From 70119c48e95272f1f9dfc5f92d5c0c349e4fa7cc Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 3 Nov 2010 17:31:04 +0000 Subject: revocation service type order configurable git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@817 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/bku/spring/PKIProfileFactoryBean.java | 41 ++++++++++++++++++++-- 1 file changed, 38 insertions(+), 3 deletions(-) (limited to 'bkucommon/src/main') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java index 97a0d872..d5eb411d 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java @@ -48,9 +48,15 @@ import org.springframework.core.io.ResourceLoader; import at.gv.egiz.bku.conf.IAIKLogAdapterFactory; import at.gv.egiz.bku.conf.MoccaConfigurationFacade; +import java.util.ArrayList; +import java.util.List; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware { + protected static final Logger log = LoggerFactory.getLogger(PKIProfileFactoryBean.class); + /** * The configuration facade. */ @@ -68,6 +74,8 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware { public static final String SSL_CA_DIRECTORY_DEFAULT = "classpath:at/gv/egiz/bku/certs/trustStore"; + public static final String SSL_REVOCATION_SERVICE_ORDER = "SSL.revocationServiceOrder"; + public URL getCertDirectory() throws MalformedURLException { return getURL(SSL_CERT_DIRECTORY); } @@ -75,7 +83,11 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware { public URL getCaDirectory() throws MalformedURLException { return getURL(SSL_CA_DIRECTORY); } - + + public List getRevocationServiceOrder() throws Exception { + return configuration.getList(SSL_REVOCATION_SERVICE_ORDER); + } + private URL getURL(String key) throws MalformedURLException { String url = configuration.getString(key); if (url == null || url.isEmpty()) { @@ -199,6 +211,30 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware { TrustStoreTypes.DIRECTORY, caDirectory.getAbsolutePath()); } + + protected String[] createRevocationServiceOrder() throws Exception { + List services = configurationFacade.getRevocationServiceOrder(); + + if (services != null) { + List order = new ArrayList(2); + for (String service : services) { + if ("OCSP".equals(service)) { + order.add(RevocationSourceTypes.OCSP); + } else if ("CRL".equals(service)) { + order.add(RevocationSourceTypes.CRL); + } else { + throw new Exception("Unsupported revocation service type " + service); + } + } + if (!order.isEmpty()) { + log.info("configure revocation service type order: {}", order); + return order.toArray(new String[order.size()]); + } + } + log.info("configure default revocation service type order: [OCSP, CRL]"); + return new String[] + { RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL }; + } @Override public Object getObject() throws Exception { @@ -216,8 +252,7 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware { DefaultPKIProfile pkiProfile = new DefaultPKIProfile(trustProfile); pkiProfile.setAutoAddCertificates(true); - pkiProfile.setPreferredServiceOrder(new String[] { - RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL }); + pkiProfile.setPreferredServiceOrder(createRevocationServiceOrder()); return pkiProfile; } -- cgit v1.2.3