+ * Default: true
+ *
true if RSASSA-PSS should be used, otherwise false.
+ */
+ public boolean isRsaSsaPssEnabled() {
+ final NodeIterator modIter = XPathUtils.selectNodeIterator(
+ getConfigElem(),
+ SIGN_PARAMS_XPATH);
+
+
+ Element modElem;
+ if ((modElem = (Element) modIter.nextNode()) != null) {
+ Boolean value = Boolean.valueOf(modElem.getAttribute("RSASSA-PSS"));
+ Logger.debug((value ? "Enable" : "Disable") + " RSASSA-PSS as primary signature-algorithm for RSA");
+ return value;
+
+ } else {
+ Logger.debug("Enable RSASSA-PSS as primary signature-algorithm for RSA");
+ return true;
+
+ }
+ }
/**
* Should ETSI extension should be used for short-time certificate validation.
@@ -1792,6 +1837,7 @@ public class ConfigurationPartsBuilder {
return SHORT_TIME_CERT_DEFAULT_ETSI;
}
+
/**
* Get default shortTime certificate interval.
*
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
index 3c720a1..6856e56 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationProvider.java
@@ -103,6 +103,9 @@ public class ConfigurationProvider {
/** The default canonicalization algorithm name */
private String canonicalizationAlgorithmName;
+ /** The default of use RSASSA-PSS if supported */
+ private boolean useRsaSsaPss;
+
/** The XAdES version used for signature creation */
private String xadesVersion;
@@ -375,6 +378,8 @@ public class ConfigurationProvider {
// check TSL configuration
checkTSLConfiguration();
+ useRsaSsaPss = builder.isRsaSsaPssEnabled();
+
digestMethodAlgorithmName = builder.getDigestMethodAlgorithmName();
canonicalizationAlgorithmName =
builder.getCanonicalizationAlgorithmName();
@@ -555,6 +560,15 @@ public class ConfigurationProvider {
return digestMethodAlgorithmName;
}
+ /**
+ * Use RSASSA-PSS algorithm if it's supported by Key-Material.
+ *
+ * @return true if RSASSA-PSS should be used, otherwise false.
+ */
+ public boolean isUseRsaSsaPss() {
+ return useRsaSsaPss;
+ }
+
/**
* Return the XAdES version used for signature creation.
*
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
index faeaf82..fc374ab 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/KeyGroup.java
@@ -42,6 +42,9 @@ public class KeyGroup {
/** The digest method algorithm for the key group */
private final String digestMethodAlgorithm;
+ /** Use RSASSA-PSS if supported */
+ private final Boolean useRsaSsaPss;
+
/**
* Create a KeyGroup.
*
@@ -51,9 +54,25 @@ public class KeyGroup {
* @param digestMethodAlgorithm The signature algorithm used for this key group
*/
public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm) {
+ this(id, keyGroupEntries, digestMethodAlgorithm, true);
+
+ }
+
+ /**
+ * Create a KeyGroup.
+ *
+ * @param id The ID of this KeyGroup.
+ * @param keyGroupEntries The keys belonging to this
+ * KeyGroup.
+ * @param useRsaSsaPss Use RSASSA-PSS if available and supported
+ * @param digestMethodAlgorithm The signature algorithm used for this key group
+ */
+ public KeyGroup(String id, Set keyGroupEntries, String digestMethodAlgorithm, Boolean useRsaSsaPss) {
this.id = id;
this.keyGroupEntries = keyGroupEntries;
this.digestMethodAlgorithm = digestMethodAlgorithm;
+ this.useRsaSsaPss = useRsaSsaPss;
+
}
/**
@@ -83,6 +102,17 @@ public class KeyGroup {
return id;
}
+ /**
+ * Use RSASSA-PSS algorithm if it's supported by Key-Material.
+ *
+ * @return true if RSASSA-PSS should be used, false if
+ * it is disabled, or null if it is undefined
+ */
+ public Boolean isUseRsaSsaPass() {
+ return useRsaSsaPss;
+
+ }
+
/**
* Return a String representation of this KeyGroup.
*
@@ -102,7 +132,7 @@ public class KeyGroup {
}
}
return "(KeyGroup - ID:" + id + " " + sb.toString() + ")" + "DigestMethodAlgorithm: "
- + digestMethodAlgorithm;
+ + digestMethodAlgorithm + useRsaSsaPss != null ? ("RSASSA-PSS: " + useRsaSsaPss) : "";
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
index d660c7a..b43ec2f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.iaik.cmssign;
import java.util.List;
import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
+
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -63,6 +65,20 @@ public class CMSSignatureCreationProfileImpl
/** Digest Method algorithm */
private String digestMethod;
private final boolean isPAdESConform;
+ private final boolean rsaSsaPss;
+
+ public CMSSignatureCreationProfileImpl(
+ Set keySet,
+ String digestMethod,
+ List signedProperties,
+ boolean securityLayerConform,
+ boolean includeData,
+ String mimeType,
+ boolean isPAdESConform) {
+ this(keySet, digestMethod, signedProperties, securityLayerConform, includeData, mimeType,
+ isPAdESConform, true);
+
+ }
/**
* Create a new XMLSignatureCreationProfileImpl.
@@ -80,7 +96,8 @@ public class CMSSignatureCreationProfileImpl
boolean securityLayerConform,
boolean includeData,
String mimeType,
- boolean isPAdESConform) {
+ boolean isPAdESConform,
+ boolean rsaSsaPss) {
this.keySet = keySet;
this.signedProperties = signedProperties;
this.securityLayerConform = securityLayerConform;
@@ -88,6 +105,7 @@ public class CMSSignatureCreationProfileImpl
this.mimeType = mimeType;
this.digestMethod = digestMethod;
this.isPAdESConform = isPAdESConform;
+ this.rsaSsaPss = rsaSsaPss;
}
@@ -131,11 +149,70 @@ public class CMSSignatureCreationProfileImpl
null);
}
+ final String selectedSigAlg = selectBestSigAlg(algorithms, selectedKeyID);
+ Logger.trace("Selecting SigAlg: " + selectedSigAlg);
+ return selectedSigAlg;
+
+ }
+
+ /**
+ * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
+ */
+ @Override
+ public List getSignedProperties() {
+ return signedProperties;
+ }
+
+ /**
+ * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
+ */
+ @Override
+ public boolean isSecurityLayerConform() {
+ return securityLayerConform;
+ }
+
+ /**
+ * Sets the security layer conformity.
+ *
+ * @param securityLayerConform true, if the created signature is to
+ * be conform to the Security Layer specification.
+ */
+ public void setSecurityLayerConform(boolean securityLayerConform) {
+ this.securityLayerConform = securityLayerConform;
+ }
+
+ public void setDigestMethod(String digestMethod) {
+ this.digestMethod = digestMethod;
+ }
+
+ @Override
+ public String getMimeType() {
+ return mimeType;
+ }
+
+ @Override
+ public boolean includeData() {
+ return this.includeData;
+ }
+
+ @Override
+ public boolean isPAdESConform() {
+ return this.isPAdESConform;
+ }
+
+ private String selectBestSigAlg(Set algorithms, KeyEntryID selectedKeyID) throws AlgorithmUnavailableException {
+ Logger.trace("Key: " + selectedKeyID + " supports signingAlgs: " + StringUtils.join(algorithms, ","));
+
+ // TODO: maybe add support for parameterized RSASSA-PSS
+
if (digestMethod.compareTo("SHA-1") == 0) {
Logger.warn(
"SHA-1 is configured as digest algorithm. Please revise a use of a more secure digest algorithm out of the SHA-2 family (e.g. SHA-256, SHA-384, SHA-512)");
- if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
+ if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA1_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)) {
return SignatureAlgorithms.SHA1_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
@@ -152,7 +229,11 @@ public class CMSSignatureCreationProfileImpl
}
} else if (digestMethod.compareTo("SHA-256") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)) {
+
+ return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
return SignatureAlgorithms.SHA256_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
@@ -168,7 +249,10 @@ public class CMSSignatureCreationProfileImpl
null);
}
} else if (digestMethod.compareTo("SHA-384") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
return SignatureAlgorithms.SHA384_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
@@ -184,7 +268,10 @@ public class CMSSignatureCreationProfileImpl
null);
}
} else if (digestMethod.compareTo("SHA-512") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
return SignatureAlgorithms.SHA512_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
@@ -205,52 +292,6 @@ public class CMSSignatureCreationProfileImpl
null,
null);
}
-
- }
-
- /**
- * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#getSignedProperties()
- */
- @Override
- public List getSignedProperties() {
- return signedProperties;
- }
-
- /**
- * @see iaik.server.modules.xmlsign.XMLSignatureCreationProfile#isSecurityLayerConform()
- */
- @Override
- public boolean isSecurityLayerConform() {
- return securityLayerConform;
- }
-
- /**
- * Sets the security layer conformity.
- *
- * @param securityLayerConform true, if the created signature is to
- * be conform to the Security Layer specification.
- */
- public void setSecurityLayerConform(boolean securityLayerConform) {
- this.securityLayerConform = securityLayerConform;
- }
-
- public void setDigestMethod(String digestMethod) {
- this.digestMethod = digestMethod;
- }
-
- @Override
- public String getMimeType() {
- return mimeType;
- }
-
- @Override
- public boolean includeData() {
- return this.includeData;
- }
-
- @Override
- public boolean isPAdESConform() {
- return this.isPAdESConform;
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 516e3d8..76814a4 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -76,6 +76,7 @@ public class XMLSignatureCreationProfileImpl
private final IdGenerator propertyIDGenerator;
/** The selected digest method algorithm if XAdES 1.4.2 is used */
private final String digestMethodXAdES142;
+ private final boolean rsaSsaPss;
/**
* Create a new XMLSignatureCreationProfileImpl.
@@ -85,11 +86,12 @@ public class XMLSignatureCreationProfileImpl
* same request.
* @param reservedIDs The set of IDs that must not be used while
* generating new IDs.
