From 84293bd12f63b59852026cab02035fc9ebee626a Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Mon, 14 Mar 2016 16:29:03 +0100 Subject: A lot of moa sig stuff --- .../moa/spss/tsl/config/Configurator.java | 4 +- .../moa/spss/tsl/connector/MOATSLVerifier.java | 265 +++++++++++++++++++++ .../moa/spss/tsl/connector/MOATslKeySelector.java | 123 ++++++++++ .../moa/spss/tsl/connector/TSLConnector.java | 12 +- .../moa/spss/tsl/timer/TSLUpdaterTimerTask.java | 6 +- .../spss/tsl/utils/TSLEUImportFromFileContext.java | 12 +- .../moa/spss/tsl/utils/TSLEvaluationContext.java | 4 +- .../spss/tsl/utils/TSLImportFromFileContext.java | 27 ++- 8 files changed, 426 insertions(+), 27 deletions(-) create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java create mode 100644 moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java (limited to 'moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java index defaedd..53e023f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/config/Configurator.java @@ -1,6 +1,6 @@ package at.gv.egovernment.moa.spss.tsl.config; -import iaik.util.logging._l; +import iaik.util.logging.GeneralLog; import iaik.xml.crypto.tsl.ex.TSLEngineDiedException; import java.net.MalformedURLException; @@ -37,7 +37,7 @@ public class Configurator { try { _euTSLURL = new URL(euTSLURL); } catch (MalformedURLException e) { - _l.err("Bad TSL URL: " + euTSLURL, e); + GeneralLog.err("Bad TSL URL: " + euTSLURL, e); throw new TSLEngineDiedException(e); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java new file mode 100644 index 0000000..39b2f8c --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATSLVerifier.java @@ -0,0 +1,265 @@ +package at.gv.egovernment.moa.spss.tsl.connector; + +import java.io.IOException; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.security.cert.X509Certificate; +import java.util.Iterator; +import java.util.ListIterator; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBIntrospector; +import javax.xml.crypto.Data; +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.NodeSetData; +import javax.xml.crypto.URIReferenceException; +import javax.xml.crypto.dom.DOMCryptoContext; +import javax.xml.crypto.dsig.Reference; +import javax.xml.crypto.dsig.SignedInfo; +import javax.xml.crypto.dsig.Transform; +import javax.xml.crypto.dsig.XMLSignature; +import javax.xml.crypto.dsig.XMLSignatureException; +import javax.xml.crypto.dsig.XMLSignatureFactory; +import javax.xml.crypto.dsig.dom.DOMValidateContext; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import iaik.server.modules.xml.MOAXSecProvider; +import iaik.xml.crypto.tsl.TSLConstants; +import iaik.xml.crypto.tsl.TSLContext; +import iaik.xml.crypto.tsl.TSLEngine; +import iaik.xml.crypto.tsl.ex.SeverityAspect.Severity; +import iaik.xml.crypto.tsl.ex.TSLSecurityException; +import iaik.xml.crypto.tsl.ex.TSLVerificationException; +import iaik.xml.crypto.tsl.gen.TrustStatusListType; +import iaik.xml.crypto.tsl.verify.ITSLVerifier; +import iaik.xml.crypto.utils.URIDereferencerImpl; + +public class MOATSLVerifier implements ITSLVerifier { + + private static final Logger logger = LoggerFactory.getLogger(MOATSLVerifier.class); + + private static iaik.xml.crypto.xmldsig.gen.ObjectFactory dsOf = new iaik.xml.crypto.xmldsig.gen.ObjectFactory(); + + private static JAXBIntrospector JI = TSLEngine.jc.createJAXBIntrospector(); + + public Boolean verifyTSL(Document tslDoc, TSLContext tslContext, + ListIterator euTslCertsHash) { + + boolean coreValidity = false; + + try { + // Signature s = new Signature(); + // TrustServiceStatusList tssl = new TrustServiceStatusList(); + JAXBElement s = dsOf.createSignature(new iaik.xml.crypto.xmldsig.gen.SignatureType()); +// _l.debug(""+JI.getElementName(s)); + JAXBElement tssl = TSLConstants.TSL_OF.createTrustServiceStatusList(new TrustStatusListType()); +// _l.debug(""+JI.getElementName(tssl)); + + Element tsslE = tslDoc.getDocumentElement(); + + if (tsslE == null) { + tslContext.throwException(new TSLVerificationException("Empty XML File", Severity.xml_failed)); + // } else if (!tsslE.getNamespaceURI().equals(tssl.getName().getNamespaceURI())) { + } else if (!tsslE.getNamespaceURI().equals(JI.getElementName(tssl).getNamespaceURI())) { + tslContext.throwException(new TSLVerificationException("Incorrect Namespace", Severity.xml_failed)); + // } else if (!tsslE.getLocalName().equals(tssl.getName().getLocalPart())) { + } else if (!tsslE.getLocalName().equals(JI.getElementName(tssl).getLocalPart())) { + tslContext.throwException(new TSLVerificationException("Wrong Document Element in document "+tslDoc.getDocumentURI(), Severity.xml_failed)); + } + + //now we can be sure the right document element is in place, Schema validation does not assure this for us + //Schema validation however assures that the internal Structure of TrustServicesStatus List is correct + + // B.6 1) It MUST be an enveloped signature. + + Node n = tsslE.getLastChild(); + + while ( n != null && ! (n instanceof Element) ) { + n = n.getPreviousSibling(); + } + + Element sig = (Element) n; + + if (sig == null || + // ! sig.getNamespaceURI().equals(s.getName().getNamespaceURI()) || + // ! sig.getLocalName().equals(s.getName().getLocalPart())) { + ! sig.getNamespaceURI().equals(JI.getElementName(s).getNamespaceURI()) || + ! sig.getLocalName().equals(JI.getElementName(s).getLocalPart())) { + + tslContext.throwException( + new TSLVerificationException( + TSLSecurityException.Type.NO_TSL_SIGNATURE) + ); + + } else { + + NodeList cn = tsslE.getChildNodes(); + + for (int j = 0; j < cn.getLength(); j++) { + cn.item(j); + } + + //TODO assure connection with the PKI Module + DOMValidateContext valContext = new DOMValidateContext( + new MOATslKeySelector(euTslCertsHash, tslContext), + sig); + + if (valContext.getURIDereferencer() == null) { + valContext.setURIDereferencer(new URIDereferencerImpl()); + } + + // valContext.setProperty("iaik.xml.crypto.debug.OutputStream", System.out); + valContext.setProperty("javax.xml.crypto.dsig.cacheReference", Boolean.TRUE); + + XMLSignatureFactory fac = MOAXSecProvider.getXMLSignatureFactory(); + + // unmarshal the XMLSignature + XMLSignature signature = fac.unmarshalXMLSignature(valContext); + + // Validate the XMLSignature (generated above) + coreValidity = signature.validate(valContext); + // Check core validation status + if (coreValidity == false) { + debug(valContext, "Signature failed core validation"); + boolean sv = signature.getSignatureValue().validate(valContext); + debug(valContext, "signature validation status: " + sv); + // check the validation status of each Reference + Iterator it = signature.getSignedInfo().getReferences().iterator(); + for (int j = 0; it.hasNext(); j++) { + boolean refValid = ((Reference) it.next()).validate(valContext); + debug(valContext, "ref[" + j + "] validity status: " + refValid); + } + + tslContext.throwException(new TSLVerificationException("Signature failed core validation", Severity.signature_failed)); + } + + SignedInfo si = signature.getSignedInfo(); + Iterator it = si.getReferences().iterator(); + + + // 2) Its ds:SignedInfo element MUST contain a ds:Reference element with the + // URI attribute set to a value referencing the TrustServiceStatusList + // element enveloping the signature itself. This ds:Reference element MUST + // satisfy the following requirements: + // a) It MUST contain only one ds:Transforms element. + // b) This ds:Transforms element MUST contain two ds:Transform elements. The + // first one will be one whose Algorithm attribute indicates the enveloped + // transformation with the value: + // "http://www.w3.org/2000/09/xmldsig#enveloped-signature". The second one + // will be one whose Algorithm attribute instructs to perform the exclusive + // canonicalization "http://www.w3.org/2001/10/xml-exc-c14n#" + + boolean found_proper_tsslE_reference = false; + + for (int j = 0; it.hasNext(); j++) { + Reference ref = ((Reference) it.next()); + Data d = valContext.getURIDereferencer().dereference(ref, valContext); + + if(!