From c6f686485e50e8de112445da07d98b93278b09d0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 10 Jan 2017 15:10:15 +0100
Subject: MOA-SP with new TSL RC1

---
 .../moa/spss/api/impl/SignerInfoImpl.java          |  2 +-
 .../moa/spss/api/impl/TslInfosImpl.java            |  7 +++--
 .../server/config/ConfigurationPartsBuilder.java   | 11 +++++--
 .../spss/server/config/ConfigurationProvider.java  |  9 ++++--
 .../moa/spss/server/config/TrustProfile.java       | 35 ++++++++++++----------
 .../moa/spss/tsl/TSLServiceFactory.java            |  6 +++-
 .../moa/spss/util/CertificateUtils.java            | 20 ++++++++-----
 7 files changed, 57 insertions(+), 33 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
index 69dad89..57a60a6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SignerInfoImpl.java
@@ -128,7 +128,7 @@ public class SignerInfoImpl implements SignerInfo {
   }
   
   public String getQCSource() {
-	  if (qcSourceTSL)
+	  if (this.qcSourceTSL)
 		  return "TSL";
 	  else
 		  return "Certificate";
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
index 4c40a5f..120b01a 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
@@ -18,10 +18,11 @@ public class TslInfosImpl implements TslInfos {
 		this.tslServiceTypeStatus = tslServiceTypeStatus;
 		this.tslServiceTypeIdentifier = tslServiceTypeIdentifier;
 		
-		for (URI el : tslCertificateQualifier)
-			this.tslServiceQualifier.add(el.toString());
+		if (tslCertificateQualifier != null) {
+			for (URI el : tslCertificateQualifier)
+				this.tslServiceQualifier.add(el.toString());
 			
-		
+		}					
 	}
 	
 	
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 1b47013..89f4c1e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -758,6 +758,11 @@ public class ConfigurationPartsBuilder {
     while ((keyGroupElem = (Element) kgIter.nextNode()) != null) 
     {
       String keyGroupId = getElementValue(keyGroupElem, CONF + "Id", null);
+
+      //switch all keyGroupIds to lower case, only
+      if (MiscUtil.isNotEmpty(keyGroupId))
+    	  keyGroupId = keyGroupId.trim().toLowerCase();
+      
       String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null);
       Set keyGroupEntries =
         buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
@@ -883,9 +888,9 @@ public class ConfigurationPartsBuilder {
         keyGroupIter = XPathUtils.selectNodeIterator(mappingElem, CONF + "KeyGroupId");
         while ((keyGroupElem = (Element) keyGroupIter.nextNode()) != null) 
         {
-          String keyGroupId = getElementValue(keyGroupElem, ".", null);
-          KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
-
+        	String keyGroupId = getElementValue(keyGroupElem, ".", null);
+        	KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase());
+        	
           if (keyGroup != null) 
           {
             groups.put(keyGroupId, keyGroup);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 79ef1d2..6a007cf 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -633,9 +633,12 @@ public class ConfigurationProvider
     return keyGroups;
   }
   
-  public KeyGroup getKeyGroup(String keyGroupId) {	  
-	  KeyGroup keyGroup = (KeyGroup) keyGroups.get(keyGroupId);
-	  return keyGroup;
+  public KeyGroup getKeyGroup(String keyGroupId) {
+	  if (MiscUtil.isNotEmpty(keyGroupId))
+	  	return (KeyGroup) keyGroups.get(keyGroupId.trim().toLowerCase());
+	  
+	  else
+	  return null;
   }
 
   /**
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index f64643f..23fe487 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -76,16 +76,21 @@ public class TrustProfile {
     
     //TSL configuration parameters
     this.tslEnabled = tslEnabled;
-        
-    setCountries(countries);
-    Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries");
-    
-    setAllowedTspStatus(allowedTspStatus);
-    Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier");
+
+    if (tslEnabled) {    	
+    	setCountries(countries);
+    	if (!this.countries.isEmpty())
+    		Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.countries.toArray()) + " TSL countries");
+    	else
+    		Logger.info("TrustProfile "+ id + " allows " + "ALL" + " TSL countries");
     
-    setAllowedTspServiceTypes(allowedTspServiceTypes);
-    Logger.debug("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier");
-            
+    	setAllowedTspStatus(allowedTspStatus);
+    	Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspStatus.toArray()) + " TSP status identifier");
+    	
+    	setAllowedTspServiceTypes(allowedTspServiceTypes);
+    	Logger.info("TrustProfile "+ id + " allows " + Arrays.toString(this.allowedTspServiceTypes.toArray()) + " TSL service-type identifier");
+    	
+    }            
   }
 
   private void setCountries(String countries) {
@@ -112,7 +117,7 @@ public class TrustProfile {
 		 }
 		  