+ * @param useRsaSsaPss Use RSASSA-PSS if supported
*/
public XMLSignatureCreationProfileImpl(
int createProfileCount,
Set reservedIDs,
- String digestMethodXAdES142) {
+ String digestMethodXAdES142, boolean useRsaSsaPss) {
signatureIDGenerator =
new IdGenerator("signature-" + createProfileCount, reservedIDs);
manifestIDGenerator =
@@ -99,6 +101,8 @@ public class XMLSignatureCreationProfileImpl
propertyIDGenerator =
new IdGenerator("etsi-signed-" + createProfileCount, reservedIDs);
this.digestMethodXAdES142 = digestMethodXAdES142;
+ this.rsaSsaPss = useRsaSsaPss;
+
}
/**
@@ -175,16 +179,25 @@ public class XMLSignatureCreationProfileImpl
null);
}
+ // TODO: maybe add support for parameterized RSASSA-PSS
+
if (digestMethodXAdES142 == null) {
// XAdES 1.4.2 not enabled - legacy MOA
- if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)
+ || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)
+ || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
|| algorithms.contains(SignatureAlgorithms.MD5_WITH_RSA)
|| algorithms.contains(SignatureAlgorithms.RIPEMD128_WITH_RSA)
|| algorithms.contains(SignatureAlgorithms.RIPEMD160_WITH_RSA)
|| algorithms.contains(SignatureAlgorithms.SHA1_WITH_RSA)
- || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+ || algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)
+ || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)
+ || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
- return SignatureAlgorithms.SHA1_WITH_RSA;
+ return SignatureAlgorithms.SHA256_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
return SignatureAlgorithms.ECDSA;
} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
@@ -219,7 +232,10 @@ public class XMLSignatureCreationProfileImpl
}
} else if (digestMethodXAdES142.compareTo("SHA-256") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA)) {
return SignatureAlgorithms.SHA256_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA256_WITH_ECDSA)) {
@@ -235,7 +251,10 @@ public class XMLSignatureCreationProfileImpl
null);
}
} else if (digestMethodXAdES142.compareTo("SHA-384") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA)) {
return SignatureAlgorithms.SHA384_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA384_WITH_ECDSA)) {
@@ -251,7 +270,10 @@ public class XMLSignatureCreationProfileImpl
null);
}
} else if (digestMethodXAdES142.compareTo("SHA-512") == 0) {
- if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
+ if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+ return SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1;
+
+ } else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
return SignatureAlgorithms.SHA512_WITH_RSA;
} else if (algorithms.contains(SignatureAlgorithms.SHA512_WITH_ECDSA)) {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
index 5624f45..4ae1866 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureCreationInvoker.java
@@ -221,6 +221,7 @@ public class CMSSignatureCreationInvoker {
// get digest algorithm
final String digestAlgorithm = getDigestAlgorithm(config, keyGroupID);
+ final boolean useRsaSsaPss = isRsaSsaPssActive(config, keyGroupID);
// create CMSSignatureCreation profile:
final CMSSignatureCreationProfile profile = new CMSSignatureCreationProfileImpl(
@@ -230,7 +231,8 @@ public class CMSSignatureCreationInvoker {
isSecurityLayerConform,
includeData,
mimetype,
- isPAdESConformRequired);
+ isPAdESConformRequired,
+ useRsaSsaPss);
// create CMSSignature from the CMSSignatureCreationModule
// build the additionalSignedProperties
@@ -344,13 +346,23 @@ public class CMSSignatureCreationInvoker {
}
+ private boolean isRsaSsaPssActive(ConfigurationProvider config, String keyGroupID)
+ throws MOASystemException {
+ final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass();
+ final boolean configUseRsaSsaPss = config.isUseRsaSsaPss();
+ return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss;
+
+ }
+
private String getDigestAlgorithm(ConfigurationProvider config, String keyGroupID)
throws MOASystemException {
// get digest method on key group level (if configured)
final String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm();
+
// get default digest method (if configured)
final String configDigestMethod = config.getDigestMethodAlgorithmName();
+
String digestMethod = null;
if (configDigestMethodKG != null) {
// if KG specific digest method is configured
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index c097b0c..7585ac7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -191,8 +191,10 @@ public class XMLSignatureCreationProfileFactory {
}
}
+
final XMLSignatureCreationProfileImpl profile =
- new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142);
+ new XMLSignatureCreationProfileImpl(createProfileCount, allReservedIDs, digestMethodXAdES142,
+ isRsaSsaPssActive(config, keyGroupID));
// build the transformation supplements
createTransformsProfiles =
@@ -260,6 +262,14 @@ public class XMLSignatureCreationProfileFactory {
return profile;
}
+ private boolean isRsaSsaPssActive(ConfigurationProvider config, String keyGroupID)
+ throws MOASystemException {
+ final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass();
+ final boolean configUseRsaSsaPss = config.isUseRsaSsaPss();
+ return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss;
+
+ }
+
/**
* Get the List of all CreateTransformsInfoProfiles
* contained in all the DataObjectInfos of the given
--
cgit v1.2.3
From 9b3e376ece529cdd12a5f406d365d2b711d2141c Mon Sep 17 00:00:00 2001
From: Thomas Lenz CMSSignatureVerificationInvoker.
- *
+ *
* Protected to disallow multiple instances.
*/
protected CMSSignatureVerificationInvoker() {
@@ -106,7 +106,7 @@ public class CMSSignatureVerificationInvoker {
/**
* Verify a CMS signature.
- *
+ *
* @param request The VerifyCMSSignatureRequest containing the CMS
* signature, as well as additional data needed for verification.
* @return Element A VerifyCMSSignatureResponse containing the
@@ -118,7 +118,7 @@ public class CMSSignatureVerificationInvoker {
final CMSSignatureVerificationProfileFactory profileFactory = new CMSSignatureVerificationProfileFactory(
request);
- final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder();
+
final TransactionContext context = TransactionContextManager.getInstance().getTransactionContext();
final LoggingContext loggingCtx = LoggingContextManager.getInstance().getLoggingContext();
InputStream signature;
@@ -219,7 +219,7 @@ public class CMSSignatureVerificationInvoker {
}
}
- final QCSSCDResult qcsscdresult = new QCSSCDResult();
+ final VerifyCMSSignatureResponseBuilder responseBuilder = new VerifyCMSSignatureResponseBuilder();
// build the response: for each signatory add the result to the response
signatories = request.getSignatories();
@@ -402,8 +402,8 @@ public class CMSSignatureVerificationInvoker {
i++;
}
- qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(), trustProfile
- .isTSLEnabled(), ConfigurationProvider.getInstance());
+ qcsscdresult = CertificateUtils.checkQCSSCD(chain, cmsResult.getSigningTime(),
+ trustProfile.isTSLEnabled(), ConfigurationProvider.getInstance());
// get signer certificate issuer country code
issuerCountryCode = CertificateUtils.getIssuerCountry((X509Certificate) list.get(0));
@@ -419,7 +419,7 @@ public class CMSSignatureVerificationInvoker {
/**
* Get the signed content contained either in the request itself or given as a
* reference to external data.
- *
+ *
* @param request The VerifyCMSSignatureRequest containing the
* signed content (or the reference to the signed content).
* @return InputStream A stream providing the signed content data, or
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
index b7580ac..35dca16 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/CertificateUtils.java
@@ -204,7 +204,6 @@ public class CertificateUtils {
// QC evaluation flags
boolean qc = false;
boolean qcSourceTSL = false;
- boolean qcDisallowedFromTSL = false;
// SSCD/QSCD evaluation flags
boolean sscd = false;
@@ -254,7 +253,6 @@ public class CertificateUtils {
TslConstants.SSCD_QUALIFIER_SHORT.NotQualified))) {
qc = false;
qcSourceTSL = false;
- qcDisallowedFromTSL = true;
Logger.info("TSL mark this certificate explicitly as 'NotQualified'!");
}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index d13492f..8c220ee 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -150,7 +150,7 @@ public class AxisHandler extends BasicHandler {
soapMessage = msgContext.getCurrentMessage();
Element xmlRequest = null;
- // log.info(soapMessage.getSOAPPartAsString());
+
final Element soapPart = DOMUtils.parseDocument(
new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null)
.getDocumentElement();
@@ -172,8 +172,9 @@ public class AxisHandler extends BasicHandler {
}
- final TransactionContext context = new TransactionContext(TransactionIDGenerator.nextID(), clientCert,
- ConfigurationProvider.getInstance(), xmlRequest, null);
+ final TransactionContext context =
+ new TransactionContext(TransactionIDGenerator.nextID(), clientCert,
+ ConfigurationProvider.getInstance(), xmlRequest, null);
String soapAction = request.getHeader(SOAP_ACTION_HEADER);
if ("\"\"".equals(soapAction)) {
@@ -239,19 +240,6 @@ public class AxisHandler extends BasicHandler {
info("handler.03", null);
}
if (Logger.isTraceEnabled()) {
- // OutputFormat format = new OutputFormat((Document)
- // xmlRequest.getOwnerDocument());
- // format.setLineSeparator("\n");
- // format.setIndenting(false);
- // format.setPreserveSpace(true);
- // format.setOmitXMLDeclaration(false);
- // format.setEncoding("UTF-8");
- // ByteArrayOutputStream baos = new ByteArrayOutputStream();
- // XMLSerializer conSerializer = new XMLSerializer(baos,
- // format);
- // conSerializer.serialize(xmlRequest);
- // Logger.debug(new LogMsg("Request:" + baos.toString()));
-
final String msg = soapMessage.getSOAPPartAsString();
Logger.trace(new LogMsg(msg));
}
@@ -305,24 +293,13 @@ public class AxisHandler extends BasicHandler {
if (xmlResponse != null) {
try {
xmlResponseString = DOMUtils.serializeNode(xmlResponse, true);
- /*
- * Soll die Antwort nur \n enthalten, so gibt es 2 Möglichkeiten: 1.) Xalan
- * Version und xmlResponseString = DOMUtils.serializeNode(xmlResponse, true,
- * "\n"); 2.) OutputFormat serializerFormat = new OutputFormat((Document)
- * xmlResponse.getOwnerDocument()); serializerFormat.setLineSeparator("\n");
- * serializerFormat.setIndenting(false);
- * serializerFormat.setPreserveSpace(true);
- * serializerFormat.setOmitXMLDeclaration(true);
- * serializerFormat.setEncoding("UTF-8"); ByteArrayOutputStream serializedBytes
- * = new ByteArrayOutputStream(); XMLSerializer serializer = new
- * XMLSerializer(serializedBytes, serializerFormat);
- * serializer.serialize(xmlResponse); serializedBytes.close(); xmlResponseString
- * = serializedBytes.toString("UTF-8");
- */
if (Logger.isTraceEnabled()) {
Logger.trace(new LogMsg(xmlResponseString));
+
}
+
soapResponseString = SOAP_PART_PRE + xmlResponseString + SOAP_PART_POST;
+
// override axis response-message
msgContext.setResponseMessage(new Message(soapResponseString));
} catch (final Throwable t) {
@@ -341,8 +318,8 @@ public class AxisHandler extends BasicHandler {
}
info("handler.04", null);
- if (Logger.isDebugEnabled()) {
- Logger.debug(new LogMsg(soapResponseString));
+ if (Logger.isTraceEnabled()) {
+ Logger.trace(new LogMsg(soapResponseString));
}
tearDownContexts();
}
--
cgit v1.2.3
From 98967fdd5649dafabc4b225a0496cab4ec034d96 Mon Sep 17 00:00:00 2001
From: Thomas Lenz String containing the Base64
* encoded bytes.
