aboutsummaryrefslogtreecommitdiff
path: root/moaSig/moa-sig-lib/src/main/java/at
diff options
context:
space:
mode:
authortlenz <thomas.lenz@egiz.gv.at>2017-01-24 11:55:05 +0100
committertlenz <thomas.lenz@egiz.gv.at>2017-01-24 11:55:05 +0100
commit0df09d7de785d905e88ccd442ea1c060af2ffff8 (patch)
treea9bbc6ae5617fb46b8b8fb765d70336495b47604 /moaSig/moa-sig-lib/src/main/java/at
parent1a0f7abd972f0a50b98299da4f680a0ecfc33217 (diff)
parentb0d77d439a8df6b09648e19b1ec93f24eadfbe7b (diff)
downloadmoa-sig-0df09d7de785d905e88ccd442ea1c060af2ffff8.tar.gz
moa-sig-0df09d7de785d905e88ccd442ea1c060af2ffff8.tar.bz2
moa-sig-0df09d7de785d905e88ccd442ea1c060af2ffff8.zip
local merge
Merge branch 'master' of https://gitlab.iaik.tugraz.at/egiz/moa-sig
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at')
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java8
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java20
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java16
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java11
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java9
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java44
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java1
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java17
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java6
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java95
11 files changed, 169 insertions, 60 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
index 9718ada..2a04f96 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
@@ -38,4 +38,12 @@ public interface TslInfos {
* @return
*/
public List<String> getQualifiers();
+
+ /**
+ * Gets additional service information for the analyzed certificate
+ *
+ * @return
+ */
+ public List<String> getAdditionalServiceInformation();
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
index 69dad89..57a60a6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -128,7 +128,7 @@ public class SignerInfoImpl implements SignerInfo {
}
public String getQCSource() {
- if (qcSourceTSL)
+ if (this.qcSourceTSL)
return "TSL";
else
return "Certificate";
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
index 4c40a5f..fad42e6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
@@ -11,16 +11,23 @@ public class TslInfosImpl implements TslInfos {
private String tslServiceTypeIdentifier;
private String tslServiceTypeStatus;
private List<String> tslServiceQualifier = new ArrayList<String>();
+ private List<String> tslAdditionalServiceInformation = new ArrayList<String>();
private String tslCountry;
- public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, List<URI> tslCertificateQualifier) {
+ public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier,
+ List<URI> tslCertificateQualifier, List<String> additionalServiceInformation) {
this.tslCountry = country;
this.tslServiceTypeStatus = tslServiceTypeStatus;
this.tslServiceTypeIdentifier = tslServiceTypeIdentifier;
- for (URI el : tslCertificateQualifier)
- this.tslServiceQualifier.add(el.toString());
+ if (tslCertificateQualifier != null) {
+ for (URI el : tslCertificateQualifier)
+ this.tslServiceQualifier.add(el.toString());
+ }
+
+ if (additionalServiceInformation != null)
+ this.tslAdditionalServiceInformation.addAll(additionalServiceInformation);
}
@@ -45,4 +52,11 @@ public class TslInfosImpl implements TslInfos {
return tslServiceQualifier;
}
+
+ @Override
+ public List<String> getAdditionalServiceInformation() {
+ return this.tslAdditionalServiceInformation;
+
+ }
+
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 79a674e..fafbc16 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -205,7 +205,21 @@ public class ResponseBuilderUtils {
tslInfoElement.appendChild(tslQualifiers);
}
-
+
+ //append additional service information
+ if (tslInfos.getAdditionalServiceInformation() != null
+ && tslInfos.getAdditionalServiceInformation().size() > 0) {
+ Element tslAdditionalServiceInformations = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformations");
+
+ for (String el : tslInfos.getAdditionalServiceInformation()) {
+ Element tslAdditionalServiceInformation = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformation");
+ tslAdditionalServiceInformation.setTextContent(el);
