@Bean public TrustedListsCertificateSource trustedListSource(KeyStoreCertificateSource keyStoreCertificateSource) { return new TrustedListsCertificateSource(); }
@Override public List<String> getAlternativeOCSPUrls(CertificateToken trustAnchor) { return getServiceSupplyPoints(trustAnchor, "ocsp"); }
public static TSLCertificateSource addCertificatesFromTrustedListSource(TSLCertificateSource tsl, TrustedListsCertificateSource trustedListSource) { trustedListSource.getCertificates().forEach(certToken -> { ServiceInfo serviceInfo = null; if (!certToken.getAssociatedTSPS().isEmpty()) { serviceInfo = (ServiceInfo) certToken.getAssociatedTSPS().toArray()[0]; } tsl.addCertificate(certToken, serviceInfo); }); LOGGER.debug("{} certificates added to TSL certificate source", trustedListSource.getCertificates().size()); return tsl; } }
private List<String> getServiceSupplyPoints(CertificateToken trustAnchor, String... keywords) { List<String> urls = new ArrayList<String>(); Set<ServiceInfo> trustServices = getTrustServices(trustAnchor); for (ServiceInfo serviceInfo : trustServices) { for (ServiceInfoStatus serviceInfoStatus : serviceInfo.getStatus()) { List<String> serviceSupplyPoints = serviceInfoStatus.getServiceSupplyPoints(); if (Utils.isCollectionNotEmpty(serviceSupplyPoints)) { for (String serviceSupplyPoint : serviceSupplyPoints) { for (String keyword : keywords) { if (serviceSupplyPoint.contains(keyword)) { LOG.debug("ServiceSupplyPoints (TL) found for keyword '{}'", keyword); urls.add(serviceSupplyPoint); } } } } } } return urls; }
"SfDzzBLc5+6TqgQTOG7GaZk2diMkn03iLdHGFrh8ML+mXG9SjEPI"); tlCertSource.addCertificate(certToken, getCAServiceInfoWithQcConditions(certToken, "TEST of EE Certification Centre Root CA")); "8luw0f/AaC5qsEdwKrKT+p1xvnjSyIVfcMiu6Q3T2EE="); tlCertSource.addCertificate(certToken, getCAServiceInfoWithQcConditions(certToken, "TEST of EE-GovCA2018")); tlCertSource.addCertificate(certToken, getCAServiceInfoWithQcConditions(certToken, "TEST of ESTEID2018")); tlCertSource.addCertificate(certToken, getCAServiceInfoWithQcConditions(certToken, "TEST of ESTEID-SK 2011")); tlCertSource.addCertificate(certToken, getCAServiceInfoWithQcConditions(certToken, "TEST of ESTEID-SK 2015")); tlCertSource.addCertificate(certToken, getCAServiceInfo(UNDER_SUPERVISION, certToken, "Nortal NQSK16 Test Cert Signing")); tlCertSource.addCertificate(certToken, getCAServiceInfoWithQcConditions(certToken, "TEST of KLASS3-SK 2010")); tlCertSource.addCertificate(certToken, getOCSPServiceInfo(certToken)); tlCertSource.addCertificate(certToken, getCAServiceInfoWithQcConditions(certToken, "QuoVadis Time-Stamp Authority 1")); tlCertSource.addCertificate(certToken, getCAServiceInfoWithQcConditions(certToken, "DEMO of SK TSA 2014")); tlCertSource.addCertificate(certToken, getCAServiceInfoWithQcConditions(certToken, "QuoVadis Time-Stamp Authority 2")); tlCertSource.addCertificate(certToken, getCAServiceInfo(UNDER_SUPERVISION, certToken, "Management CA"));
private void reloadTrustedCertificatesIfNecessary(PolicyConfigurationWrapper policyConfiguration) { Configuration configuration = policyConfiguration.getConfiguration(); if (configuration.getTSL().getCertificates().size() != trustedListSource.getCertificates().size()) { LOGGER.debug("some or all trusted certificates are not added to D4J configuration, repopulating from cert pool"); policyConfiguration.getConfiguration().setTSL(TSLUtils.addCertificatesFromTrustedListSource(configuration.getTSL(), trustedListSource)); } }
@Override public List<String> getAlternativeCRLUrls(CertificateToken trustAnchor) { return getServiceSupplyPoints(trustAnchor, "crl", "certificateRevocationList"); }