added PermitFileURIs; removing unnecessary dependencies to Sun's JSSE

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1071 d688527b-c9ab-4aba-bd8d-4036d912da1d
author: spuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2008-05-08 14:04:44 +0000
committer: spuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d> 2008-05-08 14:04:44 +0000
commit: b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea (patch)
tree: 5c7e29571e92824ed141fe4f94b5844ba0c6154e /spss/server
parent: 4cfa4909efc43a50f22edfe38c8c7277f344d2db (diff)
download: moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.tar.gz
moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.tar.bz2
moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.zip
7 files changed, 98 insertions, 32 deletions
diff --git a/spss/server/history.txt b/spss/server/history.txt
index 18647a12b..9a0952355 100644
--- a/spss/server/history.txt
+++ b/spss/server/history.txt
@@ -2,11 +2,49 @@
 1.4.3
 ##############
 
+- Unnötige Abhängigkeit zu JSSE-Implementierung von Sun wurden entfernt, welcher den Einsatz von MOA SP/SS in   
+  Java-Laufzeitumgebungen anderer Hersteller als Sun (z.B. IBM) erschwert.
+
+- Ein Konfigurationsparameter für MOA SP wurde eingeführt (cfg:SignatureVerification/cfg:PermitFileURIs) welcher
+  file-URIs erlauben oder verbieten soll.
+
 - Das Herauslösen des Verarbeitungsrequests aus dem SOAP-Request endete in einer
   ClassCastException, wenn zwischen dem Body-Element des SOAP-Envelopes und dem 
   Request white spaces vorhanden sind bzw. dieses Element nicht unmittelbar nach
   dem Body-Element steht. Das Herauslösen ist nun gegen white spaces robust. 
 
+- Bei der Signaturverifikation (zusätzlich zu den bisherigen) folgende Algorithmen unterstützt:
+	1.	Added the following signature algorithms for XML signatures: 
+		o	http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
+		o	http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
+		o	http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224
+		o	http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256
+		o	http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384
+		o	http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512
+		o	http://www.w3.org/2007/05/xmldsig-more#ecdsa-ripemd160
+	2.	Added the following hash algorithms for XML signatures: 
+		o	http://www.w3.org/2001/04/xmldsig-more#sha224
+		o	http://www.w3.org/2001/04/xmldsig-more#sha384
+		o	http://www.w3.org/2001/04/xmlenc#sha512
+	3.	Added the following signature algorithms for verifying CMS signatures: 
+		o	SHA224withRSA
+		o	SHA384withRSA
+		o	SHA512withRSA
+		o	SHA224withECDSA
+		o	SHA256withECDSA
+		o	SHA384withECDSA
+		o	SHA512withECDSA
+		o	RIPEMD160withECDSAPlain
+	4.	Added the following hash algorithms for CMS signatures: 
+		o	SHA-224
+		o	SHA-384
+		o	SHA-512
+
+- IAIK Libraries aktualisiert:
+	iaik-cms:           Version 4.01_MOA		
+	iaik-moa:           Version 1.23
+	iaik-ecc:           Version 2.16
+  
 ##############
 1.4.2
 ##############
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 14ceb71cd..327b66f54 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -190,7 +190,9 @@ public class ConfigurationPartsBuilder {
   private static final String SUPPLEMENT_PROFILE_XPATH =
     ROOT + CONF + "SignatureVerification/" 
     + CONF + "SupplementProfile";
-  
+  private static final String PERMIT_FILE_URIS_XPATH =
+	    ROOT + CONF + "SignatureVerification/" 
+	    + CONF + "PermitFileURIs";
   //
   // default values for configuration parameters 
   //
@@ -1235,5 +1237,15 @@ public class ConfigurationPartsBuilder {
     String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null);
     return Boolean.valueOf(autoAdd).booleanValue();
   }
-
+  
+  /**
+   * Returns whether file URIs are permitted  
+   * @return whether file URIs are permitted
+   */
+  public boolean getPermitFileURIs()
+  {
+    String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false");
+    return Boolean.valueOf(permitFileURIs).booleanValue();
+  }
+  
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 57f06326a..16bf153c9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -206,7 +206,11 @@ public class ConfigurationProvider
    * be used during certificate path construction.
    */
   private boolean useAuthorityInfoAccess_;
-
+  /**
+   * Indicates whether file URIs are allowed or not 
+   */
+  private boolean permitFileURIs;
+  
   /**
    * Return the single instance of configuration data.
    * 
@@ -319,6 +323,7 @@ public class ConfigurationProvider
       verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles();
       supplementProfiles = builder.buildSupplementProfiles();
       warnings = new ArrayList(builder.getWarnings());
+      permitFileURIs = builder.getPermitFileURIs();
     } catch (Throwable t) {
       throw new ConfigurationException("config.11", null, t);
     } finally {
@@ -685,5 +690,13 @@ public class ConfigurationProvider
   {
     return useAuthorityInfoAccess_;
   }
-
+  
+  /**
+   * Returns whether the file URIs are permitted or not
+   * @return whether the file URIs are permitted or not
+   */
+  public boolean getPermitFileURIs()
+  {
+    return permitFileURIs; 
+  }
 }
 \ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index fb3ff4931..2a35e5892 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -275,5 +275,12 @@ public class XMLSignatureCreationProfileImpl
   public String getSignedPropertiesID() {
     return propertyIDGenerator.uniqueId();
   }
+  
+  /**
+   * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs()
+   */
+  public boolean getPermitFileURIs() {
+    return false;
+  }
 