+ tslAdditionalServiceInformations.appendChild(tslAdditionalServiceInformation);
+
+ }
+ tslInfoElement.appendChild(tslAdditionalServiceInformations);
+
+ }
}
Element publicAuthorityElem =
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 5f3f670..15e44eb 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -763,6 +763,11 @@ public class ConfigurationPartsBuilder {
while ((keyGroupElem = (Element) kgIter.nextNode()) != null)
{
String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null);
+
+ //switch all keyGroupIds to lower case, only
+ if (MiscUtil.isNotEmpty(keyGroupId))
+ keyGroupId = keyGroupId.trim().toLowerCase();
+
String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null);
Set keyGroupEntries =
buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
@@ -888,9 +893,9 @@ public class ConfigurationPartsBuilder {
keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId");
while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null)
{
- String keyGroupId = getElementValue(keyGroupElem, ".", null);
- KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
-
+ String keyGroupId = getElementValue(keyGroupElem, ".", null);
+ KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase());
+
if (keyGroup != null)
{
groups.put(keyGroupId, keyGroup);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 3e074a2..7ae83cb 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -637,9 +637,12 @@ public class ConfigurationProvider
return keyGroups;
}
- public KeyGroup getKeyGroup(String keyGroupId) {
- KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
- return keyGroup;
+ public KeyGroup getKeyGroup(String keyGroupId) {
+ if (MiscUtil.isNotEmpty(keyGroupId))
+ return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase());
+
+ else
+ return null;
}
/**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index f64643f..0063c7f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -29,6 +29,8 @@ import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
import at.gv.egovernment.moa.sig.tsl.TslConstants;
import at.gv.egovernment.moaspss.logging.Logger;
@@ -55,7 +57,7 @@ public class TrustProfile {
private List<String> countries = new ArrayList<String>();
private List<URI> allowedTspStatus = new ArrayList<URI>();
- private List<URI> allowedTspServiceTypes = new ArrayList<URI>();
+ private List<Pattern> allowedTspServiceTypes = new ArrayList<Pattern>();
/**
@@ -76,16 +78,21 @@ public class TrustProfile {
//TSL configuration parameters
this.tslEnabled = tslEnabled;
-
- setCountries(countries);
- Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries");
-
- setAllowedTspStatus(allowedTspStatus);
- Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier");
+
+ if (tslEnabled) {
+ setCountries(countries);
+ if (!this.countries.isEmpty())
+ Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries");
+ else
+ Logger.info("TrustProfile "+ id + " allows " + "ALL" + " TSL countries");
- setAllowedTspServiceTypes(allowedTspServiceTypes);
- Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier");
-
+ setAllowedTspStatus(allowedTspStatus);
+ Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier");
+
+ setAllowedTspServiceTypes(allowedTspServiceTypes);
+ Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier");
+
+ }
}
private void setCountries(String countries) {
@@ -112,7 +119,7 @@ public class TrustProfile {
}
} else {
- Logger.info("Use default set of TSP Status identifier");
+ Logger.debug("Use default set of TSP Status identifier");
this.allowedTspStatus.addAll(
Arrays.asList(
TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.granted),
@@ -129,21 +136,20 @@ public class TrustProfile {
String[] ccArray = allowedTspServiceTypes.split(",");
for (String el : ccArray) {
try {
- this.allowedTspStatus.add(new URI(el.trim()));
+ this.allowedTspServiceTypes.add(Pattern.compile(el.trim()));
- } catch (URISyntaxException e) {
- Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")");
+ } catch (PatternSyntaxException e) {
+ Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier Regex pattern(" + el + ")");
}
}
} else {
- Logger.info("Use default set of TSP Service-Type identifier");
- this.allowedTspStatus.addAll(
+ Logger.debug("Use default set of TSP Service-Type identifier");
+ this.allowedTspServiceTypes.addAll(
Arrays.asList(
- TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
- TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
+ Pattern.compile(TslConstants.DEFAULT_REGEX_PATTERN_ALLOW_ALL)));
}
@@ -199,7 +205,7 @@ public class TrustProfile {
return allowedTspStatus;
}
- public List<URI> getAllowedTspServiceTypes() {
+ public List<Pattern> getAllowedTspServiceTypes() {
return allowedTspServiceTypes;
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 8ff0b12..1eb9984 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -153,6 +153,7 @@ public class SystemInitializer {
TslConfigurationImpl tslConfig = new TslConfigurationImpl();
tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl());
tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory());
+ tslConfig.setNetworkReadTimeout(config.getReadTimeout());
Logger.info(new LogMsg(msg.getMessage("config.41", null)));
TSLServiceFactory.initialize(tslConfig);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index cb77ad1..32eab9e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -28,6 +28,7 @@ import iaik.server.modules.algorithms.HashAlgorithms;
import iaik.server.modules.keys.KeyEntryID;
import iaik.server.modules.keys.KeyModule;
import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.xml.Canonicalization;
import iaik.server.modules.xmlsign.SignatureStructureTypes;
import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
@@ -57,6 +58,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.KeyGroup;
import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ExclusiveCanonicalizationImpl;
import at.gv.egovernment.moa.spss.server.iaik.xmlsign.DataObjectTreatmentImpl;
import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureCreationProfileImpl;
import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureInsertionLocationImpl;
@@ -136,7 +138,6 @@ public class XMLSignatureCreationProfileFactory {
TransactionContext context =
TransactionContextManager.getInstance().getTransactionContext();
ConfigurationProvider config = context.getConfiguration();
- CanonicalizationImpl canonicalization;
List dataObjectTreatmentList;
Set keySet;
List transformationSupplements;
@@ -234,9 +235,17 @@ public class XMLSignatureCreationProfileFactory {
getSignatureInsertionLocationIndex(singleSignatureInfo));
// set the canonicalization algorithm
- canonicalization =
- new CanonicalizationImpl(config.getCanonicalizationAlgorithmName());
- profile.setSignedInfoCanonicalization(canonicalization);
+ String canonicalizationURI = config.getCanonicalizationAlgorithmName();
+ if (Canonicalization.ALL_EXCLUSIVE.contains(canonicalizationURI)) {
+ ExclusiveCanonicalizationImpl canonicalization = new ExclusiveCanonicalizationImpl(config.getCanonicalizationAlgorithmName(), null);
+ profile.setSignedInfoCanonicalization(canonicalization);
+
+ } else {
+ CanonicalizationImpl canonicalization =
+ new CanonicalizationImpl(config.getCanonicalizationAlgorithmName());
+ profile.setSignedInfoCanonicalization(canonicalization);
+
+ }
// set the signed properties
profile.setSignedProperties(Collections.EMPTY_LIST);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
index 83bcf3a..223361d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
@@ -4,9 +4,11 @@ import at.gv.egovernment.moa.sig.tsl.TslClientFactory;
import at.gv.egovernment.moa.sig.tsl.api.ITslService;
import at.gv.egovernment.moa.sig.tsl.config.TslConfigurationImpl;
import at.gv.egovernment.moa.sig.tsl.exception.TslException;
+import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreHandler;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
+import iaik.pki.store.truststore.TrustStoreFactory;
public class TSLServiceFactory {
@@ -17,7 +19,9 @@ public class TSLServiceFactory {
if (tslClient == null) {
try {
tslClient = TslClientFactory.buildTslService(config );
-
+
+ TrustStoreFactory.addTrustStoreHandler(new ChainingTrustStoreHandler());
+
} catch (TslException e) {
Logger.fatal(new LogMsg(MessageProvider.getInstance().getMessage("init.05", new Object[]{e.getMessage()})), e);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index 0ea0677..ad64052 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -19,8 +19,10 @@ import java.util.Arrays;
import java.util.Date;
import java.util.List;
+import at.gv.egovernment.moa.sig.tsl.TslConstants;
