diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java')
| -rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java | 361 |
1 files changed, 180 insertions, 181 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java index 97eb6ef..0032dc6 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -23,15 +23,8 @@ package at.gv.egovernment.moa.spss.server.iaik.pki; -import iaik.pki.PKIProfile; -import iaik.pki.pathvalidation.ValidationProfile; -import iaik.pki.revocation.RevocationProfile; -import iaik.pki.store.truststore.TrustStoreProfile; -import iaik.pki.store.truststore.TrustStoreTypes; - import java.util.Arrays; -import at.gv.egovernment.moa.sig.tsl.api.ITslService; import at.gv.egovernment.moa.sig.tsl.exception.TslPKIException; import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreProfile; import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreProfile; @@ -43,189 +36,195 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileIm import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl; import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory; import at.gv.egovernment.moaspss.logging.Logger; +import iaik.pki.PKIProfile; +import iaik.pki.pathvalidation.ValidationProfile; +import iaik.pki.revocation.RevocationProfile; +import iaik.pki.store.truststore.TrustStoreProfile; /** * Implementation of the <code>PKIProfile</code> interface containing * information needed for certificate path validation. It uses configuration * data from the MOA configuration. - * + * * @author Patrick Peck * @version $Id$ */ public class PKIProfileImpl implements PKIProfile { - /** Profile information for revocation checking. */ - private RevocationProfile revocationProfile; - /** Profile information about the trust profile to use. */ - private TrustStoreProfile trustStoreProfile; - /** Profile information about the certificate validation. */ - private ValidationProfile validationProfile; - /** - * The <code>ConfigurationProvider</code> to read the MOA configuration data - * from. - */ - private ConfigurationProvider config; - - /** - * Create a new <code>PKIProfileImpl</code>. - * - * @param config - * The MOA configuration providing configuration data about - * certificate path validation. - * @param trustProfileID - * The trust profile ID denoting the location of the trust store. - * @throws MOAApplicationException - * An error occurred building the profile. - */ - public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException { - - this.config = config; - setRevocationProfile(new RevocationProfileImpl(config)); - setValidationProfile(new ValidationProfileImpl(config)); - - //generate TrustStoreProfile from TrustStore configuration - internalTrustProfileBuilder(trustProfileID); - - } - - - private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException { - TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId); - if (tp != null) { - //build directory based trust store as default - - - if (tp.isTSLEnabled()) { - TslTrustStoreProfile tslTrustStore; - try { - if (!TSLServiceFactory.isInitialized()) { - Logger.error("Can not build TrustProfile:" + trustProfileId - + " Reason: TrustProfile needs TSL support but TSL client NOT initialized."); - throw new TslPKIException("Trust Status-List service client is NOT initialized"); - - } - - //build TSL truststore if enabled - tslTrustStore = TSLServiceFactory.getTSLServiceClient(). - buildTrustStoreProfile( - tp.getCountries(), - tp.getAllowedTspStatus(), - tp.getAllowedTspServiceTypes(), - trustProfileId + "_TSL"); - - //build Directory based TrustStore - TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId + "_Directory", tp.getUri()); - - //generate a virtual truststore that concatenates the TSL TrustStore and the directory TrustStore - ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile( - Arrays.asList(tslTrustStore, directoryTrustStore), - trustProfileId); - - //set this virtual truststore - setTrustStoreProfile(chainedProfile); - - } catch (TslPKIException e) { - Logger.error("Virtual TSL based TrustProfile generation FAILED.", e); - throw new MOAApplicationException("2900", new Object[] { trustProfileId }); - - } - - } else - setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri())); - - } else { - throw new MOAApplicationException("2203", new Object[] { trustProfileId }); - - } - - } - - /** - * @see iaik.pki.PKIProfile#autoAddCertificates() - */ - /*public boolean autoAddCertificates() { - return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates(); - }*/ - - /** - * @see iaik.pki.PKIProfile#getRevocationProfile() - */ - public RevocationProfile getRevocationProfile() { - return revocationProfile; - } - - /** - * Sets the <code>RevocationProfile</code>. - * - * @param revocationProfile - * The <code>RevocationProfile</code> used for revocation - * checking. - */ - protected void setRevocationProfile(RevocationProfile revocationProfile) { - this.revocationProfile = revocationProfile; - } - - /** - * @see iaik.pki.PKIProfile#getTrustStoreProfile() - */ - public TrustStoreProfile getTrustStoreProfile() { - return trustStoreProfile; - } - - /** - * Sets the <code>TrustStoreProfile</code>. - * - * @param trustStoreProfile - * The <code>TrustStoreProfile</code>. - */ - protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) { - this.trustStoreProfile = trustStoreProfile; - } - - /** - * @see iaik.pki.PKIProfile#getValidationProfile() - */ - public ValidationProfile getValidationProfile() { - return validationProfile; - } - - /** - * Sets the <code>ValidationProfile</code>. - * - * @param validationProfile - * The <code>ValidationProfile</code> to set. - */ - protected