diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-01-10 15:10:15 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-01-10 15:10:15 +0100 |
commit | c6f686485e50e8de112445da07d98b93278b09d0 (patch) | |
tree | a8318ff3bda10c5b10bc29dabf04cee2d287f307 /moaSig/moa-sig-lib/src/main | |
parent | 8574f931c169248c67c3a5946351f9072628af46 (diff) | |
download | moa-sig-c6f686485e50e8de112445da07d98b93278b09d0.tar.gz moa-sig-c6f686485e50e8de112445da07d98b93278b09d0.tar.bz2 moa-sig-c6f686485e50e8de112445da07d98b93278b09d0.zip |
MOA-SP with new TSL RC1
Diffstat (limited to 'moaSig/moa-sig-lib/src/main')
7 files changed, 57 insertions, 33 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java index 69dad89..57a60a6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java @@ -128,7 +128,7 @@ public class SignerInfoImpl implements SignerInfo { } public String getQCSource() { - if (qcSourceTSL) + if (this.qcSourceTSL) return "TSL"; else return "Certificate"; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java index 4c40a5f..120b01a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java @@ -18,10 +18,11 @@ public class TslInfosImpl implements TslInfos { this.tslServiceTypeStatus = tslServiceTypeStatus; this.tslServiceTypeIdentifier = tslServiceTypeIdentifier; - for (URI el : tslCertificateQualifier) - this.tslServiceQualifier.add(el.toString()); + if (tslCertificateQualifier != null) { + for (URI el : tslCertificateQualifier) + this.tslServiceQualifier.add(el.toString()); - + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 1b47013..89f4c1e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -758,6 +758,11 @@ public class ConfigurationPartsBuilder { while ((keyGroupElem = (Element) kgIter.nextNode()) != null) { String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null); + + //switch all keyGroupIds to lower case, only + if (MiscUtil.isNotEmpty(keyGroupId)) + keyGroupId = keyGroupId.trim().toLowerCase(); + String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null); Set keyGroupEntries = buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); @@ -883,9 +888,9 @@ public class ConfigurationPartsBuilder { keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId"); while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) { - String keyGroupId = getElementValue(keyGroupElem, ".", null); - KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId); - + String keyGroupId = getElementValue(keyGroupElem, ".", null); + KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); + if (keyGroup != null) { groups.put(keyGroupId, keyGroup); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 79ef1d2..6a007cf 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -633,9 +633,12 @@ public class ConfigurationProvider return keyGroups; } - public KeyGroup getKeyGroup(String keyGroupId) { - KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId); - return keyGroup; + public KeyGroup getKeyGroup(String keyGroupId) { + if (MiscUtil.isNotEmpty(keyGroupId)) + return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); + + else + return null; } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index f64643f..23fe487 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -76,16 +76,21 @@ public class TrustProfile { //TSL configuration parameters this.tslEnabled = tslEnabled; - - setCountries(countries); - Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries"); - - setAllowedTspStatus(allowedTspStatus); - Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier"); + + if (tslEnabled) { + setCountries(countries); + if (!this.countries.isEmpty()) + Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries"); + else + Logger.info("TrustProfile "+ id + " allows " + "ALL" + " TSL countries"); - setAllowedTspServiceTypes(allowedTspServiceTypes); - Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier"); - + setAllowedTspStatus(allowedTspStatus); + Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier"); + + setAllowedTspServiceTypes(allowedTspServiceTypes); + Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier"); + + } } private void setCountries(String countries) { @@ -112,7 +117,7 @@ public class TrustProfile { } } else { - Logger.info("Use default set of TSP Status identifier"); + Logger.debug("Use default set of TSP Status identifier"); this.allowedTspStatus.addAll( Arrays.asList( TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.granted), @@ -129,7 +134,7 @@ public class TrustProfile { String[] ccArray = allowedTspServiceTypes.split(","); for (String el : ccArray) { try { - this.allowedTspStatus.add(new URI(el.trim())); + this.allowedTspServiceTypes.add(new URI(el.trim())); } catch (URISyntaxException e) { Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")"); @@ -139,11 +144,11 @@ public class TrustProfile { } } else { - Logger.info("Use default set of TSP Service-Type identifier"); - this.allowedTspStatus.addAll( + Logger.debug("Use default set of TSP Service-Type identifier"); + this.allowedTspServiceTypes.addAll( Arrays.asList( - TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC), - TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST))); + TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC), + TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST))); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java index 83bcf3a..223361d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java @@ -4,9 +4,11 @@ import at.gv.egovernment.moa.sig.tsl.TslClientFactory; import at.gv.egovernment.moa.sig.tsl.api.ITslService; import at.gv.egovernment.moa.sig.tsl.config.TslConfigurationImpl; import at.gv.egovernment.moa.sig.tsl.exception.TslException; +import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreHandler; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; +import iaik.pki.store.truststore.TrustStoreFactory; public class TSLServiceFactory { @@ -17,7 +19,9 @@ public class TSLServiceFactory { if (tslClient == null) { try { tslClient = TslClientFactory.buildTslService(config ); - + + TrustStoreFactory.addTrustStoreHandler(new ChainingTrustStoreHandler()); + } catch (TslException e) { Logger.fatal(new LogMsg(MessageProvider.getInstance().getMessage("init.05", new Object[]{e.getMessage()})), e); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index 0ea0677..6b07594 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -19,6 +19,7 @@ import java.util.Arrays; import java.util.Date; import java.util.List; +import at.gv.egovernment.moa.sig.tsl.TslConstants; import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult; import at.gv.egovernment.moa.sig.tsl.exception.TslException; import at.gv.egovernment.moa.spss.api.common.TslInfos; @@ -186,7 +187,11 @@ public class CertificateUtils { } - ITslEndEntityResult tslCheckResult = TSLServiceFactory.getTSLServiceClient().evaluate(Arrays.asList(chain), signingTime); + ITslEndEntityResult tslCheckResult = + TSLServiceFactory.getTSLServiceClient().evaluate( + Arrays.asList(chain), + signingTime, + TslConstants.CHAIN_MODEL); if (tslCheckResult != null) { URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier(); @@ -228,15 +233,16 @@ public class CertificateUtils { //check SSCD List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD(); - for (URI allowedSSCD : allowedSSCDQualifier) { - for (URI certSSCD : tslCertificateQualifier) { - if (allowedSSCD.equals(certSSCD)) { - sscdSourceTSL = true; - sscd = true; + if (tslCertificateQualifier != null && allowedSSCDQualifier != null) { + for (URI allowedSSCD : allowedSSCDQualifier) { + for (URI certSSCD : tslCertificateQualifier) { + if (allowedSSCD.equals(certSSCD)) { + sscdSourceTSL = true; + sscd = true; + } } } - } if (sscdSourceTSL) Logger.debug("Certificate is SSCD (Source: TSL)"); |