From f10add103c0a094e908c5399d9575e7c2f1393d2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 3 Feb 2017 10:51:53 +0100 Subject: fix problem in SystemInitializer order that prevent the use of the TSL certstore switch to version RC4 --- .../moa/spss/server/init/SystemInitializer.java | 33 ++++++++++++---------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 295e861..0e592f0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -143,27 +143,30 @@ public class SystemInitializer { // initialize configuration try { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - Logger.info("Building ConfigurationData"); - ConfigurationData configData = new IaikConfigurator().configure(config); + Logger.info("Initialize MOA-SP/SS configuration ... "); + ConfigurationProvider config = ConfigurationProvider.getInstance(); - //initialize TSL module - TSLConfiguration moaSPTslConfig = config.getTSLConfiguration(); - if (moaSPTslConfig != null) { - TslConfigurationImpl tslConfig = new TslConfigurationImpl(); - tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl()); - tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory()); - tslConfig.setNetworkReadTimeout(config.getReadTimeout() / 1000); + //initialize TSL module + TSLConfiguration moaSPTslConfig = config.getTSLConfiguration(); + if (moaSPTslConfig != null) { + Logger.debug("Starting TSL-Service initialization ... "); + TslConfigurationImpl tslConfig = new TslConfigurationImpl(); + tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl()); + tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory()); + tslConfig.setNetworkReadTimeout(config.getReadTimeout() / 1000); - Logger.info(new LogMsg(msg.getMessage("config.41", null))); - TSLServiceFactory.initialize(tslConfig); - Logger.info("TSL-Service client initialization finished"); + Logger.info(new LogMsg(msg.getMessage("config.41", null))); + TSLServiceFactory.initialize(tslConfig); + Logger.info("TSL-Service client initialization finished"); - //initialize TSL Update Task - initTSLUpdateTask(moaSPTslConfig); + //initialize TSL Update Task + initTSLUpdateTask(moaSPTslConfig); } + Logger.info("Building IAIK-MOA configuration ... "); + new IaikConfigurator().configure(config); + runInitializer(config); Logger.info(new LogMsg(msg.getMessage("init.01", null))); -- cgit v1.2.3 From 9f691daa2c2b829b6dec0c132a348e0db6ba9488 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 9 Feb 2017 17:02:37 +0100 Subject: update PDFVerification interface to return signature results that FAILS --- .../invoke/CMSSignatureVerificationInvoker.java | 32 ++++++++++--------- .../invoke/VerifyCMSSignatureResponseBuilder.java | 37 ++++++++++++---------- 2 files changed, 38 insertions(+), 31 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 1508b42..c0beced 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -361,25 +361,27 @@ public class CMSSignatureVerificationInvoker { String issuerCountryCode = null; // QC/SSCD check + + if (cmsResult.getCertificateValidationResult() != null) { + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while (it.hasNext()) { - chain[i] = (X509Certificate) it.next(); - i++; - } - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance()); + qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance()); - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + } } - + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult, qcsscdresult.getTslInfos()); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 5ada287..f4121b0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -151,28 +151,33 @@ public class VerifyCMSSignatureResponseBuilder { result.getCertificateValidationResult(); int signatureCheckCode = result.getSignatureValueVerificationCode().intValue(); - int certificateCheckCode = certResult.getValidationResultCode().intValue(); - + VerifyCMSSignatureResponseElement responseElement; - SignerInfo signerInfo; + SignerInfo signerInfo = null; CheckResult signatureCheck; CheckResult certificateCheck; boolean qualifiedCertificate = checkQC; - // add SignerInfo element - signerInfo = - factory.createSignerInfo( - (X509Certificate) certResult.getCertificateChain().get(0), - qualifiedCertificate, - qcSourceTSL, - certResult.isPublicAuthorityCertificate(), - certResult.getPublicAuthorityID(), - checkSSCD, - sscdSourceTSL, - issuerCountryCode, - result.getSigningTime(), - tslInfos); + //set code 99 if not certcheckresult exists + int certificateCheckCode = 99; + if (certResult != null) { + certificateCheckCode = certResult.getValidationResultCode().intValue(); + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode, + result.getSigningTime(), + tslInfos); + } // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); -- cgit v1.2.3