 	  }	else {
-		  Logger.info("Use default set of TSP Status identifier");
+		  Logger.debug("Use default set of TSP Status identifier");
 		  this.allowedTspStatus.addAll(
 				  Arrays.asList(
 							TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_STATUS_SHORT.granted),
@@ -129,7 +134,7 @@ public class TrustProfile {
 			 String[] ccArray = allowedTspServiceTypes.split(","); 
 			 for (String el : ccArray) {
 				 try {
-					this.allowedTspStatus.add(new URI(el.trim()));
+					this.allowedTspServiceTypes.add(new URI(el.trim()));
 					
 				} catch (URISyntaxException e) {
 					Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")");
@@ -139,11 +144,11 @@ public class TrustProfile {
 			 }
 			  
 		  }	else {
-			  Logger.info("Use default set of TSP Service-Type identifier");
-			  this.allowedTspStatus.addAll(
+			  Logger.debug("Use default set of TSP Service-Type identifier");
+			  this.allowedTspServiceTypes.addAll(
 					  Arrays.asList(
-							  TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
-  							  TslConstants.SERVICE_STATUS_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
+							  TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
+  							  TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
 			  
 		  }
 	  
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
index 83bcf3a..223361d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/TSLServiceFactory.java
@@ -4,9 +4,11 @@ import at.gv.egovernment.moa.sig.tsl.TslClientFactory;
 import at.gv.egovernment.moa.sig.tsl.api.ITslService;
 import at.gv.egovernment.moa.sig.tsl.config.TslConfigurationImpl;
 import at.gv.egovernment.moa.sig.tsl.exception.TslException;
+import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreHandler;
 import at.gv.egovernment.moa.spss.util.MessageProvider;
 import at.gv.egovernment.moaspss.logging.LogMsg;
 import at.gv.egovernment.moaspss.logging.Logger;
+import iaik.pki.store.truststore.TrustStoreFactory;
 
 public class TSLServiceFactory {
 
@@ -17,7 +19,9 @@ public class TSLServiceFactory {
 		if (tslClient == null) {
 			try {
 				tslClient = TslClientFactory.buildTslService(config );
-								
+
+				TrustStoreFactory.addTrustStoreHandler(new ChainingTrustStoreHandler());
+				
 			} catch (TslException e) {
 				Logger.fatal(new LogMsg(MessageProvider.getInstance().getMessage("init.05", new Object[]{e.getMessage()})), e);
 								
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index 0ea0677..6b07594 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -19,6 +19,7 @@ import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 
+import at.gv.egovernment.moa.sig.tsl.TslConstants;
 import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult;
 import at.gv.egovernment.moa.sig.tsl.exception.TslException;
 import at.gv.egovernment.moa.spss.api.common.TslInfos;
@@ -186,7 +187,11 @@ public class CertificateUtils {
 					
 				}
 				
-				ITslEndEntityResult tslCheckResult = TSLServiceFactory.getTSLServiceClient().evaluate(Arrays.asList(chain), signingTime);
+				ITslEndEntityResult tslCheckResult = 
+						TSLServiceFactory.getTSLServiceClient().evaluate(
+								Arrays.asList(chain), 
+								signingTime,
+								TslConstants.CHAIN_MODEL);
 				
 				if (tslCheckResult != null) {				
 					URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier();
@@ -228,15 +233,16 @@ public class CertificateUtils {
 					
 					//check SSCD
 					List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD();
-					for (URI allowedSSCD : allowedSSCDQualifier) {
-						for (URI certSSCD : tslCertificateQualifier) {						
-							if (allowedSSCD.equals(certSSCD)) {
-								sscdSourceTSL = true;
-								sscd = true;
+					if (tslCertificateQualifier != null && allowedSSCDQualifier != null) {						
+						for (URI allowedSSCD : allowedSSCDQualifier) {
+							for (URI certSSCD : tslCertificateQualifier) {						
+								if (allowedSSCD.equals(certSSCD)) {
+									sscdSourceTSL = true;
+									sscd = true;
 							
+								}
 							}
 						}
-						
 					} 
 					if (sscdSourceTSL)					
 						Logger.debug("Certificate is SSCD (Source: TSL)");
-- 
cgit v1.2.3


From 6eb53981bd689212050b4de95b58ae06fd3db088 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Tue, 10 Jan 2017 15:26:33 +0100
Subject: switch canonisation implementation for some types