* @param ignoreInvalidChars Whether to ignore invalid Base64 characters.
+ * @param encoding Char encoding that should be used
* @return byte[] The raw bytes contained in the base64String.
* @throws IOException Failed to read the Base64 data.
*/
diff --git a/moaSig/moa-asic/build.gradle b/moaSig/moa-asic/build.gradle
index b2b7299..a132b05 100644
--- a/moaSig/moa-asic/build.gradle
+++ b/moaSig/moa-asic/build.gradle
@@ -19,15 +19,15 @@ configurations {
}
dependencies {
- jaxb 'com.sun.xml.bind:jaxb-xjc:3.0.2'
- jaxb 'org.glassfish.jaxb:jaxb-runtime:3.0.2'
+ jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5'
+ jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5'
implementation project(':common')
implementation project(':moa-sig-lib')
- api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
- api 'jakarta.xml.ws:jakarta.xml.ws-api:3.0.1'
- implementation 'org.slf4j:log4j-over-slf4j:1.7.36'
+ api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+ api 'jakarta.xml.ws:jakarta.xml.ws-api:4.0.2'
+ implementation 'org.slf4j:slf4j-api:2.0.17'
}
sourceSets {
diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle
index ee46ed9..dd3a191 100644
--- a/moaSig/moa-sig-lib/build.gradle
+++ b/moaSig/moa-sig-lib/build.gradle
@@ -17,36 +17,37 @@ distributions {
dependencies {
implementation project(':common')
- testImplementation project(path: ':common', configuration: 'testArtifacts')
api fileTree(dir: '../libs', include: ['*.jar'])
// api fileTree(dir: '../libs_debug', include: ['*.jar'])
api 'at.gv.egovernment.moa.sig:tsl-lib:2.2.0-SNAPSHOT'
- api 'commons-logging:commons-logging:1.2'
- api 'commons-io:commons-io:2.16.1'
- api 'commons-codec:commons-codec:1.16.0'
+ api 'commons-logging:commons-logging:1.3.5'
+ api 'commons-io:commons-io:2.20.0'
+ api 'commons-codec:commons-codec:1.19.0'
api 'org.apache.axis:axis-jaxrpc:1.4'
- api 'org.xerial:sqlite-jdbc:3.46.1.0'
- api 'javax.activation:activation:1.1.1'
- api 'jakarta.xml.bind:jakarta.xml.bind-api:3.0.1'
- api 'com.sun.xml.bind:jaxb-core:3.0.2'
- api 'com.sun.xml.bind:jaxb-impl:3.0.2'
- api 'org.postgresql:postgresql:42.7.1'
-
- api 'org.apache.pdfbox:pdfbox:2.0.32'
- api 'org.apache.pdfbox:pdfbox-tools:2.0.32'
- api 'org.apache.pdfbox:pdfbox-app:2.0.32'
- api 'org.apache.pdfbox:preflight:2.0.32'
- api 'org.apache.pdfbox:preflight-app:2.0.32'
- api 'org.apache.commons:commons-lang3:3.16.0'
- api 'org.apache.httpcomponents:httpclient-cache:4.5.14'
- api 'org.slf4j:jcl-over-slf4j:1.7.36'
-
- testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.10.1'
- testImplementation 'org.junit.platform:junit-platform-engine:1.10.1'
- testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.10.1'
- testImplementation 'ch.qos.logback:logback-classic:1.2.13'
+ api 'org.xerial:sqlite-jdbc:3.50.3.0'
+ api 'jakarta.activation:jakarta.activation-api:2.1.3'
+ api 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+ //api 'com.sun.xml.bind:jaxb-core:4.0.5'
+ api 'com.sun.xml.bind:jaxb-impl:4.0.5'
+ api 'org.postgresql:postgresql:42.7.7'
+
+ api 'org.apache.pdfbox:pdfbox:2.0.34'
+ api 'org.apache.pdfbox:pdfbox-tools:2.0.34'
+ api 'org.apache.pdfbox:pdfbox-app:2.0.34'
+ api 'org.apache.pdfbox:preflight:2.0.34'
+ api 'org.apache.pdfbox:preflight-app:2.0.34'
+ api 'org.apache.commons:commons-lang3:3.18.0'
+ api 'org.apache.httpcomponents.client5:httpclient5-cache:5.4.4'
+ api 'org.slf4j:jcl-over-slf4j:2.0.17'
+
+
+ testImplementation project(path: ':common', configuration: 'testArtifacts')
+ testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.13.4'
+ //testImplementation 'org.junit.platform:junit-platform-engine:1.13.4'
+ testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.13.4'
+ testImplementation 'ch.qos.logback:logback-classic:1.5.18'
}
tasks.register('releases', Copy) {
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
index 335bf68..a60590d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/DeleteableDataSource.java
@@ -1,6 +1,6 @@
package at.gv.egovernment.moa.spss.server.transaction;
-import javax.activation.DataSource;
+import jakarta.activation.DataSource;
public interface DeleteableDataSource extends DataSource {
void delete();
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
index 5746657..06326a0 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/transaction/TransactionContext.java
@@ -33,14 +33,13 @@ import java.util.Iterator;
import java.util.Map.Entry;
import java.util.Vector;
-import javax.activation.DataSource;
-
import org.w3c.dom.Element;
import at.gv.egovernment.moa.spss.MOAApplicationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moaspss.logging.Logger;
import iaik.xml.crypto.utils.URI;
+import jakarta.activation.DataSource;
/**
* Contains information about the current request.
@@ -310,7 +309,7 @@ public class TransactionContext {
}
// not available in Axis 1.0 to 1.1
// File f = mmds.getDiskCacheFile();
-// if (f!=null) f.delete();
+// if (f!=null) f.delete();
if (mmds instanceof DeleteableDataSource) {
((DeleteableDataSource) mmds).delete();
}
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
index eba2e76..edd6aa0 100644
--- a/moaSig/moa-sig/build.gradle
+++ b/moaSig/moa-sig/build.gradle
@@ -17,24 +17,34 @@ configurations {
}
dependencies {
- jaxb 'com.sun.xml.bind:jaxb-xjc:3.0.2'
- jaxb 'org.glassfish.jaxb:jaxb-runtime:3.0.2'
+ jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5'
+ jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5'
- implementation project(':common')
+ implementation project(':common')
implementation project(':moa-sig-lib')
implementation project(':moa-asic')
implementation fileTree(dir: 'libs', include: ['*.jar'])
- compileOnly 'javax.servlet:javax.servlet-api:3.1.0'
+ compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0'
implementation 'commons-discovery:commons-discovery:0.5'
- implementation 'org.apache.logging.log4j:log4j-1.2-api:2.22.1'
- implementation 'org.slf4j:log4j-over-slf4j:1.7.36'
- implementation 'javax.jws:javax.jws-api:1.1'
- implementation 'ch.qos.logback:logback-classic:1.2.13'
+ implementation 'org.apache.logging.log4j:log4j-1.2-api:2.25.1'
+ implementation 'org.slf4j:log4j-over-slf4j:2.0.17'
+ implementation 'jakarta.jws:jakarta.jws-api:3.0.0'
+ implementation 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
+ implementation 'ch.qos.logback:logback-classic:1.5.18'
- testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.10.1'
- testImplementation 'org.junit.platform:junit-platform-engine:1.10.1'
- testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.10.1'
- testImplementation 'ch.qos.logback:logback-classic:1.2.13'
+ implementation("javax.activation:activation:1.1.1")
+ implementation("org.eclipse.angus:angus-mail:2.0.4")
+
+ testImplementation 'org.junit.jupiter:junit-jupiter-migrationsupport:5.13.4'
+ //testImplementation 'org.junit.platform:junit-platform-engine:1.13.4'
+ testImplementation 'org.junit.jupiter:junit-jupiter-engine:5.13.4'
+ testImplementation 'ch.qos.logback:logback-classic:1.5.18'
+
+ testImplementation project(':common')
+ testImplementation project(path: ':common', configuration: 'testArtifacts')
+ testImplementation project(':moa-sig-lib')
+ testImplementation project(':moa-asic')
+
}
sourceSets {
diff --git a/moaSig/moa-sig/libs/activation-1.1.jar b/moaSig/moa-sig/libs/activation-1.1.jar
deleted file mode 100644
index 53f82a1..0000000
Binary files a/moaSig/moa-sig/libs/activation-1.1.jar and /dev/null differ
diff --git a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar
deleted file mode 100644
index 81103be..0000000
Binary files a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.3.jar and /dev/null differ
diff --git a/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar
new file mode 100644
index 0000000..0935d37
Binary files /dev/null and b/moaSig/moa-sig/libs/axis-1.0_IAIK_1.4.jar differ
diff --git a/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar b/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar
new file mode 100644
index 0000000..0d015d5
Binary files /dev/null and b/moaSig/moa-sig/libs/jakarta.activation-api-2.1.3.jar differ
diff --git a/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar b/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar
new file mode 100644
index 0000000..6b36779
Binary files /dev/null and b/moaSig/moa-sig/libs/jakarta.mail-api-2.1.3.jar differ
diff --git a/moaSig/moa-sig/libs/mail-1.4.jar b/moaSig/moa-sig/libs/mail-1.4.jar
deleted file mode 100644
index 3b28b6e..0000000
Binary files a/moaSig/moa-sig/libs/mail-1.4.jar and /dev/null differ
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index 8c220ee..f206167 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -33,8 +33,6 @@ import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
-import javax.servlet.http.HttpServletRequest;
-
import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
@@ -53,12 +51,15 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
import at.gv.egovernment.moa.spss.server.transaction.TransactionIDGenerator;
+import at.gv.egovernment.moa.spss.server.utils.DataHandlerConverter;
import at.gv.egovernment.moa.spss.util.MessageProvider;
import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
import at.gv.egovernment.moaspss.util.DOMUtils;
+import jakarta.activation.DataHandler;
+import jakarta.servlet.http.HttpServletRequest;
/**
* An handler that is invoked on each web service request and performs some
@@ -202,7 +203,11 @@ public class AxisHandler extends BasicHandler {
// content with Object content =
// attachment.getContent();)
InputStream is = null;
- final javax.activation.DataHandler datahandler = attachment.getDataHandler();
+
+ Object dataHandlerObj = attachment.getDataHandler();
+ final DataHandler datahandler = dataHandlerObj instanceof DataHandler
+ ? (DataHandler) dataHandlerObj
+ : DataHandlerConverter.convert((javax.activation.DataHandler) dataHandlerObj);
final int TYPE = 2;
switch (TYPE) {
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
index bc2c3b6..dee5d90 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/CertificateProviderServlet.java
@@ -11,11 +11,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.Set;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.config.KeyGroupEntry;
@@ -25,6 +20,10 @@ import at.gv.egovernment.moaspss.logging.Logger;
import iaik.server.modules.keys.KeyEntryID;
import iaik.server.modules.keys.KeyModule;
import iaik.server.modules.keys.KeyModuleFactory;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
/**
*
@@ -34,7 +33,7 @@ import iaik.server.modules.keys.KeyModuleFactory;
public class CertificateProviderServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = -6907582473072190122L;
@@ -46,7 +45,7 @@ public class CertificateProviderServlet extends HttpServlet {
/**
* Build the set of KeyEntryIDs available to the given
* keyGroupID.
