diff options
6 files changed, 107 insertions, 31 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java index 9718ada..2a04f96 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java @@ -38,4 +38,12 @@ public interface TslInfos { * @return */ public List<String> getQualifiers(); + + /** + * Gets additional service information for the analyzed certificate + * + * @return + */ + public List<String> getAdditionalServiceInformation(); + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java index 120b01a..fad42e6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java @@ -11,9 +11,11 @@ public class TslInfosImpl implements TslInfos { private String tslServiceTypeIdentifier; private String tslServiceTypeStatus; private List<String> tslServiceQualifier = new ArrayList<String>(); + private List<String> tslAdditionalServiceInformation = new ArrayList<String>(); private String tslCountry; - public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, List<URI> tslCertificateQualifier) { + public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, + List<URI> tslCertificateQualifier, List<String> additionalServiceInformation) { this.tslCountry = country; this.tslServiceTypeStatus = tslServiceTypeStatus; this.tslServiceTypeIdentifier = tslServiceTypeIdentifier; @@ -22,7 +24,11 @@ public class TslInfosImpl implements TslInfos { for (URI el : tslCertificateQualifier) this.tslServiceQualifier.add(el.toString()); - } + } + + if (additionalServiceInformation != null) + this.tslAdditionalServiceInformation.addAll(additionalServiceInformation); + } @@ -46,4 +52,11 @@ public class TslInfosImpl implements TslInfos { return tslServiceQualifier; } + + @Override + public List<String> getAdditionalServiceInformation() { + return this.tslAdditionalServiceInformation; + + } + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index 79a674e..fafbc16 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -205,7 +205,21 @@ public class ResponseBuilderUtils { tslInfoElement.appendChild(tslQualifiers); } - + + //append additional service information + if (tslInfos.getAdditionalServiceInformation() != null + && tslInfos.getAdditionalServiceInformation().size() > 0) { + Element tslAdditionalServiceInformations = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformations"); + + for (String el : tslInfos.getAdditionalServiceInformation()) { + Element tslAdditionalServiceInformation = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformation"); + tslAdditionalServiceInformation.setTextContent(el); + tslAdditionalServiceInformations.appendChild(tslAdditionalServiceInformation); + + } + tslInfoElement.appendChild(tslAdditionalServiceInformations); + + } } Element publicAuthorityElem = diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index 23fe487..0063c7f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -29,6 +29,8 @@ import java.net.URISyntaxException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import java.util.regex.Pattern; +import java.util.regex.PatternSyntaxException; import at.gv.egovernment.moa.sig.tsl.TslConstants; import at.gv.egovernment.moaspss.logging.Logger; @@ -55,7 +57,7 @@ public class TrustProfile { private List<String> countries = new ArrayList<String>(); private List<URI> allowedTspStatus = new ArrayList<URI>(); - private List<URI> allowedTspServiceTypes = new ArrayList<URI>(); + private List<Pattern> allowedTspServiceTypes = new ArrayList<Pattern>(); /** @@ -134,10 +136,10 @@ public class TrustProfile { String[] ccArray = allowedTspServiceTypes.split(","); for (String el : ccArray) { try { - this.allowedTspServiceTypes.add(new URI(el.trim())); + this.allowedTspServiceTypes.add(Pattern.compile(el.trim())); - } catch (URISyntaxException e) { - Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")"); + } catch (PatternSyntaxException e) { + Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier Regex pattern(" + el + ")"); } @@ -147,8 +149,7 @@ public class TrustProfile { Logger.debug("Use default set of TSP Service-Type identifier"); this.allowedTspServiceTypes.addAll( Arrays.asList( - TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC), - TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST))); + Pattern.compile(TslConstants.DEFAULT_REGEX_PATTERN_ALLOW_ALL))); } @@ -204,7 +205,7 @@ public class TrustProfile { return allowedTspStatus; } - public List<URI> getAllowedTspServiceTypes() { + public