From 1507d7cad732b8e315ede595f745674d7f38317d Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 17 May 2019 12:56:57 +0200
Subject: add interface and empty basic implementation of
SignatureCreationService
---
.../moasig/api/ISignatureCreationService.java | 5 +
.../moasig/impl/AbstractSignatureService.java | 113 +++++++++++++++++++++
.../moasig/impl/SignatureCreationService.java | 21 ++++
.../moasig/impl/SignatureVerificationService.java | 95 ++---------------
.../src/main/resources/moa-sig-service.beans.xml | 5 +-
5 files changed, 150 insertions(+), 89 deletions(-)
create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java
create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
create mode 100644 eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java
(limited to 'eaaf_modules/eaaf_module_moa-sig/src')
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java
new file mode 100644
index 00000000..66eedd79
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java
@@ -0,0 +1,5 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api;
+
+public interface ISignatureCreationService {
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
new file mode 100644
index 00000000..fe99e328
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java
@@ -0,0 +1,113 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
+
+import java.security.Provider;
+import java.security.Security;
+
+import javax.annotation.PostConstruct;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import iaik.asn1.structures.AlgorithmID;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.security.provider.IAIK;
+
+public abstract class AbstractSignatureService {
+ private static final Logger log = LoggerFactory.getLogger(AbstractSignatureService.class);
+ private static boolean isMOASigInitialized = false;
+
+
+ @PostConstruct
+ private synchronized void initialize() throws MOASigServiceConfigurationException {
+
+ if (!isMOASigInitialized) {
+ log.info("Initializing MOA-Sig signature-verification service ... ");
+
+ log.info("Loading Java security providers.");
+ IAIK.addAsProvider();
+ ECCelerate.addAsProvider();
+
+ try {
+ LoggingContextManager.getInstance().setLoggingContext(
+ new LoggingContext("startup"));
+ log.debug("MOA-Sig library initialization process ... ");
+ Configurator.getInstance().init();
+ log.info("MOA-Sig library initialization complete ");
+
+ } catch (final MOAException e) {
+ log.error("MOA-SP initialization FAILED!", e.getWrapped());
+ throw new MOASigServiceConfigurationException("service.moasig.04", new Object[] { e
+ .toString() }, e);
+ }
+
+ Security.insertProviderAt(IAIK.getInstance(), 0);
+
+ final ECCelerate eccProvider = ECCelerate.getInstance();
+ if (Security.getProvider(eccProvider.getName()) != null)
+ Security.removeProvider(eccProvider.getName());
+ Security.addProvider(new ECCelerate());
+
+ fixJava8_141ProblemWithSSLAlgorithms();
+
+ if (log.isDebugEnabled()) {
+ log.debug("Loaded Security Provider:");
+ final Provider[] providerList = Security.getProviders();
+ for (int i=0; i<providerList.length; i++)
+ log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());
+
+ }
+
+ isMOASigInitialized = true;
+
+ } else
+ log.info("MOA-Sig is already initialized. Skipping this steps ... ");
+
+ internalInitializer();
+
+ }
+
+ /**
+ * Executed in <code>@PostConstruct</code> as last step
+ *
+ */
+ abstract protected void internalInitializer();
+
+ /**
+ * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, because
+ * {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not thread-safe.
