diff options
Diffstat (limited to 'moaSig/moa-sig-lib')
| -rw-r--r-- | moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java | 71 | 
1 files changed, 41 insertions, 30 deletions
| diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index ad64052..ce78580 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -259,26 +259,33 @@ public class CertificateUtils {  						}  					} -					//evaluate QC statement according previous selected information  -					if (qcSourceTSL)					 -						Logger.debug("Certificate is QC (Source: TSL)"); -										 -					else { -						// if TSL return no service-type identifier us information from certificate -						if (tslServiceTypeIdentifier == null ||  -								MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { -							// try certificate extensions QCP and QcEuCompliance -							Logger.debug("QC check via TSL returned false - checking certificate extensions"); -							boolean checkQCP = CertificateUtils.checkQCP(chain[0]); -							boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); -				         -							if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { -								Logger.debug("Certificate is QC (Source: Certificate)"); -								qc = true; -				        	 -							} -						}						 -					} +			/* +			 * This block is removes with MOA-SP 3.1 because if TSL support is enabled for the requested TrustProfile  +			 * QC evaluation is ONLY allowed from TSL information!!! Because with eIDAS regulation and July 01. 2016  +			 * the Trust-Status List is constitutive.   +			*/ +//					//evaluate QC statement according previous selected information  +//					if (qcSourceTSL)					 +//						Logger.debug("Certificate is QC (Source: TSL)"); +//										 +//					else { +//						 +//						 +//						// if TSL return no service-type identifier us information from certificate +//						if (tslServiceTypeIdentifier == null ||  +//								MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { +//							// try certificate extensions QCP and QcEuCompliance +//							Logger.debug("QC check via TSL returned false - checking certificate extensions"); +//							boolean checkQCP = CertificateUtils.checkQCP(chain[0]); +//							boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); +//				         +//							if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { +//								Logger.debug("Certificate is QC (Source: Certificate)"); +//								qc = true; +//				        	 +//							} +//						}						 +//					}  					//evaluate SSCD/QSCD results according previous selected information   @@ -313,13 +320,14 @@ public class CertificateUtils {  					return result;  				} else { -					Logger.debug("Qualifier check via TSL return null - checking certificate extensions"); -					return parseInfosFromCertificate(chain); +					Logger.debug("Qualifier check via TSL return null - checking certificate extensions without QC evaluation"); +					return parseInfosFromCertificate(chain, false);  				}  			} else  -				return parseInfosFromCertificate(chain); +				Logger.info("TSL support is not enabled - checking certificate extensions with QC evaluation "); +				return parseInfosFromCertificate(chain, true);  		}  		catch (TslException e) {  	    	MessageProvider msg = MessageProvider.getInstance(); @@ -330,19 +338,22 @@ public class CertificateUtils {  	} -	private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain) { +	private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain, boolean performQCEvaluation) {  		boolean qc = false;  		boolean sscd = false;  		// Trustprofile is not TSL enabled - use certificate extensions only -		// perform QC check -		// try certificate extensions QCP and QcEuCompliance -     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]); -        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); +		if (performQCEvaluation) { +			// perform QC check +			// try certificate extensions QCP and QcEuCompliance +			boolean checkQCP = CertificateUtils.checkQCP(chain[0]); +			boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); -        if (checkQCP || checkQcEuCompliance) -        	qc = true; +			if (checkQCP || checkQcEuCompliance) +				qc = true; +			 +		}      	// perform SSCD check      	// try certificate extensions QCP+ and QcEuSSCD			        | 
