From 5d183fd9535d80e5066647e0501da881bcac4d58 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Wed, 19 Jun 2019 10:46:15 +0200 Subject: Finalize moa-sig-lib's Integration and Add Testcase - Interpret `ISignatureVerificationService` response properly (by following security layer spec [1] and moaspss handbook [2]). - Add config flag `moa.spss.is-manifest-check-active` - Change SignatureVerifier Interface: Remove @return boolean, just throw an exception when a validation error occurs. Reason: In case the signature cannot be validated, the application always needs the reason for the validation error, which requires the verifier to throw an exception. In turn, the only valid return value for `verify()` becomes `true`, which can be omitted at that point. - Add testcase for verifying a valid enveloped xml signature - Remove Certificates that are not needed. [1] https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html [2] https://apps.egiz.gv.at/handbooks/moa-spss/handbook/handbook/usage/usage.html --- src/main/resources/application.yaml | 2 ++ .../certstore/toBeAdded/IAIK_test_intermediate_CA.der | Bin 0 -> 1199 bytes .../moa-spss/certstore/toBeAdded/msz-test-root-cert.der | Bin 1565 -> 0 bytes .../test-trustprofile/IAIK_test_intermediate_CA.der | Bin 0 -> 1199 bytes .../test-trustprofile/msz-test-root-cert.der | Bin 1565 -> 0 bytes 5 files changed, 2 insertions(+) create mode 100644 src/main/resources/moa-spss/certstore/toBeAdded/IAIK_test_intermediate_CA.der delete mode 100644 src/main/resources/moa-spss/certstore/toBeAdded/msz-test-root-cert.der create mode 100644 src/main/resources/moa-spss/trustProfiles/test-trustprofile/IAIK_test_intermediate_CA.der delete mode 100644 src/main/resources/moa-spss/trustProfiles/test-trustprofile/msz-test-root-cert.der (limited to 'src/main/resources') diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 961f437..9ce1158 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -80,6 +80,8 @@ javax.net.ssl: ### moa spss config moa.spss: is-active: true + # if active, moa spss will validate manifests in xml signatures + is-manifest-check-active: false server: # path that points to MoaSPSSConfiguration file; can be: # - absolute path (unix: starts with /), or diff --git a/src/main/resources/moa-spss/certstore/toBeAdded/IAIK_test_intermediate_CA.der b/src/main/resources/moa-spss/certstore/toBeAdded/IAIK_test_intermediate_CA.der new file mode 100644 index 0000000..558ce15 Binary files /dev/null and b/src/main/resources/moa-spss/certstore/toBeAdded/IAIK_test_intermediate_CA.der differ diff --git a/src/main/resources/moa-spss/certstore/toBeAdded/msz-test-root-cert.der b/src/main/resources/moa-spss/certstore/toBeAdded/msz-test-root-cert.der deleted file mode 100644 index 3e136d4..0000000 Binary files a/src/main/resources/moa-spss/certstore/toBeAdded/msz-test-root-cert.der and /dev/null differ diff --git a/src/main/resources/moa-spss/trustProfiles/test-trustprofile/IAIK_test_intermediate_CA.der b/src/main/resources/moa-spss/trustProfiles/test-trustprofile/IAIK_test_intermediate_CA.der new file mode 100644 index 0000000..558ce15 Binary files /dev/null and b/src/main/resources/moa-spss/trustProfiles/test-trustprofile/IAIK_test_intermediate_CA.der differ diff --git a/src/main/resources/moa-spss/trustProfiles/test-trustprofile/msz-test-root-cert.der b/src/main/resources/moa-spss/trustProfiles/test-trustprofile/msz-test-root-cert.der deleted file mode 100644 index 3e136d4..0000000 Binary files a/src/main/resources/moa-spss/trustProfiles/test-trustprofile/msz-test-root-cert.der and /dev/null differ -- cgit v1.2.3