- *
+ *
* @param keyGroupID The keygroup ID for which the available keys should be
* returned.
* @return The Set of KeyEntryIDs identifying the
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
index 135d652..6127305 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -29,11 +29,6 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
@@ -42,6 +37,10 @@ import at.gv.egovernment.moaspss.logging.LogMsg;
import at.gv.egovernment.moaspss.logging.Logger;
import at.gv.egovernment.moaspss.logging.LoggingContext;
import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
/**
* A servlet to initialize and update the MOA configuration.
@@ -52,7 +51,7 @@ import at.gv.egovernment.moaspss.logging.LoggingContextManager;
*/
public class ConfigurationServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = 8372961105222028696L;
/** The document type of the HTML to generate. */
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
index 4030883..7973e44 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/SignatureCreationService.java
@@ -63,7 +63,7 @@ public class SignatureCreationService {
/**
* Handle a CreatePDFSignatureRequest.
- *
+ *
* @param request The CreatePDFSignatureRequest to work on
* (contained in the 0th element of the array).
* @return A CreatePDFSignatureResponse as the only element of the
@@ -152,7 +152,7 @@ public class SignatureCreationService {
/**
* Handle a CreateXMLSignatureRequest.
- *
+ *
* @param request The CreateXMLSignatureRequest to work on
* (contained in the 0th element of the array).
* @return A CreateXMLSignatureResponse as the only element of the
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java
index 3bf9a37..abdf121 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/TSLClientStatusServlet.java
@@ -5,18 +5,17 @@ import java.io.PrintWriter;
import java.text.MessageFormat;
import java.util.List;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import at.gv.egovernment.moa.sig.tsl.engine.data.TSLProcessingResultElement;
import at.gv.egovernment.moa.spss.server.monitoring.ServiceStatusContainer;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
public class TSLClientStatusServlet extends HttpServlet {
/**
- *
+ *
*/
private static final long serialVersionUID = 1L;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java
new file mode 100644
index 0000000..fd11789
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/DataHandlerConverter.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.spss.server.utils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import lombok.experimental.UtilityClass;
+
+/**
+ * Utility to convert javax.activation.DataHandler to jakarta.activation.DataHandler.
+ */
+@UtilityClass
+public class DataHandlerConverter {
+
+ /**
+ * Converts javax.activation.DataHandler to jakarta.activation.DataHandler
+ */
+ public static jakarta.activation.DataHandler convert(javax.activation.DataHandler oldHandler) {
+ if (oldHandler == null) return null;
+
+ javax.activation.DataSource oldSource = oldHandler.getDataSource();
+
+ // Wrap the old javax.activation.DataSource in a jakarta.activation.DataSource
+ jakarta.activation.DataSource newSource = new jakarta.activation.DataSource() {
+ @Override
+ public InputStream getInputStream() throws IOException {
+ return oldSource.getInputStream();
+ }
+
+ @Override
+ public OutputStream getOutputStream() throws IOException {
+ return oldSource.getOutputStream();
+ }
+
+ @Override
+ public String getContentType() {
+ return oldSource.getContentType();
+ }
+
+ @Override
+ public String getName() {
+ return oldSource.getName();
+ }
+ };
+
+ return new jakarta.activation.DataHandler(newSource);
+ }
+}
+
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java
new file mode 100644
index 0000000..78d5039
--- /dev/null
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/utils/LoggerUtils.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.spss.server.utils;
+
+import java.util.Properties;
+
+import iaik.logging.LogConfigurationException;
+import iaik.logging.LogFactory;
+import iaik.logging.LoggerConfig;
+import lombok.experimental.UtilityClass;
+
+/**
+ * Logging helper.
+ */
+@UtilityClass
+public class LoggerUtils {
+
+ /**
+ * Fix {@link iaik.logging.impl.LogSlf4jFactoryImpl}, because it uses
+ * org.slf4j.impl.StaticLoggerBinder which was removed since v
+ * 1.5.x.
+ */
+ public static void fixLoggerFactory() {
+ LogFactory.configure(new LoggerConfig() {
+
+ @Override
+ public Properties getProperties() throws LogConfigurationException {
+ return null;
+ }
+
+ @Override
+ public String getNodeId() {
+ return null;
+ }
+
+ @Override
+ public String getFactory() {
+ return "iaik.logging.impl.OwnLogSlf4jFactoryImpl";
+ }
+ });
+ }
+
+}
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java
index bf06ff6..4b91ec1 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureCreationService.java
@@ -1,8 +1,8 @@
package at.gv.egovernment.moa.spss.server.webservice;
-import javax.jws.WebMethod;
-import javax.jws.WebParam;
-import javax.jws.WebService;
+import jakarta.jws.WebMethod;
+import jakarta.jws.WebParam;
+import jakarta.jws.WebService;
@WebService(name = "SignatureCreationService",
targetNamespace = "http://reference.e-government.gv.at/namespace/moa/20151109#")
@@ -24,7 +24,7 @@ public interface SignatureCreationService {
* @WebMethod(action = "PDFSignatureCreate", operationName =
* "PDFSignatureCreate") public at.gv.egiz.moasig.CreatePDFSignatureResponseType
* createPDFSignature(
- *
+ *
* @WebParam(name = "CreatePDFSignatureRequest")
* at.gv.egiz.moasig.CreatePDFSignatureRequest createPDFSignatureRequest) throws
* Exception;
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java
index ca30650..d8aa9b6 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/webservice/SignatureVerificationService.java
@@ -1,8 +1,8 @@
package at.gv.egovernment.moa.spss.server.webservice;
-import javax.jws.WebMethod;
-import javax.jws.WebParam;
-import javax.jws.WebService;
+import jakarta.jws.WebMethod;
+import jakarta.jws.WebParam;
+import jakarta.jws.WebService;
@WebService(name = "SignatureVerificationService",
targetNamespace = "http://reference.e-government.gv.at/namespace/moa/20151109#")
diff --git a/moaSig/moa-sig/src/main/resources/logback.xml b/moaSig/moa-sig/src/main/resources/logback.xml
index 0012e81..0afb5cc 100644
--- a/moaSig/moa-sig/src/main/resources/logback.xml
+++ b/moaSig/moa-sig/src/main/resources/logback.xml
@@ -12,7 +12,7 @@
XMLSignatureCreationInvoker.
- *
+ *
* Protected to disallow multiple instances.
*/
protected XMLSignatureVerificationInvoker() {
@@ -146,8 +139,8 @@ public class XMLSignatureVerificationInvoker {
/**
* Process the VerifyXMLSignatureRequest message and invoke the
* XMLSignatureVerificationModule.
- *
- * @param request A VerifyXMLSignatureRequest API object
+ *
+ * @param request A VerifyXMLSignatureRequest API object
* containing the data for verifying an XML signature.
* @return A VerifyXMLSignatureResponse containing the answert
* to the VerifyXMLSignatureRequest. MOA schema
@@ -307,16 +300,16 @@ public class XMLSignatureVerificationInvoker {
/**
* Checks if the signer certificate matches one of the allowed signer
* certificates specified in the provided trustProfile.
- *
+ *
* @param result The result produced by the
* XMLSignatureVerificationModule.
- *
+ *
* @param trustProfile The trust profile the signer certificate is validated
* against.
- *
+ *
* @return The overal result of the certificate validation for the signer
* certificate.
- *
+ *
* @throws MOAException if one of the signer certificates specified in the
* trustProfile cannot be read from the file
* system.
@@ -392,7 +385,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Select the dsig:Signature DOM element within the signature
* environment.
- *
+ *
* @param signatureEnvironment The signature environment containing the
* dsig:Signature.
* @param request The VerifyXMLSignatureRequest
@@ -425,7 +418,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Build the supplemental data objects contained in the
* VerifyXMLSignatureRequest.
- *
+ *
* @param supplements A List of
* XMLDataObjectAssociations containing the
* supplement data.
@@ -458,7 +451,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Get the supplemental data contained in the
* VerifyXMLSignatureRequest.
- *
+ *
* @param request The VerifyXMLSignatureRequest containing the
* supplemental data.
* @return A List of XMLDataObjectAssociation objects
@@ -490,7 +483,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Perform additional validations of the
* XMLSignatureVerificationResult.
- *
+ *
*
* In particular, it is verified that:
*
@@ -500,7 +493,7 @@ public class XMLSignatureVerificationInvoker {
* - The hash values of the
TransformParameters are valid.
*
*
- *
+ *
* @param request The VerifyXMLSignatureRequest containing the
* signature to verify.
* @param result The result produced by
@@ -605,7 +598,7 @@ public class XMLSignatureVerificationInvoker {
* Get all Transforms contained in all the
* VerifyTransformsInfoProfiles of the given
* ReferenceInfo.
- *
+ *
* @param refInfo The ReferenceInfo object containing the
* transformations.
* @return A List of Lists. Each of the
@@ -637,7 +630,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Build the Set of all TransformParameter URIs.
- *
+ *
* @param transformParameters The List of
* TransformParameters, as provided to
* the verification.
@@ -658,7 +651,7 @@ public class XMLSignatureVerificationInvoker {
/**
* Build a mapping between TransformParameter URIs (a
* String and dsig:HashValue (a byte[]).
- *
+ *
* @param request The VerifyXMLSignatureRequest.
* @return Map The resulting mapping.