---
 .../invoke/XMLSignatureCreationProfileFactory.java      | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index cb77ad1..32eab9e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -28,6 +28,7 @@ import iaik.server.modules.algorithms.HashAlgorithms;
 import iaik.server.modules.keys.KeyEntryID;
 import iaik.server.modules.keys.KeyModule;
 import iaik.server.modules.keys.KeyModuleFactory;
+import iaik.server.modules.xml.Canonicalization;
 import iaik.server.modules.xmlsign.SignatureStructureTypes;
 import iaik.server.modules.xmlsign.XMLSignatureCreationProfile;
 import iaik.server.modules.xmlsign.XMLSignatureInsertionLocation;
@@ -57,6 +58,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
 import at.gv.egovernment.moa.spss.server.config.KeyGroup;
 import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
 import at.gv.egovernment.moa.spss.server.iaik.xml.CanonicalizationImpl;
+import at.gv.egovernment.moa.spss.server.iaik.xml.ExclusiveCanonicalizationImpl;
 import at.gv.egovernment.moa.spss.server.iaik.xmlsign.DataObjectTreatmentImpl;
 import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureCreationProfileImpl;
 import at.gv.egovernment.moa.spss.server.iaik.xmlsign.XMLSignatureInsertionLocationImpl;
@@ -136,7 +138,6 @@ public class XMLSignatureCreationProfileFactory {
     TransactionContext context =
       TransactionContextManager.getInstance().getTransactionContext();
     ConfigurationProvider config = context.getConfiguration();
-    CanonicalizationImpl canonicalization;
     List dataObjectTreatmentList;
     Set keySet;
     List transformationSupplements;
@@ -234,9 +235,17 @@ public class XMLSignatureCreationProfileFactory {
       getSignatureInsertionLocationIndex(singleSignatureInfo));
 
     // set the canonicalization algorithm
-    canonicalization =
-      new CanonicalizationImpl(config.getCanonicalizationAlgorithmName());
-    profile.setSignedInfoCanonicalization(canonicalization);
+    String canonicalizationURI = config.getCanonicalizationAlgorithmName();
+    if (Canonicalization.ALL_EXCLUSIVE.contains(canonicalizationURI)) {
+    	ExclusiveCanonicalizationImpl canonicalization = new ExclusiveCanonicalizationImpl(config.getCanonicalizationAlgorithmName(), null);
+    	profile.setSignedInfoCanonicalization(canonicalization);
+    	
+    } else {
+    	CanonicalizationImpl canonicalization =
+    			new CanonicalizationImpl(config.getCanonicalizationAlgorithmName());
+    	profile.setSignedInfoCanonicalization(canonicalization);
+    	
+    }
     
     // set the signed properties
     profile.setSignedProperties(Collections.EMPTY_LIST);
-- 
cgit v1.2.3


From b0d77d439a8df6b09648e19b1ec93f24eadfbe7b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 20 Jan 2017 14:48:55 +0100
Subject: small changes to support TSL-lib version RC2

---
 .../egovernment/moa/spss/api/common/TslInfos.java  |  8 +++
 .../moa/spss/api/impl/TslInfosImpl.java            | 17 ++++-
 .../moa/spss/api/xmlbind/ResponseBuilderUtils.java | 16 ++++-
 .../moa/spss/server/config/TrustProfile.java       | 15 ++--
 .../moa/spss/server/init/SystemInitializer.java    |  1 +
 .../moa/spss/util/CertificateUtils.java            | 81 ++++++++++++++++------
 6 files changed, 107 insertions(+), 31 deletions(-)

(limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa')

diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
index 9718ada..2a04f96 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/common/TslInfos.java
@@ -38,4 +38,12 @@ public interface TslInfos {
 	 * @return
 	 */
 	public List<String> getQualifiers();
+	
+	/**
+	 * Gets additional service information for the analyzed certificate
+	 * 
+	 * @return
+	 */
+	public List<String> getAdditionalServiceInformation();
+	
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
index 120b01a..fad42e6 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/TslInfosImpl.java
@@ -11,9 +11,11 @@ public class TslInfosImpl implements TslInfos {
 	private String tslServiceTypeIdentifier;
 	private String tslServiceTypeStatus;
 	private List<String> tslServiceQualifier = new ArrayList<String>();
+	private List<String> tslAdditionalServiceInformation = new ArrayList<String>();
 	private String tslCountry;
 	
