From 44d138de959445a619a92608a2133d9558c2a888 Mon Sep 17 00:00:00 2001 From: Andreas Fitzek Date: Thu, 21 Apr 2016 08:11:48 +0200 Subject: publishable moa libraries --- .../resources/resources/schemas/XAdES-1.3.2.xsd | 123 ++++++++++++++++----- .../resources/resources/schemas/XAdES-1.4.1.xsd | 59 +++++++++- moaSig/libs/iaik_cms.jar | Bin 450450 -> 458630 bytes moaSig/libs/iaik_cpades.jar | Bin 112366 -> 120778 bytes moaSig/libs/iaik_eccelerate.jar | Bin 214094 -> 359608 bytes moaSig/libs/iaik_eccelerate_cms.jar | Bin 4274 -> 4501 bytes moaSig/libs/iaik_jce_full.jar | Bin 1129729 -> 1160539 bytes moaSig/libs/iaik_moa.jar | Bin 521087 -> 0 bytes moaSig/libs/iaik_pki_module.jar | Bin 795075 -> 587331 bytes moaSig/libs/iaik_sigval.jar | Bin 75880 -> 0 bytes moaSig/libs/iaik_sigvallib.jar | Bin 123663 -> 0 bytes moaSig/libs/iaik_tsp.jar | Bin 40487 -> 40487 bytes moaSig/libs/iaik_xades.jar | Bin 432176 -> 312190 bytes moaSig/libs/iaik_xsect.jar | Bin 603047 -> 422263 bytes .../xmlbind/VerifyCMSSignatureRequestParser.java | 6 +- .../CMSSignatureVerificationProfileImpl.java | 5 + .../spss/server/iaik/config/IaikConfigurator.java | 3 + .../invoke/CMSSignatureVerificationInvoker.java | 19 +++- moaSig/moa-sig-lib/src/main/resources/sva.config | 85 ++++++++++++++ 19 files changed, 262 insertions(+), 38 deletions(-) delete mode 100644 moaSig/libs/iaik_moa.jar delete mode 100644 moaSig/libs/iaik_sigval.jar delete mode 100644 moaSig/libs/iaik_sigvallib.jar create mode 100644 moaSig/moa-sig-lib/src/main/resources/sva.config (limited to 'moaSig') diff --git a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd index d0ce075..4aa67aa 100644 --- a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd +++ b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.3.2.xsd @@ -125,8 +125,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> - - + + @@ -136,8 +136,8 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> - - + + @@ -146,21 +146,26 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> - - + + + - - - - - + + + + + + + + + @@ -169,10 +174,11 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> - - - - + + + + + @@ -181,19 +187,19 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> - - - - - - - - - - - - - + + + + + + + + + + + + + @@ -240,6 +246,21 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> + + + + + + + + + + + + + + + @@ -287,6 +308,7 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> + @@ -330,6 +352,18 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> + + + + + + + + + + + + @@ -349,6 +383,38 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -464,3 +530,4 @@ EncapsulatedPKIDataType and containers for time-stamp tokens --> + diff --git a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd index 383fcbd..4022bc2 100644 --- a/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd +++ b/moaSig/common/src/main/resources/resources/schemas/XAdES-1.4.1.xsd @@ -1,15 +1,64 @@ - + + - - + + - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/moaSig/libs/iaik_cms.jar b/moaSig/libs/iaik_cms.jar index 11ae6a9..c69f219 100644 Binary files a/moaSig/libs/iaik_cms.jar and b/moaSig/libs/iaik_cms.jar differ diff --git a/moaSig/libs/iaik_cpades.jar b/moaSig/libs/iaik_cpades.jar index 3116980..914bc54 100644 Binary files a/moaSig/libs/iaik_cpades.jar and b/moaSig/libs/iaik_cpades.jar differ diff --git a/moaSig/libs/iaik_eccelerate.jar b/moaSig/libs/iaik_eccelerate.jar index d8369ea..0ec3110 100644 Binary files a/moaSig/libs/iaik_eccelerate.jar and b/moaSig/libs/iaik_eccelerate.jar differ diff --git a/moaSig/libs/iaik_eccelerate_cms.jar b/moaSig/libs/iaik_eccelerate_cms.jar index c2db15e..3c9ac83 100644 Binary files a/moaSig/libs/iaik_eccelerate_cms.jar and b/moaSig/libs/iaik_eccelerate_cms.jar differ diff --git a/moaSig/libs/iaik_jce_full.jar b/moaSig/libs/iaik_jce_full.jar index 18cb0a0..736981a 100644 Binary files a/moaSig/libs/iaik_jce_full.jar and b/moaSig/libs/iaik_jce_full.jar differ diff --git a/moaSig/libs/iaik_moa.jar b/moaSig/libs/iaik_moa.jar deleted file mode 100644 index 0e4f72a..0000000 Binary files a/moaSig/libs/iaik_moa.jar and /dev/null differ diff --git a/moaSig/libs/iaik_pki_module.jar b/moaSig/libs/iaik_pki_module.jar index eb6b2ad..72b0554 100644 Binary files a/moaSig/libs/iaik_pki_module.jar and b/moaSig/libs/iaik_pki_module.jar differ diff --git a/moaSig/libs/iaik_sigval.jar b/moaSig/libs/iaik_sigval.jar deleted file mode 100644 index 1e69ad3..0000000 Binary files a/moaSig/libs/iaik_sigval.jar and /dev/null differ diff --git