From 2972ec31c2bd59434be9ac12872baa30141325df Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 25 Jan 2017 11:54:29 +0100
Subject: update QC evaluation from TSL --> if TSL support is enabled for the
requested TrustProfile than ONLY QC information from TSL is used
---
.../moa/spss/util/CertificateUtils.java | 71 +++++++++++++---------
1 file changed, 41 insertions(+), 30 deletions(-)
(limited to 'moaSig/moa-sig-lib/src')
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index ad64052..ce78580 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -259,26 +259,33 @@ public class CertificateUtils {
}
}
- //evaluate QC statement according previous selected information
- if (qcSourceTSL)
- Logger.debug("Certificate is QC (Source: TSL)");
-
- else {
- // if TSL return no service-type identifier us information from certificate
- if (tslServiceTypeIdentifier == null ||
- MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
- // try certificate extensions QCP and QcEuCompliance
- Logger.debug("QC check via TSL returned false - checking certificate extensions");
- boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
- boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
-
- if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
- Logger.debug("Certificate is QC (Source: Certificate)");
- qc = true;
-
- }
- }
- }
+ /*
+ * This block is removes with MOA-SP 3.1 because if TSL support is enabled for the requested TrustProfile
+ * QC evaluation is ONLY allowed from TSL information!!! Because with eIDAS regulation and July 01. 2016
+ * the Trust-Status List is constitutive.
+ */
+// //evaluate QC statement according previous selected information
+// if (qcSourceTSL)
+// Logger.debug("Certificate is QC (Source: TSL)");
+//
+// else {
+//
+//
+// // if TSL return no service-type identifier us information from certificate
+// if (tslServiceTypeIdentifier == null ||
+// MiscUtil.isEmpty(tslServiceTypeIdentifier.toString())) {
+// // try certificate extensions QCP and QcEuCompliance
+// Logger.debug("QC check via TSL returned false - checking certificate extensions");
+// boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+// boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+//
+// if ((checkQCP || checkQcEuCompliance) && !qcDisallowedFromTSL) {
+// Logger.debug("Certificate is QC (Source: Certificate)");
+// qc = true;
+//
+// }
+// }
+// }
//evaluate SSCD/QSCD results according previous selected information
@@ -313,13 +320,14 @@ public class CertificateUtils {
return result;
} else {
- Logger.debug("Qualifier check via TSL return null - checking certificate extensions");
- return parseInfosFromCertificate(chain);
+ Logger.debug("Qualifier check via TSL return null - checking certificate extensions without QC evaluation");
+ return parseInfosFromCertificate(chain, false);
}
} else
- return parseInfosFromCertificate(chain);
+ Logger.info("TSL support is not enabled - checking certificate extensions with QC evaluation ");
+ return parseInfosFromCertificate(chain, true);
}
catch (TslException e) {
MessageProvider msg = MessageProvider.getInstance();
@@ -330,19 +338,22 @@ public class CertificateUtils {
}
- private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain) {
+ private static QCSSCDResult parseInfosFromCertificate(X509Certificate[] chain, boolean performQCEvaluation) {
boolean qc = false;
boolean sscd = false;
// Trustprofile is not TSL enabled - use certificate extensions only
- // perform QC check
- // try certificate extensions QCP and QcEuCompliance
- boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
- boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
+ if (performQCEvaluation) {
+ // perform QC check
+ // try certificate extensions QCP and QcEuCompliance
+ boolean checkQCP = CertificateUtils.checkQCP(chain[0]);
+ boolean checkQcEuCompliance = CertificateUtils.checkQcEuCompliance(chain[0]);
- if (checkQCP || checkQcEuCompliance)
- qc = true;
+ if (checkQCP || checkQcEuCompliance)
+ qc = true;
+
+ }
// perform SSCD check
// try certificate extensions QCP+ and QcEuSSCD
--
cgit v1.2.3
