aboutsummaryrefslogtreecommitdiff
path: root/spss/server
diff options
context:
space:
mode:
authorspuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d>2008-05-08 14:04:44 +0000
committerspuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d>2008-05-08 14:04:44 +0000
commitb00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea (patch)
tree5c7e29571e92824ed141fe4f94b5844ba0c6154e /spss/server
parent4cfa4909efc43a50f22edfe38c8c7277f344d2db (diff)
downloadmoa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.tar.gz
moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.tar.bz2
moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.zip
added PermitFileURIs; removing unnecessary dependencies to Sun's JSSE
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1071 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss/server')
-rw-r--r--spss/server/history.txt38
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java16
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java17
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java7
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java21
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java27
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java4
7 files changed, 98 insertions, 32 deletions
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 18647a12b..9a0952355 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -2,11 +2,49 @@
1.4.3
##############
+- Unnötige Abhängigkeit zu JSSE-Implementierung von Sun wurden entfernt, welcher den Einsatz von MOA SP/SS in
+ Java-Laufzeitumgebungen anderer Hersteller als Sun (z.B. IBM) erschwert.
+
+- Ein Konfigurationsparameter für MOA SP wurde eingeführt (cfg:SignatureVerification/cfg:PermitFileURIs) welcher
+ file-URIs erlauben oder verbieten soll.
+
- Das Herauslösen des Verarbeitungsrequests aus dem SOAP-Request endete in einer
ClassCastException, wenn zwischen dem Body-Element des SOAP-Envelopes und dem
Request white spaces vorhanden sind bzw. dieses Element nicht unmittelbar nach
dem Body-Element steht. Das Herauslösen ist nun gegen white spaces robust.
+- Bei der Signaturverifikation (zusätzlich zu den bisherigen) folgende Algorithmen unterstützt:
+ 1. Added the following signature algorithms for XML signatures:
+ o http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
+ o http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
+ o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224
+ o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
+ o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384
+ o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512
+ o http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
+ 2. Added the following hash algorithms for XML signatures:
+ o http://www.w3.org/2001/04/xmldsig-more#sha224
+ o http://www.w3.org/2001/04/xmldsig-more#sha384
+ o http://www.w3.org/2001/04/xmlenc#sha512
+ 3. Added the following signature algorithms for verifying CMS signatures:
+ o SHA224withRSA
+ o SHA384withRSA
+ o SHA512withRSA
+ o SHA224withECDSA
+ o SHA256withECDSA
+ o SHA384withECDSA
+ o SHA512withECDSA
+ o RIPEMD160withECDSAPlain
+ 4. Added the following hash algorithms for CMS signatures:
+ o SHA-224
+ o SHA-384
+ o SHA-512
+
+- IAIK Libraries aktualisiert:
+ iaik-cms: Version 4.01_MOA
+ iaik-moa: Version 1.23
+ iaik-ecc: Version 2.16
+
##############
1.4.2
##############
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 14ceb71cd..327b66f54 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -190,7 +190,9 @@ public class ConfigurationPartsBuilder {
private static final String SUPPLEMENT_PROFILE_XPATH =
ROOT + CONF + "SignatureVerification/"
+ CONF + "SupplementProfile";
-
+ private static final String PERMIT_FILE_URIS_XPATH =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "PermitFileURIs";
//
// default values for configuration parameters
//
@@ -1235,5 +1237,15 @@ public class ConfigurationPartsBuilder {
String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null);
return Boolean.valueOf(autoAdd).booleanValue();
}
-
+
+ /**
+ * Returns whether file URIs are permitted
+ * @return whether file URIs are permitted
+ */
+ public boolean getPermitFileURIs()
+ {
+ String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false");
+ return Boolean.valueOf(permitFileURIs).booleanValue();
+ }
+
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 57f06326a..16bf153c9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -206,7 +206,11 @@ public class ConfigurationProvider
* be used during certificate path construction.
*/
private boolean useAuthorityInfoAccess_;
-
+ /**
+ * Indicates whether file URIs are allowed or not
+ */
+ private boolean permitFileURIs;
+
/**
* Return the single instance of configuration data.
