fix(core): wrong selection of RSASSA-PSS in case of XML signatures

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2025-09-19 12:07:10 +0200
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2025-09-19 12:07:10 +0200
commit: 5ab9024ebfdab0039488a471ab04bc94b604b771 (patch)
tree: 3ad440c5eee217df8b742c7f6819fc9cd97546b6
parent: 3776bd908568cf4612fa80e1ab4b576a2585fbf7 (diff)
download: moa-sig-5ab9024ebfdab0039488a471ab04bc94b604b771.tar.gz
moa-sig-5ab9024ebfdab0039488a471ab04bc94b604b771.tar.bz2
moa-sig-5ab9024ebfdab0039488a471ab04bc94b604b771.zip
2 files changed, 26 insertions, 4 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 76814a4..b0fea7f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
 import java.util.List;
 import java.util.Set;
 
+import org.apache.commons.lang3.StringUtils;
+
 import at.gv.egovernment.moa.spss.server.logging.TransactionId;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
 import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -163,6 +165,14 @@ public class XMLSignatureCreationProfileImpl
   @Override
   public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
       throws AlgorithmUnavailableException {
+    String sigAlgIdentifier = getInternalSignatureAlgorithmName(selectedKeyID);
+    Logger.debug("Selected SignatureAlgorithmIdentifier: " + sigAlgIdentifier);
+    return sigAlgIdentifier;
+
+  }
+
+  private String getInternalSignatureAlgorithmName(KeyEntryID selectedKeyID)
+      throws AlgorithmUnavailableException {
 
     final TransactionContext context =
         TransactionContextManager.getInstance().getTransactionContext();
@@ -178,14 +188,16 @@ public class XMLSignatureCreationProfileImpl
           e,
           null);
     }
+    Logger.trace("RSASSA-PSS: " + rsaSsaPss + " XAdESDigistAlg: " + digestMethodXAdES142
+        + " Algorithms: " + StringUtils.join(algorithms, ","));
 
     // TODO: maybe add support for parameterized RSASSA-PSS
-
     if (digestMethodXAdES142 == null) {
       // XAdES 1.4.2 not enabled - legacy MOA
-      if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)
-          || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)
-          || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+      if (rsaSsaPss
+          && (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)
+              || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)
+              || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1))) {
         return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
 
       } else if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
@@ -198,10 +210,13 @@ public class XMLSignatureCreationProfileImpl
           || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
 
         return SignatureAlgorithms.SHA256_WITH_RSA;
+
       } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
         return SignatureAlgorithms.ECDSA;
+
       } else if (algorithms.contains(SignatureAlgorithms.DSA)) {
         return SignatureAlgorithms.DSA;
+
       } else {
         throw new AlgorithmUnavailableException(
             "No algorithm for key entry: " + selectedKeyID,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index 7585ac7..46c4983 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -266,6 +266,13 @@ public class XMLSignatureCreationProfileFactory {
       throws MOASystemException {
     final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass();
     final boolean configUseRsaSsaPss = config.isUseRsaSsaPss();
+
+    Logger.trace("Config using RSASSA-PSS. KeyStore: "
+        + useRsaSsaPssKg != null
+            ? useRsaSsaPssKg
+            : "NOT-DEFINED"
+                + " Default: " + config);
+
     return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss;
 
   }
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2025-09-19 12:07:10 +0200
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2025-09-19 12:07:10 +0200
commit	5ab9024ebfdab0039488a471ab04bc94b604b771 (patch)
tree	3ad440c5eee217df8b742c7f6819fc9cd97546b6
parent	3776bd908568cf4612fa80e1ab4b576a2585fbf7 (diff)
download	moa-sig-5ab9024ebfdab0039488a471ab04bc94b604b771.tar.gz moa-sig-5ab9024ebfdab0039488a471ab04bc94b604b771.tar.bz2 moa-sig-5ab9024ebfdab0039488a471ab04bc94b604b771.zip