From 0bcaff326d60df0d5549ef13a9d4bb7d9195b833 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 27 Jul 2018 10:49:33 +0200
Subject: add configFlag to support autoAddEECertificates

---
 .../resources/schemas/MOA-SPSS-config-3.0.0.xsd     |  1 +
 .../server/config/ConfigurationPartsBuilder.java    | 18 +++++++++++++++++-
 .../spss/server/config/ConfigurationProvider.java   | 21 +++++++++++++++++++++
 .../moa/spss/server/iaik/pki/PKIProfileImpl.java    | 11 +++++++----
 4 files changed, 46 insertions(+), 5 deletions(-)

diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd
index 1a1b74b..c9739d3 100644
--- a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd
@@ -145,6 +145,7 @@
 											<xs:complexType>
 												<xs:sequence>
 													<xs:element name="AutoAddCertificates" type="xs:boolean"/>
+													<xs:element name="AutoAddEECertificates" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
 													<xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>
 													<xs:element name="CertificateStore">
 														<xs:complexType>
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 89f4c1e..3c00232 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -169,6 +169,13 @@ public class ConfigurationPartsBuilder {
     + CONF + "CertificateValidation/"
     + CONF + "PathConstruction/"
     + CONF + "AutoAddCertificates";
+  
+  private static final String AUTO_ADD_EE_CERTIFICATES_XPATH_ = 
+		    ROOT + CONF + "SignatureVerification/" 
+		    	    + CONF + "CertificateValidation/"
+		    	    + CONF + "PathConstruction/"
+		    	    + CONF + "AutoAddEECertificates";
+  
   private static final String USE_AUTHORITY_INFO_ACCESS_XPATH_ =
     ROOT + CONF + "SignatureVerification/" 
     + CONF + "CertificateValidation/"
@@ -1635,6 +1642,16 @@ public class ConfigurationPartsBuilder {
     return Boolean.valueOf(autoAdd).booleanValue();
   }
   
+  
+  public boolean getAutoEEAddCertificates() {
+	  String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_EE_CERTIFICATES_XPATH_, null);
+	  if (autoAdd != null)
+		  return Boolean.valueOf(autoAdd).booleanValue();
+	  else
+		  return false;
+	  
+	}
+  
   /**
    * Returns whether file URIs are permitted  
    * @return whether file URIs are permitted
@@ -1796,5 +1813,4 @@ public class ConfigurationPartsBuilder {
      return map;
   }
   
-  
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 6a007cf..34db547 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -239,6 +239,10 @@ public class ConfigurationProvider
    */
   private boolean autoAddCertificates_;
 
+  
+  private boolean autoAddEECertificates_;
+  
+  
   /**
    * Indicates whether the certificate extension Authority Info Access should 
    * be used during certificate path construction.
@@ -273,6 +277,8 @@ public class ConfigurationProvider
    * A <code>TSLConfiguration</code> that represents the global TSL configuration
    */
   private TSLConfiguration tslconfiguration_;
+
+
   
   
   /**
@@ -389,6 +395,7 @@ public class ConfigurationProvider
       chainingModes = builder.buildChainingModes();
       useAuthorityInfoAccess_ = builder.getUseAuthorityInfoAccess();
       autoAddCertificates_ = builder.getAutoAddCertificates();
+      autoAddEECertificates_ = builder.getAutoEEAddCertificates();
       //trustProfiles = builder.buildTrustProfiles(tslconfiguration_.getWorkingDirectory());
       
       
@@ -963,6 +970,18 @@ public class ConfigurationProvider
     return autoAddCertificates_;
   }
 
+  /**
+   * Returns whether EE certificates found during certificate path construction 
+   * should be added to the certificate store.
+   * 
+   * @return whether certificates found during certificate path construction 
+   *         should be added to the certificate store.
+   */
+  public boolean getAutoAddEECertificates()
+  {
+    return autoAddEECertificates_;
+  }
+  
   /**
    * Returns whether the certificate extension Authority Info Access should 
    * be used during certificate path construction.
@@ -999,5 +1018,7 @@ public class ConfigurationProvider
   public TSLConfiguration getTSLConfiguration() {
 	  return tslconfiguration_;
   }
+
+
  
 }
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
index f79cf7a..97eb6ef 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
@@ -212,11 +212,14 @@ public class PKIProfileImpl implements PKIProfile {
 	@Override
 	public int autoAddCertificates() {
 		if(config.getAutoAddCertificates()) {
-			return PKIProfile.AUTO_ADD_EE_DISABLE;
-		} else {
+			if (config.getAutoAddEECertificates())
+				return PKIProfile.AUTO_ADD_ENABLE;
+			else
+				return PKIProfile.AUTO_ADD_EE_DISABLE;
+			
+		} else
 			return PKIProfile.AUTO_ADD_DISABLE;
-		}
-		// TODO AFITZEK allow saving of end entity certificates
+		
 	}
 
 	@Override
-- 
cgit v1.2.3