From e165ef27812874bee7062a4e7ecc8bec99ced328 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Wed, 29 May 2019 09:49:02 +0200 Subject: Integrate MoaSig Verification into SignatureVerifier - Verify signature via ISignatureVerificationService. - Override System Property moa.spss.server.configuration via spring's environment (Reason: can configure path to moa SPSS config file via application.yaml & moa SPSS needs this parameter to find the config file) - Setup test configuration directory for moaspss in src/main/resources/moa-spss - Readme: Explain how to install moaspss' dependencies into local repository. --- .../java/at/gv/egiz/moazs/config/MoaSigConfig.java | 29 +++++++++ .../at/gv/egiz/moazs/msg/SignatureVerifier.java | 31 ++++++++- src/main/resources/application.yaml | 5 ++ .../resources/moa-spss/MOASPSSConfiguration.xml | 73 ++++++++++++++++++++++ .../truststores/test-truststores/MZS_ROOT_CA.pem | 35 +++++++++++ 5 files changed, 171 insertions(+), 2 deletions(-) create mode 100644 src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java create mode 100644 src/main/resources/moa-spss/MOASPSSConfiguration.xml create mode 100644 src/main/resources/moa-spss/truststores/test-truststores/MZS_ROOT_CA.pem (limited to 'src') diff --git a/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java new file mode 100644 index 0000000..e96d851 --- /dev/null +++ b/src/main/java/at/gv/egiz/moazs/config/MoaSigConfig.java @@ -0,0 +1,29 @@ +package at.gv.egiz.moazs.config; + +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +@Configuration +public class MoaSigConfig { + + private final String defaultTrustProfile; + + public MoaSigConfig(@Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile, + @Value("${moa.spss.server.configuration}") String serverConfigUrl) { + this.defaultTrustProfile = defaultTrustProfile; + System.getProperties().setProperty("moa.spss.server.configuration", serverConfigUrl); + } + + @Bean + public String moaSPSSServerDefaultTrustProfile() { + return defaultTrustProfile; + } + + @Bean + public ISignatureVerificationService moaSigVerifyService() { + return new SignatureVerificationService(); + } +} diff --git a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java index 12b1ccb..d6311c4 100644 --- a/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java +++ b/src/main/java/at/gv/egiz/moazs/msg/SignatureVerifier.java @@ -1,13 +1,40 @@ package at.gv.egiz.moazs.msg; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; +import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MOASigServiceException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; @Component public class SignatureVerifier { - public boolean verify(byte[] signedXMLdocument) { - return true; + private static final Logger log = LoggerFactory.getLogger(SignatureVerifier.class); + + @Autowired + @Qualifier("moaSigVerifyService") + private final ISignatureVerificationService service; + + @Autowired + @Qualifier("moaSPSSServerDefaultTrustProfile") + private final String trustProfile; + public SignatureVerifier(ISignatureVerificationService service, + String trustProfile) { + this.service = service; + this.trustProfile = trustProfile; + } + + public boolean verify(byte[] signedXMLdocument) { + try { + var response = service.verifyXMLSignature(signedXMLdocument, trustProfile); + return response != null; + } catch (MOASigServiceException e) { + log.error("Could not verify the XML signature.", e); + return false; + } } } diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 1a432c2..61c7dba 