aboutsummaryrefslogtreecommitdiff
path: root/src/main/resources
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-05-29 09:49:02 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-05-29 13:30:03 +0200
commite165ef27812874bee7062a4e7ecc8bec99ced328 (patch)
tree6fb60c546adda519281be0f3682f5659afd036ec /src/main/resources
parentcef481f2ad56764f71e8b0f1d4340b8af0686a96 (diff)
downloadmoa-zs-e165ef27812874bee7062a4e7ecc8bec99ced328.tar.gz
moa-zs-e165ef27812874bee7062a4e7ecc8bec99ced328.tar.bz2
moa-zs-e165ef27812874bee7062a4e7ecc8bec99ced328.zip
Integrate MoaSig Verification into SignatureVerifier
- Verify signature via ISignatureVerificationService. - Override System Property moa.spss.server.configuration via spring's environment (Reason: can configure path to moa SPSS config file via application.yaml & moa SPSS needs this parameter to find the config file) - Setup test configuration directory for moaspss in src/main/resources/moa-spss - Readme: Explain how to install moaspss' dependencies into local repository.
Diffstat (limited to 'src/main/resources')
-rw-r--r--src/main/resources/application.yaml5
-rw-r--r--src/main/resources/moa-spss/MOASPSSConfiguration.xml73
-rw-r--r--src/main/resources/moa-spss/truststores/test-truststores/MZS_ROOT_CA.pem35
3 files changed, 113 insertions, 0 deletions
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index 1a432c2..61c7dba 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -70,3 +70,8 @@ logging:
root: WARN
org.springframework: WARN
at.gv.egiz.moazs: INFO
+
+### moa spss config
+moa.spss.server:
+ configuration: file:./moa-spss/MOASPSSConfiguration.xml
+ default-trustprofile: test-trustprofile
diff --git a/src/main/resources/moa-spss/MOASPSSConfiguration.xml b/src/main/resources/moa-spss/MOASPSSConfiguration.xml
new file mode 100644
index 0000000..edaaf8a
--- /dev/null
+++ b/src/main/resources/moa-spss/MOASPSSConfiguration.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper-->
+<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<cfg:Common>
+ <cfg:PermitExternalUris>
+ <cfg:BlackListUri>
+ <cfg:IP>192.168</cfg:IP>
+ </cfg:BlackListUri>
+ </cfg:PermitExternalUris>
+ </cfg:Common>
+
+ <cfg:SignatureVerification>
+ <cfg:CertificateValidation>
+ <cfg:PathConstruction>
+ <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
+ <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
+ <cfg:CertificateStore>
+ <cfg:DirectoryStore>
+ <cfg:Location>certstore</cfg:Location>
+ </cfg:DirectoryStore>
+ </cfg:CertificateStore>
+ </cfg:PathConstruction>
+ <cfg:PathValidation>
+ <cfg:ChainingMode>
+ <cfg:DefaultMode>pkix</cfg:DefaultMode>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ </cfg:ChainingMode>
+
+ <cfg:TrustProfile>
+ <cfg:Id>test-trustprofile</cfg:Id>
+ <cfg:TrustAnchorsLocation>truststores/test-truststore</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+
+ </cfg:PathValidation>
+ <cfg:RevocationChecking>
+ <cfg:EnableChecking>false</cfg:EnableChecking>
+ <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge>
+ <cfg:ServiceOrder>
+ <cfg:Service>CRL</cfg:Service>
