypeStatus;
this.tslServiceTypeIdentifier = tslServiceTypeIdentifier;
@@ -22,7 +24,11 @@ public class TslInfosImpl implements TslInfos {
for (URI el : tslCertificateQualifier)
this.tslServiceQualifier.add(el.toString());
- }
+ }
+
+ if (additionalServiceInformation != null)
+ this.tslAdditionalServiceInformation.addAll(additionalServiceInformation);
+
}
@@ -46,4 +52,11 @@ public class TslInfosImpl implements TslInfos {
return tslServiceQualifier;
}
+
+ @Override
+ public List<String> getAdditionalServiceInformation() {
+ return this.tslAdditionalServiceInformation;
+
+ }
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 79a674e..fafbc16 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -205,7 +205,21 @@ public class ResponseBuilderUtils {
tslInfoElement.appendChild(tslQualifiers);
}
-
+
+ //append additional service information
+ if (tslInfos.getAdditionalServiceInformation() != null
+ && tslInfos.getAdditionalServiceInformation().size() > 0) {
+ Element tslAdditionalServiceInformations = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformations");
+
+ for (String el : tslInfos.getAdditionalServiceInformation()) {
+ Element tslAdditionalServiceInformation = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformation");
+ tslAdditionalServiceInformation.setTextContent(el);
+ tslAdditionalServiceInformations.appendChild(tslAdditionalServiceInformation);
+
+ }
+ tslInfoElement.appendChild(tslAdditionalServiceInformations);
+
+ }
}
Element publicAuthorityElem =
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index 23fe487..0063c7f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -29,6 +29,8 @@ import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
import at.gv.egovernment.moa.sig.tsl.TslConstants;
import at.gv.egovernment.moaspss.logging.Logger;
@@ -55,7 +57,7 @@ public class TrustProfile {
private List<String> countries = new ArrayList<String>();
private List<URI> allowedTspStatus = new ArrayList<URI>();
- private List<URI> allowedTspServiceTypes = new ArrayList<URI>();
+ private List<Pattern> allowedTspServiceTypes = new ArrayList<Pattern>();
/**
@@ -134,10 +136,10 @@ public class TrustProfile {
String[] ccArray = allowedTspServiceTypes.split(",");
for (String el : ccArray) {
try {
- this.allowedTspServiceTypes.add(new URI(el.trim()));
+ this.allowedTspServiceTypes.add(Pattern.compile(el.trim()));
- } catch (URISyntaxException e) {
- Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")");
+ } catch (PatternSyntaxException e) {
+ Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier Regex pattern(" + el + ")");
}
@@ -147,8 +149,7 @@ public class TrustProfile {
Logger.debug("Use default set of TSP Service-Type identifier");
this.allowedTspServiceTypes.addAll(
Arrays.asList(
- TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
- TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
+ Pattern.compile(TslConstants.DEFAULT_REGEX_PATTERN_ALLOW_ALL)));
}
@@ -204,7 +205,7 @@ public class TrustProfile {
return allowedTspStatus;
}
- public List<URI> getAllowedTspServiceTypes() {
+ public List<Pattern> getAllowedTspServiceTypes() {
return allowedTspServiceTypes;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 8ff0b12..1eb9984 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -153,6 +153,7 @@ public class SystemInitializer {
TslConfigurationImpl tslConfig = new TslConfigurationImpl();
tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl());
tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory());
+ tslConfig.setNetworkReadTimeout(config.getReadTimeout());
Logger.info(new LogMsg(msg.getMessage("config.41", null)));
TSLServiceFactory.initialize(tslConfig);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index 6b07594..ad64052 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -22,6 +22,7 @@ import java.util.List;
import at.gv.egovernment.moa.sig.tsl.TslConstants;
import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult;
import at.gv.egovernment.moa.sig.tsl.exception.TslException;
+import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
import at.gv.egovernment.moa.spss.api.common.TslInfos;
import at.gv.egovernment.moa.spss.api.impl.TslInfosImpl;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
@@ -197,10 +198,15 @@ public class CertificateUtils {
URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier();
List<URI> tslCertificateQualifier = tslCheckResult.getEvaluatedQualifier();
+ // QC evaluation flags
boolean qc = false;
boolean qcSourceTSL = false;
+ boolean qcDisallowedFromTSL = false;
+
+ // SSCD/QSCD evaluation flags
boolean sscd = false;
boolean sscdSourceTSL = false;
+
//check QC
List<URI> allowedQCQualifier = config.getTSLConfiguration().getQualifierForQC();
@@ -212,26 +218,8 @@ public class CertificateUtils {
}
}
- if (qcSourceTSL)
- Logger.debug("Certificate is QC (Source: TSL)");
-
- else {
- // if QC check via TSL returns false
- // try certificate extensions QCP and QcEuCompliance
- Logger.debug("QC check via TSL returned false - checking certificate extensions");
- boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
- boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
-
- if (checkQCP || checkQcEuCompliance) {
- Logger.debug("Certificate is QC (Source: Certificate)");
- qc = true;
-
- }
-
- }
-
- //check SSCD
+ //check SSCD/QSCD qualifiers and mark result acording this check
List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD();
if (tslCertificateQualifier != null && allowedSSCDQualifier != null) {
for (URI allowedSSCD : allowedSSCDQualifier) {
@@ -243,7 +231,57 @@ public class CertificateUtils {
}
}
}
- }
+ }
+
+ //check additional flags in TSP qualifiers for this certificate
+ if (tslCertificateQualifier != null) {
+ for (URI qEl : tslCertificateQualifier) {
+ //check if SSCD/QSCD status must be used from cert
+ if (qEl.equals(
+ TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+ TslConstants.SSCD_QUALIFIER_SHORT.QCQSCDStatusAsInCert))
+ || qEl.equals(TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+ TslConstants.SSCD_QUALIFIER_SHORT.QCSSCDStatusAsInCert))) {
+
+ sscdSourceTSL = false;
+ sscd = false;
+
+ //check if extentsion includes a NotQualified flag
+ } else if (qEl.equals(
+ TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+ TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) {
+ qc = false;
+ qcSourceTSL = false;
+ qcDisallowedFromTSL = true;
+ Logger.info("TSL mark this certificate explicitly as 'NotQualified'!");
+
+ }
+ }
+ }
+
+ //evaluate QC statement according previous selected information
+ if (qcSourceTSL)
+ Logger.debug("Certificate is QC (Source: TSL)");
+
+ else {
+ // if TSL return no service-type identifier us information from certificate
+ if (tslServiceTypeIdentifier == null ||
+ MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
+ // try certificate extensions QCP and QcEuCompliance
+ Logger.debug("QC check via TSL returned false - checking certificate extensions");
+ boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+ boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+
+ if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
+ Logger.debug("Certificate is QC (Source: Certificate)");
+ qc = true;
+
+ }
+ }
+ }
+
+
+ //evaluate SSCD/QSCD results according previous selected information
if (sscdSourceTSL)
Logger.debug("Certificate is SSCD (Source: TSL)");
@@ -268,7 +306,8 @@ public class CertificateUtils {
tslCheckResult.getTerritory(),
tslCheckResult.getTspStatus(),
tslServiceTypeIdentifier.toString(),
- tslCertificateQualifier);
+ tslCertificateQualifier,
+ tslCheckResult.getAdditionalServiceInformation());
result.setTslInfos(extTslInfos);
return result;