*
@@ -319,6 +323,7 @@ public class ConfigurationProvider
verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles();
supplementProfiles = builder.buildSupplementProfiles();
warnings = new ArrayList(builder.getWarnings());
+ permitFileURIs = builder.getPermitFileURIs();
} catch (Throwable t) {
throw new ConfigurationException("config.11", null, t);
} finally {
@@ -685,5 +690,13 @@ public class ConfigurationProvider
{
return useAuthorityInfoAccess_;
}
-
+
+ /**
+ * Returns whether the file URIs are permitted or not
+ * @return whether the file URIs are permitted or not
+ */
+ public boolean getPermitFileURIs()
+ {
+ return permitFileURIs;
+ }
} \ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index fb3ff4931..2a35e5892 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -275,5 +275,12 @@ public class XMLSignatureCreationProfileImpl
public String getSignedPropertiesID() {
return propertyIDGenerator.uniqueId();
}
+
+ /**
+ * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs()
+ */
+ public boolean getPermitFileURIs() {
+ return false;
+ }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
index 216596dc3..ab302388d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -26,7 +26,8 @@ public class XMLSignatureVerificationProfileImpl
private boolean includeHashInputData;
/** Whether to include reference input data in the response. */
private boolean includeReferenceInputData;
-
+ /** Whether the file URIs are permitted */
+ private boolean permitFileURIs;
/**
* @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest()
*/
@@ -127,5 +128,21 @@ public class XMLSignatureVerificationProfileImpl
public void setIncludeReferenceInputData(boolean includeReferenceInputData) {
this.includeReferenceInputData = includeReferenceInputData;
}
-
+
+ /**
+ * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs()
+ */
+ public boolean getPermitFileURIs() {
+ return permitFileURIs;
+ }
+
+ /**
+ * Set whether the file URIs are permitted or not
+ *
+ * @param permitFileURIs whether the file URIs are permitted or not
+ */
+ public void setPermitFileURIs(boolean permitFileURIs)
+ {
+ this.permitFileURIs = permitFileURIs;
+ }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 4871ac4fe..42b1c7c3c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -1,11 +1,6 @@
package at.gv.egovernment.moa.spss.server.init;
import java.io.IOException;
-import java.security.Security;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.axis.AxisProperties;
import iaik.ixsil.init.IXSILInit;
@@ -42,7 +37,7 @@ public class SystemInitializer {
*/
public static void init() {
MessageProvider msg = MessageProvider.getInstance();
- ClassLoader cl = SystemInitializer.class.getClassLoader();
+
Thread archiveCleaner;
// set up the MOA SPSS logging hierarchy
@@ -51,25 +46,7 @@ public class SystemInitializer {
// set up a logging context for logging the startup
LoggingContextManager.getInstance().setLoggingContext(
new LoggingContext("startup"));
-
- // load some jsse classes so that the integrity of the jars can be verified
- // before the iaik jce is installed as the security provider
- // this workaround is only needed when sun jsse is used in conjunction with
- // iaik-jce (on jdk1.3)
- try {
- cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
- } catch (ClassNotFoundException e) {
- Logger.warn(msg.getMessage("init.03", null), e);
- }
-
- // set up SUN JSSE SSL
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- System.setProperty(
- "java.protocol.handler.pkgs",
- "com.sun.net.ssl.internal.www.protocol");
- SSLSocketFactory.getDefault();
-
-
+
// AxisProperties.setProperty("enableNamespacePrefixOptimization","false");
// AxisProperties.setProperty("disablePrettyXML", "true");
// AxisProperties.setProperty("axis.doAutoTypes", "true");
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
index 5df13a337..1a8c72779 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
@@ -86,7 +86,9 @@ public class XMLSignatureVerificationProfileFactory {
} else {
profile.setTransformationSupplements(Collections.EMPTY_LIST);
}
-
+
+ profile.setPermitFileURIs(config.getPermitFileURIs());
+
return profile;
}