diff options
102 files changed, 1412 insertions, 849 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8f8638e..8637b6a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ -image: gradle:6.8.3-jdk11 +image: gradle:8.14.2-jdk17 variables: LC_ALL: "en_US.UTF-8" @@ -18,11 +18,11 @@ include: ## skip jUnit tests in Test jobs to speed-up build time dependency_scanning: variables: - DS_JAVA_VERSION: 11 + DS_JAVA_VERSION: 17 spotbugs-sast: variables: - SAST_JAVA_VERSION: 11 + SAST_JAVA_VERSION: 17 default: @@ -63,11 +63,12 @@ release_packaging: - tags before_script: - mkdir -p ~/.ssh - - ssh-keyscan apps.egiz.gv.at >> ~/.ssh/known_hosts - - chmod 644 ~/.ssh/known_hosts + #- ssh-keyscan apps.egiz.gv.at >> ~/.ssh/known_hosts + - echo $DEPLOY_EGIZ >> ~/.ssh/known_hosts + - chmod 644 ~/.ssh/known_hosts script: | cd ./moaSig - ./gradlew assemble uploadArchives + ./gradlew assemble publish artifacts: when: always name: "${CI_PROJECT_NAME}-${CI_COMMIT_SHORT_SHA}" @@ -68,6 +68,38 @@ where ## Changelog +**v3.3.0** + +- Mindestanforderungen + - Java 17 + - Apache Tomcat 10.1 (Jakarta Servlet 6.0) +- Verwendung von RSASSA-PSS Algorithmen als Default bei RSA Schlüsselmaterial +- Verbessertes Fehlerhändling in Trust-Status-List (TSL) Implementierung +- Aktualisierung von Drittherstellerbibliotheken + +**v3.2.4** + +- Bugfix + - Verbessertes Fehlerhändling in Trust-Status-List (TSL) Implementierung + - Stabilisierungsmaßnahmen in SOAP WebService Implementierung + - Fehlerhaftes Encoding bei Fehlermeldungen behoben +- Striktere Validierung von ASN.1 kodierten Signaturwerten für ECDSA Signaturen +- Aktualisierung von Drittherstellerbibliotheken + +**v3.2.3** + +- Bugfix + - TLS Verbindungsprobleme bei Verwendung von CHACHA20-POLY1305 behoben +- Aktualisierung der Bibliotheken für PKCS11 Unterstützung +- Aktualisierung von Drittherstellerbibliotheken + +**v3.2.2** + +- Bugfix + - Zu restriktiver KeyUsage Check bei extended Validation und PDF Dokumenten behoben +- Logging optimiert +- Aktualisierung von Drittherstellerbibliotheken + **v3.2.1** - Bugfix @@ -96,4 +128,4 @@ where - Updates von Bibliotheken zur Stabilitätsverbesserung - TrustStore Update in der Beispielkonfiguration -
\ No newline at end of file + diff --git a/moaSig/build.gradle b/moaSig/build.gradle index 5528fe9..9284338 100644 --- a/moaSig/build.gradle +++ b/moaSig/build.gradle @@ -1,98 +1,110 @@ -buildscript { - repositories { - maven { - url "https://plugins.gradle.org/m2/" +plugins { + id 'java-library' + id 'eclipse' + id 'maven-publish' +} + +allprojects { + version = '3.3.0' + + repositories { + mavenLocal() + mavenCentral() + maven { + url = uri("https://apps.egiz.gv.at/maven/") + mavenContent { + releasesOnly() + } + } + maven { + url = uri("https://apps.egiz.gv.at/maven-snapshot/") + mavenContent { + snapshotsOnly() + } + } } - } - dependencies { - classpath "com.bmuschko:gradle-tomcat-plugin:2.2.4" - } +} + +configurations.all { + exclude group: 'xml-apis', module: 'xml-apis' } subprojects { apply plugin: 'java-library' apply plugin: 'eclipse' apply plugin: 'maven-publish' - apply plugin: 'maven' - version = '3.2.4' - - repositories { - mavenCentral() - - maven { - url "https://apps.egiz.gv.at/maven/" - mavenContent { - releasesOnly() - } - } - maven { - url "https://apps.egiz.gv.at/maven-snapshot/" - mavenContent { - snapshotsOnly() - } - } - - } - dependencies { + implementation 'org.projectlombok:lombok:1.18.38' testImplementation 'junit:junit:4.13.2' } - - jar { manifest.attributes provider: 'EGIZ', 'Specification-Version': getCheckedOutGitCommitHash(), 'Implementation-Version': project.version } - compileJava { - sourceCompatibility = 1.8 - targetCompatibility = 1.8 - } + java { + toolchain { + languageVersion = JavaLanguageVersion.of(17) + } + withJavadocJar() + withSourcesJar() + } + + tasks.withType(JavaCompile).configureEach { + options.compilerArgs << '-Xlint:-options' + } + + tasks.withType(Javadoc).configureEach { + failOnError = false + options.addStringOption('Xdoclint:none', '-quiet') + } - tasks.withType(JavaCompile) { - options.compilerArgs << '-Xlint:-options' - } - - publishing { - publications { - mavenJava(MavenPublication) { - from components.java - // more goes in here - } - } - repositories { - maven { - // change to point to your repo, e.g. http://my.org/repo - url = "$buildDir/repo" - } - mavenLocal() - } + tasks.withType(Test).configureEach { + failOnNoDiscoveredTests = false; } - - task deployJar(type: Jar) - configurations { - deployerJars - - } - - dependencies { - deployerJars "org.apache.maven.wagon:wagon-ssh:3.4.3" - - } + jar { + manifest { + attributes( + provider: 'EGIZ', + 'Specification-Version': getCheckedOutGitCommitHash(), + 'Implementation-Version': project.version + ) + } + } - uploadArchives { - repositories.mavenDeployer { - configuration = configurations.deployerJars - repository(url: "sftp://apps.egiz.gv.at/maven") { - authentication(userName: System.getenv("EGIZ_MAVEN_USER"), password: System.getenv("EGIZ_MAVEN_PASSWORD")) - - } - snapshotRepository(url: "sftp://apps.egiz.gv.at/maven-snapshot") { - authentication(userName: System.getenv("EGIZ_MAVEN_USER"), password: System.getenv("EGIZ_MAVEN_PASSWORD")) - - } - } - } - - + publishing { + publications { + mavenJava(MavenPublication) { + from components.java + } + } + repositories { + maven { + url = uri("$buildDir/repo") + } + mavenLocal() + maven { + name = "egizReleases" + url = "sftp://apps.egiz.gv.at:22/maven" + credentials { + //username = System.getenv("EGIZ_MAVEN_USER") + //password = System.getenv("EGIZ_MAVEN_PASSWORD") + username = "appsegiz" + password = "dechof5air5Ix2thoh2e" + } + allowInsecureProtocol = true + } + maven { + name = "egizSnapshots" + url = "sftp://apps.egiz.gv.at:22/maven-snapshot" + credentials { + //username = System.getenv("EGIZ_MAVEN_USER") + //password = System.getenv("EGIZ_MAVEN_PASSWORD") + username = "appsegiz" + password = "dechof5air5Ix2thoh2e" + } + allowInsecureProtocol = true + } + } + } } def getCheckedOutGitCommitHash() { @@ -100,7 +112,7 @@ def getCheckedOutGitCommitHash() { def takeFromHash = 40 def head = new File(gitFolder + "HEAD").text.split(":") def isCommit = head.length == 1 - if(isCommit) return head[0].trim().take(takeFromHash) + if (isCommit) return head[0].trim().take(takeFromHash) def refHead = new File(gitFolder + head[1].trim()) - refHead.text.trim().take takeFromHash + refHead.text.trim().take(takeFromHash) } diff --git a/moaSig/common/build.gradle b/moaSig/common/build.gradle index 5f12e76..79f1b02 100644 --- a/moaSig/common/build.gradle +++ b/moaSig/common/build.gradle @@ -1,24 +1,45 @@ +plugins { + id 'java-library' +} + dependencies { - implementation files('../libs/iaik_jce_full_signed-6.1_moa.jar') - api 'org.slf4j:slf4j-api:1.7.36' - api 'xerces:xercesImpl:2.12.2' - api 'xalan:xalan:2.7.1' - api group: 'xalan', name: 'serializer', version: '2.7.1' - api 'joda-time:joda-time:2.12.7' - api 'jaxen:jaxen:1.2.0' + implementation files('../libs/iaik_jce_full_signed-6.1_moa.jar') + + api 'org.slf4j:slf4j-api:2.0.17' + + api(group: 'xerces', name: 'xercesImpl', version: '2.12.2') { + exclude group: 'xml-apis', module: 'xml-apis' + } + + api(group: 'xalan', name: 'xalan', version: '2.7.1') { + exclude group: 'xml-apis', module: 'xml-apis' + } + + api(group: 'xalan', name: 'serializer', version: '2.7.1') { + exclude group: 'xml-apis', module: 'xml-apis' + } + + api 'joda-time:joda-time:2.14.0' + api 'jaxen:jaxen:2.0.0' } -task testJar(type: Jar, dependsOn: testClasses) { + +java { + sourceCompatibility = JavaVersion.VERSION_17 + targetCompatibility = JavaVersion.VERSION_17 + withJavadocJar() + withSourcesJar() +} + +tasks.register('testJar', Jar) { + archiveClassifier.set('tests') from sourceSets.test.output - classifier = 'tests' } configurations { - testArtifacts.extendsFrom testCompile + testArtifacts } artifacts { - testArtifacts testJar - //archives testJar + testArtifacts(tasks.named('testJar')) } - diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java index 2c9b4c0..a95ee5b 100644 --- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java +++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/Base64Utils.java @@ -46,6 +46,7 @@ public class Base64Utils { * @param base64String The <code>String</code> containing the Base64 * encoded bytes. * @param ignoreInvalidChars Whether to ignore invalid Base64 characters. + * @param encoding Char encoding that should be used * @return byte[] The raw bytes contained in the <code>base64String</code>. * @throws IOException Failed to read the Base64 data. */ diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java index 2f96196..86d2e54 100644 --- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java +++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java @@ -315,26 +315,6 @@ public class DOMUtils { * * @param inputStream The <code>InputStream</code> * containing the XML document. - * @param validating If <code>true</code>, parse - * validating. - * @param externalSchemaLocations A <code>String</code> containing - * namespace URI to schema location - * pairs, the same way it is accepted - * by the <code>xsi: - * schemaLocation</code> attribute. - * @param externalNoNamespaceSchemaLocation The schema location of the schema - * for elements without a namespace, - * the same way it is accepted by the - * <code>xsi:noNamespaceSchemaLocation</code> - * attribute. - * @param entityResolver An <code>EntityResolver</code> to - * resolve external entities (schemas - * and DTDs). If <code>null</code>, it - * will not be set. - * @param errorHandler An <code>ErrorHandler</code> to - * decide what to do with parsing - * errors. If <code>null</code>, it - * will not be set. * @return The parsed XML document as a DOM tree. * @throws SAXException An error occurred parsing the document. * @throws IOException An error occurred reading the document. diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java index f62b82a..94ecc8b 100644 --- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java +++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java @@ -202,7 +202,7 @@ public class KeyStoreUtils { /** * Loads a keyStore without knowing the keyStore type * - * @param in input stream + * @param is input stream * @param password Password protecting the keyStore * @return keyStore loaded * @throws KeyStoreException thrown if keyStore cannot be loaded diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java index f4acabf..2ab55a2 100644 --- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java +++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java @@ -113,8 +113,8 @@ public class MOAErrorHandler extends DefaultErrorHandler { return new Object[] { e.getMessage(), e.getSystemId(), - new Integer(e.getLineNumber()), - new Integer(e.getColumnNumber()) }; + Integer.valueOf(e.getLineNumber()), + Integer.valueOf(e.getColumnNumber()) }; } }
\ No newline at end of file diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java index 591495a..13133ea 100644 --- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java +++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java @@ -70,7 +70,7 @@ public class MOATimer { * @param id The action ID. */ public void startTiming(Object id) { - timemapstart.put(id, new Long(System.currentTimeMillis())); + timemapstart.put(id, Long.valueOf(System.currentTimeMillis())); } /** @@ -79,7 +79,7 @@ public class MOATimer { * @param id The action ID. */ public void stopTiming(Object id) { - timemapend.put(id, new Long(System.currentTimeMillis())); + timemapend.put(id, Long.valueOf(System.currentTimeMillis())); } /** diff --git a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.2.0.xsd b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.2.0.xsd index d9cecf1..57c2e1d 100644 --- a/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.2.0.xsd +++ b/moaSig/common/src/main/resources/resources/schemas/MOA-SPSS-config-3.2.0.xsd @@ -98,6 +98,7 @@ </xs:sequence> <xs:element name="DigestMethodAlgorithm" minOccurs="0"/> </xs:sequence> + <xs:attribute name="RSASSA-PSS" type="xs:boolean"/> </xs:complexType> </xs:element> <xs:element name="KeyGroupMapping" maxOccurs="unbounded"> @@ -131,6 +132,11 @@ </xs:sequence> </xs:complexType> </xs:element> + <xs:element name="Signing" minOccurs="0"> + <xs:complexType> + <xs:attribute name="RSASSA-PSS" type="xs:boolean" default="true"/> + </xs:complexType> + </xs:element> </xs:sequence> </xs:complexType> </xs:element> diff --git a/moaSig/gradle/wrapper/gradle-wrapper.jar b/moaSig/gradle/wrapper/gradle-wrapper.jar Binary files differindex 75ae3ac..1b33c55 100644 --- a/moaSig/gradle/wrapper/gradle-wrapper.jar +++ b/moaSig/gradle/wrapper/gradle-wrapper.jar diff --git a/moaSig/gradle/wrapper/gradle-wrapper.properties b/moaSig/gradle/wrapper/gradle-wrapper.properties index e6fc1b1..2a84e18 100644 --- a/moaSig/gradle/wrapper/gradle-wrapper.properties +++ b/moaSig/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,7 @@ -distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -zipStorePath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-9.0.0-bin.zip +networkTimeout=10000 +validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/moaSig/gradlew b/moaSig/gradlew index cccdd3d..23d15a9 100755 --- a/moaSig/gradlew +++ b/moaSig/gradlew @@ -1,78 +1,129 @@ -#!/usr/bin/env sh +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ############################################################################## -## -## Gradle start up script for UN*X -## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# ############################################################################## # Attempt to set APP_HOME + # Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null - -APP_NAME="Gradle" -APP_BASE_NAME=`basename "$0"` -# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS="" +# This is normally unused +# shellcheck disable=SC2034 +APP_BASE_NAME=${0##*/} +# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036) +APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit # Use the maximum available, or set MAX_FD != -1 to use that value. -MAX_FD="maximum" +MAX_FD=maximum warn () { echo "$*" -} +} >&2 die () { echo echo "$*" echo exit 1 -} +} >&2 # OS specific support (must be 'true' or 'false'). cygwin=false msys=false darwin=false nonstop=false -case "`uname`" in - CYGWIN* ) - cygwin=true - ;; - Darwin* ) - darwin=true - ;; - MINGW* ) - msys=true - ;; - NONSTOP* ) - nonstop=true - ;; +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; esac -CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar +CLASSPATH="\\\"\\\"" + # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACMD=$JAVA_HOME/jre/sh/java else - JAVACMD="$JAVA_HOME/bin/java" + JAVACMD=$JAVA_HOME/bin/java fi if [ ! -x "$JAVACMD" ] ; then die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME @@ -81,92 +132,120 @@ Please set the JAVA_HOME variable in your environment to match the location of your Java installation." fi else - JAVACMD="java" - which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + JAVACMD=java + if ! command -v java >/dev/null 2>&1 + then + die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. Please set the JAVA_HOME variable in your environment to match the location of your Java installation." + fi fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then - MAX_FD_LIMIT=`ulimit -H -n` - if [ $? -eq 0 ] ; then - if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then - MAX_FD="$MAX_FD_LIMIT" - fi - ulimit -n $MAX_FD - if [ $? -ne 0 ] ; then - warn "Could not set maximum file descriptor limit: $MAX_FD" - fi - else - warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" - fi +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC2039,SC3045 + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC2039,SC3045 + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac fi -# For Darwin, add options to specify how the application appears in the dock -if $darwin; then - GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" -fi +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) -# For Cygwin, switch paths to Windows format before running java -if $cygwin ; then - APP_HOME=`cygpath --path --mixed "$APP_HOME"` - CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - JAVACMD=`cygpath --unix "$JAVACMD"` - - # We build the pattern for arguments to be converted via cygpath - ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` - SEP="" - for dir in $ROOTDIRSRAW ; do - ROOTDIRS="$ROOTDIRS$SEP$dir" - SEP="|" - done - OURCYGPATTERN="(^($ROOTDIRS))" - # Add a user-defined pattern to the cygpath arguments - if [ "$GRADLE_CYGPATTERN" != "" ] ; then - OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" - fi # Now convert the arguments - kludge to limit ourselves to /bin/sh - i=0 - for arg in "$@" ; do - CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` - CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option - - if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition - eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` - else - eval `echo args$i`="\"$arg\"" + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) fi - i=$((i+1)) + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg done - case $i in - (0) set -- ;; - (1) set -- "$args0" ;; - (2) set -- "$args0" "$args1" ;; - (3) set -- "$args0" "$args1" "$args2" ;; - (4) set -- "$args0" "$args1" "$args2" "$args3" ;; - (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; - esac fi -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " -} -APP_ARGS=$(save "$@") - -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" -# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong -if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then - cd "$(dirname "$0")" +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Collect all arguments for the java command: +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments, +# and any embedded shellness will be escaped. +# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be +# treated as '${Hostname}' itself on the command line. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" fi +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + exec "$JAVACMD" "$@" diff --git a/moaSig/gradlew.bat b/moaSig/gradlew.bat index e95643d..5eed7ee 100644 --- a/moaSig/gradlew.bat +++ b/moaSig/gradlew.bat @@ -1,4 +1,22 @@ -@if "%DEBUG%" == "" @echo off