import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult;
import at.gv.egovernment.moa.sig.tsl.exception.TslException;
+import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
import at.gv.egovernment.moa.spss.api.common.TslInfos;
import at.gv.egovernment.moa.spss.api.impl.TslInfosImpl;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
@@ -186,16 +188,25 @@ public class CertificateUtils {
}
- ITslEndEntityResult tslCheckResult = TSLServiceFactory.getTSLServiceClient().evaluate(Arrays.asList(chain), signingTime);
+ ITslEndEntityResult tslCheckResult =
+ TSLServiceFactory.getTSLServiceClient().evaluate(
+ Arrays.asList(chain),
+ signingTime,
+ TslConstants.CHAIN_MODEL);
if (tslCheckResult != null) {
URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier();
List<URI> tslCertificateQualifier = tslCheckResult.getEvaluatedQualifier();
+ // QC evaluation flags
boolean qc = false;
boolean qcSourceTSL = false;
+ boolean qcDisallowedFromTSL = false;
+
+ // SSCD/QSCD evaluation flags
boolean sscd = false;
boolean sscdSourceTSL = false;
+
//check QC
List<URI> allowedQCQualifier = config.getTSLConfiguration().getQualifierForQC();
@@ -207,37 +218,70 @@ public class CertificateUtils {
}
}
+
+ //check SSCD/QSCD qualifiers and mark result acording this check
+ List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD();
+ if (tslCertificateQualifier != null && allowedSSCDQualifier != null) {
+ for (URI allowedSSCD : allowedSSCDQualifier) {
+ for (URI certSSCD : tslCertificateQualifier) {
+ if (allowedSSCD.equals(certSSCD)) {
+ sscdSourceTSL = true;
+ sscd = true;
+
+ }
+ }
+ }
+ }
+
+ //check additional flags in TSP qualifiers for this certificate
+ if (tslCertificateQualifier != null) {
+ for (URI qEl : tslCertificateQualifier) {
+ //check if SSCD/QSCD status must be used from cert
+ if (qEl.equals(
+ TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+ TslConstants.SSCD_QUALIFIER_SHORT.QCQSCDStatusAsInCert))
+ || qEl.equals(TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+ TslConstants.SSCD_QUALIFIER_SHORT.QCSSCDStatusAsInCert))) {
+
+ sscdSourceTSL = false;
+ sscd = false;
+
+ //check if extentsion includes a NotQualified flag
+ } else if (qEl.equals(
+ TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+ TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) {
+ qc = false;
+ qcSourceTSL = false;
+ qcDisallowedFromTSL = true;
+ Logger.info("TSL mark this certificate explicitly as 'NotQualified'!");
+
+ }
+ }
+ }
+
+ //evaluate QC statement according previous selected information
if (qcSourceTSL)
Logger.debug("Certificate is QC (Source: TSL)");
-
+
else {
- // if QC check via TSL returns false
- // try certificate extensions QCP and QcEuCompliance
- Logger.debug("QC check via TSL returned false - checking certificate extensions");
- boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
- boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+ // if TSL return no service-type identifier us information from certificate
+ if (tslServiceTypeIdentifier == null ||
+ MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
+ // try certificate extensions QCP and QcEuCompliance
+ Logger.debug("QC check via TSL returned false - checking certificate extensions");
+ boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+ boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
- if (checkQCP || checkQcEuCompliance) {
- Logger.debug("Certificate is QC (Source: Certificate)");
- qc = true;
+ if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
+ Logger.debug("Certificate is QC (Source: Certificate)");
+ qc = true;
- }
-
+ }
+ }
}
- //check SSCD
- List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD();
- for (URI allowedSSCD : allowedSSCDQualifier) {
- for (URI certSSCD : tslCertificateQualifier) {
- if (allowedSSCD.equals(certSSCD)) {
- sscdSourceTSL = true;
- sscd = true;
-
- }
- }
-
- }
+ //evaluate SSCD/QSCD results according previous selected information
if (sscdSourceTSL)
Logger.debug("Certificate is SSCD (Source: TSL)");
@@ -262,7 +306,8 @@ public class CertificateUtils {
tslCheckResult.getTerritory(),
tslCheckResult.getTspStatus(),
tslServiceTypeIdentifier.toString(),
- tslCertificateQualifier);
+ tslCertificateQualifier,
+ tslCheckResult.getAdditionalServiceInformation());
result.setTslInfos(extTslInfos);
return result;