From 2972ec31c2bd59434be9ac12872baa30141325df Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 25 Jan 2017 11:54:29 +0100 Subject: update QC evaluation from TSL --> if TSL support is enabled for the requested TrustProfile than ONLY QC information from TSL is used --- .../moa/spss/util/CertificateUtils.java | 71 +++++++++++++--------- 1 file changed, 41 insertions(+), 30 deletions(-) (limited to 'moaSig/moa-sig-lib/src') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index ad64052..ce78580 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -259,26 +259,33 @@ public class CertificateUtils { } } - //evaluate QC statement according previous selected information - if (qcSourceTSL) - Logger.debug("Certificate is QC (Source: TSL)"); - - else { - // if TSL return no service-type identifier us information from certificate - if (tslServiceTypeIdentifier == null || - MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { - // try certificate extensions QCP and QcEuCompliance - Logger.debug("QC check via TSL returned false - checking certificate extensions"); - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - - if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { - Logger.debug("Certificate is QC (Source: Certificate)"); - qc = true; - - } - } - } + /* + * This block is removes with MOA-SP 3.1 because if TSL support is enabled for the requested TrustProfile + * QC evaluation is ONLY allowed from TSL information!!! Because with eIDAS regulation and July 01. 2016 + * the Trust-Status List is constitutive. + */ +// //evaluate QC statement according previous selected information +// if (qcSourceTSL) +// Logger.debug("Certificate is QC (Source: TSL)"); +// +// else { +// +// +// // if TSL return no service-type identifier us information from certificate +// if (tslServiceTypeIdentifier == null || +// MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) { +// // try certificate extensions QCP and QcEuCompliance +// Logger.debug("QC check via TSL returned false - checking certificate extensions"); +// boolean checkQCP = CertificateUtils.checkQCP(chain[0]); +// boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); +// +// if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) { +// Logger.debug("Certificate is QC (Source: Certificate)"); +// qc = true; +// +// } +// } +// } //evaluate SSCD/QSCD results according previous selected information @@ -313,13 +320,14 @@ public class CertificateUtils { return result; } else { - Logger.debug("Qualifier check via TSL return null - checking certificate extensions"); - return parseInfosFromCertificate(chain); + Logger.debug("Qualifier check via TSL return null - checking certificate extensions without QC evaluation"); + return parseInfosFromCertificate(chain, false); } } else - return parseInfosFromCertificate(chain); + Logger.info("TSL support is not enabled - checking certificate extensions with QC evaluation "); + return parseInfosFromCertificate(chain, true); } catch (TslException e) { MessageProvider msg = MessageProvider.getInstance(); @@ -330,19 +338,22 @@ public class CertificateUtils { } - private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain) { + private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain, boolean performQCEvaluation) { boolean qc = false; boolean sscd = false; // Trustprofile is not TSL enabled - use certificate extensions only - // perform QC check - // try certificate extensions QCP and QcEuCompliance - boolean checkQCP = CertificateUtils.checkQCP(chain[0]); - boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); + if (performQCEvaluation) { + // perform QC check + // try certificate extensions QCP and QcEuCompliance + boolean checkQCP = CertificateUtils.checkQCP(chain[0]); + boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]); - if (checkQCP || checkQcEuCompliance) - qc = true; + if (checkQCP || checkQcEuCompliance) + qc = true; + + } // perform SSCD check // try certificate extensions QCP+ and QcEuSSCD -- cgit v1.2.3 From 22607c8b05d03e7da006e34713231f6c41ea9f1b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 1 Feb 2017 10:11:14 +0100 Subject: fix wrong readtime in TSL config --- .../java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'moaSig/moa-sig-lib/src') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 1eb9984..295e861 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -153,7 +153,7 @@ public class SystemInitializer { TslConfigurationImpl tslConfig = new TslConfigurationImpl(); tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl()); tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory()); - tslConfig.setNetworkReadTimeout(config.getReadTimeout()); + tslConfig.setNetworkReadTimeout(config.getReadTimeout() / 1000); Logger.info(new LogMsg(msg.getMessage("config.41", null))); TSLServiceFactory.initialize(tslConfig); -- cgit v1.2.3 From 45819f5a12b1942d5c942ec909e22536b16aa56c Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 1 Feb 2017 10:11:47 +0100 Subject: fix wrong result in VerifyPDFSignatureResponse --- .../moa/spss/api/xmlbind/ResponseBuilderUtils.java | 16 ++++++++++++++++ .../api/xmlbind/VerifyPDFSignatureResponseBuilder.java | 14 +++++++++----- 2 files changed, 25 insertions(+), 5 deletions(-) (limited to 'moaSig/moa-sig-lib/src') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index fafbc16..91dc6b9 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -68,6 +68,22 @@ public class ResponseBuilderUtils { private static final String DSIG_NS_URI = Constants.DSIG_NS_URI; private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; + /** + * Add an DOM element with a specific name as child to a root element + * + * @param elementName Name of the DOM element + * @param response Full document with namespace information + * @param rootElement Root element + * @return new child DOM element + */ + public static Element addChildElement(String elementName, Document response, + Element rootElement) { + Element childElement = response.createElementNS(MOA_NS_URI, elementName); + rootElement.appendChild(childElement); + return childElement; + + } + /** * Create a response element with all the namespaces set. * diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java index f58b68a..98b54a3 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java @@ -48,7 +48,7 @@ public class VerifyPDFSignatureResponseBuilder { /** The XML document containing the response element. */ private Document responseDoc; /** The response VerifyCMSSignatureResponse DOM element. */ - private Element responseElem; + private Element responseRootElem; /** * Create a new VerifyCMSSignatureResponseBuilder: @@ -59,7 +59,7 @@ public class VerifyPDFSignatureResponseBuilder { public VerifyPDFSignatureResponseBuilder() throws MOASystemException { responseDoc = ResponseBuilderUtils.createResponse("VerifyPDFSignatureResponse"); - responseElem = responseDoc.getDocumentElement(); + responseRootElem = responseDoc.getDocumentElement(); } /** @@ -78,10 +78,13 @@ public class VerifyPDFSignatureResponseBuilder { Iterator iter; + for (iter = response.getResponseElements().iterator(); iter.hasNext();) { VerifyCMSSignatureResponseElement responseElement = - (VerifyCMSSignatureResponseElement) iter.next(); - addResponseElement(responseElement); + (VerifyCMSSignatureResponseElement) iter.next(); + Element signatureResult = ResponseBuilderUtils.addChildElement("SignatureResult", responseDoc, responseRootElem); + addResponseElement(responseElement, signatureResult); + } return responseDoc; @@ -91,9 +94,10 @@ public class VerifyPDFSignatureResponseBuilder { * Add an element to the response. * * @param responseElement The element to add to the response. + * @param signatureResult * @throws MOAApplicationException An error occurred adding the element. */ - private void addResponseElement(VerifyCMSSignatureResponseElement responseElement) + private void addResponseElement(VerifyCMSSignatureResponseElement responseElement, Element responseElem) throws MOAApplicationException { SignerInfo signerInfo = responseElement.getSignerInfo(); -- cgit v1.2.3