From f10add103c0a094e908c5399d9575e7c2f1393d2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 3 Feb 2017 10:51:53 +0100 Subject: fix problem in SystemInitializer order that prevent the use of the TSL certstore switch to version RC4 --- .../moa/spss/server/init/SystemInitializer.java | 33 ++++++++++++---------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java index 295e861..0e592f0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java @@ -143,27 +143,30 @@ public class SystemInitializer { // initialize configuration try { - ConfigurationProvider config = ConfigurationProvider.getInstance(); - Logger.info("Building ConfigurationData"); - ConfigurationData configData = new IaikConfigurator().configure(config); + Logger.info("Initialize MOA-SP/SS configuration ... "); + ConfigurationProvider config = ConfigurationProvider.getInstance(); - //initialize TSL module - TSLConfiguration moaSPTslConfig = config.getTSLConfiguration(); - if (moaSPTslConfig != null) { - TslConfigurationImpl tslConfig = new TslConfigurationImpl(); - tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl()); - tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory()); - tslConfig.setNetworkReadTimeout(config.getReadTimeout() / 1000); + //initialize TSL module + TSLConfiguration moaSPTslConfig = config.getTSLConfiguration(); + if (moaSPTslConfig != null) { + Logger.debug("Starting TSL-Service initialization ... "); + TslConfigurationImpl tslConfig = new TslConfigurationImpl(); + tslConfig.setEuTslURL(moaSPTslConfig.getEuTSLUrl()); + tslConfig.setTslWorkingDirectory(moaSPTslConfig.getWorkingDirectory()); + tslConfig.setNetworkReadTimeout(config.getReadTimeout() / 1000); - Logger.info(new LogMsg(msg.getMessage("config.41", null))); - TSLServiceFactory.initialize(tslConfig); - Logger.info("TSL-Service client initialization finished"); + Logger.info(new LogMsg(msg.getMessage("config.41", null))); + TSLServiceFactory.initialize(tslConfig); + Logger.info("TSL-Service client initialization finished"); - //initialize TSL Update Task - initTSLUpdateTask(moaSPTslConfig); + //initialize TSL Update Task + initTSLUpdateTask(moaSPTslConfig); } + Logger.info("Building IAIK-MOA configuration ... "); + new IaikConfigurator().configure(config); + runInitializer(config); Logger.info(new LogMsg(msg.getMessage("init.01", null))); -- cgit v1.2.3 From 9f691daa2c2b829b6dec0c132a348e0db6ba9488 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 9 Feb 2017 17:02:37 +0100 Subject: update PDFVerification interface to return signature results that FAILS --- .../xmlbind/VerifyPDFSignatureResponseBuilder.java | 39 +++++++++++++--------- .../invoke/CMSSignatureVerificationInvoker.java | 32 +++++++++--------- .../invoke/VerifyCMSSignatureResponseBuilder.java | 37 +++++++++++--------- 3 files changed, 61 insertions(+), 47 deletions(-) (limited to 'moaSig/moa-sig-lib/src/main') diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java index 98b54a3..0ca6f8f 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyPDFSignatureResponseBuilder.java @@ -36,6 +36,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponseElemen import at.gv.egovernment.moa.spss.api.common.CheckResult; import at.gv.egovernment.moa.spss.api.common.SignerInfo; import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; +import at.gv.egovernment.moaspss.logging.Logger; /** * Convert a VerifyCMSSignatureResponse API object into its @@ -104,22 +105,28 @@ public class VerifyPDFSignatureResponseBuilder { CheckResult signatureCheck = responseElement.getSignatureCheck(); CheckResult certCheck = responseElement.getCertificateCheck(); - ResponseBuilderUtils.addSignerInfo( - responseDoc, - responseElem, - signerInfo.getSignerCertificate(), - signerInfo.isQualifiedCertificate(), - signerInfo.getQCSource(), - signerInfo.isPublicAuthority(), - signerInfo.getPublicAuhtorityID(), - signerInfo.isSSCD(), - signerInfo.getSSCDSource(), - signerInfo.getIssuerCountryCode(), - signerInfo.getTslInfos()); - - ResponseBuilderUtils.addSigningTime(responseDoc, - responseElem, - signerInfo.getSigningTime()); + if (signerInfo != null) { + ResponseBuilderUtils.addSignerInfo( + responseDoc, + responseElem, + signerInfo.getSignerCertificate(), + signerInfo.isQualifiedCertificate(), + signerInfo.getQCSource(), + signerInfo.isPublicAuthority(), + signerInfo.getPublicAuhtorityID(), + signerInfo.isSSCD(), + signerInfo.getSSCDSource(), + signerInfo.getIssuerCountryCode(), + signerInfo.getTslInfos()); + + ResponseBuilderUtils.addSigningTime(responseDoc, + responseElem, + signerInfo.getSigningTime()); + + } else { + Logger.info("Find signature result with no 'SignerInfo'. Maybe a signature verification Failed"); + + } ResponseBuilderUtils.addCodeInfoElement( responseDoc, diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 1508b42..c0beced 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -361,25 +361,27 @@ public class CMSSignatureVerificationInvoker { String issuerCountryCode = null; // QC/SSCD check + + if (cmsResult.getCertificateValidationResult() != null) { + List list = cmsResult.getCertificateValidationResult().getCertificateChain(); + if (list != null) { + X509Certificate[] chain = new X509Certificate[list.size()]; + + Iterator it = list.iterator(); + int i = 0; + while (it.hasNext()) { + chain[i] = (X509Certificate) it.next(); + i++; + } - List list = cmsResult.getCertificateValidationResult().getCertificateChain(); - if (list != null) { - X509Certificate[] chain = new X509Certificate[list.size()]; - - Iterator it = list.iterator(); - int i = 0; - while (it.hasNext()) { - chain[i] = (X509Certificate) it.next(); - i++; - } - - qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance()); + qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance()); - // get signer certificate issuer country code - issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + // get signer certificate issuer country code + issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); + } } - + responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), qcsscdresult.isSSCD(), qcsscdresult.isSSCDSourceTSL(), issuerCountryCode, adesResults, extCheckResult, qcsscdresult.getTslInfos()); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java index 5ada287..f4121b0 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java @@ -151,28 +151,33 @@ public class VerifyCMSSignatureResponseBuilder { result.getCertificateValidationResult(); int signatureCheckCode = result.getSignatureValueVerificationCode().intValue(); - int certificateCheckCode = certResult.getValidationResultCode().intValue(); - + VerifyCMSSignatureResponseElement responseElement; - SignerInfo signerInfo; + SignerInfo signerInfo = null; CheckResult signatureCheck; CheckResult certificateCheck; boolean qualifiedCertificate = checkQC; - // add SignerInfo element - signerInfo = - factory.createSignerInfo( - (X509Certificate) certResult.getCertificateChain().get(0), - qualifiedCertificate, - qcSourceTSL, - certResult.isPublicAuthorityCertificate(), - certResult.getPublicAuthorityID(), - checkSSCD, - sscdSourceTSL, - issuerCountryCode, - result.getSigningTime(), - tslInfos); + //set code 99 if not certcheckresult exists + int certificateCheckCode = 99; + if (certResult != null) { + certificateCheckCode = certResult.getValidationResultCode().intValue(); + + // add SignerInfo element + signerInfo = + factory.createSignerInfo( + (X509Certificate) certResult.getCertificateChain().get(0), + qualifiedCertificate, + qcSourceTSL, + certResult.isPublicAuthorityCertificate(), + certResult.getPublicAuthorityID(), + checkSSCD, + sscdSourceTSL, + issuerCountryCode, + result.getSigningTime(), + tslInfos); + } // add SignatureCheck element signatureCheck = factory.createCheckResult(signatureCheckCode, null); -- cgit v1.2.3