diff options
| author | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2016-03-14 16:29:03 +0100 |
|---|---|---|
| committer | Andreas Fitzek <andreas.fitzek@iaik.tugraz.at> | 2016-03-14 16:29:03 +0100 |
| commit | 84293bd12f63b59852026cab02035fc9ebee626a (patch) | |
| tree | 6a118418f618af68f5d884e2eb7eac2fb660a136 /moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl | |
| parent | 7510ab5173001711ecb5d6c8834878e7cce63ff9 (diff) | |
| download | moa-sig-84293bd12f63b59852026cab02035fc9ebee626a.tar.gz moa-sig-84293bd12f63b59852026cab02035fc9ebee626a.tar.bz2 moa-sig-84293bd12f63b59852026cab02035fc9ebee626a.zip | |
A lot of moa sig stuff
Diffstat (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl')
8 files changed, 426 insertions, 27 deletions
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java index defaedd..53e023f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.spss.tsl.config;
-import iaik.util.logging._l;
+import iaik.util.logging.GeneralLog;
import iaik.xml.crypto.tsl.ex.TSLEngineDiedException;
import java.net.MalformedURLException;
@@ -37,7 +37,7 @@ public class Configurator { try {
_euTSLURL = new URL(euTSLURL);
} catch (MalformedURLException e) {
- _l.err("Bad TSL URL: " + euTSLURL, e);
+ GeneralLog.err("Bad TSL URL: " + euTSLURL, e);
throw new TSLEngineDiedException(e);
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java new file mode 100644 index 0000000..39b2f8c --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java @@ -0,0 +1,265 @@ +package at.gv.egovernment.moa.spss.tsl.connector;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.security.cert.X509Certificate;
+import java.util.Iterator;
+import java.util.ListIterator;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBIntrospector;
+import javax.xml.crypto.Data;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.NodeSetData;
+import javax.xml.crypto.URIReferenceException;
+import javax.xml.crypto.dom.DOMCryptoContext;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import iaik.server.modules.xml.MOAXSecProvider;
+import iaik.xml.crypto.tsl.TSLConstants;
+import iaik.xml.crypto.tsl.TSLContext;
+import iaik.xml.crypto.tsl.TSLEngine;
+import iaik.xml.crypto.tsl.ex.SeverityAspect.Severity;
+import iaik.xml.crypto.tsl.ex.TSLSecurityException;
+import iaik.xml.crypto.tsl.ex.TSLVerificationException;
+import iaik.xml.crypto.tsl.gen.TrustStatusListType;
+import iaik.xml.crypto.tsl.verify.ITSLVerifier;
+import iaik.xml.crypto.utils.URIDereferencerImpl;
+
+public class MOATSLVerifier implements ITSLVerifier {
+
+ private static final Logger logger = LoggerFactory.getLogger(MOATSLVerifier.class);
+
+ private static iaik.xml.crypto.xmldsig.gen.ObjectFactory dsOf = new iaik.xml.crypto.xmldsig.gen.ObjectFactory();
+
+ private static JAXBIntrospector JI = TSLEngine.jc.createJAXBIntrospector();
+
+ public Boolean verifyTSL(Document tslDoc, TSLContext tslContext,
+ ListIterator<X509Certificate> euTslCertsHash) {
+
+ boolean coreValidity = false;
+
+ try {
+ // Signature s = new Signature();
+ // TrustServiceStatusList tssl = new TrustServiceStatusList();
+ JAXBElement<iaik.xml.crypto.xmldsig.gen.SignatureType> s = dsOf.createSignature(new iaik.xml.crypto.xmldsig.gen.SignatureType());
+// _l.debug(""+JI.getElementName(s));
+ JAXBElement<TrustStatusListType> tssl = TSLConstants.TSL_OF.createTrustServiceStatusList(new TrustStatusListType());
+// _l.debug(""+JI.getElementName(tssl));
+
+ Element tsslE = tslDoc.getDocumentElement();
+
+ if (tsslE == null) {
+ tslContext.throwException(new TSLVerificationException("Empty XML File", Severity.xml_failed));
+ // } else if (!tsslE.getNamespaceURI().equals(tssl.getName().getNamespaceURI())) {
+ } else if (!tsslE.getNamespaceURI().equals(JI.getElementName(tssl).getNamespaceURI())) {
+ tslContext.throwException(new TSLVerificationException("Incorrect Namespace", Severity.xml_failed));
+ // } else if (!tsslE.getLocalName().equals(tssl.getName().getLocalPart())) {
+ } else if (!tsslE.getLocalName().equals(JI.getElementName(tssl).getLocalPart())) {
+ tslContext.throwException(new TSLVerificationException("Wrong Document Element in document "+tslDoc.getDocumentURI(), Severity.xml_failed));
+ }
+
+ //now we can be sure the right document element is in place, Schema validation does not assure this for us
+ //Schema validation however assures that the internal Structure of TrustServicesStatus List is correct
+
+ // B.6 1) It MUST be an enveloped signature.
