aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@a-sit.at>2025-09-19 11:30:49 +0000
committerThomas Lenz <thomas.lenz@a-sit.at>2025-09-19 11:30:49 +0000
commit5e05df3b79c3f8d830a6aeac1fdab5a3cf2c851c (patch)
tree3cd3b82ea217505af7cdad19df9e3b96e670fdf2
parent84932695ecb558dcb11a4b8f0c16ff8603edcf20 (diff)
parent63f5b1ebefb493337a0a82825b70fcffeedbae61 (diff)
downloadmoa-sig-5e05df3b79c3f8d830a6aeac1fdab5a3cf2c851c.tar.gz
moa-sig-5e05df3b79c3f8d830a6aeac1fdab5a3cf2c851c.tar.bz2
moa-sig-5e05df3b79c3f8d830a6aeac1fdab5a3cf2c851c.zip
Merge branch 'feature/java_17' into 'nightlybuild'
Feature/java 17 See merge request egiz/moa-sig!2
Diffstat
-rw-r--r--.gitlab-ci.yml13
-rw-r--r--moaSig/build.gradle174
-rw-r--r--moaSig/common/build.gradle47
-rw-r--r--moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java1
-rw-r--r--moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java20
-rw-r--r--moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java2
-rw-r--r--moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java4
-rw-r--r--moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java4
-rw-r--r--moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.2.0.xsd6
-rw-r--r--moaSig/gradle/wrapper/gradle-wrapper.jarbin55627 -> 43764 bytes
-rw-r--r--moaSig/gradle/wrapper/gradle-wrapper.properties6
-rwxr-xr-xmoaSig/gradlew305
-rw-r--r--moaSig/gradlew.bat80
-rw-r--r--moaSig/libs/iaik_cms-6.0_moa.jarbin501606 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_cms-6.1_moa.jarbin0 -> 413434 bytes
-rw-r--r--moaSig/libs/iaik_cpades-2.4_moa.jarbin130134 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_cpades_2.5_moa.jarbin0 -> 197841 bytes
-rw-r--r--moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar (renamed from moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar)bin139388 -> 139405 bytes
-rw-r--r--moaSig/libs/iaik_eccelerate-6.3.0_eval.jarbin807993 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_eccelerate-6.3.2_eval.jarbin0 -> 806569 bytes
-rw-r--r--moaSig/libs/iaik_eccelerate_addon-6.3.0_eval.jarbin98152 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_eccelerate_addon-6.3.2_eval.jarbin0 -> 96721 bytes
-rw-r--r--moaSig/libs/iaik_moa-2.09.jarbin530620 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_moa-2.10.jarbin0 -> 535931 bytes
-rw-r--r--moaSig/libs/iaik_pki_module-2.04_moa.jar (renamed from moaSig/libs/iaik_pki_module-2.03_moa.jar)bin629542 -> 632493 bytes
-rw-r--r--moaSig/libs/iaik_sva-1.2.0.jarbin157685 -> 0 bytes
-rw-r--r--moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jarbin0 -> 178199 bytes
-rw-r--r--moaSig/moa-asic/build.gradle97
-rw-r--r--moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java3
-rw-r--r--moaSig/moa-sig-lib/build.gradle85
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java13
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java19
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java33
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java64
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java14
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java32
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java162
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java1
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java4
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java7
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java51
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java14
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java18
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java14
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java31
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java19
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java65
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java5
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java10
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java2
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java4
-rw-r--r--moaSig/moa-sig/build.gradle151
-rw-r--r--moaSig/moa-sig/libs/activation-1.1.jarbin62983 -> 0 bytes
-rw-r--r--moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jarbin1096138 -> 0 bytes
-rw-r--r--moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jarbin0 -> 1045637 bytes
-rw-r--r--moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jarbin0 -> 66514 bytes
-rw-r--r--moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jarbin0 -> 236454 bytes
-rw-r--r--moaSig/moa-sig/libs/mail-1.4.jarbin388826 -> 0 bytes
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java52
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java13
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java17
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java4
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java11
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java49
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java41
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java8
-rw-r--r--moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java6
-rw-r--r--moaSig/moa-sig/src/main/resources/logback.xml4
-rw-r--r--moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java29
-rw-r--r--moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java4
-rw-r--r--moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java97
-rw-r--r--moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java44
-rw-r--r--release-infos/endorsed_libs/serializer-2.7.1.jarbin278281 -> 0 bytes
-rw-r--r--release-infos/endorsed_libs/xalan-2.7.1.jarbin3176148 -> 0 bytes
-rw-r--r--release-infos/endorsed_libs/xercesImpl-2.12.2.jarbin1446149 -> 0 bytes
-rw-r--r--release-infos/endorsed_libs/xml-apis-1.4.01.jarbin220536 -> 0 bytes
-rw-r--r--release-infos/ext_libs/iaikPkcs11Wrapper.jarbin1503554 -> 0 bytes
-rw-r--r--release-infos/ext_libs/iaik_Pkcs11Provider.jar (renamed from release-infos/ext_libs/iaikPkcs11Provider.jar)bin528244 -> 528244 bytes
-rw-r--r--release-infos/ext_libs/iaik_Pkcs11Wrapper.jarbin0 -> 1931617 bytes
-rw-r--r--release-infos/handbook/conf/moa-spss/spss.config.xml3
-rw-r--r--release-infos/pkcs11/pkcs11-natives.zipbin0 -> 291568 bytes
-rwxr-xr-xrelease-infos/pkcs11/unix/linux-x86/debug/libpkcs11wrapper.sobin382140 -> 0 bytes
-rwxr-xr-xrelease-infos/pkcs11/unix/linux-x86/release/libpkcs11wrapper.sobin187060 -> 0 bytes
-rwxr-xr-xrelease-infos/pkcs11/unix/linux-x86_64/debug/libpkcs11wrapper.sobin410952 -> 0 bytes
-rwxr-xr-xrelease-infos/pkcs11/unix/linux-x86_64/release/libpkcs11wrapper.sobin207520 -> 0 bytes
-rwxr-xr-xrelease-infos/pkcs11/unix/macosx_universal/debug/libpkcs11wrapper.jnilibbin603957 -> 0 bytes
-rwxr-xr-xrelease-infos/pkcs11/unix/macosx_universal/release/libpkcs11wrapper.jnilibbin455621 -> 0 bytes
-rwxr-xr-xrelease-infos/pkcs11/windows/win-x86/debug/pkcs11wrapper.dllbin613038 -> 0 bytes
-rwxr-xr-xrelease-infos/pkcs11/windows/win-x86/release/pkcs11wrapper.dllbin251488 -> 0 bytes
-rwxr-xr-xrelease-infos/pkcs11/windows/win-x86_64/debug/pkcs11wrapper.dllbin656400 -> 0 bytes
-rwxr-xr-xrelease-infos/pkcs11/windows/win-x86_64/release/pkcs11wrapper.dllbin262536 -> 0 bytes
97 files changed, 1189 insertions, 785 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8f8638e..8637b6a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: gradle:6.8.3-jdk11
+image: gradle:8.14.2-jdk17
variables:
LC_ALL: "en_US.UTF-8"
@@ -18,11 +18,11 @@ include:
## skip jUnit tests in Test jobs to speed-up build time
dependency_scanning:
variables:
- DS_JAVA_VERSION: 11
+ DS_JAVA_VERSION: 17
spotbugs-sast:
variables:
- SAST_JAVA_VERSION: 11
+ SAST_JAVA_VERSION: 17
default:
@@ -63,11 +63,12 @@ release_packaging:
- tags
before_script:
- mkdir -p ~/.ssh
- - ssh-keyscan apps.egiz.gv.at >> ~/.ssh/known_hosts
- - chmod 644 ~/.ssh/known_hosts
+ #- ssh-keyscan apps.egiz.gv.at >> ~/.ssh/known_hosts
+ - echo $DEPLOY_EGIZ >> ~/.ssh/known_hosts
+ - chmod 644 ~/.ssh/known_hosts
script: |
cd ./moaSig
- ./gradlew assemble uploadArchives
+ ./gradlew assemble publish
artifacts:
when: always
name: "${CI_PROJECT_NAME}-${CI_COMMIT_SHORT_SHA}"
diff --git a/moaSig/build.gradle b/moaSig/build.gradle
index 79cda52..cb65eac 100644
--- a/moaSig/build.gradle
+++ b/moaSig/build.gradle
@@ -1,98 +1,110 @@
-buildscript {
- repositories {
- maven {
- url "https://plugins.gradle.org/m2/"
+plugins {
+ id 'java-library'
+ id 'eclipse'
+ id 'maven-publish'
+}
+
+allprojects {
+ version = '3.2.5-SNAPSHOT'
+
+ repositories {
+ mavenLocal()
+ mavenCentral()
+ maven {
+ url = uri("https://apps.egiz.gv.at/maven/")
+ mavenContent {
+ releasesOnly()
+ }
+ }
+ maven {
+ url = uri("https://apps.egiz.gv.at/maven-snapshot/")
+ mavenContent {
+ snapshotsOnly()
+ }
+ }
}
- }
- dependencies {
- classpath "com.bmuschko:gradle-tomcat-plugin:2.2.4"
- }
+}
+
+configurations.all {
+ exclude group: 'xml-apis', module: 'xml-apis'
}
subprojects {
apply plugin: 'java-library'
apply plugin: 'eclipse'
apply plugin: 'maven-publish'
- apply plugin: 'maven'
- version = '3.2.5-SNAPSHOT'
-
- repositories {
- mavenCentral()
-
- maven {
- url "https://apps.egiz.gv.at/maven/"
- mavenContent {
- releasesOnly()
- }
- }
- maven {
- url "https://apps.egiz.gv.at/maven-snapshot/"
- mavenContent {
- snapshotsOnly()
- }
- }
-
- }
-
dependencies {
+ implementation 'org.projectlombok:lombok:1.18.38'
testImplementation 'junit:junit:4.13.2'
}
-
- jar { manifest.attributes provider: 'EGIZ', 'Specification-Version': getCheckedOutGitCommitHash(), 'Implementation-Version': project.version }
- compileJava {
- sourceCompatibility = 1.8
- targetCompatibility = 1.8
- }
+ java {
+ toolchain {
+ languageVersion = JavaLanguageVersion.of(17)
+ }
+ withJavadocJar()
+ withSourcesJar()
+ }
+
+ tasks.withType(JavaCompile).configureEach {
+ options.compilerArgs << '-Xlint:-options'
+ }
+
+ tasks.withType(Javadoc).configureEach {
+ failOnError = false
+ options.addStringOption('Xdoclint:none', '-quiet')
+ }
- tasks.withType(JavaCompile) {
- options.compilerArgs << '-Xlint:-options'
- }
-
- publishing {
- publications {
- mavenJava(MavenPublication) {
- from components.java
- // more goes in here
- }
- }
- repositories {
- maven {
- // change to point to your repo, e.g. http://my.org/repo
- url = "$buildDir/repo"
- }
- mavenLocal()
- }
+ tasks.withType(Test).configureEach {
+ failOnNoDiscoveredTests = false;
}
-
- task deployJar(type: Jar)
- configurations {
- deployerJars
-
- }
-
- dependencies {
- deployerJars "org.apache.maven.wagon:wagon-ssh:3.4.3"
-
- }
+ jar {
+ manifest {
+ attributes(
+ provider: 'EGIZ',
+ 'Specification-Version': getCheckedOutGitCommitHash(),
+ 'Implementation-Version': project.version
+ )
+ }
+ }
- uploadArchives {
- repositories.mavenDeployer {
- configuration = configurations.deployerJars
- repository(url: "sftp://apps.egiz.gv.at/maven") {
- authentication(userName: System.getenv("EGIZ_MAVEN_USER"), password: System.getenv("EGIZ_MAVEN_PASSWORD"))
-
- }
- snapshotRepository(url: "sftp://apps.egiz.gv.at/maven-snapshot") {
- authentication(userName: System.getenv("EGIZ_MAVEN_USER"), password: System.getenv("EGIZ_MAVEN_PASSWORD"))
-
- }
- }
- }
-
-
+ publishing {
+ publications {
+ mavenJava(MavenPublication) {
+ from components.java
+ }
+ }
+ repositories {
+ maven {
+ url = uri("$buildDir/repo")
+ }
+ mavenLocal()
+ maven {
+ name = "egizReleases"
+ url = "sftp://apps.egiz.gv.at:22/maven"
+ credentials {
+ //username = System.getenv("EGIZ_MAVEN_USER")
+ //password = System.getenv("EGIZ_MAVEN_PASSWORD")
+ username = "appsegiz"
+ password = "dechof5air5Ix2thoh2e"
+ }
+ allowInsecureProtocol = true
+ }
+ maven {
+ name = "egizSnapshots"
+ url = "sftp://apps.egiz.gv.at:22/maven-snapshot"
+ credentials {
+ //username = System.getenv("EGIZ_MAVEN_USER")
+ //password = System.getenv("EGIZ_MAVEN_PASSWORD")
+ username = "appsegiz"
+ password = "dechof5air5Ix2thoh2e"
+ }
+ allowInsecureProtocol = true
+ }
+ }
+ }
}
def getCheckedOutGitCommitHash() {
@@ -100,7 +112,7 @@ def getCheckedOutGitCommitHash() {
def takeFromHash = 40
def head = new File(gitFolder + "HEAD").text.split(":")
def isCommit = head.length == 1
- if(isCommit) return head[0].trim().take(takeFromHash)
+ if (isCommit) return head[0].trim().take(takeFromHash)
def refHead = new File(gitFolder + head[1].trim())
- refHead.text.trim().take takeFromHash
+ refHead.text.trim().take(takeFromHash)
}
diff --git a/moaSig/common/build.gradle b/moaSig/common/build.gradle
index 5f12e76..79f1b02 100644
--- a/moaSig/common/build.gradle
+++ b/moaSig/common/build.gradle
@@ -1,24 +1,45 @@
+plugins {
+ id 'java-library'
+}
+
dependencies {
- implementation files('../libs/iaik_jce_full_signed-6.1_moa.jar')
- api 'org.slf4j:slf4j-api:1.7.36'
- api 'xerces:xercesImpl:2.12.2'
- api 'xalan:xalan:2.7.1'
- api group: 'xalan', name: 'serializer', version: '2.7.1'
- api 'joda-time:joda-time:2.12.7'
- api 'jaxen:jaxen:1.2.0'
+ implementation files('../libs/iaik_jce_full_signed-6.1_moa.jar')
+
+ api 'org.slf4j:slf4j-api:2.0.17'
+
+ api(group: 'xerces', name: 'xercesImpl', version: '2.12.2') {
+ exclude group: 'xml-apis', module: 'xml-apis'
+ }
+
+ api(group: 'xalan', name: 'xalan', version: '2.7.1') {
+ exclude group: 'xml-apis', module: 'xml-apis'
+ }
+
+ api(group: 'xalan', name: 'serializer', version: '2.7.1') {
+ exclude group: 'xml-apis', module: 'xml-apis'
+ }
+
+ api 'joda-time:joda-time:2.14.0'
+ api 'jaxen:jaxen:2.0.0'
}
-task testJar(type: Jar, dependsOn: testClasses) {
+
+java {
+ sourceCompatibility = JavaVersion.VERSION_17
+ targetCompatibility = JavaVersion.VERSION_17
+ withJavadocJar()
+ withSourcesJar()
+}
+
+tasks.register('testJar', Jar) {
+ archiveClassifier.set('tests')
from sourceSets.test.output
- classifier = 'tests'
}
configurations {
- testArtifacts.extendsFrom testCompile
+ testArtifacts
}
artifacts {
- testArtifacts testJar
- //archives testJar
+ testArtifacts(tasks.named('testJar'))
}
-
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java
index 2c9b4c0..a95ee5b 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java
@@ -46,6 +46,7 @@ public class Base64Utils {
* @param base64String The <code>String</code> containing the Base64
* encoded bytes.