void setValidationProfile(ValidationProfile validationProfile) { - this.validationProfile = validationProfile; - } - - /** - * @see iaik.pki.PKIProfile#useAuthorityInfoAccess() - */ - public boolean useAuthorityInfoAccess() { - return config.getUseAuthorityInfoAccess(); - } - - /** - * @see iaik.pki.PKIProfile#autoAddCertificates() - */ - @Override - public int autoAddCertificates() { - if(config.getAutoAddCertificates()) { - if (config.getAutoAddEECertificates()) - return PKIProfile.AUTO_ADD_ENABLE; - else - return PKIProfile.AUTO_ADD_EE_DISABLE; - - } else - return PKIProfile.AUTO_ADD_DISABLE; - - } - - @Override - public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { - // TODO AFITZEK IMPLEMENT THIS METHOD - return null; - } + /** Profile information for revocation checking. */ + private RevocationProfile revocationProfile; + /** Profile information about the trust profile to use. */ + private TrustStoreProfile trustStoreProfile; + /** Profile information about the certificate validation. */ + private ValidationProfile validationProfile; + /** + * The <code>ConfigurationProvider</code> to read the MOA configuration data + * from. + */ + private final ConfigurationProvider config; + + /** + * Create a new <code>PKIProfileImpl</code>. + * + * @param config The MOA configuration providing configuration data + * about certificate path validation. + * @param trustProfileID The trust profile ID denoting the location of the trust + * store. + * @throws MOAApplicationException An error occurred building the profile. + */ + public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException { + + this.config = config; + setRevocationProfile(new RevocationProfileImpl(config)); + setValidationProfile(new ValidationProfileImpl(config)); + + // generate TrustStoreProfile from TrustStore configuration + internalTrustProfileBuilder(trustProfileID); + + } + + private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException { + final TrustProfile tp = config.getTrustProfile(trustProfileId); + if (tp != null) { + // build directory based trust store as default + + if (tp.isTSLEnabled()) { + TslTrustStoreProfile tslTrustStore; + try { + if (!TSLServiceFactory.isInitialized()) { + Logger.error("Can not build TrustProfile:" + trustProfileId + + " Reason: TrustProfile needs TSL support but TSL client NOT initialized."); + throw new TslPKIException("Trust Status-List service client is NOT initialized"); + + } + + // build TSL truststore if enabled + tslTrustStore = TSLServiceFactory.getTSLServiceClient().buildTrustStoreProfile( + tp.getCountries(), + tp.getAllowedTspStatus(), + tp.getAllowedTspServiceTypes(), + trustProfileId + "_TSL"); + + // build Directory based TrustStore + final TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId + + "_Directory", tp.getUri()); + + // generate a virtual truststore that concatenates the TSL TrustStore and the + // directory TrustStore + final ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile( + Arrays.asList(tslTrustStore, directoryTrustStore), + trustProfileId); + + // set this virtual truststore + setTrustStoreProfile(chainedProfile); + + } catch (final TslPKIException e) { + Logger.error("Virtual TSL based TrustProfile generation FAILED.", e); + throw new MOAApplicationException("2900", new Object[] { trustProfileId }); + + } + + } else { + setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri())); + } + + } else { + throw new MOAApplicationException("2203", new Object[] { trustProfileId }); + + } + + } + + /** + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ + /* + * public boolean autoAddCertificates() { return useAuthorityInfoAccess() ? true + * : config.getAutoAddCertificates(); } + */ + + /** + * @see iaik.pki.PKIProfile#getRevocationProfile() + */ + @Override + public RevocationProfile getRevocationProfile() { + return revocationProfile; + } + + /** + * Sets the <code>RevocationProfile</code>. + * + * @param revocationProfile The <code>RevocationProfile</code> used for + * revocation checking. + */ + protected void setRevocationProfile(RevocationProfile revocationProfile) { + this.revocationProfile = revocationProfile; + } + + /** + * @see iaik.pki.PKIProfile#getTrustStoreProfile() + */ + @Override + public TrustStoreProfile getTrustStoreProfile() { + return trustStoreProfile; + } + + /** + * Sets the <code>TrustStoreProfile</code>. + * + * @param trustStoreProfile The <code>TrustStoreProfile</code>. + */ + protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) { + this.trustStoreProfile = trustStoreProfile; + } + + /** + * @see iaik.pki.PKIProfile#getValidationProfile() + */ + @Override + public ValidationProfile getValidationProfile() { + return validationProfile; + } + + /** + * Sets the <code>ValidationProfile</code>. + * + * @param validationProfile The <code>ValidationProfile</code> to set. + */ + protected void setValidationProfile(ValidationProfile validationProfile) { + this.validationProfile = validationProfile; + } + + /** + * @see iaik.pki.PKIProfile#useAuthorityInfoAccess() + */ + @Override + public boolean useAuthorityInfoAccess() { + return config.getUseAuthorityInfoAccess(); + } + + /** + * @see iaik.pki.PKIProfile#autoAddCertificates() + */ + @Override + public int autoAddCertificates() { + if (config.getAutoAddCertificates()) { + if (config.getAutoAddEECertificates()) { + return PKIProfile.AUTO_ADD_ENABLE; + } else { + return PKIProfile.AUTO_ADD_EE_DISABLE; + } + + } else { + return PKIProfile.AUTO_ADD_DISABLE; + } + + } + + @Override + public TrustStoreProfile getIndirectRevocationTrustStoreProfile() { + // TODO AFITZEK IMPLEMENT THIS METHOD + return null; + } } |