summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbschnalzer <bianca.schnalzer@egiz.gv.at>2017-10-30 08:09:48 +0100
committerbschnalzer <bianca.schnalzer@egiz.gv.at>2017-10-30 08:09:48 +0100
commitc9421495bf0f6e5918cb17595a2fab677aec69a2 (patch)
tree277e663b9460cf6de489e0f40a8be5d447064907
parent347544139cfa9f41bce3a41c1dc8777297fa188b (diff)
downloadmocca-c9421495bf0f6e5918cb17595a2fab677aec69a2.tar.gz
mocca-c9421495bf0f6e5918cb17595a2fab677aec69a2.tar.bz2
mocca-c9421495bf0f6e5918cb17595a2fab677aec69a2.zip
Updated Certs in TrustStore, added Access-Controll-Allow-Origin
(Response Header), applied Patch for Signature-Exception-Handling
-rw-r--r--BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustPrimaryCertificationAuthority-G3.crt24
-rw-r--r--BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustSHA256SSLCA.crt28
-rw-r--r--BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustPrimaryCertificationAuthority-G3.crt24
-rw-r--r--BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustSHA256SSLCA.crt28
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java2
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java9
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java35
7 files changed, 124 insertions, 26 deletions
diff --git a/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustPrimaryCertificationAuthority-G3.crt b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustPrimaryCertificationAuthority-G3.crt
new file mode 100644
index 00000000..243e48ba
--- /dev/null
+++ b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustPrimaryCertificationAuthority-G3.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB
+mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
+MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ
+BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
+MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0
+BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz
++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm
+hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn
+5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W
+JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL
+DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC
+huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB
+AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB
+zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN
+kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
+AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH
+SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G
+spki4cErx5z481+oghLrGREt
+-----END CERTIFICATE-----
diff --git a/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustSHA256SSLCA.crt b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustSHA256SSLCA.crt
new file mode 100644
index 00000000..6f97a544
--- /dev/null
+++ b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/certStore/toBeAdded/GeoTrustSHA256SSLCA.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIExzCCA6+gAwIBAgIQQYISfRLZxrMhOUMSVmQAuDANBgkqhkiG9w0BAQsFADCB
+mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
+MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEczMB4XDTEzMDUyMzAwMDAwMFoXDTIzMDUyMjIzNTk1OVowRjELMAkG
+A1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHzAdBgNVBAMTFkdlb1Ry
+dXN0IFNIQTI1NiBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDGqQtdF6V9xs8q78Zm0UIeX4N4aJGv5qeL8B1EAQoZypzUix3hoZCjwVu011tq
+i/wOSR7CYin+gBU5i4EqJ7X7EqgFIgvFLPXZmN0WLztm52KiQzKsj7WFyFIGLFzA
+d/pn94PoXgWNyKuhFjKK0kDshjocI6mNtQDecr2FVf4GAWBdrbPgZXOlkhSelFZv
+k+6vqTowJUqOCYTvt9LV15tJzenAXmdxIqxQkEMgXaGjFYP9/Kc5vGtlSBJg/90j
+szqq9J+cN1NBokeTgTMJ5SLGyBxJoW6NzIOzms3qQ/IZ0yTLqCmuUsz0CCewhOrO
+J7XhNBNzklyHhirGsGg2rcsJAgMBAAGjggFcMIIBWDA7BggrBgEFBQcBAQQvMC0w
+KwYIKwYBBQUHMAGGH2h0dHA6Ly9wY2EtZzMtb2NzcC5nZW90cnVzdC5jb20wEgYD
+VR0TAQH/BAgwBgEB/wIBADBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggr
+BgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczA7
+BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9HZW9UcnVz
