diff options
| author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-13 10:10:22 +0200 |
|---|---|---|
| committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-13 10:10:22 +0200 |
| commit | 62601fb50b606f812933f746f126dda0b8139911 (patch) | |
| tree | d2f1f88a937884029822d81530a547f74297c737 /readme.md | |
| parent | e165ef27812874bee7062a4e7ecc8bec99ced328 (diff) | |
| download | moa-zs-62601fb50b606f812933f746f126dda0b8139911.tar.gz moa-zs-62601fb50b606f812933f746f126dda0b8139911.tar.bz2 moa-zs-62601fb50b606f812933f746f126dda0b8139911.zip | |
Fix moa-sig-lib's Integration Issues
Fixing "ASN.1 creation error: iaik.asn1.CodingException: Length: Too
large ASN.1 object: 109"
- Set fallback value ('jks') for system property
'javax.net.ssl.keyStoreType' and 'javax.net.ssl.trustStoreType'. If
system property is not defined, MoaSigConfig falls back to value
from spring environment. Reason: Without this property explicitly
set to JKS, the inclusion of eaaf-components-moa-sig-lib breaks the
HTTP client builder and the ASN.1 creation error arises. See [1] for
explanation.
- Why fall back: Allows a user to configure these parameters via
command line, but gives meaningful defaults in case of absent
command line properties. Furthermore, these parameters can be configured via
application.yaml or .properties.
Others:
- Set fallback value for system property
'moa.spss.server.configuration'. If system property is not defined,
fall back to value from spring environment. Reason: Allows a user to
configure these parameters via command line while providing
meaningful defaults in case of absent command line properties.
- Add switch 'moa.spss.is-active' to enable / disable signature verification.
- Change log levels of at.gv.* and iaik.* packages to INFO
- Add default certstore (copied from EAAF Components).
- Add mzs root certificate to cert- and truststore.
- Update readme's installation requirements and guide.
Refactor:
- Extract public interface of SignatureVerification class.
- Rename trustprofile folder.
[1] Why eaaf-components-moa-sig-lib breaks HTTP client:
- Including eaaf-components-moa-sig-lib includes IAIK's jca/jce and
xsect, which in turn injects the iaik provider for cryptographic
operations and its own key store (iaik.pkcs.pkcs12.PKCS12KeyStore).
- The Apache HTTP client builder will ask for a
java.base/javax.net.ssl.SSLSocketFactory because it creates an SSL
context, even if the connection runs without SSL.
- Somewhere down the stack, this will trigger the TrustStoreManager to
hand over the systems default trust store (a JKS file) to IAIK's
PKCS12KeyStore. This happens if the type properties of the trust
stores are not set.
- Oracle relaxed a precondition of this trust store (somewhere in
between Java 8 and 11) in the TrustStoreManager: Formerly, the trust
store was a JKS object. Now, the trust store can be both a JKS and a
PKCS12 object. The TrustStoreManager expects the key store to handle
both types, and Oracle's keystore does. However, IAIK's key store
cannot handle a JKS object, but since eaaf-components-moa-sig-lib
was included, the IAIK key store comes first.
- PKCS12KeyStore expects a PKCS12 file but receives a JKS file ->
Parser Error.
Diffstat (limited to 'readme.md')
| -rw-r--r-- | readme.md | 53 |
1 files changed, 42 insertions, 11 deletions
@@ -1,12 +1,19 @@ # MOA ZS -## Prepare Repo +## Prepare for Compilation -Some dependencies are not in the mvn central repo. You need to install -those dependencies to your local maven repository with `mvn install`. -Check `pom.xml` and follow the instructions. +For compiling MOAZS, do the following: +1. Checkout MoaZS repository (directory name `moazs.git`) +2. Install `at.gv.egiz.eaaf.eaaf_module_moa-sig` to local repository. +3. Install `at.gv.util.egovutils` to local mvn repository. +4. Make `eaaf_module_moa-sig`'s transitive dependencies available by copying or symlinking `eaaf_module_moa-sig`'s repository into MOAZS repository. -## How to install `eaaf_module_moa-sig` +Certain artifacts are not in the mvn central repo. You need to +install those articats to your local maven repository. + +### How to Install `at.gv.egiz.eaaf.eaaf_module_moa-sig` + +Requirements: JDK 1.8 ``` export EAAF_COMPONENTS_VERSION=1.0.7 @@ -14,16 +21,40 @@ cd /path/to/working/dir git clone https://gitlab.iaik.tugraz.at/egiz/eaaf_components/ cd eaaf_components git checkout $EAAF_COMPONENTS_VERSION -mvn package javadoc:jar sources:jar -mvn install:install-file -DgroupId=at.gv.egiz.eaaf -DartifactId=eaaf_module_moa-sig \ - -Dversion=$EAAF_COMPONENTS_VERSION -Dpackaging=jar \ - -Dfile=eaaf_modules/eaaf_module_moa-sig/target/eaaf_module_moa-sig-$EAAF_COMPONENTS_VERSION.jar \ - -Djavadoc=eaaf_modules/eaaf_module_moa-sig/target/eaaf_module_moa-sig-$EAAF_COMPONENTS_VERSION-javadoc.jar \ - -Dsources=eaaf_modules/eaaf_module_moa-sig/target/eaaf_module_moa-sig-$EAAF_COMPONENTS_VERSION-sources.jar +mvn clean package source:jar install +``` +### How to Install `at.gv.util.egovutils` + +Requirements: JDK 1.8 + +``` +export EGOV_UTILS_VERSION=2.0.7-snapshot +cd /path/to/working/dir +git clone https://gitlab.iaik.tugraz.at/egiz/egovutils +cd egovutils +git checkout $EGOV_UTILS_VERSION +mvn clean package install +``` + +### Workaround: Make eaaf_module_moa-sig's Transitive Dependencies Available + +`eaaf_module_moa-sig` depends on artifacts that are also not in mvn's +central repo. You can make them available by copying or symlinking to +the repository directory in +https://gitlab.iaik.tugraz.at/egiz/eaaf_components/tree/master/eaaf_modules/eaaf_module_moa-sig/repository + +``` +cd moazs.git +# symlink to moa sig's artifacts +ln -s <path-to-local-eaaf-components-git-repo>/eaaf_modules/eaaf_module_moa-sig/repository +# copy repository +cp <path-to-local-eaaf-components-git-repo>/eaaf_modules/eaaf_module_moa-sig/repository . ``` ## Compile & Test +Requirements: openJDK 11 + ``` mvn test ``` |