From 68af85701b6f797b0d662b89b95e043ee949defd Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 2 Jul 2010 07:14:41 +0000 Subject: Merged branch 1.4.7_MOASP_TSL back into trunk. git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@1165 d688527b-c9ab-4aba-bd8d-4036d912da1d --- spss/server/history.txt | 13 +++++ spss/server/readme.update.txt | 13 +++-- spss/server/serverlib/.classpath | 22 +++++--- .../.settings/org.eclipse.wst.common.component | 15 +++-- spss/server/serverlib/pom.xml | 2 +- .../gv/egovernment/moa/spss/api/SPSSFactory.java | 24 ++++++-- .../VerifyCMSSignatureResponseElement.java | 7 +++ .../moa/spss/api/common/CheckTSLResult.java | 40 +++++++++++++ .../moa/spss/api/impl/CheckTSLResultImpl.java | 66 ++++++++++++++++++++++ .../moa/spss/api/impl/SPSSFactoryImpl.java | 18 +++++- .../VerifyCMSSignatureResponseElementImpl.java | 17 +++++- .../api/impl/VerifyXMLSignatureResponseImpl.java | 17 +++++- .../moa/spss/api/xmlbind/ResponseBuilderUtils.java | 35 ++++++++++++ .../xmlbind/VerifyCMSSignatureResponseBuilder.java | 9 +++ .../xmlbind/VerifyXMLSignatureResponseBuilder.java | 7 +++ .../api/xmlverify/VerifyXMLSignatureResponse.java | 10 ++++ .../server/config/ConfigurationPartsBuilder.java | 36 +++++++++++- .../moa/spss/server/config/TrustProfile.java | 16 +++++- .../invoke/CMSSignatureVerificationInvoker.java | 11 +++- .../invoke/VerifyCMSSignatureResponseBuilder.java | 66 +++++++++++++++++++--- .../invoke/VerifyXMLSignatureResponseBuilder.java | 17 +++++- .../invoke/XMLSignatureVerificationInvoker.java | 44 ++++++++++++++- .../properties/spss_messages_de.properties | 4 +- .../.settings/org.eclipse.wst.common.component | 28 ++++----- .../serverws/resources/wsdl/MOA-SPSS-1.3.wsdl | 2 +- 25 files changed, 472 insertions(+), 67 deletions(-) create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java create mode 100644 spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java (limited to 'spss/server') diff --git a/spss/server/history.txt b/spss/server/history.txt index 3aa79b3f6..3f2f420a0 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -1,4 +1,17 @@ ############## +1.4.7 +############## + +- In den Trustprofilen können nun Trust-service Status Lists (TSLs) angegeben werden. + MOA-SP liefert hierbei in der Response das TSL Verifikationsergebnis im Element + TSLCheck retour (siehe hierzu Dokumentation - Konfiguration Kapitel "2.3.1.2.2 + Vertrauensprofile"). + +- Bei Nutzung der TSL-Funktionalität ist Java 1.5 Voraussetzung + +- IAIK Libraries aktualisiert: + iaik-moa: Version 1.27 +############## 1.4.6 ############## diff --git a/spss/server/readme.update.txt b/spss/server/readme.update.txt index e2d2f5dbd..fb87ed327 100644 --- a/spss/server/readme.update.txt +++ b/spss/server/readme.update.txt @@ -1,11 +1,11 @@ ====================================================================== - Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.6 + Update einer bestehenden MOA-SPSS-Installation auf Version 1.4.7 ====================================================================== Es gibt zwei Möglichkeiten (im Folgenden als "Update Variante A" und "Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version -1.4.6 durchzuführen. Update Variante A geht dabei den Weg über eine +1.4.7 durchzuführen. Update Variante A geht dabei den Weg über eine vorangestellte Neuinstallation, während Variante B direkt eine bestehende Installation aktualisiert. @@ -16,8 +16,10 @@ JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation MOA_SPSS_INST bezeichnet das Verzeichnis, in das Sie die Datei -moa-spss-1.4.6.zip entpackt haben. +moa-spss-1.4.7.zip entpackt haben. +Anmerkung: Wenn Sie MOA-SP mit TSL Unterstützung verwenden wollen, dann +ist die Verwendung von Java 1.5 Voraussetzung dafür. ================= Update Variante A @@ -35,8 +37,7 @@ Update Variante A die Sie aus Ihrer alten Installation beibehalten möchten, aus Ihrer Sicherungskopie in die entsprechenden Verzeichnisse der neuen Installation. - Anmerkung: Diese Distribution enthält neue A-TRUST und E-CARD-Zertifikate. - Falls Sie Ihre alten Trustprofile beibehalten wollen, gehen Sie wie unter + Anmerkung: Falls Sie Ihre alten Trustprofile beibehalten wollen, gehen Sie wie unter Update Variante B, Punkt 9 beschrieben vor, um Ihre alten Trustprofile auf einen aktuellen Stand zu bringen. @@ -55,7 +56,7 @@ Update Variante B 1.) Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses Ihrer MOA-SPSS-Installation. -2.) Entpacken Sie die Datei "moa-spss-1.4.6.zip" in das Verzeichnis MOA_SPSS_INST. +2.) Entpacken Sie die Datei "moa-spss-1.4.7.zip" in das Verzeichnis MOA_SPSS_INST. 3.) Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis JAVA_HOME\jre\lib\ext und löschen Sie diese Dateien danach. diff --git a/spss/server/serverlib/.classpath b/spss/server/serverlib/.classpath index 1c79cc393..f0e483a4a 100644 --- a/spss/server/serverlib/.classpath +++ b/spss/server/serverlib/.classpath @@ -1,9 +1,13 @@ - - - - - - - - - + + + + + + + + + + + + + diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component index ebc030867..e4ceae723 100644 --- a/spss/server/serverlib/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component @@ -1,8 +1,7 @@ - - - - - - - - + + + + + + + diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 6648f8c55..4ee7075e3 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -9,7 +9,7 @@ MOA.spss.server moa-spss-lib jar - 1.4.6 + 1.4.7 MOA SP/SS API diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index 0aedba6a6..1a778ad2b 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -22,17 +22,17 @@ import java.util.Date; import java.util.List; import java.util.Map; +import org.apache.commons.discovery.tools.DiscoverClass; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import org.apache.commons.discovery.tools.DiscoverClass; - import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -434,6 +434,7 @@ public abstract class SPSSFactory { * @param signerInfo Information about the signer certificate. * @param signatureCheck Result of the singature value check. * @param certificateCheck Result of the certificate status check. + * @param tslCheck Result of the TSL check * @return The new VerifyCMSSignatureResponseElement containing * the above data. * @@ -444,7 +445,8 @@ public abstract class SPSSFactory { public abstract VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck); + CheckResult certificateCheck, + CheckTSLResult tslCheck); // // Factory methods for verifying XML signatures @@ -698,7 +700,8 @@ public abstract class SPSSFactory { ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, - CheckResult certificateCheck); + CheckResult certificateCheck, + CheckTSLResult tslCheck); /** * Create a new ReferencesCheckResult object. @@ -987,6 +990,19 @@ public abstract class SPSSFactory { */ public abstract CheckResult createCheckResult(int code, NodeList info); + /** + * Create a new CheckTSLResult object. + * + * @param code The numerical error code. + * @param info Verbose error information. + * @return The new CheckTSLResult containing the above data. + * + * @pre code >= 0 + * @pre info != null + * @post return != null + */ + public abstract CheckTSLResult createCheckTSLResult(int code, String info); + /** * Create a new SignerInfo object. * diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java index 26fd5911d..e2f44c540 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/cmsverify/VerifyCMSSignatureResponseElement.java @@ -16,6 +16,7 @@ package at.gv.egovernment.moa.spss.api.cmsverify; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -44,4 +45,10 @@ public interface VerifyCMSSignatureResponseElement { * @return The result of the certificate verification. */ public CheckResult getCertificateCheck(); + /** + * Gets the result of the TSL verification + * + * @return The result of the TSL verification + */ + public CheckTSLResult getTSLCheck(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java new file mode 100644 index 000000000..f31512cdb --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/common/CheckTSLResult.java @@ -0,0 +1,40 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egovernment.moa.spss.api.common; + +import org.w3c.dom.NodeList; + +/** + * Object encapsulating the result of a TSL verification. + * + * @author Patrick Peck + * @author Stephan Grill + * @version $Id: CheckResult.java 1087 2008-08-28 07:55:59Z mcentner $ + */ +public interface CheckTSLResult { + /** + * Gets the result code. + * + * @return The result code. + */ + public int getCode(); + /** + * Gets descriptive information. + * + * @return Descriptive information. + */ + public String getInfo(); +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java new file mode 100644 index 000000000..62f3ab979 --- /dev/null +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CheckTSLResultImpl.java @@ -0,0 +1,66 @@ +/* +* Copyright 2003 Federal Chancellery Austria +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egovernment.moa.spss.api.impl; + +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; + +/** + * Default implementation of CheckTSLResult. + * + * @author Fatemeh Philippi + * @author Klaus Stranacher + * @version $Id: CheckResultImpl.java 1087 2008-08-28 07:55:59Z mcentner $ + */ +public class CheckTSLResultImpl implements CheckTSLResult { + /** The result code. */ + private int code; + + /** Additional information. */ + private String info; + + /** + * Sets a result code. + * + * @param code The result code. + */ + public void setCode(int code) { + this.code = code; + } + + /** + * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getCode() + */ + public int getCode() { + return code; + } + + /** + * Sets a descriptive information. + * + * @param info The descriptive information. + */ + public void setInfo(String info) { + this.info = info; + } + + /** + * @see at.gv.egovernment.moa.spss.api.common.CheckTSLResult#getInfo() + */ + public String getInfo() { + return info; + } + +} diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java index f0d16046c..8cf06bb15 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/SPSSFactoryImpl.java @@ -32,6 +32,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.MetaInfo; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -259,12 +260,15 @@ public class SPSSFactoryImpl extends SPSSFactory { public VerifyCMSSignatureResponseElement createVerifyCMSSignatureResponseElement( SignerInfo signerInfo, CheckResult signatureCheck, - CheckResult certificateCheck) { + CheckResult certificateCheck, + CheckTSLResult tslCheck) { VerifyCMSSignatureResponseElementImpl verifyCMSSignatureResponseElement = new VerifyCMSSignatureResponseElementImpl(); verifyCMSSignatureResponseElement.setSignerInfo(signerInfo); verifyCMSSignatureResponseElement.setSignatureCheck(signatureCheck); verifyCMSSignatureResponseElement.setCertificateCheck(certificateCheck); + verifyCMSSignatureResponseElement.setTSLCheck(tslCheck); + return verifyCMSSignatureResponseElement; } @@ -390,7 +394,8 @@ public class SPSSFactoryImpl extends SPSSFactory { ReferencesCheckResult signatureCheck, ReferencesCheckResult signatureManifestCheck, List xmlDsigManifestChecks, - CheckResult certificateCheck) { + CheckResult certificateCheck, + CheckTSLResult tslCheck) { VerifyXMLSignatureResponseImpl verifyXMLSignatureResponse = new VerifyXMLSignatureResponseImpl(); verifyXMLSignatureResponse.setSignerInfo(signerInfo); @@ -401,6 +406,8 @@ public class SPSSFactoryImpl extends SPSSFactory { signatureManifestCheck); verifyXMLSignatureResponse.setXMLDsigManifestChecks(xmlDsigManifestChecks); verifyXMLSignatureResponse.setCertificateCheck(certificateCheck); + verifyXMLSignatureResponse.setTSLCheck(tslCheck); + return verifyXMLSignatureResponse; } @@ -557,6 +564,13 @@ public class SPSSFactoryImpl extends SPSSFactory { checkResult.setInfo(info); return checkResult; } + + public CheckTSLResult createCheckTSLResult(int code, String info) { + CheckTSLResultImpl checkTSLResult = new CheckTSLResultImpl(); + checkTSLResult.setCode(code); + checkTSLResult.setInfo(info); + return checkTSLResult; + } public SignerInfo