diff options
author | spuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2008-05-08 14:04:44 +0000 |
---|---|---|
committer | spuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2008-05-08 14:04:44 +0000 |
commit | b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea (patch) | |
tree | 5c7e29571e92824ed141fe4f94b5844ba0c6154e /spss/server | |
parent | 4cfa4909efc43a50f22edfe38c8c7277f344d2db (diff) | |
download | moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.tar.gz moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.tar.bz2 moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.zip |
added PermitFileURIs; removing unnecessary dependencies to Sun's JSSE
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1071 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'spss/server')
7 files changed, 98 insertions, 32 deletions
diff --git a/spss/server/history.txt b/spss/server/history.txt index 18647a12b..9a0952355 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -2,11 +2,49 @@ 1.4.3 ############## +- Unnötige Abhängigkeit zu JSSE-Implementierung von Sun wurden entfernt, welcher den Einsatz von MOA SP/SS in + Java-Laufzeitumgebungen anderer Hersteller als Sun (z.B. IBM) erschwert. + +- Ein Konfigurationsparameter für MOA SP wurde eingeführt (cfg:SignatureVerification/cfg:PermitFileURIs) welcher + file-URIs erlauben oder verbieten soll. + - Das Herauslösen des Verarbeitungsrequests aus dem SOAP-Request endete in einer ClassCastException, wenn zwischen dem Body-Element des SOAP-Envelopes und dem Request white spaces vorhanden sind bzw. dieses Element nicht unmittelbar nach dem Body-Element steht. Das Herauslösen ist nun gegen white spaces robust. +- Bei der Signaturverifikation (zusätzlich zu den bisherigen) folgende Algorithmen unterstützt: + 1. Added the following signature algorithms for XML signatures: + o http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 + o http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384 + o http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512 + o http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160 + 2. Added the following hash algorithms for XML signatures: + o http://www.w3.org/2001/04/xmldsig-more#sha224 + o http://www.w3.org/2001/04/xmldsig-more#sha384 + o http://www.w3.org/2001/04/xmlenc#sha512 + 3. Added the following signature algorithms for verifying CMS signatures: + o SHA224withRSA + o SHA384withRSA + o SHA512withRSA + o SHA224withECDSA + o SHA256withECDSA + o SHA384withECDSA + o SHA512withECDSA + o RIPEMD160withECDSAPlain + 4. Added the following hash algorithms for CMS signatures: + o SHA-224 + o SHA-384 + o SHA-512 + +- IAIK Libraries aktualisiert: + iaik-cms: Version 4.01_MOA + iaik-moa: Version 1.23 + iaik-ecc: Version 2.16 + ############## 1.4.2 ############## diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 14ceb71cd..327b66f54 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -190,7 +190,9 @@ public class ConfigurationPartsBuilder { private static final String SUPPLEMENT_PROFILE_XPATH = ROOT + CONF + "SignatureVerification/" + CONF + "SupplementProfile"; - + private static final String PERMIT_FILE_URIS_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "PermitFileURIs"; // // default values for configuration parameters // @@ -1235,5 +1237,15 @@ public class ConfigurationPartsBuilder { String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); return Boolean.valueOf(autoAdd).booleanValue(); } - + + /** + * Returns whether file URIs are permitted + * @return whether file URIs are permitted + */ + public boolean getPermitFileURIs() + { + String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false"); + return Boolean.valueOf(permitFileURIs).booleanValue(); + } + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 57f06326a..16bf153c9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -206,7 +206,11 @@ public class ConfigurationProvider * be used during certificate path construction. */ private boolean useAuthorityInfoAccess_; - + /** + * Indicates whether file URIs are allowed or not + */ + private boolean permitFileURIs; + /** * Return the single instance of configuration data. * @@ -319,6 +323,7 @@ public class ConfigurationProvider verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles(); supplementProfiles = builder.buildSupplementProfiles(); warnings = new ArrayList(builder.getWarnings()); + permitFileURIs = builder.getPermitFileURIs(); } catch (Throwable t) { throw new ConfigurationException("config.11", null, t); } finally { @@ -685,5 +690,13 @@ public class ConfigurationProvider { return useAuthorityInfoAccess_; } - + + /** + * Returns whether the file URIs are permitted or not + * @return whether the file URIs are permitted or not + */ + public boolean getPermitFileURIs() + { + return permitFileURIs; + } }
\ No newline at end of file diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index fb3ff4931..2a35e5892 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -275,5 +275,12 @@ public class XMLSignatureCreationProfileImpl public String getSignedPropertiesID() { return propertyIDGenerator.uniqueId(); } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return false; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java index 216596dc3..ab302388d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java @@ -26,7 +26,8 @@ public class XMLSignatureVerificationProfileImpl private boolean includeHashInputData; /** Whether to include reference input data in the response. */ private boolean includeReferenceInputData; - + /** Whether the file URIs are permitted */ + private boolean permitFileURIs; /** * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest() */ @@ -127,5 +128,21 @@ public class XMLSignatureVerificationProfileImpl public void setIncludeReferenceInputData(boolean includeReferenceInputData) { this.includeReferenceInputData = includeReferenceInputData; } - + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return permitFileURIs; + } + + /** + * Set whether the file URIs are permitted or not + * + * @param permitFileURIs whether the file URIs are permitted or not + */ + public void setPermitFileURIs(boolean permitFileURIs) + { + this.permitFileURIs = permitFileURIs; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 4871ac4fe..42b1c7c3c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -1,11 +1,6 @@ package at.gv.egovernment.moa.spss.server.init; import java.io.IOException; -import java.security.Security; - -import javax.net.ssl.SSLSocketFactory; - -import org.apache.axis.AxisProperties; import iaik.ixsil.init.IXSILInit; @@ -42,7 +37,7 @@ public class SystemInitializer { */ public static void init() { MessageProvider msg = MessageProvider.getInstance(); - ClassLoader cl = SystemInitializer.class.getClassLoader(); + Thread archiveCleaner; // set up the MOA SPSS logging hierarchy @@ -51,25 +46,7 @@ public class SystemInitializer { // set up a logging context for logging the startup LoggingContextManager.getInstance().setLoggingContext( new LoggingContext("startup")); - - // load some jsse classes so that the integrity of the jars can be verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction with - // iaik-jce (on jdk1.3) - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } catch (ClassNotFoundException e) { - Logger.warn(msg.getMessage("init.03", null), e); - } - - // set up SUN JSSE SSL - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty( - "java.protocol.handler.pkgs", - "com.sun.net.ssl.internal.www.protocol"); - SSLSocketFactory.getDefault(); - - + // AxisProperties.setProperty("enableNamespacePrefixOptimization","false"); // AxisProperties.setProperty("disablePrettyXML", "true"); // AxisProperties.setProperty("axis.doAutoTypes", "true"); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java index 5df13a337..1a8c72779 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java @@ -86,7 +86,9 @@ public class XMLSignatureVerificationProfileFactory { } else { profile.setTransformationSupplements(Collections.EMPTY_LIST); } - + + profile.setPermitFileURIs(config.getPermitFileURIs()); + return profile; } |