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
+
+@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@@ -9,25 +27,29 @@ if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS=
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if %ERRORLEVEL% equ 0 goto execute
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
goto fail
@@ -35,48 +57,36 @@ goto fail set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
goto fail
-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
:execute
@rem Setup the command line
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+set CLASSPATH=
+
@rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
:end
@rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
-if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
diff --git a/moaSig/libs/iaik_cms-6.0_moa.jar b/moaSig/libs/iaik_cms-6.0_moa.jar Binary files differdeleted file mode 100644 index f11b250..0000000 --- a/moaSig/libs/iaik_cms-6.0_moa.jar +++ /dev/null diff --git a/moaSig/libs/iaik_cms-6.1_moa.jar b/moaSig/libs/iaik_cms-6.1_moa.jar Binary files differnew file mode 100644 index 0000000..8f5b167 --- /dev/null +++ b/moaSig/libs/iaik_cms-6.1_moa.jar diff --git a/moaSig/libs/iaik_cpades-2.4_moa.jar b/moaSig/libs/iaik_cpades-2.4_moa.jar Binary files differdeleted file mode 100644 index 300c215..0000000 --- a/moaSig/libs/iaik_cpades-2.4_moa.jar +++ /dev/null diff --git a/moaSig/libs/iaik_cpades_2.5_moa.jar b/moaSig/libs/iaik_cpades_2.5_moa.jar Binary files differnew file mode 100644 index 0000000..1c15eec --- /dev/null +++ b/moaSig/libs/iaik_cpades_2.5_moa.jar diff --git a/moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar b/moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar Binary files differindex e67be71..2d16719 100644 --- a/moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar +++ b/moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar diff --git a/moaSig/libs/iaik_eccelerate-6.3.0_eval.jar b/moaSig/libs/iaik_eccelerate-6.3.0_eval.jar Binary files differdeleted file mode 100644 index 4422430..0000000 --- a/moaSig/libs/iaik_eccelerate-6.3.0_eval.jar +++ /dev/null diff --git a/moaSig/libs/iaik_eccelerate-6.3.2_eval.jar b/moaSig/libs/iaik_eccelerate-6.3.2_eval.jar Binary files differnew file mode 100644 index 0000000..7cf380f --- /dev/null +++ b/moaSig/libs/iaik_eccelerate-6.3.2_eval.jar diff --git a/moaSig/libs/iaik_eccelerate_addon-6.3.0_eval.jar b/moaSig/libs/iaik_eccelerate_addon-6.3.0_eval.jar Binary files differdeleted file mode 100644 index 182a150..0000000 --- a/moaSig/libs/iaik_eccelerate_addon-6.3.0_eval.jar +++ /dev/null diff --git a/moaSig/libs/iaik_eccelerate_addon-6.3.2_eval.jar b/moaSig/libs/iaik_eccelerate_addon-6.3.2_eval.jar Binary files differnew file mode 100644 index 0000000..9216303 --- /dev/null +++ b/moaSig/libs/iaik_eccelerate_addon-6.3.2_eval.jar diff --git a/moaSig/libs/iaik_moa-2.09.jar b/moaSig/libs/iaik_moa-2.09.jar Binary files differdeleted file mode 100644 index a73a348..0000000 --- a/moaSig/libs/iaik_moa-2.09.jar +++ /dev/null diff --git a/moaSig/libs/iaik_moa-2.10.jar b/moaSig/libs/iaik_moa-2.10.jar Binary files differnew file mode 100644 index 0000000..7a659c4 --- /dev/null +++ b/moaSig/libs/iaik_moa-2.10.jar diff --git a/moaSig/libs/iaik_pki_module-2.03_moa.jar b/moaSig/libs/iaik_pki_module-2.04_moa.jar Binary files differindex a017fe6..8732262 100644 --- a/moaSig/libs/iaik_pki_module-2.03_moa.jar +++ b/moaSig/libs/iaik_pki_module-2.04_moa.jar diff --git a/moaSig/libs/iaik_sva-1.2.0.jar b/moaSig/libs/iaik_sva-1.2.1.jar Binary files differindex a9d3824..5cf6bee 100644 --- a/moaSig/libs/iaik_sva-1.2.0.jar +++ b/moaSig/libs/iaik_sva-1.2.1.jar diff --git a/moaSig/moa-asic/build.gradle b/moaSig/moa-asic/build.gradle index 0a8fd83..a132b05 100644 --- a/moaSig/moa-asic/build.gradle +++ b/moaSig/moa-asic/build.gradle @@ -1,30 +1,33 @@ -//plugins { -// id 'com.intershop.gradle.jaxb' version '5.1.0' -//} +plugins { + id 'java-library' + id 'distribution' +} -apply plugin: 'java-library-distribution' +java { + sourceCompatibility = JavaVersion.VERSION_17 + targetCompatibility = JavaVersion.VERSION_17 +} distributions { - main{ - distributionBaseName = 'MOA-ASIC' - } + main { + distributionBaseName.set('MOA-ASIC') + } } configurations { jaxb - } dependencies { - jaxb group: 'com.sun.xml.bind', name: 'jaxb-xjc', version: '3.0.2' - jaxb group: 'org.glassfish.jaxb', name: 'jaxb-runtime', version: '3.0.2' + jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5' + jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5' - implementation project(':common') + implementation project(':common') implementation project(':moa-sig-lib') - api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1' - api 'jakarta.xml.ws:jakarta.xml.ws-api:3.0.1' - implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: '1.7.36' + api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2' + api 'jakarta.xml.ws:jakarta.xml.ws-api:4.0.2' + implementation 'org.slf4j:slf4j-api:2.0.17' } sourceSets { @@ -35,48 +38,34 @@ sourceSets { } } -/* -jaxb { - // generate java code from schema - javaGen { - //generates a 'project' schema file from existing java code - posConfig { - schema = file('src/main/resources/schemas/asic.xsd') - packageName = 'at.gv.egiz.asic' - outputDir = file( "${projectDir}/src/generated/java" ) - } +tasks.register('jaxb') { + group = 'build' + description = 'Generates Java classes from XSD using JAXB' + + doLast { + def jaxbTargetDir = file("${projectDir}/src/generated/java") + jaxbTargetDir.mkdirs() + + ant.taskdef( + name: 'xjc', + classname: 'com.sun.tools.xjc.XJCTask', + classpath: configurations.jaxb.asPath + ) + + ant.xjc( + destdir: jaxbTargetDir.path, + package: 'at.gv.egiz.asic', + schema: 'src/main/resources/schemas/asic.xsd' + ) } - } -*/ - -task jaxb () { - // output directory - def jaxbTargetDir = file( "${projectDir}/src/generated/java" ) - //jaxbTargetDirMoaSig = file( jaxbTargetDir.path ) - - // perform actions - doLast { - jaxbTargetDir.mkdirs() - - ant.taskdef(name: 'xjc', classname: 'com.sun.tools.xjc.XJCTask', classpath: configurations.jaxb.asPath) - //ant.jaxbTargetDirMoaSig = jaxbTargetDir - - // MOA Sig - ant.xjc( - destdir: jaxbTargetDir.path, - package: 'at.gv.egiz.asic', - schema: 'src/main/resources/schemas/asic.xsd' - ) - } -} - -task releases(type: Copy) { - //from jar.outputs - from distZip.outputs - from distTar.outputs - into rootDir.toString() + "/releases/" + version +tasks.register('releases', Copy) { + dependsOn tasks.named('distZip'), tasks.named('distTar') + from(tasks.named('distZip')) + from(tasks.named('distTar')) + into layout.projectDirectory.dir("releases/${version}") } -task publishPubNamePublicationToMavenLocal {} +// This is a placeholder – only include if needed by CI or to avoid errors +tasks.register('publishPubNamePublicationToMavenLocal') {} diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java index 34744ef..02fbeb2 100644 --- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java +++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java @@ -74,8 +74,7 @@ public class VerifyASICSignatureResponseBuilder { * element being the XML representation of the given * <code>VerifyCMSSignatureResponse</code> API object. * - * @param response The <code>VerifyCMSSignatureResponse</code> to convert to - * XML. + * @param results The <code>VerifyCMSSignatureResponse</code> to convert to XML. * @return A document containing the <code>VerifyCMSSignatureResponse</code> DOM * element. * @throws MOAApplicationException An error occurred building the response. diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle index 985e768..c5187a6 100644 --- a/moaSig/moa-sig-lib/build.gradle +++ b/moaSig/moa-sig-lib/build.gradle @@ -1,48 +1,55 @@ -apply plugin: 'java-library-distribution' -apply plugin: 'maven-publish' +plugins { + id 'java-library' + id 'distribution' + id 'maven-publish' +} + +java { + sourceCompatibility = JavaVersion.VERSION_17 + targetCompatibility = JavaVersion.VERSION_17 +} distributions { main { - distributionBaseName = 'moa-spss-lib' + distributionBaseName.set('moa-spss-lib') } } -dependencies { - implementation project(':common') - testImplementation project(path: ':common', configuration: 'testArtifacts') - - api fileTree(dir: '../libs', include: '*.jar') - //api fileTree(dir: '../libs_debug', include: '*.jar') - - api group: 'at.gv.egovernment.moa.sig', name: 'tsl-lib', version: '2.1.4' - api 'commons-logging:commons-logging:1.2' - api 'commons-io:commons-io:2.16.1' - api 'commons-codec:commons-codec:1.16.0' - api 'org.apache.axis:axis-jaxrpc:1.4' - api 'org.xerial:sqlite-jdbc:3.46.1.0' - api 'javax.activation:activation:1.1.1' - api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1' - api 'com.sun.xml.bind:jaxb-core:3.0.2' - api 'com.sun.xml.bind:jaxb-impl:3.0.2' - api 'org.postgresql:postgresql:42.7.1' - api group: 'org.apache.pdfbox', name: 'pdfbox', version: '2.0.32' - api group: 'org.apache.pdfbox', name: 'pdfbox-tools', version: '2.0.32' - api group: 'org.apache.pdfbox', name: 'pdfbox-app', version: '2.0.32' - api group: 'org.apache.pdfbox', name: 'preflight', version: '2.0.32' - api group: 'org.apache.pdfbox', name: 'preflight-app', version: '2.0.32' - api group: 'org.apache.commons', name: 'commons-lang3', version: '3.16.0' - api group: 'org.apache.httpcomponents', name: 'httpclient-cache', version: '4.5.14' - api group: 'org.slf4j', name: 'jcl-over-slf4j', version: '1.7.36' - - testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-migrationsupport', version: '5.10.1' - testImplementation group: 'org.junit.platform', name: 'junit-platform-engine', version: '1.10.1' - testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.10.1' - testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13' +dependencies { + implementation project(':common') + + api fileTree(dir: '../libs', include: ['*.jar']) + // api fileTree(dir: '../libs_debug', include: ['*.jar']) + + api 'at.gv.egovernment.moa.sig:tsl-lib:2.2.0' + api 'commons-logging:commons-logging:1.3.5' + api 'commons-io:commons-io:2.20.0' + api 'commons-codec:commons-codec:1.19.0' + api 'org.apache.axis:axis-jaxrpc:1.4' + api 'org.xerial:sqlite-jdbc:3.50.3.0' + api 'jakarta.activation:jakarta.activation-api:2.1.3' + api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2' + api 'com.sun.xml.bind:jaxb-impl:4.0.5' + api 'org.postgresql:postgresql:42.7.7' + + api 'org.apache.pdfbox:pdfbox:2.0.34' + api 'org.apache.pdfbox:pdfbox-tools:2.0.34' + api 'org.apache.pdfbox:pdfbox-app:2.0.34' + api 'org.apache.pdfbox:preflight:2.0.34' + api 'org.apache.pdfbox:preflight-app:2.0.34' + api 'org.apache.commons:commons-lang3:3.18.0' + api 'org.apache.httpcomponents.client5:httpclient5-cache:5.4.4' + api 'org.slf4j:jcl-over-slf4j:2.0.17' + + + testImplementation project(path: ':common', configuration: 'testArtifacts') + testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.13.4' + testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.13.4' + testImplementation 'ch.qos.logback:logback-classic:1.5.18' } -task releases(type: Copy) { - //from jar.outputs - from distZip.outputs - //from distTar.outputs - into rootDir.toString() + "/releases/" + version +tasks.register('releases', Copy) { + dependsOn(tasks.named('distZip')) // Ensure distZip runs first + from(tasks.named('distZip')) + into layout.projectDirectory.dir("releases/${version}") } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java index d0be7d5..5d378ce 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java @@ -316,7 +316,7 @@ public abstract class SPSSFactory { * @param profileID The profile ID to resolve during signature creation. * @return The <code>CreateSignatureEnvironmentProfile</code> containing the * given profile ID. - * + * * @pre profileID != null && profileID.length() > 0 * @post return != null */ @@ -398,8 +398,7 @@ public abstract class SPSSFactory { /** * Create a new <code>SignatureEnvironmentResponse</code> object. * - * @param signatureEnvironment The signature environment containing the - * signature. + * @param base64value Signature as Base64 encoded data * @return The <code>SignatureEnvironmentResponse</code> containing the * <code>signatureEnvironment</code>. * @@ -959,15 +958,15 @@ public abstract class SPSSFactory { /** * Create a new <code>Content</code> object containing location reference data. - * + * * @param locationReferenceURI a URI pointing to the actual remote location of * the content. - * + * * @param referenceURI An URI identifying the data. May be * <code>null</code>. - * + * * @return The <code>Content</code> object containing the data. - * + * * @pre locationReferenceURI != null * @post return != null */ diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java index 3d5279f..ab73c22 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java @@ -32,7 +32,7 @@ import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation; /** * Default implementation of - * <codeCreateSignatureEnvironmentProfileExplicit</code>. + * <code>CreateSignatureEnvironmentProfileExplicit</code>. * * @author Patrick Peck * @version $Id$ diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java index d1eebca..ed6f449 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java @@ -30,7 +30,7 @@ import java.util.List; import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo; /** - * Default implementation of <codeReferenceInfo</code>. + * Default implementation of <code>ReferenceInfo</code>. * * @author Fatemeh Philippi * @version $Id$ diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java index 173ecbf..571977e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java @@ -62,7 +62,7 @@ public class RequestParserUtils { /** * Parse a <code>XMLDataObjectAssociationType</code> kind of DOM element. - * + * * @param assocElem The <code>XMLDataObjectAssociationType</code> kind of DOM * elmeent to parse. * @return The <code>XMLDataObjectAssociation</code> API object containing the @@ -79,7 +79,7 @@ public class RequestParserUtils { /** * Parse a <code>MetaInfoType</code> kind of DOM element. - * + * * @param metaInfoElem The <code>MetaInfoType</code> kind of DOM element. * @return The <code>MetaInfo</code> API object containing the data from the * <code>metaInfoElem</code>. @@ -97,7 +97,7 @@ public class RequestParserUtils { /** * Parse a <code>ContentOptionalRefType</code> or * <code>ContentRequiredRefType</code> kind of DOM element. - * + * * @param contentParentElem The DOM element being the parent of the content * element. * @return The <code>Content</code> API object containing the data from the @@ -127,7 +127,7 @@ public class RequestParserUtils { /** * Get the signing time from a Verfiy(CMS|XML)SignatureRequest. - * + * * @param requestElem A <code>Verify(CMS|XML)SignatureRequest</code> DOM * element. * @param