* @param ignoreInvalidChars Whether to ignore invalid Base64 characters.
+ * @param encoding Char encoding that should be used
* @return byte[] The raw bytes contained in the <code>base64String</code>.
* @throws IOException Failed to read the Base64 data.
*/
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java
index 2f96196..86d2e54 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java
@@ -315,26 +315,6 @@ public class DOMUtils {
*
* @param inputStream The <code>InputStream</code>
* containing the XML document.
- * @param validating If <code>true</code>, parse
- * validating.
- * @param externalSchemaLocations A <code>String</code> containing
- * namespace URI to schema location
- * pairs, the same way it is accepted
- * by the <code>xsi:
- * schemaLocation</code> attribute.
- * @param externalNoNamespaceSchemaLocation The schema location of the schema
- * for elements without a namespace,
- * the same way it is accepted by the
- * <code>xsi:noNamespaceSchemaLocation</code>
- * attribute.
- * @param entityResolver An <code>EntityResolver</code> to
- * resolve external entities (schemas
- * and DTDs). If <code>null</code>, it
- * will not be set.
- * @param errorHandler An <code>ErrorHandler</code> to
- * decide what to do with parsing
- * errors. If <code>null</code>, it
- * will not be set.
* @return The parsed XML document as a DOM tree.
* @throws SAXException An error occurred parsing the document.
* @throws IOException An error occurred reading the document.
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java
index f62b82a..94ecc8b 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java
@@ -202,7 +202,7 @@ public class KeyStoreUtils {
/**
* Loads a keyStore without knowing the keyStore type
*
- * @param in input stream
+ * @param is input stream
* @param password Password protecting the keyStore
* @return keyStore loaded
* @throws KeyStoreException thrown if keyStore cannot be loaded
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java
index f4acabf..2ab55a2 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java
@@ -113,8 +113,8 @@ public class MOAErrorHandler extends DefaultErrorHandler {
return new Object[] {
e.getMessage(),
e.getSystemId(),
- new Integer(e.getLineNumber()),
- new Integer(e.getColumnNumber()) };
+ Integer.valueOf(e.getLineNumber()),
+ Integer.valueOf(e.getColumnNumber()) };
}
} \ No newline at end of file
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java
index 591495a..13133ea 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java
@@ -70,7 +70,7 @@ public class MOATimer {
* @param id The action ID.
*/
public void startTiming(Object id) {
- timemapstart.put(id, new Long(System.currentTimeMillis()));
+ timemapstart.put(id, Long.valueOf(System.currentTimeMillis()));
}
/**
@@ -79,7 +79,7 @@ public class MOATimer {
* @param id The action ID.
*/
public void stopTiming(Object id) {
- timemapend.put(id, new Long(System.currentTimeMillis()));
+ timemapend.put(id, Long.valueOf(System.currentTimeMillis()));
}
/**
diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.2.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.2.0.xsd
index d9cecf1..57c2e1d 100644
--- a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.2.0.xsd
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.2.0.xsd
@@ -98,6 +98,7 @@
</xs:sequence>
<xs:element name="DigestMethodAlgorithm" minOccurs="0"/>
</xs:sequence>
+ <xs:attribute name="RSASSA-PSS" type="xs:boolean"/>
</xs:complexType>
</xs:element>
<xs:element name="KeyGroupMapping" maxOccurs="unbounded">
@@ -131,6 +132,11 @@
</xs:sequence>
</xs:complexType>
</xs:element>
+ <xs:element name="Signing" minOccurs="0">
+ <xs:complexType>
+ <xs:attribute name="RSASSA-PSS" type="xs:boolean" default="true"/>
+ </xs:complexType>
+ </xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
diff --git a/moaSig/gradle/wrapper/gradle-wrapper.jar b/moaSig/gradle/wrapper/gradle-wrapper.jar
index 75ae3ac..1b33c55 100644
--- a/moaSig/gradle/wrapper/gradle-wrapper.jar
+++ b/moaSig/gradle/wrapper/gradle-wrapper.jar
Binary files differ
diff --git a/moaSig/gradle/wrapper/gradle-wrapper.properties b/moaSig/gradle/wrapper/gradle-wrapper.properties
index e6fc1b1..2a84e18 100644
--- a/moaSig/gradle/wrapper/gradle-wrapper.properties
+++ b/moaSig/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,7 @@
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
-zipStorePath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.0.0-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/moaSig/gradlew b/moaSig/gradlew
index cccdd3d..23d15a9 100755
--- a/moaSig/gradlew
+++ b/moaSig/gradlew
@@ -1,78 +1,129 @@
-#!/usr/bin/env sh
+#!/bin/sh
+
+#
+# Copyright © 2015-2021 the original authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
##############################################################################
-##
-## Gradle start up script for UN*X
-##
+#
+# Gradle start up script for POSIX generated by Gradle.
+#
+# Important for running:
+#
+# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+# noncompliant, but you have some other compliant shell such as ksh or
+# bash, then to run this script, type that shell name before the whole
+# command line, like:
+#
+# ksh Gradle
+#
+# Busybox and similar reduced shells will NOT work, because this script
+# requires all of these POSIX shell features:
+# * functions;
+# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+# * compound commands having a testable exit status, especially «case»;
+# * various built-in commands including «command», «set», and «ulimit».
+#
+# Important for patching:
+#
+# (2) This script targets any POSIX shell, so it avoids extensions provided
+# by Bash, Ksh, etc; in particular arrays are avoided.
+#
+# The "traditional" practice of packing multiple parameters into a
+# space-separated string is a well documented source of bugs and security
+# problems, so this is (mostly) avoided, by progressively accumulating
+# options in "$@", and eventually passing that to Java.
+#
+# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+# see the in-line comments for details.
+#
+# There are tweaks for specific operating systems such as AIX, CygWin,
+# Darwin, MinGW, and NonStop.
+#
+# (3) This script is generated from the Groovy template
+# https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+# within the Gradle project.
+#
+# You can find Gradle at https://github.com/gradle/gradle/.
+#
##############################################################################
# Attempt to set APP_HOME
+
# Resolve links: $0 may be a link
-PRG="$0"
-# Need this for relative symlinks.
-while [ -h "$PRG" ] ; do
- ls=`ls -ld "$PRG"`
- link=`expr "$ls" : '.*-> \(.*\)$'`
- if expr "$link" : '/.*' > /dev/null; then
- PRG="$link"
- else
- PRG=`dirname "$PRG"`"/$link"
- fi
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+ APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
+ [ -h "$app_path" ]
+do
+ ls=$( ls -ld "$app_path" )
+ link=${ls#*' -> '}
+ case $link in #(
+ /*) app_path=$link ;; #(
+ *) app_path=$APP_HOME$link ;;
+ esac
done
-SAVED="`pwd`"
-cd "`dirname \"$PRG\"`/" >/dev/null
-APP_HOME="`pwd -P`"
-cd "$SAVED" >/dev/null
-
-APP_NAME="Gradle"
-APP_BASE_NAME=`basename "$0"`
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS=""
+# This is normally unused
+# shellcheck disable=SC2034
+APP_BASE_NAME=${0##*/}
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
# Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD="maximum"
+MAX_FD=maximum
warn () {
echo "$*"
-}
+} >&2
die () {
echo
echo "$*"
echo
exit 1
-}
+} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
-case "`uname`" in
- CYGWIN* )
- cygwin=true
- ;;
- Darwin* )
- darwin=true
- ;;
- MINGW* )
- msys=true
- ;;
- NONSTOP* )
- nonstop=true
- ;;
+case "$( uname )" in #(
+ CYGWIN* ) cygwin=true ;; #(
+ Darwin* ) darwin=true ;; #(
+ MSYS* | MINGW* ) msys=true ;; #(
+ NONSTOP* ) nonstop=true ;;
esac
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+CLASSPATH="\\\"\\\""
+
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
- JAVACMD="$JAVA_HOME/jre/sh/java"
+ JAVACMD=$JAVA_HOME/jre/sh/java
else
- JAVACMD="$JAVA_HOME/bin/java"
+ JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
@@ -81,92 +132,120 @@ Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
- JAVACMD="java"
- which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+ JAVACMD=java
+ if ! command -v java >/dev/null 2>&1
+ then
+ die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
+ fi
fi
# Increase the maximum file descriptors if we can.
-if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
- MAX_FD_LIMIT=`ulimit -H -n`
- if [ $? -eq 0 ] ; then
- if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
- MAX_FD="$MAX_FD_LIMIT"
- fi
- ulimit -n $MAX_FD
- if [ $? -ne 0 ] ; then
- warn "Could not set maximum file descriptor limit: $MAX_FD"
- fi
- else
- warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
- fi
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+ case $MAX_FD in #(
+ max*)
+ # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+ # shellcheck disable=SC2039,SC3045
+ MAX_FD=$( ulimit -H -n ) ||
+ warn "Could not query maximum file descriptor limit"
+ esac
+ case $MAX_FD in #(
+ '' | soft) :;; #(
+ *)
+ # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+ # shellcheck disable=SC2039,SC3045
+ ulimit -n "$MAX_FD" ||
+ warn "Could not set maximum file descriptor limit to $MAX_FD"
+ esac
fi
-# For Darwin, add options to specify how the application appears in the dock
-if $darwin; then
- GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
-fi
+# Collect all arguments for the java command, stacking in reverse order:
+# * args from the command line
+# * the main class name
+# * -classpath
+# * -D...appname settings
+# * --module-path (only if needed)
+# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if "$cygwin" || "$msys" ; then
+ APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+ CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+ JAVACMD=$( cygpath --unix "$JAVACMD" )
-# For Cygwin, switch paths to Windows format before running java
-if $cygwin ; then
- APP_HOME=`cygpath --path --mixed "$APP_HOME"`
- CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
- JAVACMD=`cygpath --unix "$JAVACMD"`
-
- # We build the pattern for arguments to be converted via cygpath
- ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
- SEP=""
- for dir in $ROOTDIRSRAW ; do
- ROOTDIRS="$ROOTDIRS$SEP$dir"
- SEP="|"
- done
- OURCYGPATTERN="(^($ROOTDIRS))"
- # Add a user-defined pattern to the cygpath arguments
- if [ "$GRADLE_CYGPATTERN" != "" ] ; then
- OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
- fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
- i=0
- for arg in "$@" ; do
- CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
- CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
-
- if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
- eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
- else
- eval `echo args$i`="\"$arg\""
+ for arg do
+ if
+ case $arg in #(
+ -*) false ;; # don't mess with options #(
+ /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
+ [ -e "$t" ] ;; #(
+ *) false ;;
+ esac
+ then
+ arg=$( cygpath --path --ignore --mixed "$arg" )
fi
- i=$((i+1))
+ # Roll the args list around exactly as many times as the number of
+ # args, so each arg winds up back in the position where it started, but
+ # possibly modified.
+ #
+ # NB: a `for` loop captures its iteration list before it begins, so
+ # changing the positional parameters here affects neither the number of
+ # iterations, nor the values presented in `arg`.
+ shift # remove old arg
+ set -- "$@" "$arg" # push replacement arg
done
- case $i in
- (0) set -- ;;
- (1) set -- "$args0" ;;
- (2) set -- "$args0" "$args1" ;;
- (3) set -- "$args0" "$args1" "$args2" ;;
- (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
- (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
- (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
- (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
- (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
- (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
- esac
fi
-# Escape application args
-save () {
- for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
- echo " "
-}
-APP_ARGS=$(save "$@")
-
-# Collect all arguments for the java command, following the shell quoting and substitution rules
-eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
-# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
-if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
- cd "$(dirname "$0")"
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+# * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+# and any embedded shellness will be escaped.
+# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+# treated as '${Hostname}' itself on the command line.
