aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2017-01-10 15:10:15 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2017-01-10 15:10:15 +0100
commitc6f686485e50e8de112445da07d98b93278b09d0 (patch)
treea8318ff3bda10c5b10bc29dabf04cee2d287f307 /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment
parent8574f931c169248c67c3a5946351f9072628af46 (diff)
downloadmoa-sig-c6f686485e50e8de112445da07d98b93278b09d0.tar.gz
moa-sig-c6f686485e50e8de112445da07d98b93278b09d0.tar.bz2
moa-sig-c6f686485e50e8de112445da07d98b93278b09d0.zip
MOA-SP with new TSL RC1
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java7
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java11
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java9
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java35
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java6
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java20
7 files changed, 57 insertions, 33 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
index 69dad89..57a60a6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -128,7 +128,7 @@ public class SignerInfoImpl implements SignerInfo {
}
public String getQCSource() {
- if (qcSourceTSL)
+ if (this.qcSourceTSL)
return "TSL";
else
return "Certificate";
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
index 4c40a5f..120b01a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
@@ -18,10 +18,11 @@ public class TslInfosImpl implements TslInfos {
this.tslServiceTypeStatus = tslServiceTypeStatus;
this.tslServiceTypeIdentifier = tslServiceTypeIdentifier;
- for (URI el : tslCertificateQualifier)
- this.tslServiceQualifier.add(el.toString());
+ if (tslCertificateQualifier != null) {
+ for (URI el : tslCertificateQualifier)
+ this.tslServiceQualifier.add(el.toString());
-
+ }
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 1b47013..89f4c1e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -758,6 +758,11 @@ public class ConfigurationPartsBuilder {
while ((keyGroupElem = (Element) kgIter.nextNode()) != null)
{
String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null);
+
+ //switch all keyGroupIds to lower case, only
+ if (MiscUtil.isNotEmpty(keyGroupId))
+ keyGroupId = keyGroupId.trim().toLowerCase();
+
String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null);
Set keyGroupEntries =
buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
@@ -883,9 +888,9 @@ public class ConfigurationPartsBuilder {
keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId");
while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null)
{
- String keyGroupId = getElementValue(keyGroupElem, ".", null);
- KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
-
+ String keyGroupId = getElementValue(keyGroupElem, ".", null);
+ KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase());
+
if (keyGroup != null)
{
groups.put(keyGroupId, keyGroup);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 79ef1d2..6a007cf 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -633,9 +633,12 @@ public class ConfigurationProvider
return keyGroups;
}
- public KeyGroup getKeyGroup(String keyGroupId) {
- KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
- return keyGroup;
+ public KeyGroup getKeyGroup(String keyGroupId) {
+ if (MiscUtil.isNotEmpty(keyGroupId))
+ return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase());
+
+ else
+ return null;
}
/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index f64643f..23fe487 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -76,16 +76,21 @@ public class TrustProfile {
//TSL configuration parameters
this.tslEnabled = tslEnabled;
-
- setCountries(countries);
- Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries");
-
- setAllowedTspStatus(allowedTspStatus);
- Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier");
+
+ if (tslEnabled) {
+ setCountries(countries);
+ if (!this.countries.isEmpty())
+ Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries");
+ else
+ Logger.info("TrustProfile "+ id + " allows " + "ALL" + " TSL countries");
- setAllowedTspServiceTypes(allowedTspServiceTypes);
- Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier");
-
+ setAllowedTspStatus(allowedTspStatus);
+ Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier");
+
+ setAllowedTspServiceTypes(allowedTspServiceTypes);
+ Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier");
+
+ }
}
private void setCountries(String countries) {
@@ -112,7 +117,7 @@ public class TrustProfile {
}
} else {
- Logger.info("Use default set of TSP Status identifier");
+ Logger.debug("Use default set of TSP Status identifier");
this.allowedTspStatus.addAll(
Arrays.asList(
TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.granted),
@@ -129,7 +134,7 @@ public class TrustProfile {
String[] ccArray = allowedTspServiceTypes.split(",");
for (String el : ccArray) {
try {
- this.allowedTspStatus.add(new URI(el.trim()));
+ this.allowedTspServiceTypes.add(new URI(el.trim()));
} catch (URISyntaxException e) {
Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")");
@@ -139,11 +144,11 @@ public class TrustProfile {
}
} else {
- Logger.info("Use default set of TSP Service-Type identifier");
- this.allowedTspStatus.addAll(
+ Logger.debug("Use default set of TSP Service-Type identifier");
+ this.allowedTspServiceTypes.addAll(
Arrays.asList(
- TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
- TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
+ TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
+ TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
index 83bcf3a..223361d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
@@ -4,9 +4,11 @@ import at.gv.egovernment.moa.sig.tsl.TslClientFactory;
import at.gv.egovernment.moa.sig.tsl.api.ITslService;
import at.gv.egovernment.moa.sig.tsl.config.TslConfigurationImpl;
import at.gv.egovernment.moa.sig.tsl.exception.TslException;
+import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreHandler;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
+import iaik.pki.store.truststore.TrustStoreFactory;
public class TSLServiceFactory {
@@ -17,7 +19,9 @@ public class TSLServiceFactory {
if (tslClient == null) {
try {
tslClient = TslClientFactory.buildTslService(config );
-
+
+ TrustStoreFactory.addTrustStoreHandler(new ChainingTrustStoreHandler());
+
} catch (TslException e) {
Logger.fatal(new LogMsg(MessageProvider.getInstance().getMessage("init.05", new Object[]{e.getMessage()})), e);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index 0ea0677..6b07594 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -19,6 +19,7 @@ import java.util.Arrays;
import java.util.Date;
import java.util.List;
+import at.gv.egovernment.moa.sig.tsl.TslConstants;
import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult;
import at.gv.egovernment.moa.sig.tsl.exception.TslException;
import at.gv.egovernment.moa.spss.api.common.TslInfos;
@@ -186,7 +187,11 @@ public class CertificateUtils {
}
- ITslEndEntityResult tslCheckResult = TSLServiceFactory.getTSLServiceClient().evaluate(Arrays.asList(chain), signingTime);
+ ITslEndEntityResult tslCheckResult =
+ TSLServiceFactory.getTSLServiceClient().evaluate(
+ Arrays.asList(chain),
+ signingTime,
+ TslConstants.CHAIN_MODEL);
if (tslCheckResult != null) {
URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier();
@@ -228,15 +233,16 @@ public class CertificateUtils {
//check SSCD
List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD();
- for (URI allowedSSCD : allowedSSCDQualifier) {
- for (URI certSSCD : tslCertificateQualifier) {
- if (allowedSSCD.equals(certSSCD)) {
- sscdSourceTSL = true;
- sscd = true;
+ if (tslCertificateQualifier != null && allowedSSCDQualifier != null) {
+ for (URI allowedSSCD : allowedSSCDQualifier) {
+ for (URI certSSCD : tslCertificateQualifier) {
+ if (allowedSSCD.equals(certSSCD)) {
+ sscdSourceTSL = true;
+ sscd = true;
+ }
}
}
-
}
if (sscdSourceTSL)
Logger.debug("Certificate is SSCD (Source: TSL)");