first untested beta version with new TSL lib

3 files changed, 95 insertions, 2 deletions

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
index a4f7660..1aa5f6a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java
@@ -30,9 +30,11 @@ import org.apache.commons.io.FileUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import at.gv.egovernment.moa.sig.tsl.exception.TslException;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.logging.IaikLog;
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory;
 import iaik.logging.Log;
 import iaik.pki.store.certstore.CertStoreConfiguration;
 import iaik.pki.store.certstore.CertStoreParameters;
@@ -68,7 +70,20 @@ public class CertStoreConfigurationImpl extends AbstractObservableConfiguration
 		DirectoryCertStoreParameters dirParameters = new DirectoryCertStoreParametersImpl("MOA Directory CertStore",
 				certStoreRoot, true, false);
 
-		parameters = new CertStoreParameters[] { dirParameters };
+		if (TSLServiceFactory.isInitialized()) {
+			try {
+				CertStoreParameters tslCertStore = TSLServiceFactory.getTSLServiceClient().getCertStoreWithTSLCertificates();
+				parameters = new CertStoreParameters[] { dirParameters, tslCertStore};
+				
+			} catch (TslException e) {
+				logger.warn("TSL based CertStore initialisation FAILED.", e);
+				logger.warn("Only Directory based CertStore is used ... ");
+				parameters = new CertStoreParameters[] { dirParameters };
+			}
+									
+		} else				
+			parameters = new CertStoreParameters[] { dirParameters };
+		
 	}
 
 	/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
index 3f6998a..b776255 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
@@ -27,11 +27,21 @@ import iaik.pki.PKIProfile;
 import iaik.pki.pathvalidation.ValidationProfile;
 import iaik.pki.revocation.RevocationProfile;
 import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+
+import java.util.Arrays;
+
+import at.gv.egovernment.moa.sig.tsl.exception.TslPKIException;
+import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreProfile;
+import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreProfile;
 import at.gv.egovernment.moa.spss.MOAApplicationException;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.config.TrustProfile;
 import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl;
 import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl;
 import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
+import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory;
+import at.gv.egovernment.moaspss.logging.Logger;
 
 /**
  * Implementation of the <code>PKIProfile</code> interface containing
@@ -70,10 +80,58 @@ public class PKIProfileImpl implements PKIProfile {
 
 		this.config = config;
 		setRevocationProfile(new RevocationProfileImpl(config));
-		setTrustStoreProfile(new TrustStoreProfileImpl(config, trustProfileID));
 		setValidationProfile(new ValidationProfileImpl(config));
+				
+		//generate TrustStoreProfile from TrustStore configuration
+		internalTrustProfileBuilder(trustProfileID);
+				
 	}
 
+	
+	private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException {
+		TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId);
+		if (tp != null) {
+			//build directory based trust store as default
+			
+			
+			if (tp.isTSLEnabled()) {
+				//build TSL truststore if enabled
+				TslTrustStoreProfile tslTrustStore;
+				try {
+					tslTrustStore = TSLServiceFactory.getTSLServiceClient().
+							buildTrustStoreProfile(
+									tp.getCountries(), 
+									tp.getAllowedTspStatus(), 
+									tp.getAllowedTspServiceTypes(), 
+									trustProfileId + "_TSL");
+							
+					//build Directory based TrustStore
+					TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId + "_Directory", tp.getUri());
+				
+					//generate a virtual truststore that concatenates the TSL TrustStore and the directory TrustStore
+					ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile(
+							Arrays.asList(tslTrustStore, directoryTrustStore), 
+							trustProfileId);
+				
+					//set this virtual truststore
+					setTrustStoreProfile(chainedProfile);
+					
+				} catch (TslPKIException e) {
+					Logger.error("Virtual TSL based TrustProfile generation FAILED.", e);
+					throw new MOAApplicationException("2900", new Object[] { trustProfileId });
+					
+				}
+				
+			} else 
+				setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri()));
+									
+		} else {
+			throw new MOAApplicationException("2203", new Object[] { trustProfileId });
+			
+		}
+				
+	}
+	
 	/**
 	 * @see iaik.pki.PKIProfile#autoAddCertificates()
 	 */
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
index 50f237a..c9f4f28 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
@@ -60,6 +60,25 @@ public class TrustStoreProfileImpl implements TrustStoreProfile {
   /** The URI of the trust profile.*/
   private String URI;
 
+  
+  /**
+   * Create a new <code>TrustStoreProfileImpl</code>.
+   * 
+   * @param config The MOA configuration data, from which trust store
+   * configuration data is read.
+   * @param trustProfileId The trust profile id on which this
+   * <code>TrustStoreProfile</code> is based.
+   * @throws MOAApplicationException The <code>trustProfileId</code> could not
+   * be found in the MOA configuration.
+   */
+  public TrustStoreProfileImpl(String trustProfileId, String trustProfileUri)
+    throws MOAApplicationException {
+      id_ = trustProfileId;
+      setURI(trustProfileUri);
+      setType(TrustStoreTypes.DIRECTORY);
+  
+  }
+  
   /**
    * Create a new <code>TrustStoreProfileImpl</code>.
    * 
@@ -70,6 +89,7 @@ public class TrustStoreProfileImpl implements TrustStoreProfile {
    * @throws MOAApplicationException The <code>trustProfileId</code> could not
    * be found in the MOA configuration.
    */
+  @Deprecated
   public TrustStoreProfileImpl(
     ConfigurationProvider config,
     String trustProfileId)