From c6f686485e50e8de112445da07d98b93278b09d0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 10 Jan 2017 15:10:15 +0100
Subject: MOA-SP with new TSL RC1

---
 .../moa/spss/api/impl/SignerInfoImpl.java          |  2 +-
 .../moa/spss/api/impl/TslInfosImpl.java            |  7 +++--
 .../server/config/ConfigurationPartsBuilder.java   | 11 +++++--
 .../spss/server/config/ConfigurationProvider.java  |  9 ++++--
 .../moa/spss/server/config/TrustProfile.java       | 35 ++++++++++++----------
 .../moa/spss/tsl/TSLServiceFactory.java            |  6 +++-
 .../moa/spss/util/CertificateUtils.java            | 20 ++++++++-----
 7 files changed, 57 insertions(+), 33 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
index 69dad89..57a60a6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -128,7 +128,7 @@ public class SignerInfoImpl implements SignerInfo {
   }
   
   public String getQCSource() {
-	  if (qcSourceTSL)
+	  if (this.qcSourceTSL)
 		  return "TSL";
 	  else
 		  return "Certificate";
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
index 4c40a5f..120b01a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
@@ -18,10 +18,11 @@ public class TslInfosImpl implements TslInfos {
 		this.tslServiceTypeStatus = tslServiceTypeStatus;
 		this.tslServiceTypeIdentifier = tslServiceTypeIdentifier;
 		
-		for (URI el : tslCertificateQualifier)
-			this.tslServiceQualifier.add(el.toString());
+		if (tslCertificateQualifier != null) {
+			for (URI el : tslCertificateQualifier)
+				this.tslServiceQualifier.add(el.toString());
 			
-		
+		}					
 	}
 	
 	
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 1b47013..89f4c1e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -758,6 +758,11 @@ public class ConfigurationPartsBuilder {
     while ((keyGroupElem = (Element) kgIter.nextNode()) != null) 
     {
       String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null);
+
+      //switch all keyGroupIds to lower case, only
+      if (MiscUtil.isNotEmpty(keyGroupId))
+    	  keyGroupId = keyGroupId.trim().toLowerCase();
+      
       String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null);
       Set keyGroupEntries =
         buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
@@ -883,9 +888,9 @@ public class ConfigurationPartsBuilder {
         keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId");
         while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) 
         {
-          String keyGroupId = getElementValue(keyGroupElem, ".", null);
-          KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
-
+        	String keyGroupId = getElementValue(keyGroupElem, ".", null);
+        	KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase());
+        	
           if (keyGroup != null) 
           {
             groups.put(keyGroupId, keyGroup);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 79ef1d2..6a007cf 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -633,9 +633,12 @@ public class ConfigurationProvider
     return keyGroups;
   }
   
-  public KeyGroup getKeyGroup(String keyGroupId) {	  
-	  KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
-	  return keyGroup;
+  public KeyGroup getKeyGroup(String keyGroupId) {
+	  if (MiscUtil.isNotEmpty(keyGroupId))
+	  	return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase());
+	  
+	  else
+	  return null;
   }
 
   /**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index f64643f..23fe487 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -76,16 +76,21 @@ public class TrustProfile {
     
     //TSL configuration parameters
     this.tslEnabled = tslEnabled;
-        
-    setCountries(countries);
-    Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries");
-    
-    setAllowedTspStatus(allowedTspStatus);
-    Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier");
+
+    if (tslEnabled) {    	
+    	setCountries(countries);
+    	if (!this.countries.isEmpty())
+    		Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries");
+    	else
+    		Logger.info("TrustProfile "+ id + " allows " + "ALL" + " TSL countries");
     
-    setAllowedTspServiceTypes(allowedTspServiceTypes);
-    Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier");
-            
+    	setAllowedTspStatus(allowedTspStatus);
+    	Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier");
+    	
+    	setAllowedTspServiceTypes(allowedTspServiceTypes);
+    	Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier");
+    	
+    }            
   }
 
   private void setCountries(String countries) {
@@ -112,7 +117,7 @@ public class TrustProfile {
 		 }
 		  