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -70,3 +70,8 @@ logging: root: WARN org.springframework: WARN at.gv.egiz.moazs: INFO + +### moa spss config +moa.spss.server: + configuration: file:./moa-spss/MOASPSSConfiguration.xml + default-trustprofile: test-trustprofile diff --git a/src/main/resources/moa-spss/MOASPSSConfiguration.xml b/src/main/resources/moa-spss/MOASPSSConfiguration.xml new file mode 100644 index 0000000..edaaf8a --- /dev/null +++ b/src/main/resources/moa-spss/MOASPSSConfiguration.xml @@ -0,0 +1,73 @@ + + + + + + + 192.168 + + + + + + + + true + true + + + certstore + + + + + + pkix + + + CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT + 536 + + chaining + + + + C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1 + 376503867878755617282523408360935024869 + + chaining + + + + + test-trustprofile + truststores/test-truststore + + + + + false + 0 + + CRL + OCSP + + + false + 365 + + + jdbc:url + fully.qualified.classname + + + + + + + + SL20Authblock_v1.0 + profiles/SL20_authblock_v1.0.xml + + + diff --git a/src/main/resources/moa-spss/truststores/test-truststores/MZS_ROOT_CA.pem b/src/main/resources/moa-spss/truststores/test-truststores/MZS_ROOT_CA.pem new file mode 100644 index 0000000..57963bd --- /dev/null +++ b/src/main/resources/moa-spss/truststores/test-truststores/MZS_ROOT_CA.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGGTCCBAGgAwIBAgIUEzQUFWuzrC0F4mODQYgPZ/Lhq04wDQYJKoZIhvcNAQEL +BQAwgZMxCzAJBgNVBAYTAkFUMRAwDgYDVQQIDAdBdXN0cmlhMQ0wCwYDVQQKDARJ +QUlLMQ0wCwYDVQQLDARFR0laMSMwIQYDVQQDDBpFR0laIENSQUJFTlNURUlORVIg +Uk9PVCBDQTEvMC0GCSqGSIb3DQEJARYgY2hyaXN0b2YucmFiZW5zdGVpbmVyQGVn +aXouZ3YuYXQwHhcNMTkwNDIzMTQwNTU2WhcNMzkwNDE4MTQwNTU2WjCBkzELMAkG +A1UEBhMCQVQxEDAOBgNVBAgMB0F1c3RyaWExDTALBgNVBAoMBElBSUsxDTALBgNV +BAsMBEVHSVoxIzAhBgNVBAMMGkVHSVogQ1JBQkVOU1RFSU5FUiBST09UIENBMS8w +LQYJKoZIhvcNAQkBFiBjaHJpc3RvZi5yYWJlbnN0ZWluZXJAZWdpei5ndi5hdDCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMclj0pHf7LxLXEvtz+P7mxI +5U5Lx0xDiEY4XeLn75jis3IQotv3zmUz8Mvv9rkAT7y9JMJyJPBUPo2iWCO/dtm+ +qYlCy4fNPGvGPyjE05TM+JhG8bijpgO2EEZmKv48by+UUzioX8H/to5n8xNzDu8C +bibBddbGyfQ9E7PkR2VhdW8PkUrqJCxeG/xiwS0h1U2v++4ZKQpS78rj75KNEExx +t8spzZFyKV3i5mTkW2Exp5OSr07SpadjlRqkYWkdZsAPnaK4L4KQ+rrL9qXb/fzK +syD2LkAHimV3s19IZjGVbdwCtgacDZlME3zNfGxIC0hAeJsSXJJN2FMO3SrnXv2b +CDJT3SOCF+PMhmv41PGMswQxnCtPvB9659y/Cr/tHkY5bhQiR4XamZie7IkxpsMa +WpV4jCY9iz1L8OsM62DVRsztDWw1w1j2dyWyODNbxaI7fEWg9klUW7GgEDYBeJ2h +9kfgwZXiMZkw/7+0VHU97a7AKmpCXP3kH6n1z3MAgaf+Dd4Gq7RXB+4HEZ31uiNO +OqrnayFs2td/X7cl/0ioNLnJ/hbaOmHsGDQo5W0WyXg9bVkLtezajVwTCKkRdUnn +kAXL0y+x/aRc2CycE7tlC0SHtBDTVjdx5CWeulynBMMiMWZwb+HR9id/rnifp3Vk +/CPA+eyjiVtt8uXXozLFAgMBAAGjYzBhMB0GA1UdDgQWBBSK8/VCjnMFpNKrPSEv +k+GF/qM5izAfBgNVHSMEGDAWgBSK8/VCjnMFpNKrPSEvk+GF/qM5izAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAp/fR +A+cZlMw0jtiFRYy7096dadgjefIcQVgZYNTL3zuPrXyRIHMp4dTlNnREkobmzkcy +jWN/I41hm2SHt86+E1c7n/wd1KE1oefqoRkhQws84718zlLBkL/iMwluzE4ZzqiE +RPxBFv23QqFLzaZpqan4ic9zlkqW1d8IZ9kt9vctAxUIju4hXqozUfaYIjIThutU +wkIgN1A6e6qugFYB9jkhijnMw0HJeP19JbBUNGp9bP3GiSEc+S1ydddU2492rDQj +NQKvUMvGUhoUdxbbcUhxs6i6Gfct5bCXRN+r7d+mpwFrpN9xv0a0a7y5GNZk//2S +0qsqQwVEHYa0fDxsBFLnM7i2EY6+eo9mMccOgn0Jk8z+IIU3OCHgRs3df8R0zWbd +2FSeqrHTTtgcnmfEx3TMZnuuLfOCIwczl/4DP6M5Z6xwp/MKXzUWFy5SP1wkLe9i +KiTaYeYLiVZb4AluW8TdhkBjj87gA1gCqqGIAyQ6+40LGplt7Wt5pY2XGWqQQLcq +qfutUjWQM+HOQEDsodrPu8DR07Q613XdrfMuJGHXDh7a+6xD0nRhpkR9JacoY1h/ +UTObjMFCIwIZ8bYniFLgmJhKlMiuhgNuGsEoSMsFHVDrCsEXZOKkoL8OmRu/V4zo +2vewbMLL/jvutkmtS8E+R1lt+J6iEI5EYJHONrw= +-----END CERTIFICATE----- -- cgit v1.2.3