(d instanceof NodeSetData)) { + continue; + } else { + NodeSetData nsd = (NodeSetData) d; + + + if (nsd.iterator().next() == tsslE) { + + //Assured by XMLSchema + //throw new TSLException("B.6 2 a) It MUST contain only one ds:Transforms element."); + + if(ref.getTransforms().size() != 2) { + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORMS_IN_TSL_SIGNATURE) + ); + } else { + + Transform[] transforms = (Transform[]) ref.getTransforms().toArray(new Transform[2]); + + //TODO assign severity, code some heuristic showing the problems + if (! transforms[0].getAlgorithm().equals("http://www.w3.org/2000/09/xmldsig#enveloped-signature")) { + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_TRANSFORM_IN_TSL_SIGNATURE) + ); + + } + + //TODO assign severity, code some heuristic showing the problems + if (! transforms[1].getAlgorithm().equals("http://www.w3.org/2001/10/xml-exc-c14n#")) { + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_TSL_SIGNATURE) + ); + } + } + + found_proper_tsslE_reference = true; + }//if (nsd.iterator().next() == tsslE) + + } + } + + if(!found_proper_tsslE_reference) { + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_REFERENCE_IN_TSL_SIGNATURE) + ); + } + + // 3) ds:CanonicalizationMethod MUST be + // "http://www.w3.org/2001/10/xml-exc-c14n#". + if (! si.getCanonicalizationMethod().getAlgorithm().equals("http://www.w3.org/2001/10/xml-exc-c14n#")){ + tslContext.throwException( + new TSLVerificationException(TSLSecurityException.Type.NON_CONFORMANT_C14N_IN_CANONICALIZATION_METHOD) + ); + } + + // 4) It MAY have other ds:Reference elements. + + } + } catch (URIReferenceException e) { + tslContext.throwException(new TSLVerificationException(e)); + } catch (MarshalException e) { + tslContext.throwException(new TSLVerificationException(e)); + } catch (XMLSignatureException e) { + logger.error("Failed to verify XML Signature for TSL!", e); + return (Boolean) tslContext.throwException( + new TSLSecurityException(TSLSecurityException.Type.ERRORS_IN_TSL_SIGNATURE), + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + null, + new Object[] {tslDoc, tslContext, euTslCertsHash} + ); + } + return coreValidity; + } + + public static void debug(DOMCryptoContext context, String message) { + + Object propDebug = context.getProperty("iaik.xml.crypto.debug.OutputStream"); + + if ( propDebug == null) { + return; + } + + if (! (propDebug instanceof OutputStream)) { + System.err.println("Failed to write to debug output stream. " + + "DOMCryptoContext's Property (\"iaik.xml.crypto.debug.OutputStream\") " + + "has to be of type OutputStream." + ); + } else { + + OutputStream os = (OutputStream) propDebug; + try { + (new OutputStreamWriter(os)).write(message); + } catch (IOException e) { + System.err.println("Failed to write to debug output stream. " + e.getMessage()); + //TODO we cannot close the output stream here ... + } + } + + } + +} diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java new file mode 100644 index 0000000..efdd877 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/MOATslKeySelector.java @@ -0,0 +1,123 @@ +package at.gv.egovernment.moa.spss.tsl.connector; + +import java.security.cert.X509Certificate; +import java.util.List; +import java.util.ListIterator; + +import javax.xml.crypto.AlgorithmMethod; +import javax.xml.crypto.KeySelectorException; +import javax.xml.crypto.KeySelectorResult; +import javax.xml.crypto.XMLCryptoContext; +import javax.xml.crypto.dsig.keyinfo.KeyInfo; +import javax.xml.crypto.dsig.keyinfo.X509Data; + +import iaik.server.modules.xmlverify.MOAKeySelector; +import iaik.xml.crypto.tsl.TSLContext; +import iaik.xml.crypto.tsl.ex.TSLSecurityException; +import iaik.xml.crypto.tsl.ex.TSLVerificationException; +import iaik.xml.crypto.tsl.verify.TslKeyInfoHints; +import iaik.xml.crypto.utils.X509KeySelectorResult; + +public