diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-01-20 14:48:55 +0100 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-01-20 14:48:55 +0100 |
| commit | b0d77d439a8df6b09648e19b1ec93f24eadfbe7b (patch) | |
| tree | b05838605daf9e73ac437bdb778d771a4c450166 /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java | |
| parent | 172cae552dfecad074cac9834d22ec07f6cb7605 (diff) | |
| download | moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.tar.gz moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.tar.bz2 moa-sig-b0d77d439a8df6b09648e19b1ec93f24eadfbe7b.zip | |
small changes to support TSL-lib version RC2
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java')
| -rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java | 81 |
1 files changed, 60 insertions, 21 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index 6b07594..ad64052 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -22,6 +22,7 @@ import java.util.List; import at.gv.egovernment.moa.sig.tsl.TslConstants; import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult; import at.gv.egovernment.moa.sig.tsl.exception.TslException; +import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.spss.api.common.TslInfos; import at.gv.egovernment.moa.spss.api.impl.TslInfosImpl; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; @@ -197,10 +198,15 @@ public class CertificateUtils { URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier(); List<URI> tslCertificateQualifier = tslCheckResult.getEvaluatedQualifier(); + // QC evaluation flags boolean qc = false; boolean qcSourceTSL = false; + boolean qcDisallowedFromTSL = false; + + // SSCD/QSCD evaluation flags boolean sscd = false; boolean sscdSourceTSL = false; + //check QC List<URI> allowedQCQualifier = config.getTSLConfiguration().getQualifierForQC(); @@ -212,26 +218,8 @@ public class CertificateUtils { } } - if (qcSourceTSL) - Logger.debug("Certificate is QC (Source: TSL)"); - - else { - // if QC check via TSL returns false - // try certificate extensions QCP and QcEuCompliance - Logger.debug("QC check via TSL returned false - checking certificate extensions"); - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - - if (checkQCP || checkQcEuCompliance) { - Logger.debug("Certificate is QC (Source: Certificate)"); - qc = true; - - } - - } - - //check SSCD + //check SSCD/QSCD qualifiers and mark result acording this check List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD(); if (tslCertificateQualifier != null && allowedSSCDQualifier != null) { for (URI allowedSSCD : allowedSSCDQualifier) { @@ -243,7 +231,57 @@ public class CertificateUtils { } } } - } + } + + //check additional flags in TSP qualifiers for this certificate + if (tslCertificateQualifier != null) { + for (URI qEl : tslCertificateQualifier) { + //check if SSCD/QSCD status must be used from cert + if (qEl.equals( + TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.QCQSCDStatusAsInCert)) + || qEl.equals(TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.QCSSCDStatusAsInCert))) { + + sscdSourceTSL = false; + sscd = false; + + //check if extentsion includes a NotQualified flag + } else if (qEl.equals( + TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) { + qc = false; + qcSourceTSL = false; + qcDisallowedFromTSL = true; + Logger.info("TSL mark this certificate explicitly as 'NotQualified'!"); + + } + } + } + + //evaluate QC statement according previous selected information + if (qcSourceTSL) + Logger.debug("Certificate is QC (Source: TSL)"); + + else { + // if TSL return no service-type identifier us information from certificate + if (tslServiceTypeIdentifier == null || + MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { + // try certificate extensions QCP and QcEuCompliance + Logger.debug("QC check via TSL returned false - checking certificate extensions"); + boolean checkQCP = CertificateUtils.checkQCP(chain[0]); + boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); + + if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { + Logger.debug("Certificate is QC (Source: Certificate)"); + qc = true; + + } + } + } + + + //evaluate SSCD/QSCD results according previous selected information if (sscdSourceTSL) Logger.debug("Certificate is SSCD (Source: TSL)"); @@ -268,7 +306,8 @@ public class CertificateUtils { tslCheckResult.getTerritory(), tslCheckResult.getTspStatus(), tslServiceTypeIdentifier.toString(), - tslCertificateQualifier); + tslCertificateQualifier, + tslCheckResult.getAdditionalServiceInformation()); result.setTslInfos(extTslInfos); return result; |