From dcaa12f3f801363bf6034a48b80fab60cfe9a39f Mon Sep 17 00:00:00 2001 From: Klaus Stranacher Date: Tue, 23 Apr 2013 12:07:03 +0200 Subject: Update textkeys and testcertificates Update signature algorithm selection Update repository Updates documentation --- .../server/config/ConfigurationPartsBuilder.java | 26 ++++++-- .../spss/server/config/ConfigurationProvider.java | 11 ++++ .../xmlsign/XMLSignatureCreationProfileImpl.java | 77 +++++++++------------- .../server/invoke/XMLSignatureCreationInvoker.java | 33 +++++++--- 4 files changed, 86 insertions(+), 61 deletions(-) (limited to 'spss/server/serverlib/src/main') diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index e335139aa..bc53ca4f9 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -284,8 +284,11 @@ public class ConfigurationPartsBuilder { new HashSet(Arrays.asList(ACCEPTED_DIGEST_ALGORITHMS_ARRAY)); - /** Default digest algorithm URI, if none/illegal has been configured */ - private static final String DIGEST_ALGORITHM_DEFAULT = Constants.SHA1_URI; + /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.1.1) */ + private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 = Constants.SHA1_URI; + + /** Default digest algorithm URI, if none/illegal has been configured (for XAdES 1.4.2) */ + private static final String DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 = Constants.SHA256_URI; /** The root element of the MOA configuration */ private Element configElem; @@ -351,10 +354,21 @@ public class ConfigurationPartsBuilder { if (digestMethod == null || !ACCEPTED_DIGEST_ALGORITHMS.contains(digestMethod)) { - info( - "config.23", - new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT }); - digestMethod = DIGEST_ALGORITHM_DEFAULT; + String xadesVersion = this.getXAdESVersion(); + if (xadesVersion == null) { + info( + "config.23", + new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1 }); + digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_1_1; + } + else { + info( + "config.23", + new Object[] { "DigestMethodAlgorithm", DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2 }); + digestMethod = DIGEST_ALGORITHM_DEFAULT_XADES_1_4_2; + } + + } return digestMethod; diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index b40a6bfa5..08478b717 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -41,6 +41,7 @@ import java.util.Collections; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.Set; import org.w3c.dom.Element; @@ -573,6 +574,16 @@ public class ConfigurationProvider issuerAndSerial = new IssuerAndSerial(issuer, serial); } +// System.out.println("Issuer: " + issuer); +// System.out.println("serial: " + serial); +// +// Iterator entries = keyGroupMappings.entrySet().iterator(); +// while (entries.hasNext()) { +// Entry thisEntry = (Entry) entries.next(); +// System.out.println("Entry: " + thisEntry.getKey()); +// System.out.println("Value: " + thisEntry.getValue()); +// } + mapping = (Map) keyGroupMappings.get(issuerAndSerial); if (mapping != null) { KeyGroup keyGroup = (KeyGroup) mapping.get(keyGroupId); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index 479f0aac9..edc3922e2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -202,46 +202,33 @@ public class XMLSignatureCreationProfileImpl // XAdES 1.4.2 is enabled: select signature algorithm according to selected digest method if (digestMethodXAdES142.compareTo("SHA-1") == 0) { Logger.warn("XAdES version 1.4.2 is enabled, but SHA-1 is configured as digest algorithm. Please revise a use a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); - if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA) //? - || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA) //? - || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA_OLD) //? - || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.WHIRLPOOL_WITH_RSA)) { //? - - return SignatureAlgorithms.SHA1_WITH_RSA; - - } else if (algorithms.contains(SignatureAlgorithms.ECDSA) - || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_ECDSA) - || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_ECDSA_PLAIN) - || algorithms.contains(SignatureAlgorithms.WHIRLPOOL_WITH_ECDSA) - || algorithms.contains(SignatureAlgorithms.SHA1_WITH_ECDSA_PLAIN)) { - return SignatureAlgorithms.ECDSA; - } else if ( - algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; - } else { - throw new AlgorithmUnavailableException( - "No algorithm for key entry: " + selectedKeyID, - null, - null); + + if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { + return SignatureAlgorithms.SHA1_WITH_RSA; + + } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { + return SignatureAlgorithms.ECDSA; + + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + + } else { + throw new AlgorithmUnavailableException( + "No algorithm for key entry: " + selectedKeyID, + null, + null); } + } else if (digestMethodXAdES142.compareTo("SHA-256") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA224_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { - + if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { return SignatureAlgorithms.SHA256_WITH_RSA; - } else if (algorithms.contains(SignatureAlgorithms.SHA224_WITH_ECDSA) - || algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA) - || algorithms.contains(SignatureAlgorithms.SHA224_WITH_ECDSA_PLAIN) - || algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA_PLAIN)) { + } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { return SignatureAlgorithms.SHA256_WITH_ECDSA; - } else if ( - algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + } else { throw new AlgorithmUnavailableException( "No algorithm for key entry: " + selectedKeyID, @@ -249,17 +236,15 @@ public class XMLSignatureCreationProfileImpl null); } } else if (digestMethodXAdES142.compareTo("SHA-384") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { - + if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { return SignatureAlgorithms.SHA384_WITH_RSA; - } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA) - || algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA_PLAIN)) { + } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { return SignatureAlgorithms.SHA384_WITH_ECDSA; - } else if ( - algorithms.contains(SignatureAlgorithms.DSA)) { - return SignatureAlgorithms.DSA; + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { + return SignatureAlgorithms.DSA; + } else { throw new AlgorithmUnavailableException( "No algorithm for key entry: " + selectedKeyID, @@ -267,17 +252,15 @@ public class XMLSignatureCreationProfileImpl null); } } else if (digestMethodXAdES142.compareTo("SHA-512") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { - + if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { return SignatureAlgorithms.SHA512_WITH_RSA; - } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA) - || algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA_PLAIN)) { + } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { return SignatureAlgorithms.SHA512_WITH_ECDSA; - } else if ( - algorithms.contains(SignatureAlgorithms.DSA)) { + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { return SignatureAlgorithms.DSA; + } else { throw new AlgorithmUnavailableException( "No algorithm for key entry: " + selectedKeyID, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java index 759af813c..8bebff974 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationInvoker.java @@ -243,14 +243,31 @@ public class XMLSignatureCreationInvoker { } try { - // create the signature - signature = - module.createSignature( - dataObjectList, - profile, - additionalSignedProperties, - signatureParent, - new TransactionId(context.getTransactionID())); + ConfigurationProvider config = context.getConfiguration(); + String xadesVersion = config.getXAdESVersion(); + + if (xadesVersion!= null && xadesVersion.compareTo(XMLSignatureCreationModule.XADES_VERSION_1_4_2) == 0) { + // create the signature (XAdES 1.4.2) + signature = + module.createSignature( + dataObjectList, + profile, + additionalSignedProperties, + signatureParent, + XMLSignatureCreationModule.XADES_VERSION_1_4_2, + new TransactionId(context.getTransactionID())); + } + else { + // create the signature (XAdES 1.1.1 = default) + signature = + module.createSignature( + dataObjectList, + profile, + additionalSignedProperties, + signatureParent, + XMLSignatureCreationModule.XADES_VERSION_1_1_1, + new TransactionId(context.getTransactionID())); + } // insert the result into the response if (signatureParent != null) { -- cgit v1.2.3