Fix moa-sig-lib's Integration Issues

Fixing "ASN.1 creation error: iaik.asn1.CodingException: Length: Too
large ASN.1 object: 109"
- Set fallback value ('jks') for system property
  'javax.net.ssl.keyStoreType' and 'javax.net.ssl.trustStoreType'. If
  system property is not defined, MoaSigConfig falls back to value
  from spring environment. Reason: Without this property explicitly
  set to JKS, the inclusion of eaaf-components-moa-sig-lib breaks the
  HTTP client builder and the ASN.1 creation error arises. See [1] for
  explanation.
- Why fall back: Allows a user to configure these parameters via
  command line, but gives meaningful defaults in case of absent
  command line properties. Furthermore, these parameters can be configured via
  application.yaml or .properties.

Others:
- Set fallback value for system property
  'moa.spss.server.configuration'. If system property is not defined,
  fall back to value from spring environment. Reason: Allows a user to
  configure these parameters via command line while providing
  meaningful defaults in case of absent command line properties.
- Add switch 'moa.spss.is-active' to enable / disable signature verification.
- Change log levels of at.gv.* and iaik.* packages to INFO
- Add default certstore (copied from EAAF Components).
- Add mzs root certificate to cert- and truststore.
- Update readme's installation requirements and guide.

Refactor:
- Extract public interface of SignatureVerification class.
- Rename trustprofile folder.

[1] Why eaaf-components-moa-sig-lib breaks HTTP client:
- Including eaaf-components-moa-sig-lib includes IAIK's jca/jce and
  xsect, which in turn injects the iaik provider for cryptographic
  operations and its own key store (iaik.pkcs.pkcs12.PKCS12KeyStore).
- The Apache HTTP client builder will ask for a
  java.base/javax.net.ssl.SSLSocketFactory because it creates an SSL
  context, even if the connection runs without SSL.
- Somewhere down the stack, this will trigger the TrustStoreManager to
  hand over the systems default trust store (a JKS file) to IAIK's
  PKCS12KeyStore. This happens if the type properties of the trust
  stores are not set.
- Oracle relaxed a precondition of this trust store (somewhere in
  between Java 8 and 11) in the TrustStoreManager: Formerly, the trust
  store was a JKS object. Now, the trust store can be both a JKS and a
  PKCS12 object. The TrustStoreManager expects the key store to handle
  both types, and Oracle's keystore does. However, IAIK's key store
  cannot handle a JKS object, but since eaaf-components-moa-sig-lib
  was included, the IAIK key store comes first.
- PKCS12KeyStore expects a PKCS12 file but receives a JKS file ->
  Parser Error.

1 files changed, 75 insertions, 3 deletions

diff --git a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
index e96d851..6a5eb39 100644
--- a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
+++ b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
@@ -2,19 +2,80 @@ package at.gv.egiz.moazs.config;
 
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
 import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService;
+import at.gv.egiz.moazs.msg.MoaSPSSSignatureVerifier;
+import at.gv.egiz.moazs.msg.SignatureVerifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
+import java.io.File;
+import java.io.FileNotFoundException;
+
+
 @Configuration
 public class MoaSigConfig {
 
+    private static final Logger log = LoggerFactory.getLogger(MoaSigConfig.class);
+
+    private static final String MOA_SPSS_CONFIG_FILE_PROPERTY = "moa.spss.server.configuration";
+    private static final String JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY = "javax.net.ssl.trustStoreType";
+    private static final String JAVAX_SSL_KEYSTORE_TYPE_PROPERTY = "javax.net.ssl.keyStoreType";
+
+    private final String trustStoreType;
+    private final String keyStoreType;
     private final String defaultTrustProfile;
+    private final String spssConfigFilePath;
 
-    public MoaSigConfig(@Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile,
-                        @Value("${moa.spss.server.configuration}") String serverConfigUrl) {
+    public MoaSigConfig(@Value("${javax.net.ssl.trustStoreType}") String trustStoreType,
+                        @Value("${javax.net.ssl.keyStoreType}") String keyStoreType,
+                        @Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile,
+                        @Value("${moa.spss.server.configuration}") String spssConfigFilePath) throws FileNotFoundException {
+        this.trustStoreType = trustStoreType;
+        this.keyStoreType = keyStoreType;
         this.defaultTrustProfile = defaultTrustProfile;
-        System.getProperties().setProperty("moa.spss.server.configuration", serverConfigUrl);
+        this.spssConfigFilePath = spssConfigFilePath;
+        fallBackToSpringEnvForMoaSPSSConfigProperty();
+        fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty();
+    }
+
+    private void fallBackToSpringEnvForMoaSPSSConfigProperty() throws FileNotFoundException {
+        log.info("value of spssConfigFilePath is {}", spssConfigFilePath);
+
+        if(System.getProperty(MOA_SPSS_CONFIG_FILE_PROPERTY) == null) {
+            var realPath = determinePath(spssConfigFilePath);
+            var realFile = new File(realPath);
+
+            if(realFile.exists() && realFile.canRead()) {
+                log.info("Set system property '{}' to {}", MOA_SPSS_CONFIG_FILE_PROPERTY, realPath);
+                System.getProperties().setProperty(MOA_SPSS_CONFIG_FILE_PROPERTY, realPath);
+            } else {
+                throw new FileNotFoundException("File '" + realPath + "' does not exist or is not readable.");
+            }
+        }
+    }
+
+    private String determinePath(String abstractPath) {
+        if (new File(abstractPath).isAbsolute()) {
+            return abstractPath;
+        } else {
+            //resolve relative path as classpath resource
+            //java.lang.Class needs relative resources to start with "/"
+            return this.getClass().getResource("/" + abstractPath).getFile();
+        }
+    }
+
+    private void fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty() {
+        if (System.getProperty(JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY) == null) {
+            log.info("Set system property '{}' to {}", JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY, trustStoreType);
+            System.getProperties().setProperty(JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY, trustStoreType);
+        }
+
+        if (System.getProperty(JAVAX_SSL_KEYSTORE_TYPE_PROPERTY) == null) {
+            log.info("Set system property '{}' to {}", JAVAX_SSL_KEYSTORE_TYPE_PROPERTY, keyStoreType);
+            System.getProperties().setProperty(JAVAX_SSL_KEYSTORE_TYPE_PROPERTY, keyStoreType);
+        }
     }
 
     @Bean
@@ -26,4 +87,15 @@ public class MoaSigConfig {
     public ISignatureVerificationService moaSigVerifyService() {
         return new SignatureVerificationService();
     }
+
+    @Bean
+    public SignatureVerifier signatureVerifier(@Value("${moa.spss.is-active}") boolean isMoaSPSSActive) {
+        if (isMoaSPSSActive) {
+            log.info("Moa SPSS is active. Signatures in SOAP Messages will be verified.");
+            return new MoaSPSSSignatureVerifier(moaSigVerifyService(), defaultTrustProfile);
+        } else {
+            log.warn("Moa SPSS is not active. Signatures in SOAP Messages will not be verified.");
+            return (signedXMLdocument) -> true;
+        }
+    }
 }