aboutsummaryrefslogtreecommitdiff
path: root/moaSig
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2016-12-20 17:00:45 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2016-12-20 17:00:45 +0100
commitaabb36836ebfca9fe8cdc70dff13c0be7e5e761c (patch)
tree79b1f6706f0f51fc9e8f0948268e254ddb63de49 /moaSig
parentf51caf2aafe4a5bdc4383d08f74036f6be3cc31b (diff)
downloadmoa-sig-aabb36836ebfca9fe8cdc70dff13c0be7e5e761c.tar.gz
moa-sig-aabb36836ebfca9fe8cdc70dff13c0be7e5e761c.tar.bz2
moa-sig-aabb36836ebfca9fe8cdc70dff13c0be7e5e761c.zip
add next missing parts for new TSL lib
Diffstat (limited to 'moaSig')
-rw-r--r--moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd358
-rw-r--r--moaSig/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml6
-rw-r--r--moaSig/libs/iaik_tsl-1.1.jarbin558269 -> 0 bytes
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java5
-rw-r--r--moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java7
5 files changed, 370 insertions, 6 deletions
diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd
new file mode 100644
index 0000000..716f9d4
--- /dev/null
+++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.0.0.xsd
@@ -0,0 +1,358 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ MOA SP/SS 1.5.1 Configuration Schema
+-->
+<xs:schema xmlns:config="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xs:element name="MOAConfiguration">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Common" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="HardwareCryptoModule" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="PDFASConfig" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element name="AdESFormResult" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
+ <xs:choice>
+ <xs:element name="PermitExternalUris" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence minOccurs="0">
+ <xs:element name="BlackListUri" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="IP" type="xs:string"/>
+ <xs:element name="Port" type="xs:int" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="ForbidExternalUris" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="WhiteListUri" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="IP" type="xs:string"/>
+ <xs:element name="Port" type="xs:int" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureCreation" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModules">
+ <xs:complexType>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="HardwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Name" type="xs:string"/>
+ <xs:element name="SlotId" type="xs:string" minOccurs="0"/>
+ <xs:element name="UserPIN" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SoftwareKeyModule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="FileName" type="xs:string"/>
+ <xs:element name="Password" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroup" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="Key">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="KeyModuleId" type="xs:token"/>
+ <xs:element name="KeyCertIssuerSerial" type="dsig:X509IssuerSerialType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ <xs:element name="DigestMethodAlgorithm" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="KeyGroupMapping" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CustomerId" type="dsig:X509IssuerSerialType" minOccurs="0"/>
+ <xs:element name="KeyGroupId" type="xs:token" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="XMLDSig">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CanonicalizationAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="DigestMethodAlgorithm" type="xs:anyURI" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="CreateTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="CreateSignatureEnvironmentProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="XAdES" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Version">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="1.4.2"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="SignatureVerification" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CertificateValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="ReadTimeout" type="xs:string" minOccurs="0" maxOccurs="1"/>
+ <xs:element name="PathConstruction">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="AutoAddCertificates" type="xs:boolean"/>
+ <xs:element name="UseAuthorityInformationAccess" type="xs:boolean"/>
+ <xs:element name="CertificateStore">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element name="DirectoryStore">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Location" type="xs:token"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="PathValidation">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="ChainingMode">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="DefaultMode" type="config:ChainingModeType"/>
+ <xs:element name="TrustAnchor" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Identification" type="dsig:X509IssuerSerialType"/>
+ <xs:element name="Mode" type="config:ChainingModeType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="TrustProfile" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
+ <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="EUTSL" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CountrySelection" type="xs:string" minOccurs="0"/>
+ <xs:element name="AllowedTSPStatus" type="xs:string" minOccurs="0"/>
+ <xs:element name="AllowedTSPServiceTypes" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <!--
+ <xs:element name="TSLTrustProfile">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="TrustAnchorsLocation" type="xs:anyURI"/>
+ <xs:element name="SignerCertsLocation" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="EUTSL" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CountrySelection" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ -->
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="RevocationChecking">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="EnableChecking" type="xs:boolean"/>
+ <xs:element name="MaxRevocationAge" type="xs:integer"/>
+ <xs:element name="ServiceOrder" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence maxOccurs="2">
+ <xs:element name="Service">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="OCSP"/>
+ <xs:enumeration value="CRL"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Archiving">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="EnableArchiving" type="xs:boolean"/>
