diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_moa-sig/src/main')
4 files changed, 104 insertions, 30 deletions
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java index 7c009b68..e4577cae 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java @@ -2,6 +2,7 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.api; import java.util.Date; import java.util.List; +import java.util.Map; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; @@ -115,4 +116,31 @@ public interface ISignatureVerificationService { List<String> verifyTransformsInfoProfileID, String signatureLocationXpath, Date signingDate) throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature. <br> + * <br> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that + * should be used for + * signature-verification + * @param signatureLocationXpath Xpath that points to location of + * Signature element + * @param signingDate Signature timestamp + * @param supplementContent Map that contains supplement profile content; keyed by references. Each entry + * in this map becomes a Content/Base64Content child in the SupplementProfile + * node. + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID, final List<String> verifyTransformsInfoProfileID, + final String signatureLocationXpath, Date signingDate, + final Map<String, byte[]> supplementContent) throws MoaSigServiceException; } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java index c7efc677..b9219ee4 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java @@ -1,5 +1,8 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; +import java.security.Provider; +import java.security.Security; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -10,7 +13,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.w3c.dom.Document; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; @@ -47,25 +49,41 @@ public abstract class AbstractSignatureService { protected final void setUpContexts(final String transactionID) throws ConfigurationException { final TransactionContextManager txMgr = TransactionContextManager.getInstance(); final LoggingContextManager logMgr = LoggingContextManager.getInstance(); - + if (txMgr.getTransactionContext() == null) { log.debug("Set not MOA-Sig transaction context"); final TransactionContext ctx = - new TransactionContext(transactionID, null, ConfigurationProvider.getInstance()); + new TransactionContext(transactionID, null, moaSigConfig.getMoaSigConfig()); txMgr.setTransactionContext(ctx); } + //set Logging context into MOA-Sig if (logMgr.getLoggingContext() == null) { final LoggingContext ctx = new LoggingContext(transactionID); logMgr.setLoggingContext(ctx); } - new IaikConfigurator().configure(ConfigurationProvider.getInstance()); + //dump Java Security-Providers + if (log.isTraceEnabled()) { + log.trace("Set-Up verifier Bean: {}", this); + dumpSecProviders("MOA-Sig Context-Set-Up"); + + } + + new IaikConfigurator().configure(moaSigConfig.getMoaSigConfig()); } + private static void dumpSecProviders(String message) { + log.trace("Security Providers: {}", message); + for (final Provider provider : Security.getProviders()) { + log.trace(" - {} - {}", provider.getName(), provider.getVersion()); + + } + } + /** * Tear down thread-local context information. */ diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java index ae8c2c97..ce98c92b 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java @@ -7,7 +7,6 @@ import java.security.Security; import java.util.Iterator; import java.util.Map.Entry; -import javax.annotation.Nonnull; import javax.annotation.PostConstruct; import org.slf4j.Logger; @@ -18,12 +17,14 @@ import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ISchemaRessourceProvide import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.DOMUtils; import iaik.asn1.structures.AlgorithmID; import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; +import lombok.Getter; public class MoaSigInitializer { private static final Logger log = LoggerFactory.getLogger(MoaSigInitializer.class); @@ -31,18 +32,15 @@ public class MoaSigInitializer { @Autowired(required = false) ISchemaRessourceProvider[] schemas; - private Configurator moaSigConfigurator; - /** * Get MOA-Sig configuration object. - * - * @return moa-sig configuration */ - @Nonnull - public Configurator getMoaSigConfigurator() { - return moaSigConfigurator; + @Getter + private Configurator moaSigConfigurator; + + @Getter + private ConfigurationProvider moaSigConfig; - } @PostConstruct private synchronized void initialize() throws MoaSigServiceConfigurationException { @@ -55,16 +53,12 @@ public class MoaSigInitializer { try { LoggingContextManager.getInstance().setLoggingContext(new LoggingContext("startup")); log.debug("MOA-Sig library initialization process ... "); - Configurator.getInstance().init(); - log.info("MOA-Sig library initialization complete "); + moaSigConfigurator = Configurator.getInstance(); + moaSigConfigurator.init(); - //Security.insertProviderAt(IAIK.getInstance(), 0); + moaSigConfig = ConfigurationProvider.getInstance(); - //final ECCelerate eccProvider = ECCelerate.getInstance(); - //if (Security.getProvider(eccProvider.getName()) != null) { - // Security.removeProvider(eccProvider.getName()); - //} - //Security.addProvider(new ECCelerate()); + log.info("MOA-Sig library initialization complete "); fixJava8_141ProblemWithSslAlgorithms(); @@ -99,8 +93,6 @@ public class MoaSigInitializer { } } - moaSigConfigurator = Configurator.getInstance(); - } catch (final MOAException e) { log.error("MOA-SP initialization FAILED!", e.getWrapped()); throw new MoaSigServiceConfigurationException("service.moasig.04", diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java index 0818a260..9ee6d0aa 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -2,8 +2,10 @@ package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; import java.io.ByteArrayInputStream; import java.security.cert.CertificateEncodingException; +import java.util.Collections; import java.util.Date; import java.util.List; +import java.util.Map; import javax.annotation.PostConstruct; @@ -103,7 +105,8 @@ public class SignatureVerificationService extends AbstractSignatureService @Override public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null); + return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, + Collections.EMPTY_MAP); } @@ -119,7 +122,7 @@ public class SignatureVerificationService extends AbstractSignatureService final String trustProfileID, final List<String> verifyTransformsInfoProfileID) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, - DEFAULT_XPATH_SIGNATURE_LOCATION, null); + DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.EMPTY_MAP); } /* @@ -133,27 +136,37 @@ public class SignatureVerificationService extends AbstractSignatureService public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final String signatureLocationXpath) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null); + return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.EMPTY_MAP); } @Override public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, Date signingDate) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, null, - DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate); + DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.EMPTY_MAP); } + @Override public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException { + return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation, + signingDate, Collections.EMPTY_MAP); + } + + @Override + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID, final List<String> verifyTransformsInfoProfileID, + final String xpathSignatureLocation, Date signingDate, final Map<String, byte[]> supplementContent) + throws MoaSigServiceException { try { // setup context setUpContexts(Thread.currentThread().getName()); // build signature-verification request final Element domVerifyXmlSignatureRequest = buildVerifyXmlRequest(signature, trustProfileID, - verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate); + verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate, supplementContent); // send signature-verification to MOA-Sig final VerifyXMLSignatureRequest vsrequest = @@ -262,13 +275,17 @@ public class SignatureVerificationService extends AbstractSignatureService * used for validation * @param xpathSignatureLocation Xpath that points to location of * Signature element - * @param sigValDate Signature timestamp + * @param sigValDate Signature timestamp + * @param supplementContent Map that contains supplement profile content; keyed by references. Each entry + * in this map becomes a Content/Base64Content child in the SupplementProfile + * node. Use this map to specify content of references that the verification + * service cannot resolve. * @return MOA-Sig verification request element * @throws MoaSigServiceBuilderException In case of an error */ private Element buildVerifyXmlRequest(final byte[] signature, final String trustProfileID, final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation, - Date sigValDate) throws MoaSigServiceBuilderException { + Date sigValDate, final Map<String, byte[]> supplementContent) throws MoaSigServiceBuilderException { try { // build empty document final Document requestDoc_ = getNewDocumentBuilder(); @@ -352,6 +369,25 @@ public class SignatureVerificationService extends AbstractSignatureService trustProfileIdElem.appendChild(requestDoc_.createTextNode(trustProfileID)); requestElem_.appendChild(trustProfileIdElem); + // add supplement profile + if (!supplementContent.isEmpty()) { + + final Element supplementProfile = requestDoc_.createElementNS(MOA_NS_URI, "SupplementProfile"); + + for (Map.Entry<String, byte[]> entry: supplementContent.entrySet()) { + String reference = entry.getKey(); + byte[] contentBytes = entry.getValue(); + final Element content = requestDoc_.createElementNS(MOA_NS_URI, "Content"); + content.setAttribute("Reference", reference); + final Element b64content = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + b64content.setTextContent(Base64Utils.encodeToString(contentBytes)); + content.appendChild(b64content); + supplementProfile.appendChild(content); + } + + requestElem_.appendChild(supplementProfile); + } + return requestElem_; } catch (final Throwable t) { |