+
+set -- \
+ "-Dorg.gradle.appname=$APP_BASE_NAME" \
+ -classpath "$CLASSPATH" \
+ -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
+ "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+ die "xargs is not available"
fi
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+# set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
+
+eval "set -- $(
+ printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+ xargs -n1 |
+ sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+ tr '\n' ' '
+ )" '"$@"'
+
exec "$JAVACMD" "$@"
diff --git a/moaSig/gradlew.bat b/moaSig/gradlew.bat
index e95643d..5eed7ee 100644
--- a/moaSig/gradlew.bat
+++ b/moaSig/gradlew.bat
@@ -1,4 +1,22 @@
-@if "%DEBUG%" == "" @echo off
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
+
+@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@@ -9,25 +27,29 @@
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS=
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if %ERRORLEVEL% equ 0 goto execute
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
goto fail
@@ -35,48 +57,36 @@ goto fail
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
goto fail
-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
:execute
@rem Setup the command line
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+set CLASSPATH=
+
@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
:end
@rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
-if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
diff --git a/moaSig/libs/iaik_cms-6.0_moa.jar b/moaSig/libs/iaik_cms-6.0_moa.jar
deleted file mode 100644
index f11b250..0000000
--- a/moaSig/libs/iaik_cms-6.0_moa.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_cms-6.1_moa.jar b/moaSig/libs/iaik_cms-6.1_moa.jar
new file mode 100644
index 0000000..8f5b167
--- /dev/null
+++ b/moaSig/libs/iaik_cms-6.1_moa.jar
Binary files differ
diff --git a/moaSig/libs/iaik_cpades-2.4_moa.jar b/moaSig/libs/iaik_cpades-2.4_moa.jar
deleted file mode 100644
index 300c215..0000000
--- a/moaSig/libs/iaik_cpades-2.4_moa.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_cpades_2.5_moa.jar b/moaSig/libs/iaik_cpades_2.5_moa.jar
new file mode 100644
index 0000000..1c15eec
--- /dev/null
+++ b/moaSig/libs/iaik_cpades_2.5_moa.jar
Binary files differ
diff --git a/moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar b/moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar
index e67be71..2d16719 100644
--- a/moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar
+++ b/moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar
Binary files differ
diff --git a/moaSig/libs/iaik_eccelerate-6.3.0_eval.jar b/moaSig/libs/iaik_eccelerate-6.3.0_eval.jar
deleted file mode 100644
index 4422430..0000000
--- a/moaSig/libs/iaik_eccelerate-6.3.0_eval.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_eccelerate-6.3.2_eval.jar b/moaSig/libs/iaik_eccelerate-6.3.2_eval.jar
new file mode 100644
index 0000000..7cf380f
--- /dev/null
+++ b/moaSig/libs/iaik_eccelerate-6.3.2_eval.jar
Binary files differ
diff --git a/moaSig/libs/iaik_eccelerate_addon-6.3.0_eval.jar b/moaSig/libs/iaik_eccelerate_addon-6.3.0_eval.jar
deleted file mode 100644
index 182a150..0000000
--- a/moaSig/libs/iaik_eccelerate_addon-6.3.0_eval.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_eccelerate_addon-6.3.2_eval.jar b/moaSig/libs/iaik_eccelerate_addon-6.3.2_eval.jar
new file mode 100644
index 0000000..9216303
--- /dev/null
+++ b/moaSig/libs/iaik_eccelerate_addon-6.3.2_eval.jar
Binary files differ
diff --git a/moaSig/libs/iaik_moa-2.09.jar b/moaSig/libs/iaik_moa-2.09.jar
deleted file mode 100644
index a73a348..0000000
--- a/moaSig/libs/iaik_moa-2.09.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_moa-2.10.jar b/moaSig/libs/iaik_moa-2.10.jar
new file mode 100644
index 0000000..7a659c4
--- /dev/null
+++ b/moaSig/libs/iaik_moa-2.10.jar
Binary files differ
diff --git a/moaSig/libs/iaik_pki_module-2.03_moa.jar b/moaSig/libs/iaik_pki_module-2.04_moa.jar
index a017fe6..8732262 100644
--- a/moaSig/libs/iaik_pki_module-2.03_moa.jar
+++ b/moaSig/libs/iaik_pki_module-2.04_moa.jar
Binary files differ
diff --git a/moaSig/libs/iaik_sva-1.2.0.jar b/moaSig/libs/iaik_sva-1.2.0.jar
deleted file mode 100644
index a9d3824..0000000
--- a/moaSig/libs/iaik_sva-1.2.0.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar b/moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar
new file mode 100644
index 0000000..4bb8326
--- /dev/null
+++ b/moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar
Binary files differ
diff --git a/moaSig/moa-asic/build.gradle b/moaSig/moa-asic/build.gradle
index 0a8fd83..a132b05 100644
--- a/moaSig/moa-asic/build.gradle
+++ b/moaSig/moa-asic/build.gradle
@@ -1,30 +1,33 @@
-//plugins {
-// id 'com.intershop.gradle.jaxb' version '5.1.0'
-//}
+plugins {
+ id 'java-library'
+ id 'distribution'
+}
-apply plugin: 'java-library-distribution'
+java {
+ sourceCompatibility = JavaVersion.VERSION_17
+ targetCompatibility = JavaVersion.VERSION_17
+}
distributions {
- main{
- distributionBaseName = 'MOA-ASIC'
- }
+ main {
+ distributionBaseName.set('MOA-ASIC')
+ }
}
configurations {
jaxb
-
}
dependencies {
- jaxb group: 'com.sun.xml.bind', name: 'jaxb-xjc', version: '3.0.2'
- jaxb group: 'org.glassfish.jaxb', name: 'jaxb-runtime', version: '3.0.2'
+ jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5'
+ jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5'
- implementation project(':common')
+ implementation project(':common')
implementation project(':moa-sig-lib')
- api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
- api 'jakarta.xml.ws:jakarta.xml.ws-api:3.0.1'
- implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: '1.7.36'
+ api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+ api 'jakarta.xml.ws:jakarta.xml.ws-api:4.0.2'
+ implementation 'org.slf4j:slf4j-api:2.0.17'
}
sourceSets {
@@ -35,48 +38,34 @@ sourceSets {
}
}
-/*
-jaxb {
- // generate java code from schema
- javaGen {
- //generates a 'project' schema file from existing java code
- posConfig {
- schema = file('src/main/resources/schemas/asic.xsd')
- packageName = 'at.gv.egiz.asic'
- outputDir = file( "${projectDir}/src/generated/java" )
- }
+tasks.register('jaxb') {
+ group = 'build'
+ description = 'Generates Java classes from XSD using JAXB'
+
+ doLast {
+ def jaxbTargetDir = file("${projectDir}/src/generated/java")
+ jaxbTargetDir.mkdirs()
+
+ ant.taskdef(
+ name: 'xjc',
+ classname: 'com.sun.tools.xjc.XJCTask',
+ classpath: configurations.jaxb.asPath
+ )
+
+ ant.xjc(
+ destdir: jaxbTargetDir.path,
+ package: 'at.gv.egiz.asic',
+ schema: 'src/main/resources/schemas/asic.xsd'
+ )
}
-
}
-*/
-
-task jaxb () {
- // output directory
- def jaxbTargetDir = file( "${projectDir}/src/generated/java" )
- //jaxbTargetDirMoaSig = file( jaxbTargetDir.path )
-
- // perform actions
- doLast {
- jaxbTargetDir.mkdirs()
-
- ant.taskdef(name: 'xjc', classname: 'com.sun.tools.xjc.XJCTask', classpath: configurations.jaxb.asPath)
- //ant.jaxbTargetDirMoaSig = jaxbTargetDir
-
- // MOA Sig
- ant.xjc(
- destdir: jaxbTargetDir.path,
- package: 'at.gv.egiz.asic',
- schema: 'src/main/resources/schemas/asic.xsd'
- )
- }
-}
-
-task releases(type: Copy) {
- //from jar.outputs
- from distZip.outputs
- from distTar.outputs
- into rootDir.toString() + "/releases/" + version
+tasks.register('releases', Copy) {
+ dependsOn tasks.named('distZip'), tasks.named('distTar')
+ from(tasks.named('distZip'))
+ from(tasks.named('distTar'))
+ into layout.projectDirectory.dir("releases/${version}")
}
-task publishPubNamePublicationToMavenLocal {}
+// This is a placeholder – only include if needed by CI or to avoid errors
+tasks.register('publishPubNamePublicationToMavenLocal') {}
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
index 34744ef..02fbeb2 100644
--- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
@@ -74,8 +74,7 @@ public class VerifyASICSignatureResponseBuilder {
* element being the XML representation of the given
* <code>VerifyCMSSignatureResponse</code> API object.
*
- * @param response The <code>VerifyCMSSignatureResponse</code> to convert to
- * XML.
+ * @param results The <code>VerifyCMSSignatureResponse</code> to convert to XML.
* @return A document containing the <code>VerifyCMSSignatureResponse</code> DOM
* element.
* @throws MOAApplicationException An error occurred building the response.
diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle
index 34fec09..c5187a6 100644
--- a/moaSig/moa-sig-lib/build.gradle
+++ b/moaSig/moa-sig-lib/build.gradle
@@ -1,48 +1,55 @@
-apply plugin: 'java-library-distribution'
-apply plugin: 'maven-publish'
+plugins {
+ id 'java-library'
+ id 'distribution'
+ id 'maven-publish'
+}
+
+java {
+ sourceCompatibility = JavaVersion.VERSION_17
+ targetCompatibility = JavaVersion.VERSION_17
+}
distributions {
main {
- distributionBaseName = 'moa-spss-lib'
+ distributionBaseName.set('moa-spss-lib')
}
}
-dependencies {
- implementation project(':common')
- testImplementation project(path: ':common', configuration: 'testArtifacts')
-
- api fileTree(dir: '../libs', include: '*.jar')
- //api fileTree(dir: '../libs_debug', include: '*.jar')
-
- api group: 'at.gv.egovernment.moa.sig', name: 'tsl-lib', version: '2.1.5'
- api 'commons-logging:commons-logging:1.2'
- api 'commons-io:commons-io:2.16.1'
- api 'commons-codec:commons-codec:1.16.0'
- api 'org.apache.axis:axis-jaxrpc:1.4'
- api 'org.xerial:sqlite-jdbc:3.46.1.0'
- api 'javax.activation:activation:1.1.1'
- api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
- api 'com.sun.xml.bind:jaxb-core:3.0.2'
- api 'com.sun.xml.bind:jaxb-impl:3.0.2'
- api 'org.postgresql:postgresql:42.7.1'
- api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.32'
- api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.32'
- api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.32'
- api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.32'
- api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.32'
- api group: 'org.apache.commons', name: 'commons-lang3', version: '3.16.0'
- api group: 'org.apache.httpcomponents', name: 'httpclient-cache', version: '4.5.14'
- api group: 'org.slf4j', name: 'jcl-over-slf4j', version: '1.7.36'
-
- testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-migrationsupport', version: '5.10.1'
- testImplementation group: 'org.junit.platform', name: 'junit-platform-engine', version: '1.10.1'
- testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.10.1'
- testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13'
+dependencies {
+ implementation project(':common')
+
+ api fileTree(dir: '../libs', include: ['*.jar'])
+ // api fileTree(dir: '../libs_debug', include: ['*.jar'])
+
+ api 'at.gv.egovernment.moa.sig:tsl-lib:2.2.0'
+ api 'commons-logging:commons-logging:1.3.5'
+ api 'commons-io:commons-io:2.20.0'
+ api 'commons-codec:commons-codec:1.19.0'
+ api 'org.apache.axis:axis-jaxrpc:1.4'
+ api 'org.xerial:sqlite-jdbc:3.50.3.0'
+ api 'jakarta.activation:jakarta.activation-api:2.1.3'
+ api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+ api 'com.sun.xml.bind:jaxb-impl:4.0.5'
+ api 'org.postgresql:postgresql:42.7.7'
+
+ api 'org.apache.pdfbox:pdfbox:2.0.34'
+ api 'org.apache.pdfbox:pdfbox-tools:2.0.34'
+ api 'org.apache.pdfbox:pdfbox-app:2.0.34'
+ api 'org.apache.pdfbox:preflight:2.0.34'
+ api 'org.apache.pdfbox:preflight-app:2.0.34'
+ api 'org.apache.commons:commons-lang3:3.18.0'
+ api 'org.apache.httpcomponents.client5:httpclient5-cache:5.4.4'
+ api 'org.slf4j:jcl-over-slf4j:2.0.17'
+
+
+ testImplementation project(path: ':common', configuration: 'testArtifacts')
+ testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.13.4'
+ testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.13.4'
+ testImplementation 'ch.qos.logback:logback-classic:1.5.18'
}
-task releases(type: Copy) {
- //from jar.outputs
- from distZip.outputs
- //from distTar.outputs
- into rootDir.toString() + "/releases/" + version
+tasks.register('releases', Copy) {
+ dependsOn(tasks.named('distZip')) // Ensure distZip runs first
+ from(tasks.named('distZip'))
+ into layout.projectDirectory.dir("releases/${version}")
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index d0be7d5..5d378ce 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -316,7 +316,7 @@ public abstract class SPSSFactory {
* @param profileID The profile ID to resolve during signature creation.
* @return The <code>CreateSignatureEnvironmentProfile</code> containing the
* given profile ID.
- *
+ *
* @pre profileID != null && profileID.length() > 0
* @post return != null
*/
@@ -398,8 +398,7 @@ public abstract class SPSSFactory {
/**
* Create a new <code>SignatureEnvironmentResponse</code> object.
*
- * @param signatureEnvironment The signature environment containing the
- * signature.
+ * @param base64value Signature as Base64 encoded data
* @return The <code>SignatureEnvironmentResponse</code> containing the
* <code>signatureEnvironment</code>.
*
@@ -959,15 +958,15 @@ public abstract class SPSSFactory {
/**
* Create a new <code>Content</code> object containing location reference data.
- *
+ *
* @param locationReferenceURI a URI pointing to the actual remote location of
* the content.
- *
+ *
* @param referenceURI An URI identifying the data. May be
* <code>null</code>.
- *
+ *
* @return The <code>Content</code> object containing the data.
- *
+ *
* @pre locationReferenceURI != null
* @post return != null
*/
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
index 3d5279f..ab73c22 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
/**
* Default implementation of
- * <codeCreateSignatureEnvironmentProfileExplicit</code>.
+ * <code>CreateSignatureEnvironmentProfileExplicit</code>.
*
* @author Patrick Peck
* @version $Id$
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
index d1eebca..ed6f449 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
@@ -30,7 +30,7 @@ import java.util.List;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
/**
- * Default implementation of <codeReferenceInfo</code>.
+ * Default implementation of <code>ReferenceInfo</code>.
*
* @author Fatemeh Philippi
* @version $Id$
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
index 173ecbf..571977e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
@@ -62,7 +62,7 @@ public class RequestParserUtils {
/**
* Parse a <code>XMLDataObjectAssociationType</code> kind of DOM element.
- *
+ *
* @param assocElem The <code>XMLDataObjectAssociationType</code> kind of DOM
* elmeent to parse.
* @return The <code>XMLDataObjectAssociation</code> API object containing the
@@ -79,7 +79,7 @@ public class RequestParserUtils {
/**
* Parse a <code>MetaInfoType</code> kind of DOM element.
- *
+ *
* @param metaInfoElem The <code>MetaInfoType</code> kind of DOM element.
* @return The <code>MetaInfo</code> API object containing the data from the
* <code>metaInfoElem</code>.
@@ -97,7 +97,7 @@ public class RequestParserUtils {
/**
* Parse a <code>ContentOptionalRefType</code> or
* <code>ContentRequiredRefType</code> kind of DOM element.
- *
+ *
* @param contentParentElem The DOM element being the parent of the content
* element.
* @return The <code>Content</code> API object containing the data from the
@@ -127,7 +127,7 @@ public class RequestParserUtils {
/**
* Get the signing time from a Verfiy(CMS|XML)SignatureRequest.
- *
+ *
* @param requestElem A <code>Verify(CMS|XML)SignatureRequest</code> DOM
* element.
* @param dateTimeXPath The XPath to lookup the <code>DateTime</code> element
@@ -162,11 +162,12 @@ public class RequestParserUtils {
/**
* Get the signing time from a Verfiy(CMS|XML)SignatureRequest.
- *
- * @param requestElem A <code>Verify(CMS|XML)SignatureRequest</code> DOM
- * element.
- * @param dateTimeXPath The XPath to lookup the <code>DateTime</code> element
- * within the request.
+ *
+ * @param requestElem A <code>Verify(CMS|XML)SignatureRequest</code>
+ * DOM element.
+ * @param extendedValidationXPath The XPath to lookup the <code>DateTime</code>
+ * element within the request.
+ * @param defaultValue Default value if XPath value is null or empty
* @return Date The date and time corresponding to the <code>DateTime</code>
* element in the request. If no <code>DateTime</code> element exists in
* the request, <code>null</code> is returned.
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 1156aa1..daf3802 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -499,7 +499,7 @@ public class ResponseBuilderUtils {
* element.
* @param elementName The name of the newly created element.
* @param code The content of the <code>Code</code> subelement.
- * @param info The content of the <code>Info</code> subelement.
+ * @param name The content of the <code>Info</code> subelement.