dateTimeXPath The XPath to lookup the <code>DateTime</code> element @@ -162,11 +162,12 @@ public class RequestParserUtils { /** * Get the signing time from a Verfiy(CMS|XML)SignatureRequest. - * - * @param requestElem A <code>Verify(CMS|XML)SignatureRequest</code> DOM - * element. - * @param dateTimeXPath The XPath to lookup the <code>DateTime</code> element - * within the request. + * + * @param requestElem A <code>Verify(CMS|XML)SignatureRequest</code> + * DOM element. + * @param extendedValidationXPath The XPath to lookup the <code>DateTime</code> + * element within the request. + * @param defaultValue Default value if XPath value is null or empty * @return Date The date and time corresponding to the <code>DateTime</code> * element in the request. If no <code>DateTime</code> element exists in * the request, <code>null</code> is returned. diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java index 1156aa1..daf3802 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java @@ -499,7 +499,7 @@ public class ResponseBuilderUtils { * element. * @param elementName The name of the newly created element. * @param code The content of the <code>Code</code> subelement. - * @param info The content of the <code>Info</code> subelement. + * @param name The content of the <code>Info</code> subelement. */ public static void addFormCheckElement( Document response, diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java index bcab978..1279d73 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java @@ -171,7 +171,7 @@ public class VerifyCMSSignatureRequestParser { // put the signatories into a List while (tokenizer.hasMoreTokens()) { try { - signatoriesList.add(new Integer(tokenizer.nextToken())); + signatoriesList.add(Integer.valueOf(tokenizer.nextToken())); } catch (final NumberFormatException e) { // this cannot occur if the request has been validated } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java index bf11240..0f1a57d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java @@ -50,18 +50,19 @@ public class CRLDistributionPoint extends DistributionPoint implements // create the mapping between reason code strings and their integer // values - RC_MAPPING.put("unused", new Integer(iaik.asn1.structures.DistributionPoint.unused)); - RC_MAPPING.put("keyCompromise", new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise)); - RC_MAPPING.put("cACompromise", new Integer(iaik.asn1.structures.DistributionPoint.cACompromise)); - RC_MAPPING.put("affiliationChanged", new Integer( + RC_MAPPING.put("unused", Integer.valueOf(iaik.asn1.structures.DistributionPoint.unused)); + RC_MAPPING.put("keyCompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.keyCompromise)); + RC_MAPPING.put("cACompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.cACompromise)); + RC_MAPPING.put("affiliationChanged", Integer.valueOf( iaik.asn1.structures.DistributionPoint.affiliationChanged)); - RC_MAPPING.put("superseded", new Integer(iaik.asn1.structures.DistributionPoint.superseded)); + RC_MAPPING.put("superseded", Integer.valueOf(iaik.asn1.structures.DistributionPoint.superseded)); RC_MAPPING.put("cessationOfOperation", - new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation)); - RC_MAPPING.put("certificateHold", new Integer(iaik.asn1.structures.DistributionPoint.certificateHold)); - RC_MAPPING.put("privilegeWithdrawn", new Integer( + Integer.valueOf(iaik.asn1.structures.DistributionPoint.cessationOfOperation)); + RC_MAPPING.put("certificateHold", Integer.valueOf( + iaik.asn1.structures.DistributionPoint.certificateHold)); + RC_MAPPING.put("privilegeWithdrawn", Integer.valueOf( iaik.asn1.structures.DistributionPoint.privilegeWithdrawn)); - RC_MAPPING.put("aACompromise", new Integer(iaik.asn1.structures.DistributionPoint.aACompromise)); + RC_MAPPING.put("aACompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.aACompromise)); } /** @@ -76,12 +77,12 @@ public class CRLDistributionPoint extends DistributionPoint implements /** * Create a <code>CRLDistributionPoint</code>. - * + * * @param issuerName The name of the CA issuing the CRL referred to by this * DP. - * + * * @param uri The URI of the distribution point. - * + * * @param reasonCodeStr A list of reason codes (a space-separated enumeration). */ public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) { @@ -101,7 +102,7 @@ public class CRLDistributionPoint extends DistributionPoint implements /** * Convert a list of reason codes provided as a <code>String</code> to a binary * representation. - * + * * @param reasonCodeStr A <code>String</code> containing a blank-separated, * textual representation of reason codes. * @return int A binary representation of reason codes. @@ -143,7 +144,7 @@ public class CRLDistributionPoint extends DistributionPoint implements /** * Return a binary representation of the reason codes of this distribution * point. - * + * * @return The binary representation of the reason codes. */ @Override @@ -153,7 +154,7 @@ public class CRLDistributionPoint extends DistributionPoint implements /** * Return a <code>String</code> representation of this distribution point. - * + * * @return The <code>String</code> representation of this distribution point. * @see java.lang.Object#toString() */ @@ -163,7 +164,7 @@ public class CRLDistributionPoint extends DistributionPoint implements } /** - * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName() + * Get CRL issuer-name. */ public String getIssuerName() { return issuerName_; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 75da0a6..09ec921 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -154,6 +154,11 @@ public class ConfigurationPartsBuilder { private static final String KEYGROUP_MAPPING_XPATH = ROOT + CONF + "SignatureCreation/" + CONF + "KeyGroupMapping"; + + private static final String SIGN_PARAMS_XPATH = + ROOT + CONF + "SignatureCreation/" + + CONF + "Signing"; + private static final String ISSUER_XPATH = DSIG + "X509IssuerName"; private static final String SERIAL_XPATH = @@ -576,7 +581,7 @@ public class ConfigurationPartsBuilder { entry = new BlackListEntry(host, -1); info("config.34", new Object[] { host }); } else { - entry = new BlackListEntry(host, new Integer(port).intValue()); + entry = new BlackListEntry(host, Integer.valueOf(port).intValue()); info("config.34", new Object[] { host + ":" + port }); } @@ -626,7 +631,7 @@ public class ConfigurationPartsBuilder { entry = new WhiteListEntry(host, -1); info("config.49", new Object[] { host }); } else { - entry = new WhiteListEntry(host, new Integer(port).intValue()); + entry = new WhiteListEntry(host, Integer.valueOf(port).intValue()); info("config.49", new Object[] { host + ":" + port }); } @@ -759,9 +764,22 @@ public class ConfigurationPartsBuilder { final String keyGroupDigestMethodAlgorithm = getElementValue(keyGroupElem, CONF + "DigestMethodAlgorithm", null); - final Set keyGroupEntries = - buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); - final KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, keyGroupDigestMethodAlgorithm); + final Set keyGroupEntries = buildKeyGroupEntries(keyGroupId, keyModuleIds, keyGroupElem); + + String rsaSsaPssAttr = keyGroupElem.getAttribute("RSASSA-PSS"); + Boolean useRsaSsaPss = null; + if (org.apache.commons.lang3.StringUtils.isNotEmpty(rsaSsaPssAttr)) { + useRsaSsaPss = Boolean.valueOf(keyGroupElem.getAttribute("RSASSA-PSS")); + Logger.info((useRsaSsaPss ? "Enable" : "Disable") + + " RSASSA-PSS as primary signature-algorithm for keyGroup: " + keyGroupId); + + } else { + Logger.debug("RSASSA-PSS is not defined for keyGroup: " + keyGroupId); + + } + + final KeyGroup keyGroup = new KeyGroup(keyGroupId, keyGroupEntries, + keyGroupDigestMethodAlgorithm, useRsaSsaPss); if (keyGroups.containsKey(keyGroupId)) { warn("config.04", new Object[] { "KeyGroup", keyGroupId }); @@ -1504,7 +1522,7 @@ public class ConfigurationPartsBuilder { * Returns the JDBC URL for the revocation archive database. * * @return the JDBC URL for the revocation archive database, or - * <code>null</code, if the corresponding parameter is not set in the + * <code>null</code>, if the corresponding parameter is not set in the * configuration. */ public String getRevocationArchiveJDBCURL() { @@ -1516,7 +1534,7 @@ public class ConfigurationPartsBuilder { * Returns the JDBC driver class name for the revocation archive database. * * @return the JDBC driver class name for the revocation archive database, or - * <code>null</code, if the corresponding parameter is not set in the + * <code>null</code>, if the corresponding parameter is not set in the * configuration. */ public String getRevocationArchiveJDBCDriverClass() { @@ -1762,7 +1780,7 @@ public class ConfigurationPartsBuilder { while ((modElem = (Element) modIter.nextNode()) != null) { final String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null); final String i = getElementValue(modElem, CONF + "Interval", null); - final Integer interval = new Integer(i); + final Integer interval = Integer.valueOf(i); map.put(ConfigurationProvider.normalizeX500Names(x509IssuerName), interval); } @@ -1770,6 +1788,33 @@ public class ConfigurationPartsBuilder { return map; } + /** + * Use RSASSA-PSS algorithm if it's supported by Key-Material. + * + * <p> + * <b>Default: </b> <code>true</code> + * </p> + * + * @return <code>true</code> if RSASSA-PSS should be used, otherwise false. + */ + public boolean isRsaSsaPssEnabled() { + final NodeIterator modIter = XPathUtils.selectNodeIterator( + getConfigElem(), + SIGN_PARAMS_XPATH); + + + Element modElem; + if ((modElem = (Element) modIter.nextNode()) != null) { + Boolean value = Boolean.valueOf(modElem.getAttribute("RSASSA-PSS")); + Logger.debug((value ? "Enable" : "Disable") + " RSASSA-PSS as primary signature-algorithm for RSA"); + return value; + + } else { + Logger.debug("Enable RSASSA-PSS as primary signature-algorithm for RSA"); + return true; + + } + } /** * Should ETSI extension should be used for short-time certificate validation. @@ -1792,6 +1837,7 @@ public class ConfigurationPartsBuilder { return SHORT_TIME_CERT_DEFAULT_ETSI; } + /** * Get default shortTime certificate interval. * @@ -1834,7 +1880,7 @@ public class ConfigurationPartsBuilder { final String x509IssuerName = ConfigurationProvider.normalizeX500Names( getElementValue(modElem, CONF + "X509IssuerName", null)); final String i = getElementValue(modElem, CONF + "ValidityPeriod", null); - final Integer interval = new Integer(i); + final Integer interval = Integer.valueOf(i); map.put(x509IssuerName, interval); Logger.debug("Set shortTimePeriodInterval: " + interval + " for Issuer: " + x509IssuerName); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 3c720a1..6856e56 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -103,6 +103,9 @@ public class ConfigurationProvider { /** The default canonicalization algorithm name */ private String canonicalizationAlgorithmName; + /** The default of use RSASSA-PSS if supported */ + private boolean useRsaSsaPss; + /** The XAdES version used for signature creation */ private String xadesVersion; @@ -375,6 +378,8 @@ public class ConfigurationProvider { // check TSL configuration checkTSLConfiguration(); + useRsaSsaPss = builder.isRsaSsaPssEnabled(); + digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName(); canonicalizationAlgorithmName = builder.getCanonicalizationAlgorithmName(); @@ -556,6 +561,15 @@ public class ConfigurationProvider { } /** + * Use RSASSA-PSS algorithm if it's supported by Key-Material. + * + * @return <code>true</code> if RSASSA-PSS should be used, otherwise false. + */ + public boolean isUseRsaSsaPss() { + return useRsaSsaPss; + } + + /** * Return the XAdES version used for signature creation. * * @return The XAdES version used for signature creation, or an empty diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java index faeaf82..fc374ab 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java @@ -42,6 +42,9 @@ public class KeyGroup { /** The digest method algorithm for the key group */ private final String digestMethodAlgorithm; + /** Use RSASSA-PSS if supported */ + private final Boolean useRsaSsaPss; + /** * Create a <code>KeyGroup</code>. * @@ -51,9 +54,25 @@ public class KeyGroup { * @param digestMethodAlgorithm The signature algorithm used for this key group */ public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm) { + this(id, keyGroupEntries, digestMethodAlgorithm, true); + + } + + /** + * Create a <code>KeyGroup</code>. + * + * @param id The ID of this <code>KeyGroup</code>. + * @param keyGroupEntries The keys belonging to this + * <code>KeyGroup</code>. + * @param useRsaSsaPss Use RSASSA-PSS if available and supported + * @param digestMethodAlgorithm The signature algorithm used for this key group + */ + public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm, Boolean useRsaSsaPss) { this.id = id; this.keyGroupEntries = keyGroupEntries; this.digestMethodAlgorithm = digestMethodAlgorithm; + this.useRsaSsaPss = useRsaSsaPss; + } /** @@ -84,6 +103,17 @@ public class KeyGroup { } /** + * Use RSASSA-PSS algorithm if it's supported by Key-Material. + * + * @return <code>true</code> if RSASSA-PSS should be used, <code>false</code> if + * it is disabled, or <code>null</code> if it is undefined + */ + public Boolean isUseRsaSsaPass() { + return useRsaSsaPss; + + } + + /** * Return a <code>String</code> representation of this <code>KeyGroup</code>. * * @return The <code>String</code> representation. @@ -102,7 +132,7 @@ public class KeyGroup { } } return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: " - + digestMethodAlgorithm; + + digestMethodAlgorithm + useRsaSsaPss != null ? ("RSASSA-PSS: " + useRsaSsaPss) : ""; } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java index d660c7a..e5b6025 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java @@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.iaik.cmssign; import java.util.List; import java.util.Set; +import org.apache.commons.lang3.StringUtils; + import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; @@ -63,15 +65,36 @@ public class CMSSignatureCreationProfileImpl /** Digest Method algorithm */ private String digestMethod; private final boolean isPAdESConform; + private final boolean rsaSsaPss; + + public CMSSignatureCreationProfileImpl( + Set keySet, + String digestMethod, + List signedProperties, + boolean securityLayerConform, + boolean includeData, + String mimeType, + boolean isPAdESConform) { + this(keySet, digestMethod, signedProperties, securityLayerConform, includeData, mimeType, + isPAdESConform, true); + + } /** - * Create a new <code>XMLSignatureCreationProfileImpl</code>. + * Creates a CMS based signature-creation profile. * - * @param createProfileCount Provides external information about the number of - * calls to the signature creation module, using the - * same request. - * @param reservedIDs The set of IDs that must not be used while - * generating new IDs. + * @param keySet Set of signing keys + * @param digestMethod Hash algorithm + * @param signedProperties List of signing properties + * @param securityLayerConform If <code>true</code> create a CAdES-B signature, + * otherwise CMS signature + * @param includeData If <code>true</code> create an embedded + * signature, otherwise a detached + * @param mimeType MimeType to be set + * @param isPAdESConform If <code>true</code> signature fulfill PAdES + * requirements + * @param rsaSsaPss If <code>true</code> use RSASSA-PSS algorithms, + * otherwise RSA#1.5 */ public CMSSignatureCreationProfileImpl( Set keySet, @@ -80,7 +103,8 @@ public class CMSSignatureCreationProfileImpl boolean securityLayerConform, boolean includeData, String mimeType, - boolean isPAdESConform) { + boolean isPAdESConform, + boolean rsaSsaPss) { this.keySet = keySet; this.signedProperties = signedProperties; this.securityLayerConform = securityLayerConform; @@ -88,6 +112,7 @@ public class CMSSignatureCreationProfileImpl this.mimeType = mimeType; this.digestMethod = digestMethod; this.isPAdESConform = isPAdESConform; + this.rsaSsaPss = rsaSsaPss; } @@ -131,11 +156,70 @@ public class CMSSignatureCreationProfileImpl null); } + final String selectedSigAlg = selectBestSigAlg(algorithms, selectedKeyID); + Logger.trace("Selecting SigAlg: " + selectedSigAlg); + return selectedSigAlg; + + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties() + */ + @Override + public List getSignedProperties() { + return signedProperties; + } + + /** + * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform() + */ + @Override + public boolean isSecurityLayerConform() { + return