-	public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, List<URI> tslCertificateQualifier) {
+	public TslInfosImpl(String country, String tslServiceTypeStatus, String tslServiceTypeIdentifier, 
+			List<URI> tslCertificateQualifier, List<String> additionalServiceInformation) {
 		this.tslCountry = country;
 		this.tslServiceTypeStatus = tslServiceTypeStatus;
 		this.tslServiceTypeIdentifier = tslServiceTypeIdentifier;
@@ -22,7 +24,11 @@ public class TslInfosImpl implements TslInfos {
 			for (URI el : tslCertificateQualifier)
 				this.tslServiceQualifier.add(el.toString());
 			
-		}					
+		}
+		
+		if (additionalServiceInformation != null)
+			this.tslAdditionalServiceInformation.addAll(additionalServiceInformation);
+		
 	}
 	
 	
@@ -46,4 +52,11 @@ public class TslInfosImpl implements TslInfos {
 		return tslServiceQualifier;
 	}
 
+
+	@Override
+	public List<String> getAdditionalServiceInformation() {
+		return this.tslAdditionalServiceInformation;
+		
+	}
+
 }
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 79a674e..fafbc16 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -205,7 +205,21 @@ public class ResponseBuilderUtils {
     		tslInfoElement.appendChild(tslQualifiers);
     		
     	}
-      	    	
+    	
+    	//append additional service information
+    	if (tslInfos.getAdditionalServiceInformation() != null 
+    			&& tslInfos.getAdditionalServiceInformation().size() > 0) {
+    		Element tslAdditionalServiceInformations = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformations");
+    		
+    		for (String el : tslInfos.getAdditionalServiceInformation()) {
+    			Element tslAdditionalServiceInformation = response.createElementNS(MOA_NS_URI, "AdditionalServiceInformation");
+    			tslAdditionalServiceInformation.setTextContent(el);
+    			tslAdditionalServiceInformations.appendChild(tslAdditionalServiceInformation);
+    			
+    		}    		
+    		tslInfoElement.appendChild(tslAdditionalServiceInformations);
+    		
+    	}      	    
     }
     
     Element publicAuthorityElem =
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
index 23fe487..0063c7f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java
@@ -29,6 +29,8 @@ import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.regex.Pattern;
+import java.util.regex.PatternSyntaxException;
 
 import at.gv.egovernment.moa.sig.tsl.TslConstants;
 import at.gv.egovernment.moaspss.logging.Logger;
@@ -55,7 +57,7 @@ public class TrustProfile {
   private List<String> countries = new ArrayList<String>();
   
   private List<URI> allowedTspStatus = new ArrayList<URI>();
-  private List<URI> allowedTspServiceTypes = new ArrayList<URI>();
+  private List<Pattern> allowedTspServiceTypes = new ArrayList<Pattern>();
   
   
   /**
@@ -134,10 +136,10 @@ public class TrustProfile {
 			 String[] ccArray = allowedTspServiceTypes.split(","); 
 			 for (String el : ccArray) {
 				 try {
-					this.allowedTspServiceTypes.add(new URI(el.trim()));
+					this.allowedTspServiceTypes.add(Pattern.compile(el.trim()));
 					
-				} catch (URISyntaxException e) {
-					Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier (" + el + ")");
+				} catch (PatternSyntaxException e) {
+					Logger.warn("TrustProfile: " + this.id + " contains a non-valid TSP Service-Type identifier Regex pattern(" + el + ")");
 					
 				}
 				 
@@ -147,8 +149,7 @@ public class TrustProfile {
 			  Logger.debug("Use default set of TSP Service-Type identifier");
 			  this.allowedTspServiceTypes.addAll(
 					  Arrays.asList(
-							  TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.CA_QC),
-  							  TslConstants.SERVICE_TYPE_SORT_TO_URI.get(TslConstants.SERVICE_TYPE_SHORT.TSA_QTST)));
+							  Pattern.compile(TslConstants.DEFAULT_REGEX_PATTERN_ALLOW_ALL)));
 			  
 		  }
 	  
@@ -204,7 +205,7 @@ public class TrustProfile {
 	  return allowedTspStatus;
   }
 
-  public List<URI> getAllowedTspServiceTypes() {
+  public List<Pattern> getAllowedTspServiceTypes() {
 	  return allowedTspServiceTypes;
   }
   
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 8ff0b12..1eb9984 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -153,6 +153,7 @@ public class SystemInitializer {
     	  TslConfigurationImpl tslConfig = new TslConfigurationImpl();
     	  tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl());
     	  tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory());
+    	  tslConfig.setNetworkReadTimeout(config.getReadTimeout());
     	  
