/*
* Copyright 2003 Federal Chancellery Austria
* MOA-SPSS has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
*
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
*
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*/
package at.gv.egovernment.moa.spss.server.iaik.pki;
import iaik.pki.PKIProfile;
import iaik.pki.pathvalidation.ValidationProfile;
import iaik.pki.revocation.RevocationProfile;
import iaik.pki.store.truststore.TrustStoreProfile;
import iaik.pki.store.truststore.TrustStoreTypes;
import java.util.Arrays;
import at.gv.egovernment.moa.sig.tsl.exception.TslPKIException;
import at.gv.egovernment.moa.sig.tsl.pki.TslTrustStoreProfile;
import at.gv.egovernment.moa.sig.tsl.pki.chaining.ChainingTrustStoreProfile;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.TrustProfile;
import at.gv.egovernment.moa.spss.server.iaik.pki.pathvalidation.ValidationProfileImpl;
import at.gv.egovernment.moa.spss.server.iaik.pki.revocation.RevocationProfileImpl;
import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStoreProfileImpl;
import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory;
import at.gv.egovernment.moaspss.logging.Logger;
/**
* Implementation of the PKIProfile
interface containing
* information needed for certificate path validation. It uses configuration
* data from the MOA configuration.
*
* @author Patrick Peck
* @version $Id$
*/
public class PKIProfileImpl implements PKIProfile {
/** Profile information for revocation checking. */
private RevocationProfile revocationProfile;
/** Profile information about the trust profile to use. */
private TrustStoreProfile trustStoreProfile;
/** Profile information about the certificate validation. */
private ValidationProfile validationProfile;
/**
* The ConfigurationProvider
to read the MOA configuration data
* from.
*/
private ConfigurationProvider config;
/**
* Create a new PKIProfileImpl
.
*
* @param config
* The MOA configuration providing configuration data about
* certificate path validation.
* @param trustProfileID
* The trust profile ID denoting the location of the trust store.
* @throws MOAApplicationException
* An error occurred building the profile.
*/
public PKIProfileImpl(ConfigurationProvider config, String trustProfileID) throws MOAApplicationException {
this.config = config;
setRevocationProfile(new RevocationProfileImpl(config));
setValidationProfile(new ValidationProfileImpl(config));
//generate TrustStoreProfile from TrustStore configuration
internalTrustProfileBuilder(trustProfileID);
}
private void internalTrustProfileBuilder(String trustProfileId) throws MOAApplicationException {
TrustProfile tp = (TrustProfile) config.getTrustProfile(trustProfileId);
if (tp != null) {
//build directory based trust store as default
if (tp.isTSLEnabled()) {
//build TSL truststore if enabled
TslTrustStoreProfile tslTrustStore;
try {
tslTrustStore = TSLServiceFactory.getTSLServiceClient().
buildTrustStoreProfile(
tp.getCountries(),
tp.getAllowedTspStatus(),
tp.getAllowedTspServiceTypes(),
trustProfileId + "_TSL");
//build Directory based TrustStore
TrustStoreProfileImpl directoryTrustStore = new TrustStoreProfileImpl(trustProfileId + "_Directory", tp.getUri());
//generate a virtual truststore that concatenates the TSL TrustStore and the directory TrustStore
ChainingTrustStoreProfile chainedProfile = new ChainingTrustStoreProfile(
Arrays.asList(tslTrustStore, directoryTrustStore),
trustProfileId);
//set this virtual truststore
setTrustStoreProfile(chainedProfile);
} catch (TslPKIException e) {
Logger.error("Virtual TSL based TrustProfile generation FAILED.", e);
throw new MOAApplicationException("2900", new Object[] { trustProfileId });
}
} else
setTrustStoreProfile(new TrustStoreProfileImpl(trustProfileId, tp.getUri()));
} else {
throw new MOAApplicationException("2203", new Object[] { trustProfileId });
}
}
/**
* @see iaik.pki.PKIProfile#autoAddCertificates()
*/
/*public boolean autoAddCertificates() {
return useAuthorityInfoAccess() ? true : config.getAutoAddCertificates();
}*/
/**
* @see iaik.pki.PKIProfile#getRevocationProfile()
*/
public RevocationProfile getRevocationProfile() {
return revocationProfile;
}
/**
* Sets the RevocationProfile
.
*
* @param revocationProfile
* The RevocationProfile
used for revocation
* checking.
*/
protected void setRevocationProfile(RevocationProfile revocationProfile) {
this.revocationProfile = revocationProfile;
}
/**
* @see iaik.pki.PKIProfile#getTrustStoreProfile()
*/
public TrustStoreProfile getTrustStoreProfile() {
return trustStoreProfile;
}
/**
* Sets the TrustStoreProfile
.
*
* @param trustStoreProfile
* The TrustStoreProfile
.
*/
protected void setTrustStoreProfile(TrustStoreProfile trustStoreProfile) {
this.trustStoreProfile = trustStoreProfile;
}
/**
* @see iaik.pki.PKIProfile#getValidationProfile()
*/
public ValidationProfile getValidationProfile() {
return validationProfile;
}
/**
* Sets the ValidationProfile
.
*
* @param validationProfile
* The ValidationProfile
to set.
*/
protected void setValidationProfile(ValidationProfile validationProfile) {
this.validationProfile = validationProfile;
}
/**
* @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
*/
public boolean useAuthorityInfoAccess() {
return config.getUseAuthorityInfoAccess();
}
/**
* @see iaik.pki.PKIProfile#autoAddCertificates()
*/
@Override
public int autoAddCertificates() {
if(config.getAutoAddCertificates()) {
return PKIProfile.AUTO_ADD_EE_DISABLE;
} else {
return PKIProfile.AUTO_ADD_DISABLE;
}
// TODO AFITZEK allow saving of end entity certificates
}
@Override
public TrustStoreProfile getIndirectRevocationTrustStoreProfile() {
// TODO AFITZEK IMPLEMENT THIS METHOD
return null;
}
}