From 1ad814ccbbe4f65f430ac738104e3f3c8256c229 Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Tue, 16 Apr 2013 14:44:08 +0200 Subject: Update digest algorithm, XAdES version, whitelisting --- common/.settings/org.eclipse.wst.common.component | 5 +- .../java/at/gv/egovernment/moa/util/Constants.java | 14 +++++ .../resources/schemas/MOA-SPSS-config-1.5.2.xsd | 60 ++++++++++++++++------ 3 files changed, 61 insertions(+), 18 deletions(-) (limited to 'common') diff --git a/common/.settings/org.eclipse.wst.common.component b/common/.settings/org.eclipse.wst.common.component index 4dd7e3409..386d0ebba 100644 --- a/common/.settings/org.eclipse.wst.common.component +++ b/common/.settings/org.eclipse.wst.common.component @@ -1,7 +1,6 @@ - - + - \ No newline at end of file + diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java index c4f7eb3f3..7e98f0427 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -397,6 +397,20 @@ public interface Constants { /** URI of the SHA1 digest algorithm */ public static final String SHA1_URI = "http://www.w3.org/2000/09/xmldsig#sha1"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA256_URI = + "http://www.w3.org/2000/09/xmldsig#sha256"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA384_URI = + "http://www.w3.org/2000/09/xmldsig#sha384"; + + /** URI of the SHA1 digest algorithm */ + public static final String SHA512_URI = + "http://www.w3.org/2000/09/xmldsig#sha512"; + + // TODO Supported Hash-Algorithms? /** URI of the Canonical XML algorithm */ public static final String C14N_URI = diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd index 669ebe53f..63b09f45a 100644 --- a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd @@ -19,20 +19,36 @@ - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -78,6 +94,7 @@ + @@ -99,6 +116,19 @@ + + + + + + + + + + + + + @@ -147,7 +177,7 @@ - + -- cgit v1.2.3 From a544afcf4ad581ab7b76e85dc597ccf5643cd55a Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Mon, 6 May 2013 21:43:00 +0200 Subject: - Update MOA-SS Interface (CreateCMSignatureRequest) - Whitelisting in MOA-SPSS --- common/.settings/org.eclipse.jdt.core.prefs | 17 +- .../org.eclipse.wst.common.project.facet.core.xml | 4 +- .../java/at/gv/egovernment/moa/util/Constants.java | 9 +- .../resources/resources/schemas/MOA-SPSS-1.5.2.xsd | 541 +++++++++++++++++++++ 4 files changed, 555 insertions(+), 16 deletions(-) create mode 100644 common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd (limited to 'common') diff --git a/common/.settings/org.eclipse.jdt.core.prefs b/common/.settings/org.eclipse.jdt.core.prefs index 926e77f2f..c788ee346 100644 --- a/common/.settings/org.eclipse.jdt.core.prefs +++ b/common/.settings/org.eclipse.jdt.core.prefs @@ -1,13 +1,8 @@ -#Thu Dec 27 15:45:20 CET 2012 -org.eclipse.jdt.core.compiler.debug.localVariable=generate -org.eclipse.jdt.core.compiler.compliance=1.5 -org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve -org.eclipse.jdt.core.compiler.debug.sourceFile=generate -org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning -org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5 -org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning -org.eclipse.jdt.core.compiler.debug.lineNumber=generate eclipse.preferences.version=1 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled -org.eclipse.jdt.core.compiler.source=1.5 -org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning +org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7 +org.eclipse.jdt.core.compiler.compliance=1.7 +org.eclipse.jdt.core.compiler.problem.assertIdentifier=error +org.eclipse.jdt.core.compiler.problem.enumIdentifier=error +org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning +org.eclipse.jdt.core.compiler.source=1.7 diff --git a/common/.settings/org.eclipse.wst.common.project.facet.core.xml b/common/.settings/org.eclipse.wst.common.project.facet.core.xml index 656f15b87..6c09452f2 100644 --- a/common/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/common/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -3,5 +3,5 @@ - - \ No newline at end