diff options
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik')
3 files changed, 95 insertions, 2 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java index a4f7660..1aa5f6a 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CertStoreConfigurationImpl.java @@ -30,9 +30,11 @@ import org.apache.commons.io.FileUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import at.gv.egovernment.moa.sig.tsl.exception.TslException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory; import iaik.logging.Log; import iaik.pki.store.certstore.CertStoreConfiguration; import iaik.pki.store.certstore.CertStoreParameters; @@ -68,7 +70,20 @@ public class CertStoreConfigurationImpl extends AbstractObservableConfiguration DirectoryCertStoreParameters dirParameters = new DirectoryCertStoreParametersImpl("MOA Directory CertStore", certStoreRoot, true, false); - parameters = new CertStoreParameters[] { dirParameters }; + if (TSLServiceFactory.isInitialized()) { + try { + CertStoreParameters tslCertStore = TSLServiceFactory.getTSLServiceClient().getCertStoreWithTSLCertificates(); + parameters = new CertStoreParameters[] { dirParameters, tslCertStore}; + + } catch (TslException e) { + logger.warn("TSL based CertStore initialisation FAILED.", e); + logger.warn("Only Directory based CertStore is used ... "); + parameters = new CertStoreParameters[] { dirParameters }; + } + + } else + parameters = new CertStoreParameters[] { dirParameters }; + } /** diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java index 3f6998a..b776255 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -27,11 +27,21 @@ import iaik.pki.PKIProfile; import iaik.pki.pathvalidation.ValidationProfile; import iaik.pki.revocation.RevocationProfile; import iaik.pki.store.truststore.TrustStoreProfile; +import iaik.pki.store.truststore.TrustStoreTypes; + +import java.util.Arrays; + +import at.gv.egovernment.moa.sig.tsl.exception.TslPKIException; +import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreProfile; +import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreProfile; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl; import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl; import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl; +import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory; +import at.gv.egovernment.moaspss.logging.Logger; /** * Implementation of the <code>PKIProfile</code> interface containing @@ -70,10 +80,58 @@ public class PKIProfileImpl implements PKIProfile { this.config = config; setRevocationProfile(new RevocationProfileImpl(config)); - setTrustStoreProfile(new TrustStoreProfileImpl(config, trustProfileID)); setValidationProfile(new ValidationProfileImpl(config)); + + //generate TrustStoreProfile from TrustStore configuration + internalTrustProfileBuilder(trustProfileID); + } + + private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException { + TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId); + if (tp != null) { + //build directory based trust store as default + + + if (tp.isTSLEnabled()) { + //build TSL truststore if enabled + TslTrustStoreProfile tslTrustStore; + try { + tslTrustStore = TSLServiceFactory.getTSLServiceClient(). + buildTrustStoreProfile( + tp.getCountries(), + tp.getAllowedTspStatus(), + tp.getAllowedTspServiceTypes(), + trustProfileId + "_TSL"); + + //build Directory based TrustStore + TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId + "_Directory", tp.getUri()); + + //generate a virtual truststore that concatenates the TSL TrustStore and the directory TrustStore + ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile( + Arrays.asList(tslTrustStore, directoryTrustStore), + trustProfileId); + + //set this virtual truststore + setTrustStoreProfile(chainedProfile); + + } catch (TslPKIException e) { + Logger.error("Virtual TSL based TrustProfile generation FAILED.", e); + throw new MOAApplicationException("2900", new Object[] { trustProfileId }); + + } + + } else + setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri())); + + } else { + throw new MOAApplicationException("2203", new Object[] { trustProfileId }); + + } + + } + /** * @see iaik.pki.PKIProfile#autoAddCertificates() */ diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java index 50f237a..c9f4f28 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java @@ -60,6 +60,25 @@ public class TrustStoreProfileImpl implements TrustStoreProfile { /** The URI of the trust profile.*/ private String URI; + + /** + * Create a new <code>TrustStoreProfileImpl</code>. + * + * @param config The MOA configuration data, from which trust store + * configuration data is read. + * @param trustProfileId The trust profile id on which this + * <code>TrustStoreProfile</code> is based. + * @throws MOAApplicationException The <code>trustProfileId</code> could not + * be found in the MOA configuration. + */ + public TrustStoreProfileImpl(String trustProfileId, String trustProfileUri) + throws MOAApplicationException { + id_ = trustProfileId; + setURI(trustProfileUri); + setType(TrustStoreTypes.DIRECTORY); + + } + /** * Create a new <code>TrustStoreProfileImpl</code>. * @@ -70,6 +89,7 @@ public class TrustStoreProfileImpl implements TrustStoreProfile { * @throws MOAApplicationException The <code>trustProfileId</code> could not * be found in the MOA configuration. */ + @Deprecated public TrustStoreProfileImpl( ConfigurationProvider config, String trustProfileId) |