summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-03 17:20:21 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-03 17:20:21 +0100
commited67667ea4e069fb1c19708788ff82c7455a7e99 (patch)
treeccc50200290c1e97046324c62b9c5eb66bbc73b4
parent3098ef6c3af449e13232f7a6de4b159f092d8675 (diff)
downloadEAAF-Components-ed67667ea4e069fb1c19708788ff82c7455a7e99.tar.gz
EAAF-Components-ed67667ea4e069fb1c19708788ff82c7455a7e99.tar.bz2
EAAF-Components-ed67667ea4e069fb1c19708788ff82c7455a7e99.zip
Initialize IAIK-MOA on any request, because there is an open unknown issue with signature-verification and lost configuration states
-rw-r--r--eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java14
-rw-r--r--eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java31
2 files changed, 32 insertions, 13 deletions
diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
index 955648c6..1c6e6e76 100644
--- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
+++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java
@@ -27,6 +27,11 @@ import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -37,12 +42,6 @@ import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricK
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils;
-
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.core.io.Resource;
-import org.springframework.core.io.ResourceLoader;
-
import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -246,7 +245,8 @@ public class EaafKeyStoreFactory {
clientUsername, clientPassword, hsmFacadeHost, port);
if (rawProvider instanceof Provider) {
- Security.insertProviderAt((Provider) rawProvider, 0);
+ Security.addProvider((Provider) rawProvider);
+
isHsmFacadeInitialized = true;
log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM",
EaafKeyStoreFactory.class.getSimpleName());
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
index 11881cbf..37d80337 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java
@@ -1,20 +1,24 @@
package at.gv.egiz.eaaf.modules.sigverify.moasig.impl;
+import java.security.Provider;
+import java.security.Security;
+
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.w3c.dom.Document;
+
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.w3c.dom.Document;
-
public abstract class AbstractSignatureService {
private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);
@@ -54,16 +58,31 @@ public abstract class AbstractSignatureService {
}
+ //set Logging context into MOA-Sig
if (logMgr.getLoggingContext() == null) {
final LoggingContext ctx = new LoggingContext(transactionID);
logMgr.setLoggingContext(ctx);
}
- //new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig());
+ //dump Java Security-Providers
+ if (log.isTraceEnabled()) {
+ dumpSecProviders("MOA-Sig Context-SetUp");
+
+ }
+
+ new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig());
}
+ private static void dumpSecProviders(String message) {
+ log.trace("Security Providers: {}", message);
+ for (final Provider provider : Security.getProviders()) {
+ log.trace(" - {} - {}", provider.getName(), provider.getVersion());
+
+ }
+ }
+
/**
* Tear down thread-local context information.
*/