createSignerInfo( X509Certificate signerCertificate, diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java index 322e83baa..f80c4ace2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyCMSSignatureResponseElementImpl.java @@ -17,6 +17,7 @@ package at.gv.egovernment.moa.spss.api.impl; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -34,7 +35,9 @@ public class VerifyCMSSignatureResponseElementImpl private CheckResult signatureCheck; /** Information about the certificate check. */ private CheckResult certificateCheck; - + /** Information about the TSL check */ + private CheckTSLResult tslCheck; + /** * Sets a SignerInfo element according to CMS. * @@ -73,5 +76,17 @@ public class VerifyCMSSignatureResponseElementImpl public CheckResult getCertificateCheck() { return certificateCheck; } + + /** + * Sets a result of the TSL verification. + * + * @param tslCheck The result of the TSL verification. + */ + public void setTSLCheck(CheckTSLResult tslCheck) { + this.tslCheck = tslCheck; + } + public CheckTSLResult getTSLCheck() { + return tslCheck; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java index 3777e8958..ea6a180a7 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyXMLSignatureResponseImpl.java @@ -20,6 +20,7 @@ import java.util.Collections; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; @@ -52,7 +53,9 @@ public class VerifyXMLSignatureResponseImpl private List xmlDsigManifestChecks = new ArrayList(); /** Information about the certificate check. */ private CheckResult certificateCheck; - + /** Information about the TSL check. */ + private CheckTSLResult tslCheck; + /** * Sets information about the signer certificate. * @@ -136,6 +139,18 @@ public class VerifyXMLSignatureResponseImpl public CheckResult getCertificateCheck() { return certificateCheck; } + /** + * Sets the result of the TSL verification. + * + * @param certificateCheck The result of the TSL verification. + */ + public void setTSLCheck(CheckTSLResult tslCheck) { + this.tslCheck = tslCheck; + } + + public CheckTSLResult getTSLCheck() { + return tslCheck; + } /** * Sets the XMLDSigManifestChecks. diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index 3bef8659a..30d19023a 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -217,5 +217,40 @@ class ResponseBuilderUtils { } root.appendChild(codeInfoElem); } + + /** + * Add an element containing Code and Info + * subelements. + * + * @param response The response document, in order to create new elements in + * it. + * @param root The root element into which to insert the newly created + * element. + * @param elementName The name of the newly created element. + * @param code The content of the Code subelement. + * @param info The content of the Info subelement. + */ + public static void addCodeInfoElement( + Document response, + Element root, + String elementName, + int code, + String info) { + + Element codeInfoElem = response.createElementNS(MOA_NS_URI, elementName); + Element codeElem = response.createElementNS(MOA_NS_URI, "Code"); + Element infoElem; + int i; + + codeElem.appendChild(response.createTextNode(Integer.toString(code))); + codeInfoElem.appendChild(codeElem); + + if (info != null) { + infoElem = response.createElementNS(MOA_NS_URI, "Info"); + infoElem.appendChild(response.createTextNode(info)); + codeInfoElem.appendChild(infoElem); + } + root.appendChild(codeInfoElem); + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java index 80d8575f9..2e4a95a89 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureResponseBuilder.java @@ -25,6 +25,7 @@ import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -89,6 +90,7 @@ public class VerifyCMSSignatureResponseBuilder { SignerInfo signerInfo = responseElement.getSignerInfo(); CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); + CheckTSLResult tslCheck = responseElement.getTSLCheck(); ResponseBuilderUtils.addSignerInfo( responseDoc, @@ -111,6 +113,13 @@ public class VerifyCMSSignatureResponseBuilder { "CertificateCheck", certCheck.getCode(), certCheck.getInfo()); + + ResponseBuilderUtils.addCodeInfoElement( + responseDoc, + responseElem, + "TSLCheck", + tslCheck.getCode(), + tslCheck.getInfo()); } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java index a8be59766..dedb1dc88 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyXMLSignatureResponseBuilder.java @@ -135,6 +135,13 @@ public class VerifyXMLSignatureResponseBuilder { "CertificateCheck", response.getCertificateCheck().getCode(), response.getCertificateCheck().getInfo()); + + ResponseBuilderUtils.addCodeInfoElement( + responseDoc, + responseElem, + "TSLCheck", + response.getTSLCheck().getCode(), + response.getTSLCheck().getInfo()); return responseDoc; } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java index 01fe9cf2c..63da503cb 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/api/xmlverify/VerifyXMLSignatureResponse.java @@ -18,6 +18,7 @@ package at.gv.egovernment.moa.spss.api.xmlverify; import java.util.List; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; /** @@ -71,5 +72,14 @@ public interface VerifyXMLSignatureResponse { * @return The result of the certificate verification. */ public CheckResult getCertificateCheck(); + + /** + * Gets the result of the TSL verification. + * + * @return The result of the TSL verification. + */ + public CheckTSLResult getTSLCheck(); + + } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 3ad7b761f..51669026f 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -949,7 +949,8 @@ public class ConfigurationPartsBuilder { String id = getElementValue(profileElem, CONF + "Id", null); String trustAnchorsLocStr = getElementValue(profileElem, CONF + "TrustAnchorsLocation", null); String signerCertsLocStr = getElementValue(profileElem, CONF + "SignerCertsLocation", null); - + String tslLocStr = getElementValue(profileElem, CONF + "TSLLocation", null); + URI trustAnchorsLocURI = null; try { @@ -973,6 +974,34 @@ public class ConfigurationPartsBuilder { warn("config.27", new Object[] { "uri", id }); continue; } + + + URI tslLocURI = null; + if (tslLocStr != null) { + + try + { + tslLocURI = new URI(tslLocStr); + if (!tslLocURI.isAbsolute()) { // make it absolute to the config file + tslLocURI = new URI(configRoot_.toURL() + tslLocStr); + } + } + catch (URIException e) { + warn("config.14", new Object[] { "uriTSL", id, tslLocStr }, e); + continue; + } + catch (MalformedURLException e) + { + warn("config.33", new Object[] {id}, e); + continue; + } + + File profileDirTSL = new File(tslLocURI.getPath()); + if (!profileDirTSL.exists() || !profileDirTSL.isDirectory()) { + warn("config.27", new Object[] { "uriTSL", id }); + continue; + } + } if (trustProfiles.containsKey(id)) { warn("config.04", new Object[] { "TrustProfile", id }); @@ -1004,7 +1033,10 @@ public class ConfigurationPartsBuilder { } signerCertsLocStr = (signerCertsLocURI != null) ? signerCertsLocURI.toString() : null; - TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr); + String tslLocURIString = null; + if (tslLocURI != null) + tslLocURIString = tslLocURI.toString(); + TrustProfile profile = new TrustProfile(id, trustAnchorsLocURI.toString(), signerCertsLocStr, tslLocURIString); trustProfiles.put(id, profile); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java index 85d3947aa..66c08e34e 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/TrustProfile.java @@ -28,7 +28,9 @@ public class TrustProfile { private String uri; /** The URI giving the location of the allowed signer certificates. */ private String signerCertsUri; - + /** The URI giving the location of the TSLs */ + private String uriTSL; + /** * Create a TrustProfile. * @@ -36,11 +38,13 @@ public class TrustProfile { * @param uri The URI of the TrustProfile to create. * @param signerCertsUri The URI of the location of the allowed signer * certificates of the TrustProfile to create. + * @param uriTSL The URI to the TSLs */ - public TrustProfile(String id, String uri, String signerCertsUri) { + public TrustProfile(String id, String uri, String signerCertsUri, String uriTSL) { this.id = id; this.uri = uri; this.signerCertsUri = signerCertsUri; + this.uriTSL = uriTSL; } /** @@ -70,4 +74,12 @@ public class TrustProfile { public String getSignerCertsUri() { return signerCertsUri; } + + /** + * Return the URI of the location of the TSLS + * @return The URI of the location of the TSLS + */ + public String getUriTSL() { + return uriTSL; + } } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 96c8b984e..b5c1023ab 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContentReference; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; import at.gv.egovernment.moa.spss.server.logging.IaikLog; import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; @@ -113,7 +114,11 @@ public class CMSSignatureVerificationInvoker { // get the signature signature = request.getCMSSignature(); + // get the actual trustprofile + TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); + try { + // get the signed content signedContent = getSignedContent(request); @@ -169,7 +174,7 @@ public class CMSSignatureVerificationInvoker { for (resultIter = results.iterator(); resultIter.hasNext();) { result = (CMSSignatureVerificationResult) resultIter.next(); - responseBuilder.addResult(result); + responseBuilder.addResult(result, trustProfile); } } else { int i; @@ -180,7 +185,7 @@ public class CMSSignatureVerificationInvoker { try { result = (CMSSignatureVerificationResult) results.get(signatories[i] - 1); - responseBuilder.addResult(result); + responseBuilder.addResult(result, trustProfile); } catch (IndexOutOfBoundsException e) { throw new MOAApplicationException( "2249", @@ -188,7 +193,7 @@ public class CMSSignatureVerificationInvoker { } } } - + return responseBuilder.getResponse(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 8a0b3de13..b7bdbc9b8 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -15,19 +15,25 @@ */ package at.gv.egovernment.moa.spss.server.invoke; +import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; +import iaik.server.modules.cmsverify.CertificateValidationResult; +import iaik.server.modules.xmlverify.XMLSignatureVerificationResult; + import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; - -import iaik.server.modules.cmsverify.CMSSignatureVerificationResult; -import iaik.server.modules.cmsverify.CertificateValidationResult; +import java.util.ListIterator; import at.gv.egovernment.moa.spss.MOAApplicationException; +import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElement; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; +import at.gv.egovernment.moa.spss.server.config.TrustProfile; +import at.gv.egovernment.moa.spss.util.MessageProvider; /** * A class to build a VerifyCMSSignatureResponse object. @@ -60,21 +66,24 @@ public class VerifyCMSSignatureResponseBuilder { * Add a verification result to the response. * * @param result The result to add. - * @throws MOAApplicationException An error occurred adding the result. + * @param trustprofile The actual trustprofile + * @throws MOAException */ - public void addResult(CMSSignatureVerificationResult result) - throws MOAApplicationException { + public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException { CertificateValidationResult certResult = result.getCertificateValidationResult(); int signatureCheckCode = result.getSignatureValueVerificationCode().intValue(); int certificateCheckCode = certResult.getValidationResultCode().intValue(); + VerifyCMSSignatureResponseElement responseElement; SignerInfo signerInfo; CheckResult signatureCheck; CheckResult certificateCheck; - + CheckTSLResult tslCheck; + // add SignerInfo element signerInfo = factory.createSignerInfo( @@ -88,14 +97,55 @@ public class VerifyCMSSignatureResponseBuilder { // add CertificateCheck element certificateCheck = factory.createCheckResult(certificateCheckCode, null); + + // add TSL check + tslCheck = validateTSL(result, trustProfile); + // build the response element responseElement = factory.createVerifyCMSSignatureResponseElement( signerInfo, signatureCheck, - certificateCheck); + certificateCheck, + tslCheck); responseElements.add(responseElement); } + + /** + * Checks