summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Kellner <imcybot@gmail.com>2015-01-13 02:02:32 +0100
committerTobias Kellner <tobias.kellner@iaik.tugraz.at>2015-03-09 15:14:27 +0100
commitac5be55b6300718d64e19b01a36181ecf57c9987 (patch)
tree93578f14a40c6a25a280de46c71eba870e3d4af1
parent7f884ec4134d7de42cea84e0a877d4644547291e (diff)
downloadmocca-ac5be55b6300718d64e19b01a36181ecf57c9987.tar.gz
mocca-ac5be55b6300718d64e19b01a36181ecf57c9987.tar.bz2
mocca-ac5be55b6300718d64e19b01a36181ecf57c9987.zip
XAdES1.4 Blacklist added
-rw-r--r--BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java2
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java7
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java22
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java54
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImplTest.java2
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImplTest.java4
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadComandImplTest.java4
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/SVPersonendatenInfoboxImplTest.java4
8 files changed, 75 insertions, 24 deletions
diff --git a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java
index 301514ab..0f262599 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/mocca/id/AbstractCommandSequenceBindingProcessor.java
@@ -99,7 +99,7 @@ public abstract class AbstractCommandSequenceBindingProcessor extends AbstractBi
SLCommand command;
do {
command = getNextCommand();
- SLCommandContext context = new SLCommandContext(getSTAL(), getUrlDereferencer(), locale);
+ SLCommandContext context = new SLCommandContext(getSTAL(), getUrlDereferencer(), null, locale);
SLResult result = null;
if (external) {
result = commandBroker.execute(command, context, 3 * 60 * 1000);
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index 98218e52..943e8707 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -121,6 +121,10 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
public static final String USE_XADES_1_4 = "UseXAdES14";
+ public static final String USE_XADES_1_4_BLACKLIST = "UseXAdES14Blacklist";
+
+ public static final String XADES_1_4_BLACKLIST_URL = "http://www.buergerkarte.at/BKU_XAdES_14_blacklist.txt";
+
public static final String ALLOW_OTHER_REDIRECTS = "AllowOtherRedirects";
public int getMaxDataUrlHops() {
@@ -340,7 +344,8 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
log.info("Entered State: {}, Processing {}.", State.PROCESS, slCommand.getName());
SLCommandContext commandCtx = new SLCommandContext(
getSTAL(),
- new FormDataURLDereferencer(urlDereferencer, this),
+ new FormDataURLDereferencer(urlDereferencer, this),
+ getDataUrl(),
locale);
commandInvoker.setCommand(commandCtx, slCommand);
responseCode = 200;
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
index 6615f767..cf2e4875 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java
@@ -30,22 +30,25 @@ import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer;
import at.gv.egiz.stal.STAL;
public class SLCommandContext {
-
+
private STAL stal;
-
+
private URLDereferencer urlDereferencer;
-
+
private Locale locale;
- public SLCommandContext(STAL stal, URLDereferencer urlDereferencer) {
+ private String dataURL;
+
+ public SLCommandContext(STAL stal, URLDereferencer urlDereferencer,
+ String dataURL) {
this.stal = stal;
this.urlDereferencer = urlDereferencer;
+ this.dataURL = dataURL;
}
public SLCommandContext(STAL stal, URLDereferencer urlDereferencer,
- Locale locale) {
- this.stal = stal;
- this.urlDereferencer = urlDereferencer;
+ String dataURL, Locale locale) {
+ this(stal, urlDereferencer, dataURL);
this.locale = locale;
}
@@ -72,5 +75,8 @@ public class SLCommandContext {
public void setLocale(Locale locale) {
this.locale = locale;
}
-
+
+ public String getDataURL() {
+ return dataURL;
+ }
} \ No newline at end of file
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
index 93b118e5..174a8884 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java
@@ -24,11 +24,15 @@
package at.gv.egiz.bku.slcommands.impl;
+import java.io.InputStream;
+import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
+import java.util.Scanner;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.URIReferenceException;
@@ -73,7 +77,7 @@ public class CreateXMLSignatureCommandImpl extends
/**
* Logging facility.
*/
- private final Logger log = LoggerFactory.getLogger(CreateXMLSignatureCommandImpl.class);
+ private final static Logger log = LoggerFactory.getLogger(CreateXMLSignatureCommandImpl.class);
/**
* The signing certificate.