*/
public static void addFormCheckElement(
Document response,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index bcab978..1279d73 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -171,7 +171,7 @@ public class VerifyCMSSignatureRequestParser {
// put the signatories into a List
while (tokenizer.hasMoreTokens()) {
try {
- signatoriesList.add(new Integer(tokenizer.nextToken()));
+ signatoriesList.add(Integer.valueOf(tokenizer.nextToken()));
} catch (final NumberFormatException e) {
// this cannot occur if the request has been validated
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
index bf11240..0f1a57d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
@@ -50,18 +50,19 @@ public class CRLDistributionPoint extends DistributionPoint implements
// create the mapping between reason code strings and their integer
// values
- RC_MAPPING.put("unused", new Integer(iaik.asn1.structures.DistributionPoint.unused));
- RC_MAPPING.put("keyCompromise", new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise));
- RC_MAPPING.put("cACompromise", new Integer(iaik.asn1.structures.DistributionPoint.cACompromise));
- RC_MAPPING.put("affiliationChanged", new Integer(
+ RC_MAPPING.put("unused", Integer.valueOf(iaik.asn1.structures.DistributionPoint.unused));
+ RC_MAPPING.put("keyCompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.keyCompromise));
+ RC_MAPPING.put("cACompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.cACompromise));
+ RC_MAPPING.put("affiliationChanged", Integer.valueOf(
iaik.asn1.structures.DistributionPoint.affiliationChanged));
- RC_MAPPING.put("superseded", new Integer(iaik.asn1.structures.DistributionPoint.superseded));
+ RC_MAPPING.put("superseded", Integer.valueOf(iaik.asn1.structures.DistributionPoint.superseded));
RC_MAPPING.put("cessationOfOperation",
- new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
- RC_MAPPING.put("certificateHold", new Integer(iaik.asn1.structures.DistributionPoint.certificateHold));
- RC_MAPPING.put("privilegeWithdrawn", new Integer(
+ Integer.valueOf(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
+ RC_MAPPING.put("certificateHold", Integer.valueOf(
+ iaik.asn1.structures.DistributionPoint.certificateHold));
+ RC_MAPPING.put("privilegeWithdrawn", Integer.valueOf(
iaik.asn1.structures.DistributionPoint.privilegeWithdrawn));
- RC_MAPPING.put("aACompromise", new Integer(iaik.asn1.structures.DistributionPoint.aACompromise));
+ RC_MAPPING.put("aACompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.aACompromise));
}
/**
@@ -76,12 +77,12 @@ public class CRLDistributionPoint extends DistributionPoint implements
/**
* Create a <code>CRLDistributionPoint</code>.
- *
+ *
* @param issuerName The name of the CA issuing the CRL referred to by this
* DP.
- *
+ *
* @param uri The URI of the distribution point.
- *
+ *
* @param reasonCodeStr A list of reason codes (a space-separated enumeration).
*/
public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) {
@@ -101,7 +102,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
/**
* Convert a list of reason codes provided as a <code>String</code> to a binary
* representation.
- *
+ *
* @param reasonCodeStr A <code>String</code> containing a blank-separated,
* textual representation of reason codes.
* @return int A binary representation of reason codes.
@@ -143,7 +144,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
/**
* Return a binary representation of the reason codes of this distribution
* point.
- *
+ *
* @return The binary representation of the reason codes.
*/
@Override
@@ -153,7 +154,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
/**
* Return a <code>String</code> representation of this distribution point.
- *
+ *
* @return The <code>String</code> representation of this distribution point.
* @see java.lang.Object#toString()
*/
@@ -163,7 +164,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
}
/**
- * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName()
+ * Get CRL issuer-name.
*/
public String getIssuerName() {
return issuerName_;
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 75da0a6..09ec921 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -154,6 +154,11 @@ public class ConfigurationPartsBuilder {
private static final String KEYGROUP_MAPPING_XPATH =
ROOT + CONF + "SignatureCreation/"
+ CONF + "KeyGroupMapping";
+
+ private static final String SIGN_PARAMS_XPATH =
+ ROOT + CONF + "SignatureCreation/"
+ + CONF + "Signing";
+
private static final String ISSUER_XPATH =
DSIG + "X509IssuerName";
private static final String SERIAL_XPATH =
@@ -576,7 +581,7 @@ public class ConfigurationPartsBuilder {
entry = new BlackListEntry(host, -1);
info("config.34", new Object[] { host });
} else {
- entry = new BlackListEntry(host, new Integer(port).intValue());
+ entry = new BlackListEntry(host, Integer.valueOf(port).intValue());
info("config.34", new Object[] { host + ":" + port });
}
@@ -626,7 +631,7 @@ public class ConfigurationPartsBuilder {
entry = new WhiteListEntry(host, -1);
info("config.49", new Object[] { host });
} else {
- entry = new WhiteListEntry(host, new Integer(port).intValue());
+ entry = new WhiteListEntry(host, Integer.valueOf(port).intValue());
info("config.49", new Object[] { host + ":" + port });
}
@@ -759,9 +764,22 @@ public class ConfigurationPartsBuilder {
final String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF
+ "DigestMethodAlgorithm", null);
- final Set keyGroupEntries =
- buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
- final KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm);
+ final Set keyGroupEntries = buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem);
+
+ String rsaSsaPssAttr = keyGroupElem.getAttribute("RSASSA-PSS");
+ Boolean useRsaSsaPss = null;
+ if (org.apache.commons.lang3.StringUtils.isNotEmpty(rsaSsaPssAttr)) {
+ useRsaSsaPss = Boolean.valueOf(keyGroupElem.getAttribute("RSASSA-PSS"));
+ Logger.info((useRsaSsaPss ? "Enable" : "Disable")
+ + " RSASSA-PSS as primary signature-algorithm for keyGroup: " + keyGroupId);
+
+ } else {
+ Logger.debug("RSASSA-PSS is not defined for keyGroup: " + keyGroupId);
+
+ }
+
+ final KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries,
+ keyGroupDigestMethodAlgorithm, useRsaSsaPss);
if (keyGroups.containsKey(keyGroupId)) {
warn("config.04", new Object[] { "KeyGroup", keyGroupId });
@@ -1504,7 +1522,7 @@ public class ConfigurationPartsBuilder {
* Returns the JDBC URL for the revocation archive database.
*
* @return the JDBC URL for the revocation archive database, or
- * <code>null</code, if the corresponding parameter is not set in the
+ * <code>null</code>, if the corresponding parameter is not set in the
* configuration.
*/
public String getRevocationArchiveJDBCURL() {
@@ -1516,7 +1534,7 @@ public class ConfigurationPartsBuilder {
* Returns the JDBC driver class name for the revocation archive database.
*
* @return the JDBC driver class name for the revocation archive database, or
- * <code>null</code, if the corresponding parameter is not set in the
+ * <code>null</code>, if the corresponding parameter is not set in the
* configuration.
*/
public String getRevocationArchiveJDBCDriverClass() {
@@ -1762,7 +1780,7 @@ public class ConfigurationPartsBuilder {
while ((modElem = (Element) modIter.nextNode()) != null) {
final String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null);
final String i = getElementValue(modElem, CONF + "Interval", null);
- final Integer interval = new Integer(i);
+ final Integer interval = Integer.valueOf(i);
map.put(ConfigurationProvider.normalizeX500Names(x509IssuerName), interval);
}
@@ -1770,6 +1788,33 @@ public class ConfigurationPartsBuilder {
return map;
}
+ /**
+ * Use RSASSA-PSS algorithm if it's supported by Key-Material.
+ *
+ * <p>
+ * <b>Default: </b> <code>true</code>
+ * </p>
+ *
+ * @return <code>true</code> if RSASSA-PSS should be used, otherwise false.
+ */
+ public boolean isRsaSsaPssEnabled() {
+ final NodeIterator modIter = XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ SIGN_PARAMS_XPATH);
+
+
+ Element modElem;
+ if ((modElem = (Element) modIter.nextNode()) != null) {
+ Boolean value = Boolean.valueOf(modElem.getAttribute("RSASSA-PSS"));
+ Logger.debug((value ? "Enable" : "Disable") + " RSASSA-PSS as primary signature-algorithm for RSA");
+ return value;
+
+ } else {
+ Logger.debug("Enable RSASSA-PSS as primary signature-algorithm for RSA");
+ return true;
+
+ }
+ }
/**
* Should ETSI extension should be used for short-time certificate validation.
@@ -1792,6 +1837,7 @@ public class ConfigurationPartsBuilder {
return SHORT_TIME_CERT_DEFAULT_ETSI;
}
+
/**
* Get default shortTime certificate interval.
*
@@ -1834,7 +1880,7 @@ public class ConfigurationPartsBuilder {
final String x509IssuerName = ConfigurationProvider.normalizeX500Names(
getElementValue(modElem, CONF + "X509IssuerName", null));
final String i = getElementValue(modElem, CONF + "ValidityPeriod", null);
- final Integer interval = new Integer(i);
+ final Integer interval = Integer.valueOf(i);
map.put(x509IssuerName, interval);
Logger.debug("Set shortTimePeriodInterval: " + interval + " for Issuer: " + x509IssuerName);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 3c720a1..6856e56 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -103,6 +103,9 @@ public class ConfigurationProvider {
/** The default canonicalization algorithm name */
private String canonicalizationAlgorithmName;
+ /** The default of use RSASSA-PSS if supported */
+ private boolean useRsaSsaPss;
+
/** The XAdES version used for signature creation */
private String xadesVersion;
@@ -375,6 +378,8 @@ public class ConfigurationProvider {
// check TSL configuration
checkTSLConfiguration();
+ useRsaSsaPss = builder.isRsaSsaPssEnabled();
+
digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
canonicalizationAlgorithmName =
builder.getCanonicalizationAlgorithmName();
@@ -556,6 +561,15 @@ public class ConfigurationProvider {
}
/**
+ * Use RSASSA-PSS algorithm if it's supported by Key-Material.
+ *
+ * @return <code>true</code> if RSASSA-PSS should be used, otherwise false.
+ */
+ public boolean isUseRsaSsaPss() {
+ return useRsaSsaPss;
+ }
+
+ /**
* Return the XAdES version used for signature creation.
*
* @return The XAdES version used for signature creation, or an empty
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
index faeaf82..fc374ab 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
@@ -42,6 +42,9 @@ public class KeyGroup {
/** The digest method algorithm for the key group */
private final String digestMethodAlgorithm;
+ /** Use RSASSA-PSS if supported */
+ private final Boolean useRsaSsaPss;
+
/**
* Create a <code>KeyGroup</code>.
*
@@ -51,9 +54,25 @@ public class KeyGroup {
* @param digestMethodAlgorithm The signature algorithm used for this key group
*/
public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm) {
+ this(id, keyGroupEntries, digestMethodAlgorithm, true);
+
+ }
+
+ /**
+ * Create a <code>KeyGroup</code>.
+ *
+ * @param id The ID of this <code>KeyGroup</code>.
+ * @param keyGroupEntries The keys belonging to this
+ * <code>KeyGroup</code>.
+ * @param useRsaSsaPss Use RSASSA-PSS if available and supported
+ * @param digestMethodAlgorithm The signature algorithm used for this key group
+ */
+ public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm, Boolean useRsaSsaPss) {
this.id = id;
this.keyGroupEntries = keyGroupEntries;
this.digestMethodAlgorithm = digestMethodAlgorithm;
+ this.useRsaSsaPss = useRsaSsaPss;
+
}
/**
@@ -84,6 +103,17 @@ public class KeyGroup {
}
/**
+ * Use RSASSA-PSS algorithm if it's supported by Key-Material.
+ *
+ * @return <code>true</code> if RSASSA-PSS should be used, <code>false</code> if
+ * it is disabled, or <code>null</code> if it is undefined
+ */
+ public Boolean isUseRsaSsaPass() {
+ return useRsaSsaPss;
+
+ }
+
+ /**
* Return a <code>String</code> representation of this <code>KeyGroup</code>.
*
* @return The <code>String</code> representation.
@@ -102,7 +132,7 @@ public class KeyGroup {
}
}
return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: "
- + digestMethodAlgorithm;
+ + digestMethodAlgorithm + useRsaSsaPss != null ? ("RSASSA-PSS: " + useRsaSsaPss) : "";
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
index d660c7a..e5b6025 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.iaik.cmssign;
import java.util.List;
import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
+
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -63,15 +65,36 @@ public class CMSSignatureCreationProfileImpl
/** Digest Method algorithm */
private String digestMethod;
private final boolean isPAdESConform;
+ private final boolean rsaSsaPss;
+
+ public CMSSignatureCreationProfileImpl(
+ Set keySet,
+ String digestMethod,
+ List signedProperties,
+ boolean securityLayerConform,
+ boolean includeData,
+ String mimeType,
+ boolean isPAdESConform) {
+ this(keySet, digestMethod, signedProperties, securityLayerConform, includeData, mimeType,
+ isPAdESConform, true);
+
+ }
/**
- * Create a new <code>XMLSignatureCreationProfileImpl</code>.
+ * Creates a CMS based signature-creation profile.
*
- * @param createProfileCount Provides external information about the number of
- * calls to the signature creation module, using the
- * same request.
- * @param reservedIDs The set of IDs that must not be used while
- * generating new IDs.
+ * @param keySet Set of signing keys
+ * @param digestMethod Hash algorithm
+ * @param signedProperties List of signing properties
+ * @param securityLayerConform If <code>true</code> create a CAdES-B signature,
+ * otherwise CMS signature
+ * @param includeData If <code>true</code> create an embedded
+ * signature, otherwise a detached
+ * @param mimeType MimeType to be set
+ * @param isPAdESConform If <code>true</code> signature fulfill PAdES
+ * requirements
+ * @param rsaSsaPss If <code>true</code> use RSASSA-PSS algorithms,
+ * otherwise RSA#1.5
*/
public CMSSignatureCreationProfileImpl(
Set keySet,
@@ -80,7 +103,8 @@ public class CMSSignatureCreationProfileImpl
boolean securityLayerConform,
boolean includeData,
String mimeType,
- boolean isPAdESConform) {
+ boolean isPAdESConform,
+ boolean rsaSsaPss) {
this.keySet = keySet;
this.signedProperties = signedProperties;
this.securityLayerConform = securityLayerConform;
@@ -88,6 +112,7 @@ public class CMSSignatureCreationProfileImpl
this.mimeType = mimeType;
this.digestMethod = digestMethod;
this.isPAdESConform = isPAdESConform;
+ this.rsaSsaPss = rsaSsaPss;
}
@@ -131,11 +156,70 @@ public class CMSSignatureCreationProfileImpl
null);
}
+ final String selectedSigAlg = selectBestSigAlg(algorithms, selectedKeyID);
+ Logger.trace("Selecting SigAlg: " + selectedSigAlg);
+ return selectedSigAlg;
+
+ }
+
+ /**
+ * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+ */
+ @Override
+ public List getSignedProperties() {
+ return signedProperties;
+ }
+
+ /**
+ * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+ */
+ @Override
+ public boolean isSecurityLayerConform() {
+ return securityLayerConform;
+ }
+
+ /**
+ * Sets the security layer conformity.
+ *
+ * @param securityLayerConform <code>true</code>, if the created signature is to
+ * be conform to the Security Layer specification.
+ */
+ public void setSecurityLayerConform(boolean securityLayerConform) {
+ this.securityLayerConform = securityLayerConform;
+ }
+
+ public void setDigestMethod(String digestMethod) {
+ this.digestMethod = digestMethod;
+ }
+
+ @Override
+ public String getMimeType() {
+ return mimeType;
+ }
+
+ @Override
+ public boolean includeData() {
+ return this.includeData;
+ }
+
+ @Override
+ public boolean isPAdESConform() {
+ return this.isPAdESConform;
+ }
+
+ private String selectBestSigAlg(Set algorithms, KeyEntryID selectedKeyID) throws AlgorithmUnavailableException {
+ Logger.trace("Key: " + selectedKeyID + " supports signingAlgs: " + StringUtils.join(algorithms, ","));
+
+ // TODO: maybe add support for parameterized RSASSA-PSS
+
if (digestMethod.compareTo("SHA-1") == 0) {
Logger.warn(
"SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
- if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+ if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA1_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
return SignatureAlgorithms.SHA1_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
@@ -152,7 +236,11 @@ public class CMSSignatureCreationProfileImpl
}
} else if (digestMethod.compareTo("SHA-256") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)) {
+
+ return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
return SignatureAlgorithms.SHA256_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
@@ -168,7 +256,10 @@ public class CMSSignatureCreationProfileImpl
null);
}
} else if (digestMethod.compareTo("SHA-384") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
return SignatureAlgorithms.SHA384_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
@@ -184,7 +275,10 @@ public class CMSSignatureCreationProfileImpl
null);
}
} else if (digestMethod.compareTo("SHA-512") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
return SignatureAlgorithms.SHA512_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
@@ -205,52 +299,6 @@ public class CMSSignatureCreationProfileImpl
null,
null);
}
-
- }
-
- /**
- * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
- */
- @Override
- public List getSignedProperties() {
- return signedProperties;
- }
-
- /**
- * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
- */
- @Override
- public boolean isSecurityLayerConform() {
- return securityLayerConform;
- }
-
- /**
- * Sets the security layer conformity.