securityLayerConform; + } + + /** + * Sets the security layer conformity. + * + * @param securityLayerConform <code>true</code>, if the created signature is to + * be conform to the Security Layer specification. + */ + public void setSecurityLayerConform(boolean securityLayerConform) { + this.securityLayerConform = securityLayerConform; + } + + public void setDigestMethod(String digestMethod) { + this.digestMethod = digestMethod; + } + + @Override + public String getMimeType() { + return mimeType; + } + + @Override + public boolean includeData() { + return this.includeData; + } + + @Override + public boolean isPAdESConform() { + return this.isPAdESConform; + } + + private String selectBestSigAlg(Set algorithms, KeyEntryID selectedKeyID) throws AlgorithmUnavailableException { + Logger.trace("Key: " + selectedKeyID + " supports signingAlgs: " + StringUtils.join(algorithms, ",")); + + // TODO: maybe add support for parameterized RSASSA-PSS + if (digestMethod.compareTo("SHA-1") == 0) { Logger.warn( "SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)"); - if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { + if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA_AND_MGF1)) { + return SignatureAlgorithms.SHA1_WITH_RSA_AND_MGF1; + + } else if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) { return SignatureAlgorithms.SHA1_WITH_RSA; } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { @@ -152,7 +236,11 @@ public class CMSSignatureCreationProfileImpl } } else if (digestMethod.compareTo("SHA-256") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)) { + + return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1; + + } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { return SignatureAlgorithms.SHA256_WITH_RSA; } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { @@ -168,7 +256,10 @@ public class CMSSignatureCreationProfileImpl null); } } else if (digestMethod.compareTo("SHA-384") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { + if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)) { + return SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1; + + } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { return SignatureAlgorithms.SHA384_WITH_RSA; } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { @@ -184,7 +275,10 @@ public class CMSSignatureCreationProfileImpl null); } } else if (digestMethod.compareTo("SHA-512") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { + if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) { + return SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1; + + } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { return SignatureAlgorithms.SHA512_WITH_RSA; } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { @@ -205,52 +299,6 @@ public class CMSSignatureCreationProfileImpl null, null); } - - } - - /** - * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties() - */ - @Override - public List getSignedProperties() { - return signedProperties; - } - - /** - * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform() - */ - @Override - public boolean isSecurityLayerConform() { - return securityLayerConform; - } - - /** - * Sets the security layer conformity. - * - * @param securityLayerConform <code>true</code>, if the created signature is to - * be conform to the Security Layer specification. - */ - public void setSecurityLayerConform(boolean securityLayerConform) { - this.securityLayerConform = securityLayerConform; - } - - public void setDigestMethod(String digestMethod) { - this.digestMethod = digestMethod; - } - - @Override - public String getMimeType() { - return mimeType; - } - - @Override - public boolean includeData() { - return this.includeData; - } - - @Override - public boolean isPAdESConform() { - return this.isPAdESConform; } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java index d1b776b..befeab7 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java @@ -43,7 +43,6 @@ import iaik.pki.store.revocation.RevocationStoreException; * A customized implementation of * {@link iaik.pki.store.revocation.RevocationInfoRetriever}. Will be used * instead of the default implementation - * {@link iaik.pki.store.revocation.CRLRetriever} to overcome a classloader * problem in connection with the {@link java.net.URL} class in a Tomcat * deployment environment. * diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java index 22cceeb..0e12f89 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java @@ -28,7 +28,6 @@ import iaik.pki.store.revocation.archive.DataBaseArchiveParameters; /** * An implementation of the <code>DataBaseArchiveParameter</code> interface. * - * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter * @author Patrick Peck * @version $Id$ */ @@ -46,9 +45,6 @@ public class DataBaseArchiveParameterImpl implements DataBaseArchiveParameters { this.jDBCUrl = jDBCUrl; } - /** - * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter#getJDBCUrl() - */ @Override public String getJDBCUrl() { return jDBCUrl; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java index 9ef3764..7a036ec 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java @@ -60,10 +60,9 @@ public class TrustStoreProfileImpl implements TrustStoreProfile { /** * Create a new <code>TrustStoreProfileImpl</code>. * - * @param config The MOA configuration data, from which trust store - * configuration data is read. - * @param trustProfileId The trust profile id on which this - * <code>TrustStoreProfile</code> is based. + * @param trustProfileId The trust profile id on which this + * <code>TrustStoreProfile</code> is based. + * @param trustProfileUri File path to trust profile * @throws MOAApplicationException The <code>trustProfileId</code> could not be * found in the MOA configuration. */ diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java index 516e3d8..b0fea7f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java @@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.iaik.xmlsign; import java.util.List; import java.util.Set; +import org.apache.commons.lang3.StringUtils; + import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; @@ -76,6 +78,7 @@ public class XMLSignatureCreationProfileImpl private final IdGenerator propertyIDGenerator; /** The selected digest method algorithm if XAdES 1.4.2 is used */ private final String digestMethodXAdES142; + private final boolean rsaSsaPss; /** * Create a new <code>XMLSignatureCreationProfileImpl</code>. @@ -85,11 +88,12 @@ public class XMLSignatureCreationProfileImpl * same request. * @param reservedIDs The set of IDs that must not be used while * generating new IDs. + * @param useRsaSsaPss Use RSASSA-PSS if supported */ public XMLSignatureCreationProfileImpl( int createProfileCount, Set reservedIDs, - String digestMethodXAdES142) { + String digestMethodXAdES142, boolean useRsaSsaPss) { signatureIDGenerator = new IdGenerator("signature-" + createProfileCount, reservedIDs); manifestIDGenerator = @@ -99,6 +103,8 @@ public class XMLSignatureCreationProfileImpl propertyIDGenerator = new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs); this.digestMethodXAdES142 = digestMethodXAdES142; + this.rsaSsaPss = useRsaSsaPss; + } /** @@ -159,6 +165,14 @@ public class XMLSignatureCreationProfileImpl @Override public String getSignatureAlgorithmName(KeyEntryID selectedKeyID) throws AlgorithmUnavailableException { + String sigAlgIdentifier = getInternalSignatureAlgorithmName(selectedKeyID); + Logger.debug("Selected SignatureAlgorithmIdentifier: " + sigAlgIdentifier); + return sigAlgIdentifier; + + } + + private String getInternalSignatureAlgorithmName(KeyEntryID selectedKeyID) + throws AlgorithmUnavailableException { final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); @@ -174,21 +188,35 @@ public class XMLSignatureCreationProfileImpl e, null); } + Logger.trace("RSASSA-PSS: " + rsaSsaPss + " XAdESDigistAlg: " + digestMethodXAdES142 + + " Algorithms: " + StringUtils.join(algorithms, ",")); + // TODO: maybe add support for parameterized RSASSA-PSS if (digestMethodXAdES142 == null) { // XAdES 1.4.2 not enabled - legacy MOA - if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA) + if (rsaSsaPss + && (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1) + || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1) + || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1))) { + return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1; + + } else if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA) || algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA) || algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA) || algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA) || algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA) - || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA) + || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { + + return SignatureAlgorithms.SHA256_WITH_RSA; - return SignatureAlgorithms.SHA1_WITH_RSA; } else if (algorithms.contains(SignatureAlgorithms.ECDSA)) { return SignatureAlgorithms.ECDSA; + } else if (algorithms.contains(SignatureAlgorithms.DSA)) { return SignatureAlgorithms.DSA; + } else { throw new AlgorithmUnavailableException( "No algorithm for key entry: " + selectedKeyID, @@ -219,7 +247,10 @@ public class XMLSignatureCreationProfileImpl } } else if (digestMethodXAdES142.compareTo("SHA-256") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { + if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)) { + return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1; + + } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) { return SignatureAlgorithms.SHA256_WITH_RSA; } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) { @@ -235,7 +266,10 @@ public class XMLSignatureCreationProfileImpl null); } } else if (digestMethodXAdES142.compareTo("SHA-384") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { + if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)) { + return SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1; + + } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) { return SignatureAlgorithms.SHA384_WITH_RSA; } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) { @@ -251,7 +285,10 @@ public class XMLSignatureCreationProfileImpl null); } } else if (digestMethodXAdES142.compareTo("SHA-512") == 0) { - if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { + if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) { + return SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1; + + } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) { return SignatureAlgorithms.SHA512_WITH_RSA; } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java index 5624f45..4ae1866 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java @@ -221,6 +221,7 @@ public class CMSSignatureCreationInvoker { // get digest algorithm final String digestAlgorithm = getDigestAlgorithm(config, keyGroupID); + final boolean useRsaSsaPss = isRsaSsaPssActive(config, keyGroupID); // create CMSSignatureCreation profile: final CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl( @@ -230,7 +231,8 @@ public class CMSSignatureCreationInvoker { isSecurityLayerConform, includeData, mimetype, - isPAdESConformRequired); + isPAdESConformRequired, + useRsaSsaPss); // create CMSSignature from the CMSSignatureCreationModule // build the additionalSignedProperties @@ -344,13 +346,23 @@ public class CMSSignatureCreationInvoker { } + private boolean isRsaSsaPssActive(ConfigurationProvider config, String keyGroupID) + throws MOASystemException { + final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass(); + final boolean configUseRsaSsaPss = config.isUseRsaSsaPss(); + return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss; + + } + private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID) throws MOASystemException { // get digest method on key group level (if configured) final String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm(); + // get default digest method (if configured) final String configDigestMethod = config.getDigestMethodAlgorithmName(); + String digestMethod = null; if (configDigestMethodKG != null) { // if KG specific digest method is configured diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 1a0791b..7aca40e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -86,7 +86,7 @@ public class CMSSignatureVerificationInvoker { /** * Return the only instance of this class. - * + * * @return The only instance of this class. */ public static synchronized CMSSignatureVerificationInvoker getInstance() { @@ -98,7 +98,7 @@ public class CMSSignatureVerificationInvoker { /** * Create a new <code>CMSSignatureVerificationInvoker</code>. - * + * * Protected to disallow multiple instances. */ protected CMSSignatureVerificationInvoker() { @@ -106,7 +106,7 @@ public class CMSSignatureVerificationInvoker { /** * Verify a CMS signature. - * + * * @param request The <code>VerifyCMSSignatureRequest</code> containing the CMS * signature, as well as additional data needed for verification. * @return Element A <code>VerifyCMSSignatureResponse</code> containing the @@ -118,7 +118,7 @@ public class CMSSignatureVerificationInvoker { final CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory( request); - final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); + final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext(); final LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext(); InputStream signature; @@ -219,7 +219,7 @@ public class CMSSignatureVerificationInvoker { } } - final QCSSCDResult qcsscdresult = new QCSSCDResult(); + final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder(); // build the response: for each signatory add the result to the response signatories = request.getSignatories(); @@ -248,7 +248,7 @@ public class CMSSignatureVerificationInvoker { handlePDFResult(resultObject, responseBuilder, trustProfile); } } catch (final IndexOutOfBoundsException e) { - throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) }); + throw new MOAApplicationException("2249", new Object[] { Integer.valueOf(sigIndex) }); } } } @@ -402,8 +402,8 @@ public class CMSSignatureVerificationInvoker { i++; } - qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile - .isTSLEnabled(), ConfigurationProvider.getInstance()); + qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), + trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance()); // get signer certificate issuer country code issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); @@ -419,7 +419,7 @@ public class CMSSignatureVerificationInvoker { /** * Get the signed content contained either in the request itself or given as a * reference to external data. - * + * * @param request The <code>VerifyCMSSignatureRequest</code> containing the * signed content (or the reference to the signed content). * @return InputStream A stream providing the signed content data, or diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java index bc5d884..bca9b8e 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java @@ -69,12 +69,12 @@ public class CreateCMSSignatureResponseBuilder { /** * Add a <code>SignatureEnvironment</code> element to the response. * - * @param signatureEnvironment The content to put under the - * <code>SignatureEnvironment</code> element. This - * should either be a <code>dsig:Signature</code> - * element (in case of a detached signature) or the - * signature environment containing the signature - * (in case of an enveloping signature). + * @param base64value The content to put under the + * <code>SignatureEnvironment</code> element. This should + * either be a <code>dsig:Signature</code> element (in case + * of a detached signature) or the signature environment + * containing the signature (in case of an enveloping + * signature). */ public void addCMSSignature(String base64value) { final CMSSignatureResponse responseElement = @@ -84,7 +84,7 @@ public class CreateCMSSignatureResponseBuilder { /** * Add a <code>ErrorResponse</code> element to the response. - * + * * @param errorCode The error code. * @param info Additional information about the error. */ diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 813d28e..79b4c29 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -74,15 +74,26 @@ public class VerifyCMSSignatureResponseBuilder { /** * Add a verification result to the response. * - * @param result The result to add. - * @param trustprofile The actual trustprofile - * @param checkQCFromTSL <code>true</code>, if the TSL check verifies the - * certificate as qualified, otherwise <code>false</code>. - * @param checkSSCD <code>true</code>, if the TSL check verifies the - * signature based on a SSDC, otherwise - * <code>false</code>. - * @param sscdSourceTSL <code>true</code>, if the SSCD information comes from - * the TSL, otherwise <code>false</code>. + * @param result The result to add. + * @param trustProfile The actual trustprofile + * @param checkQC <code>true</code>, if the TSL check + * verifies the certificate as qualified, + * otherwise <code>false</code>. + * @param qcSourceTSL <true> if QC info comes from the TSL, + * otherwise <code>false</code>. + * @param checkSSCD <code>true</code>, if the TSL check + * verifies the signature based on a SSDC, + * otherwise <code>false</code>. + * @param sscdSourceTSL <code>true</code>, if the SSCD + * information comes from the TSL, + * otherwise <code>false</code>. + * @param issuerCountryCode TSL issuer country + * @param adesResults Form validation results + * @param extendedCertificateCheckResult Extended validation results + * @param tslInfos Full TSL validation result + * @param extendedVerification <code>true</code> if extended + * validation was used, otherwise + * <code>false</code> * @throws MOAException */ public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC, @@ -150,7 +161,7 @@ public class VerifyCMSSignatureResponseBuilder { } /** - * + * * @param result * @param trustProfile * @param checkQC diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java index 7e882ed..25ce8d1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java @@ -515,7 +515,7 @@ public class VerifyXMLSignatureResponseBuilder { try { if (refInfo.isHashCalculated() && !refInfo.isHashValid()) { - failedReferencesList.add(new Integer(i + 1)); + failedReferencesList.add(Integer.valueOf(i + 1)); } } catch (final HashUnavailableException e) { // nothing to do here because we called refInfo.isHashCalculated first diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java index c097b0c..46c4983 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java @@ -191,8 +191,10 @@ public class XMLSignatureCreationProfileFactory { } } + final XMLSignatureCreationProfileImpl profile = - new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142); + new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142, + isRsaSsaPssActive(config, keyGroupID)); // build the transformation supplements createTransformsProfiles = @@ -260,6 +262,21 @@ public class XMLSignatureCreationProfileFactory { return profile; } + private boolean isRsaSsaPssActive(ConfigurationProvider config, String keyGroupID) + throws MOASystemException { + final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass(); + final boolean configUseRsaSsaPss = config.isUseRsaSsaPss(); + + Logger.trace("Config using RSASSA-PSS. KeyStore: " + + useRsaSsaPssKg != null + ? useRsaSsaPssKg + : "NOT-DEFINED" + + " Default: " + config); + + return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss; + + } + /** * Get the <code>List</code> of all <code>CreateTransformsInfoProfile</code>s * contained in all the <code>DataObjectInfo</code>s of the given diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index b97cc95..0fb2d82 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -110,34 +110,27 @@ import iaik.xml.crypto.utils.URIException; public class XMLSignatureVerificationInvoker { /** The single instance of this class. */ - private static XMLSignatureVerificationInvoker instance = null; + private static final XMLSignatureVerificationInvoker INSTANCE = new XMLSignatureVerificationInvoker(); - private static Set FILTERED_REF_TYPES; - - static { - FILTERED_REF_TYPES = new HashSet(); - FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE); - FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE); - FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD); - FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties"); - FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties"); - } + private static final Set<String> FILTERED_REF_TYPES = Set.of( + DsigManifest.XML_DSIG_MANIFEST_TYPE, + SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE, + SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD, + XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties", + "http://uri.etsi.org/01903#SignedProperties"); /** * Get the single instance of this class. - * + * * @return The single instance of this class. */ - public static synchronized XMLSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new XMLSignatureVerificationInvoker(); - } - return instance; + public static XMLSignatureVerificationInvoker getInstance() { + return INSTANCE; } /** * Create a new <code>XMLSignatureCreationInvoker</code>. - * + * * Protected to disallow multiple instances. */ protected XMLSignatureVerificationInvoker() { @@ -146,8 +139,8 @@ public class XMLSignatureVerificationInvoker { /** * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the * <code>XMLSignatureVerificationModule</code>. - * - * @param request A <code>VerifyXMLSignatureRequest<code> API object + * + * @param request A <code>VerifyXMLSignatureRequest<code> API object * containing the data for verifying an XML signature. * @return A <code>VerifyXMLSignatureResponse</code> containing the answert * to the <code>VerifyXMLSignatureRequest</code>. MOA schema @@ -307,16 +300,16 @@ public class XMLSignatureVerificationInvoker { /** * Checks if the signer certificate matches one of the allowed signer * certificates specified in the provided <code>trustProfile</code>. - * + * * @param result The result produced by the * <code>XMLSignatureVerificationModule</code>. - * + * * @param trustProfile The trust profile the signer certificate is validated * against. - * + * * @return The overal result of the certificate validation for the signer * certificate. - * + * * @throws MOAException if one of the signer certificates specified in the * <code>trustProfile</code> cannot be read from the file * system. @@ -392,7 +385,7 @@ public class XMLSignatureVerificationInvoker { /** * Select the <code>dsig:Signature</code> DOM element within the signature * environment. - * + * * @param signatureEnvironment The signature environment containing the * <code>dsig:Signature</code>. * @param request The <code>VerifyXMLSignatureRequest</code> @@ -425,7 +418,7 @@ public class XMLSignatureVerificationInvoker { /** * Build the supplemental data objects contained in the * <code>VerifyXMLSignatureRequest</code>. - * + * * @param supplements A <code>List</code> of * <code>XMLDataObjectAssociation</code>s containing the * supplement data. @@ -458,7 +451,7 @@ public class XMLSignatureVerificationInvoker { /** * Get the supplemental data contained in the * <code>VerifyXMLSignatureRequest</code>. - * + * * @param request The <code>VerifyXMLSignatureRequest</code> containing the * supplemental data. * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> objects @@ -490,7 +483,7 @@ public class XMLSignatureVerificationInvoker { /** * Perform additional validations of the * <code>XMLSignatureVerificationResult</code>. - * + * * <p> * In particular, it is verified that: * <ul> @@ -500,7 +493,7 @@ public class XMLSignatureVerificationInvoker { * <li>The hash values of the <code>TransformParameter</code>s are valid.</li> * </ul> * </p> - * + * * @param request The <code>VerifyXMLSignatureRequest</code> containing the * signature to verify. * @param result The result produced by @@ -546,7 +539,7 @@ public class XMLSignatureVerificationInvoker { } if (!found) { - final Integer refIndex = new Integer(refData.getReferenceIndex()); + final Integer refIndex = Integer.valueOf(refData.getReferenceIndex()); final String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex }); failedReferencesList.add(refIndex); @@ -588,8 +581,8 @@ public class XMLSignatureVerificationInvoker { final int[] failedReferences = new int[] { ref.getReferenceIndex() }; final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null, failedReferences); - final String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref - .getReferenceIndex()) }); + final String logMsg = msg.getMessage("invoker.02", new Object[] { + Integer.valueOf(ref.getReferenceIndex()) }); Logger.debug(new LogMsg(logMsg)); @@ -605,7 +598,7 @@ public class XMLSignatureVerificationInvoker { * Get all <code>Transform</code>s contained in all the * <code>VerifyTransformsInfoProfile</code>s of the given * <code>ReferenceInfo</code>. - * + * * @param refInfo The <code>ReferenceInfo</code> object containing the * transformations. * @return A <code>List</code> of <code>List</code>s. Each of the @@ -637,7 +630,7 @@ public class XMLSignatureVerificationInvoker { /** * Build the <code>Set</code> of all <code>TransformParameter</code> URIs. - * + * * @param transformParameters The <code>List</code> of * <code>TransformParameter</code>s, as provided to * the verification. @@ -658,7 +651,7 @@ public class XMLSignatureVerificationInvoker { /** * Build a mapping between <code>TransformParameter</code> URIs (a * <code>String</code> and <code>dsig:HashValue</code> (a <code>byte[]</code>). - * + * * @param request The <code>VerifyXMLSignatureRequest</code>. * @return Map The resulting mapping. * @throws MOAApplicationException An error occurred accessing one of the @@ -703,7 +696,7 @@ public class XMLSignatureVerificationInvoker { * Filter the <code>ReferenceInfo</code>s returned by the * <code>VerifyXMLSignatureResult</code> for comparison with the * <code>ReferenceInfo</code> elements in the request. - * + * * @param referenceInfos The <code>ReferenceInfo</code>s from the * <code>VerifyXMLSignatureResult</code>. * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type is diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java index 335bf68..a60590d 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.spss.server.transaction; -import javax.activation.DataSource; +import jakarta.activation.DataSource; public interface DeleteableDataSource extends DataSource { void delete(); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java index 5746657..06326a0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java @@ -33,14 +33,13 @@ import java.util.Iterator; import java.util.Map.Entry; import java.util.Vector; -import javax.activation.DataSource; - import org.w3c.dom.Element; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moaspss.logging.Logger; import iaik.xml.crypto.utils.URI; +import jakarta.activation.DataSource; /** * Contains information about the current request. @@ -310,7 +309,7 @@ public class TransactionContext { } // not available in Axis 1.0 to 1.1 // File f = mmds.getDiskCacheFile(); -// if (f!=null) f.delete(); +// if (f!=null) f.delete(); if (mmds instanceof DeleteableDataSource) { ((DeleteableDataSource) mmds).delete(); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java index 8e37b1c..8dd2a8b 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java @@ -21,8 +21,8 @@ import iaik.server.modules.resultcodes.ResultCodeValid; public class AdESResultUtils { - private static final int MAJORRESULTCODESKIPPED = new Integer(3); - private static final int MAJORRESULTCODEERROR = new Integer(4); + private static final int MAJORRESULTCODESKIPPED = Integer.valueOf(3); + private static final int MAJORRESULTCODEERROR = Integer.valueOf(4); public static Integer getResultCode(Integer adesCode) { return adesCode; @@ -114,9 +114,9 @@ public class AdESResultUtils { minorInfo = "UNKNOWN_SUBFILTER"; } else if (resultCode.getCode().equals(ResultCode.CODE_NO_SIGNER_CERTIFICATE_FOUND)) { minorInfo = "NO_SIGNER_CERTIFICATE_FOUND"; - - - + + + // pdf-as 3.x detection is removed from MOA-SP since 3.1.2 } else if (resultCode.getCode().equals(ResultCode.PDF_AS_SIGNATURE)) { // minorInfo = "PDF_AS_SIGNATURE"; diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java index b7580ac..35dca16 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java @@ -204,7 +204,6 @@ public class CertificateUtils { // QC evaluation flags boolean qc = false; boolean qcSourceTSL = false; - boolean qcDisallowedFromTSL = false; // SSCD/QSCD evaluation flags boolean sscd = false; @@ -254,7 +253,6 @@ public class CertificateUtils { TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) { qc = false; qcSourceTSL = false; - qcDisallowedFromTSL = true; Logger.info("TSL mark this certificate explicitly as 'NotQualified'!"); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java index be40a9e..221c361 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java @@ -47,7 +47,7 @@ public class ExternalURIVerifier { }
} else {
// check host and port
- final int iport = new Integer(bport).intValue();
+ final int iport = Integer.valueOf(bport).intValue();
if (ip.startsWith(bhost) && iport == port) {
Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port
+ " blacklisted"));
@@ -75,7 +75,7 @@ public class ExternalURIVerifier { }
} else {
// check host and port
- final int iport = new Integer(bport).intValue();
+ final int iport = Integer.valueOf(bport).intValue();
if (ip.startsWith(bhost) && iport == port) {
Logger.debug(new LogMsg("Whitelist check: " + host + ":" + port + " (" + ip + ":" + port
+ " whitelisted"));
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle index 423ea20..1887479 100644 --- a/moaSig/moa-sig/build.gradle +++ b/moaSig/moa-sig/build.gradle @@ -1,33 +1,50 @@ -apply plugin: 'war' -apply plugin: 'eclipse' -apply plugin: 'eclipse-wtp' -apply plugin: 'distribution' -apply plugin: 'maven-publish' +plugins { + id 'java-library' + id 'war' + id 'eclipse' + id 'eclipse-wtp' + id 'distribution' + id 'maven-publish' +} + +java { + toolchain { + languageVersion = JavaLanguageVersion.of(17) + } +} configurations { jaxb } dependencies { - jaxb group: 'com.sun.xml.bind', name: 'jaxb-xjc', version: '3.0.2' - jaxb group: 'org.glassfish.jaxb', name: 'jaxb-runtime', version: '3.0.2' + jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5' + jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5' + + compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0' - implementation project(':common') - implementation project(':moa-sig-lib') + implementation project(':common') + implementation project(':moa-sig-lib') implementation project(':moa-asic') - implementation fileTree(dir: 'libs', include: '*.jar') - compileOnly 'javax.servlet:javax.servlet-api:3.1.0' - implementation 'commons-discovery:commons-discovery:0.5' - implementation 'org.apache.logging.log4j:log4j-1.2-api:2.22.1' - implementation group: 'org.slf4j', name: 'log4j-over-slf4j', version: '1.7.36' - implementation group: 'javax.jws', name: 'javax.jws-api', version: '1.1' - implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13' - - testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-migrationsupport', version: '5.10.1' - testImplementation group: 'org.junit.platform', name: 'junit-platform-engine', version: '1.10.1' - testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.10.1' - testImplementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13' - + implementation fileTree(dir: 'libs', include: ['*.jar']) + + implementation 'commons-discovery:commons-discovery:0.5' + implementation 'org.apache.logging.log4j:log4j-1.2-api:2.25.1' + implementation 'org.slf4j:log4j-over-slf4j:2.0.17' + implementation 'jakarta.jws:jakarta.jws-api:3.0.0' + implementation 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2' + implementation 'ch.qos.logback:logback-classic:1.5.18' + implementation 'javax.activation:activation:1.1.1' + implementation 'org.eclipse.angus:angus-mail:2.0.4' + + testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.13.4' + testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.13.4' + testImplementation 'ch.qos.logback:logback-classic:1.5.18' + + testImplementation project(':common') + testImplementation project(path: ':common', configuration: 'testArtifacts') + testImplementation project(':moa-sig-lib') + testImplementation project(':moa-asic') } sourceSets { @@ -38,66 +55,64 @@ sourceSets { } } -war { - archiveBaseName = "moa-spss" - duplicatesStrategy = DuplicatesStrategy.EXCLUDE -} +tasks.register('jaxb') { + group = 'build' + description = 'Generates Java classes from XSD using JAXB' - -task jaxb () { - // output directory - def jaxbTargetDir = file( "${projectDir}/src/generated/java" ) - - // perform actions doLast { + def jaxbTargetDir = file("${projectDir}/src/generated/java") jaxbTargetDir.mkdirs() - ant.taskdef(name: 'xjc', classname: 'com.sun.tools.xjc.XJCTask', classpath: configurations.jaxb.asPath) + ant.taskdef( + name: 'xjc', + classname: 'com.sun.tools.xjc.XJCTask', + classpath: configurations.jaxb.asPath + ) - // MOA Sig ant.xjc( - destdir: jaxbTargetDir.path, - package: 'at.gv.egiz.moasig', - schema: 'src/main/resources/resources/schemas/MOA-SPSS-3.1.2.xsd' + destdir: jaxbTargetDir.path, + package: 'at.gv.egiz.moasig', + schema: 'src/main/resources/resources/schemas/MOA-SPSS-3.1.2.xsd' ) } } +war { + archiveBaseName.set("moa-spss") + duplicatesStrategy = DuplicatesStrategy.EXCLUDE +} + distributions { - main { - distributionBaseName = "moa-spss" - contents { - into('/') { // Copy the following jars to the lib/ directory in the distribution archive - from war.outputs - from "$rootDir/../release-infos/readme_" + "$version" + ".txt" - dirMode = 0755 - fileMode = 0644 - } - into('/handbook') { - from rootDir.toString() + "/../release-infos/handbook/" - } - into('/endorsed_libs') { - from findJar('serializer') - from findJar('xalan') - from findJar('xercesImpl') - from findJar('xml-apis') - } - into('/ext_libs') { - from findJar('iaik_jce_full') - from rootDir.toString() + "/../release-infos/ext_libs/" - - } + main { + distributionBaseName.set("moa-spss") + contents { + into("/") { + from(tasks.named('war')) + from("$rootDir/../release-infos/readme_${version}.txt") + } + into("/handbook") { + from("$rootDir/../release-infos/handbook") + } + into("/endorsed_libs") { + from(findJar('serializer')) + from(findJar('xalan')) + from(findJar('xercesImpl')) + from(findJar('xml-apis')) + } + into("/ext_libs") { + from(findJar('iaik_jce_full')) + from("$rootDir/../release-infos/ext_libs/") + } + } } - } } -def findJar(prefix) { - configurations.runtimeClasspath.filter { it.name.startsWith(prefix) } - +def findJar(String prefix) { + return configurations.runtimeClasspath.filter { it.name.startsWith(prefix) } } -task releases(type: Copy) { - from distZip.outputs - //from distTar.outputs - into rootDir.toString() + "/releases/" + version +tasks.register('releases', Copy) { + dependsOn(tasks.named('distZip')) + from(tasks.named('distZip')) + into("$rootDir/releases/${version}") } diff --git a/moaSig/moa-sig/libs/activation-1.1.jar b/moaSig/moa-sig/libs/activation-1.1.jar Binary files differdeleted file mode 100644 index 53f82a1..0000000 --- a/moaSig/moa-sig/libs/activation-1.1.jar +++ /dev/null diff --git a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar Binary files differdeleted file mode 100644 index 81103be..0000000 --- a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar +++ /dev/null diff --git a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar Binary files differnew file mode 100644 index 0000000..0935d37 --- /dev/null +++ b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar diff --git a/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar b/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar Binary files differnew file mode 100644 index 0000000..0d015d5 --- /dev/null +++ b/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar diff --git a/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar b/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar Binary files differnew file mode 100644 index 0000000..6b36779 --- /dev/null +++ b/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar diff --git a/moaSig/moa-sig/libs/mail-1.4.jar b/moaSig/moa-sig/libs/mail-1.4.jar Binary files differdeleted file mode 100644 index 3b28b6e..0000000 --- a/moaSig/moa-sig/libs/mail-1.4.jar +++ /dev/null diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java index d13492f..f206167 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java @@ -33,8 +33,6 @@ import java.security.cert.X509Certificate; import java.util.Enumeration; import java.util.Iterator; -import javax.servlet.http.HttpServletRequest; - import org.apache.axis.AxisFault; import org.apache.axis.Message; import org.apache.axis.MessageContext; @@ -53,12 +51,15 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; import at.gv.egovernment.moa.spss.server.transaction.TransactionIDGenerator; +import at.gv.egovernment.moa.spss.server.utils.DataHandlerConverter; import at.gv.egovernment.moa.spss.util.MessageProvider; import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.DOMUtils; +import jakarta.activation.DataHandler; +import jakarta.servlet.http.HttpServletRequest; /** * An handler that is invoked on each web service request and performs some @@ -150,7 +151,7 @@ public class AxisHandler extends BasicHandler { soapMessage = msgContext.getCurrentMessage(); Element xmlRequest = null; - // log.info(soapMessage.getSOAPPartAsString()); + final Element soapPart = DOMUtils.parseDocument( new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null) .getDocumentElement(); @@ -172,8 +173,9 @@ public class AxisHandler extends BasicHandler { } - final TransactionContext context = new TransactionContext(TransactionIDGenerator.nextID(), clientCert, - ConfigurationProvider.getInstance(), xmlRequest, null); + final TransactionContext context = + new TransactionContext(TransactionIDGenerator.nextID(), clientCert, + ConfigurationProvider.getInstance(), xmlRequest, null); String soapAction = request.getHeader(SOAP_ACTION_HEADER); if ("\"\"".equals(soapAction)) { @@ -201,7 +203,11 @@ public class AxisHandler extends BasicHandler { // content with Object content = // attachment.getContent();) InputStream is = null; - final javax.activation.DataHandler datahandler = attachment.getDataHandler(); + + Object dataHandlerObj = attachment.getDataHandler(); + final DataHandler datahandler = dataHandlerObj instanceof DataHandler + ? (DataHandler) dataHandlerObj + : DataHandlerConverter.convert((javax.activation.DataHandler) dataHandlerObj); final int TYPE = 2; switch (TYPE) { @@ -239,19 +245,6 @@ public class AxisHandler extends BasicHandler { info("handler.03", null); } if (Logger.isTraceEnabled()) { - // OutputFormat format = new OutputFormat((Document) - // xmlRequest.getOwnerDocument()); - // format.setLineSeparator("\n"); - // format.setIndenting(false); - // format.setPreserveSpace(true); - // format.setOmitXMLDeclaration(false); - // format.setEncoding("UTF-8"); - // ByteArrayOutputStream baos = new ByteArrayOutputStream(); - // XMLSerializer conSerializer = new XMLSerializer(baos, - // format); - // conSerializer.serialize(xmlRequest); - // Logger.debug(new LogMsg("Request:" + baos.toString())); - final String msg = soapMessage.getSOAPPartAsString(); Logger.trace(new LogMsg(msg)); } @@ -305,24 +298,13 @@ public class AxisHandler extends BasicHandler { if (xmlResponse != null) { try { xmlResponseString = DOMUtils.serializeNode(xmlResponse, true); - /* - * Soll die Antwort nur \n enthalten, so gibt es 2 Möglichkeiten: 1.) Xalan - * Version und xmlResponseString = DOMUtils.serializeNode(xmlResponse, true, - * "\n"); 2.) OutputFormat serializerFormat = new OutputFormat((Document) - * xmlResponse.getOwnerDocument()); serializerFormat.setLineSeparator("\n"); - * serializerFormat.setIndenting(false); - * serializerFormat.setPreserveSpace(true); - * serializerFormat.setOmitXMLDeclaration(true); - * serializerFormat.setEncoding("UTF-8"); ByteArrayOutputStream serializedBytes - * = new ByteArrayOutputStream(); XMLSerializer serializer = new - * XMLSerializer(serializedBytes, serializerFormat); - * serializer.serialize(xmlResponse); serializedBytes.close(); xmlResponseString - * = serializedBytes.toString("UTF-8"); - */ if (Logger.isTraceEnabled()) { Logger.trace(new LogMsg(xmlResponseString)); + } + soapResponseString = SOAP_PART_PRE + xmlResponseString + SOAP_PART_POST; + // override axis response-message msgContext.setResponseMessage(new Message(soapResponseString)); } catch (final Throwable t) { @@ -341,8 +323,8 @@ public class AxisHandler extends BasicHandler { } info("handler.04", null); - if (Logger.isDebugEnabled()) { - Logger.debug(new LogMsg(soapResponseString)); + if (Logger.isTraceEnabled()) { + Logger.trace(new LogMsg(soapResponseString)); } tearDownContexts(); } diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java index bc2c3b6..703a08d 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java @@ -11,10 +11,7 @@ import java.util.Iterator; import java.util.List; import java.util.Set; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang3.StringUtils; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; @@ -25,6 +22,10 @@ import at.gv.egovernment.moaspss.logging.Logger; import iaik.server.modules.keys.KeyEntryID; import iaik.server.modules.keys.KeyModule; import iaik.server.modules.keys.KeyModuleFactory; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServlet; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; /** * @@ -34,7 +35,7 @@ import iaik.server.modules.keys.KeyModuleFactory; public class CertificateProviderServlet extends HttpServlet { /** - * + * */ private static final long serialVersionUID = -6907582473072190122L; @@ -43,69 +44,7 @@ public class CertificateProviderServlet extends HttpServlet { public static final String PARAM_KEYID = "id"; - /** - * Build the set of <code>KeyEntryID</code>s available to the given - * <code>keyGroupID</code>. - * - * @param keyGroupID The keygroup ID for which the available keys should be - * returned. - * @return The <code>Set</code> of <code>KeyEntryID</code>s identifying the - * available keys. - * @throws ConfigurationException - */ - @SuppressWarnings({ "rawtypes", "unchecked" }) - private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module) - throws ConfigurationException { - final ConfigurationProvider config = ConfigurationProvider.getInstance(); - Set keyGroupEntries; - // get the KeyGroup entries from the configuration - if (cert != null) { - final Principal issuer = cert.getIssuerDN(); - final BigInteger serialNumber = cert.getSerialNumber(); - - keyGroupEntries = config.getKeyGroupEntries(issuer, serialNumber, - keyGroupID); - } else { - keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); - } - - // map the KeyGroup entries to a set of KeyEntryIDs - if (keyGroupEntries == null) { - return null; - } else if (keyGroupEntries.size() == 0) { - return Collections.EMPTY_SET; - } else { - - final Set keyEntryIDs = module.getPrivateKeyEntryIDs(); - final Set keySet = new HashSet(); - Iterator iter; - - // filter out the keys that do not exist in the IAIK configuration - // by walking through the key entries and checking if the exist in - // the - // keyGroupEntries - for (iter = keyEntryIDs.iterator(); iter.hasNext();) { - final KeyEntryID entryID = (KeyEntryID) iter.next(); - final KeyGroupEntry entry = new KeyGroupEntry(entryID.getModuleID(), - entryID.getCertificateIssuer(), - entryID.getCertificateSerialNumber()); - if (keyGroupEntries.contains(entry)) { - keySet.add(entryID); - } - } - return keySet; - } - } - - private X509Certificate getClientCertificate(HttpServletRequest request) { - final X509Certificate[] clientCert = (X509Certificate[]) request - .getAttribute(X509_CERTIFICATE_PROPERTY); - if (clientCert != null) { - return clientCert[0]; - } - return null; - } @Override @SuppressWarnings("rawtypes") @@ -158,7 +97,8 @@ public class CertificateProviderServlet extends HttpServlet { final byte[] certData = keyCert.getEncoded(); response.setStatus(HttpServletResponse.SC_OK); response.setContentType("application/pkix-cert"); - response.setHeader("Content-disposition", "attachment; filename=\"" + keyId + ".cer\""); + response.setHeader("Content-disposition", "attachment; filename=\"" + + StringUtils.deleteWhitespace(keyId) + ".cer\""); response.getOutputStream().write(certData); response.getOutputStream().close(); return; @@ -176,4 +116,69 @@ public class CertificateProviderServlet extends HttpServlet { response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } } + + /** + * Build the set of <code>KeyEntryID</code>s available to the given + * <code>keyGroupID</code>. + * + * @param keyGroupID The keygroup ID for which the available keys should be + * returned. + * @return The <code>Set</code> of <code>KeyEntryID</code>s identifying the + * available keys. + * @throws ConfigurationException + */ + @SuppressWarnings({ "rawtypes", "unchecked" }) + private Set buildKeySet(String keyGroupID, X509Certificate cert, KeyModule module) + throws ConfigurationException { + final ConfigurationProvider config = ConfigurationProvider.getInstance(); + Set keyGroupEntries; + + // get the KeyGroup entries from the configuration + if (cert != null) { + final Principal issuer = cert.getIssuerDN(); + final BigInteger serialNumber = cert.getSerialNumber(); + + keyGroupEntries = config.getKeyGroupEntries(issuer, serialNumber, keyGroupID); + } else { + keyGroupEntries = config.getKeyGroupEntries(null, null, keyGroupID); + + } + + // map the KeyGroup entries to a set of KeyEntryIDs + if (keyGroupEntries == null) { + return null; + } else if (keyGroupEntries.size() == 0) { + return Collections.EMPTY_SET; + } else { + + final Set keyEntryIDs = module.getPrivateKeyEntryIDs(); + final Set keySet = new HashSet(); + Iterator iter; + + // filter out the keys that do not exist in the IAIK configuration + // by walking through the key entries and checking if the exist in + // the + // keyGroupEntries + for (iter = keyEntryIDs.iterator(); iter.hasNext();) { + final KeyEntryID entryID = (KeyEntryID) iter.next(); + final KeyGroupEntry entry = new KeyGroupEntry(entryID.getModuleID(), + entryID.getCertificateIssuer(), + entryID.getCertificateSerialNumber()); + if (keyGroupEntries.contains(entry)) { + keySet.add(entryID); + } + } + return keySet; + } + } + + private X509Certificate getClientCertificate(HttpServletRequest request) { + final X509Certificate[] clientCert = (X509Certificate[]) request + .getAttribute(X509_CERTIFICATE_PROPERTY); + if (clientCert != null) { + return clientCert[0]; + } + return null; + } + } diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java index 135d652..49047d7 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java @@ -29,11 +29,6 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.spss.server.init.SystemInitializer; @@ -42,6 +37,10 @@ import at.gv.egovernment.moaspss.logging.LogMsg; import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServlet; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; /** * A servlet to initialize and update the MOA configuration. @@ -52,7 +51,7 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager; */ public class ConfigurationServlet extends HttpServlet { /** - * + * */ private static final long serialVersionUID = 8372961105222028696L; /** The document type of the HTML to generate. */ @@ -63,8 +62,6 @@ public class ConfigurationServlet extends HttpServlet { * Handle a HTTP GET request, used to indicated that the MOA configuration needs * to be updated (reloaded). * - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, - * HttpServletResponse) */ @Override @SuppressWarnings({ "rawtypes", "unchecked" }) @@ -126,8 +123,6 @@ public class ConfigurationServlet extends HttpServlet { /** * Do the same as <code>doGet</code>. * - * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, - * HttpServletResponse) */ @Override public void doPost(HttpServletRequest request, HttpServletResponse response) @@ -141,8 +136,6 @@ public class ConfigurationServlet extends HttpServlet { * * Does an initial load of the MOA configuration to test if a working web * service can be provided. - * - * @see javax.servlet.GenericServlet#init() */ @Override public void init() throws ServletException { diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java index 4030883..7973e44 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java @@ -63,7 +63,7 @@ public class SignatureCreationService { /** * Handle a <code>CreatePDFSignatureRequest</code>. - * + * * @param request The <code>CreatePDFSignatureRequest</code> to work on * (contained in the 0th element of the array). * @return A <code>CreatePDFSignatureResponse</code> as the only element of the @@ -152,7 +152,7 @@ public class SignatureCreationService { /** * Handle a <code>CreateXMLSignatureRequest</code>. - * + * * @param request The <code>CreateXMLSignatureRequest</code> to work on * (contained in the 0th element of the array). * @return A <code>CreateXMLSignatureResponse</code> as the only element of the diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java index 3bf9a37..abdf121 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java @@ -5,18 +5,17 @@ import java.io.PrintWriter; import java.text.MessageFormat; import java.util.List; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import at.gv.egovernment.moa.sig.tsl.engine.data.TSLProcessingResultElement; import at.gv.egovernment.moa.spss.server.monitoring.ServiceStatusContainer; +import jakarta.servlet.ServletException; +import