+dFBDQS1HMy5jcmwwDgYDVR0PAQH/BAQDAgEGMCoGA1UdEQQjMCGkHzAdMRswGQYD
+VQQDExJWZXJpU2lnbk1QS0ktMi00MTYwHQYDVR0OBBYEFBRnju2DT9YenUAEDARG
+oXA0sg9yMB8GA1UdIwQYMBaAFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3
+DQEBCwUAA4IBAQAQEOryENYIRuLBjz42WcgrD/5N7OP4tlYxeCXUdvII3e8/zYsc
+fqp//AuoI2RRs4fWCfoi+scKUejOuPYDcOAbWrmxspMREPmXBQcpbG1XJVTo+Wab
+Dvvbn+6Wb2XLH9hVzjH6zwL00H9QZv8veZulwt/Wz8gVg5aEmLJG1F8TqD6nNJwF
+ONrP1mmVqSaHdgHXslEPgWlGJhyZtoNY4ztYj9y0ccC5v0KcHAOe5Eao6rnBzfZb
+qTyW+3mkM3Onnni5cNxydMQyyAAbye9I0/s6m/r+eppAaRzI2ig3C9OjuX6WzCso
+w1Zsb+nbUrH6mvvnr7WXpiLDxaiTsQDJB7J9
+-----END CERTIFICATE-----
diff --git a/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustPrimaryCertificationAuthority-G3.crt b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustPrimaryCertificationAuthority-G3.crt
new file mode 100644
index 00000000..243e48ba
--- /dev/null
+++ b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustPrimaryCertificationAuthority-G3.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB
+mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
+MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ
+BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
+MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0
+BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
+LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz
++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm
+hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn
+5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W
+JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL
+DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC
+huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB
+AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB
+zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN
+kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
+AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH
+SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G
+spki4cErx5z481+oghLrGREt
+-----END CERTIFICATE-----
diff --git a/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustSHA256SSLCA.crt b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustSHA256SSLCA.crt
new file mode 100644
index 00000000..6f97a544
--- /dev/null
+++ b/BKUCertificates/src/main/resources/at/gv/egiz/bku/certs/trustStore/GeoTrustSHA256SSLCA.crt
@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIExzCCA6+gAwIBAgIQQYISfRLZxrMhOUMSVmQAuDANBgkqhkiG9w0BAQsFADCB
+mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT
+MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEczMB4XDTEzMDUyMzAwMDAwMFoXDTIzMDUyMjIzNTk1OVowRjELMAkG
+A1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHzAdBgNVBAMTFkdlb1Ry
+dXN0IFNIQTI1NiBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDGqQtdF6V9xs8q78Zm0UIeX4N4aJGv5qeL8B1EAQoZypzUix3hoZCjwVu011tq
+i/wOSR7CYin+gBU5i4EqJ7X7EqgFIgvFLPXZmN0WLztm52KiQzKsj7WFyFIGLFzA
+d/pn94PoXgWNyKuhFjKK0kDshjocI6mNtQDecr2FVf4GAWBdrbPgZXOlkhSelFZv
+k+6vqTowJUqOCYTvt9LV15tJzenAXmdxIqxQkEMgXaGjFYP9/Kc5vGtlSBJg/90j
+szqq9J+cN1NBokeTgTMJ5SLGyBxJoW6NzIOzms3qQ/IZ0yTLqCmuUsz0CCewhOrO
+J7XhNBNzklyHhirGsGg2rcsJAgMBAAGjggFcMIIBWDA7BggrBgEFBQcBAQQvMC0w
+KwYIKwYBBQUHMAGGH2h0dHA6Ly9wY2EtZzMtb2NzcC5nZW90cnVzdC5jb20wEgYD
+VR0TAQH/BAgwBgEB/wIBADBMBgNVHSAERTBDMEEGCmCGSAGG+EUBBzYwMzAxBggr
+BgEFBQcCARYlaHR0cDovL3d3dy5nZW90cnVzdC5jb20vcmVzb3VyY2VzL2NwczA7
+BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9HZW9UcnVz
+dFBDQS1HMy5jcmwwDgYDVR0PAQH/BAQDAgEGMCoGA1UdEQQjMCGkHzAdMRswGQYD
+VQQDExJWZXJpU2lnbk1QS0ktMi00MTYwHQYDVR0OBBYEFBRnju2DT9YenUAEDARG
+oXA0sg9yMB8GA1UdIwQYMBaAFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3
+DQEBCwUAA4IBAQAQEOryENYIRuLBjz42WcgrD/5N7OP4tlYxeCXUdvII3e8/zYsc
+fqp//AuoI2RRs4fWCfoi+scKUejOuPYDcOAbWrmxspMREPmXBQcpbG1XJVTo+Wab
+Dvvbn+6Wb2XLH9hVzjH6zwL00H9QZv8veZulwt/Wz8gVg5aEmLJG1F8TqD6nNJwF
+ONrP1mmVqSaHdgHXslEPgWlGJhyZtoNY4ztYj9y0ccC5v0KcHAOe5Eao6rnBzfZb
+qTyW+3mkM3Onnni5cNxydMQyyAAbye9I0/s6m/r+eppAaRzI2ig3C9OjuX6WzCso
+w1Zsb+nbUrH6mvvnr7WXpiLDxaiTsQDJB7J9
+-----END CERTIFICATE-----
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java
