diff options
13 files changed, 86 insertions, 74 deletions
diff --git a/moaSig/libs/iaik_cpades-2.4_moa.jar b/moaSig/libs/iaik_cpades-2.4_moa.jar Binary files differdeleted file mode 100644 index 300c215..0000000 --- a/moaSig/libs/iaik_cpades-2.4_moa.jar +++ /dev/null diff --git a/moaSig/libs/iaik_cpades_2.5_moa.jar b/moaSig/libs/iaik_cpades_2.5_moa.jar Binary files differnew file mode 100644 index 0000000..1c15eec --- /dev/null +++ b/moaSig/libs/iaik_cpades_2.5_moa.jar diff --git a/moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar b/moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar Binary files differindex e67be71..2d16719 100644 --- a/moaSig/libs/iaik_cpxlevel-0.9.2_moa.jar +++ b/moaSig/libs/iaik_cpxlevel-0.9.2.1_moa.jar diff --git a/moaSig/libs/iaik_moa-2.09.jar b/moaSig/libs/iaik_moa-2.09.jar Binary files differdeleted file mode 100644 index a73a348..0000000 --- a/moaSig/libs/iaik_moa-2.09.jar +++ /dev/null diff --git a/moaSig/libs/iaik_moa-2.10.jar b/moaSig/libs/iaik_moa-2.10.jar Binary files differnew file mode 100644 index 0000000..7a659c4 --- /dev/null +++ b/moaSig/libs/iaik_moa-2.10.jar diff --git a/moaSig/libs/iaik_pki_module-2.03_moa.jar b/moaSig/libs/iaik_pki_module-2.04_moa.jar Binary files differindex a017fe6..8732262 100644 --- a/moaSig/libs/iaik_pki_module-2.03_moa.jar +++ b/moaSig/libs/iaik_pki_module-2.04_moa.jar diff --git a/moaSig/libs/iaik_sva-1.2.0.jar b/moaSig/libs/iaik_sva-1.2.0.jar Binary files differdeleted file mode 100644 index a9d3824..0000000 --- a/moaSig/libs/iaik_sva-1.2.0.jar +++ /dev/null diff --git a/moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar b/moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar Binary files differnew file mode 100644 index 0000000..4bb8326 --- /dev/null +++ b/moaSig/libs/iaik_sva-1.2.1-SNAPSHOT.jar diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java index b97cc95..2973b36 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java @@ -110,34 +110,27 @@ import iaik.xml.crypto.utils.URIException; public class XMLSignatureVerificationInvoker { /** The single instance of this class. */ - private static XMLSignatureVerificationInvoker instance = null; + private static final XMLSignatureVerificationInvoker INSTANCE = new XMLSignatureVerificationInvoker(); - private static Set FILTERED_REF_TYPES; - - static { - FILTERED_REF_TYPES = new HashSet(); - FILTERED_REF_TYPES.add(DsigManifest.XML_DSIG_MANIFEST_TYPE); - FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE); - FILTERED_REF_TYPES.add(SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD); - FILTERED_REF_TYPES.add(XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties"); - FILTERED_REF_TYPES.add("http://uri.etsi.org/01903#SignedProperties"); - } + private static final Set<String> FILTERED_REF_TYPES = Set.of( + DsigManifest.XML_DSIG_MANIFEST_TYPE, + SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE, + SecurityLayerManifest.SECURITY_LAYER_MANIFEST_TYPE_OLD, + XMLConstants.NAMESPACE_ETSI_STRING + "SignedProperties", + "http://uri.etsi.org/01903#SignedProperties"); /** * Get the single instance of this class. - * + * * @return The single instance of this class. */ - public static synchronized XMLSignatureVerificationInvoker getInstance() { - if (instance == null) { - instance = new XMLSignatureVerificationInvoker(); - } - return instance; + public static XMLSignatureVerificationInvoker getInstance() { + return INSTANCE; } /** * Create a new <code>XMLSignatureCreationInvoker</code>. - * + * * Protected to disallow multiple instances. */ protected XMLSignatureVerificationInvoker() { @@ -146,8 +139,8 @@ public class XMLSignatureVerificationInvoker { /** * Process the <code>VerifyXMLSignatureRequest<code> message and invoke the * <code>XMLSignatureVerificationModule</code>. - * - * @param request A <code>VerifyXMLSignatureRequest<code> API object + * + * @param request A <code>VerifyXMLSignatureRequest<code> API object * containing the data for verifying an XML signature. * @return A <code>VerifyXMLSignatureResponse</code> containing the answert * to the <code>VerifyXMLSignatureRequest</code>. MOA schema @@ -307,16 +300,16 @@ public class XMLSignatureVerificationInvoker { /** * Checks if the signer certificate matches one of the allowed signer * certificates