class MOATslKeySelector extends MOAKeySelector { + + private final ListIterator tslSignerCerts_; + private TSLContext tslContextI_; + + public MOATslKeySelector(ListIterator euTslCertsHash, TSLContext tslContext) { + if(euTslCertsHash == null){ + tslContext.throwException( + new TSLVerificationException( + TSLSecurityException.Type.MISSING_INFO_ON_TSL_SIGNER) + ); + } + tslSignerCerts_ = euTslCertsHash; + tslContextI_ = tslContext; + tslContext.toString(); + } + + @Override + protected KeyInfoHints newKeyInfoHints(KeyInfo keyInfo, + XMLCryptoContext context) + throws KeySelectorException { + + return new TslKeyInfoHints(keyInfo, context, tslContextI_, tslSignerCerts_); + + } + + @Override + protected KeySelectorResult select(KeyInfoHints hints, + KeySelectorResult[] results) { + + if (results.length > 1){ + + return (KeySelectorResult) tslContextI_.throwException( + new TSLSecurityException(TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER), + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + this, + new Object[] {hints, results} + ); + + } else { + KeySelectorResult result = results[0]; + if (result instanceof X509KeySelectorResult) { + result = new MOAX509KeySelectorResult((X509KeySelectorResult)result); + } else { + result = new MOAKeySelectorResult(result.getKey()); + } + return result; + } + } + + @Override + public KeySelectorResult select(X509Data x509Data, + Purpose purpose, + AlgorithmMethod method, + XMLCryptoContext context) throws KeySelectorException { + + X509KeySelectorResult ksr; + try { + ksr = (X509KeySelectorResult) super.select(x509Data, purpose, method, context); + } catch (ClassCastException e) { + ksr = (X509KeySelectorResult) tslContextI_.throwException( + e, + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + this, + new Object[]{x509Data, purpose, method, context}); + } + + if (ksr == null){ + //there has been a Problem with the X509Data + ksr = (X509KeySelectorResult) tslContextI_.throwException( + new KeySelectorException(failReason_.replace(". ", ".\n")), + //we need an anonymous class to find the enclosing Method + (new Object(){}).getClass().getEnclosingMethod(), + this, + new Object[]{x509Data, purpose, method, context}); + } + + List l = ksr.getCertificates(); + tslContextI_.securityCheck( + TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER, + (X509Certificate[]) l.toArray(new X509Certificate[l.size()]), + tslSignerCerts_ + ); + + return ksr; + } + + @Override + protected KeySelectorResult select(X509Certificate cert, Purpose purpose, + AlgorithmMethod method, XMLCryptoContext context) + throws KeySelectorException { + + tslContextI_.securityCheck( + TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER, + cert, + tslSignerCerts_ + ); + + return super.select(cert, purpose, method, context); + } +} \ No newline at end of file diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java index 82df37b..fee6ebe 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/connector/TSLConnector.java @@ -29,8 +29,8 @@ import at.gv.egovernment.moa.spss.tsl.utils.TSLEUImportFromFileContext; import at.gv.egovernment.moa.spss.tsl.utils.TSLEvaluationContext; import at.gv.egovernment.moa.spss.tsl.utils.TSLImportFromFileContext; import iaik.asn1.ObjectID; -import iaik.util._15; -import iaik.util.logging._l; +import iaik.util.GeneralUtils15; +import iaik.util.logging.GeneralLog; import iaik.utils.RFC2253NameParser; import iaik.xml.crypto.EccProviderAdapter; import iaik.xml.crypto.XSecProvider; @@ -314,7 +314,7 @@ public class TSLConnector implements TSLConnectorInterface { log.debug(Thread.currentThread() + " waiting for other threads ..."); topLevelTslContext.waitForAllOtherThreads(); - log.debug(_15.dumpAllThreads()); + log.debug(GeneralUtils15.dumpAllThreads()); log.debug(Thread.currentThread() + " reactivated after other threads finished ..."); connection = null; @@ -395,7 +395,7 @@ public class TSLConnector implements