diff options
author | tlenz <thomas.lenz@egiz.gv.at> | 2017-02-01 20:07:28 +0100 |
---|---|---|
committer | tlenz <thomas.lenz@egiz.gv.at> | 2017-02-01 20:07:28 +0100 |
commit | cb42d8b04befa612d88123bdc7e8f7164377cddd (patch) | |
tree | 72361f4f20d58a2e70dc62c502d5fa274ada9ef4 /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java | |
parent | 0df09d7de785d905e88ccd442ea1c060af2ffff8 (diff) | |
parent | 5159762bea80c8e09a448859d62868f010de7d3a (diff) | |
download | moa-sig-cb42d8b04befa612d88123bdc7e8f7164377cddd.tar.gz moa-sig-cb42d8b04befa612d88123bdc7e8f7164377cddd.tar.bz2 moa-sig-cb42d8b04befa612d88123bdc7e8f7164377cddd.zip |
Merge branch 'master' of https://gitlab.iaik.tugraz.at/egiz/moa-sig
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java')
-rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java | 71 |
1 files changed, 41 insertions, 30 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index ad64052..ce78580 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -259,26 +259,33 @@ public class CertificateUtils { } } - //evaluate QC statement according previous selected information - if (qcSourceTSL) - Logger.debug("Certificate is QC (Source: TSL)"); - - else { - // if TSL return no service-type identifier us information from certificate - if (tslServiceTypeIdentifier == null || - MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { - // try certificate extensions QCP and QcEuCompliance - Logger.debug("QC check via TSL returned false - checking certificate extensions"); - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - - if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { - Logger.debug("Certificate is QC (Source: Certificate)"); - qc = true; - - } - } - } + /* + * This block is removes with MOA-SP 3.1 because if TSL support is enabled for the requested TrustProfile + * QC evaluation is ONLY allowed from TSL information!!! Because with eIDAS regulation and July 01. 2016 + * the Trust-Status List is constitutive. + */ +// //evaluate QC statement according previous selected information +// if (qcSourceTSL) +// Logger.debug("Certificate is QC (Source: TSL)"); +// +// else { +// +// +// // if TSL return no service-type identifier us information from certificate +// if (tslServiceTypeIdentifier == null || +// MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { +// // try certificate extensions QCP and QcEuCompliance +// Logger.debug("QC check via TSL returned false - checking certificate extensions"); +// boolean checkQCP = CertificateUtils.checkQCP(chain[0]); +// boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); +// +// if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { +// Logger.debug("Certificate is QC (Source: Certificate)"); +// qc = true; +// +// } +// } +// } //evaluate SSCD/QSCD results according previous selected information @@ -313,13 +320,14 @@ public class CertificateUtils { return result; } else { - Logger.debug("Qualifier check via TSL return null - checking certificate extensions"); - return parseInfosFromCertificate(chain); + Logger.debug("Qualifier check via TSL return null - checking certificate extensions without QC evaluation"); + return parseInfosFromCertificate(chain, false); } } else - return parseInfosFromCertificate(chain); + Logger.info("TSL support is not enabled - checking certificate extensions with QC evaluation "); + return parseInfosFromCertificate(chain, true); } catch (TslException e) { MessageProvider msg = MessageProvider.getInstance(); @@ -330,19 +338,22 @@ public class CertificateUtils { } - private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain) { + private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain, boolean performQCEvaluation) { boolean qc = false; boolean sscd = false; // Trustprofile is not TSL enabled - use certificate extensions only - // perform QC check - // try certificate extensions QCP and QcEuCompliance - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); + if (performQCEvaluation) { + // perform QC check + // try certificate extensions QCP and QcEuCompliance + boolean checkQCP = CertificateUtils.checkQCP(chain[0]); + boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - if (checkQCP || checkQcEuCompliance) - qc = true; + if (checkQCP || checkQcEuCompliance) + qc = true; + + } // perform SSCD check // try certificate extensions QCP+ and QcEuSSCD |