diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_moa-sig/src/main')
5 files changed, 150 insertions, 89 deletions
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java new file mode 100644 index 00000000..66eedd79 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java @@ -0,0 +1,5 @@ +package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api; + +public interface ISignatureCreationService { + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java new file mode 100644 index 00000000..fe99e328 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java @@ -0,0 +1,113 @@ +package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; + +import java.security.Provider; +import java.security.Security; + +import javax.annotation.PostConstruct; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Document; + +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import iaik.asn1.structures.AlgorithmID; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +public abstract class AbstractSignatureService { + private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class); + private static boolean isMOASigInitialized = false; + + + @PostConstruct + private synchronized void initialize() throws MOASigServiceConfigurationException { + + if (!isMOASigInitialized) { + log.info("Initializing MOA-Sig signature-verification service ... "); + + log.info("Loading Java security providers."); + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + log.debug("MOA-Sig library initialization process ... "); + Configurator.getInstance().init(); + log.info("MOA-Sig library initialization complete "); + + } catch (final MOAException e) { + log.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new MOASigServiceConfigurationException("service.moasig.04", new Object[] { e + .toString() }, e); + } + + Security.insertProviderAt(IAIK.getInstance(), 0); + + final ECCelerate eccProvider = ECCelerate.getInstance(); + if (Security.getProvider(eccProvider.getName()) != null) + Security.removeProvider(eccProvider.getName()); + Security.addProvider(new ECCelerate()); + + fixJava8_141ProblemWithSSLAlgorithms(); + + if (log.isDebugEnabled()) { + log.debug("Loaded Security Provider:"); + final Provider[] providerList = Security.getProviders(); + for (int i=0; i<providerList.length; i++) + log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); + + } + + isMOASigInitialized = true; + + } else + log.info("MOA-Sig is already initialized. Skipping this steps ... "); + + internalInitializer(); + + } + + /** + * Executed in <code>@PostConstruct</code> as last step + * + */ + abstract protected void internalInitializer(); + + /** + * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, because + * {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not thread-safe. + * + * @return {@link Document} + * @throws ParserConfigurationException + */ + protected synchronized Document getNewDocumentBuilder() throws ParserConfigurationException { + final DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + return docBuilder.newDocument(); + + } + + private static void fixJava8_141ProblemWithSSLAlgorithms() { + log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); + //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", + new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", + new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", + new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", + new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); + new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", + new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); + + log.info("Change AlgorithmIDs finished"); + } +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java new file mode 100644 index 00000000..4260b741 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java @@ -0,0 +1,21 @@ +package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureCreationService; + +public class SignatureCreationService extends AbstractSignatureService implements ISignatureCreationService{ + private static final Logger log = LoggerFactory.getLogger(SignatureCreationService.class); + + private at.gv.egovernment.moa.spss.api.SignatureCreationService scs = null; + + @Override + protected void internalInitializer() { + log.debug("Instanzing SignatureCreationService implementation ... "); + scs = at.gv.egovernment.moa.spss.api.SignatureCreationService.getInstance(); + log.info("MOA-Sig signature-creation service initialized"); + + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java index b2ea5cb7..500540dd 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -1,16 +1,9 @@ package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; import java.io.ByteArrayInputStream; -import java.security.Provider; -import java.security.Security; import java.security.cert.CertificateEncodingException; import java.util.List; -import javax.annotation.PostConstruct; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; - import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.lang.Nullable; @@ -24,11 +17,9 @@ import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerific import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceBuilderException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.spss.MOAException; -import at.gv.egovernment.moa.spss.api.Configurator; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; @@ -37,12 +28,7 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moaspss.logging.LoggingContext; -import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.Constants; -import iaik.asn1.structures.AlgorithmID; -import iaik.security.ec.provider.ECCelerate; -import iaik.security.provider.IAIK; /** @@ -50,7 +36,7 @@ import iaik.security.provider.IAIK; * */ @Service -public class SignatureVerificationService implements ISignatureVerificationService { +public class SignatureVerificationService extends AbstractSignatureService implements ISignatureVerificationService { private static final Logger log = LoggerFactory.getLogger(SignatureVerificationService.class); private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; @@ -58,52 +44,6 @@ public class SignatureVerificationService implements ISignatureVerificationServi private static final String DSIG = Constants.DSIG_PREFIX + ":"; private at.gv.egovernment.moa.spss.api.SignatureVerificationService svs; - - @PostConstruct - private void initialize() throws MOASigServiceConfigurationException { - log.info("Initializing MOA-Sig signature-verification service ... "); - - log.info("Loading Java security providers."); - IAIK.addAsProvider(); - ECCelerate.addAsProvider(); - - try { - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - log.debug("MOA-Sig library initialization process ... "); - Configurator.getInstance().init(); - log.info("MOA-Sig library initialization complete "); - - } catch (final MOAException e) { - log.error("MOA-SP initialization FAILED!", e.getWrapped()); - throw new MOASigServiceConfigurationException("service.moasig.04", new Object[] { e - .toString() }, e); - } - - Security.insertProviderAt(IAIK.getInstance(), 0); - - final ECCelerate eccProvider = ECCelerate.getInstance(); - if (Security.getProvider(eccProvider.getName()) != null) - Security.removeProvider(eccProvider.getName()); - Security.addProvider(new ECCelerate()); - - fixJava8_141ProblemWithSSLAlgorithms(); - - if (log.isDebugEnabled()) { - log.debug("Loaded Security Provider:"); - final Provider[] providerList = Security.getProviders(); - for (int i=0; i<providerList.length; i++) - log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); - - } - - log.debug("Instanzing SignatureVerificationService implementation ... "); - svs = at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance(); - - log.info("MOA-Sig signature-verification service initialized"); - } - - /* (non-Javadoc) * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyCMSSignature(byte[], java.lang.String) @@ -316,33 +256,12 @@ public class SignatureVerificationService implements ISignatureVerificationServi } - /** - * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, because - * {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not thread-safe. - * - * @return {@link Document} - * @throws ParserConfigurationException - */ - private synchronized Document getNewDocumentBuilder() throws ParserConfigurationException { - final DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - return docBuilder.newDocument(); + @Override + protected void internalInitializer() { + log.debug("Instanzing SignatureVerificationService implementation ... "); + svs = at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance(); + log.info("MOA-Sig signature-verification service initialized"); } - - private static void fixJava8_141ProblemWithSSLAlgorithms() { - log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ..."); - //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption", - new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption", - new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption", - new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption", - new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true); - new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption", - new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true); - - log.info("Change AlgorithmIDs finished"); - } + } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml index 17907130..2f5408b6 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml @@ -11,7 +11,10 @@ <context:annotation-config /> - <bean id="moaSigService" + <bean id="moaSigVerifyService" class="at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService" /> + + <bean id="moaSigCreateService" + class="at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureCreationService" /> </beans>
\ No newline at end of file |