+
+ Node n = tsslE.getLastChild();
+
+ while ( n != null && ! (n instanceof Element) ) {
+ n = n.getPreviousSibling();
+ }
+
+ Element sig = (Element) n;
+
+ if (sig == null ||
+ // ! sig.getNamespaceURI().equals(s.getName().getNamespaceURI()) ||
+ // ! sig.getLocalName().equals(s.getName().getLocalPart())) {
+ ! sig.getNamespaceURI().equals(JI.getElementName(s).getNamespaceURI()) ||
+ ! sig.getLocalName().equals(JI.getElementName(s).getLocalPart())) {
+
+ tslContext.throwException(
+ new TSLVerificationException(
+ TSLSecurityException.Type.NO_TSL_SIGNATURE)
+ );
+
+ } else {
+
+ NodeList cn = tsslE.getChildNodes();
+
+ for (int j = 0; j < cn.getLength(); j++) {
+ cn.item(j);
+ }
+
+ //TODO assure connection with the PKI Module
+ DOMValidateContext valContext = new DOMValidateContext(
+ new MOATslKeySelector(euTslCertsHash, tslContext),
+ sig);
+
+ if (valContext.getURIDereferencer() == null) {
+ valContext.setURIDereferencer(new URIDereferencerImpl());
+ }
+
+ // valContext.setProperty("iaik.xml.crypto.debug.OutputStream", System.out);
+ valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE);
+
+ XMLSignatureFactory fac = MOAXSecProvider.getXMLSignatureFactory();
+
+ // unmarshal the XMLSignature
+ XMLSignature signature = fac.unmarshalXMLSignature(valContext);
+
+ // Validate the XMLSignature (generated above)
+ coreValidity = signature.validate(valContext);
+ // Check core validation status
+ if (coreValidity == false) {
+ debug(valContext, "Signature failed core validation");
+ boolean sv = signature.getSignatureValue().validate(valContext);
+ debug(valContext, "signature validation status: " + sv);
+ // check the validation status of each Reference
+ Iterator it = signature.getSignedInfo().getReferences().iterator();
+ for (int j = 0; it.hasNext(); j++) {
+ boolean refValid = ((Reference) it.next()).validate(valContext);
+ debug(valContext, "ref[" + j + "] validity status: " + refValid);
+ }
+
+ tslContext.throwException(new TSLVerificationException("Signature failed core validation", Severity.signature_failed));
+ }
+
+ SignedInfo si = signature.getSignedInfo();
+ Iterator it = si.getReferences().iterator();
+
+
+ // 2) Its ds:SignedInfo element MUST contain a ds:Reference element with the
+ // URI attribute set to a value referencing the TrustServiceStatusList
+ // element enveloping the signature itself. This ds:Reference element MUST
+ // satisfy the following requirements:
+ // a) It MUST contain only one ds:Transforms element.
