diff options
| author | tlenz <thomas.lenz@egiz.gv.at> | 2017-01-24 11:55:05 +0100 |
|---|---|---|
| committer | tlenz <thomas.lenz@egiz.gv.at> | 2017-01-24 11:55:05 +0100 |
| commit | 0df09d7de785d905e88ccd442ea1c060af2ffff8 (patch) | |
| tree | a9bbc6ae5617fb46b8b8fb765d70336495b47604 /moaSig/moa-sig-lib | |
| parent | 1a0f7abd972f0a50b98299da4f680a0ecfc33217 (diff) | |
| parent | b0d77d439a8df6b09648e19b1ec93f24eadfbe7b (diff) | |
| download | moa-sig-0df09d7de785d905e88ccd442ea1c060af2ffff8.tar.gz moa-sig-0df09d7de785d905e88ccd442ea1c060af2ffff8.tar.bz2 moa-sig-0df09d7de785d905e88ccd442ea1c060af2ffff8.zip | |
local merge
Merge branch 'master' of https://gitlab.iaik.tugraz.at/egiz/moa-sig
Diffstat (limited to 'moaSig/moa-sig-lib')
12 files changed, 171 insertions, 61 deletions
diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle index 85ac36c..5cbfba7 100644 --- a/moaSig/moa-sig-lib/build.gradle +++ b/moaSig/moa-sig-lib/build.gradle @@ -15,11 +15,12 @@ dependencies { compile 'commons-io:commons-io:2.4' compile 'commons-codec:commons-codec:1.10' compile 'org.apache.axis:axis-jaxrpc:1.4' - compile 'org.xerial:sqlite-jdbc:3.8.11.2' + compile 'org.xerial:sqlite-jdbc:3.15.1' compile 'javax.xml.bind:jaxb-api:2.2.12' compile 'com.sun.xml.bind:jaxb-core:2.2.11' compile 'com.sun.xml.bind:jaxb-impl:2.2.11' compile 'org.postgresql:postgresql:9.4-1204-jdbc42' + compile group: 'org.apache.commons', name: 'commons-lang3', version: '3.5' } task releases(type: Copy) { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java index 9718ada..2a04f96 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java @@ -38,4 +38,12 @@ public interface TslInfos { * @return */ public List<String> getQualifiers(); + + /** + * Gets additional service information for the analyzed certificate + * + * @return + */ + public List<String> getAdditionalServiceInformation(); + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java index 69dad89..57a60a6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java @@ -128,7 +128,7 @@ public class SignerInfoImpl implements SignerInfo { } public String getQCSource() { - if (qcSourceTSL) + if (this.qcSourceTSL) return "TSL"; else return "Certificate"; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java index 4c40a5f..fad42e6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java @@ -11,16 +11,23 @@ public class TslInfosImpl implements TslInfos { private String tslServiceTypeIdentifier; private String tslServiceTypeStatus; private List<String> tslServiceQualifier = new ArrayList<String>(); + private List<String> tslAdditionalServiceInformation = new ArrayList<String>(); private String tslCountry; - public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, List<URI> tslCertificateQualifier) { + public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, + List<URI> tslCertificateQualifier, List<String> additionalServiceInformation) { this.tslCountry = country; this.tslServiceTypeStatus = tslServiceTypeStatus; this.tslServiceTypeIdentifier = tslServiceTypeIdentifier; - for (URI el : tslCertificateQualifier) - this.tslServiceQualifier.add(el.toString()); + if (tslCertificateQualifier != null) { + for (URI el : tslCertificateQualifier) + this.tslServiceQualifier.add(el.toString()); + } + + if (additionalServiceInformation != null) + this.tslAdditionalServiceInformation.addAll(additionalServiceInformation); } @@ -45,4 +52,11 @@ public class TslInfosImpl implements TslInfos { return tslServiceQualifier; } + + @Override + public List<String> getAdditionalServiceInformation() { + return this.tslAdditionalServiceInformation; + + } + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index 79a674e..fafbc16 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -205,7 +205,21 @@ public class ResponseBuilderUtils { tslInfoElement.appendChild(tslQualifiers); } - + + //append additional service information + if (tslInfos.getAdditionalServiceInformation() != null + && tslInfos.getAdditionalServiceInformation().size() > 0) { + Element tslAdditionalServiceInformations = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformations"); + + for (String el : tslInfos.getAdditionalServiceInformation()) { + Element tslAdditionalServiceInformation = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformation"); + tslAdditionalServiceInformation.setTextContent(el); + tslAdditionalServiceInformations.appendChild(tslAdditionalServiceInformation); + + } + tslInfoElement.appendChild(tslAdditionalServiceInformations); + + } } Element publicAuthorityElem = diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 5f3f670..15e44eb 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -763,6 +763,11 @@ public class ConfigurationPartsBuilder { while ((keyGroupElem = (Element) kgIter.nextNode()) != null) { String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null); + + //switch all keyGroupIds to lower case, only + if (MiscUtil.isNotEmpty(keyGroupId)) + keyGroupId = keyGroupId.trim().toLowerCase(); + String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null); Set keyGroupEntries = buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); @@ -888,9 +893,9 @@ public class ConfigurationPartsBuilder { keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId"); while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) { - String keyGroupId = getElementValue(keyGroupElem, ".", null); - KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId); - + String keyGroupId = getElementValue(keyGroupElem, ".", null); + KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); + if (keyGroup != null) { groups.put(keyGroupId, keyGroup); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 3e074a2..7ae83cb 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -637,9 +637,12 @@ public class ConfigurationProvider return keyGroups; } - public KeyGroup getKeyGroup(String keyGroupId) { - KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId); - return keyGroup; + public KeyGroup getKeyGroup(String keyGroupId) { + if (MiscUtil.isNotEmpty(keyGroupId)) + return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase()); + + else + return null; } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index f64643f..0063c7f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -29,6 +29,8 @@ import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import java.util.regex.Pattern; +import java.util.regex.PatternSyntaxException; import at.gv.egovernment.moa.sig.tsl.TslConstants; import at.gv.egovernment.moaspss.logging.Logger; @@ -55,7 +57,7 @@ public class TrustProfile { private List<String> countries = new ArrayList<String>(); private List<URI> allowedTspStatus = new ArrayList<URI>(); - private List<URI> allowedTspServiceTypes = new ArrayList<URI>(); + private List<Pattern> allowedTspServiceTypes = new ArrayList<Pattern>(); /** @@ -76,16 +78,21 @@ public class TrustProfile { //TSL configuration parameters this.tslEnabled = tslEnabled; - - setCountries(countries); - Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries"); - - setAllowedTspStatus(allowedTspStatus); - Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier"); + + if (tslEnabled) { + setCountries(countries); + if (!this.countries.isEmpty()) + Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries"); + else + Logger.info("TrustProfile "+ id + " allows " + "ALL" + " TSL countries"); - setAllowedTspServiceTypes(allowedTspServiceTypes); - Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier"); - + setAllowedTspStatus(allowedTspStatus); + Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier"); + + setAllowedTspServiceTypes(allowedTspServiceTypes); + Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier"); + + } } private void setCountries(String countries) { @@ -112,7 +119,7 @@ public class TrustProfile { } } else { - Logger.info("Use default set of TSP Status identifier"); + Logger.debug("Use default set of TSP Status identifier"); this.allowedTspStatus.addAll( Arrays.asList( TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.granted), @@ -129,21 +136,20 @@ public class TrustProfile { String[] ccArray = allowedTspServiceTypes.split(","); for (String el : ccArray) { try { - this.allowedTspStatus.add(new URI(el.trim())); + this.allowedTspServiceTypes.add(Pattern.compile(el.trim())); - } catch (URISyntaxException e) { - Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")"); + } catch (PatternSyntaxException e) { + Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier Regex pattern(" + el + ")"); } } } else { - Logger.info("Use default set of TSP Service-Type identifier"); - this.allowedTspStatus.addAll( + Logger.debug("Use default set of TSP Service-Type