jakarta.servlet.http.HttpServlet; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; public class TSLClientStatusServlet extends HttpServlet { /** - * + * */ private static final long serialVersionUID = 1L; diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java new file mode 100644 index 0000000..fd11789 --- /dev/null +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.spss.server.utils; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +import lombok.experimental.UtilityClass; + +/** + * Utility to convert javax.activation.DataHandler to jakarta.activation.DataHandler. + */ +@UtilityClass +public class DataHandlerConverter { + + /** + * Converts javax.activation.DataHandler to jakarta.activation.DataHandler + */ + public static jakarta.activation.DataHandler convert(javax.activation.DataHandler oldHandler) { + if (oldHandler == null) return null; + + javax.activation.DataSource oldSource = oldHandler.getDataSource(); + + // Wrap the old javax.activation.DataSource in a jakarta.activation.DataSource + jakarta.activation.DataSource newSource = new jakarta.activation.DataSource() { + @Override + public InputStream getInputStream() throws IOException { + return oldSource.getInputStream(); + } + + @Override + public OutputStream getOutputStream() throws IOException { + return oldSource.getOutputStream(); + } + + @Override + public String getContentType() { + return oldSource.getContentType(); + } + + @Override + public String getName() { + return oldSource.getName(); + } + }; + + return new jakarta.activation.DataHandler(newSource); + } +} + diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java new file mode 100644 index 0000000..78d5039 --- /dev/null +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.spss.server.utils; + +import java.util.Properties; + +import iaik.logging.LogConfigurationException; +import iaik.logging.LogFactory; +import iaik.logging.LoggerConfig; +import lombok.experimental.UtilityClass; + +/** + * Logging helper. + */ +@UtilityClass +public class LoggerUtils { + + /** + * Fix {@link iaik.logging.impl.LogSlf4jFactoryImpl}, because it uses + * <code>org.slf4j.impl.StaticLoggerBinder</code> which was removed since v + * 1.5.x. + */ + public static void fixLoggerFactory() { + LogFactory.configure(new LoggerConfig() { + + @Override + public Properties getProperties() throws LogConfigurationException { + return null; + } + + @Override + public String getNodeId() { + return null; + } + + @Override + public String getFactory() { + return "iaik.logging.impl.OwnLogSlf4jFactoryImpl"; + } + }); + } + +} diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java index bf06ff6..4b91ec1 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java @@ -1,8 +1,8 @@ package at.gv.egovernment.moa.spss.server.webservice; -import javax.jws.WebMethod; -import javax.jws.WebParam; -import javax.jws.WebService; +import jakarta.jws.WebMethod; +import jakarta.jws.WebParam; +import jakarta.jws.WebService; @WebService(name = "SignatureCreationService", targetNamespace = "http://reference.e-government.gv.at/namespace/moa/20151109#") @@ -24,7 +24,7 @@ public interface SignatureCreationService { * @WebMethod(action = "PDFSignatureCreate", operationName = * "PDFSignatureCreate") public at.gv.egiz.moasig.CreatePDFSignatureResponseType * createPDFSignature( - * + * * @WebParam(name = "CreatePDFSignatureRequest") * at.gv.egiz.moasig.CreatePDFSignatureRequest createPDFSignatureRequest) throws * Exception; diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java index ca30650..d8aa9b6 100644 --- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java +++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java @@ -1,8 +1,8 @@ package at.gv.egovernment.moa.spss.server.webservice; -import javax.jws.WebMethod; -import javax.jws.WebParam; -import javax.jws.WebService; +import jakarta.jws.WebMethod; +import jakarta.jws.WebParam; +import jakarta.jws.WebService; @WebService(name = "SignatureVerificationService", targetNamespace = "http://reference.e-government.gv.at/namespace/moa/20151109#") diff --git a/moaSig/moa-sig/src/main/resources/logback.xml b/moaSig/moa-sig/src/main/resources/logback.xml index 0012e81..0afb5cc 100644 --- a/moaSig/moa-sig/src/main/resources/logback.xml +++ b/moaSig/moa-sig/src/main/resources/logback.xml @@ -12,7 +12,7 @@ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender--> <File>${catalina.base}/logs/moa-spss.log</File> <encoder> - <pattern>logback | %5p | %d{dd HH:mm:ss,SSS} | %C{1} | %20c | %10t | %m%n</pattern> + <pattern>%5p | %d{dd HH:mm:ss.SSS} | %C{1} | %20c | %10t | %m%n</pattern> </encoder> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> <maxIndex>10</maxIndex> @@ -24,7 +24,7 @@ </appender> <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender"> <encoder> - <pattern>logback | %5p | %d{dd HH:mm:ss,SSS} | %C{1} | %20c | %10t | %m%n</pattern> + <pattern>%5p | %d{dd HH:mm:ss.SSS} | %C{1} | %20c | %10t | %m%n</pattern> </encoder> </appender> <logger name="moa.spss.server" level="info"> diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java index 1ee071a..92749b0 100644 --- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java @@ -37,7 +37,6 @@ import at.gv.egovernment.moaspss.util.Constants; import iaik.esi.sva.ConfigurationAdapter; import iaik.pki.Configurator; import iaik.pki.PKIFactory; -import iaik.pki.store.certstore.CertStoreFactory; import iaik.pki.store.truststore.TrustStoreFactory; public abstract class AbstractIntegrationTest { @@ -57,9 +56,9 @@ public abstract class AbstractIntegrationTest { System.setProperty("moa.spss.server.configuration", ""); System.setProperty("iaik.esi.sva.configuration.location", ""); - + TrustStoreFactory.reset(); - + // reset TSL client final Field field1 = TSLServiceFactory.class.getDeclaredField("tslClient"); field1.setAccessible(true); @@ -68,32 +67,32 @@ public abstract class AbstractIntegrationTest { final Field field5 = SQLiteDBService.class.getDeclaredField("conn"); field5.setAccessible(true); field5.set(null, null); - + final Field field6 = DatabaseServiceFactory.class.getDeclaredField("dbServices"); field6.setAccessible(true); field6.set(null, null); - + // reset MOA-SPSS configuration object final Field field2 = ConfigurationProvider.class.getDeclaredField("instance"); field2.setAccessible(true); field2.set(null, null); - + final Field field8 = TransactionContextManager.class.getDeclaredField("instance"); field8.setAccessible(true); field8.set(null, null); - + // reset PKI module configuration resetClassState(PKIFactory.class, "instance_", null); // reset IAIK MOA configuration resetClassState(Configurator.class, "C", false); - + //reset ESI-SVA configuration resetClassState(ConfigurationAdapter.class, "a", null); - resetClassState(ConfigurationAdapter.class, "instance", null); + // resetClassState(ConfigurationAdapter.class, "instance", null); //resetClassState(ConfigurationAdapter.class, "config", null); //resetClassState(ConfigurationAdapter.class, "libraryConfig", null); - + } private static void resetClassState(Class clazz, String fieldName, Object value) { @@ -101,16 +100,16 @@ public abstract class AbstractIntegrationTest { Field field7 = clazz.getDeclaredField(fieldName); if (field7 != null) { field7.setAccessible(true); - field7.set(null, value); + field7.set(null, value); } - + } catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) { e.printStackTrace(); } - + } - - + + protected VerifyXMLSignatureRequest buildVerifyXmlRequest(final byte[] signature, final String trustProfileID, boolean extValFlag, final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation, diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java index 191bed9..a88873a 100644 --- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/CadesIntegrationTest.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.init.SystemInitializer; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; +import at.gv.egovernment.moa.spss.server.utils.LoggerUtils; import at.gv.egovernment.moa.spss.tsl.TSLServiceFactory; import at.gv.egovernment.moaspss.util.DOMUtils; import iaik.pki.Configurator; @@ -52,6 +53,9 @@ public class CadesIntegrationTest extends AbstractIntegrationTest { @BeforeClass public static void classInitializer() throws IOException, ConfigurationException, NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + + LoggerUtils.fixLoggerFactory(); + jvmStateReset(); final String current = new java.io.File(".").getCanonicalPath(); diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java index 9cee722..16037d6 100644 --- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java @@ -9,9 +9,6 @@ import static org.junit.Assert.assertTrue; import java.io.FileInputStream; import java.io.IOException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.util.Base64; import java.util.Date; import org.apache.commons.io.IOUtils; @@ -31,36 +28,45 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElemen import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; -import at.gv.egovernment.moa.spss.server.iaik.cmsverify.PDFSignatureVerificationProfileImpl; import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.spss.server.init.SystemInitializer; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; import at.gv.egovernment.moa.spss.server.logging.TransactionId; -import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; -import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; +import at.gv.egovernment.moa.spss.server.utils.LoggerUtils; +import at.gv.egovernment.moa.spss.test.integration.utils.CertificateReader; +import iaik.pki.KeyUsageParam; +import iaik.pki.KeyUsageParams; import iaik.pki.PKIFactory; import iaik.pki.PKIModule; -import iaik.pki.PKIResult; -import iaik.server.cmspdfverify.CMSVerifyUtils; import iaik.x509.X509Certificate; -import at.gv.egovernment.moa.spss.test.integration.utils.CertificateReader; +import iaik.x509.extensions.KeyUsage; @RunWith(BlockJUnit4ClassRunner.class) public class PadesIntegrationTest extends AbstractIntegrationTest { + public static boolean[] KEY_USAGE; + + static { + KeyUsage usage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation); + KEY_USAGE = usage.getBooleanArray(); + } + CMSSignatureVerificationInvoker cadesInvoker; @BeforeClass - public static void classInitializer() throws IOException, ConfigurationException, + public static void classInitializer() throws IOException, ConfigurationException, NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + + LoggerUtils.fixLoggerFactory(); + jvmStateReset(); - + final String current = new java.io.File(".").getCanonicalPath(); System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); System.setProperty("iaik.esi.sva.configuration.location", current + "/src/test/resources/moaspss_config/svaconfig.example"); - + moaSpssCore = SystemInitializer.init(); } @@ -162,7 +168,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertEquals("ext. val major", 1, cmsResult.getExtendedCertificateCheck().getMajorCode()); - + // because was signed by using SHA1 after xxxx assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMinorCode()); @@ -170,9 +176,9 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { assertEquals("used sig alg", "SHA1withRSA", cmsResult.getSignatureAlgorithm()); } - - - + + + @Ignore @Test public void padesLteTest() throws MOAException, IOException { @@ -188,10 +194,10 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { // verify result assertNotNull("verification result", result); - + } - + @Test public void padesAmtssignatur() throws MOAException, IOException { final VerifyCMSSignatureRequest request = buildVerfifyCmsRequest( @@ -203,7 +209,7 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { // perform test final VerifyCMSSignatureResponse result = cadesInvoker.verifyCMSSignature(request); - + // verify result assertNotNull("verification result", result); @@ -211,21 +217,21 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { .getResponseElements().get(0); assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); - + assertTrue("Amtssignatur", cmsResult.getSignerInfo().isPublicAuthority()); assertEquals("Amtssignatur", "L4AL", cmsResult.getSignerInfo().getPublicAuhtorityID()); - + assertFalse("QC", cmsResult.getSignerInfo().isQualifiedCertificate()); assertFalse("SSCD", cmsResult.getSignerInfo().isSSCD()); - + assertEquals("CountryCode", "AT", cmsResult.getSignerInfo().getIssuerCountryCode()); - + assertNotNull("extended val. result", cmsResult.getExtendedCertificateCheck()); assertEquals("ext. val major", 2, cmsResult.getExtendedCertificateCheck().getMajorCode()); - - // it's no valid CAdES signature because it does not include SignatureCertificateInfo extension + + // it's no valid CAdES signature because it does not include SignatureCertificateInfo extension assertEquals("ext. val major", 13, cmsResult.getExtendedCertificateCheck().getMinorCode()); - + assertNotNull("form val. result", cmsResult.getAdESFormResults()); assertEquals("form val. result size", 4, cmsResult.getAdESFormResults().size()); @@ -234,9 +240,9 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { assertEquals("Find wrong form val status", 2, ((AdESFormResults) el).getCode().longValue()); } - + } - + @Ignore @Test public void padesOwnTest() throws Exception { @@ -257,26 +263,31 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { assertEquals("sigCode", 0, cmsResult.getSignatureCheck().getCode()); assertEquals("certCode", 0, cmsResult.getCertificateCheck().getCode()); assertEquals("Amtssignatur", "", cmsResult.getSignerInfo().getPublicAuhtorityID()); - + } - - @Ignore + @Test public void pkixTest() throws Exception { - final String current = new java.io.File(".").getCanonicalPath(); - X509Certificate[] chain = CertificateReader.readCertificatesIntoArray(current + "/src/test/resources/testdata/pkix/chain/"); - + final String current = new java.io.File(".").getCanonicalPath(); + X509Certificate[] chain = CertificateReader.readCertificatesIntoArray(current + "/src/test/resources/testdata/pkix/chain/"); + PKIModule pkiModule = PKIFactory.getInstance().getPKIModule( new PKIProfileImpl(ConfigurationProvider.getInstance(), "MOAIDBuergerkarteAuthentisierungsDaten")); - PKIResult pkiResult = pkiModule.validateCertificate( - new Date(), - (X509Certificate) chain[0], - (X509Certificate[]) ArrayUtils.subarray(chain, 1, chain.length), - (boolean[])null, - new TransactionId("aabbccdd")); - + + KeyUsageParams keyUsage = new KeyUsageParams(); + keyUsage.addParam(new KeyUsageParam(KEY_USAGE, KeyUsageParam.STRICT)); + + pkiModule.validateCertificate( + new Date(), + chain[0], + ArrayUtils.subarray(chain, 1, chain.length), + //(boolean[]) null, + // keyUsage, + null, + new TransactionId("aabbccdd")); + System.out.print("Finished"); - + } - + } diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java index ebbc334..3f413c3 100644 --- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.init.SystemInitializer; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; +import at.gv.egovernment.moa.spss.server.utils.LoggerUtils; import at.gv.egovernment.moaspss.util.DOMUtils; @RunWith(BlockJUnit4ClassRunner.class) @@ -46,10 +47,13 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { XMLSignatureCreationInvoker xadesSignInvoker; @BeforeClass - public static void classInitializer() throws IOException, ConfigurationException, + public static void classInitializer() throws IOException, ConfigurationException, NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + + LoggerUtils.fixLoggerFactory(); + jvmStateReset(); - + final String current = new java.io.File(".").getCanonicalPath(); System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); @@ -166,27 +170,27 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { assertEquals("used sig alg", "SHA256withRSA", result.getSignatureAlgorithm()); } - + @Test public void simpleXmlSignature() throws MOAException, ParserConfigurationException, SAXException, IOException, TransformerException { // build request Element xml = DOMUtils.parseXmlNonValidating( CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_1.xml")); CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml); - + // create signature CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET); - - + + // verify response assertNotNull("xadesResp", xmlResp); assertNotNull("xadesResp elements", xmlResp.getResponseElements()); assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty()); - - SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); + + SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); assertNotNull("signed xml", signedXml.getSignatureEnvironment()); - - + + // verify signature final VerifyXMLSignatureRequest request = buildVerifyXmlRequest( DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(), @@ -199,7 +203,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { assertNotNull("verification result", result); assertEquals("sigCode", 0, result.getSignatureCheck().getCode()); assertEquals("certCode", 0, result.getCertificateCheck().getCode()); - + } @Test @@ -208,20 +212,20 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { Element xml = DOMUtils.parseXmlNonValidating( CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_2.xml")); CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml); - + // create signature CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET); - - + + // verify response assertNotNull("xadesResp", xmlResp); assertNotNull("xadesResp elements", xmlResp.getResponseElements()); assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty()); - - SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); + + SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); assertNotNull("signed xml", signedXml.getSignatureEnvironment()); - - + + // verify signature final VerifyXMLSignatureRequest request = buildVerifyXmlRequest( DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(), @@ -234,7 +238,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { assertNotNull("verification result", result); assertEquals("sigCode", 0, result.getSignatureCheck().getCode()); assertEquals("certCode", 0, result.getCertificateCheck().getCode()); - + } - + } diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/UtilsTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/UtilsTest.java new file mode 100644 index 0000000..7ddebaa --- /dev/null +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/utils/UtilsTest.java @@ -0,0 +1,19 @@ +package at.gv.egovernment.moa.spss.test.integration.utils; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +import org.apache.commons.lang3.StringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +@RunWith(BlockJUnit4ClassRunner.class) +public class UtilsTest { + + @Test + public void characterCleanUp() { + String text = "Hello\nWorld\r\nThis is Java.