+ // b) This ds:Transforms element MUST contain two ds:Transform elements. The
+ // first one will be one whose Algorithm attribute indicates the enveloped
+ // transformation with the value:
+ // "http://www.w3.org/2000/09/xmldsig#enveloped-signature". The second one
+ // will be one whose Algorithm attribute instructs to perform the exclusive
+ // canonicalization "http://www.w3.org/2001/10/xml-exc-c14n#"
+
+ boolean found_proper_tsslE_reference = false;
+
+ for (int j = 0; it.hasNext(); j++) {
+ Reference ref = ((Reference) it.next());
+ Data d = valContext.getURIDereferencer().dereference(ref, valContext);
+
+ if(!(d instanceof NodeSetData)) {
+ continue;
+ } else {
+ NodeSetData nsd = (NodeSetData) d;
+
+
+ if (nsd.iterator().next() == tsslE) {
+
+ //Assured by XMLSchema
+ //throw new TSLException("B.6 2 a) It MUST contain only one ds:Transforms element.");
+
+ if(ref.getTransforms().size() != 2) {
+ tslContext.throwException(
+ new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE)
+ );
+ } else {
+
+ Transform[] transforms = (Transform[]) ref.getTransforms().toArray(new Transform[2]);
+
+ //TODO assign severity, code some heuristic showing the problems
+ if (! transforms[0].getAlgorithm().equals("http://www.w3.org/2000/09/xmldsig#enveloped-signature")) {
+ tslContext.throwException(
+ new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE)
+ );
+
+ }
+
+ //TODO assign severity, code some heuristic showing the problems
+ if (! transforms[1].getAlgorithm().equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
+ tslContext.throwException(
+ new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE)
+ );
+ }
+ }
+
+ found_proper_tsslE_reference = true;
+ }//if (nsd.iterator().next() == tsslE)
+
+ }
+ }
+
+ if(!found_proper_tsslE_reference) {
+ tslContext.throwException(
+ new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE)
+ );
+ }
+
+ // 3) ds:CanonicalizationMethod MUST be
+ // "http://www.w3.org/2001/10/xml-exc-c14n#".
+ if (! si.getCanonicalizationMethod().getAlgorithm().equals("http://www.w3.org/2001/10/xml-exc-c14n#")){
+ tslContext.throwException(
+ new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_CANONICALIZATION_METHOD)
+ );
+ }
+
+ // 4) It MAY have other ds:Reference elements.
+
+ }
+ } catch (URIReferenceException e) {
+ tslContext.throwException(new TSLVerificationException(e));
+ } catch (MarshalException e) {
+ tslContext.throwException(new TSLVerificationException(e));
+ } catch (XMLSignatureException e) {
+ logger.error("Failed to verify XML Signature for TSL!", e);
+ return (Boolean) tslContext.throwException(
+ new TSLSecurityException(TSLSecurityException.Type.ERRORS_IN_TSL_SIGNATURE),
+ //we need an anonymous class to find the enclosing Method
+ (new Object(){}).getClass().getEnclosingMethod(),
+ null,
+ new Object[] {tslDoc, tslContext, euTslCertsHash}
+ );
+ }
+ return coreValidity;
+ }
+
+ public static void debug(DOMCryptoContext context, String message) {
+
+ Object propDebug = context.getProperty("iaik.xml.crypto.debug.OutputStream");
+
+ if ( propDebug == null) {
+ return;
+ }
+
+ if (! (propDebug instanceof OutputStream)) {
+ System.err.println("Failed to write to debug output stream. " +
+ "DOMCryptoContext's Property (\"iaik.xml.crypto.debug.OutputStream\") " +
+ "has to be of type OutputStream."
+ );
+ } else {
+
+ OutputStream os = (OutputStream) propDebug;
+ try {
+ (new OutputStreamWriter(os)).write(message);
+ } catch (IOException e) {
+ System.err.println("Failed to write to debug output stream. " + e.getMessage());
+ //TODO we cannot close the output stream here ...