- *
- * @param securityLayerConform <code>true</code>, if the created signature is to
- * be conform to the Security Layer specification.
- */
- public void setSecurityLayerConform(boolean securityLayerConform) {
- this.securityLayerConform = securityLayerConform;
- }
-
- public void setDigestMethod(String digestMethod) {
- this.digestMethod = digestMethod;
- }
-
- @Override
- public String getMimeType() {
- return mimeType;
- }
-
- @Override
- public boolean includeData() {
- return this.includeData;
- }
-
- @Override
- public boolean isPAdESConform() {
- return this.isPAdESConform;
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
index d1b776b..befeab7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
@@ -43,7 +43,6 @@ import iaik.pki.store.revocation.RevocationStoreException;
* A customized implementation of
* {@link iaik.pki.store.revocation.RevocationInfoRetriever}. Will be used
* instead of the default implementation
- * {@link iaik.pki.store.revocation.CRLRetriever} to overcome a classloader
* problem in connection with the {@link java.net.URL} class in a Tomcat
* deployment environment.
*
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
index 22cceeb..0e12f89 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
@@ -28,7 +28,6 @@ import iaik.pki.store.revocation.archive.DataBaseArchiveParameters;
/**
* An implementation of the <code>DataBaseArchiveParameter</code> interface.
*
- * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter
* @author Patrick Peck
* @version $Id$
*/
@@ -46,9 +45,6 @@ public class DataBaseArchiveParameterImpl implements DataBaseArchiveParameters {
this.jDBCUrl = jDBCUrl;
}
- /**
- * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter#getJDBCUrl()
- */
@Override
public String getJDBCUrl() {
return jDBCUrl;
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
index 9ef3764..7a036ec 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
@@ -60,10 +60,9 @@ public class TrustStoreProfileImpl implements TrustStoreProfile {
/**
* Create a new <code>TrustStoreProfileImpl</code>.
*
- * @param config The MOA configuration data, from which trust store
- * configuration data is read.
- * @param trustProfileId The trust profile id on which this
- * <code>TrustStoreProfile</code> is based.
+ * @param trustProfileId The trust profile id on which this
+ * <code>TrustStoreProfile</code> is based.
+ * @param trustProfileUri File path to trust profile
* @throws MOAApplicationException The <code>trustProfileId</code> could not be
* found in the MOA configuration.
*/
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 516e3d8..b0fea7f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
import java.util.List;
import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
+
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -76,6 +78,7 @@ public class XMLSignatureCreationProfileImpl
private final IdGenerator propertyIDGenerator;
/** The selected digest method algorithm if XAdES 1.4.2 is used */
private final String digestMethodXAdES142;
+ private final boolean rsaSsaPss;
/**
* Create a new <code>XMLSignatureCreationProfileImpl</code>.
@@ -85,11 +88,12 @@ public class XMLSignatureCreationProfileImpl
* same request.
* @param reservedIDs The set of IDs that must not be used while
* generating new IDs.
+ * @param useRsaSsaPss Use RSASSA-PSS if supported
*/
public XMLSignatureCreationProfileImpl(
int createProfileCount,
Set reservedIDs,
- String digestMethodXAdES142) {
+ String digestMethodXAdES142, boolean useRsaSsaPss) {
signatureIDGenerator =
new IdGenerator("signature-" + createProfileCount, reservedIDs);
manifestIDGenerator =
@@ -99,6 +103,8 @@ public class XMLSignatureCreationProfileImpl
propertyIDGenerator =
new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
this.digestMethodXAdES142 = digestMethodXAdES142;
+ this.rsaSsaPss = useRsaSsaPss;
+
}
/**
@@ -159,6 +165,14 @@ public class XMLSignatureCreationProfileImpl
@Override
public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
throws AlgorithmUnavailableException {
+ String sigAlgIdentifier = getInternalSignatureAlgorithmName(selectedKeyID);
+ Logger.debug("Selected SignatureAlgorithmIdentifier: " + sigAlgIdentifier);
+ return sigAlgIdentifier;
+
+ }
+
+ private String getInternalSignatureAlgorithmName(KeyEntryID selectedKeyID)
+ throws AlgorithmUnavailableException {
final TransactionContext context =
TransactionContextManager.getInstance().getTransactionContext();
@@ -174,21 +188,35 @@ public class XMLSignatureCreationProfileImpl
e,
null);
}
+ Logger.trace("RSASSA-PSS: " + rsaSsaPss + " XAdESDigistAlg: " + digestMethodXAdES142
+ + " Algorithms: " + StringUtils.join(algorithms, ","));
+ // TODO: maybe add support for parameterized RSASSA-PSS
if (digestMethodXAdES142 == null) {
// XAdES 1.4.2 not enabled - legacy MOA
- if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
+ if (rsaSsaPss
+ && (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)
+ || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)
+ || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1))) {
+ return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
|| algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
|| algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+ || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)
+ || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)
+ || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+
+ return SignatureAlgorithms.SHA256_WITH_RSA;
- return SignatureAlgorithms.SHA1_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
return SignatureAlgorithms.ECDSA;
+
} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
return SignatureAlgorithms.DSA;
+
} else {
throw new AlgorithmUnavailableException(
"No algorithm for key entry: " + selectedKeyID,
@@ -219,7 +247,10 @@ public class XMLSignatureCreationProfileImpl
}
} else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
return SignatureAlgorithms.SHA256_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
@@ -235,7 +266,10 @@ public class XMLSignatureCreationProfileImpl
null);
}
} else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
return SignatureAlgorithms.SHA384_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
@@ -251,7 +285,10 @@ public class XMLSignatureCreationProfileImpl
null);
}
} else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
return SignatureAlgorithms.SHA512_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 5624f45..4ae1866 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -221,6 +221,7 @@ public class CMSSignatureCreationInvoker {
// get digest algorithm
final String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
+ final boolean useRsaSsaPss = isRsaSsaPssActive(config, keyGroupID);
// create CMSSignatureCreation profile:
final CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
@@ -230,7 +231,8 @@ public class CMSSignatureCreationInvoker {
isSecurityLayerConform,
includeData,
mimetype,
- isPAdESConformRequired);
+ isPAdESConformRequired,
+ useRsaSsaPss);
// create CMSSignature from the CMSSignatureCreationModule
// build the additionalSignedProperties
@@ -344,13 +346,23 @@ public class CMSSignatureCreationInvoker {
}
+ private boolean isRsaSsaPssActive(ConfigurationProvider config, String keyGroupID)
+ throws MOASystemException {
+ final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass();
+ final boolean configUseRsaSsaPss = config.isUseRsaSsaPss();
+ return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss;
+
+ }
+
private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID)
throws MOASystemException {
// get digest method on key group level (if configured)
final String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm();
+
// get default digest method (if configured)
final String configDigestMethod = config.getDigestMethodAlgorithmName();
+
String digestMethod = null;
if (configDigestMethodKG != null) {
// if KG specific digest method is configured
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 1a0791b..7aca40e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -86,7 +86,7 @@ public class CMSSignatureVerificationInvoker {
/**
* Return the only instance of this class.
- *
+ *
* @return The only instance of this class.
*/
public static synchronized CMSSignatureVerificationInvoker getInstance() {
@@ -98,7 +98,7 @@ public class CMSSignatureVerificationInvoker {
/**
* Create a new <code>CMSSignatureVerificationInvoker</code>.
- *
+ *
* Protected to disallow multiple instances.
*/
protected CMSSignatureVerificationInvoker() {
@@ -106,7 +106,7 @@ public class CMSSignatureVerificationInvoker {
/**
* Verify a CMS signature.
- *
+ *
* @param request The <code>VerifyCMSSignatureRequest</code> containing the CMS
* signature, as well as additional data needed for verification.
* @return Element A <code>VerifyCMSSignatureResponse</code> containing the
@@ -118,7 +118,7 @@ public class CMSSignatureVerificationInvoker {
final CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(
request);
- final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder();
+
final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
final LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
InputStream signature;
@@ -219,7 +219,7 @@ public class CMSSignatureVerificationInvoker {
}
}
- final QCSSCDResult qcsscdresult = new QCSSCDResult();
+ final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder();
// build the response: for each signatory add the result to the response
signatories = request.getSignatories();
@@ -248,7 +248,7 @@ public class CMSSignatureVerificationInvoker {
handlePDFResult(resultObject, responseBuilder, trustProfile);
}
} catch (final IndexOutOfBoundsException e) {
- throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) });
+ throw new MOAApplicationException("2249", new Object[] { Integer.valueOf(sigIndex) });
}
}
}
@@ -402,8 +402,8 @@ public class CMSSignatureVerificationInvoker {
i++;
}
- qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile
- .isTSLEnabled(), ConfigurationProvider.getInstance());
+ qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(),
+ trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance());
// get signer certificate issuer country code
issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
@@ -419,7 +419,7 @@ public class CMSSignatureVerificationInvoker {
/**
* Get the signed content contained either in the request itself or given as a
* reference to external data.
- *
+ *
* @param request The <code>VerifyCMSSignatureRequest</code> containing the
* signed content (or the reference to the signed content).
* @return InputStream A stream providing the signed content data, or
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
index bc5d884..bca9b8e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
@@ -69,12 +69,12 @@ public class CreateCMSSignatureResponseBuilder {
/**
* Add a <code>SignatureEnvironment</code> element to the response.
*
- * @param signatureEnvironment The content to put under the
- * <code>SignatureEnvironment</code> element. This
- * should either be a <code>dsig:Signature</code>
- * element (in case of a detached signature) or the
- * signature environment containing the signature
- * (in case of an enveloping signature).
+ * @param base64value The content to put under the
+ * <code>SignatureEnvironment</code> element. This should
+ * either be a <code>dsig:Signature</code> element (in case
+ * of a detached signature) or the signature environment
+ * containing the signature (in case of an enveloping
+ * signature).
*/
public void addCMSSignature(String base64value) {
final CMSSignatureResponse responseElement =
@@ -84,7 +84,7 @@ public class CreateCMSSignatureResponseBuilder {
/**
* Add a <code>ErrorResponse</code> element to the response.
- *
+ *
* @param errorCode The error code.
* @param info Additional information about the error.
*/
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 813d28e..79b4c29 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -74,15 +74,26 @@ public class VerifyCMSSignatureResponseBuilder {
/**
* Add a verification result to the response.
*
- * @param result The result to add.
- * @param trustprofile The actual trustprofile
- * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the
- * certificate as qualified, otherwise <code>false</code>.
- * @param checkSSCD <code>true</code>, if the TSL check verifies the
- * signature based on a SSDC, otherwise
- * <code>false</code>.
- * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from
- * the TSL, otherwise <code>false</code>.
+ * @param result The result to add.
+ * @param trustProfile The actual trustprofile
+ * @param checkQC <code>true</code>, if the TSL check
+ * verifies the certificate as qualified,
+ * otherwise <code>false</code>.
+ * @param qcSourceTSL <true> if QC info comes from the TSL,
+ * otherwise <code>false</code>.
+ * @param checkSSCD <code>true</code>, if the TSL check
+ * verifies the signature based on a SSDC,
+ * otherwise <code>false</code>.
+ * @param sscdSourceTSL <code>true</code>, if the SSCD
+ * information comes from the TSL,
+ * otherwise <code>false</code>.
+ * @param issuerCountryCode TSL issuer country
+ * @param adesResults Form validation results
+ * @param extendedCertificateCheckResult Extended validation results
+ * @param tslInfos Full TSL validation result
+ * @param extendedVerification <code>true</code> if extended
+ * validation was used, otherwise
+ * <code>false</code>
* @throws MOAException
*/
public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC,
@@ -150,7 +161,7 @@ public class VerifyCMSSignatureResponseBuilder {
}
/**
- *
+ *
* @param result
* @param trustProfile
* @param checkQC
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 7e882ed..25ce8d1 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -515,7 +515,7 @@ public class VerifyXMLSignatureResponseBuilder {
try {
if (refInfo.isHashCalculated() && !refInfo.isHashValid()) {
- failedReferencesList.add(new Integer(i + 1));
+ failedReferencesList.add(Integer.valueOf(i + 1));
}
} catch (final HashUnavailableException e) {
// nothing to do here because we called refInfo.isHashCalculated first
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index c097b0c..46c4983 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -191,8 +191,10 @@ public class XMLSignatureCreationProfileFactory {
}
}
+
final XMLSignatureCreationProfileImpl profile =
- new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142);
+ new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142,
+ isRsaSsaPssActive(config, keyGroupID));
// build the transformation supplements
createTransformsProfiles =
@@ -260,6 +262,21 @@ public class XMLSignatureCreationProfileFactory {
return profile;
}
+ private boolean isRsaSsaPssActive(ConfigurationProvider config, String keyGroupID)
+ throws MOASystemException {
+ final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass();
+ final boolean configUseRsaSsaPss = config.isUseRsaSsaPss();
+
+ Logger.trace("Config using RSASSA-PSS. KeyStore: "
+ + useRsaSsaPssKg != null
+ ? useRsaSsaPssKg
+ : "NOT-DEFINED"
+ + " Default: " + config);
+
+ return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss;
+
+ }
+
/**
* Get the <code>List</code> of all <code>CreateTransformsInfoProfile</code>s
* contained in all the <code>DataObjectInfo</code>s of the given
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index b97cc95..0fb2d82 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -110,34 +110,27 @@ import iaik.xml.crypto.utils.URIException;
public class XMLSignatureVerificationInvoker {
/** The single instance of this class. */
- private static XMLSignatureVerificationInvoker instance = null;
+ private static final XMLSignatureVerificationInvoker INSTANCE = new XMLSignatureVerificationInvoker();
- private static Set FILTERED_REF_TYPES;
-
- static {
- FILTERED_REF_TYPES = new HashSet();
- FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE);
- FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE);
- FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD);
- FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties");
- FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties");
- }
+ private static final Set<String> FILTERED_REF_TYPES = Set.of(
+ DsigManifest.XML_DSIG_MANIFEST_TYPE,
+ SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE,
+ SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD,
+ XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties",
+ "http://uri.etsi.org/01903#SignedProperties");
/**
* Get the single instance of this class.
- *
+ *
* @return The single instance of this class.
*/
- public static synchronized XMLSignatureVerificationInvoker getInstance() {
- if (instance == null) {
- instance = new XMLSignatureVerificationInvoker();
- }
- return instance;
+ public static XMLSignatureVerificationInvoker getInstance() {
+ return INSTANCE;
}
/**
* Create a new <code>XMLSignatureCreationInvoker</code>.
- *
+ *
* Protected to disallow multiple instances.
*/
protected XMLSignatureVerificationInvoker() {
@@ -146,8 +139,8 @@ public class XMLSignatureVerificationInvoker {
/**
* Process the <code>VerifyXMLSignatureRequest<code> message and invoke the
* <code>XMLSignatureVerificationModule</code>.