TSLConnectorInterface { log.debug("### SURNAME registered as " + ObjectID.surName + " ###"); RFC2253NameParser.register("SURNAME", ObjectID.surName); - XSecProvider.addAsProvider(false); + //XSecProvider.addAsProvider(false); TSLEngine tslEngine; TslSqlConnectionWrapper connection = null; @@ -557,7 +557,7 @@ public class TSLConnector implements TSLConnectorInterface { log.debug(Thread.currentThread() + " waiting for other threads ..."); topLevelTslContext.waitForAllOtherThreads(); - log.debug(_15.dumpAllThreads()); + log.debug(GeneralUtils15.dumpAllThreads()); log.debug(Thread.currentThread() + " reactivated after other threads finished ..."); connection = null; @@ -635,7 +635,7 @@ public class TSLConnector implements TSLConnectorInterface { } catch (TSLEngineFatalException e) { e.printStackTrace(); - _l.err("could not export Certs", e); + GeneralLog.err("could not export Certs", e); throw new TSLEngineDiedException(e); } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java index e06abe4..5139469 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/timer/TSLUpdaterTimerTask.java @@ -21,8 +21,6 @@ import java.util.Iterator; import java.util.Map; import java.util.TimerTask; -import at.gv.egovernment.moa.logging.LogMsg; -import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.api.common.TSLConfiguration; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; @@ -33,7 +31,9 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.store.truststore.TrustStorePro import at.gv.egovernment.moa.spss.server.logging.TransactionId; import at.gv.egovernment.moa.spss.tsl.connector.TSLConnector; import at.gv.egovernment.moa.spss.util.MessageProvider; -import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moaspss.logging.LogMsg; +import at.gv.egovernment.moaspss.logging.Logger; +import at.gv.egovernment.moaspss.util.StringUtils; public class TSLUpdaterTimerTask extends TimerTask { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java index 453ee2b..e0fff56 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEUImportFromFileContext.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.spss.tsl.utils; import java.io.File; +import java.io.FileFilter; import java.io.IOException; import java.lang.reflect.Method; import java.net.URL; @@ -11,7 +12,7 @@ import java.util.List; import org.sqlite.SQLiteErrorCode; import iaik.util.logging.Log; -import iaik.util.logging._l; +import iaik.util.logging.GeneralLog; import iaik.util.logging.Log.MultiThreadLoggingGroup; import iaik.xml.crypto.tsl.DbTables; import iaik.xml.crypto.tsl.TSLImportFromFileContext; @@ -76,7 +77,7 @@ public class TSLEUImportFromFileContext extends TopLevelTslFetchContext { parameters[0] instanceof URL ){ - _l.err("Ignoring download error using old: " + parameters[0],null); + GeneralLog.err("Ignoring download error using old: " + parameters[0],null); wrapException(e); return parameters[1]; } @@ -87,7 +88,7 @@ public class TSLEUImportFromFileContext extends TopLevelTslFetchContext { TSLExceptionB ve = (TSLExceptionB) e; Severity s = ve.getSeverity(); if ( s != null && s.ordinal() < Severity.insecure.ordinal()){ - _l.err("Ignored Exception: ",ve); + GeneralLog.err("Ignored Exception: ",ve); // if(logExceptions_){ warnings_.add( new ThrowableAndLocatorAndMitigation( @@ -136,5 +137,10 @@ public class TSLEUImportFromFileContext extends TopLevelTslFetchContext { public void print(Object msg) { Log.print(msg); } + + @Override + public FileFilter getCertificateFileFilter() { + return null; + } } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java index a656f11..f0723a1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLEvaluationContext.java @@ -2,7 +2,7 @@ package at.gv.egovernment.moa.spss.tsl.utils; import iaik.util.logging.Log.MultiThreadLoggingGroup; import iaik.util.logging.Log; -import iaik.util.logging._l; +import iaik.util.logging.GeneralLog; import iaik.xml.crypto.tsl.BaseClass; import iaik.xml.crypto.tsl.SIEExtensionChecker; import iaik.xml.crypto.tsl.constants.Countries; @@ -42,7 +42,7 @@ public final class TSLEvaluationContext extends iaik.xml.crypto.tsl.TSLEvaluatio CriteriaListType criteriaList = (CriteriaListType) parameters[1]; - _l.warn(criteriaList.getDescription()); + GeneralLog.warn(criteriaList.getDescription()); String description = criteriaList.getDescription(); if (description diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java index 5d69f69..eda2b34 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/tsl/utils/TSLImportFromFileContext.