+ }
+ }
+
+ }
+
+}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java new file mode 100644 index 0000000..efdd877 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java @@ -0,0 +1,123 @@ +package at.gv.egovernment.moa.spss.tsl.connector;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.ListIterator;
+
+import javax.xml.crypto.AlgorithmMethod;
+import javax.xml.crypto.KeySelectorException;
+import javax.xml.crypto.KeySelectorResult;
+import javax.xml.crypto.XMLCryptoContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+
+import iaik.server.modules.xmlverify.MOAKeySelector;
+import iaik.xml.crypto.tsl.TSLContext;
+import iaik.xml.crypto.tsl.ex.TSLSecurityException;
+import iaik.xml.crypto.tsl.ex.TSLVerificationException;
+import iaik.xml.crypto.tsl.verify.TslKeyInfoHints;
+import iaik.xml.crypto.utils.X509KeySelectorResult;
+
+public class MOATslKeySelector extends MOAKeySelector {
+
+ private final ListIterator<X509Certificate> tslSignerCerts_;
+ private TSLContext tslContextI_;
+
+ public MOATslKeySelector(ListIterator<X509Certificate> euTslCertsHash, TSLContext tslContext) {
+ if(euTslCertsHash == null){
+ tslContext.throwException(
+ new TSLVerificationException(
+ TSLSecurityException.Type.MISSING_INFO_ON_TSL_SIGNER)
+ );
+ }
+ tslSignerCerts_ = euTslCertsHash;
+ tslContextI_ = tslContext;
+ tslContext.toString();
+ }
+
+ @Override
+ protected KeyInfoHints newKeyInfoHints(KeyInfo keyInfo,
+ XMLCryptoContext context)
+ throws KeySelectorException {
+
+ return new TslKeyInfoHints(keyInfo, context, tslContextI_, tslSignerCerts_);
+
+ }
+
+ @Override
+ protected KeySelectorResult select(KeyInfoHints hints,
+ KeySelectorResult[] results) {
+
+ if (results.length > 1){
+
+ return (KeySelectorResult) tslContextI_.throwException(
+ new TSLSecurityException(TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER),
+ //we need an anonymous class to find the enclosing Method
+ (new Object(){}).getClass().getEnclosingMethod(),
+ this,
+ new Object[] {hints, results}
+ );
+
+ } else {
+ KeySelectorResult result = results[0];
+ if (result instanceof X509KeySelectorResult) {
+ result = new MOAX509KeySelectorResult((X509KeySelectorResult)result);
+ } else {
+ result = new MOAKeySelectorResult(result.getKey());
+ }
+ return result;
+ }
+ }
+
+ @Override
+ public KeySelectorResult select(X509Data x509Data,
+ Purpose purpose,
+ AlgorithmMethod method,
+ XMLCryptoContext context) throws KeySelectorException {
+
+ X509KeySelectorResult ksr;
+ try {
+ ksr = (X509KeySelectorResult) super.select(x509Data, purpose, method, context);
+ } catch (ClassCastException e) {
+ ksr = (X509KeySelectorResult) tslContextI_.throwException(
+ e,
+ //we need an anonymous class to find the enclosing Method
+ (new Object(){}).getClass().getEnclosingMethod(),
+ this,
+ new Object[]{x509Data, purpose, method, context});
+ }
+
+ if (ksr == null){
+ //there has been a Problem with the X509Data
+ ksr = (X509KeySelectorResult) tslContextI_.throwException(
+ new KeySelectorException(failReason_.replace(". ", ".\n")),
+ //we need an anonymous class to find the enclosing Method
+ (new Object(){}).getClass().getEnclosingMethod(),
+ this,
+ new Object[]{x509Data, purpose, method, context});
+ }
+
+ List l = ksr.getCertificates();
+ tslContextI_.securityCheck(
+ TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER,
+ (X509Certificate[]) l.toArray(new X509Certificate[l.size()]),
+ tslSignerCerts_
+ );
+
+ return ksr;
+ }
+
+ @Override
+ protected KeySelectorResult select(X509Certificate cert, Purpose purpose,
+ AlgorithmMethod method, XMLCryptoContext context)
+ throws KeySelectorException {
+
+ tslContextI_.securityCheck(
+ TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER,
+ cert,
+ tslSignerCerts_
+ );
+
+ return super.select(cert, purpose, method, context);
+ }
+}
\ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index 82df37b..fee6ebe 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -29,8 +29,8 @@ import at.gv.egovernment.moa.spss.tsl.utils.TSLEUImportFromFileContext; import at.gv.egovernment.moa.spss.tsl.utils.TSLEvaluationContext;
import at.gv.egovernment.moa.spss.tsl.utils.TSLImportFromFileContext;