of file + + diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java index 7e98f0427..120c222cf 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -83,7 +83,7 @@ public interface Constants { /** Local location of the MOA XML schema definition. */ public static final String MOA_SCHEMA_LOCATION = - SCHEMA_ROOT + "MOA-SPSS-1.4.7.xsd"; + SCHEMA_ROOT + "MOA-SPSS-1.5.2.xsd"; /** URI of the MOA configuration XML namespace. */ public static final String MOA_CONFIG_NS_URI = @@ -410,8 +410,6 @@ public interface Constants { public static final String SHA512_URI = "http://www.w3.org/2000/09/xmldsig#sha512"; - // TODO Supported Hash-Algorithms? - /** URI of the Canonical XML algorithm */ public static final String C14N_URI = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; @@ -437,6 +435,11 @@ public interface Constants { */ public static final String MOA_SPSS_CREATE_XML_REQUEST = "CreateXMLSignatureRequest"; + /** + * Local name of request for creating a CMS signature. + */ + public static final String MOA_SPSS_CREATE_CMS_REQUEST = "CreateCMSSignatureRequest"; + /** * Local name of request for verifying an XML signature. */ diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd new file mode 100644 index 000000000..de49a4c75 --- /dev/null +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd @@ -0,0 +1,541 @@ + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage + + + + Resultat, falls die Signaturerstellung erfolgreich war + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur. + + + + + + + + + + mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert + + + + + + + + + + + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Resultat, falls die Signaturerstellung gescheitert ist + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen. + + + + + Profilbezeichner für einen Transformationsweg + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann. + + + + Der Transformationsparameter explizit angegeben. + + + + + Der Hashwert des Transformationsparameters. + + + + + + + + + + + + + + + + + + + + + + Explizite Angabe des Transformationswegs + + + + + + + Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird. + + + + + + + + + + + + + + + + -- cgit v1.2.3 From 8591e43ef7f8e1eb0be50a0726d507904b26b9f5 Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Thu, 16 May 2013 13:01:02 +0200 Subject: Minor documentation updates --- common/.settings/org.eclipse.wst.common.component | 1 + 1 file changed, 1 insertion(+) (limited to 'common') diff --git a/common/.settings/org.eclipse.wst.common.component b/common/.settings/org.eclipse.wst.common.component index 386d0ebba..d304ccdfa 100644 --- a/common/.settings/org.eclipse.wst.common.component +++ b/common/.settings/org.eclipse.wst.common.component @@ -2,5 +2,6 @@ + -- cgit v1.2.3 From a52d3300d20837b12b45a0d4fb2b0ee520f6e641 Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Wed, 14 Aug 2013 16:36:40 +0200 Subject: TSL integration updates: - Setting of hashcache parameter in MOA - Update MOA-SP Response (Source attribute in QualifiedCertificate and SecureSignatureCreationDevice element) - Hidden truststores (for TSL enabled truststore: given certificates are copied to hidden truststore, where TSL certificates are copied) - Update of QC and SSCD detection - Update MOA-SPSS config: EU TSL URL can be set via configuration --- common/.settings/org.eclipse.jdt.core.prefs | 11 ++++---- common/.settings/org.eclipse.wst.common.component | 3 +- .../org.eclipse.wst.common.project.facet.core.xml | 4 +-- .../java/at/gv/egovernment/moa/util/FileUtils.java | 33 ++++++++++++++++++++++ .../resources/resources/schemas/MOA-SPSS-1.5.2.xsd | 17 +++++++++-- .../resources/schemas/MOA-SPSS-config-1.5.2.xsd | 1 + 6 files changed, 58 insertions(+), 11 deletions(-) (limited to 'common') diff --git a/common/.settings/org.eclipse.jdt.core.prefs b/common/.settings/org.eclipse.jdt.core.prefs index c788ee346..1cd6f082c 100644 --- a/common/.settings/org.eclipse.jdt.core.prefs +++ b/common/.settings/org.eclipse.jdt.core.prefs @@ -1,8 +1,9 @@ +#Mon Aug 05 10:52:30 CEST 2013 +org.eclipse.jdt.core.compiler.problem.enumIdentifier=error +org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning +org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5 eclipse.preferences.version=1 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled -org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7 -org.eclipse.jdt.core.compiler.compliance=1.7 +org.eclipse.jdt.core.compiler.source=1.5 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error -org.eclipse.jdt.core.compiler.problem.enumIdentifier=error -org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning -org.eclipse.jdt.core.compiler.source=1.7 +org.eclipse.jdt.core.compiler.compliance=1.5 diff --git a/common/.settings/org.eclipse.wst.common.component b/common/.settings/org.eclipse.wst.common.component index d304ccdfa..0b1b59ec8 100644 --- a/common/.settings/org.eclipse.wst.common.component +++ b/common/.settings/org.eclipse.wst.common.component @@ -2,6 +2,7 @@ - + + diff --git a/common/.settings/org.eclipse.wst.common.project.facet.core.xml b/common/.settings/org.eclipse.wst.common.project.facet.core.xml index 6c09452f2..656f15b87 100644 --- a/common/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/common/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -3,5 +3,5 @@ - - + + \ No newline at end of file diff --git a/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java index 7effe8b4f..cac179a75 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java @@ -27,8 +27,10 @@ package at.gv.egovernment.moa.util; import java.io.BufferedInputStream; import java.io.File; import java.io.FileInputStream; +import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; +import java.io.OutputStream; import java.net.URL; /** @@ -136,5 +138,36 @@ public class FileUtils { return newURL; } } + + + private static void copy( InputStream fis, OutputStream fos ) + { + try + { + byte[] buffer = new byte[ 0xFFFF ]; + for ( int len; (len = fis.read(buffer)) != -1; ) + fos.write( buffer, 0, len ); + } + catch( IOException e ) { + System.err.println( e ); + } + finally { + if ( fis != null ) + try { fis.close(); } catch ( IOException e ) { e.printStackTrace(); } + if ( fos != null ) + try { fos.close(); } catch ( IOException e ) { e.printStackTrace(); } + } + } + + public static void copyFile(File src, File dest) + { + try + { + copy( new FileInputStream( src ), new FileOutputStream( dest ) ); + } + catch( IOException e ) { + e.printStackTrace(); + } + } } diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd index de49a4c75..640f577aa 100644 --- a/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd @@ -147,7 +147,7 @@ - only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any @@ -198,7 +198,7 @@ - only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any @@ -455,7 +455,18 @@ - + + + + + + + + + + + + diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd index 63b09f45a..91d281171 100644 --- a/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-config-1.5.2.xsd @@ -313,6 +313,7 @@ + -- cgit v1.2.3 From 5b697c424d24a7523dccd210454d029368e34898 Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Wed, 21 Aug 2013 13:12:26 +0200 Subject: Update QC/SSCD check WSDL location updated --- .../resources/resources/schemas/MOA-SPSS-1.5.2.xsd | 34 +++++++++++++++------- 1 file changed, 23 insertions(+), 11 deletions(-) (limited to 'common') diff --git a/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd b/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd index 640f577aa..144918778 100644 --- a/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd +++ b/common/src/main/resources/resources/schemas/MOA-SPSS-1.5.2.xsd @@ -147,7 +147,7 @@ - only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any + only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any @@ -198,7 +198,7 @@ - only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any + only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any; SecureSignatureCreationDevice is included as X509Data/any, IssuingCountry is included as X509Data/any @@ -454,19 +454,31 @@ - + + + + + + + + + + + + - - - - - - - - + + + + + + + + + -- cgit v1.2.3