* @throws MOAApplicationException An error occurred accessing one of the
@@ -703,7 +696,7 @@ public class XMLSignatureVerificationInvoker {
* Filter the ReferenceInfos returned by the
* VerifyXMLSignatureResult for comparison with the
* ReferenceInfo elements in the request.
- *
+ *
* @param referenceInfos The ReferenceInfos from the
* VerifyXMLSignatureResult.
* @return A List of all ReferenceInfos whose type is
diff --git a/moaSig/moa-sig/build.gradle b/moaSig/moa-sig/build.gradle
index 21bdb2c..1887479 100644
--- a/moaSig/moa-sig/build.gradle
+++ b/moaSig/moa-sig/build.gradle
@@ -21,18 +21,19 @@ dependencies {
jaxb 'com.sun.xml.bind:jaxb-xjc:4.0.5'
jaxb 'org.glassfish.jaxb:jaxb-runtime:4.0.5'
+ compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0'
+
implementation project(':common')
implementation project(':moa-sig-lib')
implementation project(':moa-asic')
implementation fileTree(dir: 'libs', include: ['*.jar'])
- compileOnly 'jakarta.servlet:jakarta.servlet-api:6.0.0'
+
implementation 'commons-discovery:commons-discovery:0.5'
implementation 'org.apache.logging.log4j:log4j-1.2-api:2.25.1'
implementation 'org.slf4j:log4j-over-slf4j:2.0.17'
implementation 'jakarta.jws:jakarta.jws-api:3.0.0'
implementation 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.2'
implementation 'ch.qos.logback:logback-classic:1.5.18'
-
implementation 'javax.activation:activation:1.1.1'
implementation 'org.eclipse.angus:angus-mail:2.0.4'
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java
index 1ee071a..92749b0 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/AbstractIntegrationTest.java
@@ -37,7 +37,6 @@ import at.gv.egovernment.moaspss.util.Constants;
import iaik.esi.sva.ConfigurationAdapter;
import iaik.pki.Configurator;
import iaik.pki.PKIFactory;
-import iaik.pki.store.certstore.CertStoreFactory;
import iaik.pki.store.truststore.TrustStoreFactory;
public abstract class AbstractIntegrationTest {
@@ -57,9 +56,9 @@ public abstract class AbstractIntegrationTest {
System.setProperty("moa.spss.server.configuration", "");
System.setProperty("iaik.esi.sva.configuration.location", "");
-
+
TrustStoreFactory.reset();
-
+
// reset TSL client
final Field field1 = TSLServiceFactory.class.getDeclaredField("tslClient");
field1.setAccessible(true);
@@ -68,32 +67,32 @@ public abstract class AbstractIntegrationTest {
final Field field5 = SQLiteDBService.class.getDeclaredField("conn");
field5.setAccessible(true);
field5.set(null, null);
-
+
final Field field6 = DatabaseServiceFactory.class.getDeclaredField("dbServices");
field6.setAccessible(true);
field6.set(null, null);
-
+
// reset MOA-SPSS configuration object
final Field field2 = ConfigurationProvider.class.getDeclaredField("instance");
field2.setAccessible(true);
field2.set(null, null);
-
+
final Field field8 = TransactionContextManager.class.getDeclaredField("instance");
field8.setAccessible(true);
field8.set(null, null);
-
+
// reset PKI module configuration
resetClassState(PKIFactory.class, "instance_", null);
// reset IAIK MOA configuration
resetClassState(Configurator.class, "C", false);
-
+
//reset ESI-SVA configuration
resetClassState(ConfigurationAdapter.class, "a", null);
- resetClassState(ConfigurationAdapter.class, "instance", null);
+ // resetClassState(ConfigurationAdapter.class, "instance", null);
//resetClassState(ConfigurationAdapter.class, "config", null);
//resetClassState(ConfigurationAdapter.class, "libraryConfig", null);
-
+
}
private static void resetClassState(Class clazz, String fieldName, Object value) {
@@ -101,16 +100,16 @@ public abstract class AbstractIntegrationTest {
Field field7 = clazz.getDeclaredField(fieldName);
if (field7 != null) {
field7.setAccessible(true);
- field7.set(null, value);
+ field7.set(null, value);
}
-
+
} catch (NoSuchFieldException | SecurityException | IllegalArgumentException | IllegalAccessException e) {
e.printStackTrace();
}
-
+
}
-
-
+
+
protected VerifyXMLSignatureRequest buildVerifyXmlRequest(final byte[] signature,
final String trustProfileID, boolean extValFlag,
final List verifyTransformsInfoProfileID, final String xpathSignatureLocation,
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
index 0c7bb63..16037d6 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/PadesIntegrationTest.java
@@ -32,19 +32,33 @@ import at.gv.egovernment.moa.spss.server.iaik.pki.PKIProfileImpl;
import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureVerificationInvoker;
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
+import at.gv.egovernment.moa.spss.server.utils.LoggerUtils;
import at.gv.egovernment.moa.spss.test.integration.utils.CertificateReader;
+import iaik.pki.KeyUsageParam;
+import iaik.pki.KeyUsageParams;
import iaik.pki.PKIFactory;
import iaik.pki.PKIModule;
import iaik.x509.X509Certificate;
+import iaik.x509.extensions.KeyUsage;
@RunWith(BlockJUnit4ClassRunner.class)
public class PadesIntegrationTest extends AbstractIntegrationTest {
+ public static boolean[] KEY_USAGE;
+
+ static {
+ KeyUsage usage = new KeyUsage(KeyUsage.digitalSignature | KeyUsage.nonRepudiation);
+ KEY_USAGE = usage.getBooleanArray();
+ }
+
CMSSignatureVerificationInvoker cadesInvoker;
@BeforeClass
public static void classInitializer() throws IOException, ConfigurationException,
NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+ LoggerUtils.fixLoggerFactory();
+
jvmStateReset();
final String current = new java.io.File(".").getCanonicalPath();
@@ -252,7 +266,6 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
}
- @Ignore
@Test
public void pkixTest() throws Exception {
final String current = new java.io.File(".").getCanonicalPath();
@@ -261,14 +274,16 @@ public class PadesIntegrationTest extends AbstractIntegrationTest {
PKIModule pkiModule = PKIFactory.getInstance().getPKIModule(
new PKIProfileImpl(ConfigurationProvider.getInstance(), "MOAIDBuergerkarteAuthentisierungsDaten"));
- //KeyUsageParams keyUsage = new KeyUsageParams();
- //keyUsage.addParam(new KeyUsageParam((boolean[]) null, KeyUsageParam.STRICT));
+ KeyUsageParams keyUsage = new KeyUsageParams();
+ keyUsage.addParam(new KeyUsageParam(KEY_USAGE, KeyUsageParam.STRICT));
pkiModule.validateCertificate(
new Date(),
chain[0],
ArrayUtils.subarray(chain, 1, chain.length),
- (boolean[]) null,
+ //(boolean[]) null,
+ // keyUsage,
+ null,
new TransactionId("aabbccdd"));
System.out.print("Finished");
diff --git a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java
index ebbc334..3f413c3 100644
--- a/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java
+++ b/moaSig/moa-sig/src/test/java/at/gv/egovernment/moa/spss/test/integration/XadesIntegrationTest.java
@@ -37,6 +37,7 @@ import at.gv.egovernment.moa.spss.server.config.ConfigurationException;
import at.gv.egovernment.moa.spss.server.init.SystemInitializer;
import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker;
import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker;
+import at.gv.egovernment.moa.spss.server.utils.LoggerUtils;
import at.gv.egovernment.moaspss.util.DOMUtils;
@RunWith(BlockJUnit4ClassRunner.class)
@@ -46,10 +47,13 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
XMLSignatureCreationInvoker xadesSignInvoker;
@BeforeClass
- public static void classInitializer() throws IOException, ConfigurationException,
+ public static void classInitializer() throws IOException, ConfigurationException,
NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException {
+
+ LoggerUtils.fixLoggerFactory();
+
jvmStateReset();
-
+
final String current = new java.io.File(".").getCanonicalPath();
System.setProperty("moa.spss.server.configuration",
current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
@@ -166,27 +170,27 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
assertEquals("used sig alg", "SHA256withRSA", result.getSignatureAlgorithm());
}
-
+
@Test
public void simpleXmlSignature() throws MOAException, ParserConfigurationException, SAXException, IOException, TransformerException {
// build request
Element xml = DOMUtils.parseXmlNonValidating(
CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_1.xml"));
CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml);
-
+
// create signature
CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET);
-
-
+
+
// verify response
assertNotNull("xadesResp", xmlResp);
assertNotNull("xadesResp elements", xmlResp.getResponseElements());
assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty());
-
- SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
+
+ SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
assertNotNull("signed xml", signedXml.getSignatureEnvironment());
-
-
+
+
// verify signature
final VerifyXMLSignatureRequest request = buildVerifyXmlRequest(
DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(),
@@ -199,7 +203,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
assertNotNull("verification result", result);
assertEquals("sigCode", 0, result.getSignatureCheck().getCode());
assertEquals("certCode", 0, result.getCertificateCheck().getCode());
-
+
}
@Test
@@ -208,20 +212,20 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
Element xml = DOMUtils.parseXmlNonValidating(
CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_2.xml"));
CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml);
-
+
// create signature
CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET);
-
-
+
+
// verify response
assertNotNull("xadesResp", xmlResp);
assertNotNull("xadesResp elements", xmlResp.getResponseElements());
assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty());
-
- SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
+
+ SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0);
assertNotNull("signed xml", signedXml.getSignatureEnvironment());
-
-
+
+
// verify signature
final VerifyXMLSignatureRequest request = buildVerifyXmlRequest(
DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(),
@@ -234,7 +238,7 @@ public class XadesIntegrationTest extends AbstractIntegrationTest {
assertNotNull("verification result", result);
assertEquals("sigCode", 0, result.getSignatureCheck().getCode());
assertEquals("certCode", 0, result.getCertificateCheck().getCode());
-
+
}
-
+
}
--
cgit v1.2.3
From 3776bd908568cf4612fa80e1ab4b576a2585fbf7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Thu, 18 Sep 2025 09:07:19 +0200
Subject: chore(core): remove deprecated API calls and fix JavaDoc
---
.../at/gv/egovernment/moaspss/util/DOMUtils.java | 20 -------------
.../gv/egovernment/moaspss/util/KeyStoreUtils.java | 2 +-
.../egovernment/moaspss/util/MOAErrorHandler.java | 4 +--
.../at/gv/egovernment/moaspss/util/MOATimer.java | 4 +--
.../VerifyASICSignatureResponseBuilder.java | 3 +-
.../gv/egovernment/moa/spss/api/SPSSFactory.java | 13 ++++-----
...ateSignatureEnvironmentProfileExplicitImpl.java | 2 +-
.../spss/api/impl/VerifyTransformsDataImpl.java | 2 +-
.../moa/spss/api/xmlbind/RequestParserUtils.java | 19 +++++++------
.../moa/spss/api/xmlbind/ResponseBuilderUtils.java | 2 +-
.../xmlbind/VerifyCMSSignatureRequestParser.java | 2 +-
.../spss/server/config/CRLDistributionPoint.java | 33 +++++++++++-----------
.../server/config/ConfigurationPartsBuilder.java | 12 ++++----
.../cmssign/CMSSignatureCreationProfileImpl.java | 19 +++++++++----
.../moa/spss/server/iaik/config/CRLRetriever.java | 1 -
.../iaik/config/DataBaseArchiveParameterImpl.java | 4 ---
.../store/truststore/TrustStoreProfileImpl.java | 7 ++---
.../invoke/CMSSignatureVerificationInvoker.java | 2 +-
.../invoke/CreateCMSSignatureResponseBuilder.java | 14 ++++-----
.../invoke/VerifyCMSSignatureResponseBuilder.java | 31 +++++++++++++-------
.../invoke/VerifyXMLSignatureResponseBuilder.java | 2 +-
.../invoke/XMLSignatureVerificationInvoker.java | 6 ++--
.../egovernment/moa/spss/util/AdESResultUtils.java | 10 +++----
.../moa/spss/util/ExternalURIVerifier.java | 4 +--
.../spss/server/service/ConfigurationServlet.java | 6 ----
25 files changed, 105 insertions(+), 119 deletions(-)
(limited to 'moaSig')
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java
index 2f96196..86d2e54 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/DOMUtils.java
@@ -315,26 +315,6 @@ public class DOMUtils {
*
* @param inputStream The InputStream
* containing the XML document.