a/moaSig/libs/iaik_sigvallib.jar b/moaSig/libs/iaik_sigvallib.jar deleted file mode 100644 index cc60786..0000000 Binary files a/moaSig/libs/iaik_sigvallib.jar and /dev/null differ diff --git a/moaSig/libs/iaik_tsp.jar b/moaSig/libs/iaik_tsp.jar index b2d5ce8..5e1936b 100644 Binary files a/moaSig/libs/iaik_tsp.jar and b/moaSig/libs/iaik_tsp.jar differ diff --git a/moaSig/libs/iaik_xades.jar b/moaSig/libs/iaik_xades.jar index 07ae769..2ac459c 100644 Binary files a/moaSig/libs/iaik_xades.jar and b/moaSig/libs/iaik_xades.jar differ diff --git a/moaSig/libs/iaik_xsect.jar b/moaSig/libs/iaik_xsect.jar index b04dc07..1f93b7c 100644 Binary files a/moaSig/libs/iaik_xsect.jar and b/moaSig/libs/iaik_xsect.jar differ diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java index 97a2541..cb07b34 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.spss.api.cmsverify.CMSContent; import at.gv.egovernment.moa.spss.api.cmsverify.CMSDataObject; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.common.MetaInfo; +import at.gv.egovernment.moaspss.logging.Logger; import at.gv.egovernment.moaspss.util.Base64Utils; import at.gv.egovernment.moaspss.util.CollectionUtils; import at.gv.egovernment.moaspss.util.Constants; @@ -61,6 +62,8 @@ public class VerifyCMSSignatureRequestParser { private static final String DATE_TIME_XPATH = MOA + "DateTime"; private static final String EXTENDED_VALIDATION_XPATH = MOA + "ExtendedValidation"; private static final String CMS_SIGNATURE_XPATH = MOA + "CMSSignature"; + private static final String PDF_SIGNATURE_XPATH = MOA + "PDFSignature"; + private static final String TRUST_PROFILE_ID_XPATH = MOA + "TrustProfileID"; private static final String DATA_OBJECT_XPATH = MOA + "DataObject"; private static final String META_INFO_XPATH = MOA + "MetaInfo"; @@ -94,10 +97,11 @@ public class VerifyCMSSignatureRequestParser { RequestParserUtils.parseExtendedValidation(requestElem, EXTENDED_VALIDATION_XPATH, false); String cmsSignatureStr = - XPathUtils.getElementValue(requestElem, CMS_SIGNATURE_XPATH, ""); + XPathUtils.getElementValue(requestElem, PDF_SIGNATURE_XPATH, ""); CMSDataObject dataObject = parseDataObject(requestElem); String trustProfileID = XPathUtils.getElementValue(requestElem, TRUST_PROFILE_ID_XPATH, null); + //Logger.info("CMSSignature: " + cmsSignatureStr); InputStream cmsSignature = Base64Utils.decodeToStream(cmsSignatureStr, true); diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java index 9fda5e0..ab807ae 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmsverify/CMSSignatureVerificationProfileImpl.java @@ -55,4 +55,9 @@ public class CMSSignatureVerificationProfileImpl implements CMSSignatureVerifica this.certificateValidationProfile = certificateValidationProfile; } + @Override + public String getTargetLevel() { + return CMSSignatureVerificationProfile.LEVEL_LTA; + } + } diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java index c49004b..44600db 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/IaikConfigurator.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.spss.server.iaik.config; import iaik.cms.IaikCCProvider; +import iaik.esi.sva.Configuration; import iaik.pki.store.revocation.RevocationFactory; import iaik.pki.store.revocation.RevocationSourceStore; import iaik.pki.store.truststore.TrustStoreFactory; @@ -83,6 +84,8 @@ public class IaikConfigurator { try { TransactionId transId = new TransactionId("IaikConfigurator"); + //iaik.esi.sva.Configuration config = new Configuration(IaikConfigurator.class.getResourceAsStream("/sva.config")); + //SecProviderUtils.dumpSecProviders("Starting configuration"); try { diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java index 906abbe..c48cecd 100644 --- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java +++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java @@ -157,7 +157,7 @@ public class CMSSignatureVerificationInvoker { .getInstance(); module.setLog(new IaikLog(loggingCtx.getNodeID())); - + //Logger.info(" Available: " + signature.available()); module.init(signature, profile, new TransactionId(context.getTransactionID())); // input = module.getInputStream(); @@ -254,11 +254,16 @@ public class CMSSignatureVerificationInvoker { TrustProfile trustProfile) throws MOAException { QCSSCDResult qcsscdresult = new QCSSCDResult(); + if(resultObject == null) { + Logger.warn("Result Object is null!"); + return; + } + CMSSignatureVerificationResult cmsResult = null; List adesResults = null; if (resultObject instanceof ExtendedCMSSignatureVerificationResult) { ExtendedCMSSignatureVerificationResult