diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2016-12-20 17:00:45 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2016-12-20 17:00:45 +0100 |
commit | aabb36836ebfca9fe8cdc70dff13c0be7e5e761c (patch) | |
tree | 79b1f6706f0f51fc9e8f0948268e254ddb63de49 | |
parent | f51caf2aafe4a5bdc4383d08f74036f6be3cc31b (diff) | |
download | moa-sig-aabb36836ebfca9fe8cdc70dff13c0be7e5e761c.tar.gz moa-sig-aabb36836ebfca9fe8cdc70dff13c0be7e5e761c.tar.bz2 moa-sig-aabb36836ebfca9fe8cdc70dff13c0be7e5e761c.zip |
add next missing parts for new TSL lib
5 files changed, 370 insertions, 6 deletions
diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd new file mode 100644 index 0000000..716f9d4 --- /dev/null +++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd @@ -0,0 +1,358 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + MOA SP/SS 1.5.1 Configuration Schema +--> +<xs:schema xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified"> + <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/> + <xs:element name="MOAConfiguration"> + <xs:complexType> + <xs:sequence> + <xs:element name="Common" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="Name" type="xs:string"/> + <xs:element name="SlotId" type="xs:string" minOccurs="0"/> + <xs:element name="UserPIN" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="PDFASConfig" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="AdESFormResult" type="xs:boolean" minOccurs="0" maxOccurs="1"/> + <xs:choice> + <xs:element name="PermitExternalUris" minOccurs="0"> + <xs:complexType> + <xs:sequence minOccurs="0"> + <xs:element name="BlackListUri" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="IP" type="xs:string"/> + <xs:element name="Port" type="xs:int" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="ForbidExternalUris" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element name="WhiteListUri" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="IP" type="xs:string"/> + <xs:element name="Port" type="xs:int" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:choice> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="SignatureCreation" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element name="KeyModules"> + <xs:complexType> + <xs:choice maxOccurs="unbounded"> + <xs:element name="HardwareKeyModule"> + <xs:complexType> + <xs:sequence> + <xs:element name="Id" type="xs:token"/> + <xs:element name="Name" type="xs:string"/> + <xs:element name="SlotId" type="xs:string" minOccurs="0"/> + <xs:element name="UserPIN" type="xs:string"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="SoftwareKeyModule"> + <xs:complexType> + <xs:sequence> + <xs:element name="Id" type="xs:token"/> + <xs:element name="FileName" type="xs:string"/> + <xs:element name="Password" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:choice> + </xs:complexType> + </xs:element> + <xs:element name="KeyGroup" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="Id" type="xs:token"/> + <xs:sequence maxOccurs="unbounded"> + <xs:element name="Key"> + <xs:complexType> + <xs:sequence> + <xs:element name="KeyModuleId" type="xs:token"/> + <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + <xs:element name="DigestMethodAlgorithm" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="KeyGroupMapping" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/> + <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="XMLDSig"> + <xs:complexType> + <xs:sequence> + <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/> + <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="XAdES" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element name="Version"> + <xs:simpleType> + <xs:restriction base="xs:token"> + <xs:enumeration value="1.4.2"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="SignatureVerification" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element name="CertificateValidation"> + <xs:complexType> + <xs:sequence> + <xs:element name="ReadTimeout" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="PathConstruction"> + <xs:complexType> + <xs:sequence> + <xs:element name="AutoAddCertificates" type="xs:boolean"/> + <xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/> + <xs:element name="CertificateStore"> + <xs:complexType> + <xs:choice> + <xs:element name="DirectoryStore"> + <xs:complexType> + <xs:sequence> + <xs:element name="Location" type="xs:token"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:choice> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="PathValidation"> + <xs:complexType> + <xs:sequence> + <xs:element name="ChainingMode"> + <xs:complexType> + <xs:sequence> + <xs:element name="DefaultMode" type="config:ChainingModeType"/> + <xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="Identification" type="dsig:X509IssuerSerialType"/> + <xs:element name="Mode" type="config:ChainingModeType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="TrustProfile" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="Id" type="xs:token"/> + <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/> + <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/> + <xs:element name="EUTSL" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element name="CountrySelection" type="xs:string" minOccurs="0"/> + <xs:element name="AllowedTSPStatus" type="xs:string" minOccurs="0"/> + <xs:element name="AllowedTSPServiceTypes" type="xs:string" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <!-- + <xs:element name="TSLTrustProfile"> + <xs:complexType> + <xs:sequence> + <xs:element name="Id" type="xs:token"/> + <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/> + <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/> + <xs:element name="EUTSL" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element name="CountrySelection" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + --> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="RevocationChecking"> + <xs:complexType> + <xs:sequence> + <xs:element name="EnableChecking" type="xs:boolean"/> + <xs:element name="MaxRevocationAge" type="xs:integer"/> + <xs:element name="ServiceOrder" minOccurs="0"> + <xs:complexType> + <xs:sequence maxOccurs="2"> + <xs:element name="Service"> + <xs:simpleType> + <xs:restriction base="xs:token"> + <xs:enumeration value="OCSP"/> + <xs:enumeration value="CRL"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="Archiving"> + <xs:complexType> + <xs:sequence> + <xs:element name="EnableArchiving" type="xs:boolean"/> + <xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/> + <xs:element name="Archive" minOccurs="0"> + <xs:complexType> + <xs:choice> + <xs:element name="DatabaseArchive"> + <xs:complexType> + <xs:sequence> + <xs:element name="JDBCURL" type="xs:anyURI"/> + <xs:element name="JDBCDriverClassName" type="xs:token"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:choice> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded"> + <xs:complexType> + <xs:sequence> + <xs:element name="CAIssuerDN" type="xs:token"/> + <xs:choice maxOccurs="unbounded"> + <xs:element name="CRLDP"> + <xs:complexType> + <xs:sequence> + <xs:element name="Location" type="xs:anyURI"/> + <xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded"> + <xs:simpleType> + <xs:restriction base="xs:token"> + <xs:enumeration value="unused"/> + <xs:enumeration value="keyCompromise"/> + <xs:enumeration value="cACompromise"/> + <xs:enumeration value="affiliationChanged"/> + <xs:enumeration value="superseded"/> + <xs:enumeration value="cessationOfOperation"/> + <xs:enumeration value="certificateHold"/> + <xs:enumeration value="privilegeWithdrawn"/> + <xs:enumeration value="aACompromise"/> + </xs:restriction> + </xs:simpleType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="OCSPDP"> + <xs:complexType> + <xs:sequence> + <xs:element name="Location" type="xs:anyURI"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:choice> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="CrlRetentionIntervals" minOccurs="0"> + <xs:complexType> + <xs:sequence maxOccurs="unbounded"> + <xs:element name="CA"> + <xs:complexType> + <xs:sequence> + <xs:element name="X509IssuerName" type="xs:string"/> + <xs:element name="Interval" type="xs:integer"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="TSLConfiguration" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element name="EUTSLUrl" type="xs:anyURI" minOccurs="0"/> + <xs:element name="UpdateSchedule" minOccurs="0"> + <xs:complexType> + <xs:sequence> + <xs:element name="StartTime" type="xs:time"/> + <xs:element name="Period" type="xs:unsignedLong"/> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="WorkingDirectory" type="xs:anyURI" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:simpleType name="ChainingModeType"> + <xs:restriction base="xs:string"> + <xs:enumeration value="chaining"/> + <xs:enumeration value="pkix"/> + </xs:restriction> + </xs:simpleType> + <xs:complexType name="ProfileType"> + <xs:sequence> + <xs:element name="Id" type="xs:token"/> + <xs:element name="Location" type="xs:anyURI"/> + </xs:sequence> + </xs:complexType> +</xs:schema> diff --git a/moaSig/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml b/moaSig/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml index 8d7541b..2a8cdd0 100644 --- a/moaSig/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml +++ b/moaSig/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml @@ -25,6 +25,8 @@ <!-- </cfg:Common>-->
<cfg:SignatureVerification>
<cfg:CertificateValidation>
+ <!-- ReadTimeout in seconds-->
+ <cfg:ReadTimeout>30</cfg:ReadTimeout>
<cfg:PathConstruction>
<cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
<cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
@@ -49,7 +51,9 @@ <cfg:EUTSL>
<!-- Optional kann eine Länderliste mit zweistelligen Länderkürzeln angegeben werden (d.h. nur die -->
<!-- Vertrauensanker der angegeben Länder werden importiert) -->
- <!--<cfg:CountrySelection>AT,BE</cfg:CountrySelection>-->
+ <cfg:CountrySelection>AT,BE</cfg:CountrySelection>
+ <cfg:AllowedTSPStatus></cfg:AllowedTSPStatus>
+ <cfg:AllowedTSPServiceTypes></cfg:AllowedTSPServiceTypes>
</cfg:EUTSL>
</cfg:TrustProfile>
</cfg:PathValidation>
diff --git a/moaSig/libs/iaik_tsl-1.1.jar b/moaSig/libs/iaik_tsl-1.1.jar Binary files differdeleted file mode 100644 index 82d84ba..0000000 --- a/moaSig/libs/iaik_tsl-1.1.jar +++ /dev/null diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index e134d57..6c826ad 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -31,7 +31,6 @@ import iaik.pki.revocation.RevocationSourceTypes; import iaik.server.modules.xml.BlackListEntry; import iaik.server.modules.xml.ExternalReferenceChecker; import iaik.server.modules.xml.WhiteListEntry; -import iaik.util.logging.Log; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; import iaik.xml.crypto.utils.URI; @@ -433,7 +432,7 @@ public class ConfigurationPartsBuilder { try { defaultConnectionTimeout = Integer.parseInt(connectionTimeout); } catch(NumberFormatException e) { - Log.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); + Logger.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); } } @@ -453,7 +452,7 @@ public class ConfigurationPartsBuilder { try { defaultConnectionTimeout = Integer.parseInt(connectionTimeout); } catch(NumberFormatException e) { - Log.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); + Logger.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30"); } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 789336e..d8ebd85 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -46,6 +46,7 @@ import at.gv.egovernment.moa.spss.api.common.Content; import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; import at.gv.egovernment.moa.spss.api.common.InputData; import at.gv.egovernment.moa.spss.api.common.SignerInfo; +import at.gv.egovernment.moa.spss.api.common.TslInfos; import at.gv.egovernment.moa.spss.api.impl.InputDataBinaryImpl; import at.gv.egovernment.moa.spss.api.impl.InputDataXMLImpl; import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo; @@ -160,7 +161,8 @@ public class VerifyXMLSignatureResponseBuilder { boolean checkSSCD, boolean sscdSourceTSL, boolean isTSLEnabledTrustprofile, - String issuerCountryCode) + String issuerCountryCode, + TslInfos tslInfos) throws MOAApplicationException { CertificateValidationResult certResult = @@ -187,7 +189,8 @@ public class VerifyXMLSignatureResponseBuilder { checkSSCD, sscdSourceTSL, issuerCountryCode, - result.getSigningTime()); + result.getSigningTime(), + tslInfos); // Create HashInputData Content objects referenceDataList = result.getReferenceDataList(); |