- * @param validating If true, parse
- * validating.
- * @param externalSchemaLocations A String containing
- * namespace URI to schema location
- * pairs, the same way it is accepted
- * by the xsi:
- * schemaLocation attribute.
- * @param externalNoNamespaceSchemaLocation The schema location of the schema
- * for elements without a namespace,
- * the same way it is accepted by the
- * xsi:noNamespaceSchemaLocation
- * attribute.
- * @param entityResolver An EntityResolver to
- * resolve external entities (schemas
- * and DTDs). If null, it
- * will not be set.
- * @param errorHandler An ErrorHandler to
- * decide what to do with parsing
- * errors. If null, it
- * will not be set.
* @return The parsed XML document as a DOM tree.
* @throws SAXException An error occurred parsing the document.
* @throws IOException An error occurred reading the document.
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java
index f62b82a..94ecc8b 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/KeyStoreUtils.java
@@ -202,7 +202,7 @@ public class KeyStoreUtils {
/**
* Loads a keyStore without knowing the keyStore type
*
- * @param in input stream
+ * @param is input stream
* @param password Password protecting the keyStore
* @return keyStore loaded
* @throws KeyStoreException thrown if keyStore cannot be loaded
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java
index f4acabf..2ab55a2 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOAErrorHandler.java
@@ -113,8 +113,8 @@ public class MOAErrorHandler extends DefaultErrorHandler {
return new Object[] {
e.getMessage(),
e.getSystemId(),
- new Integer(e.getLineNumber()),
- new Integer(e.getColumnNumber()) };
+ Integer.valueOf(e.getLineNumber()),
+ Integer.valueOf(e.getColumnNumber()) };
}
}
\ No newline at end of file
diff --git a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java
index 591495a..13133ea 100644
--- a/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java
+++ b/moaSig/common/src/main/java/at/gv/egovernment/moaspss/util/MOATimer.java
@@ -70,7 +70,7 @@ public class MOATimer {
* @param id The action ID.
*/
public void startTiming(Object id) {
- timemapstart.put(id, new Long(System.currentTimeMillis()));
+ timemapstart.put(id, Long.valueOf(System.currentTimeMillis()));
}
/**
@@ -79,7 +79,7 @@ public class MOATimer {
* @param id The action ID.
*/
public void stopTiming(Object id) {
- timemapend.put(id, new Long(System.currentTimeMillis()));
+ timemapend.put(id, Long.valueOf(System.currentTimeMillis()));
}
/**
diff --git a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
index 34744ef..02fbeb2 100644
--- a/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
+++ b/moaSig/moa-asic/src/main/java/at/gv/egiz/asic/xmlbind/VerifyASICSignatureResponseBuilder.java
@@ -74,8 +74,7 @@ public class VerifyASICSignatureResponseBuilder {
* element being the XML representation of the given
* VerifyCMSSignatureResponse API object.
*
- * @param response The VerifyCMSSignatureResponse to convert to
- * XML.
+ * @param results The VerifyCMSSignatureResponse to convert to XML.
* @return A document containing the VerifyCMSSignatureResponse DOM
* element.
* @throws MOAApplicationException An error occurred building the response.
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
index d0be7d5..5d378ce 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/SPSSFactory.java
@@ -316,7 +316,7 @@ public abstract class SPSSFactory {
* @param profileID The profile ID to resolve during signature creation.
* @return The CreateSignatureEnvironmentProfile containing the
* given profile ID.
- *
+ *
* @pre profileID != null && profileID.length() > 0
* @post return != null
*/
@@ -398,8 +398,7 @@ public abstract class SPSSFactory {
/**
* Create a new SignatureEnvironmentResponse object.
*
- * @param signatureEnvironment The signature environment containing the
- * signature.
+ * @param base64value Signature as Base64 encoded data
* @return The SignatureEnvironmentResponse containing the
* signatureEnvironment.
*
@@ -959,15 +958,15 @@ public abstract class SPSSFactory {
/**
* Create a new Content object containing location reference data.
- *
+ *
* @param locationReferenceURI a URI pointing to the actual remote location of
* the content.
- *
+ *
* @param referenceURI An URI identifying the data. May be
* null.
- *
+ *
* @return The Content object containing the data.
- *
+ *
* @pre locationReferenceURI != null
* @post return != null
*/
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
index 3d5279f..ab73c22 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/CreateSignatureEnvironmentProfileExplicitImpl.java
@@ -32,7 +32,7 @@ import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
/**
* Default implementation of
- * .
+ * CreateSignatureEnvironmentProfileExplicit.
*
* @author Patrick Peck
* @version $Id$
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
index d1eebca..ed6f449 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/impl/VerifyTransformsDataImpl.java
@@ -30,7 +30,7 @@ import java.util.List;
import at.gv.egovernment.moa.spss.api.xmlverify.ReferenceInfo;
/**
- * Default implementation of .
+ * Default implementation of ReferenceInfo.
*
* @author Fatemeh Philippi
* @version $Id$
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
index 173ecbf..571977e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/RequestParserUtils.java
@@ -62,7 +62,7 @@ public class RequestParserUtils {
/**
* Parse a XMLDataObjectAssociationType kind of DOM element.
- *
+ *
* @param assocElem The XMLDataObjectAssociationType kind of DOM
* elmeent to parse.
* @return The XMLDataObjectAssociation API object containing the
@@ -79,7 +79,7 @@ public class RequestParserUtils {
/**
* Parse a MetaInfoType kind of DOM element.
- *
+ *
* @param metaInfoElem The MetaInfoType kind of DOM element.
* @return The MetaInfo API object containing the data from the
* metaInfoElem.
@@ -97,7 +97,7 @@ public class RequestParserUtils {
/**
* Parse a ContentOptionalRefType or
* ContentRequiredRefType kind of DOM element.
- *
+ *
* @param contentParentElem The DOM element being the parent of the content
* element.
* @return The Content API object containing the data from the
@@ -127,7 +127,7 @@ public class RequestParserUtils {
/**
* Get the signing time from a Verfiy(CMS|XML)SignatureRequest.
- *
+ *
* @param requestElem A Verify(CMS|XML)SignatureRequest DOM
* element.
* @param dateTimeXPath The XPath to lookup the DateTime element
@@ -162,11 +162,12 @@ public class RequestParserUtils {
/**
* Get the signing time from a Verfiy(CMS|XML)SignatureRequest.
- *
- * @param requestElem A Verify(CMS|XML)SignatureRequest DOM
- * element.
- * @param dateTimeXPath The XPath to lookup the DateTime element
- * within the request.
+ *
+ * @param requestElem A Verify(CMS|XML)SignatureRequest
+ * DOM element.
+ * @param extendedValidationXPath The XPath to lookup the DateTime
+ * element within the request.
+ * @param defaultValue Default value if XPath value is null or empty
* @return Date The date and time corresponding to the DateTime
* element in the request. If no DateTime element exists in
* the request, null is returned.
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
index 1156aa1..daf3802 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/ResponseBuilderUtils.java
@@ -499,7 +499,7 @@ public class ResponseBuilderUtils {
* element.
* @param elementName The name of the newly created element.
* @param code The content of the Code subelement.
- * @param info The content of the Info subelement.
+ * @param name The content of the Info subelement.