the certificate chain against the given (in the provided trustProfile) TSLs + * + * @param result The result produced by the XMLSignatureVerificationModule. + * + * @param trustProfile The trust profile the signer certificate is validated against. + * + * @return The overal result of the TSL validation. + * + * @throws MOAException + */ + private CheckTSLResult validateTSL(CMSSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException +{ + MessageProvider msg = MessageProvider.getInstance(); + //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()}); + + // TODO KS: TSL initialisieren, TSL abfrage mit chain + + List chain = result.getCertificateValidationResult().getCertificateChain(); + String uriTSL = trustProfile.getUriTSL(); + //System.out.println("Size: " + chain.size()); + ListIterator it = chain.listIterator(); + while(it.hasNext()) { + X509Certificate cert = (X509Certificate) it.next(); + //System.out.println(cert.getSubjectDN()); + } + //System.out.println("URL-TSL: " + uriTSL); + + int resultCode = 0; + String resultInfo = msg.getMessage("tsl.00", null); + + SPSSFactory factory = SPSSFactory.getInstance(); + return factory.createCheckTSLResult(resultCode, resultInfo); +} } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 1250fcad5..68ba4ad7e 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -42,6 +42,7 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.InputData; import at.gv.egovernment.moa.spss.api.common.SignerInfo; @@ -86,6 +87,9 @@ public class VerifyXMLSignatureResponseBuilder { private List xmlDsigManifestChecks; /** The result of the certificate check. */ private CheckResult certificateCheck; + /** The result of the TSL check. */ + private CheckTSLResult tslCheck; + /** * Get the VerifyMLSignatureResponse built so far. @@ -100,7 +104,8 @@ public class VerifyXMLSignatureResponseBuilder { signatureCheck, signatureManifestCheck, xmlDsigManifestChecks, - certificateCheck); + certificateCheck, + tslCheck); } /** @@ -113,14 +118,16 @@ public class VerifyXMLSignatureResponseBuilder { * @param profile The profile used for verifying the signature. * @param transformsSignatureManifestCheck The overall result for the signature * manifest check. - * @param certificateCheck The overall result for the certificate check. + * @param certificateCheck The overall result for the certificate check. + * @param tslCheck The result of the TSL check * @throws MOAApplicationException An error occurred adding the result. */ public void setResult( XMLSignatureVerificationResult result, XMLSignatureVerificationProfile profile, ReferencesCheckResult transformsSignatureManifestCheck, - CheckResult certificateCheck) + CheckResult certificateCheck, + CheckTSLResult tslCheck) throws MOAApplicationException { CertificateValidationResult certResult = @@ -284,6 +291,10 @@ public class VerifyXMLSignatureResponseBuilder { // create the certificate check this.certificateCheck = certificateCheck; + + // create the tsl check + this.tslCheck = tslCheck; + } /** diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index f08588ecb..765a48e79 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -43,6 +43,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.List; +import java.util.ListIterator; import java.util.Map; import java.util.Set; @@ -58,6 +59,7 @@ import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.MOASystemException; import at.gv.egovernment.moa.spss.api.SPSSFactory; import at.gv.egovernment.moa.spss.api.common.CheckResult; +import at.gv.egovernment.moa.spss.api.common.CheckTSLResult; import at.gv.egovernment.moa.spss.api.common.XMLDataObjectAssociation; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; import at.gv.egovernment.moa.spss.api.xmlverify.ReferencesCheckResult; @@ -225,6 +227,7 @@ public class XMLSignatureVerificationInvoker { signatureEnvironmentParent.appendChild(signatureEnvironment.getElement()); } + // check the result signatureManifestCheck = validateSignatureManifest(request, result, profile); @@ -233,8 +236,11 @@ public class XMLSignatureVerificationInvoker { TrustProfile trustProfile = context.getConfiguration().getTrustProfile(request.getTrustProfileId()); CheckResult certificateCheck = validateSignerCertificate(result, trustProfile); + // Check the TSL result + CheckTSLResult tslCheck = validateTSL(result, trustProfile); + // build the response - responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck); + responseBuilder.setResult(result, profile, signatureManifestCheck, certificateCheck, tslCheck); return responseBuilder.getResponse(); } @@ -318,6 +324,42 @@ public class XMLSignatureVerificationInvoker { SPSSFactory factory = SPSSFactory.getInstance(); return factory.createCheckResult(resultCode, null); } + + /** + * Checks the certificate chain against the given (in the provided trustProfile) TSLs + * + * @param result The result produced by the XMLSignatureVerificationModule. + * + * @param trustProfile The trust profile the signer certificate is validated against. + * + * @return The overal result of the TSL validation. + * + * @throws MOAException + */ + private CheckTSLResult validateTSL(XMLSignatureVerificationResult result, TrustProfile trustProfile) + throws MOAException +{ + MessageProvider msg = MessageProvider.getInstance(); + //String logMsg = msg.getMessage("tsl.00", new Object[]{trustProfile.getId(), files[i].getName()}); + + // TODO KS: TSL initialisieren, TSL abfrage mit chain + + List chain = result.getCertificateValidationResult().getCertificateChain(); + String uriTSL = trustProfile.getUriTSL(); + //System.out.println("Size: " + chain.size()); + ListIterator it = chain.listIterator(); + while(it.hasNext()) { + X509Certificate cert = (X509Certificate) it.next(); + //System.out.println(cert.getSubjectDN()); + } + //System.out.println("URL-TSL: " + uriTSL); + + int resultCode = 0; + String resultInfo = msg.getMessage("tsl.00", null); + + SPSSFactory factory = SPSSFactory.getInstance(); + return factory.createCheckTSLResult(resultCode, resultInfo); +} /** * Select the dsig:Signature DOM element within the signature diff --git a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties index 9b896c059..4c9d11f63 100644 --- a/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties +++ b/spss/server/serverlib/src/main/resources/resources/properties/spss_messages_de.properties @@ -134,7 +134,7 @@ config.28=Einen detaillierten Fehlerbericht entnehmen Sie bitte der Log-Datei. config.29=Es sind folgende leichte Fehler aufgetreten: config.31=Fehler in der Konfiguration der KeyGroup mit id={0}: Der Schlüssel im KeyModule id={1} mit IssuerName={2} und SerialNumber={3} konnte nicht geladen werden config.32=Fehler in der Konfiguration: Verzeichnisangabe für den Zertifikatsspeicher ist ungültig ({0}). - +config.33=Fehler beim Erstellen des TrustProfile id={0}: Name des TSL-Verzeichnisses konnte nicht in eine URL umgewandet werden handler.00=Starte neue Transaktion: TID={0}, Service={1} handler.01=Aufruf von Adresse={0} @@ -149,3 +149,5 @@ invoker.00=Das Signature Environment konnte nicht validierend geparst werden invoker.01=Keine passende Transformationskette gefunden (Index={0}) invoker.02=Der Hashwert der Transformation stimmt nicht überein (Index={0}) invoker.03=Signatorzertifikat aus Trustprofile mit id={0} konnte nicht geparst werden (Dateiname={1}) + +tsl.00 = Das Zertifikat konnte erfolgreich gegen die TSL verifiziert werden \ No newline at end of file diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component index c83fdc828..f859c643a 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component @@ -1,14 +1,14 @@ - - - - - - uses - - - uses - - - - - + + + + + + uses + + + uses + + + + + diff --git a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl index c5cd8fc0f..68c3d0ebd 100644 --- a/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl +++ b/spss/server/serverws/resources/wsdl/MOA-SPSS-1.3.wsdl @@ -3,7 +3,7 @@ Web Service Description for MOA SP/SS 1.4 --> - + -- cgit v1.2.3