identifier"); + this.allowedTspServiceTypes.addAll( Arrays.asList( - TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC), - TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST))); + Pattern.compile(TslConstants.DEFAULT_REGEX_PATTERN_ALLOW_ALL))); } @@ -199,7 +205,7 @@ public class TrustProfile { return allowedTspStatus; } - public List<URI> getAllowedTspServiceTypes() { + public List<Pattern> getAllowedTspServiceTypes() { return allowedTspServiceTypes; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 8ff0b12..1eb9984 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -153,6 +153,7 @@ public class SystemInitializer { TslConfigurationImpl tslConfig = new TslConfigurationImpl(); tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl()); tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory()); + tslConfig.setNetworkReadTimeout(config.getReadTimeout()); Logger.info(new LogMsg(msg.getMessage("config.41", null))); TSLServiceFactory.initialize(tslConfig); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java index cb77ad1..32eab9e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java @@ -28,6 +28,7 @@ import iaik.server.modules.algorithms.HashAlgorithms; import iaik.server.modules.keys.KeyEntryID; import iaik.server.modules.keys.KeyModule; import iaik.server.modules.keys.KeyModuleFactory; +import iaik.server.modules.xml.Canonicalization; import iaik.server.modules.xmlsign.SignatureStructureTypes; import iaik.server.modules.xmlsign.XMLSignatureCreationProfile; import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation; @@ -57,6 +58,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.config.KeyGroup; import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry; import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl; +import at.gv.egovernment.moa.spss.server.iaik.xml.ExclusiveCanonicalizationImpl; import at.gv.egovernment.moa.spss.server.iaik.xmlsign.DataObjectTreatmentImpl; import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureCreationProfileImpl; import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureInsertionLocationImpl; @@ -136,7 +138,6 @@ public class XMLSignatureCreationProfileFactory { TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); ConfigurationProvider config = context.getConfiguration(); - CanonicalizationImpl canonicalization; List dataObjectTreatmentList; Set keySet; List transformationSupplements; @@ -234,9 +235,17 @@ public class XMLSignatureCreationProfileFactory { getSignatureInsertionLocationIndex(singleSignatureInfo)); // set the canonicalization algorithm - canonicalization = - new CanonicalizationImpl(config.getCanonicalizationAlgorithmName()); - profile.setSignedInfoCanonicalization(canonicalization); + String canonicalizationURI = config.getCanonicalizationAlgorithmName(); + if (Canonicalization.ALL_EXCLUSIVE.contains(canonicalizationURI)) { + ExclusiveCanonicalizationImpl canonicalization = new ExclusiveCanonicalizationImpl(config.getCanonicalizationAlgorithmName(), null); + profile.setSignedInfoCanonicalization(canonicalization); + + } else { + CanonicalizationImpl canonicalization = + new CanonicalizationImpl(config.getCanonicalizationAlgorithmName()); + profile.setSignedInfoCanonicalization(canonicalization); + + } // set the signed properties profile.setSignedProperties(Collections.EMPTY_LIST); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java index 83bcf3a..223361d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java @@ -4,9 +4,11 @@ import at.gv.egovernment.moa.sig.tsl.TslClientFactory; import at.gv.egovernment.moa.sig.tsl.api.ITslService; import at.gv.egovernment.moa.sig.tsl.config.TslConfigurationImpl; import at.gv.egovernment.moa.sig.tsl.exception.TslException; +import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreHandler; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; +import iaik.pki.store.truststore.TrustStoreFactory; public class TSLServiceFactory { @@ -17,7 +19,9 @@ public class TSLServiceFactory { if (tslClient == null) { try { tslClient = TslClientFactory.buildTslService(config ); - + + TrustStoreFactory.addTrustStoreHandler(new ChainingTrustStoreHandler()); + } catch (TslException e) { Logger.fatal(new LogMsg(MessageProvider.getInstance().getMessage("init.05", new Object[]{e.getMessage()})), e); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index 