From 22607c8b05d03e7da006e34713231f6c41ea9f1b Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 1 Feb 2017 10:11:14 +0100
Subject: fix wrong readtime in TSL config
---
.../java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'moaSig/moa-sig-lib/src')
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 1eb9984..295e861 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -153,7 +153,7 @@ public class SystemInitializer {
TslConfigurationImpl tslConfig = new TslConfigurationImpl();
tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl());
tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory());
- tslConfig.setNetworkReadTimeout(config.getReadTimeout());
+ tslConfig.setNetworkReadTimeout(config.getReadTimeout() / 1000);
Logger.info(new LogMsg(msg.getMessage("config.41", null)));
TSLServiceFactory.initialize(tslConfig);
--
cgit v1.2.3
From 45819f5a12b1942d5c942ec909e22536b16aa56c Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Wed, 1 Feb 2017 10:11:47 +0100
Subject: fix wrong result in VerifyPDFSignatureResponse
---
.../moa/spss/api/xmlbind/ResponseBuilderUtils.java | 16 ++++++++++++++++
.../api/xmlbind/VerifyPDFSignatureResponseBuilder.java | 14 +++++++++-----
2 files changed, 25 insertions(+), 5 deletions(-)
(limited to 'moaSig/moa-sig-lib/src')
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index fafbc16..91dc6b9 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -68,6 +68,22 @@ public class ResponseBuilderUtils {
private static final String DSIG_NS_URI = Constants.DSIG_NS_URI;
private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+ /**
+ * Add an DOM element with a specific name as child to a root element
+ *
+ * @param elementName Name of the DOM element
+ * @param response Full document with namespace information
+ * @param rootElement Root element
+ * @return new child DOM element
+ */
+ public static Element addChildElement(String elementName, Document response,
+ Element rootElement) {
+ Element childElement = response.createElementNS(MOA_NS_URI, elementName);
+ rootElement.appendChild(childElement);
+ return childElement;
+
+ }
+
/**
* Create a response element with all the namespaces set.
*
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
index f58b68a..98b54a3 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java
@@ -48,7 +48,7 @@ public class VerifyPDFSignatureResponseBuilder {
/** The XML document containing the response element. */
private Document responseDoc;
/** The response <code>VerifyCMSSignatureResponse</code> DOM element. */
- private Element responseElem;
+ private Element responseRootElem;
/**
* Create a new <code>VerifyCMSSignatureResponseBuilder</code>:
@@ -59,7 +59,7 @@ public class VerifyPDFSignatureResponseBuilder {
public VerifyPDFSignatureResponseBuilder() throws MOASystemException {
responseDoc =
ResponseBuilderUtils.createResponse("VerifyPDFSignatureResponse");
- responseElem = responseDoc.getDocumentElement();
+ responseRootElem = responseDoc.getDocumentElement();
}
/**
@@ -78,10 +78,13 @@ public class VerifyPDFSignatureResponseBuilder {
Iterator iter;
+
for (iter = response.getResponseElements().iterator(); iter.hasNext();) {
VerifyCMSSignatureResponseElement responseElement =
- (VerifyCMSSignatureResponseElement) iter.next();
- addResponseElement(responseElement);
+ (VerifyCMSSignatureResponseElement) iter.next();
+ Element signatureResult = ResponseBuilderUtils.addChildElement("SignatureResult", responseDoc, responseRootElem);
+ addResponseElement(responseElement, signatureResult);
+
}
return responseDoc;
@@ -91,9 +94,10 @@ public class VerifyPDFSignatureResponseBuilder {
* Add an element to the response.
*
* @param responseElement The element to add to the response.
+ * @param signatureResult
* @throws MOAApplicationException An error occurred adding the element.
*/
- private void addResponseElement(VerifyCMSSignatureResponseElement responseElement)
+ private void addResponseElement(VerifyCMSSignatureResponseElement responseElement, Element responseElem)
throws MOAApplicationException {
SignerInfo signerInfo = responseElement.getSignerInfo();
--
cgit v1.2.3