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.spss.tsl.utils; import java.io.BufferedOutputStream; import java.io.File; +import java.io.FileFilter; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.OutputStream; @@ -36,10 +37,10 @@ import org.xml.sax.SAXParseException; import at.gv.egovernment.moa.spss.tsl.exception.MitigatedTSLSecurityException; import iaik.util.logging.Log.MultiThreadLoggingGroup; -import iaik.util.logging._l; +import iaik.util.logging.GeneralLog; import iaik.utils.RFC2253NameParserException; import iaik.utils.Util; -import iaik.util._15; +import iaik.util.GeneralUtils15; import iaik.xml.crypto.dsig.keyinfo.X509DataImpl; import iaik.xml.crypto.tsl.DbTables; import iaik.xml.crypto.tsl.TSLConstants; @@ -243,7 +244,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF if (parameters[0] instanceof DOMError) { DOMError domError = (DOMError) parameters[0]; - _l.warn(""+domError.getRelatedData()); + GeneralLog.warn(""+domError.getRelatedData()); // domError.getRelatedData().getClass().getField("") @@ -277,9 +278,9 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF String[] rdns = subDN.substring(1, subDN.length()).split("/"); - rdns = (String[]) _15.reverseInPlace(rdns); + rdns = (String[]) GeneralUtils15.reverseInPlace(rdns); - subDN = "/"+_15.implode("/", rdns); + subDN = "/"+GeneralUtils15.implode("/", rdns); //for now we only support properly quoted values or such without quotes @@ -375,7 +376,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF } } - _l.err("Ignoring download error using old: " + parameters[0], null); + GeneralLog.err("Ignoring download error using old: " + parameters[0], null); wrapException(e); return parameters[1]; } @@ -448,7 +449,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF X509Certificate crt = (X509Certificate)parameters[1]; File f = new File("./wrong/"+expectedTerritory_+"/", - iaik.util._15.toHexString(getFingerPrint(crt, + iaik.util.GeneralUtils15.toHexString(getFingerPrint(crt, new byte[TSLConstants.CertHash.LENGTH]))+".der"); File parent = f.getParentFile(); if(!parent.exists() && !parent.mkdirs()){ @@ -571,7 +572,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF li.next(); String sn = (String) li.next(); - _l.err(sn, null); + GeneralLog.err(sn, null); System.exit(1); @@ -796,7 +797,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF String msg = e.getMessage(); - _l.info(msg); + GeneralLog.info(msg); return( msg.startsWith("["+SQLiteErrorCode.SQLITE_CONSTRAINT.name()+"]") && msg.contains("column " + DbTables.TSLDownload.C.rawHash + " is not unique") @@ -804,7 +805,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF } @Override - protected Long getLocalLastModified(File targetFile) { + protected File getLocalLastModified(File targetFile) { return super.getLocalLastModified(targetFile); } @Override @@ -830,7 +831,7 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF synchronized (log) { parentContext_.print("<" + ncName + " state=\"" + currentThread.getState() + "\" " + " id=\"" + currentThread.getId() + "\">\n" + log.toString() + "" + _15.LB); + + ncName + ">" + GeneralUtils15.LB); parentContext_.flushLog(); log.setLength(0); } @@ -846,5 +847,9 @@ public class TSLImportFromFileContext extends iaik.xml.crypto.tsl.TSLImportFromF log.append(msg); } } + @Override + public FileFilter getCertificateFileFilter() { + return null; + } } \ No newline at end of file -- cgit v1.2.3