From 8574f931c169248c67c3a5946351f9072628af46 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 2 Jan 2017 16:35:43 +0100 Subject: first untested beta version with new TSL lib --- .../moa/spss/server/config/TrustProfile.java | 128 ++++++++++++++++----- 1 file changed, 102 insertions(+), 26 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index 21063c7..f64643f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -24,6 +24,15 @@ package at.gv.egovernment.moa.spss.server.config; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import at.gv.egovernment.moa.sig.tsl.TslConstants; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.MiscUtil; import iaik.x509.X509Certificate; /** @@ -39,14 +48,15 @@ public class TrustProfile { private String uri; /** The URI giving the location of the allowed signer certificates. */ private String signerCertsUri; + /** Defines if Trustprofile makes use of EU TSL*/ private boolean tslEnabled; - /** The original URI (out of the configuration) giving the location of the trust profile (used when TSL is enabled) */ - private String uriOrig; /** The countries given */ - private String countries; - /** */ - private X509Certificate[] certificatesToBeRemoved; + private List countries = new ArrayList(); + + private List allowedTspStatus = new ArrayList(); + private List allowedTspServiceTypes = new ArrayList(); + /** * Create a TrustProfile. @@ -55,16 +65,90 @@ public class TrustProfile { * @param uri The URI of the TrustProfile to create. * @param signerCertsUri The URI of the location of the allowed signer * certificates of the TrustProfile to create. + * @param allowedTspServiceTypes + * @param allowedTspStatus */ - public TrustProfile(String id, String uri, String signerCertsUri, boolean tslEnabled, String countries) { + public TrustProfile(String id, String uri, String signerCertsUri, + boolean tslEnabled, String countries, String allowedTspStatus, String allowedTspServiceTypes) { this.id = id; this.uri = uri; this.signerCertsUri = signerCertsUri; + + //TSL configuration parameters this.tslEnabled = tslEnabled; - this.countries = countries; - this.certificatesToBeRemoved = new X509Certificate[0]; + + setCountries(countries); + Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries"); + + setAllowedTspStatus(allowedTspStatus); + Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier"); + + setAllowedTspServiceTypes(allowedTspServiceTypes); + Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier"); + } + private void setCountries(String countries) { + if (MiscUtil.isNotEmpty(countries)) { + String[] ccArray = countries.split(","); + for (String el : ccArray) + this.countries.add(el.trim()); + + } + } + + private void setAllowedTspStatus(String allowedTspStatus) { + if (MiscUtil.isNotEmpty(allowedTspStatus)) { + String[] ccArray = allowedTspStatus.split(","); + for (String el : ccArray) { + try { + this.allowedTspStatus.add(new URI(el.trim())); + + } catch (URISyntaxException e) { + Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Status identifier (" + el + ")"); + + } + + } + + } else { + Logger.info("Use default set of TSP Status identifier"); + this.allowedTspStatus.addAll( + Arrays.asList( + TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.granted), + TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.recognisedatnationallevel), + TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.accredited), + TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.undersupervision))); + + } + + } + + private void setAllowedTspServiceTypes(String allowedTspServiceTypes) { + if (MiscUtil.isNotEmpty(allowedTspServiceTypes)) { + String[] ccArray = allowedTspServiceTypes.split(","); + for (String el : ccArray) { + try { + this.allowedTspStatus.add(new URI(el.trim())); + + } catch (URISyntaxException e) { + Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")"); + + } + + } + + } else { + Logger.info("Use default set of TSP Service-Type identifier"); + this.allowedTspStatus.addAll( + Arrays.asList( + TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC), + TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST))); + + } + + } + /** * Return the ID of this TrustProfile. * @@ -83,14 +167,6 @@ public class TrustProfile { return uri; } - /** - * Return the original URI of this TrustProfile. - * - * @return The original URI of TrustProfile. - */ - public String getUriOrig() { - return uriOrig; - } /** * Return the URI giving the location of the allowed signer certificates @@ -112,21 +188,21 @@ public class TrustProfile { * Returns the given countries * @return Given countries */ - public String getCountries() { + public List getCountries() { if (!tslEnabled) return null; else return countries; } - - - /** - * Sets the original URI of this TrustProfile. - * - * @return The original URI of TrustProfile. - */ - public void setUriOrig(String uriOrig) { - this.uriOrig = uriOrig; + + public List getAllowedTspStatus() { + return allowedTspStatus; + } + + public List getAllowedTspServiceTypes() { + return allowedTspServiceTypes; } + + } -- cgit v1.2.3