result = (ExtendedCMSSignatureVerificationResult) resultObject; - + cmsResult = result.getCMSSignatureVerificationResult(); adesResults = getAdESResult(result.getFormVerificationResult()); if (adesResults != null) { @@ -274,6 +279,7 @@ public class CMSSignatureVerificationInvoker { String issuerCountryCode = null; // QC/SSCD check + if(cmsResult.getCertificateValidationResult() != null) { List list = cmsResult.getCertificateValidationResult().getCertificateChain(); if (list != null) { X509Certificate[] chain = new X509Certificate[list.size()]; @@ -289,7 +295,7 @@ public class CMSSignatureVerificationInvoker { // get signer certificate issuer country code issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0)); - + } } responseBuilder.addResult(cmsResult, trustProfile, qcsscdresult.isQC(), qcsscdresult.isQCSourceTSL(), @@ -347,11 +353,16 @@ public class CMSSignatureVerificationInvoker { TrustProfile trustProfile) throws MOAException { QCSSCDResult qcsscdresult = new QCSSCDResult(); + if(resultObject == null) { + Logger.warn("Result Object is null!"); + return; + } + PDFSignatureVerificationResult cmsResult = null; List adesResults = null; if (resultObject instanceof ExtendedPDFSignatureVerificationResult) { ExtendedPDFSignatureVerificationResult result = (ExtendedPDFSignatureVerificationResult) resultObject; - + cmsResult = result.getPDFSignatureVerificationResult(); adesResults = getAdESResult(result.getFormVerificationResult()); if (adesResults != null) { diff --git a/moaSig/moa-sig-lib/src/main/resources/sva.config b/moaSig/moa-sig-lib/src/main/resources/sva.config new file mode 100644 index 0000000..e41cad5 --- /dev/null +++ b/moaSig/moa-sig-lib/src/main/resources/sva.config @@ -0,0 +1,85 @@ +#Fri Jul 27 14:18:37 CEST 2012 +# +# Format [key]=[value] +# +# Note that if an '=' is used in a key or value it has to be escaped: "\=" + +##################### WebConfig ####################### + +#The path to the sva configuration file +#svaconfig=/data/sigval/incoming/svaconfig + +#The directories where to store the collected testdata +#testdir=/data/sigval/incoming/test/ + +#The basepath for signature validation +basepath= + +###################################################### + +#The path prefix for all file system locations +pathprefix=pathprefix/example/ + +#The file where the xmldsig core schema is located +xmlschemaloc=example/schema/xmldsig-core-schema.xsd + +#The root folder where truststore and certstore are created later on +certroot=example/certs + +#The folder containing the trustanchors +trustanchorloc=example/keys_and_certs + +#The folder containing the timestampauthority trustanchors +tsttrustanchorloc=example/keys_and_certs + +#The folder containing alternative revocation information (comment out to use +#infos contained in the certificate) +#altdp= + +#The maximum age of a revocation information of a end user certificate in hours +endusercertgrace=4382 + +#The maximum age of a revocation information for a ca certificate in hours +cacertgrace=4382 + +tstcoherencetolerance=10 + +#The maximum time difference (in hours) the signing-time property and a +#time stamp +#timestampdelay=24 + +# Defines the forbidden hashing algorithms and the inception date +# Format: {, };{, }... +hashconstraint={md5, 2000-08-08};{sha1, 2016-08-08} + +# Defines the forbidden hashing algorithms for CA Certificates and the inception date +# Format: {, };{, }... +cahashconstraint={md5,2000-08-08};{sha1, 2012-08-05} + +# Defines the minimum required key lengths +# Format: {, ,};{...}... +keylenconstraint={rsa, 1024, 2000-08-08} + +# Defines the minimum required key lengths for CA Certificates +# Format: {, ,};{...}.. +cakeylenconstraint={rsa,512,2000-08-08} + +# Defines the minimum required key lengths for timestamps +# Format: {, ,};{...}... +tstkeylenconstraint={rsa, 1024, 2000-08-08} + +# Defines the mapping for sub indications to main indications. +# If this property is not present or empty, the default mappings are used. +# See "ETSI TS 102 853 V1.1.1 (2012-07)" +# Format: {,
};{...}... +# Maybe set value to numbers? +indicationmapping={FORMAT_FAILURE,INDETERMINATE};{SUCCESS, SUCCESS} + +# Allows any key usage if set to true, otherwise only dig. signature +allowanykeyusage=false + +# Defines the chaining model for path validation. +# possible values are: +# - All certificates are valid at validationtime (SHELL model) +# - All certificates are valid at the time they were used for issuing a certificate (CHAIN model) +chainingmodel=SHELL -- cgit v1.2.3