diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java')
-rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java | 60 |
1 files changed, 59 insertions, 1 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java index 3f6998a..b776255 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -27,11 +27,21 @@ import iaik.pki.PKIProfile; import iaik.pki.pathvalidation.ValidationProfile; import iaik.pki.revocation.RevocationProfile; import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; + +import java.util.Arrays; + +import at.gv.egovernment.moa.sig.tsl.exception.TslPKIException; +import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreProfile; +import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreProfile; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl; import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl; import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl; +import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory; +import at.gv.egovernment.moaspss.logging.Logger; /** * Implementation of the <code>PKIProfile</code> interface containing @@ -70,10 +80,58 @@ public class PKIProfileImpl implements PKIProfile { this.config = config; setRevocationProfile(new RevocationProfileImpl(config)); - setTrustStoreProfile(new TrustStoreProfileImpl(config, trustProfileID)); setValidationProfile(new ValidationProfileImpl(config)); + + //generate TrustStoreProfile from TrustStore configuration + internalTrustProfileBuilder(trustProfileID); + } + + private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException { + TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId); + if (tp != null) { + //build directory based trust store as default + + + if (tp.isTSLEnabled()) { + //build TSL truststore if enabled + TslTrustStoreProfile tslTrustStore; + try { + tslTrustStore = TSLServiceFactory.getTSLServiceClient(). + buildTrustStoreProfile( + tp.getCountries(), + tp.getAllowedTspStatus(), + tp.getAllowedTspServiceTypes(), + trustProfileId + "_TSL"); + + //build Directory based TrustStore + TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId + "_Directory", tp.getUri()); + + //generate a virtual truststore that concatenates the TSL TrustStore and the directory TrustStore + ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile( + Arrays.asList(tslTrustStore, directoryTrustStore), + trustProfileId); + + //set this virtual truststore + setTrustStoreProfile(chainedProfile); + + } catch (TslPKIException e) { + Logger.error("Virtual TSL based TrustProfile generation FAILED.", e); + throw new MOAApplicationException("2900", new Object[] { trustProfileId }); + + } + + } else + setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri())); + + } else { + throw new MOAApplicationException("2203", new Object[] { trustProfileId }); + + } + + } + /** * @see iaik.pki.PKIProfile#autoAddCertificates() */ |