From 0bcaff326d60df0d5549ef13a9d4bb7d9195b833 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 27 Jul 2018 10:49:33 +0200 Subject: add configFlag to support autoAddEECertificates --- .../resources/schemas/MOA-SPSS-config-3.0.0.xsd | 1 + .../server/config/ConfigurationPartsBuilder.java | 18 +++++++++++++++++- .../spss/server/config/ConfigurationProvider.java | 21 +++++++++++++++++++++ .../moa/spss/server/iaik/pki/PKIProfileImpl.java | 11 +++++++---- 4 files changed, 46 insertions(+), 5 deletions(-) diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd index 1a1b74b..c9739d3 100644 --- a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd +++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd @@ -145,6 +145,7 @@ + diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 89f4c1e..3c00232 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -169,6 +169,13 @@ public class ConfigurationPartsBuilder { + CONF + "CertificateValidation/" + CONF + "PathConstruction/" + CONF + "AutoAddCertificates"; + + private static final String AUTO_ADD_EE_CERTIFICATES_XPATH_ = + ROOT + CONF + "SignatureVerification/" + + CONF + "CertificateValidation/" + + CONF + "PathConstruction/" + + CONF + "AutoAddEECertificates"; + private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ = ROOT + CONF + "SignatureVerification/" + CONF + "CertificateValidation/" @@ -1635,6 +1642,16 @@ public class ConfigurationPartsBuilder { return Boolean.valueOf(autoAdd).booleanValue(); } + + public boolean getAutoEEAddCertificates() { + String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_EE_CERTIFICATES_XPATH_, null); + if (autoAdd != null) + return Boolean.valueOf(autoAdd).booleanValue(); + else + return false; + + } + /** * Returns whether file URIs are permitted * @return whether file URIs are permitted @@ -1796,5 +1813,4 @@ public class ConfigurationPartsBuilder { return map; } - } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 6a007cf..34db547 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -239,6 +239,10 @@ public class ConfigurationProvider */ private boolean autoAddCertificates_; + + private boolean autoAddEECertificates_; + + /** * Indicates whether the certificate extension Authority Info Access should * be used during certificate path construction. @@ -273,6 +277,8 @@ public class ConfigurationProvider * A TSLConfiguration that represents the global TSL configuration */ private TSLConfiguration tslconfiguration_; + + /** @@ -389,6 +395,7 @@ public class ConfigurationProvider chainingModes = builder.buildChainingModes(); useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess(); autoAddCertificates_ = builder.getAutoAddCertificates(); + autoAddEECertificates_ = builder.getAutoEEAddCertificates(); //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory()); @@ -963,6 +970,18 @@ public class ConfigurationProvider return autoAddCertificates_; } + /** + * Returns whether EE certificates found during certificate path construction + * should be added to the certificate store. + * + * @return whether certificates found during certificate path construction + * should be added to the certificate store. + */ + public boolean getAutoAddEECertificates() + { + return autoAddEECertificates_; + } + /** * Returns whether the certificate extension Authority Info Access should * be used during certificate path construction. @@ -999,5 +1018,7 @@ public class ConfigurationProvider public TSLConfiguration getTSLConfiguration() { return tslconfiguration_; } + + } \ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java index f79cf7a..97eb6ef 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java @@ -212,11 +212,14 @@ public class PKIProfileImpl implements PKIProfile { @Override public int autoAddCertificates() { if(config.getAutoAddCertificates()) { - return PKIProfile.AUTO_ADD_EE_DISABLE; - } else { + if (config.getAutoAddEECertificates()) + return PKIProfile.AUTO_ADD_ENABLE; + else + return PKIProfile.AUTO_ADD_EE_DISABLE; + + } else return PKIProfile.AUTO_ADD_DISABLE; - } - // TODO AFITZEK allow saving of end entity certificates + } @Override -- cgit v1.2.3