revocation service type order configurable

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@817 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4

1 files changed, 38 insertions, 3 deletions

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java
index 97a0d872..d5eb411d 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java
@@ -48,9 +48,15 @@ import org.springframework.core.io.ResourceLoader;
 
 import at.gv.egiz.bku.conf.IAIKLogAdapterFactory;
 import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
+import java.util.ArrayList;
+import java.util.List;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
 
+  protected static final Logger log = LoggerFactory.getLogger(PKIProfileFactoryBean.class);
+
   /**
    * The configuration facade.
    */
@@ -68,6 +74,8 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
     
     public static final String SSL_CA_DIRECTORY_DEFAULT = "classpath:at/gv/egiz/bku/certs/trustStore";
     
+    public static final String SSL_REVOCATION_SERVICE_ORDER = "SSL.revocationServiceOrder";
+
     public URL getCertDirectory() throws MalformedURLException {
       return getURL(SSL_CERT_DIRECTORY);
     }
@@ -75,7 +83,11 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
     public URL getCaDirectory() throws MalformedURLException {
       return getURL(SSL_CA_DIRECTORY);
     }
-    
+
+    public List<String> getRevocationServiceOrder() throws Exception {
+      return configuration.getList(SSL_REVOCATION_SERVICE_ORDER);
+    }
+
     private URL getURL(String key) throws MalformedURLException {
       String url = configuration.getString(key);
       if (url == null || url.isEmpty()) {
@@ -199,6 +211,30 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
         TrustStoreTypes.DIRECTORY, caDirectory.getAbsolutePath());
     
   }
+
+  protected String[] createRevocationServiceOrder() throws Exception {
+    List<String> services = configurationFacade.getRevocationServiceOrder();
+
+    if (services != null) {
+      List<String> order = new ArrayList<String>(2);
+      for (String service : services) {
+        if ("OCSP".equals(service)) {
+          order.add(RevocationSourceTypes.OCSP);
+        } else if ("CRL".equals(service)) {
+          order.add(RevocationSourceTypes.CRL);
+        } else {
+          throw new Exception("Unsupported revocation service type " + service);
+        }
+      }
+      if (!order.isEmpty()) {
+        log.info("configure revocation service type order: {}", order);
+        return order.toArray(new String[order.size()]);
+      }
+    }
+    log.info("configure default revocation service type order: [OCSP, CRL]");
+    return new String[]
+      { RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL };
+  }
   
   @Override
   public Object getObject() throws Exception {
@@ -216,8 +252,7 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
     DefaultPKIProfile pkiProfile = new DefaultPKIProfile(trustProfile);
     
     pkiProfile.setAutoAddCertificates(true);
-    pkiProfile.setPreferredServiceOrder(new String[] {
-        RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL });
+    pkiProfile.setPreferredServiceOrder(createRevocationServiceOrder());
     
     return pkiProfile;
   }