summaryrefslogtreecommitdiff
path: root/spss/server/serverlib
diff options
context:
space:
mode:
Diffstat (limited to 'spss/server/serverlib')
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java16
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java17
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java7
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java21
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java27
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java4
6 files changed, 60 insertions, 32 deletions
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 14ceb71cd..327b66f54 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -190,7 +190,9 @@ public class ConfigurationPartsBuilder {
private static final String SUPPLEMENT_PROFILE_XPATH =
ROOT + CONF + "SignatureVerification/"
+ CONF + "SupplementProfile";
-
+ private static final String PERMIT_FILE_URIS_XPATH =
+ ROOT + CONF + "SignatureVerification/"
+ + CONF + "PermitFileURIs";
//
// default values for configuration parameters
//
@@ -1235,5 +1237,15 @@ public class ConfigurationPartsBuilder {
String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null);
return Boolean.valueOf(autoAdd).booleanValue();
}
-
+
+ /**
+ * Returns whether file URIs are permitted
+ * @return whether file URIs are permitted
+ */
+ public boolean getPermitFileURIs()
+ {
+ String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false");
+ return Boolean.valueOf(permitFileURIs).booleanValue();
+ }
+
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 57f06326a..16bf153c9 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -206,7 +206,11 @@ public class ConfigurationProvider
* be used during certificate path construction.
*/
private boolean useAuthorityInfoAccess_;
-
+ /**
+ * Indicates whether file URIs are allowed or not
+ */
+ private boolean permitFileURIs;
+
/**
* Return the single instance of configuration data.
*
@@ -319,6 +323,7 @@ public class ConfigurationProvider
verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles();
supplementProfiles = builder.buildSupplementProfiles();
warnings = new ArrayList(builder.getWarnings());
+ permitFileURIs = builder.getPermitFileURIs();
} catch (Throwable t) {
throw new ConfigurationException("config.11", null, t);
} finally {
@@ -685,5 +690,13 @@ public class ConfigurationProvider
{
return useAuthorityInfoAccess_;
}
-
+
+ /**
+ * Returns whether the file URIs are permitted or not
+ * @return whether the file URIs are permitted or not
+ */
+ public boolean getPermitFileURIs()
+ {
+ return permitFileURIs;
+ }
} \ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index fb3ff4931..2a35e5892 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -275,5 +275,12 @@ public class XMLSignatureCreationProfileImpl
public String getSignedPropertiesID() {
return propertyIDGenerator.uniqueId();
}
+
+ /**
+ * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs()
+ */
+ public boolean getPermitFileURIs() {
+ return false;
+ }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
index 216596dc3..ab302388d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java
@@ -26,7 +26,8 @@ public class XMLSignatureVerificationProfileImpl
private boolean includeHashInputData;
/** Whether to include reference input data in the response. */
private boolean includeReferenceInputData;
-
+ /** Whether the file URIs are permitted */
+ private boolean permitFileURIs;
/**
* @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest()
*/
@@ -127,5 +128,21 @@ public class XMLSignatureVerificationProfileImpl
public void setIncludeReferenceInputData(boolean includeReferenceInputData) {
this.includeReferenceInputData = includeReferenceInputData;
}
-
+
+ /**
+ * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs()
+ */
+ public boolean getPermitFileURIs() {
+ return permitFileURIs;
+ }
+
+ /**
+ * Set whether the file URIs are permitted or not
+ *
+ * @param permitFileURIs whether the file URIs are permitted or not
+ */
+ public void setPermitFileURIs(boolean permitFileURIs)
+ {
+ this.permitFileURIs = permitFileURIs;
+ }
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 4871ac4fe..42b1c7c3c 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -1,11 +1,6 @@
package at.gv.egovernment.moa.spss.server.init;
import java.io.IOException;
-import java.security.Security;
-
-import javax.net.ssl.SSLSocketFactory;
-
-import org.apache.axis.AxisProperties;
import iaik.ixsil.init.IXSILInit;
@@ -42,7 +37,7 @@ public class SystemInitializer {
*/
public static void init() {
MessageProvider msg = MessageProvider.getInstance();
- ClassLoader cl = SystemInitializer.class.getClassLoader();
+
Thread archiveCleaner;
// set up the MOA SPSS logging hierarchy
@@ -51,25 +46,7 @@ public class SystemInitializer {
// set up a logging context for logging the startup
LoggingContextManager.getInstance().setLoggingContext(
new LoggingContext("startup"));
-
- // load some jsse classes so that the integrity of the jars can be verified
- // before the iaik jce is installed as the security provider
- // this workaround is only needed when sun jsse is used in conjunction with
- // iaik-jce (on jdk1.3)
- try {
- cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
- } catch (ClassNotFoundException e) {
- Logger.warn(msg.getMessage("init.03", null), e);
- }
-
- // set up SUN JSSE SSL
- Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- System.setProperty(
- "java.protocol.handler.pkgs",
- "com.sun.net.ssl.internal.www.protocol");
- SSLSocketFactory.getDefault();
-
-
+
// AxisProperties.setProperty("enableNamespacePrefixOptimization","false");
// AxisProperties.setProperty("disablePrettyXML", "true");
// AxisProperties.setProperty("axis.doAutoTypes", "true");
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
index 5df13a337..1a8c72779 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java
@@ -86,7 +86,9 @@ public class XMLSignatureVerificationProfileFactory {
} else {
profile.setTransformationSupplements(Collections.EMPTY_LIST);
}
-
+
+ profile.setPermitFileURIs(config.getPermitFileURIs());
+
return profile;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-27 11:45:19 +0000