specified in the provided <code>trustProfile</code>. - * + * * @param result The result produced by the * <code>XMLSignatureVerificationModule</code>. - * + * * @param trustProfile The trust profile the signer certificate is validated * against. - * + * * @return The overal result of the certificate validation for the signer * certificate. - * + * * @throws MOAException if one of the signer certificates specified in the * <code>trustProfile</code> cannot be read from the file * system. @@ -392,7 +385,7 @@ public class XMLSignatureVerificationInvoker { /** * Select the <code>dsig:Signature</code> DOM element within the signature * environment. - * + * * @param signatureEnvironment The signature environment containing the * <code>dsig:Signature</code>. * @param request The <code>VerifyXMLSignatureRequest</code> @@ -425,7 +418,7 @@ public class XMLSignatureVerificationInvoker { /** * Build the supplemental data objects contained in the * <code>VerifyXMLSignatureRequest</code>. - * + * * @param supplements A <code>List</code> of * <code>XMLDataObjectAssociation</code>s containing the * supplement data. @@ -458,7 +451,7 @@ public class XMLSignatureVerificationInvoker { /** * Get the supplemental data contained in the * <code>VerifyXMLSignatureRequest</code>. - * + * * @param request The <code>VerifyXMLSignatureRequest</code> containing the * supplemental data. * @return A <code>List</code> of <code>XMLDataObjectAssociation</code> objects @@ -490,7 +483,7 @@ public class XMLSignatureVerificationInvoker { /** * Perform additional validations of the * <code>XMLSignatureVerificationResult</code>. - * + * * <p> * In particular, it is verified that: * <ul> @@ -500,7 +493,7 @@ public class XMLSignatureVerificationInvoker { * <li>The hash values of the <code>TransformParameter</code>s are valid.</li> * </ul> * </p> - * + * * @param request The <code>VerifyXMLSignatureRequest</code> containing the * signature to verify. * @param result The result produced by @@ -605,7 +598,7 @@ public class XMLSignatureVerificationInvoker { * Get all <code>Transform</code>s contained in all the * <code>VerifyTransformsInfoProfile</code>s of the given * <code>ReferenceInfo</code>. - * + * * @param refInfo The <code>ReferenceInfo</code> object containing the * transformations. * @return A <code>List</code> of <code>List</code>s. Each of the @@ -637,7 +630,7 @@ public class XMLSignatureVerificationInvoker { /** * Build the <code>Set</code> of all <code>TransformParameter</code> URIs. - * + * * @param transformParameters The <code>List</code> of * <code>TransformParameter</code>s, as provided to * the verification. @@ -658,7 +651,7 @@ public class XMLSignatureVerificationInvoker { /** * Build a mapping between <code>TransformParameter</code> URIs (a * <code>String</code> and <code>dsig:HashValue</code> (a <code>byte[]</code>). - * + * * @param request The <code>VerifyXMLSignatureRequest</code>. * @return Map The resulting mapping. * @throws MOAApplicationException An error occurred accessing one of the @@ -703,7 +696,7 @@ public class XMLSignatureVerificationInvoker { * Filter the <code>ReferenceInfo</code>s returned by the * <code>VerifyXMLSignatureResult</code> for comparison with the * <code>ReferenceInfo</code> elements in the request. - * + * * @param referenceInfos The <code>ReferenceInfo</code>s from the * <code>VerifyXMLSignatureResult</code>. * @return A <code>List</code> of all <code>ReferenceInfo</code>s whose type is diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle index 21bdb2c..1887479 100644 --- a/moaSig/moa-sig/build.gradle +++ b/moaSig/moa-sig/build.gradle @@ -21,18 +21,19 @@ dependencies { jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5' jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5' + compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0' + implementation project(':common') implementation project(':moa-sig-lib') implementation project(':moa-asic') implementation fileTree(dir: 'libs', include: ['*.jar']) - compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0' + implementation 'commons-discovery:commons-discovery:0.5' implementation 'org.apache.logging.log4j:log4j-1.2-api:2.25.1' implementation 'org.slf4j:log4j-over-slf4j:2.0.17' implementation 'jakarta.jws:jakarta.jws-api:3.0.0' implementation 