From b00fd777ba1c564b1f4b3fdf14ec4d23ff80c1ea Mon Sep 17 00:00:00 2001 From: spuchmann Date: Thu, 8 May 2008 14:04:44 +0000 Subject: added PermitFileURIs; removing unnecessary dependencies to Sun's JSSE git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1071 d688527b-c9ab-4aba-bd8d-4036d912da1d --- .../server/config/ConfigurationPartsBuilder.java | 16 +++++++++++-- .../spss/server/config/ConfigurationProvider.java | 17 ++++++++++++-- .../xmlsign/XMLSignatureCreationProfileImpl.java | 7 ++++++ .../XMLSignatureVerificationProfileImpl.java | 21 +++++++++++++++-- .../moa/spss/server/init/SystemInitializer.java | 27 ++-------------------- .../XMLSignatureVerificationProfileFactory.java | 4 +++- 6 files changed, 60 insertions(+), 32 deletions(-) (limited to 'spss/server/serverlib/src/main/java/at') diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 14ceb71cd..327b66f54 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -190,7 +190,9 @@ public class ConfigurationPartsBuilder { private static final String SUPPLEMENT_PROFILE_XPATH = ROOT + CONF + "SignatureVerification/" + CONF + "SupplementProfile"; - + private static final String PERMIT_FILE_URIS_XPATH = + ROOT + CONF + "SignatureVerification/" + + CONF + "PermitFileURIs"; // // default values for configuration parameters // @@ -1235,5 +1237,15 @@ public class ConfigurationPartsBuilder { String autoAdd = getElementValue(getConfigElem(), AUTO_ADD_CERTIFICATES_XPATH_, null); return Boolean.valueOf(autoAdd).booleanValue(); } - + + /** + * Returns whether file URIs are permitted + * @return whether file URIs are permitted + */ + public boolean getPermitFileURIs() + { + String permitFileURIs = getElementValue(getConfigElem(), PERMIT_FILE_URIS_XPATH, "false"); + return Boolean.valueOf(permitFileURIs).booleanValue(); + } + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 57f06326a..16bf153c9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -206,7 +206,11 @@ public class ConfigurationProvider * be used during certificate path construction. */ private boolean useAuthorityInfoAccess_; - + /** + * Indicates whether file URIs are allowed or not + */ + private boolean permitFileURIs; + /** * Return the single instance of configuration data. * @@ -319,6 +323,7 @@ public class ConfigurationProvider verifyTransformsInfoProfiles = builder.buildVerifyTransformsInfoProfiles(); supplementProfiles = builder.buildSupplementProfiles(); warnings = new ArrayList(builder.getWarnings()); + permitFileURIs = builder.getPermitFileURIs(); } catch (Throwable t) { throw new ConfigurationException("config.11", null, t); } finally { @@ -685,5 +690,13 @@ public class ConfigurationProvider { return useAuthorityInfoAccess_; } - + + /** + * Returns whether the file URIs are permitted or not + * @return whether the file URIs are permitted or not + */ + public boolean getPermitFileURIs() + { + return permitFileURIs; + } } \ No newline at end of file diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index fb3ff4931..2a35e5892 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -275,5 +275,12 @@ public class XMLSignatureCreationProfileImpl public String getSignedPropertiesID() { return propertyIDGenerator.uniqueId(); } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return false; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java index 216596dc3..ab302388d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlverify/XMLSignatureVerificationProfileImpl.java @@ -26,7 +26,8 @@ public class XMLSignatureVerificationProfileImpl private boolean includeHashInputData; /** Whether to include reference input data in the response. */ private boolean includeReferenceInputData; - + /** Whether the file URIs are permitted */ + private boolean permitFileURIs; /** * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#checkSecurityLayerManifest() */ @@ -127,5 +128,21 @@ public class XMLSignatureVerificationProfileImpl public void setIncludeReferenceInputData(boolean includeReferenceInputData) { this.includeReferenceInputData = includeReferenceInputData; } - + + /** + * @see iaik.server.modules.xmlverify.XMLSignatureVerificationProfile#getPermitFileURIs() + */ + public boolean getPermitFileURIs() { + return permitFileURIs; + } + + /** + * Set whether the file URIs are permitted or not + * + * @param permitFileURIs whether the file URIs are permitted or not + */ + public void setPermitFileURIs(boolean permitFileURIs) + { + this.permitFileURIs = permitFileURIs; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 4871ac4fe..42b1c7c3c 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -1,11 +1,6 @@ package at.gv.egovernment.moa.spss.server.init; import java.io.IOException; -import java.security.Security; - -import javax.net.ssl.SSLSocketFactory; - -import org.apache.axis.AxisProperties; import iaik.ixsil.init.IXSILInit; @@ -42,7 +37,7 @@ public class SystemInitializer { */ public static void init() { MessageProvider msg = MessageProvider.getInstance(); - ClassLoader cl = SystemInitializer.class.getClassLoader(); + Thread archiveCleaner; // set up the MOA SPSS logging hierarchy @@ -51,25 +46,7 @@ public class SystemInitializer { // set up a logging context for logging the startup LoggingContextManager.getInstance().setLoggingContext( new LoggingContext("startup")); - - // load some jsse classes so that the integrity of the jars can be verified - // before the iaik jce is installed as the security provider - // this workaround is only needed when sun jsse is used in conjunction with - // iaik-jce (on jdk1.3) - try { - cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar - } catch (ClassNotFoundException e) { - Logger.warn(msg.getMessage("init.03", null), e); - } - - // set up SUN JSSE SSL - Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); - System.setProperty( - "java.protocol.handler.pkgs", - "com.sun.net.ssl.internal.www.protocol"); - SSLSocketFactory.getDefault(); - - + // AxisProperties.setProperty("enableNamespacePrefixOptimization","false"); // AxisProperties.setProperty("disablePrettyXML", "true"); // AxisProperties.setProperty("axis.doAutoTypes", "true"); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java index 5df13a337..1a8c72779 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationProfileFactory.java @@ -86,7 +86,9 @@ public class XMLSignatureVerificationProfileFactory { } else { profile.setTransformationSupplements(Collections.EMPTY_LIST); } - + + profile.setPermitFileURIs(config.getPermitFileURIs()); + return profile; } -- cgit v1.2.3