From ac3296bb205048da5a1e4494dd4956f4312cf948 Mon Sep 17 00:00:00 2001 From: gregor Date: Mon, 18 Jul 2005 07:19:15 +0000 Subject: =?UTF-8?q?Fix=20f=C3=BCr=20Bug=20267=20getestet.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@382 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../schemas/MOA-SPSS-Configuration-1.0.xsd | 1 + .../properties/spss_messages_de.properties | 3 ++- .../server/config/ConfigurationPartsBuilder.java | 25 ++++++++++------------ .../invoke/XMLSignatureVerificationInvoker.java | 16 +++++++++++--- 4 files changed, 27 insertions(+), 18 deletions(-) diff --git a/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd b/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd index 978733394..5a9f966ea 100644 --- a/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd +++ b/common/res/resources/schemas/MOA-SPSS-Configuration-1.0.xsd @@ -193,6 +193,7 @@ + diff --git a/spss.server/res/resources/properties/spss_messages_de.properties b/spss.server/res/resources/properties/spss_messages_de.properties index ead8d3295..a4ae8e563 100644 --- a/spss.server/res/resources/properties/spss_messages_de.properties +++ b/spss.server/res/resources/properties/spss_messages_de.properties @@ -120,7 +120,7 @@ config.16=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumb config.17=DigestAlgorithmName unbekannt (AlgorithmName={0}) config.18=Lade Keystore: {0} config.19=Key ID={0} -config.20=Fehler beim Aktualisieren der MOA SP/SS Konfiguration. Die bestehende Konfiguration wird beibehalten. +config.20=Fehler beim Aktualisieren der MOA SP/SS Konfiguration. Die bestehende Konfiguration wird beibehalten config.21=Lade Konfiguration von {0} config.22=Lade {0} mit id={1} von Datei {2} config.23=Fehler in der Konfiguration: {0} nicht konfiguriert oder ungültig, verwende den Default-Wert: {1} @@ -143,3 +143,4 @@ handler.05=Fehler beim Abarbeiten der Anfrage invoker.00=Das Signature Environment konnte nicht validierend geparst werden invoker.01=Keine passende Transformationskette gefunden (Index={0}) invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0}) +invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1}) diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 33e9daca1..96a90980d 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -829,8 +829,6 @@ public class ConfigurationPartsBuilder { String uriStr = profileElem.getAttribute("uri"); String signerCertsUriStr = profileElem.getAttribute("signerCertsUri"); - boolean createTrustProfile = true; - URI uri = null; try { @@ -841,23 +839,23 @@ public class ConfigurationPartsBuilder { } catch (URIException e) { warn("config.14", new Object[] { "uri", id, uriStr }, e); - createTrustProfile = false; + continue; } catch (MalformedURLException e) { warn("config.15", new Object[] {id}, e); - createTrustProfile = false; + continue; } File profileDir = new File(uri.getPath()); if (!profileDir.exists() || !profileDir.isDirectory()) { warn("config.27", new Object[] { "uri", id }); - createTrustProfile = false; + continue; } if (trustProfiles.containsKey(id)) { warn("config.04", new Object[] { "TrustProfile", id }); - createTrustProfile = false; + continue; } URI signerCertsUri = null; @@ -866,28 +864,27 @@ public class ConfigurationPartsBuilder { try { signerCertsUri = new URI(signerCertsUriStr); - if (!signerCertsUri.isAbsolute()) uri = new URI(configRoot.toURL() + signerCertsUriStr); + if (!signerCertsUri.isAbsolute()) signerCertsUri = new URI(configRoot.toURL() + signerCertsUriStr); File signerCertsDir = new File(signerCertsUri.getPath()); if (!signerCertsDir.exists() || !signerCertsDir.isDirectory()) { warn("config.27", new Object[] { "signerCertsUri", id }); - createTrustProfile = false; + continue; } } catch (URIException e) { warn("config.14", new Object[] { "signerCertsUri", id, uriStr }, e); - createTrustProfile = false; + continue; } catch (MalformedURLException e) { warn("config.15", new Object[] {id}, e); - createTrustProfile = false; + continue; } } - if (createTrustProfile) { - TrustProfile profile = new TrustProfile(id, uri.toString(), signerCertsUri.toString()); - trustProfiles.put(id, profile); - } + signerCertsUriStr = (signerCertsUri != null) ? signerCertsUri.toString() : null; + TrustProfile profile = new TrustProfile(id, uri.toString(), signerCertsUriStr); + trustProfiles.put(id, profile); } return trustProfiles; diff --git a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index e8b2a5e10..1f9d45ed1 100644 --- a/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss.server/src/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -20,6 +20,7 @@ import iaik.x509.X509Certificate; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; +import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; @@ -241,6 +242,8 @@ public class XMLSignatureVerificationInvoker { private CheckResult validateSignerCertificate(XMLSignatureVerificationResult result, TrustProfile trustProfile) throws MOAException { + MessageProvider msg = MessageProvider.getInstance(); + int resultCode = result.getCertificateValidationResult().getValidationResultCode().intValue(); if (resultCode == 0 && trustProfile.getSignerCertsUri() != null) { @@ -275,14 +278,21 @@ public class XMLSignatureVerificationInvoker { try { X509Certificate currentCert = new X509Certificate(currentFIS); + currentFIS.close(); if (currentCert.equals(signerCertificate)) break; } catch (Exception e) { // Simply ignore file if it cannot be interpreted as certificate - Logger.warn("Signatorzertifiat aus Trustprofile mit id=" + - trustProfile.getId() + " kann nicht geparst werden: " + - e.getMessage()); + String logMsg = msg.getMessage("invoker.03", new Object[]{trustProfile.getId(), files[i].getName()}); + Logger.warn(logMsg); + try + { + currentFIS.close(); + } + catch (IOException e1) { + // If clean-up fails, do nothing + } } } } -- cgit v1.2.3