*/
public static void addFormCheckElement(
Document response,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
index bcab978..1279d73 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/api/xmlbind/VerifyCMSSignatureRequestParser.java
@@ -171,7 +171,7 @@ public class VerifyCMSSignatureRequestParser {
// put the signatories into a List
while (tokenizer.hasMoreTokens()) {
try {
- signatoriesList.add(new Integer(tokenizer.nextToken()));
+ signatoriesList.add(Integer.valueOf(tokenizer.nextToken()));
} catch (final NumberFormatException e) {
// this cannot occur if the request has been validated
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
index bf11240..0f1a57d 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/CRLDistributionPoint.java
@@ -50,18 +50,19 @@ public class CRLDistributionPoint extends DistributionPoint implements
// create the mapping between reason code strings and their integer
// values
- RC_MAPPING.put("unused", new Integer(iaik.asn1.structures.DistributionPoint.unused));
- RC_MAPPING.put("keyCompromise", new Integer(iaik.asn1.structures.DistributionPoint.keyCompromise));
- RC_MAPPING.put("cACompromise", new Integer(iaik.asn1.structures.DistributionPoint.cACompromise));
- RC_MAPPING.put("affiliationChanged", new Integer(
+ RC_MAPPING.put("unused", Integer.valueOf(iaik.asn1.structures.DistributionPoint.unused));
+ RC_MAPPING.put("keyCompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.keyCompromise));
+ RC_MAPPING.put("cACompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.cACompromise));
+ RC_MAPPING.put("affiliationChanged", Integer.valueOf(
iaik.asn1.structures.DistributionPoint.affiliationChanged));
- RC_MAPPING.put("superseded", new Integer(iaik.asn1.structures.DistributionPoint.superseded));
+ RC_MAPPING.put("superseded", Integer.valueOf(iaik.asn1.structures.DistributionPoint.superseded));
RC_MAPPING.put("cessationOfOperation",
- new Integer(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
- RC_MAPPING.put("certificateHold", new Integer(iaik.asn1.structures.DistributionPoint.certificateHold));
- RC_MAPPING.put("privilegeWithdrawn", new Integer(
+ Integer.valueOf(iaik.asn1.structures.DistributionPoint.cessationOfOperation));
+ RC_MAPPING.put("certificateHold", Integer.valueOf(
+ iaik.asn1.structures.DistributionPoint.certificateHold));
+ RC_MAPPING.put("privilegeWithdrawn", Integer.valueOf(
iaik.asn1.structures.DistributionPoint.privilegeWithdrawn));
- RC_MAPPING.put("aACompromise", new Integer(iaik.asn1.structures.DistributionPoint.aACompromise));
+ RC_MAPPING.put("aACompromise", Integer.valueOf(iaik.asn1.structures.DistributionPoint.aACompromise));
}
/**
@@ -76,12 +77,12 @@ public class CRLDistributionPoint extends DistributionPoint implements
/**
* Create a CRLDistributionPoint.
- *
+ *
* @param issuerName The name of the CA issuing the CRL referred to by this
* DP.
- *
+ *
* @param uri The URI of the distribution point.
- *
+ *
* @param reasonCodeStr A list of reason codes (a space-separated enumeration).
*/
public CRLDistributionPoint(String issuerName, String uri, String reasonCodeStr) {
@@ -101,7 +102,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
/**
* Convert a list of reason codes provided as a String to a binary
* representation.
- *
+ *
* @param reasonCodeStr A String containing a blank-separated,
* textual representation of reason codes.
* @return int A binary representation of reason codes.
@@ -143,7 +144,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
/**
* Return a binary representation of the reason codes of this distribution
* point.
- *
+ *
* @return The binary representation of the reason codes.
*/
@Override
@@ -153,7 +154,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
/**
* Return a String representation of this distribution point.
- *
+ *
* @return The String representation of this distribution point.
* @see java.lang.Object#toString()
*/
@@ -163,7 +164,7 @@ public class CRLDistributionPoint extends DistributionPoint implements
}
/**
- * @see iaik.pki.revocation.CRLDistributionPoint#getIssuerName()
+ * Get CRL issuer-name.
*/
public String getIssuerName() {
return issuerName_;
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index ff2f9a5..09ec921 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -581,7 +581,7 @@ public class ConfigurationPartsBuilder {
entry = new BlackListEntry(host, -1);
info("config.34", new Object[] { host });
} else {
- entry = new BlackListEntry(host, new Integer(port).intValue());
+ entry = new BlackListEntry(host, Integer.valueOf(port).intValue());
info("config.34", new Object[] { host + ":" + port });
}
@@ -631,7 +631,7 @@ public class ConfigurationPartsBuilder {
entry = new WhiteListEntry(host, -1);
info("config.49", new Object[] { host });
} else {
- entry = new WhiteListEntry(host, new Integer(port).intValue());
+ entry = new WhiteListEntry(host, Integer.valueOf(port).intValue());
info("config.49", new Object[] { host + ":" + port });
}
@@ -1522,7 +1522,7 @@ public class ConfigurationPartsBuilder {
* Returns the JDBC URL for the revocation archive database.
*
* @return the JDBC URL for the revocation archive database, or
- * nullnull, if the corresponding parameter is not set in the
* configuration.
*/
public String getRevocationArchiveJDBCURL() {
@@ -1534,7 +1534,7 @@ public class ConfigurationPartsBuilder {
* Returns the JDBC driver class name for the revocation archive database.
*
* @return the JDBC driver class name for the revocation archive database, or
- * nullnull, if the corresponding parameter is not set in the
* configuration.
*/
public String getRevocationArchiveJDBCDriverClass() {
@@ -1780,7 +1780,7 @@ public class ConfigurationPartsBuilder {
while ((modElem = (Element) modIter.nextNode()) != null) {
final String x509IssuerName = getElementValue(modElem, CONF + "X509IssuerName", null);
final String i = getElementValue(modElem, CONF + "Interval", null);
- final Integer interval = new Integer(i);
+ final Integer interval = Integer.valueOf(i);
map.put(ConfigurationProvider.normalizeX500Names(x509IssuerName), interval);
}
@@ -1880,7 +1880,7 @@ public class ConfigurationPartsBuilder {
final String x509IssuerName = ConfigurationProvider.normalizeX500Names(
getElementValue(modElem, CONF + "X509IssuerName", null));
final String i = getElementValue(modElem, CONF + "ValidityPeriod", null);
- final Integer interval = new Integer(i);
+ final Integer interval = Integer.valueOf(i);
map.put(x509IssuerName, interval);
Logger.debug("Set shortTimePeriodInterval: " + interval + " for Issuer: " + x509IssuerName);
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
index b43ec2f..e5b6025 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/cmssign/CMSSignatureCreationProfileImpl.java
@@ -81,13 +81,20 @@ public class CMSSignatureCreationProfileImpl
}
/**
- * Create a new XMLSignatureCreationProfileImpl.
+ * Creates a CMS based signature-creation profile.
*
- * @param createProfileCount Provides external information about the number of
- * calls to the signature creation module, using the
- * same request.
- * @param reservedIDs The set of IDs that must not be used while
- * generating new IDs.
+ * @param keySet Set of signing keys
+ * @param digestMethod Hash algorithm
+ * @param signedProperties List of signing properties
+ * @param securityLayerConform If true create a CAdES-B signature,
+ * otherwise CMS signature
+ * @param includeData If true create an embedded
+ * signature, otherwise a detached
+ * @param mimeType MimeType to be set
+ * @param isPAdESConform If true signature fulfill PAdES
+ * requirements
+ * @param rsaSsaPss If true use RSASSA-PSS algorithms,
+ * otherwise RSA#1.5
*/
public CMSSignatureCreationProfileImpl(
Set keySet,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
index d1b776b..befeab7 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/CRLRetriever.java
@@ -43,7 +43,6 @@ import iaik.pki.store.revocation.RevocationStoreException;
* A customized implementation of
* {@link iaik.pki.store.revocation.RevocationInfoRetriever}. Will be used
* instead of the default implementation
- * {@link iaik.pki.store.revocation.CRLRetriever} to overcome a classloader
* problem in connection with the {@link java.net.URL} class in a Tomcat
* deployment environment.
*
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
index 22cceeb..0e12f89 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/config/DataBaseArchiveParameterImpl.java
@@ -28,7 +28,6 @@ import iaik.pki.store.revocation.archive.DataBaseArchiveParameters;
/**
* An implementation of the DataBaseArchiveParameter interface.
*
- * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter
* @author Patrick Peck
* @version $Id$
*/
@@ -46,9 +45,6 @@ public class DataBaseArchiveParameterImpl implements DataBaseArchiveParameters {
this.jDBCUrl = jDBCUrl;
}
- /**
- * @see iaik.pki.store.revocation.archive.db.DataBaseArchiveParameter#getJDBCUrl()
- */
@Override
public String getJDBCUrl() {
return jDBCUrl;
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
index 9ef3764..7a036ec 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/pki/store/truststore/TrustStoreProfileImpl.java
@@ -60,10 +60,9 @@ public class TrustStoreProfileImpl implements TrustStoreProfile {
/**
* Create a new TrustStoreProfileImpl.
*
- * @param config The MOA configuration data, from which trust store
- * configuration data is read.
- * @param trustProfileId The trust profile id on which this
- * TrustStoreProfile is based.
+ * @param trustProfileId The trust profile id on which this
+ * TrustStoreProfile is based.
+ * @param trustProfileUri File path to trust profile
* @throws MOAApplicationException The trustProfileId could not be
* found in the MOA configuration.
*/
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
index 19b3a12..7aca40e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CMSSignatureVerificationInvoker.java
@@ -248,7 +248,7 @@ public class CMSSignatureVerificationInvoker {
handlePDFResult(resultObject, responseBuilder, trustProfile);
}
} catch (final IndexOutOfBoundsException e) {
- throw new MOAApplicationException("2249", new Object[] { new Integer(sigIndex) });
+ throw new MOAApplicationException("2249", new Object[] { Integer.valueOf(sigIndex) });
}
}
}
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
index bc5d884..bca9b8e 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/CreateCMSSignatureResponseBuilder.java
@@ -69,12 +69,12 @@ public class CreateCMSSignatureResponseBuilder {
/**
* Add a SignatureEnvironment element to the response.
*
- * @param signatureEnvironment The content to put under the
- * SignatureEnvironment element. This
- * should either be a dsig:Signature
- * element (in case of a detached signature) or the
- * signature environment containing the signature
- * (in case of an enveloping signature).
+ * @param base64value The content to put under the
+ * SignatureEnvironment element. This should
+ * either be a dsig:Signature element (in case
+ * of a detached signature) or the signature environment
+ * containing the signature (in case of an enveloping
+ * signature).
*/
public void addCMSSignature(String base64value) {
final CMSSignatureResponse responseElement =
@@ -84,7 +84,7 @@ public class CreateCMSSignatureResponseBuilder {
/**
* Add a ErrorResponse element to the response.
- *
+ *
* @param errorCode The error code.
* @param info Additional information about the error.
*/
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
index 813d28e..79b4c29 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyCMSSignatureResponseBuilder.java
@@ -74,15 +74,26 @@ public class VerifyCMSSignatureResponseBuilder {
/**
* Add a verification result to the response.
*
- * @param result The result to add.
- * @param trustprofile The actual trustprofile
- * @param checkQCFromTSL true, if the TSL check verifies the
- * certificate as qualified, otherwise false.
- * @param checkSSCD true, if the TSL check verifies the
- * signature based on a SSDC, otherwise
- * false.
- * @param sscdSourceTSL true, if the SSCD information comes from
- * the TSL, otherwise false.
+ * @param result The result to add.
+ * @param trustProfile The actual trustprofile
+ * @param checkQC true, if the TSL check
+ * verifies the certificate as qualified,
+ * otherwise false.