+ <xs:element name="ArchiveDuration" type="xs:nonNegativeInteger" minOccurs="0"/>
+ <xs:element name="Archive" minOccurs="0">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element name="DatabaseArchive">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="JDBCURL" type="xs:anyURI"/>
+ <xs:element name="JDBCDriverClassName" type="xs:token"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="DistributionPoint" minOccurs="0" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="CAIssuerDN" type="xs:token"/>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element name="CRLDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Location" type="xs:anyURI"/>
+ <xs:element name="ReasonCode" minOccurs="0" maxOccurs="unbounded">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="unused"/>
+ <xs:enumeration value="keyCompromise"/>
+ <xs:enumeration value="cACompromise"/>
+ <xs:enumeration value="affiliationChanged"/>
+ <xs:enumeration value="superseded"/>
+ <xs:enumeration value="cessationOfOperation"/>
+ <xs:enumeration value="certificateHold"/>
+ <xs:enumeration value="privilegeWithdrawn"/>
+ <xs:enumeration value="aACompromise"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="OCSPDP">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Location" type="xs:anyURI"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="CrlRetentionIntervals" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="CA">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="X509IssuerName" type="xs:string"/>
+ <xs:element name="Interval" type="xs:integer"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="TSLConfiguration" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="EUTSLUrl" type="xs:anyURI" minOccurs="0"/>
+ <xs:element name="UpdateSchedule" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="StartTime" type="xs:time"/>
+ <xs:element name="Period" type="xs:unsignedLong"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="WorkingDirectory" type="xs:anyURI" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="VerifyTransformsInfoProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="SupplementProfile" type="config:ProfileType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="PermitFileURIs" type="xs:boolean" default="false" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:simpleType name="ChainingModeType">
+ <xs:restriction base="xs:string">
+ <xs:enumeration value="chaining"/>
+ <xs:enumeration value="pkix"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:complexType name="ProfileType">
+ <xs:sequence>
+ <xs:element name="Id" type="xs:token"/>
+ <xs:element name="Location" type="xs:anyURI"/>
+ </xs:sequence>
+ </xs:complexType>
+</xs:schema>
diff --git a/moaSig/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml b/moaSig/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml
index 8d7541b..2a8cdd0 100644
--- a/moaSig/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml
+++ b/moaSig/handbook/conf/moa-spss/sp.minimum_with_tsl.config.xml
@@ -25,6 +25,8 @@
<!-- </cfg:Common>-->
<cfg:SignatureVerification>
<cfg:CertificateValidation>
+ <!-- ReadTimeout in seconds-->
+ <cfg:ReadTimeout>30</cfg:ReadTimeout>
<cfg:PathConstruction>
<cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
<cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
@@ -49,7 +51,9 @@
<cfg:EUTSL>
<!-- Optional kann eine Länderliste mit zweistelligen Länderkürzeln angegeben werden (d.h. nur die -->
<!-- Vertrauensanker der angegeben Länder werden importiert) -->
- <!--<cfg:CountrySelection>AT,BE</cfg:CountrySelection>-->
+ <cfg:CountrySelection>AT,BE</cfg:CountrySelection>
+ <cfg:AllowedTSPStatus></cfg:AllowedTSPStatus>
+ <cfg:AllowedTSPServiceTypes></cfg:AllowedTSPServiceTypes>
</cfg:EUTSL>
</cfg:TrustProfile>
</cfg:PathValidation>
diff --git a/moaSig/libs/iaik_tsl-1.1.jar b/moaSig/libs/iaik_tsl-1.1.jar
deleted file mode 100644
index 82d84ba..0000000
--- a/moaSig/libs/iaik_tsl-1.1.jar
+++ /dev/null
Binary files differ
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index e134d57..6c826ad 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -31,7 +31,6 @@ import iaik.pki.revocation.RevocationSourceTypes;
import iaik.server.modules.xml.BlackListEntry;
import iaik.server.modules.xml.ExternalReferenceChecker;
import iaik.server.modules.xml.WhiteListEntry;
-import iaik.util.logging.Log;
import iaik.utils.RFC2253NameParser;
import iaik.utils.RFC2253NameParserException;
import iaik.xml.crypto.utils.URI;
@@ -433,7 +432,7 @@ public class ConfigurationPartsBuilder {
try {
defaultConnectionTimeout = Integer.parseInt(connectionTimeout);
} catch(NumberFormatException e) {
- Log.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + " should be a number defaulting to 30");
+ Logger.warn("Configuration value " + CONNECTION_TIMEOUT_XPATH_ + " should be a number defaulting to 30");
}
}
@@ -453,7 +452,7 @@ public class ConfigurationPartsBuilder {
try {
defaultConnectionTimeout = Integer.parseInt(connectionTimeout);
} catch(NumberFormatException e) {
- Log.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30");
+ Logger.warn("Configuration value " + READ_TIMEOUT_XPATH_ + " should be a number defaulting to 30");
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 789336e..d8ebd85 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -46,6 +46,7 @@ import at.gv.egovernment.moa.spss.api.common.Content;
import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult;
import at.gv.egovernment.moa.spss.api.common.InputData;
import at.gv.egovernment.moa.spss.api.common.SignerInfo;
+import at.gv.egovernment.moa.spss.api.common.TslInfos;
import at.gv.egovernment.moa.spss.api.impl.InputDataBinaryImpl;
import at.gv.egovernment.moa.spss.api.impl.InputDataXMLImpl;
import at.gv.egovernment.moa.spss.api.xmlverify.ManifestRefsCheckResultInfo;
@@ -160,7 +161,8 @@ public class VerifyXMLSignatureResponseBuilder {
boolean checkSSCD,
boolean sscdSourceTSL,
boolean isTSLEnabledTrustprofile,
- String issuerCountryCode)
+ String issuerCountryCode,
+ TslInfos tslInfos)
throws MOAApplicationException {
CertificateValidationResult certResult =
@@ -187,7 +189,8 @@ public class VerifyXMLSignatureResponseBuilder {
checkSSCD,
sscdSourceTSL,
issuerCountryCode,
- result.getSigningTime());
+ result.getSigningTime(),
+ tslInfos);
// Create HashInputData Content objects
referenceDataList = result.getReferenceDataList();