- *
- * @param request A <code>VerifyXMLSignatureRequest<code> API object
+ *
+ * @param request A <code>VerifyXMLSignatureRequest<code> API object
* containing the data for verifying an XML signature.
* &#64;return A <code>VerifyXMLSignatureResponse</code> containing the answert
* to the <code>VerifyXMLSignatureRequest</code>. MOA schema
@@ -307,16 +300,16 @@ public class XMLSignatureVerificationInvoker {
/**
* Checks if the signer certificate matches one of the allowed signer
* certificates specified in the provided <code>trustProfile</code>.
- *
+ *
* @param result The result produced by the
* <code>XMLSignatureVerificationModule</code>.
- *
+ *
* @param trustProfile The trust profile the signer certificate is validated
* against.
- *
+ *
* @return The overal result of the certificate validation for the signer
* certificate.
- *
+ *
* @throws MOAException if one of the signer certificates specified in the
* <code>trustProfile</code> cannot be read from the file
* system.
@@ -392,7 +385,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Select the <code>dsig:Signature</code> DOM element within the signature
* environment.
- *
+ *
* @param signatureEnvironment The signature environment containing the
* <code>dsig:Signature</code>.
* @param request The <code>VerifyXMLSignatureRequest</code>
@@ -425,7 +418,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Build the supplemental data objects contained in the
* <code>VerifyXMLSignatureRequest</code>.
- *
+ *
* @param supplements A <code>List</code> of
* <code>XMLDataObjectAssociation</code>s containing the
* supplement data.
@@ -458,7 +451,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Get the supplemental data contained in the
* <code>VerifyXMLSignatureRequest</code>.
- *
+ *
* @param request The <code>VerifyXMLSignatureRequest</code> containing the
* supplemental data.
* @return A <code>List</code> of <code>XMLDataObjectAssociation</code> objects
@@ -490,7 +483,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Perform additional validations of the
* <code>XMLSignatureVerificationResult</code>.
- *
+ *
* <p>
* In particular, it is verified that:
* <ul>
@@ -500,7 +493,7 @@ public class XMLSignatureVerificationInvoker {
* <li>The hash values of the <code>TransformParameter</code>s are valid.</li>
* </ul>
* </p>
- *
+ *
* @param request The <code>VerifyXMLSignatureRequest</code> containing the
* signature to verify.
* @param result The result produced by
@@ -546,7 +539,7 @@ public class XMLSignatureVerificationInvoker {
}
if (!found) {
- final Integer refIndex = new Integer(refData.getReferenceIndex());
+ final Integer refIndex = Integer.valueOf(refData.getReferenceIndex());
final String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex });
failedReferencesList.add(refIndex);
@@ -588,8 +581,8 @@ public class XMLSignatureVerificationInvoker {
final int[] failedReferences = new int[] { ref.getReferenceIndex() };
final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null,
failedReferences);
- final String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref
- .getReferenceIndex()) });
+ final String logMsg = msg.getMessage("invoker.02", new Object[] {
+ Integer.valueOf(ref.getReferenceIndex()) });
Logger.debug(new LogMsg(logMsg));
@@ -605,7 +598,7 @@ public class XMLSignatureVerificationInvoker {
* Get all <code>Transform</code>s contained in all the
* <code>VerifyTransformsInfoProfile</code>s of the given
* <code>ReferenceInfo</code>.
- *
+ *
* @param refInfo The <code>ReferenceInfo</code> object containing the
* transformations.
* @return A <code>List</code> of <code>List</code>s. Each of the
@@ -637,7 +630,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Build the <code>Set</code> of all <code>TransformParameter</code> URIs.
- *
+ *
* @param transformParameters The <code>List</code> of
* <code>TransformParameter</code>s, as provided to
* the verification.
@@ -658,7 +651,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Build a mapping between <code>TransformParameter</code> URIs (a
* <code>String</code> and <code>dsig:HashValue</code> (a <code>byte[]</code>).
- *
+ *
* @param request The <code>VerifyXMLSignatureRequest</code>.
* @return Map The resulting mapping.
* @throws MOAApplicationException An error occurred accessing one of the
@@ -703,7 +696,7 @@ public class XMLSignatureVerificationInvoker {
* Filter the <code>ReferenceInfo</code>s returned by the
* <code>VerifyXMLSignatureResult</code> for comparison with the
* <code>ReferenceInfo</code> elements in the request.
- *
+ *
* @param referenceInfos The <code>ReferenceInfo</code>s from the
* <code>VerifyXMLSignatureResult</code>.
* @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type is
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
index 335bf68..a60590d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
@@ -1,6 +1,6 @@
package at.gv.egovernment.moa.spss.server.transaction;
-import javax.activation.DataSource;
+import jakarta.activation.DataSource;
public interface DeleteableDataSource extends DataSource {
void delete();
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
index 5746657..06326a0 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
@@ -33,14 +33,13 @@ import java.util.Iterator;
import java.util.Map.Entry;
import java.util.Vector;
-import javax.activation.DataSource;
-
import org.w3c.dom.Element;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.xml.crypto.utils.URI;
+import jakarta.activation.DataSource;
/**
* Contains information about the current request.
@@ -310,7 +309,7 @@ public class TransactionContext {
}
// not available in Axis 1.0 to 1.1
// File f = mmds.getDiskCacheFile();
-// if (f!=null) f.delete();
+// if (f!=null) f.delete();
if (mmds instanceof DeleteableDataSource) {
((DeleteableDataSource) mmds).delete();
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
index 8e37b1c..8dd2a8b 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
@@ -21,8 +21,8 @@ import iaik.server.modules.resultcodes.ResultCodeValid;
public class AdESResultUtils {
- private static final int MAJORRESULTCODESKIPPED = new Integer(3);
- private static final int MAJORRESULTCODEERROR = new Integer(4);
+ private static final int MAJORRESULTCODESKIPPED = Integer.valueOf(3);
+ private static final int MAJORRESULTCODEERROR = Integer.valueOf(4);
public static Integer getResultCode(Integer adesCode) {
return adesCode;
@@ -114,9 +114,9 @@ public class AdESResultUtils {
minorInfo = "UNKNOWN_SUBFILTER";
} else if (resultCode.getCode().equals(ResultCode.CODE_NO_SIGNER_CERTIFICATE_FOUND)) {
minorInfo = "NO_SIGNER_CERTIFICATE_FOUND";
-
-
-
+
+
+
// pdf-as 3.x detection is removed from MOA-SP since 3.1.2
} else if (resultCode.getCode().equals(ResultCode.PDF_AS_SIGNATURE)) {
// minorInfo = "PDF_AS_SIGNATURE";
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index b7580ac..35dca16 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -204,7 +204,6 @@ public class CertificateUtils {
// QC evaluation flags
boolean qc = false;
boolean qcSourceTSL = false;
- boolean qcDisallowedFromTSL = false;
// SSCD/QSCD evaluation flags
boolean sscd = false;
@@ -254,7 +253,6 @@ public class CertificateUtils {
TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) {
qc = false;
qcSourceTSL = false;
- qcDisallowedFromTSL = true;
Logger.info("TSL mark this certificate explicitly as 'NotQualified'!");
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
index be40a9e..221c361 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
@@ -47,7 +47,7 @@ public class ExternalURIVerifier {
}
} else {
// check host and port
- final int iport = new Integer(bport).intValue();
+ final int iport = Integer.valueOf(bport).intValue();
if (ip.startsWith(bhost) && iport == port) {
Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port
+ " blacklisted"));
@@ -75,7 +75,7 @@ public class ExternalURIVerifier {
}
} else {
// check host and port
- final int iport = new Integer(bport).intValue();
+ final int iport = Integer.valueOf(bport).intValue();
if (ip.startsWith(bhost) && iport == port) {
Logger.debug(new LogMsg("Whitelist check: " + host + ":" + port + " (" + ip + ":" + port
+ " whitelisted"));
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
index 423ea20..1887479 100644
--- a/moaSig/moa-sig/build.gradle
+++ b/moaSig/moa-sig/build.gradle
@@ -1,33 +1,50 @@
-apply plugin: 'war'
-apply plugin: 'eclipse'
-apply plugin: 'eclipse-wtp'
-apply plugin: 'distribution'
-apply plugin: 'maven-publish'
+plugins {
+ id 'java-library'
+ id 'war'
+ id 'eclipse'
+ id 'eclipse-wtp'
+ id 'distribution'
+ id 'maven-publish'
+}
+
+java {
+ toolchain {
+ languageVersion = JavaLanguageVersion.of(17)
+ }
+}
configurations {
jaxb
}
dependencies {
- jaxb group: 'com.sun.xml.bind', name: 'jaxb-xjc', version: '3.0.2'
- jaxb group: 'org.glassfish.jaxb', name: 'jaxb-runtime', version: '3.0.2'
+ jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5'
+ jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5'
+
+ compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0'
- implementation project(':common')
- implementation project(':moa-sig-lib')
+ implementation project(':common')
+ implementation project(':moa-sig-lib')
implementation project(':moa-asic')
- implementation fileTree(dir: 'libs', include: '*.jar')
- compileOnly 'javax.servlet:javax.servlet-api:3.1.0'
- implementation 'commons-discovery:commons-discovery:0.5'
- implementation 'org.apache.logging.log4j:log4j-1.2-api:2.22.1'
- implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: '1.7.36'
- implementation group: 'javax.jws', name: 'javax.jws-api', version: '1.1'
- implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13'
-
- testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-migrationsupport', version: '5.10.1'
- testImplementation group: 'org.junit.platform', name: 'junit-platform-engine', version: '1.10.1'
- testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.10.1'
- testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13'
-
+ implementation fileTree(dir: 'libs', include: ['*.jar'])
+
+ implementation 'commons-discovery:commons-discovery:0.5'
+ implementation 'org.apache.logging.log4j:log4j-1.2-api:2.25.1'
+ implementation 'org.slf4j:log4j-over-slf4j:2.0.17'
+ implementation 'jakarta.jws:jakarta.jws-api:3.0.0'
+ implementation 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+ implementation 'ch.qos.logback:logback-classic:1.5.18'
+ implementation 'javax.activation:activation:1.1.1'
+ implementation 'org.eclipse.angus:angus-mail:2.0.4'
+
+ testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.13.4'
+ testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.13.4'
+ testImplementation 'ch.qos.logback:logback-classic:1.5.18'
+
+ testImplementation project(':common')
+ testImplementation project(path: ':common', configuration: 'testArtifacts')
+ testImplementation project(':moa-sig-lib')
+ testImplementation project(':moa-asic')
}
sourceSets {
@@ -38,66 +55,64 @@ sourceSets {
}
}
-war {
- archiveBaseName = "moa-spss"
- duplicatesStrategy = DuplicatesStrategy.EXCLUDE
-}
+tasks.register('jaxb') {
+ group = 'build'
+ description = 'Generates Java classes from XSD using JAXB'
-
-task jaxb () {
- // output directory
- def jaxbTargetDir = file( "${projectDir}/src/generated/java" )
-
- // perform actions
doLast {
+ def jaxbTargetDir = file("${projectDir}/src/generated/java")
jaxbTargetDir.mkdirs()
- ant.taskdef(name: 'xjc', classname: 'com.sun.tools.xjc.XJCTask', classpath: configurations.jaxb.asPath)
+ ant.taskdef(
+ name: 'xjc',
+ classname: 'com.sun.tools.xjc.XJCTask',
+ classpath: configurations.jaxb.asPath
+ )
- // MOA Sig
ant.xjc(
- destdir: jaxbTargetDir.path,
- package: 'at.gv.egiz.moasig',
- schema: 'src/main/resources/resources/schemas/MOA-SPSS-3.1.2.xsd'
+ destdir: jaxbTargetDir.path,
+ package: 'at.gv.egiz.moasig',
+ schema: 'src/main/resources/resources/schemas/MOA-SPSS-3.1.2.xsd'
)
}
}
+war {
+ archiveBaseName.set("moa-spss")
+ duplicatesStrategy = DuplicatesStrategy.EXCLUDE
+}
+
distributions {
- main {
- distributionBaseName = "moa-spss"
- contents {
- into('/') { // Copy the following jars to the lib/ directory in the distribution archive
- from war.outputs
- from "$rootDir/../release-infos/readme_" + "$version" + ".txt"
- dirMode = 0755
- fileMode = 0644
- }
- into('/handbook') {
- from rootDir.toString() + "/../release-infos/handbook/"
- }
- into('/endorsed_libs') {
- from findJar('serializer')
- from findJar('xalan')
- from findJar('xercesImpl')
- from findJar('xml-apis')
- }
- into('/ext_libs') {
- from findJar('iaik_jce_full')
- from rootDir.toString() + "/../release-infos/ext_libs/"
-
- }
+ main {
+ distributionBaseName.set("moa-spss")
+ contents {
+ into("/") {
+ from(tasks.named('war'))
+ from("$rootDir/../release-infos/readme_${version}.txt")
+ }
+ into("/handbook") {
+ from("$rootDir/../release-infos/handbook")
+ }
+ into("/endorsed_libs") {
+ from(findJar('serializer'))
+ from(findJar('xalan'))
+ from(findJar('xercesImpl'))
+ from(findJar('xml-apis'))
+ }
+ into("/ext_libs") {
+ from(findJar('iaik_jce_full'))
+ from("$rootDir/../release-infos/ext_libs/")
+ }
+ }
}
- }
}
-def findJar(prefix) {
- configurations.runtimeClasspath.filter { it.name.startsWith(prefix) }
-
+def findJar(String prefix) {
+ return configurations.runtimeClasspath.filter { it.name.startsWith(prefix) }
}
-task releases(type: Copy) {
- from distZip.outputs
- //from distTar.outputs
- into rootDir.toString() + "/releases/" + version
+tasks.register('releases', Copy) {
+ dependsOn(tasks.named('distZip'))
+ from(tasks.named('distZip'))
+ into("$rootDir/releases/${version}")
}
diff --git a/moaSig/moa-sig/libs/activation-1.1.jar b/moaSig/moa-sig/libs/activation-1.1.jar
deleted file mode 100644
index 53f82a1..0000000
--- a/moaSig/moa-sig/libs/activation-1.1.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar
deleted file mode 100644
index 81103be..0000000
--- a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar
new file mode 100644
index 0000000..0935d37
--- /dev/null
+++ b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar
Binary files differ
diff --git a/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar b/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar
new file mode 100644
index 0000000..0d015d5
--- /dev/null
+++ b/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar
Binary files differ
diff --git a/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar b/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar
new file mode 100644
index 0000000..6b36779
--- /dev/null
+++ b/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar
Binary files differ
diff --git a/moaSig/moa-sig/libs/mail-1.4.jar b/moaSig/moa-sig/libs/mail-1.4.jar
deleted file mode 100644
index 3b28b6e..0000000
--- a/moaSig/moa-sig/libs/mail-1.4.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index d13492f..f206167 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -33,8 +33,6 @@ import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
-import javax.servlet.http.HttpServletRequest;
-
import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
@@ -53,12 +51,15 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.server.transaction.TransactionIDGenerator;
+import at.gv.egovernment.moa.spss.server.utils.DataHandlerConverter;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import at.gv.egovernment.moaspss.util.DOMUtils;