+ * @param qcSourceTSL if QC info comes from the TSL,
+ * otherwise false.
+ * @param checkSSCD true, if the TSL check
+ * verifies the signature based on a SSDC,
+ * otherwise false.
+ * @param sscdSourceTSL true, if the SSCD
+ * information comes from the TSL,
+ * otherwise false.
+ * @param issuerCountryCode TSL issuer country
+ * @param adesResults Form validation results
+ * @param extendedCertificateCheckResult Extended validation results
+ * @param tslInfos Full TSL validation result
+ * @param extendedVerification true if extended
+ * validation was used, otherwise
+ * false
* @throws MOAException
*/
public void addResult(CMSSignatureVerificationResult result, TrustProfile trustProfile, boolean checkQC,
@@ -150,7 +161,7 @@ public class VerifyCMSSignatureResponseBuilder {
}
/**
- *
+ *
* @param result
* @param trustProfile
* @param checkQC
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
index 7e882ed..25ce8d1 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/VerifyXMLSignatureResponseBuilder.java
@@ -515,7 +515,7 @@ public class VerifyXMLSignatureResponseBuilder {
try {
if (refInfo.isHashCalculated() && !refInfo.isHashValid()) {
- failedReferencesList.add(new Integer(i + 1));
+ failedReferencesList.add(Integer.valueOf(i + 1));
}
} catch (final HashUnavailableException e) {
// nothing to do here because we called refInfo.isHashCalculated first
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
index 2973b36..0fb2d82 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureVerificationInvoker.java
@@ -539,7 +539,7 @@ public class XMLSignatureVerificationInvoker {
}
if (!found) {
- final Integer refIndex = new Integer(refData.getReferenceIndex());
+ final Integer refIndex = Integer.valueOf(refData.getReferenceIndex());
final String logMsg = msg.getMessage("invoker.01", new Object[] { refIndex });
failedReferencesList.add(refIndex);
@@ -581,8 +581,8 @@ public class XMLSignatureVerificationInvoker {
final int[] failedReferences = new int[] { ref.getReferenceIndex() };
final ReferencesCheckResultInfo checkInfo = factory.createReferencesCheckResultInfo(null,
failedReferences);
- final String logMsg = msg.getMessage("invoker.02", new Object[] { new Integer(ref
- .getReferenceIndex()) });
+ final String logMsg = msg.getMessage("invoker.02", new Object[] {
+ Integer.valueOf(ref.getReferenceIndex()) });
Logger.debug(new LogMsg(logMsg));
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
index 8e37b1c..8dd2a8b 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/AdESResultUtils.java
@@ -21,8 +21,8 @@ import iaik.server.modules.resultcodes.ResultCodeValid;
public class AdESResultUtils {
- private static final int MAJORRESULTCODESKIPPED = new Integer(3);
- private static final int MAJORRESULTCODEERROR = new Integer(4);
+ private static final int MAJORRESULTCODESKIPPED = Integer.valueOf(3);
+ private static final int MAJORRESULTCODEERROR = Integer.valueOf(4);
public static Integer getResultCode(Integer adesCode) {
return adesCode;
@@ -114,9 +114,9 @@ public class AdESResultUtils {
minorInfo = "UNKNOWN_SUBFILTER";
} else if (resultCode.getCode().equals(ResultCode.CODE_NO_SIGNER_CERTIFICATE_FOUND)) {
minorInfo = "NO_SIGNER_CERTIFICATE_FOUND";
-
-
-
+
+
+
// pdf-as 3.x detection is removed from MOA-SP since 3.1.2
} else if (resultCode.getCode().equals(ResultCode.PDF_AS_SIGNATURE)) {
// minorInfo = "PDF_AS_SIGNATURE";
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
index be40a9e..221c361 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/util/ExternalURIVerifier.java
@@ -47,7 +47,7 @@ public class ExternalURIVerifier {
}
} else {
// check host and port
- final int iport = new Integer(bport).intValue();
+ final int iport = Integer.valueOf(bport).intValue();
if (ip.startsWith(bhost) && iport == port) {
Logger.debug(new LogMsg("Blacklist check: " + host + ":" + port + " (" + ip + ":" + port
+ " blacklisted"));
@@ -75,7 +75,7 @@ public class ExternalURIVerifier {
}
} else {
// check host and port
- final int iport = new Integer(bport).intValue();
+ final int iport = Integer.valueOf(bport).intValue();
if (ip.startsWith(bhost) && iport == port) {
Logger.debug(new LogMsg("Whitelist check: " + host + ":" + port + " (" + ip + ":" + port
+ " whitelisted"));
diff --git a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
index 6127305..49047d7 100644
--- a/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
+++ b/moaSig/moa-sig/src/main/java/at/gv/egovernment/moa/spss/server/service/ConfigurationServlet.java
@@ -62,8 +62,6 @@ public class ConfigurationServlet extends HttpServlet {
* Handle a HTTP GET request, used to indicated that the MOA configuration needs
* to be updated (reloaded).
*
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest,
- * HttpServletResponse)
*/
@Override
@SuppressWarnings({ "rawtypes", "unchecked" })
@@ -125,8 +123,6 @@ public class ConfigurationServlet extends HttpServlet {
/**
* Do the same as doGet.
*
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest,
- * HttpServletResponse)
*/
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
@@ -140,8 +136,6 @@ public class ConfigurationServlet extends HttpServlet {
*
* Does an initial load of the MOA configuration to test if a working web
* service can be provided.
- *
- * @see javax.servlet.GenericServlet#init()
*/
@Override
public void init() throws ServletException {
--
cgit v1.2.3
From 5ab9024ebfdab0039488a471ab04bc94b604b771 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 19 Sep 2025 12:07:10 +0200
Subject: fix(core): wrong selection of RSASSA-PSS in case of XML signatures
---
.../xmlsign/XMLSignatureCreationProfileImpl.java | 23 ++++++++++++++++++----
.../invoke/XMLSignatureCreationProfileFactory.java | 7 +++++++
2 files changed, 26 insertions(+), 4 deletions(-)
(limited to 'moaSig')
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
index 76814a4..b0fea7f 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/iaik/xmlsign/XMLSignatureCreationProfileImpl.java
@@ -26,6 +26,8 @@ package at.gv.egovernment.moa.spss.server.iaik.xmlsign;
import java.util.List;
import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
+
import at.gv.egovernment.moa.spss.server.logging.TransactionId;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContext;
import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager;
@@ -163,6 +165,14 @@ public class XMLSignatureCreationProfileImpl
@Override
public String getSignatureAlgorithmName(KeyEntryID selectedKeyID)
throws AlgorithmUnavailableException {
+ String sigAlgIdentifier = getInternalSignatureAlgorithmName(selectedKeyID);
+ Logger.debug("Selected SignatureAlgorithmIdentifier: " + sigAlgIdentifier);
+ return sigAlgIdentifier;
+
+ }
+
+ private String getInternalSignatureAlgorithmName(KeyEntryID selectedKeyID)
+ throws AlgorithmUnavailableException {
final TransactionContext context =
TransactionContextManager.getInstance().getTransactionContext();
@@ -178,14 +188,16 @@ public class XMLSignatureCreationProfileImpl
e,
null);
}
+ Logger.trace("RSASSA-PSS: " + rsaSsaPss + " XAdESDigistAlg: " + digestMethodXAdES142
+ + " Algorithms: " + StringUtils.join(algorithms, ","));
// TODO: maybe add support for parameterized RSASSA-PSS
-
if (digestMethodXAdES142 == null) {
// XAdES 1.4.2 not enabled - legacy MOA
- if (rsaSsaPss && algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)
- || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)
- || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1)) {
+ if (rsaSsaPss
+ && (algorithms.contains(SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1)
+ || algorithms.contains(SignatureAlgorithms.SHA384_WITH_RSA_AND_MGF1)
+ || algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA_AND_MGF1))) {
return SignatureAlgorithms.SHA256_WITH_RSA_AND_MGF1;
} else if (algorithms.contains(SignatureAlgorithms.MD2_WITH_RSA)
@@ -198,10 +210,13 @@ public class XMLSignatureCreationProfileImpl
|| algorithms.contains(SignatureAlgorithms.SHA512_WITH_RSA)) {
return SignatureAlgorithms.SHA256_WITH_RSA;
+
} else if (algorithms.contains(SignatureAlgorithms.ECDSA)) {
return SignatureAlgorithms.ECDSA;
+
} else if (algorithms.contains(SignatureAlgorithms.DSA)) {
return SignatureAlgorithms.DSA;
+
} else {
throw new AlgorithmUnavailableException(
"No algorithm for key entry: " + selectedKeyID,
diff --git a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index 7585ac7..46c4983 100644
--- a/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/moaSig/moa-sig-lib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -266,6 +266,13 @@ public class XMLSignatureCreationProfileFactory {
throws MOASystemException {
final Boolean useRsaSsaPssKg = config.getKeyGroup(keyGroupID).isUseRsaSsaPass();
final boolean configUseRsaSsaPss = config.isUseRsaSsaPss();
+
+ Logger.trace("Config using RSASSA-PSS. KeyStore: "
+ + useRsaSsaPssKg != null
+ ? useRsaSsaPssKg
+ : "NOT-DEFINED"
+ + " Default: " + config);
+
return useRsaSsaPssKg != null ? useRsaSsaPssKg : configUseRsaSsaPss;
}
--
cgit v1.2.3
From 63f5b1ebefb493337a0a82825b70fcffeedbae61 Mon Sep 17 00:00:00 2001
From: Thomas Lenz
Date: Fri, 19 Sep 2025 13:28:04 +0200
Subject: chore(core): switch to release version of moa-tsl-lib
---
moaSig/moa-sig-lib/build.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'moaSig')
diff --git a/moaSig/moa-sig-lib/build.gradle b/moaSig/moa-sig-lib/build.gradle
index 1dd0897..c5187a6 100644
--- a/moaSig/moa-sig-lib/build.gradle
+++ b/moaSig/moa-sig-lib/build.gradle
@@ -21,7 +21,7 @@ dependencies {
api fileTree(dir: '../libs', include: ['*.jar'])
// api fileTree(dir: '../libs_debug', include: ['*.jar'])
- api 'at.gv.egovernment.moa.sig:tsl-lib:2.2.0-SNAPSHOT'
+ api 'at.gv.egovernment.moa.sig:tsl-lib:2.2.0'
api 'commons-logging:commons-logging:1.3.5'
api 'commons-io:commons-io:2.20.0'
api 'commons-codec:commons-codec:1.19.0'
--
cgit v1.2.3