From 578ad0d6bc408edf9e6c875156054374f5fd8337 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Mon, 22 Mar 2021 18:40:26 +0100
Subject: change to EGIZ codestyle
---
.../moa/spss/server/iaik/pki/PKIProfileImpl.java | 361 ++++++++++-----------
1 file changed, 180 insertions(+), 181 deletions(-)
(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java')
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
index 97eb6ef..0032dc6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/PKIProfileImpl.java
@@ -23,15 +23,8 @@
package at.gv.egovernment.moa.spss.server.iaik.pki;
-import iaik.pki.PKIProfile;
-import iaik.pki.pathvalidation.ValidationProfile;
-import iaik.pki.revocation.RevocationProfile;
-import iaik.pki.store.truststore.TrustStoreProfile;
-import iaik.pki.store.truststore.TrustStoreTypes;
-
import java.util.Arrays;
-import at.gv.egovernment.moa.sig.tsl.api.ITslService;
import at.gv.egovernment.moa.sig.tsl.exception.TslPKIException;
import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreProfile;
import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreProfile;
@@ -43,189 +36,195 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileIm
import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory;
import at.gv.egovernment.moaspss.logging.Logger;
+import iaik.pki.PKIProfile;
+import iaik.pki.pathvalidation.ValidationProfile;
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.store.truststore.TrustStoreProfile;
/**
* Implementation of the PKIProfile interface containing
* information needed for certificate path validation. It uses configuration
* data from the MOA configuration.
- *
+ *
* @author Patrick Peck
* @version $Id$
*/
public class PKIProfileImpl implements PKIProfile {
- /** Profile information for revocation checking. */
- private RevocationProfile revocationProfile;
- /** Profile information about the trust profile to use. */
- private TrustStoreProfile trustStoreProfile;
- /** Profile information about the certificate validation. */
- private ValidationProfile validationProfile;
- /**
- * The ConfigurationProvider to read the MOA configuration data
- * from.
- */
- private ConfigurationProvider config;
-
- /**
- * Create a new PKIProfileImpl.
- *
- * @param config
- * The MOA configuration providing configuration data about
- * certificate path validation.
- * @param trustProfileID
- * The trust profile ID denoting the location of the trust store.
- * @throws MOAApplicationException
- * An error occurred building the profile.
- */
- public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException {
-
- this.config = config;
- setRevocationProfile(new RevocationProfileImpl(config));
- setValidationProfile(new ValidationProfileImpl(config));
-
- //generate TrustStoreProfile from TrustStore configuration
- internalTrustProfileBuilder(trustProfileID);
-
- }
-
-
- private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException {
- TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId);
- if (tp != null) {
- //build directory based trust store as default
-
-
- if (tp.isTSLEnabled()) {
- TslTrustStoreProfile tslTrustStore;
- try {
- if (!TSLServiceFactory.isInitialized()) {
- Logger.error("Can not build TrustProfile:" + trustProfileId
- + " Reason: TrustProfile needs TSL support but TSL client NOT initialized.");
- throw new TslPKIException("Trust Status-List service client is NOT initialized");
-
- }
-
- //build TSL truststore if enabled
- tslTrustStore = TSLServiceFactory.getTSLServiceClient().
- buildTrustStoreProfile(
- tp.getCountries(),
- tp.getAllowedTspStatus(),
- tp.getAllowedTspServiceTypes(),
- trustProfileId + "_TSL");
-
- //build Directory based TrustStore
- TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId + "_Directory", tp.getUri());
-
- //generate a virtual truststore that concatenates the TSL TrustStore and the directory TrustStore
- ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile(
- Arrays.asList(tslTrustStore, directoryTrustStore),
- trustProfileId);
-
- //set this virtual truststore
- setTrustStoreProfile(chainedProfile);
-
- } catch (TslPKIException e) {
- Logger.error("Virtual TSL based TrustProfile generation FAILED.", e);
- throw new MOAApplicationException("2900", new Object[] { trustProfileId });
-
- }
-
- } else
- setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri()));
-
- } else {
- throw new MOAApplicationException("2203", new Object[] { trustProfileId });
-
- }
-
- }
-
- /**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- /*public boolean autoAddCertificates() {
- return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates();
- }*/
-
- /**
- * @see iaik.pki.PKIProfile#getRevocationProfile()
- */
- public RevocationProfile getRevocationProfile() {
- return revocationProfile;
- }
-
- /**
- * Sets the RevocationProfile.
- *
- * @param revocationProfile
- * The RevocationProfile used for revocation
- * checking.
- */
- protected void setRevocationProfile(RevocationProfile revocationProfile) {
- this.revocationProfile = revocationProfile;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getTrustStoreProfile()
- */
- public TrustStoreProfile getTrustStoreProfile() {
- return trustStoreProfile;
- }
-
- /**
- * Sets the TrustStoreProfile.
- *
- * @param trustStoreProfile
- * The TrustStoreProfile.
- */
- protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) {
- this.trustStoreProfile = trustStoreProfile;
- }
-
- /**
- * @see iaik.pki.PKIProfile#getValidationProfile()
- */
- public ValidationProfile getValidationProfile() {
- return validationProfile;
- }
-
- /**
- * Sets the ValidationProfile.
- *
- * @param validationProfile
- * The ValidationProfile to set.
