diff options
author | Thomas <> | 2023-05-02 09:27:05 +0200 |
---|---|---|
committer | Thomas <> | 2023-05-02 09:27:05 +0200 |
commit | dafc76624606f7d47f65006a6bf4695c3a0cd1a9 (patch) | |
tree | 87b7cca5e6abeecf6c0109cf1407a890b53439ab /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java | |
parent | 25927320bb14d0acc2ab8204ff10646014c8c0c8 (diff) | |
download | moa-sig-dafc76624606f7d47f65006a6bf4695c3a0cd1a9.tar.gz moa-sig-dafc76624606f7d47f65006a6bf4695c3a0cd1a9.tar.bz2 moa-sig-dafc76624606f7d47f65006a6bf4695c3a0cd1a9.zip |
feat(pkix): add addition features to validate short-term certificates
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java')
-rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java index 6aa20cf..002df3b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/RevocationConfigurationImpl.java @@ -30,8 +30,11 @@ import java.util.Map; import java.util.Set; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moaspss.logging.Logger; +import iaik.asn1.structures.Name; import iaik.pki.revocation.RevocationConfiguration; import iaik.pki.revocation.dbcrl.config.DBCrlConfig; +import iaik.utils.RFC2253NameParserException; /** * An implementation of the <code>RevocationConfiguration</code> interface using @@ -111,4 +114,31 @@ public class RevocationConfigurationImpl extends AbstractObservableConfiguration return false; } + @Override + public boolean checkETSIValidityAssuredShortTermExt() { + return config.isUseShortTimeCertificateEtisExt(); + + } + + @Override + public Long getShortTermedValidityPeriod(X509Certificate eeCert) { + try { + String issuer = ConfigurationProvider.normalizeX500Names(((Name)eeCert.getIssuerDN()).getRFC2253String()); + if (config.getShortTimeCertificatePeriods().containsKey(issuer)) { + Integer interval = config.getShortTimeCertificatePeriods().get(issuer); + Logger.debug("Use shortTermedValidityPeriod: " + interval + "[min] for Issuer: " + issuer); + return Long.valueOf(interval) * 60 * 1000; + + } + + } catch (RFC2253NameParserException e) { + Logger.warn("Can not normalize X509 IssuerName: " + eeCert.getIssuerDN(), e); + + } + + Logger.debug("Use default shortTermedValidityPeriod: " + config.getDefaultShortTimeCertificatePeriod() + "[min]"); + return Long.valueOf(config.getDefaultShortTimeCertificatePeriod()) * 60 * 1000; + + } + } |