index d607f67f..07cecbc4 100644
--- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java
@@ -140,6 +140,8 @@ public class BKURequestHandler extends SpringBKUServlet {
for (String header : responseHeaders.keySet()) {
resp.setHeader(header, responseHeaders.get(header));
}
+ //set response header for CORS manually
+ resp.setHeader("Access-Control-Allow-Origin", "*");
String serverHeader = bindingProcessor.getServerHeaderValue();
if (serverHeader != null && !serverHeader.isEmpty()) {
resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, serverHeader);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
index 77bfaaa7..87c00644 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/STALSecurityProvider.java
@@ -67,6 +67,7 @@ public class STALSecurityProvider extends IaikProvider {
private STAL stal;
private List<HashDataInput> hashDataInput;
private ExcludedByteRangeType excludedByteRange;
+ private STALSignatureException stalSignatureException;
public STALSecurityProvider(STAL stal, String keyboxIdentifier,
HashDataInput hashDataInput, ExcludedByteRangeType excludedByteRange) {
@@ -106,8 +107,8 @@ public class STALSecurityProvider extends IaikProvider {
return wrapSignatureValue(sig, signatureAlgorithm);
} else if (response instanceof ErrorResponse) {
ErrorResponse err = (ErrorResponse) response;
- STALSignatureException se = new STALSignatureException(err.getErrorCode(), err.getErrorMessage());
- throw new SignatureException(se);
+ stalSignatureException = new STALSignatureException(err.getErrorCode(), err.getErrorMessage());
+ throw new SignatureException(stalSignatureException);
} else {
throw new SignatureException("Failed to access STAL.");
}
@@ -151,4 +152,8 @@ public class STALSecurityProvider extends IaikProvider {
return sig;
}
+ public STALSignatureException getStalSignatureException() {
+ return stalSignatureException;
+ }
+
}
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
index 9c89906e..7be546de 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/cms/Signature.java
@@ -50,7 +50,6 @@ import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
-import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -252,26 +251,6 @@ public class Signature {
return data;
}
- private void setSignerInfo() throws SLCommandException, CMSException, CMSSignatureException {
- try {
- signedData.addSignerInfo(signerInfo);
- } catch (NoSuchAlgorithmException e) {
- if (e.getCause() instanceof CMSException) {
- CMSException e2 = (CMSException) e.getCause();
- if (e2.getCause() instanceof SignatureException)
- {
- SignatureException e3 = (SignatureException) e2.getCause();
- if (e3.getCause() instanceof STALSignatureException) {
- STALSignatureException e4 = (STALSignatureException) e3.getCause();
- throw new SLCommandException(e4.getErrorCode());
- }
- }
- throw e2;
- }
- throw new CMSSignatureException(e);
- }
- }
-
private void setAlgorithmIDs(X509Certificate signingCertificate, boolean useStrongHash) throws NoSuchAlgorithmException {
PublicKey publicKey = signingCertificate.getPublicKey();
String algorithm = publicKey.getAlgorithm();
@@ -332,9 +311,17 @@ public class Signature {
}
public byte[] sign(STAL stal, String keyboxIdentifier) throws CMSException, CMSSignatureException, SLCommandException {
- signedData.setSecurityProvider(new STALSecurityProvider(
- stal, keyboxIdentifier, getHashDataInput(), this.excludedByteRange));
- setSignerInfo();
+ STALSecurityProvider securityProvider = new STALSecurityProvider(stal, keyboxIdentifier, getHashDataInput(), this.excludedByteRange);
+ signedData.setSecurityProvider(securityProvider);
+ try {
+ signedData.addSignerInfo(signerInfo);
+ } catch (NoSuchAlgorithmException e) {
+ STALSignatureException stalSignatureException = securityProvider.getStalSignatureException();
+ if (stalSignatureException != null) {
+ throw new SLCommandException(stalSignatureException.getErrorCode());
+ }
+ throw new CMSSignatureException(e);
+ }
ContentInfo contentInfo = new ContentInfo(signedData);
return contentInfo.getEncoded();
}