- */
- protected void setValidationProfile(ValidationProfile validationProfile) {
- this.validationProfile = validationProfile;
- }
-
- /**
- * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
- */
- public boolean useAuthorityInfoAccess() {
- return config.getUseAuthorityInfoAccess();
- }
-
- /**
- * @see iaik.pki.PKIProfile#autoAddCertificates()
- */
- @Override
- public int autoAddCertificates() {
- if(config.getAutoAddCertificates()) {
- if (config.getAutoAddEECertificates())
- return PKIProfile.AUTO_ADD_ENABLE;
- else
- return PKIProfile.AUTO_ADD_EE_DISABLE;
-
- } else
- return PKIProfile.AUTO_ADD_DISABLE;
-
- }
-
- @Override
- public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
- // TODO AFITZEK IMPLEMENT THIS METHOD
- return null;
- }
+ /** Profile information for revocation checking. */
+ private RevocationProfile revocationProfile;
+ /** Profile information about the trust profile to use. */
+ private TrustStoreProfile trustStoreProfile;
+ /** Profile information about the certificate validation. */
+ private ValidationProfile validationProfile;
+ /**
+ * The ConfigurationProvider to read the MOA configuration data
+ * from.
+ */
+ private final ConfigurationProvider config;
+
+ /**
+ * Create a new PKIProfileImpl.
+ *
+ * @param config The MOA configuration providing configuration data
+ * about certificate path validation.
+ * @param trustProfileID The trust profile ID denoting the location of the trust
+ * store.
+ * @throws MOAApplicationException An error occurred building the profile.
+ */
+ public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException {
+
+ this.config = config;
+ setRevocationProfile(new RevocationProfileImpl(config));
+ setValidationProfile(new ValidationProfileImpl(config));
+
+ // generate TrustStoreProfile from TrustStore configuration
+ internalTrustProfileBuilder(trustProfileID);
+
+ }
+
+ private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException {
+ final TrustProfile tp = config.getTrustProfile(trustProfileId);
+ if (tp != null) {
+ // build directory based trust store as default
+
+ if (tp.isTSLEnabled()) {
+ TslTrustStoreProfile tslTrustStore;
+ try {
+ if (!TSLServiceFactory.isInitialized()) {
+ Logger.error("Can not build TrustProfile:" + trustProfileId
+ + " Reason: TrustProfile needs TSL support but TSL client NOT initialized.");
+ throw new TslPKIException("Trust Status-List service client is NOT initialized");
+
+ }
+
+ // build TSL truststore if enabled
+ tslTrustStore = TSLServiceFactory.getTSLServiceClient().buildTrustStoreProfile(
+ tp.getCountries(),
+ tp.getAllowedTspStatus(),
+ tp.getAllowedTspServiceTypes(),
+ trustProfileId + "_TSL");
+
+ // build Directory based TrustStore
+ final TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId
+ + "_Directory", tp.getUri());
+
+ // generate a virtual truststore that concatenates the TSL TrustStore and the
+ // directory TrustStore
+ final ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile(
+ Arrays.asList(tslTrustStore, directoryTrustStore),
+ trustProfileId);
+
+ // set this virtual truststore
+ setTrustStoreProfile(chainedProfile);
+
+ } catch (final TslPKIException e) {
+ Logger.error("Virtual TSL based TrustProfile generation FAILED.", e);
+ throw new MOAApplicationException("2900", new Object[] { trustProfileId });
+
+ }
+
+ } else {
+ setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri()));
+ }
+
+ } else {
+ throw new MOAApplicationException("2203", new Object[] { trustProfileId });
+
+ }
+
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#autoAddCertificates()
+ */
+ /*
+ * public boolean autoAddCertificates() { return useAuthorityInfoAccess() ? true
+ * : config.getAutoAddCertificates(); }
+ */
+
+ /**
+ * @see iaik.pki.PKIProfile#getRevocationProfile()
+ */
+ @Override
+ public RevocationProfile getRevocationProfile() {
+ return revocationProfile;
+ }
+
+ /**
+ * Sets the RevocationProfile.
+ *
+ * @param revocationProfile The RevocationProfile used for
+ * revocation checking.
+ */
+ protected void setRevocationProfile(RevocationProfile revocationProfile) {
+ this.revocationProfile = revocationProfile;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#getTrustStoreProfile()
+ */
+ @Override
+ public TrustStoreProfile getTrustStoreProfile() {
+ return trustStoreProfile;
+ }
+
+ /**
+ * Sets the TrustStoreProfile.
+ *
+ * @param trustStoreProfile The TrustStoreProfile.
+ */
+ protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) {
+ this.trustStoreProfile = trustStoreProfile;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#getValidationProfile()
+ */
+ @Override
+ public ValidationProfile getValidationProfile() {
+ return validationProfile;
+ }
+
+ /**
+ * Sets the ValidationProfile.
+ *
+ * @param validationProfile The ValidationProfile to set.
+ */
+ protected void setValidationProfile(ValidationProfile validationProfile) {
+ this.validationProfile = validationProfile;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
+ */
+ @Override
+ public boolean useAuthorityInfoAccess() {
+ return config.getUseAuthorityInfoAccess();
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#autoAddCertificates()
+ */
+ @Override
+ public int autoAddCertificates() {
+ if (config.getAutoAddCertificates()) {
+ if (config.getAutoAddEECertificates()) {
+ return PKIProfile.AUTO_ADD_ENABLE;
+ } else {
+ return PKIProfile.AUTO_ADD_EE_DISABLE;
+ }
+
+ } else {
+ return PKIProfile.AUTO_ADD_DISABLE;
+ }
+
+ }
+
+ @Override
+ public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
+ // TODO AFITZEK IMPLEMENT THIS METHOD
+ return null;
+ }
}
--
cgit v1.2.3