 	  }	else {
-		  Logger.info("Use default set of TSP Status identifier");
+		  Logger.debug("Use default set of TSP Status identifier");
 		  this.allowedTspStatus.addAll(
 				  Arrays.asList(
 							TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.granted),
@@ -129,7 +134,7 @@ public class TrustProfile {
 			 String[] ccArray = allowedTspServiceTypes.split(","); 
 			 for (String el : ccArray) {
 				 try {
-					this.allowedTspStatus.add(new URI(el.trim()));
+					this.allowedTspServiceTypes.add(new URI(el.trim()));
 					
 				} catch (URISyntaxException e) {
 					Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")");
@@ -139,11 +144,11 @@ public class TrustProfile {
 			 }
 			  
 		  }	else {
-			  Logger.info("Use default set of TSP Service-Type identifier");
-			  this.allowedTspStatus.addAll(
+			  Logger.debug("Use default set of TSP Service-Type identifier");
+			  this.allowedTspServiceTypes.addAll(
 					  Arrays.asList(
-							  TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
-  							  TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
+							  TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
+  							  TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
 			  
 		  }
 	  
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
index 83bcf3a..223361d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
@@ -4,9 +4,11 @@ import at.gv.egovernment.moa.sig.tsl.TslClientFactory;
 import at.gv.egovernment.moa.sig.tsl.api.ITslService;
 import at.gv.egovernment.moa.sig.tsl.config.TslConfigurationImpl;
 import at.gv.egovernment.moa.sig.tsl.exception.TslException;
+import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreHandler;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
 import at.gv.egovernment.moaspss.logging.LogMsg;
 import at.gv.egovernment.moaspss.logging.Logger;
+import iaik.pki.store.truststore.TrustStoreFactory;
 
 public class TSLServiceFactory {
 
@@ -17,7 +19,9 @@ public class TSLServiceFactory {
 		if (tslClient == null) {
 			try {
 				tslClient = TslClientFactory.buildTslService(config );
-								
+
+				TrustStoreFactory.addTrustStoreHandler(new ChainingTrustStoreHandler());
+				
 			} catch (TslException e) {
 				Logger.fatal(new LogMsg(MessageProvider.getInstance().getMessage("init.05", new Object[]{e.getMessage()})), e);
 								
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index 0ea0677..6b07594 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -19,6 +19,7 @@ import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 
+import at.gv.egovernment.moa.sig.tsl.TslConstants;
 import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult;
 import at.gv.egovernment.moa.sig.tsl.exception.TslException;
 import at.gv.egovernment.moa.spss.api.common.TslInfos;
@@ -186,7 +187,11 @@ public class CertificateUtils {
 					
 				}
 				
-				ITslEndEntityResult tslCheckResult = TSLServiceFactory.getTSLServiceClient().evaluate(Arrays.asList(chain), signingTime);
+				ITslEndEntityResult tslCheckResult = 
+						TSLServiceFactory.getTSLServiceClient().evaluate(
+								Arrays.asList(chain), 
+								signingTime,
+								TslConstants.CHAIN_MODEL);
 				
 				if (tslCheckResult != null) {				
 					URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier();
@@ -228,15 +233,16 @@ public class CertificateUtils {
 					
 					//check SSCD
 					List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD();
-					for (URI allowedSSCD : allowedSSCDQualifier) {
-						for (URI certSSCD : tslCertificateQualifier) {						
-							if (allowedSSCD.equals(certSSCD)) {
-								sscdSourceTSL = true;
-								sscd = true;
+					if (tslCertificateQualifier != null && allowedSSCDQualifier != null) {						
+						for (URI allowedSSCD : allowedSSCDQualifier) {
+							for (URI certSSCD : tslCertificateQualifier) {						
+								if (allowedSSCD.equals(certSSCD)) {
+									sscdSourceTSL = true;
+									sscd = true;
 							
+								}
 							}
 						}
-						
 					} 
 					if (sscdSourceTSL)					
 						Logger.debug("Certificate is SSCD (Source: TSL)");
-- 
cgit v1.2.3