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2' implementation 'ch.qos.logback:logback-classic:1.5.18' - implementation 'javax.activation:activation:1.1.1' implementation 'org.eclipse.angus:angus-mail:2.0.4' diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java index 1ee071a..92749b0 100644 --- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java @@ -37,7 +37,6 @@ import at.gv.egovernment.moaspss.util.Constants; import iaik.esi.sva.ConfigurationAdapter; import iaik.pki.Configurator; import iaik.pki.PKIFactory; -import iaik.pki.store.certstore.CertStoreFactory; import iaik.pki.store.truststore.TrustStoreFactory; public abstract class AbstractIntegrationTest { @@ -57,9 +56,9 @@ public abstract class AbstractIntegrationTest { System.setProperty("moa.spss.server.configuration", ""); System.setProperty("iaik.esi.sva.configuration.location", ""); - + TrustStoreFactory.reset(); - + // reset TSL client final Field field1 = TSLServiceFactory.class.getDeclaredField("tslClient"); field1.setAccessible(true); @@ -68,32 +67,32 @@ public abstract class AbstractIntegrationTest { final Field field5 = SQLiteDBService.class.getDeclaredField("conn"); field5.setAccessible(true); field5.set(null, null); - + final Field field6 = DatabaseServiceFactory.class.getDeclaredField("dbServices"); field6.setAccessible(true); field6.set(null, null); - + // reset MOA-SPSS configuration object final Field field2 = ConfigurationProvider.class.getDeclaredField("instance"); field2.setAccessible(true); field2.set(null, null); - + final Field field8 = TransactionContextManager.class.getDeclaredField("instance"); field8.setAccessible(true); field8.set(null, null); - + // reset PKI module configuration resetClassState(PKIFactory.class, "instance_", null); // reset IAIK MOA configuration resetClassState(Configurator.class, "C", false); - + //reset ESI-SVA configuration resetClassState(ConfigurationAdapter.class, "a", null); - resetClassState(ConfigurationAdapter.class, "instance", null); + // resetClassState(ConfigurationAdapter.class, "instance", null); //resetClassState(ConfigurationAdapter.class, "config", null); //resetClassState(ConfigurationAdapter.class, "libraryConfig", null); - + } private static void resetClassState(Class clazz, String fieldName, Object value) { @@ -101,16 +100,16 @@ public abstract class AbstractIntegrationTest { Field field7 = clazz.getDeclaredField(fieldName); if (field7 != null) { field7.setAccessible(true); - field7.set(null, value); + field7.set(null, value); } - + } catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) { e.printStackTrace(); } - + } - - + + protected VerifyXMLSignatureRequest buildVerifyXmlRequest(final byte[] signature, final String trustProfileID, boolean extValFlag, final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation, diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java index 0c7bb63..16037d6 100644 --- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java @@ -32,19 +32,33 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl; import at.gv.egovernment.moa.spss.server.init.SystemInitializer; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker; import at.gv.egovernment.moa.spss.server.logging.TransactionId; +import at.gv.egovernment.moa.spss.server.utils.LoggerUtils; import at.gv.egovernment.moa.spss.test.integration.utils.CertificateReader; +import iaik.pki.KeyUsageParam; +import iaik.pki.KeyUsageParams; import iaik.pki.PKIFactory; import iaik.pki.PKIModule; import iaik.x509.X509Certificate; +import iaik.x509.extensions.KeyUsage; @RunWith(BlockJUnit4ClassRunner.class) public class PadesIntegrationTest extends AbstractIntegrationTest { + public static boolean[] KEY_USAGE; + + static { + KeyUsage usage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation); + KEY_USAGE = usage.getBooleanArray(); + } + CMSSignatureVerificationInvoker cadesInvoker; @BeforeClass public static void classInitializer() throws IOException, ConfigurationException, NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + + LoggerUtils.fixLoggerFactory(); + jvmStateReset(); final String current = new java.io.File(".").getCanonicalPath(); @@ -252,7 +266,6 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { } - @Ignore @Test public void pkixTest() throws