+import jakarta.activation.DataHandler;
+import jakarta.servlet.http.HttpServletRequest;
/**
* An handler that is invoked on each web service request and performs some
@@ -150,7 +151,7 @@ public class AxisHandler extends BasicHandler {
soapMessage = msgContext.getCurrentMessage();
Element xmlRequest = null;
- // log.info(soapMessage.getSOAPPartAsString());
+
final Element soapPart = DOMUtils.parseDocument(
new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null)
.getDocumentElement();
@@ -172,8 +173,9 @@ public class AxisHandler extends BasicHandler {
}
- final TransactionContext context = new TransactionContext(TransactionIDGenerator.nextID(), clientCert,
- ConfigurationProvider.getInstance(), xmlRequest, null);
+ final TransactionContext context =
+ new TransactionContext(TransactionIDGenerator.nextID(), clientCert,
+ ConfigurationProvider.getInstance(), xmlRequest, null);
String soapAction = request.getHeader(SOAP_ACTION_HEADER);
if ("\"\"".equals(soapAction)) {
@@ -201,7 +203,11 @@ public class AxisHandler extends BasicHandler {
// content with Object content =
// attachment.getContent();)
InputStream is = null;
- final javax.activation.DataHandler datahandler = attachment.getDataHandler();
+
+ Object dataHandlerObj = attachment.getDataHandler();
+ final DataHandler datahandler = dataHandlerObj instanceof DataHandler
+ ? (DataHandler) dataHandlerObj
+ : DataHandlerConverter.convert((javax.activation.DataHandler) dataHandlerObj);
final int TYPE = 2;
switch (TYPE) {
@@ -239,19 +245,6 @@ public class AxisHandler extends BasicHandler {
info("handler.03", null);
}
if (Logger.isTraceEnabled()) {
- // OutputFormat format = new OutputFormat((Document)
- // xmlRequest.getOwnerDocument());
- // format.setLineSeparator("\n");
- // format.setIndenting(false);
- // format.setPreserveSpace(true);
- // format.setOmitXMLDeclaration(false);
- // format.setEncoding("UTF-8");
- // ByteArrayOutputStream baos = new ByteArrayOutputStream();
- // XMLSerializer conSerializer = new XMLSerializer(baos,
- // format);
- // conSerializer.serialize(xmlRequest);
- // Logger.debug(new LogMsg("Request:" + baos.toString()));
-
final String msg = soapMessage.getSOAPPartAsString();
Logger.trace(new LogMsg(msg));
}
@@ -305,24 +298,13 @@ public class AxisHandler extends BasicHandler {
if (xmlResponse != null) {
try {
xmlResponseString = DOMUtils.serializeNode(xmlResponse, true);
- /*
- * Soll die Antwort nur \n enthalten, so gibt es 2 Möglichkeiten: 1.) Xalan
- * Version und xmlResponseString = DOMUtils.serializeNode(xmlResponse, true,
- * "\n"); 2.) OutputFormat serializerFormat = new OutputFormat((Document)
- * xmlResponse.getOwnerDocument()); serializerFormat.setLineSeparator("\n");
- * serializerFormat.setIndenting(false);
- * serializerFormat.setPreserveSpace(true);
- * serializerFormat.setOmitXMLDeclaration(true);
- * serializerFormat.setEncoding("UTF-8"); ByteArrayOutputStream serializedBytes
- * = new ByteArrayOutputStream(); XMLSerializer serializer = new
- * XMLSerializer(serializedBytes, serializerFormat);
- * serializer.serialize(xmlResponse); serializedBytes.close(); xmlResponseString
- * = serializedBytes.toString("UTF-8");
- */
if (Logger.isTraceEnabled()) {
Logger.trace(new LogMsg(xmlResponseString));
+
}
+
soapResponseString = SOAP_PART_PRE + xmlResponseString + SOAP_PART_POST;
+
// override axis response-message
msgContext.setResponseMessage(new Message(soapResponseString));
} catch (final Throwable t) {
@@ -341,8 +323,8 @@ public class AxisHandler extends BasicHandler {
}
info("handler.04", null);
- if (Logger.isDebugEnabled()) {
- Logger.debug(new LogMsg(soapResponseString));
+ if (Logger.isTraceEnabled()) {
+ Logger.trace(new LogMsg(soapResponseString));
}
tearDownContexts();
}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
index bc2c3b6..dee5d90 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
@@ -11,11 +11,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
@@ -25,6 +20,10 @@ import at.gv.egovernment.moaspss.logging.Logger;
import iaik.server.modules.keys.KeyEntryID;
import iaik.server.modules.keys.KeyModule;
import iaik.server.modules.keys.KeyModuleFactory;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
/**
*
@@ -34,7 +33,7 @@ import iaik.server.modules.keys.KeyModuleFactory;
public class CertificateProviderServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -6907582473072190122L;
@@ -46,7 +45,7 @@ public class CertificateProviderServlet extends HttpServlet {
/**
* Build the set of <code>KeyEntryID</code>s available to the given
* <code>keyGroupID</code>.
- *
+ *
* @param keyGroupID The keygroup ID for which the available keys should be
* returned.
* @return The <code>Set</code> of <code>KeyEntryID</code>s identifying the
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
index 135d652..49047d7 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -29,11 +29,6 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
@@ -42,6 +37,10 @@ import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
/**
* A servlet to initialize and update the MOA configuration.
@@ -52,7 +51,7 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager;
*/
public class ConfigurationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = 8372961105222028696L;
/** The document type of the HTML to generate. */
@@ -63,8 +62,6 @@ public class ConfigurationServlet extends HttpServlet {
* Handle a HTTP GET request, used to indicated that the MOA configuration needs
* to be updated (reloaded).
*
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest,
- * HttpServletResponse)
*/
@Override
@SuppressWarnings({ "rawtypes", "unchecked" })
@@ -126,8 +123,6 @@ public class ConfigurationServlet extends HttpServlet {
/**
* Do the same as <code>doGet</code>.
*
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest,
- * HttpServletResponse)
*/
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
@@ -141,8 +136,6 @@ public class ConfigurationServlet extends HttpServlet {
*
* Does an initial load of the MOA configuration to test if a working web
* service can be provided.
- *
- * @see javax.servlet.GenericServlet#init()
*/
@Override
public void init() throws ServletException {
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
index 4030883..7973e44 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -63,7 +63,7 @@ public class SignatureCreationService {
/**
* Handle a <code>CreatePDFSignatureRequest</code>.
- *
+ *
* @param request The <code>CreatePDFSignatureRequest</code> to work on
* (contained in the 0th element of the array).
* @return A <code>CreatePDFSignatureResponse</code> as the only element of the
@@ -152,7 +152,7 @@ public class SignatureCreationService {
/**
* Handle a <code>CreateXMLSignatureRequest</code>.
- *
+ *
* @param request The <code>CreateXMLSignatureRequest</code> to work on
* (contained in the 0th element of the array).
* @return A <code>CreateXMLSignatureResponse</code> as the only element of the
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java
index 3bf9a37..abdf121 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java
@@ -5,18 +5,17 @@ import java.io.PrintWriter;
import java.text.MessageFormat;
import java.util.List;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import at.gv.egovernment.moa.sig.tsl.engine.data.TSLProcessingResultElement;
import at.gv.egovernment.moa.spss.server.monitoring.ServiceStatusContainer;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
public class TSLClientStatusServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = 1L;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java
new file mode 100644
index 0000000..fd11789
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.spss.server.utils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import lombok.experimental.UtilityClass;
+
+/**
+ * Utility to convert javax.activation.DataHandler to jakarta.activation.DataHandler.
+ */
+@UtilityClass
+public class DataHandlerConverter {
+
+ /**
+ * Converts javax.activation.DataHandler to jakarta.activation.DataHandler
+ */
+ public static jakarta.activation.DataHandler convert(javax.activation.DataHandler oldHandler) {
+ if (oldHandler == null) return null;
+
+ javax.activation.DataSource oldSource = oldHandler.getDataSource();
+
+ // Wrap the old javax.activation.DataSource in a jakarta.activation.DataSource
+ jakarta.activation.DataSource newSource = new jakarta.activation.DataSource() {
+ @Override
+ public InputStream getInputStream() throws IOException {
+ return oldSource.getInputStream();
+ }
+
+ @Override
+ public OutputStream getOutputStream() throws IOException {
+ return oldSource.getOutputStream();
+ }
+
+ @Override
+ public String getContentType() {
+ return oldSource.getContentType();
+ }
+
+ @Override
+ public String getName() {
+ return oldSource.getName();
+ }
+ };
+
+ return new jakarta.activation.DataHandler(newSource);
+ }
+}
+
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java
new file mode 100644
index 0000000..78d5039
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.spss.server.utils;
+
+import java.util.Properties;
+
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LogFactory;
+import iaik.logging.LoggerConfig;
+import lombok.experimental.UtilityClass;
+
+/**
+ * Logging helper.
+ */
+@UtilityClass
+public class LoggerUtils {
+
+ /**
+ * Fix {@link iaik.logging.impl.LogSlf4jFactoryImpl}, because it uses
+ * <code>org.slf4j.impl.StaticLoggerBinder</code> which was removed since v
+ * 1.5.x.
+ */
+ public static void fixLoggerFactory() {
+ LogFactory.configure(new LoggerConfig() {
+
+ @Override
+ public Properties getProperties() throws LogConfigurationException {
+ return null;
+ }
+
+ @Override
+ public String getNodeId() {
+ return null;
+ }
+
+ @Override
+ public String getFactory() {
+ return "iaik.logging.impl.OwnLogSlf4jFactoryImpl";
+ }
+ });
+ }
+
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java
index bf06ff6..4b91ec1 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java
@@ -1,8 +1,8 @@
package at.gv.egovernment.moa.spss.server.webservice;
-import javax.jws.WebMethod;
-import javax.jws.WebParam;
-import javax.jws.WebService;
+import jakarta.jws.WebMethod;
+import jakarta.jws.WebParam;
+import jakarta.jws.WebService;
@WebService(name = "SignatureCreationService",
targetNamespace = "http://reference.e-government.gv.at/namespace/moa/20151109#")
@@ -24,7 +24,7 @@ public interface SignatureCreationService {
* @WebMethod(action = "PDFSignatureCreate", operationName =
* "PDFSignatureCreate") public at.gv.egiz.moasig.CreatePDFSignatureResponseType
* createPDFSignature(
- *
+ *
* @WebParam(name = "CreatePDFSignatureRequest")
* at.gv.egiz.moasig.CreatePDFSignatureRequest createPDFSignatureRequest) throws
* Exception;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java
index ca30650..d8aa9b6 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java
@@ -1,8 +1,8 @@
package at.gv.egovernment.moa.spss.server.webservice;
-import javax.jws.WebMethod;
-import javax.jws.WebParam;
-import javax.jws.WebService;
+import jakarta.jws.WebMethod;
+import jakarta.jws.WebParam;
+import jakarta.jws.WebService;
@WebService(name = "SignatureVerificationService",
targetNamespace = "http://reference.e-government.gv.at/namespace/moa/20151109#")
diff --git a/moaSig/moa-sig/src/main/resources/logback.xml b/moaSig/moa-sig/src/main/resources/logback.xml
index 0012e81..0afb5cc 100644
--- a/moaSig/moa-sig/src/main/resources/logback.xml
+++ b/moaSig/moa-sig/src/main/resources/logback.xml
@@ -12,7 +12,7 @@
<!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
<File>${catalina.base}/logs/moa-spss.log</File>
<encoder>
- <pattern>logback | %5p | %d{dd HH:mm:ss,SSS} | %C{1} | %20c | %10t | %m%n</pattern>
+ <pattern>%5p | %d{dd HH:mm:ss.SSS} | %C{1} | %20c | %10t | %m%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<maxIndex>10</maxIndex>
@@ -24,7 +24,7 @@
</appender>
<appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
- <pattern>logback | %5p | %d{dd HH:mm:ss,SSS} | %C{1} | %20c | %10t | %m%n</pattern>
+ <pattern>%5p | %d{dd HH:mm:ss.SSS} | %C{1} | %20c | %10t | %m%n</pattern>
</encoder>
</appender>
<logger name="moa.spss.server" level="info">
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java
index 1ee071a..92749b0 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java
@@ -37,7 +37,6 @@ import at.gv.egovernment.moaspss.util.Constants;
import iaik.esi.sva.ConfigurationAdapter;
import iaik.pki.Configurator;
import iaik.pki.PKIFactory;
-import iaik.pki.store.certstore.CertStoreFactory;
import iaik.pki.store.truststore.TrustStoreFactory;
public abstract class AbstractIntegrationTest {
@@ -57,9 +56,9 @@ public abstract class AbstractIntegrationTest {
System.setProperty("moa.spss.server.configuration", "");
System.setProperty("iaik.esi.sva.configuration.location", "");
-
+
TrustStoreFactory.reset();
-
+
// reset TSL client
final Field field1 = TSLServiceFactory.class.getDeclaredField("tslClient");
field1.setAccessible(true);
@@ -68,32 +67,32 @@ public abstract class AbstractIntegrationTest {
final Field field5 = SQLiteDBService.class.getDeclaredField("conn");
field5.setAccessible(true);
field5.set(null, null);
-
+
final Field field6 = DatabaseServiceFactory.class.getDeclaredField("dbServices");
field6.setAccessible(true);
field6.set(null, null);
-
+
// reset MOA-SPSS configuration object
final Field field2 = ConfigurationProvider.class.getDeclaredField("instance");
field2.setAccessible(true);
field2.set(null, null);
-
+
final Field field8 = TransactionContextManager.class.getDeclaredField("instance");
field8.setAccessible(true);
field8.set(null, null);
-
+
// reset PKI module configuration
resetClassState(PKIFactory.class, "instance_", null);
// reset IAIK MOA configuration
resetClassState(Configurator.class, "C", false);
-
+
//reset ESI-SVA configuration
resetClassState(ConfigurationAdapter.class, "a", null);
- resetClassState(ConfigurationAdapter.class, "instance", null);
+ // resetClassState(ConfigurationAdapter.class, "instance", null);
//resetClassState(ConfigurationAdapter.class, "config", null);
//resetClassState(ConfigurationAdapter.class, "libraryConfig", null);
-
+
}
private static void resetClassState(Class clazz, String fieldName, Object value) {
@@ -101,16 +100,16 @@ public abstract class AbstractIntegrationTest {
Field field7 = clazz.getDeclaredField(fieldName);
if (field7 != null) {
field7.setAccessible(true);
- field7.set(null, value);
+ field7.set(null, value);
}
-
+
} catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) {
e.printStackTrace();
}
-
+
}
-
-
+
+
protected VerifyXMLSignatureRequest buildVerifyXmlRequest(final byte[] signature,
final String trustProfileID, boolean extValFlag,
final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation,
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java
index 191bed9..a88873a 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java
@@ -38,6 +38,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker;
import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.utils.LoggerUtils;
import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory;
import at.gv.egovernment.moaspss.util.DOMUtils;
import iaik.pki.Configurator;
@@ -52,6 +53,9 @@ public class CadesIntegrationTest extends AbstractIntegrationTest {
@BeforeClass
public static void classInitializer() throws IOException, ConfigurationException,
NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+ LoggerUtils.fixLoggerFactory();
+
jvmStateReset();
final String current = new java.io.File(".").getCanonicalPath();
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
index 9cee722..16037d6 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
@@ -9,9 +9,6 @@ import static org.junit.Assert.assertTrue;
import java.io.FileInputStream;
import java.io.IOException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.util.Base64;
import java.util.Date;
import org.apache.commons.io.IOUtils;
@@ -31,36 +28,45 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElemen
import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
-import at.gv.egovernment.moa.spss.server.iaik.cmsverify.PDFSignatureVerificationProfileImpl;
import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
-import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
-import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
+import at.gv.egovernment.moa.spss.server.utils.LoggerUtils;
+import at.gv.egovernment.moa.spss.test.integration.utils.CertificateReader;
+import iaik.pki.KeyUsageParam;
+import iaik.pki.KeyUsageParams;
import iaik.pki.PKIFactory;
import iaik.pki.PKIModule;
-import iaik.pki.PKIResult;
-import iaik.server.cmspdfverify.CMSVerifyUtils;
import iaik.x509.X509Certificate;
-import at.gv.egovernment.moa.spss.test.integration.utils.CertificateReader;
+import iaik.x509.extensions.KeyUsage;
@RunWith(BlockJUnit4ClassRunner.class)
public class PadesIntegrationTest extends AbstractIntegrationTest {
+ public static boolean[] KEY_USAGE;
+
+ static {
+ KeyUsage usage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation);
+ KEY_USAGE = usage.getBooleanArray();
+ }
+
CMSSignatureVerificationInvoker cadesInvoker;
@BeforeClass
- public static void classInitializer() throws IOException, ConfigurationException,
+ public static void classInitializer() throws IOException, ConfigurationException,
NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+ LoggerUtils.fixLoggerFactory();
+
jvmStateReset();
-
+
final String current = new java.io.File(".").getCanonicalPath();
System.setProperty("moa.spss.server.configuration",
current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
System.setProperty("iaik.esi.sva.configuration.location",
current + "/src/test/resources/moaspss_config/svaconfig.example");
-
+
moaSpssCore = SystemInitializer.init();
}
@@ -162,7 +168,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck());
assertEquals("ext. val major", 1, cmsResult.getExtendedCertificateCheck().getMajorCode());
-
+
// because was signed by using SHA1 after xxxx
assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMinorCode());
@@ -170,9 +176,9 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
assertEquals("used sig alg", "SHA1withRSA", cmsResult.getSignatureAlgorithm());
}
-
-
-
+
+
+
@Ignore
@Test
public void padesLteTest() throws MOAException, IOException {
@@ -188,10 +194,10 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
// verify result
assertNotNull("verification result", result);
-
+
}
-
+
@Test
public void padesAmtssignatur() throws MOAException, IOException {
final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest(
@@ -203,7 +209,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
// perform test
final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request);
-
+
// verify result
assertNotNull("verification result", result);
@@ -211,21 +217,21 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
.getResponseElements().get(0);
assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode());
assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode());
-
+
assertTrue("Amtssignatur", cmsResult.getSignerInfo().isPublicAuthority());
assertEquals("Amtssignatur", "L4AL", cmsResult.getSignerInfo().getPublicAuhtorityID());
-
+
assertFalse("QC", cmsResult.getSignerInfo().isQualifiedCertificate());
assertFalse("SSCD", cmsResult.getSignerInfo().isSSCD());
-
+
assertEquals("CountryCode", "AT", cmsResult.getSignerInfo().getIssuerCountryCode());
-
+
assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck());
assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode());
-
- // it's no valid CAdES signature because it does not include SignatureCertificateInfo extension
+
+ // it's no valid CAdES signature because it does not include SignatureCertificateInfo extension
assertEquals("ext. val major", 13, cmsResult.getExtendedCertificateCheck().getMinorCode());
-
+
assertNotNull("form val. result", cmsResult.getAdESFormResults());
assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size());
@@ -234,9 +240,9 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
assertEquals("Find wrong form val status", 2, ((AdESFormResults) el).getCode().longValue());
}
-
+
}
-
+
@Ignore
@Test
public void padesOwnTest() throws Exception {
@@ -257,26 +263,31 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode());
assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode());
assertEquals("Amtssignatur", "", cmsResult.getSignerInfo().getPublicAuhtorityID());
-
+
}
-
- @Ignore
+
@Test
public void pkixTest() throws Exception {
- final String current = new java.io.File(".").getCanonicalPath();
- X509Certificate[] chain = CertificateReader.readCertificatesIntoArray(current + "/src/test/resources/testdata/pkix/chain/");
-
+ final String current = new java.io.File(".").getCanonicalPath();
+ X509Certificate[] chain = CertificateReader.readCertificatesIntoArray(current + "/src/test/resources/testdata/pkix/chain/");
+
PKIModule pkiModule = PKIFactory.getInstance().getPKIModule(
new PKIProfileImpl(ConfigurationProvider.getInstance(), "MOAIDBuergerkarteAuthentisierungsDaten"));
- PKIResult pkiResult = pkiModule.validateCertificate(
- new Date(),
- (X509Certificate) chain[0],
- (X509Certificate[]) ArrayUtils.subarray(chain, 1, chain.length),
- (boolean[])null,
- new TransactionId("aabbccdd"));
-
+
+ KeyUsageParams keyUsage = new KeyUsageParams();
+ keyUsage.addParam(new KeyUsageParam(KEY_USAGE, KeyUsageParam.STRICT));
+
+ pkiModule.validateCertificate(
+ new Date(),
+ chain[0],
+ ArrayUtils.subarray(chain, 1, chain.length),
+ //(boolean[]) null,
+ // keyUsage,
+ null,
+ new TransactionId("aabbccdd"));
+
System.out.print("Finished");
-
+
}
-
+
}
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java
index ebbc334..3f413c3 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker;
import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.utils.LoggerUtils;
import at.gv.egovernment.moaspss.util.DOMUtils;
@RunWith(BlockJUnit4ClassRunner.class)
@@ -46,10 +47,13 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
XMLSignatureCreationInvoker xadesSignInvoker;
@BeforeClass
- public static void classInitializer() throws IOException, ConfigurationException,
+ public static void classInitializer() throws IOException, ConfigurationException,
NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+ LoggerUtils.fixLoggerFactory();
+
jvmStateReset();
-
+
final String current = new java.io.File(".").getCanonicalPath();
System.setProperty("moa.spss.server.configuration",
current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
@@ -166,27 +170,27 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
assertEquals("used sig alg", "SHA256withRSA", result.getSignatureAlgorithm());
}
-
+
@Test
public void simpleXmlSignature() throws MOAException, ParserConfigurationException, SAXException, IOException, TransformerException {
// build request
Element xml = DOMUtils.parseXmlNonValidating(
CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_1.xml"));
CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml);
-
+
// create signature
CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET);
-
-
+
+
// verify response
assertNotNull("xadesResp", xmlResp);
assertNotNull("xadesResp elements", xmlResp.getResponseElements());
assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty());
-
- SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
+
+ SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
assertNotNull("signed xml", signedXml.getSignatureEnvironment());
-
-
+
+
// verify signature
final VerifyXMLSignatureRequest request = buildVerifyXmlRequest(
DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(),
@@ -199,7 +203,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
assertNotNull("verification result", result);
assertEquals("sigCode", 0, result.getSignatureCheck().getCode());
assertEquals("certCode", 0, result.getCertificateCheck().getCode());
-
+
}
@Test
@@ -208,20 +212,20 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
Element xml = DOMUtils.parseXmlNonValidating(
CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_2.xml"));
CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml);
-
+
// create signature
CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET);
-
-
+
+
// verify response
assertNotNull("xadesResp", xmlResp);
assertNotNull("xadesResp elements", xmlResp.getResponseElements());
assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty());
-
- SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
+
+ SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
assertNotNull("signed xml", signedXml.getSignatureEnvironment());
-
-
+
+
// verify signature
final VerifyXMLSignatureRequest request = buildVerifyXmlRequest(
DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(),
@@ -234,7 +238,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
assertNotNull("verification result", result);
assertEquals("sigCode", 0, result.getSignatureCheck().getCode());
assertEquals("certCode", 0, result.getCertificateCheck().getCode());
-
+
}
-
+
}
diff --git a/release-infos/endorsed_libs/serializer-2.7.1.jar b/release-infos/endorsed_libs/serializer-2.7.1.jar
deleted file mode 100644
index 99f98db..0000000
--- a/release-infos/endorsed_libs/serializer-2.7.1.jar
+++ /dev/null
Binary files differ
diff --git a/release-infos/endorsed_libs/xalan-2.7.1.jar b/release-infos/endorsed_libs/xalan-2.7.1.jar
deleted file mode 100644
index 458fa73..0000000
--- a/release-infos/endorsed_libs/xalan-2.7.1.jar
+++ /dev/null
Binary files differ
diff --git a/release-infos/endorsed_libs/xercesImpl-2.12.2.jar b/release-infos/endorsed_libs/xercesImpl-2.12.2.jar
deleted file mode 100644
index ccbae9f..0000000
--- a/release-infos/endorsed_libs/xercesImpl-2.12.2.jar
+++ /dev/null
Binary files differ
diff --git a/release-infos/endorsed_libs/xml-apis-1.4.01.jar b/release-infos/endorsed_libs/xml-apis-1.4.01.jar
deleted file mode 100644
index 4673346..0000000
--- a/release-infos/endorsed_libs/xml-apis-1.4.01.jar
+++ /dev/null
Binary files differ
diff --git a/release-infos/ext_libs/iaikPkcs11Wrapper.jar b/release-infos/ext_libs/iaikPkcs11Wrapper.jar
deleted file mode 100644
index 6543602..0000000
--- a/release-infos/ext_libs/iaikPkcs11Wrapper.jar
+++ /dev/null
Binary files differ
diff --git a/release-infos/ext_libs/iaikPkcs11Provider.jar b/release-infos/ext_libs/iaik_Pkcs11Provider.jar
index 8d09063..8d09063 100644
--- a/release-infos/ext_libs/iaikPkcs11Provider.jar
+++ b/release-infos/ext_libs/iaik_Pkcs11Provider.jar
Binary files differ
diff --git a/release-infos/ext_libs/iaik_Pkcs11Wrapper.jar b/release-infos/ext_libs/iaik_Pkcs11Wrapper.jar
new file mode 100644
index 0000000..4daae43
--- /dev/null
+++ b/release-infos/ext_libs/iaik_Pkcs11Wrapper.jar
Binary files differ
diff --git a/release-infos/handbook/conf/moa-spss/spss.config.xml b/release-infos/handbook/conf/moa-spss/spss.config.xml
index e1d61a6..ce7f2bd 100644
--- a/release-infos/handbook/conf/moa-spss/spss.config.xml
+++ b/release-infos/handbook/conf/moa-spss/spss.config.xml
@@ -61,7 +61,7 @@
</cfg:KeyCertIssuerSerial>
</cfg:Key>
</cfg:KeyGroup>
- <cfg:KeyGroup>
+ <cfg:KeyGroup RSASSA-PSS="true">
<cfg:Id>KG_allgemein</cfg:Id>
<cfg:Key>
<cfg:KeyModuleId>SKM_allgemein</cfg:KeyModuleId>
@@ -95,6 +95,7 @@
<cfg:XAdES>
<cfg:Version>1.4.2</cfg:Version>
</cfg:XAdES>
+ <cfg:Signing RSASSA-PSS="true" />
</cfg:SignatureCreation>
<cfg:SignatureVerification>
<cfg:CertificateValidation>
diff --git a/release-infos/pkcs11/pkcs11-natives.zip b/release-infos/pkcs11/pkcs11-natives.zip
new file mode 100644
index 0000000..1cc1603
--- /dev/null
+++ b/release-infos/pkcs11/pkcs11-natives.zip
Binary files differ
diff --git a/release-infos/pkcs11/unix/linux-x86/debug/libpkcs11wrapper.so b/release-infos/pkcs11/unix/linux-x86/debug/libpkcs11wrapper.so
deleted file mode 100755
index 778ac22..0000000
--- a/release-infos/pkcs11/unix/linux-x86/debug/libpkcs11wrapper.so
+++ /dev/null
Binary files differ
diff --git a/release-infos/pkcs11/unix/linux-x86/release/libpkcs11wrapper.so b/release-infos/pkcs11/unix/linux-x86/release/libpkcs11wrapper.so
deleted file mode 100755
index 0d3e88f..0000000
--- a/release-infos/pkcs11/unix/linux-x86/release/libpkcs11wrapper.so
+++ /dev/null
Binary files differ
diff --git a/release-infos/pkcs11/unix/linux-x86_64/debug/libpkcs11wrapper.so b/release-infos/pkcs11/unix/linux-x86_64/debug/libpkcs11wrapper.so
deleted file mode 100755
index f0d6399..0000000
--- a/release-infos/pkcs11/unix/linux-x86_64/debug/libpkcs11wrapper.so
+++ /dev/null
Binary files differ
diff --git a/release-infos/pkcs11/unix/linux-x86_64/release/libpkcs11wrapper.so b/release-infos/pkcs11/unix/linux-x86_64/release/libpkcs11wrapper.so
deleted file mode 100755
index 407e097..0000000
--- a/release-infos/pkcs11/unix/linux-x86_64/release/libpkcs11wrapper.so
+++ /dev/null
Binary files differ
diff --git a/release-infos/pkcs11/unix/macosx_universal/debug/libpkcs11wrapper.jnilib b/release-infos/pkcs11/unix/macosx_universal/debug/libpkcs11wrapper.jnilib
deleted file mode 100755
index 2778819..0000000
--- a/release-infos/pkcs11/unix/macosx_universal/debug/libpkcs11wrapper.jnilib
+++ /dev/null
Binary files differ
diff --git a/release-infos/pkcs11/unix/macosx_universal/release/libpkcs11wrapper.jnilib b/release-infos/pkcs11/unix/macosx_universal/release/libpkcs11wrapper.jnilib
deleted file mode 100755
index 0735243..0000000
--- a/release-infos/pkcs11/unix/macosx_universal/release/libpkcs11wrapper.jnilib
+++ /dev/null
Binary files differ
diff --git a/release-infos/pkcs11/windows/win-x86/debug/pkcs11wrapper.dll b/release-infos/pkcs11/windows/win-x86/debug/pkcs11wrapper.dll
deleted file mode 100755
index 98926ca..0000000
--- a/release-infos/pkcs11/windows/win-x86/debug/pkcs11wrapper.dll
+++ /dev/null
Binary files differ
diff --git a/release-infos/pkcs11/windows/win-x86/release/pkcs11wrapper.dll b/release-infos/pkcs11/windows/win-x86/release/pkcs11wrapper.dll
deleted file mode 100755
index d035759..0000000
--- a/release-infos/pkcs11/windows/win-x86/release/pkcs11wrapper.dll
+++ /dev/null
Binary files differ
diff --git a/release-infos/pkcs11/windows/win-x86_64/debug/pkcs11wrapper.dll b/release-infos/pkcs11/windows/win-x86_64/debug/pkcs11wrapper.dll
deleted file mode 100755
index 7ccecc3..0000000
--- a/release-infos/pkcs11/windows/win-x86_64/debug/pkcs11wrapper.dll
+++ /dev/null
Binary files differ
diff --git a/release-infos/pkcs11/windows/win-x86_64/release/pkcs11wrapper.dll b/release-infos/pkcs11/windows/win-x86_64/release/pkcs11wrapper.dll
deleted file mode 100755
index eab4129..0000000
--- a/release-infos/pkcs11/windows/win-x86_64/release/pkcs11wrapper.dll
+++ /dev/null
Binary files differ
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-13 10:18:03 +0000