diff options
author | Tobias Kellner <imcybot@gmail.com> | 2015-01-13 02:02:32 +0100 |
---|---|---|
committer | Tobias Kellner <tobias.kellner@iaik.tugraz.at> | 2015-03-09 15:14:27 +0100 |
commit | ac5be55b6300718d64e19b01a36181ecf57c9987 (patch) | |
tree | 93578f14a40c6a25a280de46c71eba870e3d4af1 /bkucommon/src/main/java/at/gv | |
parent | 7f884ec4134d7de42cea84e0a877d4644547291e (diff) | |
download | mocca-ac5be55b6300718d64e19b01a36181ecf57c9987.tar.gz mocca-ac5be55b6300718d64e19b01a36181ecf57c9987.tar.bz2 mocca-ac5be55b6300718d64e19b01a36181ecf57c9987.zip |
XAdES1.4 Blacklist added
Diffstat (limited to 'bkucommon/src/main/java/at/gv')
3 files changed, 67 insertions, 16 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java index 98218e52..943e8707 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java @@ -121,6 +121,10 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement public static final String USE_XADES_1_4 = "UseXAdES14"; + public static final String USE_XADES_1_4_BLACKLIST = "UseXAdES14Blacklist"; + + public static final String XADES_1_4_BLACKLIST_URL = "http://www.buergerkarte.at/BKU_XAdES_14_blacklist.txt"; + public static final String ALLOW_OTHER_REDIRECTS = "AllowOtherRedirects"; public int getMaxDataUrlHops() { @@ -340,7 +344,8 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement log.info("Entered State: {}, Processing {}.", State.PROCESS, slCommand.getName()); SLCommandContext commandCtx = new SLCommandContext( getSTAL(), - new FormDataURLDereferencer(urlDereferencer, this), + new FormDataURLDereferencer(urlDereferencer, this), + getDataUrl(), locale); commandInvoker.setCommand(commandCtx, slCommand); responseCode = 200; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java index 6615f767..cf2e4875 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandContext.java @@ -30,22 +30,25 @@ import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; import at.gv.egiz.stal.STAL;
public class SLCommandContext {
-
+
private STAL stal; -
+
private URLDereferencer urlDereferencer; - + private Locale locale; - public SLCommandContext(STAL stal, URLDereferencer urlDereferencer) { + private String dataURL; + + public SLCommandContext(STAL stal, URLDereferencer urlDereferencer, + String dataURL) { this.stal = stal; this.urlDereferencer = urlDereferencer; + this.dataURL = dataURL; } public SLCommandContext(STAL stal, URLDereferencer urlDereferencer, - Locale locale) { - this.stal = stal; - this.urlDereferencer = urlDereferencer; + String dataURL, Locale locale) { + this(stal, urlDereferencer, dataURL); this.locale = locale; } @@ -72,5 +75,8 @@ public class SLCommandContext { public void setLocale(Locale locale) { this.locale = locale; } -
+ + public String getDataURL() { + return dataURL; + }
}
\ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java index 93b118e5..174a8884 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/CreateXMLSignatureCommandImpl.java @@ -24,11 +24,15 @@ package at.gv.egiz.bku.slcommands.impl; +import java.io.InputStream; +import java.net.URL; import java.security.NoSuchAlgorithmException; import java.security.cert.X509Certificate; +import java.util.ArrayList; import java.util.Collections; import java.util.Date; import java.util.List; +import java.util.Scanner; import javax.xml.crypto.MarshalException; import javax.xml.crypto.URIReferenceException; @@ -73,7 +77,7 @@ public class CreateXMLSignatureCommandImpl extends /** * Logging facility. */ - private final Logger log = LoggerFactory.getLogger(CreateXMLSignatureCommandImpl.class); + private final static Logger log = LoggerFactory.getLogger(CreateXMLSignatureCommandImpl.class); /** * The signing certificate. @@ -100,20 +104,42 @@ public class CreateXMLSignatureCommandImpl extends public static final String USE_STRONG_HASH = "UseStrongHash"; public static final String USE_XADES_1_4 = - HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4; + HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4; + public static final String USE_XADES_1_4_BLACKLIST = + HTTPBindingProcessorImpl.ConfigurationFacade.USE_XADES_1_4_BLACKLIST; public void setConfiguration(Configuration configuration) { - this.configuration = configuration; + this.configuration = configuration; } public boolean getUseStrongHash() { - return configuration.getBoolean(USE_STRONG_HASH, true); + return configuration.getBoolean(USE_STRONG_HASH, true); } public boolean getUseXAdES14() { - return configuration.getBoolean(USE_XADES_1_4, false); + return configuration.getBoolean(USE_XADES_1_4, false); } -} + + public boolean getUseXAdES14Blacklist() { + return configuration.getBoolean(USE_XADES_1_4_BLACKLIST, false); + } + } + + private static final List<String> XADES_1_4_BLACKLIST; + static { + XADES_1_4_BLACKLIST = new ArrayList<String>(); + try { + URL bl = new URL(HTTPBindingProcessorImpl.ConfigurationFacade.XADES_1_4_BLACKLIST_URL); + InputStream in = bl.openStream(); + Scanner s = new Scanner(in); + while (s.hasNext()){ + XADES_1_4_BLACKLIST.add(s.next()); + } + s.close(); + } catch (Exception e) { + log.error("Blacklist load error", e); + } + } public void setConfiguration(Configuration configuration) { configurationFacade.setConfiguration(configuration); @@ -138,8 +164,22 @@ public class CreateXMLSignatureCommandImpl extends throw new SLCommandException(4006); } + boolean useXAdES14 = configurationFacade.getUseXAdES14(); + if (useXAdES14 && configurationFacade.getUseXAdES14Blacklist()) { + String dataURL = commandContext.getDataURL(); + log.debug("Checking DataURL against XAdES14 blacklist: {}", dataURL); + if (dataURL != null) { + for (String bl_entry : XADES_1_4_BLACKLIST) { + if (dataURL.matches(bl_entry)) { + log.debug("XAdES14 blacklist match"); + useXAdES14 = false; + } + } + } + } + signature = new Signature(commandContext.getURLDereferencer(), - idValueFactory, algorithmMethodFactory, configurationFacade.getUseXAdES14()); + idValueFactory, algorithmMethodFactory, useXAdES14); // SigningTime signature.setSigningTime(new Date()); |