+ *
+ * @return {@link Document}
+ * @throws ParserConfigurationException
+ */
+ protected synchronized Document getNewDocumentBuilder() throws ParserConfigurationException {
+ final DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ return docBuilder.newDocument();
+
+ }
+
+ private static void fixJava8_141ProblemWithSSLAlgorithms() {
+ log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
+ //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption",
+ new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption",
+ new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption",
+ new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption",
+ new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption",
+ new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);
+
+ log.info("Change AlgorithmIDs finished");
+ }
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java
new file mode 100644
index 00000000..4260b741
--- /dev/null
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java
@@ -0,0 +1,21 @@
+package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureCreationService;
+
+public class SignatureCreationService extends AbstractSignatureService implements ISignatureCreationService{
+ private static final Logger log = LoggerFactory.getLogger(SignatureCreationService.class);
+
+ private at.gv.egovernment.moa.spss.api.SignatureCreationService scs = null;
+
+ @Override
+ protected void internalInitializer() {
+ log.debug("Instanzing SignatureCreationService implementation ... ");
+ scs = at.gv.egovernment.moa.spss.api.SignatureCreationService.getInstance();
+ log.info("MOA-Sig signature-creation service initialized");
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
index b2ea5cb7..500540dd 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java
@@ -1,16 +1,9 @@
package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl;
import java.io.ByteArrayInputStream;
-import java.security.Provider;
-import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.util.List;
-import javax.annotation.PostConstruct;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.Nullable;
@@ -24,11 +17,9 @@ import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerific
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICMSSignatureVerificationResponse;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXMLSignatureVerificationResponse;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceBuilderException;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceConfigurationException;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.spss.MOAException;
-import at.gv.egovernment.moa.spss.api.Configurator;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse;
import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement;
@@ -37,12 +28,7 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moaspss.logging.LoggingContext;
-import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import at.gv.egovernment.moaspss.util.Constants;
-import iaik.asn1.structures.AlgorithmID;
-import iaik.security.ec.provider.ECCelerate;
-import iaik.security.provider.IAIK;
/**
@@ -50,7 +36,7 @@ import iaik.security.provider.IAIK;
*
*/
@Service
-public class SignatureVerificationService implements ISignatureVerificationService {
+public class SignatureVerificationService extends AbstractSignatureService implements ISignatureVerificationService {
private static final Logger log = LoggerFactory.getLogger(SignatureVerificationService.class);
private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
@@ -58,52 +44,6 @@ public class SignatureVerificationService implements ISignatureVerificationServi
private static final String DSIG = Constants.DSIG_PREFIX + ":";
private at.gv.egovernment.moa.spss.api.SignatureVerificationService svs;
-
- @PostConstruct
- private void initialize() throws MOASigServiceConfigurationException {
- log.info("Initializing MOA-Sig signature-verification service ... ");
-
- log.info("Loading Java security providers.");
- IAIK.addAsProvider();
- ECCelerate.addAsProvider();
-
- try {
- LoggingContextManager.getInstance().setLoggingContext(
- new LoggingContext("startup"));
- log.debug("MOA-Sig library initialization process ... ");
- Configurator.getInstance().init();
- log.info("MOA-Sig library initialization complete ");
-
- } catch (final MOAException e) {
- log.error("MOA-SP initialization FAILED!", e.getWrapped());
- throw new MOASigServiceConfigurationException("service.moasig.04", new Object[] { e
- .toString() }, e);
- }
-
- Security.insertProviderAt(IAIK.getInstance(), 0);
-
- final ECCelerate eccProvider = ECCelerate.getInstance();
- if (Security.getProvider(eccProvider.getName()) != null)
- Security.removeProvider(eccProvider.getName());
- Security.addProvider(new ECCelerate());
-
- fixJava8_141ProblemWithSSLAlgorithms();
-
- if (log.isDebugEnabled()) {
- log.debug("Loaded Security Provider:");
- final Provider[] providerList = Security.getProviders();
- for (int i=0; i<providerList.length; i++)
- log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());
-
- }
-
- log.debug("Instanzing SignatureVerificationService implementation ... ");
- svs = at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance();
-
- log.info("MOA-Sig signature-verification service initialized");
- }
-
-
/* (non-Javadoc)
* @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.ISignatureVerificationService#verifyCMSSignature(byte[], java.lang.String)
@@ -316,33 +256,12 @@ public class SignatureVerificationService implements ISignatureVerificationServi
}
- /**
- * Get a new {@link Document} from {@link DocumentBuilder} in synchronized form, because
- * {@link DocumentBuilderFactory} and {@link DocumentBuilder} are not thread-safe.
- *
- * @return {@link Document}
- * @throws ParserConfigurationException
- */
- private synchronized Document getNewDocumentBuilder() throws ParserConfigurationException {
- final DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
- return docBuilder.newDocument();
+ @Override
+ protected void internalInitializer() {
+ log.debug("Instanzing SignatureVerificationService implementation ... ");
+ svs = at.gv.egovernment.moa.spss.api.SignatureVerificationService.getInstance();
+ log.info("MOA-Sig signature-verification service initialized");
}
-
- private static void fixJava8_141ProblemWithSSLAlgorithms() {
- log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
- //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption",
- new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption",
- new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption",
- new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption",
- new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption",
- new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);
-
- log.info("Change AlgorithmIDs finished");
- }
+
}
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml
index 17907130..2f5408b6 100644
--- a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml
+++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml
@@ -11,7 +11,10 @@
<context:annotation-config />
- <bean id="moaSigService"
+ <bean id="moaSigVerifyService"
class="at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService" />
+
+ <bean id="moaSigCreateService"
+ class="at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureCreationService" />
</beans>
\ No newline at end of file
--
cgit v1.2.3