aboutsummaryrefslogtreecommitdiff
path: root/src/main/java
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-05-29 09:49:02 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-05-29 13:30:03 +0200
commite165ef27812874bee7062a4e7ecc8bec99ced328 (patch)
tree6fb60c546adda519281be0f3682f5659afd036ec /src/main/java
parentcef481f2ad56764f71e8b0f1d4340b8af0686a96 (diff)
downloadmoa-zs-e165ef27812874bee7062a4e7ecc8bec99ced328.tar.gz
moa-zs-e165ef27812874bee7062a4e7ecc8bec99ced328.tar.bz2
moa-zs-e165ef27812874bee7062a4e7ecc8bec99ced328.zip
Integrate MoaSig Verification into SignatureVerifier
- Verify signature via ISignatureVerificationService. - Override System Property moa.spss.server.configuration via spring's environment (Reason: can configure path to moa SPSS config file via application.yaml & moa SPSS needs this parameter to find the config file) - Setup test configuration directory for moaspss in src/main/resources/moa-spss - Readme: Explain how to install moaspss' dependencies into local repository.
Diffstat (limited to 'src/main/java')
-rw-r--r--src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java29
-rw-r--r--src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java31
2 files changed, 58 insertions, 2 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
new file mode 100644
index 0000000..e96d851
--- /dev/null
+++ b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
@@ -0,0 +1,29 @@
+package at.gv.egiz.moazs.config;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class MoaSigConfig {
+
+ private final String defaultTrustProfile;
+
+ public MoaSigConfig(@Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile,
+ @Value("${moa.spss.server.configuration}") String serverConfigUrl) {
+ this.defaultTrustProfile = defaultTrustProfile;
+ System.getProperties().setProperty("moa.spss.server.configuration", serverConfigUrl);
+ }
+
+ @Bean
+ public String moaSPSSServerDefaultTrustProfile() {
+ return defaultTrustProfile;
+ }
+
+ @Bean
+ public ISignatureVerificationService moaSigVerifyService() {
+ return new SignatureVerificationService();
+ }
+}
diff --git a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
index 12b1ccb..d6311c4 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
@@ -1,13 +1,40 @@
package at.gv.egiz.moazs.msg;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
@Component
public class SignatureVerifier {
- public boolean verify(byte[] signedXMLdocument) {
- return true;
+ private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class);
+
+ @Autowired
+ @Qualifier("moaSigVerifyService")
+ private final ISignatureVerificationService service;
+
+ @Autowired
+ @Qualifier("moaSPSSServerDefaultTrustProfile")
+ private final String trustProfile;
+ public SignatureVerifier(ISignatureVerificationService service,
+ String trustProfile) {
+ this.service = service;
+ this.trustProfile = trustProfile;
+ }
+
+ public boolean verify(byte[] signedXMLdocument) {
+ try {
+ var response = service.verifyXMLSignature(signedXMLdocument, trustProfile);
+ return response != null;
+ } catch (MOASigServiceException e) {
+ log.error("Could not verify the XML signature.", e);
+ return false;
+ }
}
}