aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/at/gv/egiz/moazs
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/at/gv/egiz/moazs')
-rw-r--r--src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java78
-rw-r--r--src/main/java/at/gv/egiz/moazs/msg/MoaSPSSSignatureVerifier.java34
-rw-r--r--src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java47
3 files changed, 119 insertions, 40 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
index e96d851..6a5eb39 100644
--- a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
+++ b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java
@@ -2,19 +2,80 @@ package at.gv.egiz.moazs.config;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService;
+import at.gv.egiz.moazs.msg.MoaSPSSSignatureVerifier;
+import at.gv.egiz.moazs.msg.SignatureVerifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import java.io.File;
+import java.io.FileNotFoundException;
+
+
@Configuration
public class MoaSigConfig {
+ private static final Logger log = LoggerFactory.getLogger(MoaSigConfig.class);
+
+ private static final String MOA_SPSS_CONFIG_FILE_PROPERTY = "moa.spss.server.configuration";
+ private static final String JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY = "javax.net.ssl.trustStoreType";
+ private static final String JAVAX_SSL_KEYSTORE_TYPE_PROPERTY = "javax.net.ssl.keyStoreType";
+
+ private final String trustStoreType;
+ private final String keyStoreType;
private final String defaultTrustProfile;
+ private final String spssConfigFilePath;
- public MoaSigConfig(@Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile,
- @Value("${moa.spss.server.configuration}") String serverConfigUrl) {
+ public MoaSigConfig(@Value("${javax.net.ssl.trustStoreType}") String trustStoreType,
+ @Value("${javax.net.ssl.keyStoreType}") String keyStoreType,
+ @Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile,
+ @Value("${moa.spss.server.configuration}") String spssConfigFilePath) throws FileNotFoundException {
+ this.trustStoreType = trustStoreType;
+ this.keyStoreType = keyStoreType;
this.defaultTrustProfile = defaultTrustProfile;
- System.getProperties().setProperty("moa.spss.server.configuration", serverConfigUrl);
+ this.spssConfigFilePath = spssConfigFilePath;
+ fallBackToSpringEnvForMoaSPSSConfigProperty();
+ fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty();
+ }
+
+ private void fallBackToSpringEnvForMoaSPSSConfigProperty() throws FileNotFoundException {
+ log.info("value of spssConfigFilePath is {}", spssConfigFilePath);
+
+ if(System.getProperty(MOA_SPSS_CONFIG_FILE_PROPERTY) == null) {
+ var realPath = determinePath(spssConfigFilePath);
+ var realFile = new File(realPath);
+
+ if(realFile.exists() && realFile.canRead()) {
+ log.info("Set system property '{}' to {}", MOA_SPSS_CONFIG_FILE_PROPERTY, realPath);
+ System.getProperties().setProperty(MOA_SPSS_CONFIG_FILE_PROPERTY, realPath);
+ } else {
+ throw new FileNotFoundException("File '" + realPath + "' does not exist or is not readable.");
+ }
+ }
+ }
+
+ private String determinePath(String abstractPath) {
+ if (new File(abstractPath).isAbsolute()) {
+ return abstractPath;
+ } else {
+ //resolve relative path as classpath resource
+ //java.lang.Class needs relative resources to start with "/"
+ return this.getClass().getResource("/" + abstractPath).getFile();
+ }
+ }
+
+ private void fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty() {
+ if (System.getProperty(JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY) == null) {
+ log.info("Set system property '{}' to {}", JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY, trustStoreType);
+ System.getProperties().setProperty(JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY, trustStoreType);
+ }
+
+ if (System.getProperty(JAVAX_SSL_KEYSTORE_TYPE_PROPERTY) == null) {
+ log.info("Set system property '{}' to {}", JAVAX_SSL_KEYSTORE_TYPE_PROPERTY, keyStoreType);
+ System.getProperties().setProperty(JAVAX_SSL_KEYSTORE_TYPE_PROPERTY, keyStoreType);
+ }
}
@Bean
@@ -26,4 +87,15 @@ public class MoaSigConfig {
public ISignatureVerificationService moaSigVerifyService() {
return new SignatureVerificationService();
}
+
+ @Bean
+ public SignatureVerifier signatureVerifier(@Value("${moa.spss.is-active}") boolean isMoaSPSSActive) {
+ if (isMoaSPSSActive) {
+ log.info("Moa SPSS is active. Signatures in SOAP Messages will be verified.");
+ return new MoaSPSSSignatureVerifier(moaSigVerifyService(), defaultTrustProfile);
+ } else {
+ log.warn("Moa SPSS is not active. Signatures in SOAP Messages will not be verified.");
+ return (signedXMLdocument) -> true;
+ }
+ }
}
diff --git a/src/main/java/at/gv/egiz/moazs/msg/MoaSPSSSignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/msg/MoaSPSSSignatureVerifier.java
new file mode 100644
index 0000000..6058279
--- /dev/null
+++ b/src/main/java/at/gv/egiz/moazs/msg/MoaSPSSSignatureVerifier.java
@@ -0,0 +1,34 @@
+package at.gv.egiz.moazs.msg;
+
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
+import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class MoaSPSSSignatureVerifier implements SignatureVerifier {
+
+ private static final Logger log = LoggerFactory.getLogger(MoaSPSSSignatureVerifier.class);
+
+ private final ISignatureVerificationService service;
+
+ private final String trustProfile;
+
+ public MoaSPSSSignatureVerifier(ISignatureVerificationService service,
+ String trustProfile) {
+ this.service = service;
+ this.trustProfile = trustProfile;
+ }
+
+ @Override
+ public boolean verify(byte[] signedXMLdocument) {
+
+ try {
+ var response = service.verifyXMLSignature(signedXMLdocument, trustProfile);
+ return response != null;
+ } catch (MOASigServiceException e) {
+ MoaSPSSSignatureVerifier.log.error("Could not verify the XML signature.", e);
+ return false;
+ }
+
+ }
+}
diff --git a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
index d6311c4..bf9a2d0 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java
@@ -1,40 +1,13 @@
package at.gv.egiz.moazs.msg;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;
-import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.stereotype.Component;
-
-@Component
-public class SignatureVerifier {
-
- private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class);
-
- @Autowired
- @Qualifier("moaSigVerifyService")
- private final ISignatureVerificationService service;
-
- @Autowired
- @Qualifier("moaSPSSServerDefaultTrustProfile")
- private final String trustProfile;
-
- public SignatureVerifier(ISignatureVerificationService service,
- String trustProfile) {
- this.service = service;
- this.trustProfile = trustProfile;
- }
-
- public boolean verify(byte[] signedXMLdocument) {
- try {
- var response = service.verifyXMLSignature(signedXMLdocument, trustProfile);
- return response != null;
- } catch (MOASigServiceException e) {
- log.error("Could not verify the XML signature.", e);
- return false;
- }
- }
-
+@FunctionalInterface
+public interface SignatureVerifier {
+
+ /**
+ * Verifies the signature of a signed XML document.
+ * @param signedXMLdocument
+ * @return true if the signature is valid; false if there is no signature, if the signature is invalid,
+ * or if an exception occured.
+ */
+ boolean verify(byte[] signedXMLdocument);
}