@@ -100,20 +104,42 @@ public class CreateXMLSignatureCommandImpl extends
public static final String USE_STRONG_HASH = "UseStrongHash";
public static final String USE_XADES_1_4 =
- HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4;
+ HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4;
+ public static final String USE_XADES_1_4_BLACKLIST =
+ HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4_BLACKLIST;
public void setConfiguration(Configuration configuration) {
- this.configuration = configuration;
+ this.configuration = configuration;
}
public boolean getUseStrongHash() {
- return configuration.getBoolean(USE_STRONG_HASH, true);
+ return configuration.getBoolean(USE_STRONG_HASH, true);
}
public boolean getUseXAdES14() {
- return configuration.getBoolean(USE_XADES_1_4, false);
+ return configuration.getBoolean(USE_XADES_1_4, false);
}
-}
+
+ public boolean getUseXAdES14Blacklist() {
+ return configuration.getBoolean(USE_XADES_1_4_BLACKLIST, false);
+ }
+ }
+
+ private static final List<String> XADES_1_4_BLACKLIST;
+ static {
+ XADES_1_4_BLACKLIST = new ArrayList<String>();
+ try {
+ URL bl = new URL(HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_URL);
+ InputStream in = bl.openStream();
+ Scanner s = new Scanner(in);
+ while (s.hasNext()){
+ XADES_1_4_BLACKLIST.add(s.next());
+ }
+ s.close();
+ } catch (Exception e) {
+ log.error("Blacklist load error", e);
+ }
+ }
public void setConfiguration(Configuration configuration) {
configurationFacade.setConfiguration(configuration);
@@ -138,8 +164,22 @@ public class CreateXMLSignatureCommandImpl extends
throw new SLCommandException(4006);
}
+ boolean useXAdES14 = configurationFacade.getUseXAdES14();
+ if (useXAdES14 && configurationFacade.getUseXAdES14Blacklist()) {
+ String dataURL = commandContext.getDataURL();
+ log.debug("Checking DataURL against XAdES14 blacklist: {}", dataURL);
+ if (dataURL != null) {
+ for (String bl_entry : XADES_1_4_BLACKLIST) {
+ if (dataURL.matches(bl_entry)) {
+ log.debug("XAdES14 blacklist match");
+ useXAdES14 = false;
+ }
+ }
+ }
+ }
+
signature = new Signature(commandContext.getURLDereferencer(),
- idValueFactory, algorithmMethodFactory, configurationFacade.getUseXAdES14());
+ idValueFactory, algorithmMethodFactory, useXAdES14);
// SigningTime
signature.setSigningTime(new Date());
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImplTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImplTest.java
index 94f03584..b1ec7777 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImplTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateCMSSignatureCommandImplTest.java
@@ -96,7 +96,7 @@ public class CreateCMSSignatureCommandImplTest {
SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));
assertTrue(command instanceof CreateCMSSignatureCommand);
- SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+ SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
SLResult result = command.execute(context);
result.writeTo(new StreamResult(System.out), false);
}
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImplTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImplTest.java
index d4694c40..f80ef965 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImplTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImplTest.java
@@ -97,7 +97,7 @@ public class CreateXMLSignatureCommandImplTest {
SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));
assertTrue(command instanceof CreateXMLSignatureCommand);
- SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+ SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
SLResult result = command.execute(context);
result.writeTo(new StreamResult(System.out), false);
}
@@ -119,7 +119,7 @@ public class CreateXMLSignatureCommandImplTest {
SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));
assertTrue(command instanceof InfoboxReadCommandImpl);
- SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+ SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
SLResult result = command.execute(context);
assertTrue(result instanceof ErrorResult);
}
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadComandImplTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadComandImplTest.java
index 42cf0232..437278e4 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadComandImplTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadComandImplTest.java
@@ -91,7 +91,7 @@ public class InfoboxReadComandImplTest {
InputStream inputStream = getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.xml");
assertNotNull(inputStream);
- SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+ SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
context.setSTAL(stal);
SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));
assertTrue(command instanceof InfoboxReadCommand);
@@ -113,7 +113,7 @@ public class InfoboxReadComandImplTest {
InputStream inputStream = getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-2.xml");
assertNotNull(inputStream);
- SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+ SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));
assertTrue(command instanceof InfoboxReadCommand);
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/SVPersonendatenInfoboxImplTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/SVPersonendatenInfoboxImplTest.java
index 9281efcb..7f205eb1 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/SVPersonendatenInfoboxImplTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/SVPersonendatenInfoboxImplTest.java
@@ -134,7 +134,7 @@ public class SVPersonendatenInfoboxImplTest {
InputStream inputStream = getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.xml");
assertNotNull(inputStream);
- SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+ SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));
assertTrue(command instanceof InfoboxReadCommand);
@@ -156,7 +156,7 @@ public class SVPersonendatenInfoboxImplTest {
InputStream inputStream = getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/slcommands/infoboxreadcommand/IdentityLink.Binary.Invalid-2.xml");
assertNotNull(inputStream);
- SLCommandContext context = new SLCommandContext(stal, urlDereferencer);
+ SLCommandContext context = new SLCommandContext(stal, urlDereferencer, null);
SLCommand command = factory.createSLCommand(new StreamSource(new InputStreamReader(inputStream)));
assertTrue(command instanceof InfoboxReadCommand);