List<Pattern> getAllowedTspServiceTypes() { return allowedTspServiceTypes; } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 8ff0b12..1eb9984 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -153,6 +153,7 @@ public class SystemInitializer { TslConfigurationImpl tslConfig = new TslConfigurationImpl(); tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl()); tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory()); + tslConfig.setNetworkReadTimeout(config.getReadTimeout()); Logger.info(new LogMsg(msg.getMessage("config.41", null))); TSLServiceFactory.initialize(tslConfig); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index 6b07594..ad64052 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -22,6 +22,7 @@ import java.util.List; import at.gv.egovernment.moa.sig.tsl.TslConstants; import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult; import at.gv.egovernment.moa.sig.tsl.exception.TslException; +import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.spss.api.common.TslInfos; import at.gv.egovernment.moa.spss.api.impl.TslInfosImpl; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; @@ -197,10 +198,15 @@ public class CertificateUtils { URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier(); List<URI> tslCertificateQualifier = tslCheckResult.getEvaluatedQualifier(); + // QC evaluation flags boolean qc = false; boolean qcSourceTSL = false; + boolean qcDisallowedFromTSL = false; + + // SSCD/QSCD evaluation flags boolean sscd = false; boolean sscdSourceTSL = false; + //check QC List<URI> allowedQCQualifier = config.getTSLConfiguration().getQualifierForQC(); @@ -212,26 +218,8 @@ public class CertificateUtils { } } - if (qcSourceTSL) - Logger.debug("Certificate is QC (Source: TSL)"); - - else { - // if QC check via TSL returns false - // try certificate extensions QCP and QcEuCompliance - Logger.debug("QC check via TSL returned false - checking certificate extensions"); - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - - if (checkQCP || checkQcEuCompliance) { - Logger.debug("Certificate is QC (Source: Certificate)"); - qc = true; - - } - - } - - //check SSCD + //check SSCD/QSCD qualifiers and mark result acording this check List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD(); if (tslCertificateQualifier != null && allowedSSCDQualifier != null) { for (URI allowedSSCD : allowedSSCDQualifier) { @@ -243,7 +231,57 @@ public class CertificateUtils { } } } - } + } + + //check additional flags in TSP qualifiers for this certificate + if (tslCertificateQualifier != null) { + for (URI qEl : tslCertificateQualifier) { + //check if SSCD/QSCD status must be used from cert + if (qEl.equals( + TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.QCQSCDStatusAsInCert)) + || qEl.equals(TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.QCSSCDStatusAsInCert))) { + + sscdSourceTSL = false; + sscd = false; + + //check if extentsion includes a NotQualified flag + } else if (qEl.equals( + TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get( + TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) { + qc = false; + qcSourceTSL = false; + qcDisallowedFromTSL = true; + Logger.info("TSL mark this certificate explicitly as 'NotQualified'!"); + + } + } + } + + //evaluate QC statement according previous selected information + if (qcSourceTSL) + Logger.debug("Certificate is QC (Source: TSL)"); + + else { + // if TSL return no service-type identifier us information from certificate + if (tslServiceTypeIdentifier == null || + MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { + // try certificate extensions QCP and QcEuCompliance + Logger.debug("QC check via TSL returned false - checking certificate extensions"); + boolean checkQCP = CertificateUtils.checkQCP(chain[0]); + boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); + + if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { + Logger.debug("Certificate is QC (Source: Certificate)"); + qc = true; + + } + } + } + + + //evaluate SSCD/QSCD results according previous selected information if (sscdSourceTSL) Logger.debug("Certificate is SSCD (Source: TSL)"); @@ -268,7 +306,8 @@ public class CertificateUtils { tslCheckResult.getTerritory(), tslCheckResult.getTspStatus(), tslServiceTypeIdentifier.toString(), - tslCertificateQualifier); + tslCertificateQualifier, + tslCheckResult.getAdditionalServiceInformation()); result.setTslInfos(extTslInfos); return result; |