aboutsummaryrefslogtreecommitdiff
path: root/spss/server/serverlib/src/main/java/at/gv
diff options
context:
space:
mode:
Diffstat (limited to 'spss/server/serverlib/src/main/java/at/gv')
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java26
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java11
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java77
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java33
4 files changed, 86 insertions, 61 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index e335139aa..bc53ca4f9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -284,8 +284,11 @@ public class ConfigurationPartsBuilder {
new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY));
- /** Default digest algorithm URI, if none/illegal has been configured */
- private static final String DIGEST_ALGORITHM_DEFAULT = Constants.SHA1_URI;
+ /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.1.1) */
+ private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 = Constants.SHA1_URI;
+
+ /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.4.2) */
+ private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 = Constants.SHA256_URI;
/** The root element of the MOA configuration */
private Element configElem;
@@ -351,10 +354,21 @@ public class ConfigurationPartsBuilder {
if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod))
{
- info(
- "config.23",
- new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT });
- digestMethod = DIGEST_ALGORITHM_DEFAULT;
+ String xadesVersion = this.getXAdESVersion();
+ if (xadesVersion == null) {
+ info(
+ "config.23",
+ new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 });
+ digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1;
+ }
+ else {
+ info(
+ "config.23",
+ new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 });
+ digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2;
+ }
+
+
}
return digestMethod;
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index b40a6bfa5..08478b717 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -41,6 +41,7 @@ import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
import java.util.Set;
import org.w3c.dom.Element;
@@ -573,6 +574,16 @@ public class ConfigurationProvider
issuerAndSerial = new IssuerAndSerial(issuer, serial);
}
+// System.out.println("Issuer: " + issuer);
+// System.out.println("serial: " + serial);
+//
+// Iterator entries = keyGroupMappings.entrySet().iterator();
+// while (entries.hasNext()) {
+// Entry thisEntry = (Entry) entries.next();
+// System.out.println("Entry: " + thisEntry.getKey());
+// System.out.println("Value: " + thisEntry.getValue());
+// }
+
mapping = (Map) keyGroupMappings.get(issuerAndSerial);
if (mapping != null) {
KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 479f0aac9..edc3922e2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -202,46 +202,33 @@ public class XMLSignatureCreationProfileImpl
// XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method
if (digestMethodXAdES142.compareTo("SHA-1") == 0) {
Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
- if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA) //?
- || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA) //?
- || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA_OLD) //?
- || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.WHIRLPOOL_WITH_RSA)) { //?
-
- return SignatureAlgorithms.SHA1_WITH_RSA;
-
- } else if (algorithms.contains(SignatureAlgorithms.ECDSA)
- || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_ECDSA)
- || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_ECDSA_PLAIN)
- || algorithms.contains(SignatureAlgorithms.WHIRLPOOL_WITH_ECDSA)
- || algorithms.contains(SignatureAlgorithms.SHA1_WITH_ECDSA_PLAIN)) {
- return SignatureAlgorithms.ECDSA;
- } else if (
- algorithms.contains(SignatureAlgorithms.DSA)) {
- return SignatureAlgorithms.DSA;
- } else {
- throw new AlgorithmUnavailableException(
- "No algorithm for key entry: " + selectedKeyID,
- null,
- null);
+
+ if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+ return SignatureAlgorithms.SHA1_WITH_RSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
+ return SignatureAlgorithms.ECDSA;
+
+ } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+ return SignatureAlgorithms.DSA;
+
+ } else {
+ throw new AlgorithmUnavailableException(
+ "No algorithm for key entry: " + selectedKeyID,
+ null,
+ null);
}
+
} else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA224_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
-
+ if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
return SignatureAlgorithms.SHA256_WITH_RSA;
- } else if (algorithms.contains(SignatureAlgorithms.SHA224_WITH_ECDSA)
- || algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)
- || algorithms.contains(SignatureAlgorithms.SHA224_WITH_ECDSA_PLAIN)
- || algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA_PLAIN)) {
+ } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
return SignatureAlgorithms.SHA256_WITH_ECDSA;
- } else if (
- algorithms.contains(SignatureAlgorithms.DSA)) {
- return SignatureAlgorithms.DSA;
+ } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+ return SignatureAlgorithms.DSA;
+
} else {
throw new AlgorithmUnavailableException(
"No algorithm for key entry: " + selectedKeyID,
@@ -249,17 +236,15 @@ public class XMLSignatureCreationProfileImpl
null);
}
} else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
-
+ if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
return SignatureAlgorithms.SHA384_WITH_RSA;
- } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)
- || algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA_PLAIN)) {
+ } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
return SignatureAlgorithms.SHA384_WITH_ECDSA;
- } else if (
- algorithms.contains(SignatureAlgorithms.DSA)) {
- return SignatureAlgorithms.DSA;
+ } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
+ return SignatureAlgorithms.DSA;
+
} else {
throw new AlgorithmUnavailableException(
"No algorithm for key entry: " + selectedKeyID,
@@ -267,17 +252,15 @@ public class XMLSignatureCreationProfileImpl
null);
}
} else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
-
+ if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
return SignatureAlgorithms.SHA512_WITH_RSA;
- } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)
- || algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA_PLAIN)) {
+ } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
return SignatureAlgorithms.SHA512_WITH_ECDSA;
- } else if (
- algorithms.contains(SignatureAlgorithms.DSA)) {
+ } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
return SignatureAlgorithms.DSA;
+
} else {
throw new AlgorithmUnavailableException(
"No algorithm for key entry: " + selectedKeyID,
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
index 759af813c..8bebff974 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java
@@ -243,14 +243,31 @@ public class XMLSignatureCreationInvoker {
}
try {
- // create the signature
- signature =
- module.createSignature(
- dataObjectList,
- profile,
- additionalSignedProperties,
- signatureParent,
- new TransactionId(context.getTransactionID()));
+ ConfigurationProvider config = context.getConfiguration();
+ String xadesVersion = config.getXAdESVersion();
+
+ if (xadesVersion!= null && xadesVersion.compareTo(XMLSignatureCreationModule.XADES_VERSION_1_4_2) == 0) {
+ // create the signature (XAdES 1.4.2)
+ signature =
+ module.createSignature(
+ dataObjectList,
+ profile,
+ additionalSignedProperties,
+ signatureParent,
+ XMLSignatureCreationModule.XADES_VERSION_1_4_2,
+ new TransactionId(context.getTransactionID()));
+ }
+ else {
+ // create the signature (XAdES 1.1.1 = default)
+ signature =
+ module.createSignature(
+ dataObjectList,
+ profile,
+ additionalSignedProperties,
+ signatureParent,
+ XMLSignatureCreationModule.XADES_VERSION_1_1_1,
+ new TransactionId(context.getTransactionID()));
+ }
// insert the result into the response
if (signatureParent != null) {