import iaik.asn1.ObjectID;
-import iaik.util._15;
-import iaik.util.logging._l;
+import iaik.util.GeneralUtils15;
+import iaik.util.logging.GeneralLog;
import iaik.utils.RFC2253NameParser;
import iaik.xml.crypto.EccProviderAdapter;
import iaik.xml.crypto.XSecProvider;
@@ -314,7 +314,7 @@ public class TSLConnector implements TSLConnectorInterface { log.debug(Thread.currentThread() + " waiting for other threads ...");
topLevelTslContext.waitForAllOtherThreads();
- log.debug(_15.dumpAllThreads());
+ log.debug(GeneralUtils15.dumpAllThreads());
log.debug(Thread.currentThread() + " reactivated after other threads finished ...");
connection = null;
@@ -395,7 +395,7 @@ public class TSLConnector implements TSLConnectorInterface { log.debug("### SURNAME registered as " + ObjectID.surName + " ###");
RFC2253NameParser.register("SURNAME", ObjectID.surName);
- XSecProvider.addAsProvider(false);
+ //XSecProvider.addAsProvider(false);
TSLEngine tslEngine;
TslSqlConnectionWrapper connection = null;
@@ -557,7 +557,7 @@ public class TSLConnector implements TSLConnectorInterface { log.debug(Thread.currentThread() + " waiting for other threads ...");
topLevelTslContext.waitForAllOtherThreads();
- log.debug(_15.dumpAllThreads());
+ log.debug(GeneralUtils15.dumpAllThreads());
log.debug(Thread.currentThread() + " reactivated after other threads finished ...");
connection = null;
@@ -635,7 +635,7 @@ public class TSLConnector implements TSLConnectorInterface { } catch (TSLEngineFatalException e) {
e.printStackTrace();
- _l.err("could not export Certs", e);
+ GeneralLog.err("could not export Certs", e);
throw new TSLEngineDiedException(e);
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index e06abe4..5139469 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -21,8 +21,6 @@ import java.util.Iterator; import java.util.Map;
import java.util.TimerTask;
-import at.gv.egovernment.moa.logging.LogMsg;
-import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.api.common.TSLConfiguration;
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
@@ -33,7 +31,9 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStorePro import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector;
import at.gv.egovernment.moa.spss.util.MessageProvider;
-import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moaspss.logging.LogMsg;
+import at.gv.egovernment.moaspss.logging.Logger;
+import at.gv.egovernment.moaspss.util.StringUtils;
public class TSLUpdaterTimerTask extends TimerTask {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java index 453ee2b..e0fff56 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.spss.tsl.utils;
import java.io.File;
+import java.io.FileFilter;
import java.io.IOException;
import java.lang.reflect.Method;
import java.net.URL;
@@ -11,7 +12,7 @@ import java.util.List; import org.sqlite.SQLiteErrorCode;
import iaik.util.logging.Log;
-import iaik.util.logging._l;
+import iaik.util.logging.GeneralLog;
import iaik.util.logging.Log.MultiThreadLoggingGroup;
import iaik.xml.crypto.tsl.DbTables;
import iaik.xml.crypto.tsl.TSLImportFromFileContext;
@@ -76,7 +77,7 @@ public class TSLEUImportFromFileContext extends TopLevelTslFetchContext { parameters[0] instanceof URL
){
- _l.err("Ignoring download error using old: " + parameters[0],null);
+ GeneralLog.err("Ignoring download error using old: " + parameters[0],null);
wrapException(e);
return parameters[1];
}
@@ -87,7 +88,7 @@ public class TSLEUImportFromFileContext extends TopLevelTslFetchContext { TSLExceptionB ve = (TSLExceptionB) e;
Severity s = ve.getSeverity();
if ( s != null && s.ordinal() < Severity.insecure.ordinal()){
- _l.err("Ignored Exception: ",ve);
+ GeneralLog.err("Ignored Exception: ",ve);
// if(logExceptions_){
warnings_.add(
new ThrowableAndLocatorAndMitigation(
@@ -136,5 +137,10 @@ public class TSLEUImportFromFileContext extends TopLevelTslFetchContext { public void print(Object msg) {
Log.print(msg);
}
+
+ @Override
+ public FileFilter getCertificateFileFilter() {
+ return null;
+ }