\rNew lines gone!"; + String result = StringUtils.deleteWhitespace(text); + assertEquals("HelloWorldThisisJava.Newlinesgone!", result); + } +} diff --git a/release-infos/endorsed_libs/serializer-2.7.1.jar b/release-infos/endorsed_libs/serializer-2.7.1.jar Binary files differdeleted file mode 100644 index 99f98db..0000000 --- a/release-infos/endorsed_libs/serializer-2.7.1.jar +++ /dev/null diff --git a/release-infos/endorsed_libs/xalan-2.7.1.jar b/release-infos/endorsed_libs/xalan-2.7.1.jar Binary files differdeleted file mode 100644 index 458fa73..0000000 --- a/release-infos/endorsed_libs/xalan-2.7.1.jar +++ /dev/null diff --git a/release-infos/endorsed_libs/xercesImpl-2.12.2.jar b/release-infos/endorsed_libs/xercesImpl-2.12.2.jar Binary files differdeleted file mode 100644 index ccbae9f..0000000 --- a/release-infos/endorsed_libs/xercesImpl-2.12.2.jar +++ /dev/null diff --git a/release-infos/endorsed_libs/xml-apis-1.4.01.jar b/release-infos/endorsed_libs/xml-apis-1.4.01.jar Binary files differdeleted file mode 100644 index 4673346..0000000 --- a/release-infos/endorsed_libs/xml-apis-1.4.01.jar +++ /dev/null diff --git a/release-infos/ext_libs/iaikPkcs11Wrapper.jar b/release-infos/ext_libs/iaikPkcs11Wrapper.jar Binary files differdeleted file mode 100644 index 6543602..0000000 --- a/release-infos/ext_libs/iaikPkcs11Wrapper.jar +++ /dev/null diff --git a/release-infos/ext_libs/iaikPkcs11Provider.jar b/release-infos/ext_libs/iaik_Pkcs11Provider.jar Binary files differindex 8d09063..8d09063 100644 --- a/release-infos/ext_libs/iaikPkcs11Provider.jar +++ b/release-infos/ext_libs/iaik_Pkcs11Provider.jar diff --git a/release-infos/ext_libs/iaik_Pkcs11Wrapper.jar b/release-infos/ext_libs/iaik_Pkcs11Wrapper.jar Binary files differnew file mode 100644 index 0000000..4daae43 --- /dev/null +++ b/release-infos/ext_libs/iaik_Pkcs11Wrapper.jar diff --git a/release-infos/handbook/conf/moa-spss/spss.config.xml b/release-infos/handbook/conf/moa-spss/spss.config.xml index e1d61a6..ce7f2bd 100644 --- a/release-infos/handbook/conf/moa-spss/spss.config.xml +++ b/release-infos/handbook/conf/moa-spss/spss.config.xml @@ -61,7 +61,7 @@ </cfg:KeyCertIssuerSerial> </cfg:Key> </cfg:KeyGroup> - <cfg:KeyGroup> + <cfg:KeyGroup RSASSA-PSS="true"> <cfg:Id>KG_allgemein</cfg:Id> <cfg:Key> <cfg:KeyModuleId>SKM_allgemein</cfg:KeyModuleId> @@ -95,6 +95,7 @@ <cfg:XAdES> <cfg:Version>1.4.2</cfg:Version> </cfg:XAdES> + <cfg:Signing RSASSA-PSS="true" /> </cfg:SignatureCreation> <cfg:SignatureVerification> <cfg:CertificateValidation> diff --git a/release-infos/handbook/handbook/config/MOA-SPSS-config-3.2.0.xsd b/release-infos/handbook/handbook/config/MOA-SPSS-config-3.3.0.xsd index d9cecf1..57c2e1d 100644 --- a/release-infos/handbook/handbook/config/MOA-SPSS-config-3.2.0.xsd +++ b/release-infos/handbook/handbook/config/MOA-SPSS-config-3.3.0.xsd @@ -98,6 +98,7 @@ </xs:sequence> <xs:element name="DigestMethodAlgorithm" minOccurs="0"/> </xs:sequence> + <xs:attribute name="RSASSA-PSS" type="xs:boolean"/> </xs:complexType> </xs:element> <xs:element name="KeyGroupMapping" maxOccurs="unbounded"> @@ -131,6 +132,11 @@ </xs:sequence> </xs:complexType> </xs:element> + <xs:element name="Signing" minOccurs="0"> + <xs:complexType> + <xs:attribute name="RSASSA-PSS" type="xs:boolean" default="true"/> + </xs:complexType> + </xs:element> </xs:sequence> </xs:complexType> </xs:element> diff --git a/release-infos/handbook/handbook/config/config.html b/release-infos/handbook/handbook/config/config.html index a80c346..cd3e8d3 100644 --- a/release-infos/handbook/handbook/config/config.html +++ b/release-infos/handbook/handbook/config/config.html @@ -66,6 +66,7 @@ <li><a href="#konfigurationsparameter_ss_createtransformsinfoprofile">Profil für Transformationen</a></li> <li><a href="#konfigurationsparameter_ss_createsignatureenvironmentprofile">Profil für Signaturumgebung </a></li> <li><a href="#konfigurationsparameter_ss_xades">XAdES Version</a></li> + <li><a href="#konfigurationsparameter_ss_rsassapss">Allgemeine Signaturparameter</a></li> </ol> </li> <li><a href="#konfigurationsparameter_sp">Parameter für MOA SP</a> <ol> @@ -143,7 +144,7 @@ </tr> </table> <h2><a name="uebersicht_zentraledatei" id="uebersicht_zentraledatei"></a>1.2 Zentrale Konfigurationsdatei</h2> - <p>Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-3.2.0.xsd">MOA-SPSS-config-3.2.0.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erläutert die Konfigurationsmöglichkeiten im Einzelnen.</p> + <p>Die Konfiguration von MOA SP/SS erfolgt zentral über eine einzige Konfigurationsdatei. Das Format der Konfigurationsdatei ist XML und muss dem Schema <a href="./MOA-SPSS-config-3.3.0.xsd">MOA-SPSS-config-3.3.0.xsd</a> entsprechen. <a href="#konfigurationsparameter">Abschnitt 2</a> erläutert die Konfigurationsmöglichkeiten im Einzelnen.</p> <h3><a name="uebersicht_zentraledatei_aktualisierung" id="uebersicht_zentraledatei_aktualisierung"></a>1.2.1 Aktualisierung auf das Format von MOA SP/SS 1.3</h3> <p>Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues, übersichtlicheres Format für die @@ -401,6 +402,7 @@ </ul> </li> <li>Element <code>cfg:DigestMethodAlgorithm</code>: Dieses optionale Element spezifiert einen Digest-Algorithmus, der für das Erstellen von XML-Signaturen mittels dieser Schlüsselgruppe verwendet werden soll. Der Default-Wert bzw. ein allfällig in Abschnitt "<a href="#konfigurationsparameter_ss_xmldsig">Parameter für XML-Signaturen</a>" definierter Wert, werden dadurch für diese Schlüsselgruppe überschrieben. Mögliche Werte sind dem Element <code>cfg:SignatureCreation/cfg:XMLDSig/cfg:DigestMethodAlgorithm</code> ebenfalls in Abschnitt "<a href="#konfigurationsparameter_ss_xmldsig">Parameter für XML-Signaturen</a>" zu entnehmen. </li> + <li>Attribut <code>cfg:RSASSA-PSS</code>: Dieses Attribut ermöglicht die Deaktivierung von RSASSA-PSS Algorithmen bei Verwendung von RSA Schlüsselmaterial. Falls nicht vorhanden wird der Defaultwert aus <code>cfg:SignatureCreation/cfg:Signing</code> verwendet.</li> </ul> <p>Um auf einfache Weise für alle in Ihren Schlüsselspeichern enthaltenen privaten Schlüssel die jeweiligen Werte für <code>dsig:X509IssuerName</code> und <code>dsig:X509SerialNumber</code> zu @@ -617,6 +619,24 @@ http://www.w3.org/2000/09/xmldsig#sha256<br>http://www.w3.org/2000/09/xmldsig#sh </ul></td> </tr> </table> + <h3><a name="konfigurationsparameter_ss_rsassapss" id="konfigurationsparameter_ss_rsassapss"></a>2.2.8 Allgemeine Signaturparameter</h3> + <table class="fixedWidth" border="1" cellpadding="2"> + <tr> + <td>Name</td> + <td><code>cfg:SignatureCreation/cfg:Signing</code></td> + </tr> + <tr> + <td>Gebrauch</td> + <td>Null mal bis einmal</td> + </tr> + <tr> + <td>Erläuterung</td> + <td><p>Dieses Element ermöglicht die Konfiguration allgemeiner Signaturparameter.</p> + <ul> + <li>Attribut <code>cfg:RSASSA-PSS</code>: Dieses Attribut ermöglicht die Deaktivierung von RSASSA-PSS Algorithmen bei Verwendung von RSA Schlüsselmaterial. Falls nicht vorhanden oder der <code>true</code> als Attributwert wird RSASSA-PSS verwendet. </li> + </ul></td> + </tr> + </table> <h2><a name="konfigurationsparameter_sp" id="konfigurationsparameter_sp"></a>2.3 Parameter für MOA SP </h2> <table border="1" cellpadding="2" class="fixedWidth"> diff --git a/release-infos/handbook/handbook/index.html b/release-infos/handbook/handbook/index.html index a0202a3..6672b68 100644 --- a/release-infos/handbook/handbook/index.html +++ b/release-infos/handbook/handbook/index.html @@ -15,7 +15,7 @@ </table> <hr/> <p class="title">MOA: Serversignatur (SS) und Signaturprüfung (SP) </p> - <p class="subtitle">Übersicht zur Dokumentation der Version 3.2.x</p> + <p class="subtitle">Übersicht zur Dokumentation der Version 3.3.0</p> <hr/> <dl> <dt><a href="./intro/intro.html">Einführung</a></dt> diff --git a/release-infos/pkcs11/pkcs11-natives.zip b/release-infos/pkcs11/pkcs11-natives.zip Binary files differnew file mode 100644 index 0000000..1cc1603 --- /dev/null +++ b/release-infos/pkcs11/pkcs11-natives.zip diff --git a/release-infos/pkcs11/unix/linux-x86/debug/libpkcs11wrapper.so b/release-infos/pkcs11/unix/linux-x86/debug/libpkcs11wrapper.so Binary files differdeleted file mode 100755 index 778ac22..0000000 --- a/release-infos/pkcs11/unix/linux-x86/debug/libpkcs11wrapper.so +++ /dev/null diff --git a/release-infos/pkcs11/unix/linux-x86/release/libpkcs11wrapper.so b/release-infos/pkcs11/unix/linux-x86/release/libpkcs11wrapper.so Binary files differdeleted file mode 100755 index 0d3e88f..0000000 --- a/release-infos/pkcs11/unix/linux-x86/release/libpkcs11wrapper.so +++ /dev/null diff --git a/release-infos/pkcs11/unix/linux-x86_64/debug/libpkcs11wrapper.so b/release-infos/pkcs11/unix/linux-x86_64/debug/libpkcs11wrapper.so Binary files differdeleted file mode 100755 index f0d6399..0000000 --- a/release-infos/pkcs11/unix/linux-x86_64/debug/libpkcs11wrapper.so +++ /dev/null diff --git a/release-infos/pkcs11/unix/linux-x86_64/release/libpkcs11wrapper.so b/release-infos/pkcs11/unix/linux-x86_64/release/libpkcs11wrapper.so Binary files differdeleted file mode 100755 index 407e097..0000000 --- a/release-infos/pkcs11/unix/linux-x86_64/release/libpkcs11wrapper.so +++ /dev/null diff --git a/release-infos/pkcs11/unix/macosx_universal/debug/libpkcs11wrapper.jnilib b/release-infos/pkcs11/unix/macosx_universal/debug/libpkcs11wrapper.jnilib Binary files differdeleted file mode 100755 index 2778819..0000000 --- a/release-infos/pkcs11/unix/macosx_universal/debug/libpkcs11wrapper.jnilib +++ /dev/null diff --git a/release-infos/pkcs11/unix/macosx_universal/release/libpkcs11wrapper.jnilib b/release-infos/pkcs11/unix/macosx_universal/release/libpkcs11wrapper.jnilib Binary files differdeleted file mode 100755 index 0735243..0000000 --- a/release-infos/pkcs11/unix/macosx_universal/release/libpkcs11wrapper.jnilib +++ /dev/null diff --git a/release-infos/pkcs11/windows/win-x86/debug/pkcs11wrapper.dll b/release-infos/pkcs11/windows/win-x86/debug/pkcs11wrapper.dll Binary files differdeleted file mode 100755 index 98926ca..0000000 --- a/release-infos/pkcs11/windows/win-x86/debug/pkcs11wrapper.dll +++ /dev/null diff --git a/release-infos/pkcs11/windows/win-x86/release/pkcs11wrapper.dll b/release-infos/pkcs11/windows/win-x86/release/pkcs11wrapper.dll Binary files differdeleted file mode 100755 index d035759..0000000 --- a/release-infos/pkcs11/windows/win-x86/release/pkcs11wrapper.dll +++ /dev/null diff --git a/release-infos/pkcs11/windows/win-x86_64/debug/pkcs11wrapper.dll b/release-infos/pkcs11/windows/win-x86_64/debug/pkcs11wrapper.dll Binary files differdeleted file mode 100755 index 7ccecc3..0000000 --- a/release-infos/pkcs11/windows/win-x86_64/debug/pkcs11wrapper.dll +++ /dev/null diff --git a/release-infos/pkcs11/windows/win-x86_64/release/pkcs11wrapper.dll b/release-infos/pkcs11/windows/win-x86_64/release/pkcs11wrapper.dll Binary files differdeleted file mode 100755 index eab4129..0000000 --- a/release-infos/pkcs11/windows/win-x86_64/release/pkcs11wrapper.dll +++ /dev/null diff --git a/release-infos/readme_3.3.0.txt b/release-infos/readme_3.3.0.txt new file mode 100644 index 0000000..b4bd661 --- /dev/null +++ b/release-infos/readme_3.3.0.txt @@ -0,0 +1,76 @@ +Releaseinfos zu MOA-SPSS Version 3.3.0 + - Änderungen: + - Mindestanforderungen + - Java 17 + - Apache Tomcat 10.1 (Jakarta Servlet 6.0) + - Verwendung von RSASSA-PSS Algorithmen als Default bei RSA Schlüsselmaterial + - Verbessertes Fehlerhändling in Trust-Status-List (TSL) Implementierung + - Aktualisierung von Drittherstellerbibliotheken + + +------------------------------------------------------------------------------- + Update einer bestehenden MOA-SPSS-Installation auf Version 3.3.0 +------------------------------------------------------------------------------- +Es gibt zwei Moeglichkeiten (im Folgenden als "Update Variante A" und +"Update Variante B" bezeichnet), das Update von MOA-SPSS auf Version +3.2.2 durchzufuehren. Update Variante A geht dabei den Weg ueber eine +vorangestellte Neuinstallation, waehrend Variante B direkt eine +bestehende Installation aktualisiert. + +Folgende Begriffe werden verwendet: + +JAVA_HOME bezeichnet das Wurzelverzeichnis der JDK-Installation + +CATALINA_HOME bezeichnet das Wurzelverzeichnis der Tomcat-Installation + +MOA_SPSS_WAR bezeichnet die Applikation MOA-SPSS in der Datei moa-spss-3.3.0.war + +MOA_SPSS_HANDBOOK bezeichnet das Archiv mit dem Handbuch und der Default Konfiguration + +-------------------------- +Update Variante A +-------------------------- + +1.) Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses + Ihrer MOA-SPSS-Installation. + +2.) Fuehren Sie eine Neuinstallation gemaess Handbuch durch. + +3.) Kopieren Sie etwaige Konfigurationsdateien, Trust-Profile und Key-Stores, + die Sie aus Ihrer alten Installation beibehalten moechten, aus Ihrer + Sicherungskopie in die entsprechenden Verzeichnisse der neuen + Installation. + + +-------------------------- +Update Variante B +-------------------------- + +1.) Erstellen Sie eine Sicherungskopie des kompletten Tomcat-Verzeichnisses + Ihrer MOA-SPSS-Installation. + +2.) Umstellung auf des Applikationsservers und der verwendeten Java Version + - Applikationsserver mindestes Apache Tomcat 10.1 + - JavaVM mindestens Java 17 + - Aktualisierung entsprechend der von Ihnen verwendeten Betriebsumgebung + +3.) Loeschen Sie das Verzeichnis CATALINA_HOME\webapps\moa-spss + +4.) Ersetzen Sie die Datei CATALINA_HOME\webapps\moa-spss.war durch die Datei + MOA_SPSS_WAR. + +5.) Loeschen Sie das Verzeichnis CATALINA_HOME\work. + +6.) Falls Sie eine externe Logger-Konfiguration verwenden müssen Sie die Logger-Konfiguration anpassen. + z.B. -Dlogback.configurationFile=CATALINA_HOME\config\moa-spss\logback.xml + Eine Beispielkonfiguration finden Sie unter MOA_SPSS_HANDBOOK\handbook\conf\moa-spss\logback.xml + +6.) Falls sie MOA-SP mit Trust-Status List (TSL) Unterstützung betreiben passen Sie + die Konfiguration entsprechend der TSL Konfiguration im Handbuch an. + +7.) Falls sie MOA-SP ohne Trust-Status List (TSL) Unterstützung betreiben gleichen Sie + nach bedarf die in der Konfiguration begelegten TrustStore für Zertifikate + MOA_SPSS_HANDBOOK/conf/moa-spss/trustProfiles/* + udnd das toBeAdded Verzeichnis des CertStores + MOA_SPSS_HANDBOOK/conf/moa-spss/certstore/toBeAdded/* + mit der von Ihnen aktuell verwendeten Konfiguration ab. |