0ea0677..ad64052 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -19,8 +19,10 @@ import java.util.Arrays; import java.util.Date; import java.util.List; +import at.gv.egovernment.moa.sig.tsl.TslConstants; import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult; import at.gv.egovernment.moa.sig.tsl.exception.TslException; +import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.spss.api.common.TslInfos; import at.gv.egovernment.moa.spss.api.impl.TslInfosImpl; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; @@ -186,16 +188,25 @@ public class CertificateUtils { } - ITslEndEntityResult tslCheckResult = TSLServiceFactory.getTSLServiceClient().evaluate(Arrays.asList(chain), signingTime); + ITslEndEntityResult tslCheckResult = + TSLServiceFactory.getTSLServiceClient().evaluate( + Arrays.asList(chain), + signingTime, + TslConstants.CHAIN_MODEL); if (tslCheckResult != null) { URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier(); List<URI> tslCertificateQualifier = tslCheckResult.getEvaluatedQualifier(); + // QC evaluation flags boolean qc = false; boolean qcSourceTSL = false; + boolean qcDisallowedFromTSL = false; + + // SSCD/QSCD evaluation flags boolean sscd = false; boolean sscdSourceTSL = false; + //check QC List<URI> allowedQCQualifier = config.getTSLConfiguration().getQualifierForQC(); @@ -207,37 +218,70 @@ public class CertificateUtils { } } + + //check SSCD/QSCD qualifiers and mark result acording this check + List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD(); + if (tslCertificateQualifier != null && allowedSSCDQualifier != null) { + for (URI allowedSSCD : allowedSSCDQualifier) { + for (URI certSSCD : tslCertificateQualifier) { + if (allowedSSCD.equals(certSSCD)) { + sscdSourceTSL = true; + sscd = true; + + } + } + } + } + + //check additional flags in TSP qualifiers for this certificate + if (tslCertificateQualifier != null) { + for (URI qEl : tslCertificateQualifier) { + //check if SSCD/QSCD status must be used from cert + if (qEl.equals( + TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.QCQSCDStatusAsInCert)) + || qEl.equals(TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.QCSSCDStatusAsInCert))) { + + sscdSourceTSL = false; + sscd = false; + + //check if extentsion includes a NotQualified flag + } else if (qEl.equals( + TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) { + qc = false; + qcSourceTSL = false; + qcDisallowedFromTSL = true; + Logger.info("TSL mark this certificate explicitly as 'NotQualified'!"); + + } + } + } + + //evaluate QC statement according previous selected information if (qcSourceTSL) Logger.debug("Certificate is QC (Source: TSL)"); - + else { - // if QC check via TSL returns false - // try certificate extensions QCP and QcEuCompliance - Logger.debug("QC check via TSL returned false - checking certificate extensions"); - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); + // if TSL return no service-type identifier us information from certificate + if (tslServiceTypeIdentifier == null || + MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { + // try certificate extensions QCP and QcEuCompliance + Logger.debug("QC check via TSL returned false - checking certificate extensions"); + boolean checkQCP = CertificateUtils.checkQCP(chain[0]); + boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - if (checkQCP || checkQcEuCompliance) { - Logger.debug("Certificate is QC (Source: Certificate)"); - qc = true; + if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { + Logger.debug("Certificate is QC (Source: Certificate)"); + qc = true; - } - + } + } } - //check SSCD - List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD(); - for (URI allowedSSCD : allowedSSCDQualifier) { - for (URI certSSCD : tslCertificateQualifier) { - if (allowedSSCD.equals(certSSCD)) { - sscdSourceTSL = true; - sscd = true; - - } - } - - } + //evaluate SSCD/QSCD results according previous selected information if (sscdSourceTSL) Logger.debug("Certificate is SSCD (Source: TSL)"); @@ -262,7 +306,8 @@ public class CertificateUtils { tslCheckResult.getTerritory(), tslCheckResult.getTspStatus(), tslServiceTypeIdentifier.toString(), - tslCertificateQualifier); + tslCertificateQualifier, + tslCheckResult.getAdditionalServiceInformation()); result.setTslInfos(extTslInfos); return result; |