diff options
Diffstat (limited to 'src/main/java/at/gv/egiz/moazs')
3 files changed, 119 insertions, 40 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java index e96d851..6a5eb39 100644 --- a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java +++ b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java @@ -2,19 +2,80 @@ package at.gv.egiz.moazs.config; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService; +import at.gv.egiz.moazs.msg.MoaSPSSSignatureVerifier; +import at.gv.egiz.moazs.msg.SignatureVerifier; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import java.io.File; +import java.io.FileNotFoundException; + + @Configuration public class MoaSigConfig { + private static final Logger log = LoggerFactory.getLogger(MoaSigConfig.class); + + private static final String MOA_SPSS_CONFIG_FILE_PROPERTY = "moa.spss.server.configuration"; + private static final String JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY = "javax.net.ssl.trustStoreType"; + private static final String JAVAX_SSL_KEYSTORE_TYPE_PROPERTY = "javax.net.ssl.keyStoreType"; + + private final String trustStoreType; + private final String keyStoreType; private final String defaultTrustProfile; + private final String spssConfigFilePath; - public MoaSigConfig(@Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile, - @Value("${moa.spss.server.configuration}") String serverConfigUrl) { + public MoaSigConfig(@Value("${javax.net.ssl.trustStoreType}") String trustStoreType, + @Value("${javax.net.ssl.keyStoreType}") String keyStoreType, + @Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile, + @Value("${moa.spss.server.configuration}") String spssConfigFilePath) throws FileNotFoundException { + this.trustStoreType = trustStoreType; + this.keyStoreType = keyStoreType; this.defaultTrustProfile = defaultTrustProfile; - System.getProperties().setProperty("moa.spss.server.configuration", serverConfigUrl); + this.spssConfigFilePath = spssConfigFilePath; + fallBackToSpringEnvForMoaSPSSConfigProperty(); + fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty(); + } + + private void fallBackToSpringEnvForMoaSPSSConfigProperty() throws FileNotFoundException { + log.info("value of spssConfigFilePath is {}", spssConfigFilePath); + + if(System.getProperty(MOA_SPSS_CONFIG_FILE_PROPERTY) == null) { + var realPath = determinePath(spssConfigFilePath); + var realFile = new File(realPath); + + if(realFile.exists() && realFile.canRead()) { + log.info("Set system property '{}' to {}", MOA_SPSS_CONFIG_FILE_PROPERTY, realPath); + System.getProperties().setProperty(MOA_SPSS_CONFIG_FILE_PROPERTY, realPath); + } else { + throw new FileNotFoundException("File '" + realPath + "' does not exist or is not readable."); + } + } + } + + private String determinePath(String abstractPath) { + if (new File(abstractPath).isAbsolute()) { + return abstractPath; + } else { + //resolve relative path as classpath resource + //java.lang.Class needs relative resources to start with "/" + return this.getClass().getResource("/" + abstractPath).getFile(); + } + } + + private void fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty() { + if (System.getProperty(JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY) == null) { + log.info("Set system property '{}' to {}", JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY, trustStoreType); + System.getProperties().setProperty(JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY, trustStoreType); + } + + if (System.getProperty(JAVAX_SSL_KEYSTORE_TYPE_PROPERTY) == null) { + log.info("Set system property '{}' to {}", JAVAX_SSL_KEYSTORE_TYPE_PROPERTY, keyStoreType); + System.getProperties().setProperty(JAVAX_SSL_KEYSTORE_TYPE_PROPERTY, keyStoreType); + } } @Bean @@ -26,4 +87,15 @@ public class MoaSigConfig { public ISignatureVerificationService moaSigVerifyService() { return new SignatureVerificationService(); } + + @Bean + public SignatureVerifier signatureVerifier(@Value("${moa.spss.is-active}") boolean isMoaSPSSActive) { + if (isMoaSPSSActive) { + log.info("Moa SPSS is active. Signatures in SOAP Messages will be verified."); + return new MoaSPSSSignatureVerifier(moaSigVerifyService(), defaultTrustProfile); + } else { + log.warn("Moa SPSS is not active. Signatures in SOAP Messages will not be verified."); + return (signedXMLdocument) -> true; + } + } } diff --git a/src/main/java/at/gv/egiz/moazs/msg/MoaSPSSSignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/msg/MoaSPSSSignatureVerifier.java new file mode 100644 index 0000000..6058279 --- /dev/null +++ b/src/main/java/at/gv/egiz/moazs/msg/MoaSPSSSignatureVerifier.java @@ -0,0 +1,34 @@ +package at.gv.egiz.moazs.msg; + +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class MoaSPSSSignatureVerifier implements SignatureVerifier { + + private static final Logger log = LoggerFactory.getLogger(MoaSPSSSignatureVerifier.class); + + private final ISignatureVerificationService service; + + private final String trustProfile; + + public MoaSPSSSignatureVerifier(ISignatureVerificationService service, + String trustProfile) { + this.service = service; + this.trustProfile = trustProfile; + } + + @Override + public boolean verify(byte[] signedXMLdocument) { + + try { + var response = service.verifyXMLSignature(signedXMLdocument, trustProfile); + return response != null; + } catch (MOASigServiceException e) { + MoaSPSSSignatureVerifier.log.error("Could not verify the XML signature.", e); + return false; + } + + } +} diff --git a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java index d6311c4..bf9a2d0 100644 --- a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java +++ b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java @@ -1,40 +1,13 @@ package at.gv.egiz.moazs.msg; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.stereotype.Component; - -@Component -public class SignatureVerifier { - - private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class); - - @Autowired - @Qualifier("moaSigVerifyService") - private final ISignatureVerificationService service; - - @Autowired - @Qualifier("moaSPSSServerDefaultTrustProfile") - private final String trustProfile; - - public SignatureVerifier(ISignatureVerificationService service, - String trustProfile) { - this.service = service; - this.trustProfile = trustProfile; - } - - public boolean verify(byte[] signedXMLdocument) { - try { - var response = service.verifyXMLSignature(signedXMLdocument, trustProfile); - return response != null; - } catch (MOASigServiceException e) { - log.error("Could not verify the XML signature.", e); - return false; - } - } - +@FunctionalInterface +public interface SignatureVerifier { + + /** + * Verifies the signature of a signed XML document. + * @param signedXMLdocument + * @return true if the signature is valid; false if there is no signature, if the signature is invalid, + * or if an exception occured. + */ + boolean verify(byte[] signedXMLdocument); } |