Exception { final String current = new java.io.File(".").getCanonicalPath(); @@ -261,14 +274,16 @@ public class PadesIntegrationTest extends AbstractIntegrationTest { PKIModule pkiModule = PKIFactory.getInstance().getPKIModule( new PKIProfileImpl(ConfigurationProvider.getInstance(), "MOAIDBuergerkarteAuthentisierungsDaten")); - //KeyUsageParams keyUsage = new KeyUsageParams(); - //keyUsage.addParam(new KeyUsageParam((boolean[]) null, KeyUsageParam.STRICT)); + KeyUsageParams keyUsage = new KeyUsageParams(); + keyUsage.addParam(new KeyUsageParam(KEY_USAGE, KeyUsageParam.STRICT)); pkiModule.validateCertificate( new Date(), chain[0], ArrayUtils.subarray(chain, 1, chain.length), - (boolean[]) null, + //(boolean[]) null, + // keyUsage, + null, new TransactionId("aabbccdd")); System.out.print("Finished"); diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java index ebbc334..3f413c3 100644 --- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java +++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.init.SystemInitializer; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; +import at.gv.egovernment.moa.spss.server.utils.LoggerUtils; import at.gv.egovernment.moaspss.util.DOMUtils; @RunWith(BlockJUnit4ClassRunner.class) @@ -46,10 +47,13 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { XMLSignatureCreationInvoker xadesSignInvoker; @BeforeClass - public static void classInitializer() throws IOException, ConfigurationException, + public static void classInitializer() throws IOException, ConfigurationException, NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { + + LoggerUtils.fixLoggerFactory(); + jvmStateReset(); - + final String current = new java.io.File(".").getCanonicalPath(); System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); @@ -166,27 +170,27 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { assertEquals("used sig alg", "SHA256withRSA", result.getSignatureAlgorithm()); } - + @Test public void simpleXmlSignature() throws MOAException, ParserConfigurationException, SAXException, IOException, TransformerException { // build request Element xml = DOMUtils.parseXmlNonValidating( CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_1.xml")); CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml); - + // create signature CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET); - - + + // verify response assertNotNull("xadesResp", xmlResp); assertNotNull("xadesResp elements", xmlResp.getResponseElements()); assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty()); - - SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); + + SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); assertNotNull("signed xml", signedXml.getSignatureEnvironment()); - - + + // verify signature final VerifyXMLSignatureRequest request = buildVerifyXmlRequest( DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(), @@ -199,7 +203,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { assertNotNull("verification result", result); assertEquals("sigCode", 0, result.getSignatureCheck().getCode()); assertEquals("certCode", 0, result.getCertificateCheck().getCode()); - + } @Test @@ -208,20 +212,20 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { Element xml = DOMUtils.parseXmlNonValidating( CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_2.xml")); CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml); - + // create signature CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET); - - + + // verify response assertNotNull("xadesResp", xmlResp); assertNotNull("xadesResp elements", xmlResp.getResponseElements()); assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty()); - - SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); + + SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); assertNotNull("signed xml", signedXml.getSignatureEnvironment()); - - + + // verify signature final VerifyXMLSignatureRequest request = buildVerifyXmlRequest( DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(), @@ -234,7 +238,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest { assertNotNull("verification result", result); assertEquals("sigCode", 0, result.getSignatureCheck().getCode()); assertEquals("certCode", 0, result.getCertificateCheck().getCode()); - + } - + } |