From 70119c48e95272f1f9dfc5f92d5c0c349e4fa7cc Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 3 Nov 2010 17:31:04 +0000
Subject: revocation service type order configurable

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@817 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../gv/egiz/bku/spring/PKIProfileFactoryBean.java  | 41 ++++++++++++++++++++--
 bkucommon/src/site/apt/configuration.apt           |  4 +++
 2 files changed, 42 insertions(+), 3 deletions(-)

(limited to 'bkucommon/src')

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java b/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java
index 97a0d872..d5eb411d 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/spring/PKIProfileFactoryBean.java
@@ -48,9 +48,15 @@ import org.springframework.core.io.ResourceLoader;
 
 import at.gv.egiz.bku.conf.IAIKLogAdapterFactory;
 import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
+import java.util.ArrayList;
+import java.util.List;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
 
+  protected static final Logger log = LoggerFactory.getLogger(PKIProfileFactoryBean.class);
+
   /**
    * The configuration facade.
    */
@@ -68,6 +74,8 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
     
     public static final String SSL_CA_DIRECTORY_DEFAULT = "classpath:at/gv/egiz/bku/certs/trustStore";
     
+    public static final String SSL_REVOCATION_SERVICE_ORDER = "SSL.revocationServiceOrder";
+
     public URL getCertDirectory() throws MalformedURLException {
       return getURL(SSL_CERT_DIRECTORY);
     }
@@ -75,7 +83,11 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
     public URL getCaDirectory() throws MalformedURLException {
       return getURL(SSL_CA_DIRECTORY);
     }
-    
+
+    public List<String> getRevocationServiceOrder() throws Exception {
+      return configuration.getList(SSL_REVOCATION_SERVICE_ORDER);
+    }
+
     private URL getURL(String key) throws MalformedURLException {
       String url = configuration.getString(key);
       if (url == null || url.isEmpty()) {
@@ -199,6 +211,30 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
         TrustStoreTypes.DIRECTORY, caDirectory.getAbsolutePath());
     
   }
+
+  protected String[] createRevocationServiceOrder() throws Exception {
+    List<String> services = configurationFacade.getRevocationServiceOrder();
+
+    if (services != null) {
+      List<String> order = new ArrayList<String>(2);
+      for (String service : services) {
+        if ("OCSP".equals(service)) {
+          order.add(RevocationSourceTypes.OCSP);
+        } else if ("CRL".equals(service)) {
+          order.add(RevocationSourceTypes.CRL);
+        } else {
+          throw new Exception("Unsupported revocation service type " + service);
+        }
+      }
+      if (!order.isEmpty()) {
+        log.info("configure revocation service type order: {}", order);
+        return order.toArray(new String[order.size()]);
+      }
+    }
+    log.info("configure default revocation service type order: [OCSP, CRL]");
+    return new String[]
+      { RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL };
+  }
   
   @Override
   public Object getObject() throws Exception {
@@ -216,8 +252,7 @@ public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
     DefaultPKIProfile pkiProfile = new DefaultPKIProfile(trustProfile);
     
     pkiProfile.setAutoAddCertificates(true);
-    pkiProfile.setPreferredServiceOrder(new String[] {
-        RevocationSourceTypes.OCSP, RevocationSourceTypes.CRL });
+    pkiProfile.setPreferredServiceOrder(createRevocationServiceOrder());
     
     return pkiProfile;
   }
diff --git a/bkucommon/src/site/apt/configuration.apt b/bkucommon/src/site/apt/configuration.apt
index 1a5adee1..15340c71 100644
--- a/bkucommon/src/site/apt/configuration.apt
+++ b/bkucommon/src/site/apt/configuration.apt
@@ -77,6 +77,10 @@ MOCCA Configuration
 		[<<<disableAllChecks>>>] May be set to <<<true>>> to disable all TSL/SSL related checks.
 		
 		Default: <<<false>>>
+
+        [<<<revocationServiceOrder>>>] May be set to <<<CRL,OCSP>>>, <<<CRL>>> or <<<OCSP>>> to define the (order of) revocation service(s) to be used.
+
+        Default: <<<OCSP,CRL>>>
 		
 	[<<<ProductName>>>] May be specified to set the product name given by the <<<Server>>> and <<<User-Agent>>> HTTP headers as specified by {{{http://www.buergerkarte.at/konzept/securitylayer/spezifikation/aktuell/bindings/bindings.en.html#http}HTTP binding}}.
 	
-- 
cgit v1.2.3