CreateSignatureEnvironmentProfiles.
- *
+ *
* @return The mapping from profile ID to profile.
*/
public Map buildCreateSignatureEnvironmentProfiles() {
@@ -1100,20 +1101,20 @@ public class ConfigurationPartsBuilder {
*/
public Map buildVerifyTransformsInfoProfiles() {
Mapnulltrue if it is used
*/
public boolean isShotTimeCertEtsiExtCheck() {
final NodeIterator modIter = XPathUtils.selectNodeIterator(
getConfigElem(),
SHORT_TIME_CERTS_INTERVALS_XPATH);
-
+
Element modElem;
- if ((modElem = (Element) modIter.nextNode()) != null) {
- Boolean value = Boolean.valueOf(modElem.getAttribute("checkETSIValidityAssuredExtension"));
- Logger.debug((value ? "Enable" : "Disable") + "shortTime certificate ETSI extension");
+ if ((modElem = (Element) modIter.nextNode()) != null) {
+ Boolean value = Boolean.valueOf(modElem.getAttribute("checkETSIValidityAssuredExtension"));
+ Logger.debug((value ? "Enable" : "Disable") + "shortTime certificate ETSI extension");
return value;
-
+
}
-
- return SHORT_TIME_CERT_DEFAULT_ETSI;
+
+ return SHORT_TIME_CERT_DEFAULT_ETSI;
}
-
+
/**
* Get default shortTime certificate interval.
- *
+ *
* @return Time in minutes
*/
public int getShotTimeCertDefaultInterval() {
final NodeIterator modIter = XPathUtils.selectNodeIterator(
getConfigElem(),
SHORT_TIME_CERTS_INTERVALS_XPATH);
-
+
Element modElem;
if ((modElem = (Element) modIter.nextNode()) != null) {
String defaultString = modElem.getAttribute("defaultValidityPeriod");
Logger.debug("Set default shortTimePeriodInterval to: " + defaultString);
return Integer.valueOf(defaultString);
-
+
}
-
- return SHORT_TIME_CERT_DEFAULT_INTERVAL;
+
+ return SHORT_TIME_CERT_DEFAULT_INTERVAL;
}
-
-
+
+
/**
* Returns a map of shortTime certificate intervals.
- *
+ *
* * No revocation checks are performed during this interval. *
@@ -1824,10 +1830,10 @@ public class ConfigurationPartsBuilder { final Integer interval = new Integer(i); map.put(x509IssuerName, interval); Logger.debug("Set shortTimePeriodInterval: " + interval + " for Issuer: " + x509IssuerName); - + } return map; } - + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java index 85930b2..3c720a1 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java @@ -112,6 +112,9 @@ public class ConfigurationProvider { private int connectionTimeout; private int readTimeout; + /** Enable strict parsing or ASN.1 signature values */ + private boolean strictSignatureValueParsing = true; + /** * AList of HardwareCryptoModule objects for
* configuring hardware modules.
@@ -258,12 +261,12 @@ public class ConfigurationProvider {
*/
private Map crlRetentionIntervals;
-
+
private boolean useShortTimeCertificateEtisExt;
private int defaultShortTimeCertificatePeriod;
private Map+ * Default: true + *
+ * + * @returntrue if enabled, otherwise false
+ */
+ public boolean isStrictSignatureValueParsing() {
+ return strictSignatureValueParsing;
+ }
+
/**
* Returns whether the certificate extension Authority Info Access should be
* used during certificate path construction.
@@ -1008,7 +1026,7 @@ public class ConfigurationProvider {
public TSLConfiguration getTSLConfiguration() {
return tslconfiguration_;
}
-
+
public int getDefaultShortTimeCertificatePeriod() {
return defaultShortTimeCertificatePeriod;
}
@@ -1021,20 +1039,20 @@ public class ConfigurationProvider {
return shortTimeCertificatePeriods;
}
-
-
+
+
public static final String normalizeX500Names(String x500Name) {
try {
final RFC2253NameParser parser = new RFC2253NameParser(x500Name);
final Name name = parser.parse();
return name.getRFC2253String();
-
+
} catch (final RFC2253NameParserException e) {
Logger.info("X500Name: " + x500Name + " can not be normalized. Use it as it is");
return x500Name;
-
+
}
-
+
}
-
+
}
\ No newline at end of file
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
index 9ba731d..d8d99bd 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/init/SystemInitializer.java
@@ -47,6 +47,7 @@ import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import at.gv.egovernment.moaspss.util.Constants;
import at.gv.egovernment.moaspss.util.DOMUtils;
+import iaik.asn1.INTEGER;
import iaik.asn1.ObjectID;
import iaik.pkcs.pkcs12.PKCS12KeyStore;
import iaik.server.ConfigurationData;
@@ -61,12 +62,12 @@ import iaik.utils.RFC2253NameParser;
public class SystemInitializer {
private static final org.slf4j.Logger logger = LoggerFactory.getLogger(SystemInitializer.class);
-
+
/**
* 15 min TSL reload scheduler interval.