+ <cfg:Service>OCSP</cfg:Service>
+ </cfg:ServiceOrder>
+ <cfg:Archiving>
+ <cfg:EnableArchiving>false</cfg:EnableArchiving>
+ <cfg:ArchiveDuration>365</cfg:ArchiveDuration>
+ <cfg:Archive>
+ <cfg:DatabaseArchive>
+ <cfg:JDBCURL>jdbc:url</cfg:JDBCURL>
+ <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName>
+ </cfg:DatabaseArchive>
+ </cfg:Archive>
+ </cfg:Archiving>
+ </cfg:RevocationChecking>
+ </cfg:CertificateValidation>
+
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ </cfg:SignatureVerification>
+</cfg:MOAConfiguration>
diff --git a/src/main/resources/moa-spss/truststores/test-truststores/MZS_ROOT_CA.pem b/src/main/resources/moa-spss/truststores/test-truststores/MZS_ROOT_CA.pem
new file mode 100644
index 0000000..57963bd
--- /dev/null
+++ b/src/main/resources/moa-spss/truststores/test-truststores/MZS_ROOT_CA.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGGTCCBAGgAwIBAgIUEzQUFWuzrC0F4mODQYgPZ/Lhq04wDQYJKoZIhvcNAQEL
+BQAwgZMxCzAJBgNVBAYTAkFUMRAwDgYDVQQIDAdBdXN0cmlhMQ0wCwYDVQQKDARJ
+QUlLMQ0wCwYDVQQLDARFR0laMSMwIQYDVQQDDBpFR0laIENSQUJFTlNURUlORVIg
+Uk9PVCBDQTEvMC0GCSqGSIb3DQEJARYgY2hyaXN0b2YucmFiZW5zdGVpbmVyQGVn
+aXouZ3YuYXQwHhcNMTkwNDIzMTQwNTU2WhcNMzkwNDE4MTQwNTU2WjCBkzELMAkG
+A1UEBhMCQVQxEDAOBgNVBAgMB0F1c3RyaWExDTALBgNVBAoMBElBSUsxDTALBgNV
+BAsMBEVHSVoxIzAhBgNVBAMMGkVHSVogQ1JBQkVOU1RFSU5FUiBST09UIENBMS8w
+LQYJKoZIhvcNAQkBFiBjaHJpc3RvZi5yYWJlbnN0ZWluZXJAZWdpei5ndi5hdDCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMclj0pHf7LxLXEvtz+P7mxI
+5U5Lx0xDiEY4XeLn75jis3IQotv3zmUz8Mvv9rkAT7y9JMJyJPBUPo2iWCO/dtm+
+qYlCy4fNPGvGPyjE05TM+JhG8bijpgO2EEZmKv48by+UUzioX8H/to5n8xNzDu8C
+bibBddbGyfQ9E7PkR2VhdW8PkUrqJCxeG/xiwS0h1U2v++4ZKQpS78rj75KNEExx
+t8spzZFyKV3i5mTkW2Exp5OSr07SpadjlRqkYWkdZsAPnaK4L4KQ+rrL9qXb/fzK
+syD2LkAHimV3s19IZjGVbdwCtgacDZlME3zNfGxIC0hAeJsSXJJN2FMO3SrnXv2b
+CDJT3SOCF+PMhmv41PGMswQxnCtPvB9659y/Cr/tHkY5bhQiR4XamZie7IkxpsMa
+WpV4jCY9iz1L8OsM62DVRsztDWw1w1j2dyWyODNbxaI7fEWg9klUW7GgEDYBeJ2h
+9kfgwZXiMZkw/7+0VHU97a7AKmpCXP3kH6n1z3MAgaf+Dd4Gq7RXB+4HEZ31uiNO
+OqrnayFs2td/X7cl/0ioNLnJ/hbaOmHsGDQo5W0WyXg9bVkLtezajVwTCKkRdUnn
+kAXL0y+x/aRc2CycE7tlC0SHtBDTVjdx5CWeulynBMMiMWZwb+HR9id/rnifp3Vk
+/CPA+eyjiVtt8uXXozLFAgMBAAGjYzBhMB0GA1UdDgQWBBSK8/VCjnMFpNKrPSEv
+k+GF/qM5izAfBgNVHSMEGDAWgBSK8/VCjnMFpNKrPSEvk+GF/qM5izAPBgNVHRMB
+Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAp/fR
+A+cZlMw0jtiFRYy7096dadgjefIcQVgZYNTL3zuPrXyRIHMp4dTlNnREkobmzkcy
+jWN/I41hm2SHt86+E1c7n/wd1KE1oefqoRkhQws84718zlLBkL/iMwluzE4ZzqiE
+RPxBFv23QqFLzaZpqan4ic9zlkqW1d8IZ9kt9vctAxUIju4hXqozUfaYIjIThutU
+wkIgN1A6e6qugFYB9jkhijnMw0HJeP19JbBUNGp9bP3GiSEc+S1ydddU2492rDQj
+NQKvUMvGUhoUdxbbcUhxs6i6Gfct5bCXRN+r7d+mpwFrpN9xv0a0a7y5GNZk//2S
+0qsqQwVEHYa0fDxsBFLnM7i2EY6+eo9mMccOgn0Jk8z+IIU3OCHgRs3df8R0zWbd
+2FSeqrHTTtgcnmfEx3TMZnuuLfOCIwczl/4DP6M5Z6xwp/MKXzUWFy5SP1wkLe9i
+KiTaYeYLiVZb4AluW8TdhkBjj87gA1gCqqGIAyQ6+40LGplt7Wt5pY2XGWqQQLcq
+qfutUjWQM+HOQEDsodrPu8DR07Q613XdrfMuJGHXDh7a+6xD0nRhpkR9JacoY1h/
+UTObjMFCIwIZ8bYniFLgmJhKlMiuhgNuGsEoSMsFHVDrCsEXZOKkoL8OmRu/V4zo
+2vewbMLL/jvutkmtS8E+R1lt+J6iEI5EYJHONrw=
+-----END CERTIFICATE-----