diff options
| author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-19 10:46:15 +0200 |
|---|---|---|
| committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-19 10:46:15 +0200 |
| commit | 5d183fd9535d80e5066647e0501da881bcac4d58 (patch) | |
| tree | 5de251fdde379644e36bace245cf831805faac5d /src/main/java/at/gv/egiz/moazs/config | |
| parent | 2a765b9c3a0d20bf2794c569f584bde05fb21d16 (diff) | |
| download | moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.tar.gz moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.tar.bz2 moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.zip | |
Finalize moa-sig-lib's Integration and Add Testcase
- Interpret `ISignatureVerificationService` response properly (by
following security layer spec [1] and moaspss handbook [2]).
- Add config flag `moa.spss.is-manifest-check-active`
- Change SignatureVerifier Interface: Remove @return boolean, just
throw an exception when a validation error occurs. Reason: In case
the signature cannot be validated, the application always needs the
reason for the validation error, which requires the verifier to
throw an exception. In turn, the only valid return value for
`verify()` becomes `true`, which can be omitted at that point.
- Add testcase for verifying a valid enveloped xml signature
- Remove Certificates that are not needed.
[1] https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html
[2] https://apps.egiz.gv.at/handbooks/moa-spss/handbook/handbook/usage/usage.html
Diffstat (limited to 'src/main/java/at/gv/egiz/moazs/config')
| -rw-r--r-- | src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java index 84e5299..05ecac1 100644 --- a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java +++ b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java @@ -90,13 +90,14 @@ public class MoaSigConfig { } @Bean - public SignatureVerifier signatureVerifier(@Value("${moa.spss.is-active}") boolean isMoaSPSSActive) { + public SignatureVerifier signatureVerifier(@Value("${moa.spss.is-active}") boolean isMoaSPSSActive, + @Value("${moa.spss.is-manifest-check-active}") boolean isManifestCheckActive) { if (isMoaSPSSActive) { log.info("Moa SPSS is active. Signatures in SOAP Messages will be verified."); - return new MoaSPSSSignatureVerifier(moaSigVerifyService(), defaultTrustProfile); + return new MoaSPSSSignatureVerifier(moaSigVerifyService(), defaultTrustProfile, isManifestCheckActive); } else { log.warn("Moa SPSS is not active. Signatures in SOAP Messages will not be verified."); - return signedXMLdocument -> true; + return signedXMLdocument -> {}; } } } |