*/
private static final long TSL_SCHEDULE_INTERVAL = 5*60*1000;
-
+
/** Interval between archive cleanups in seconds */
private static final long ARCHIVE_CLEANUP_INTERVAL = 60 * 60; // 1h
@@ -115,10 +116,10 @@ public class SystemInitializer {
RFC2253NameParser.register(
"organizationIdentifier",
new ObjectID("2.5.4.97", "organizationIdentifier", (String) null, false));
-
+
// initialize configuration
initializeMoaSigConfiguraion();
-
+
// start the archive cleanup thread
Thread archiveCleaner =
new Thread(new RevocationArchiveCleaner(ARCHIVE_CLEANUP_INTERVAL));
@@ -149,9 +150,9 @@ public class SystemInitializer {
private static void initializeMoaSigConfiguraion() {
final MessageProvider msg = MessageProvider.getInstance();
-
+
try {
-
+
Logger.info("Initialize MOA-SP/SS configuration ... ");
config = ConfigurationProvider.getInstance();
@@ -177,12 +178,17 @@ public class SystemInitializer {
iaikConfiguration = IaikConfigurator.configure(config);
runInitializer(config);
-
- // set Fallback mode in IAIK KeyStore implementation to 'true' to fix problems default behavior of JVM
+
+ // set Fallback mode in IAIK KeyStore implementation to 'true' to fix problems default behavior of JVM
PKCS12KeyStore.setUseJKSFallBack(true);
- Logger.info("Set fallback mode in: " + PKCS12KeyStore.class.getSimpleName()
+ Logger.info("Set fallback mode in: " + PKCS12KeyStore.class.getSimpleName()
+ " to :" + PKCS12KeyStore.getUseJKSFallBack());
-
+
+ INTEGER.checkForMinumumLengthEncoding(config.isStrictSignatureValueParsing());
+ Logger.info(config.isStrictSignatureValueParsing() ? "Enable"
+ : "Disable"
+ + " strict parsing of ASN.1 encoded signature values");
+
Logger.info(new LogMsg(msg.getMessage("init.01", null)));
} catch (final MOAException e) {
@@ -193,9 +199,9 @@ public class SystemInitializer {
Logger.fatal(new LogMsg(msg.getMessage("init.00", null)), e);
throw new RuntimeException(e);
- }
+ }
}
-
+
private static void loadXsdSchemaIntoXmlParser() {
// parsing/validating
try {
@@ -221,10 +227,10 @@ public class SystemInitializer {
}
} catch (final IOException e) {
Logger.warn(new LogMsg(MessageProvider.getInstance().getMessage("init.04", null)), e);
-
- }
+
+ }
}
-
+
private static void initTSLUpdateTask(TSLConfiguration tslconfig) {
final MessageProvider msg = MessageProvider.getInstance();
if (tslconfig != null) {
@@ -254,14 +260,14 @@ public class SystemInitializer {
if (start.before(now)) {
start = new Date(start.getTime() + 86400000);
}
-
+
Logger.debug(new LogMsg(msg.getMessage("config.46", new String[] { start.toString(), "" + period })));
// start TSL updater task
final Timer timer = new Timer("TSL_DB_Updater");
- timer.schedule(new TSLUpdaterTimerTask(start, period),
+ timer.schedule(new TSLUpdaterTimerTask(start, period),
new Date(now.getTime() + TSL_SCHEDULE_INTERVAL), TSL_SCHEDULE_INTERVAL);
-
+
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index e18f957..1a0791b 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -343,8 +343,6 @@ public class CMSSignatureVerificationInvoker {
PDFSignatureVerificationResult cmsResult = null;
List adesResults = null;
boolean extendedVerification = false;
- final Boolean coversFullDoc = null;
- final int[] sigByteRange = null;
ExtendedCertificateCheckResult extCheckResult = null;
if (resultObject instanceof ExtendedPDFSignatureVerificationResult) {
--
cgit v1.2.3