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
index 216596dc3..ab302388d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -26,7 +26,8 @@ public class XMLSignatureVerificationProfileImpl
   private boolean includeHashInputData;
   /** Whether to include reference input data in the response. */
   private boolean includeReferenceInputData;
-
+  /** Whether the file URIs are permitted */
+  private boolean permitFileURIs;
   /**
    * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest()
    */
@@ -127,5 +128,21 @@ public class XMLSignatureVerificationProfileImpl
   public void setIncludeReferenceInputData(boolean includeReferenceInputData) {
     this.includeReferenceInputData = includeReferenceInputData;
   }
-
+  
+  /**
+   * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs() 
+   */
+  public boolean getPermitFileURIs() {
+    return permitFileURIs;
+  }
+  
+  /**
+   * Set whether the file URIs are permitted or not
+   * 
+   * @param permitFileURIs whether the file URIs are permitted or not
+   */
+  public void setPermitFileURIs(boolean permitFileURIs)
+  {
+    this.permitFileURIs = permitFileURIs;
+  }
 }
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 4871ac4fe..42b1c7c3c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -1,11 +1,6 @@
 package at.gv.egovernment.moa.spss.server.init;
 
 import java.io.IOException;
-import java.security.Security;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.axis.AxisProperties;
 
 import iaik.ixsil.init.IXSILInit;
 
@@ -42,7 +37,7 @@ public class SystemInitializer {
    */
   public static void init() {
     MessageProvider msg = MessageProvider.getInstance();
-    ClassLoader cl = SystemInitializer.class.getClassLoader();
+
     Thread archiveCleaner;
 
     // set up the MOA SPSS logging hierarchy
@@ -51,25 +46,7 @@ public class SystemInitializer {
     // set up a logging context for logging the startup
     LoggingContextManager.getInstance().setLoggingContext(
       new LoggingContext("startup"));
-
-    // load some jsse classes so that the integrity of the jars can be verified
-    // before the iaik jce is installed as the security provider
-    // this workaround is only needed when sun jsse is used in conjunction with
-    // iaik-jce (on jdk1.3)
-    try {
-      cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
-    } catch (ClassNotFoundException e) {
-      Logger.warn(msg.getMessage("init.03", null), e);
-    }
-
-    // set up SUN JSSE SSL
-    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
-    System.setProperty(
-      "java.protocol.handler.pkgs",
-      "com.sun.net.ssl.internal.www.protocol");
-    SSLSocketFactory.getDefault();
-
-    
+ 
 //    AxisProperties.setProperty("enableNamespacePrefixOptimization","false");
 //    AxisProperties.setProperty("disablePrettyXML", "true");
 //    AxisProperties.setProperty("axis.doAutoTypes", "true");
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
index 5df13a337..1a8c72779 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
@@ -86,7 +86,9 @@ public class XMLSignatureVerificationProfileFactory {
     } else {
         profile.setTransformationSupplements(Collections.EMPTY_LIST);
     }
-
+    
+    profile.setPermitFileURIs(config.getPermitFileURIs());
+    
     return profile;
   }
author	spuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2008-05-08 14:04:44 +0000
committer	spuchmann <spuchmann@d688527b-c9ab-4aba-bd8d-4036d912da1d>	2008-05-08 14:04:44 +0000
commit	b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea (patch)
tree	5c7e29571e92824ed141fe4f94b5844ba0c6154e /spss/server
parent	4cfa4909efc43a50f22edfe38c8c7277f344d2db (diff)
download	moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.tar.gz moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.tar.bz2 moa-id-spss-b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea.zip