     	  Logger.info(new LogMsg(msg.getMessage("config.41", null)));
     	  TSLServiceFactory.initialize(tslConfig);    	  
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index 6b07594..ad64052 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -22,6 +22,7 @@ import java.util.List;
 import at.gv.egovernment.moa.sig.tsl.TslConstants;
 import at.gv.egovernment.moa.sig.tsl.engine.data.ITslEndEntityResult;
 import at.gv.egovernment.moa.sig.tsl.exception.TslException;
+import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
 import at.gv.egovernment.moa.spss.api.common.TslInfos;
 import at.gv.egovernment.moa.spss.api.impl.TslInfosImpl;
 import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
@@ -197,10 +198,15 @@ public class CertificateUtils {
 					URI tslServiceTypeIdentifier = tslCheckResult.getEvaluatedServiceTypeIdentifier();
 					List<URI> tslCertificateQualifier = tslCheckResult.getEvaluatedQualifier();
 					
+					// QC evaluation flags
 					boolean qc = false;
 					boolean qcSourceTSL = false;
+					boolean qcDisallowedFromTSL = false;
+					
+					// SSCD/QSCD evaluation flags
 					boolean sscd = false;
 					boolean sscdSourceTSL = false;
+					
 										
 					//check QC
 					List<URI> allowedQCQualifier = config.getTSLConfiguration().getQualifierForQC();
@@ -212,26 +218,8 @@ public class CertificateUtils {
 						}
 						
 					}
-					if (qcSourceTSL)					
-						Logger.debug("Certificate is QC (Source: TSL)");
-					
-					else {
-						// if QC check via TSL returns false
-						// try certificate extensions QCP and QcEuCompliance
-						Logger.debug("QC check via TSL returned false - checking certificate extensions");
-				     	boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
-				        boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
-				        
-				        if (checkQCP || checkQcEuCompliance) {
-				        	Logger.debug("Certificate is QC (Source: Certificate)");
-				        	qc = true;
-				        	
-				        }	
-						
-					}
-					
 					
-					//check SSCD
+					//check SSCD/QSCD qualifiers and mark result acording this check
 					List<URI> allowedSSCDQualifier = config.getTSLConfiguration().getQualifierForSSCD();
 					if (tslCertificateQualifier != null && allowedSSCDQualifier != null) {						
 						for (URI allowedSSCD : allowedSSCDQualifier) {
@@ -243,7 +231,57 @@ public class CertificateUtils {
 								}
 							}
 						}
-					} 
+					}
+					
+					//check additional flags in TSP qualifiers for this certificate					
+					if (tslCertificateQualifier != null) {
+						for (URI qEl : tslCertificateQualifier) {
+							//check if SSCD/QSCD status must be used from cert
+							if (qEl.equals(
+									TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+											TslConstants.SSCD_QUALIFIER_SHORT.QCQSCDStatusAsInCert))
+									|| qEl.equals(TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+											TslConstants.SSCD_QUALIFIER_SHORT.QCSSCDStatusAsInCert))) {
+								
+								sscdSourceTSL = false;
+								sscd = false;
+	
+								//check if extentsion includes a NotQualified flag
+							} else if (qEl.equals(								
+										TslConstants.SSCD_QUALIFIER_SORT_TO_URI.get(
+												TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) {
+								qc = false;
+								qcSourceTSL = false;
+								qcDisallowedFromTSL = true;
+								Logger.info("TSL mark this certificate explicitly as 'NotQualified'!");
+															
+							}											
+						}
+					}
+					
+					//evaluate QC statement according previous selected information 
+					if (qcSourceTSL)					
+						Logger.debug("Certificate is QC (Source: TSL)");
+										
+					else {
+						// if TSL return no service-type identifier us information from certificate
+						if (tslServiceTypeIdentifier == null || 
+								MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
+							// try certificate extensions QCP and QcEuCompliance
+							Logger.debug("QC check via TSL returned false - checking certificate extensions");
+							boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+							boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+				        
+							if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
+								Logger.debug("Certificate is QC (Source: Certificate)");
+								qc = true;
+				        	
+							}
+						}						
+					}
+					
+					
+					//evaluate SSCD/QSCD results according previous selected information  
 					if (sscdSourceTSL)					
 						Logger.debug("Certificate is SSCD (Source: TSL)");
 					
@@ -268,7 +306,8 @@ public class CertificateUtils {
 							tslCheckResult.getTerritory(),
 							tslCheckResult.getTspStatus(),
 							tslServiceTypeIdentifier.toString(),
-							tslCertificateQualifier);
+							tslCertificateQualifier,
+							tslCheckResult.getAdditionalServiceInformation());
 					result.setTslInfos(extTslInfos);
 										
 					return result;
-- 
cgit v1.2.3