small changes to support TSL-lib version RC2

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2017-01-20 14:48:55 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2017-01-20 14:48:55 +0100
commit: b0d77d439a8df6b09648e19b1ec93f24eadfbe7b (patch)
tree: b05838605daf9e73ac437bdb778d771a4c450166
parent: 172cae552dfecad074cac9834d22ec07f6cb7605 (diff)
download: moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.tar.gz
moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.tar.bz2
moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.zip
6 files changed, 107 insertions, 31 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
index 9718ada..2a04f96 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
@@ -38,4 +38,12 @@ public interface TslInfos {
 	 * @return
 	 */
 	public List<String> getQualifiers();
+	
+	/**
+	 * Gets additional service information for the analyzed certificate
+	 * 
+	 * @return
+	 */
+	public List<String> getAdditionalServiceInformation();
+	
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
index 120b01a..fad42e6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
@@ -11,9 +11,11 @@ public class TslInfosImpl implements TslInfos {
 	private String tslServiceTypeIdentifier;
 	private String tslServiceTypeStatus;
 	private List<String> tslServiceQualifier = new ArrayList<String>();
+	private List<String> tslAdditionalServiceInformation = new ArrayList<String>();
 	private String tslCountry;
 	
-	public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, List<URI> tslCertificateQualifier) {
+	public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, 
+			List<URI> tslCertificateQualifier, List<String> additionalServiceInformation) {
 		this.tslCountry = country;
 		this.tslServiceTypeStatus = tslServiceTypeStatus;
 		this.tslServiceTypeIdentifier = tslServiceTypeIdentifier;
@@ -22,7 +24,11 @@ public class TslInfosImpl implements TslInfos {
 			for (URI el : tslCertificateQualifier)
 				this.tslServiceQualifier.add(el.toString());
 			
-		}					
+		}
+		
+		if (additionalServiceInformation != null)
+			this.tslAdditionalServiceInformation.addAll(additionalServiceInformation);
+		
 	}
 	
 	
@@ -46,4 +52,11 @@ public class TslInfosImpl implements TslInfos {
 		return tslServiceQualifier;
 	}
 
+
+	@Override
+	public List<String> getAdditionalServiceInformation() {
+		return this.tslAdditionalServiceInformation;
+		
+	}
+
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 79a674e..fafbc16 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -205,7 +205,21 @@ public class ResponseBuilderUtils {
     		tslInfoElement.appendChild(tslQualifiers);
     		
     	}
-      	    	
+    	
+    	//append additional service information
+    	if (tslInfos.getAdditionalServiceInformation() != null 
+    			&& tslInfos.getAdditionalServiceInformation().size() > 0) {
+    		Element tslAdditionalServiceInformations = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformations");
+    		
+    		for (String el : tslInfos.getAdditionalServiceInformation()) {
+    			Element tslAdditionalServiceInformation = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformation");
+    			tslAdditionalServiceInformation.setTextContent(el);
+    			tslAdditionalServiceInformations.appendChild(tslAdditionalServiceInformation);
+    			
+    		}    		
+    		tslInfoElement.appendChild(tslAdditionalServiceInformations);
+    		
+    	}      	    
     }
     
     Element publicAuthorityElem =
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index 23fe487..0063c7f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -29,6 +29,8 @@ import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
 
 import at.gv.egovernment.moa.sig.tsl.TslConstants;
 import at.gv.egovernment.moaspss.logging.Logger;
@@ -55,7 +57,7 @@ public class TrustProfile {
   private List<String> countries = new ArrayList<String>();
   
   private List<URI> allowedTspStatus = new ArrayList<URI>();
-  private List<URI> allowedTspServiceTypes = new ArrayList<URI>();
+  private List<Pattern> allowedTspServiceTypes = new ArrayList<Pattern>();
   
   
   /**
@@ -134,10 +136,10 @@ public class TrustProfile {
 			 String[] ccArray = allowedTspServiceTypes.split(","); 
 			 for (String el : ccArray) {
 				 try {
-					this.allowedTspServiceTypes.add(new URI(el.trim()));
+					this.allowedTspServiceTypes.add(Pattern.compile(el.trim()));
 					
-				} catch (URISyntaxException e) {
-					Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")");
+				} catch (PatternSyntaxException e) {
+					Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier Regex pattern(" + el + ")");
 					
 				}
 				 
@@ -147,8 +149,7 @@ public class TrustProfile {
 			  Logger.debug("Use default set of TSP Service-Type identifier");
 			  this.allowedTspServiceTypes.addAll(
 					  Arrays.asList(
-							  TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
-  							  TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
+							  Pattern.compile(TslConstants.DEFAULT_REGEX_PATTERN_ALLOW_ALL)));
 			  
 		  }
 	  
@@ -204,7 +205,7 @@ public class TrustProfile {
 	  return allowedTspStatus;
   }
 
-  public List<URI> getAllowedTspServiceTypes() {
+  public List<Pattern> getAllowedTspServiceTypes() {
 	  return allowedTspServiceTypes;
   }
   
