aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java71
1 files changed, 41 insertions, 30 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index ad64052..ce78580 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -259,26 +259,33 @@ public class CertificateUtils {
}
}
- //evaluate QC statement according previous selected information
- if (qcSourceTSL)
- Logger.debug("Certificate is QC (Source: TSL)");
-
- else {
- // if TSL return no service-type identifier us information from certificate
- if (tslServiceTypeIdentifier == null ||
- MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
- // try certificate extensions QCP and QcEuCompliance
- Logger.debug("QC check via TSL returned false - checking certificate extensions");
- boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
- boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
-
- if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
- Logger.debug("Certificate is QC (Source: Certificate)");
- qc = true;
-
- }
- }
- }
+ /*
+ * This block is removes with MOA-SP 3.1 because if TSL support is enabled for the requested TrustProfile
+ * QC evaluation is ONLY allowed from TSL information!!! Because with eIDAS regulation and July 01. 2016
+ * the Trust-Status List is constitutive.
+ */
+// //evaluate QC statement according previous selected information
+// if (qcSourceTSL)
+// Logger.debug("Certificate is QC (Source: TSL)");
+//
+// else {
+//
+//
+// // if TSL return no service-type identifier us information from certificate
+// if (tslServiceTypeIdentifier == null ||
+// MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
+// // try certificate extensions QCP and QcEuCompliance
+// Logger.debug("QC check via TSL returned false - checking certificate extensions");
+// boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+// boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+//
+// if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
+// Logger.debug("Certificate is QC (Source: Certificate)");
+// qc = true;
+//
+// }
+// }
+// }
//evaluate SSCD/QSCD results according previous selected information
@@ -313,13 +320,14 @@ public class CertificateUtils {
return result;
} else {
- Logger.debug("Qualifier check via TSL return null - checking certificate extensions");
- return parseInfosFromCertificate(chain);
+ Logger.debug("Qualifier check via TSL return null - checking certificate extensions without QC evaluation");
+ return parseInfosFromCertificate(chain, false);
}
} else
- return parseInfosFromCertificate(chain);
+ Logger.info("TSL support is not enabled - checking certificate extensions with QC evaluation ");
+ return parseInfosFromCertificate(chain, true);
}
catch (TslException e) {
MessageProvider msg = MessageProvider.getInstance();
@@ -330,19 +338,22 @@ public class CertificateUtils {
}
- private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain) {
+ private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain, boolean performQCEvaluation) {
boolean qc = false;
boolean sscd = false;
// Trustprofile is not TSL enabled - use certificate extensions only
- // perform QC check
- // try certificate extensions QCP and QcEuCompliance
- boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
- boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+ if (performQCEvaluation) {
+ // perform QC check
+ // try certificate extensions QCP and QcEuCompliance
+ boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+ boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
- if (checkQCP || checkQcEuCompliance)
- qc = true;
+ if (checkQCP || checkQcEuCompliance)
+ qc = true;
+
+ }
// perform SSCD check
// try certificate extensions QCP+ and QcEuSSCD