diff options
author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-19 10:46:15 +0200 |
---|---|---|
committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-19 10:46:15 +0200 |
commit | 5d183fd9535d80e5066647e0501da881bcac4d58 (patch) | |
tree | 5de251fdde379644e36bace245cf831805faac5d /src/main/resources | |
parent | 2a765b9c3a0d20bf2794c569f584bde05fb21d16 (diff) | |
download | moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.tar.gz moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.tar.bz2 moa-zs-5d183fd9535d80e5066647e0501da881bcac4d58.zip |
Finalize moa-sig-lib's Integration and Add Testcase
- Interpret `ISignatureVerificationService` response properly (by
following security layer spec [1] and moaspss handbook [2]).
- Add config flag `moa.spss.is-manifest-check-active`
- Change SignatureVerifier Interface: Remove @return boolean, just
throw an exception when a validation error occurs. Reason: In case
the signature cannot be validated, the application always needs the
reason for the validation error, which requires the verifier to
throw an exception. In turn, the only valid return value for
`verify()` becomes `true`, which can be omitted at that point.
- Add testcase for verifying a valid enveloped xml signature
- Remove Certificates that are not needed.
[1] https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html
[2] https://apps.egiz.gv.at/handbooks/moa-spss/handbook/handbook/usage/usage.html
Diffstat (limited to 'src/main/resources')
-rw-r--r-- | src/main/resources/application.yaml | 2 | ||||
-rw-r--r-- | src/main/resources/moa-spss/certstore/toBeAdded/IAIK_test_intermediate_CA.der | bin | 0 -> 1199 bytes | |||
-rw-r--r-- | src/main/resources/moa-spss/certstore/toBeAdded/msz-test-root-cert.der | bin | 1565 -> 0 bytes | |||
-rw-r--r-- | src/main/resources/moa-spss/trustProfiles/test-trustprofile/IAIK_test_intermediate_CA.der | bin | 0 -> 1199 bytes | |||
-rw-r--r-- | src/main/resources/moa-spss/trustProfiles/test-trustprofile/msz-test-root-cert.der | bin | 1565 -> 0 bytes |
5 files changed, 2 insertions, 0 deletions
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 961f437..9ce1158 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -80,6 +80,8 @@ javax.net.ssl: ### moa spss config moa.spss: is-active: true + # if active, moa spss will validate manifests in xml signatures + is-manifest-check-active: false server: # path that points to MoaSPSSConfiguration file; can be: # - absolute path (unix: starts with /), or diff --git a/src/main/resources/moa-spss/certstore/toBeAdded/IAIK_test_intermediate_CA.der b/src/main/resources/moa-spss/certstore/toBeAdded/IAIK_test_intermediate_CA.der Binary files differnew file mode 100644 index 0000000..558ce15 --- /dev/null +++ b/src/main/resources/moa-spss/certstore/toBeAdded/IAIK_test_intermediate_CA.der diff --git a/src/main/resources/moa-spss/certstore/toBeAdded/msz-test-root-cert.der b/src/main/resources/moa-spss/certstore/toBeAdded/msz-test-root-cert.der Binary files differdeleted file mode 100644 index 3e136d4..0000000 --- a/src/main/resources/moa-spss/certstore/toBeAdded/msz-test-root-cert.der +++ /dev/null diff --git a/src/main/resources/moa-spss/trustProfiles/test-trustprofile/IAIK_test_intermediate_CA.der b/src/main/resources/moa-spss/trustProfiles/test-trustprofile/IAIK_test_intermediate_CA.der Binary files differnew file mode 100644 index 0000000..558ce15 --- /dev/null +++ b/src/main/resources/moa-spss/trustProfiles/test-trustprofile/IAIK_test_intermediate_CA.der diff --git a/src/main/resources/moa-spss/trustProfiles/test-trustprofile/msz-test-root-cert.der b/src/main/resources/moa-spss/trustProfiles/test-trustprofile/msz-test-root-cert.der Binary files differdeleted file mode 100644 index 3e136d4..0000000 --- a/src/main/resources/moa-spss/trustProfiles/test-trustprofile/msz-test-root-cert.der +++ /dev/null |