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java index a656f11..f0723a1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java @@ -2,7 +2,7 @@ package at.gv.egovernment.moa.spss.tsl.utils; import iaik.util.logging.Log.MultiThreadLoggingGroup;
import iaik.util.logging.Log;
-import iaik.util.logging._l;
+import iaik.util.logging.GeneralLog;
import iaik.xml.crypto.tsl.BaseClass;
import iaik.xml.crypto.tsl.SIEExtensionChecker;
import iaik.xml.crypto.tsl.constants.Countries;
@@ -42,7 +42,7 @@ public final class TSLEvaluationContext extends iaik.xml.crypto.tsl.TSLEvaluatio CriteriaListType criteriaList = (CriteriaListType) parameters[1];
- _l.warn(criteriaList.getDescription());
+ GeneralLog.warn(criteriaList.getDescription());
String description = criteriaList.getDescription();
if (description
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java index 5d69f69..eda2b34 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.spss.tsl.utils; import java.io.BufferedOutputStream;
import java.io.File;
+import java.io.FileFilter;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.OutputStream;
@@ -36,10 +37,10 @@ import org.xml.sax.SAXParseException; import at.gv.egovernment.moa.spss.tsl.exception.MitigatedTSLSecurityException;
import iaik.util.logging.Log.MultiThreadLoggingGroup;
-import iaik.util.logging._l;
+import iaik.util.logging.GeneralLog;
import iaik.utils.RFC2253NameParserException;
import iaik.utils.Util;
-import iaik.util._15;
+import iaik.util.GeneralUtils15;
import iaik.xml.crypto.dsig.keyinfo.X509DataImpl;
import iaik.xml.crypto.tsl.DbTables;
import iaik.xml.crypto.tsl.TSLConstants;
@@ -243,7 +244,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if (parameters[0] instanceof DOMError) {
DOMError domError = (DOMError) parameters[0];
- _l.warn(""+domError.getRelatedData());
+ GeneralLog.warn(""+domError.getRelatedData());
// domError.getRelatedData().getClass().getField("")
@@ -277,9 +278,9 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF String[] rdns = subDN.substring(1, subDN.length()).split("/");
- rdns = (String[]) _15.reverseInPlace(rdns);
+ rdns = (String[]) GeneralUtils15.reverseInPlace(rdns);
- subDN = "/"+_15.implode("/", rdns);
+ subDN = "/"+GeneralUtils15.implode("/", rdns);
//for now we only support properly quoted values or such without quotes
@@ -375,7 +376,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF }
}
- _l.err("Ignoring download error using old: " + parameters[0], null);
+ GeneralLog.err("Ignoring download error using old: " + parameters[0], null);
wrapException(e);
return parameters[1];
}
@@ -448,7 +449,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF X509Certificate crt = (X509Certificate)parameters[1];
File f = new File("./wrong/"+expectedTerritory_+"/",
- iaik.util._15.toHexString(getFingerPrint(crt,
+ iaik.util.GeneralUtils15.toHexString(getFingerPrint(crt,
new byte[TSLConstants.CertHash.LENGTH]))+".der");
File parent = f.getParentFile();
if(!parent.exists() && !parent.mkdirs()){
@@ -571,7 +572,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF li.next();
String sn = (String) li.next();
- _l.err(sn, null);
+ GeneralLog.err(sn, null);
System.exit(1);
@@ -796,7 +797,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF String msg = e.getMessage();
- _l.info(msg);
+ GeneralLog.info(msg);
return(
msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") &&
msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique")
@@ -804,7 +805,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF }
@Override
- protected Long getLocalLastModified(File targetFile) {
+ protected File getLocalLastModified(File targetFile) {
return super.getLocalLastModified(targetFile);
}
@Override
@@ -830,7 +831,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF synchronized (log) {
parentContext_.print("<" + ncName + " state=\"" + currentThread.getState()
+ "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "</"
- + ncName + ">" + _15.LB);
+ + ncName + ">" + GeneralUtils15.LB);
parentContext_.flushLog();
log.setLength(0);
}
@@ -846,5 +847,9 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF log.append(msg);
}
}
+ @Override
+ public FileFilter getCertificateFileFilter() {
+ return null;
+ }
}
\ No newline at end of file |