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 8ff0b12..1eb9984 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -153,6 +153,7 @@ public class SystemInitializer {
     	  TslConfigurationImpl tslConfig = new TslConfigurationImpl();
     	  tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl());
     	  tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory());
+    	  tslConfig.setNetworkReadTimeout(config.getReadTimeout());
     	  
     	  Logger.info(new LogMsg(msg.getMessage("config.41", null)));
     	  TSLServiceFactory.initialize(tslConfig);    	  
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index 6b07594..ad64052 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -22,6 +22,7 @@ import java.util.List;
 import at.gv.egovernment.moa.sig.tsl.TslConstants;
 import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult;
 import at.gv.egovernment.moa.sig.tsl.exception.TslException;
+import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
 import at.gv.egovernment.moa.spss.api.common.TslInfos;
 import at.gv.egovernment.moa.spss.api.impl.TslInfosImpl;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
@@ -197,10 +198,15 @@ public class CertificateUtils {
 					URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier();
 					List<URI> tslCertificateQualifier = tslCheckResult.getEvaluatedQualifier();
 					
+					// QC evaluation flags
 					boolean qc = false;
 					boolean qcSourceTSL = false;
+					boolean qcDisallowedFromTSL = false;
+					
+					// SSCD/QSCD evaluation flags
 					boolean sscd = false;
 					boolean sscdSourceTSL = false;
+					
 										
 					//check QC
 					List<URI> allowedQCQualifier = config.getTSLConfiguration().getQualifierForQC();
@@ -212,26 +218,8 @@ public class CertificateUtils {
 						}
 						
 					}
-					if (qcSourceTSL)					
-						Logger.debug("Certificate is QC (Source: TSL)");
-					
-					else {
-						// if QC check via TSL returns false
-						// try certificate extensions QCP and QcEuCompliance
-						Logger.debug("QC check via TSL returned false - checking certificate extensions");
-				     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
-				        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
-				        
-				        if (checkQCP || checkQcEuCompliance) {
-				        	Logger.debug("Certificate is QC (Source: Certificate)");
-				        	qc = true;
-				        	
-				        }	
-						
-					}
-					
 					
-					//check SSCD
+					//check SSCD/QSCD qualifiers and mark result acording this check
 					List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD();
 					if (tslCertificateQualifier != null && allowedSSCDQualifier != null) {						
 						for (URI allowedSSCD : allowedSSCDQualifier) {
@@ -243,7 +231,57 @@ public class CertificateUtils {
 								}
 							}
 						}
-					} 
+					}
+					
+					//check additional flags in TSP qualifiers for this certificate					
+					if (tslCertificateQualifier != null) {
+						for (URI qEl : tslCertificateQualifier) {
+							//check if SSCD/QSCD status must be used from cert
+							if (qEl.equals(
+									TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+											TslConstants.SSCD_QUALIFIER_SHORT.QCQSCDStatusAsInCert))
+									|| qEl.equals(TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+											TslConstants.SSCD_QUALIFIER_SHORT.QCSSCDStatusAsInCert))) {
+								
+								sscdSourceTSL = false;
+								sscd = false;
+	
+								//check if extentsion includes a NotQualified flag
+							} else if (qEl.equals(								
+										TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+												TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) {
+								qc = false;
+								qcSourceTSL = false;
+								qcDisallowedFromTSL = true;
+								Logger.info("TSL mark this certificate explicitly as 'NotQualified'!");
+															
+							}											
+						}
+					}
+					
+					//evaluate QC statement according previous selected information 
+					if (qcSourceTSL)					
+						Logger.debug("Certificate is QC (Source: TSL)");
+										
+					else {
+						// if TSL return no service-type identifier us information from certificate
+						if (tslServiceTypeIdentifier == null || 
+								MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
+							// try certificate extensions QCP and QcEuCompliance
+							Logger.debug("QC check via TSL returned false - checking certificate extensions");
+							boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+							boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+				        
+							if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
+								Logger.debug("Certificate is QC (Source: Certificate)");
+								qc = true;
+				        	
+							}
+						}						
+					}
+					
+					
+					//evaluate SSCD/QSCD results according previous selected information  
 					if (sscdSourceTSL)					
 						Logger.debug("Certificate is SSCD (Source: TSL)");
 					
@@ -268,7 +306,8 @@ public class CertificateUtils {
 							tslCheckResult.getTerritory(),
 							tslCheckResult.getTspStatus(),
 							tslServiceTypeIdentifier.toString(),
-							tslCertificateQualifier);
+							tslCertificateQualifier,
+							tslCheckResult.getAdditionalServiceInformation());
 					result.setTslInfos(extTslInfos);
 										
 					return result;
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2017-01-20 14:48:55 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2017-01-20 14:48:55 +0100
commit	b0d77d439a8df6b09648e19b1ec93f24eadfbe7b (patch)
tree	b05838605daf9e73ac437bdb778d771a4c450166
parent	172cae552dfecad074cac9834d22ec07f6cb7605 (diff)
download	moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.tar.gz moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.tar.bz2 moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.zip